aspera-cli 4.11.0 → 4.12.0

data/lib/aspera/oauth.rb

@@ -24,8 +24,8 @@ module Aspera
     # OAuth methods supported by default
     STD_AUTH_TYPES = %i[web jwt].freeze
 
-    # remove 5 minutes to account for time offset (TODO: configurable?)
-    JWT_NOTBEFORE_OFFSET_SEC = 300
+    # remove 5 minutes to account for time offset between client and server (TODO: configurable?)
+    JWT_ACCEPTED_OFFSET_SEC = 300
     # one hour validity (TODO: configurable?)
     JWT_EXPIRY_OFFSET_SEC = 3600
     # tokens older than 30 minutes will be discarded from cache
@@ -35,7 +35,7 @@ module Aspera
     # a prefix for persistency of tokens (simplify garbage collect)
     PERSIST_CATEGORY_TOKEN = 'token'
 
-    private_constant :JWT_NOTBEFORE_OFFSET_SEC, :JWT_EXPIRY_OFFSET_SEC, :TOKEN_CACHE_EXPIRY_SEC, :PERSIST_CATEGORY_TOKEN, :TOKEN_EXPIRATION_GUARD_SEC
+    private_constant :JWT_ACCEPTED_OFFSET_SEC, :JWT_EXPIRY_OFFSET_SEC, :TOKEN_CACHE_EXPIRY_SEC, :PERSIST_CATEGORY_TOKEN, :TOKEN_EXPIRATION_GUARD_SEC
 
     # persistency manager
     @persist = nil
@@ -83,7 +83,7 @@ module Aspera
       end
 
       # register a token creation method
-      # @param id creation type from field :crtype in constructor
+      # @param id creation type from field :grant_method in constructor
       # @param lambda_create called to create token
       # @param id_create called to generate unique id for token, for cache
       def register_token_creator(id, lambda_create, id_create)
@@ -94,11 +94,11 @@ module Aspera
 
       # @return one of the registered creators for the given create type
       def token_creator(id)
-        raise "token creator type unknown: #{id}/#{id.class}" unless @create_handlers.key?(id)
+        raise "token grant method unknown: #{id}/#{id.class}" unless @create_handlers.key?(id)
         @create_handlers[id]
       end
 
-      # list of identifiers foundn in creation parameters that can be used to uniquely identify the token
+      # list of identifiers found in creation parameters that can be used to uniquely identify the token
       def id_creator(id)
         raise "id creator type unknown: #{id}/#{id.class}" unless @id_handlers.key?(id)
         @id_handlers[id]
@@ -110,12 +110,12 @@ module Aspera
 
     # generic token creation, parameters are provided in :generic
     register_token_creator :generic, lambda { |oauth|
-      return oauth.create_token(oauth.sparams)
+      return oauth.create_token(oauth.specific_parameters)
     }, lambda { |oauth|
       return [
-        oauth.sparams[:grant_type]&.split(':')&.last,
-        oauth.sparams[:apikey],
-        oauth.sparams[:response_type]
+        oauth.specific_parameters[:grant_type]&.split(':')&.last,
+        oauth.specific_parameters[:apikey],
+        oauth.specific_parameters[:response_type]
       ]
     }
 
@@ -123,22 +123,22 @@ module Aspera
     register_token_creator :web, lambda { |oauth|
       random_state = SecureRandom.uuid # used to check later
       login_page_url = Rest.build_uri(
-        "#{oauth.api.params[:base_url]}/#{oauth.sparams[:path_authorize]}",
-        oauth.optional_scope_client_id.merge(response_type: 'code', redirect_uri: oauth.sparams[:redirect_uri], state: random_state))
+        "#{oauth.api.params[:base_url]}/#{oauth.specific_parameters[:path_authorize]}",
+        oauth.optional_scope_client_id.merge(response_type: 'code', redirect_uri: oauth.specific_parameters[:redirect_uri], state: random_state))
       # here, we need a human to authorize on a web page
       Log.log.info{"login_page_url=#{login_page_url}".bg_red.gray}
       # start a web server to receive request code
-      webserver = WebAuth.new(oauth.sparams[:redirect_uri])
+      web_server = WebAuth.new(oauth.specific_parameters[:redirect_uri])
       # start browser on login page
       OpenApplication.instance.uri(login_page_url)
       # wait for code in request
-      received_params = webserver.received_request
+      received_params = web_server.received_request
       raise 'wrong received state' unless random_state.eql?(received_params['state'])
       # exchange code for token
       return oauth.create_token(oauth.optional_scope_client_id(add_secret: true).merge(
         grant_type:   'authorization_code',
         code:         received_params['code'],
-        redirect_uri: oauth.sparams[:redirect_uri]))
+        redirect_uri: oauth.specific_parameters[:redirect_uri]))
     }, lambda { |_oauth|
       return []
     }
@@ -150,31 +150,31 @@ module Aspera
       require 'jwt'
       seconds_since_epoch = Time.new.to_i
       Log.log.info{"seconds=#{seconds_since_epoch}"}
-      raise 'missing JWT payload' unless oauth.sparams[:payload].is_a?(Hash)
+      raise 'missing JWT payload' unless oauth.specific_parameters[:payload].is_a?(Hash)
       jwt_payload = {
         exp: seconds_since_epoch + JWT_EXPIRY_OFFSET_SEC, # expiration time
-        nbf: seconds_since_epoch - JWT_NOTBEFORE_OFFSET_SEC, # not before
-        iat: seconds_since_epoch, # issued at
+        nbf: seconds_since_epoch - JWT_ACCEPTED_OFFSET_SEC, # not before
+        iat: seconds_since_epoch - JWT_ACCEPTED_OFFSET_SEC + 1, # issued at (we tell a little in the past so that server always accepts)
         jti: SecureRandom.uuid # JWT id
-      }.merge(oauth.sparams[:payload])
+      }.merge(oauth.specific_parameters[:payload])
       Log.log.debug{"JWT jwt_payload=[#{jwt_payload}]"}
-      rsa_private = oauth.sparams[:private_key_obj] # type: OpenSSL::PKey::RSA
+      rsa_private = oauth.specific_parameters[:private_key_obj] # type: OpenSSL::PKey::RSA
       Log.log.debug{"private=[#{rsa_private}]"}
-      assertion = JWT.encode(jwt_payload, rsa_private, 'RS256', oauth.sparams[:headers] || {})
+      assertion = JWT.encode(jwt_payload, rsa_private, 'RS256', oauth.specific_parameters[:headers] || {})
       Log.log.debug{"assertion=[#{assertion}]"}
       return oauth.create_token(oauth.optional_scope_client_id.merge(grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', assertion: assertion))
     }, lambda { |oauth|
-      return [oauth.sparams.dig(:payload, :sub)]
+      return [oauth.specific_parameters.dig(:payload, :sub)]
     }
 
-    attr_reader :gparams, :sparams, :api
+    attr_reader :generic_parameters, :specific_parameters, :api
 
     private
 
     # [M]=mandatory [D]=has default value [0]=accept nil
     # :base_url            [M]  URL of authentication API
     # :auth
-    # :crtype              [M]  :generic, :web, :jwt, custom
+    # :grant_method        [M]  :generic, :web, :jwt, custom
     # :client_id           [0]
     # :client_secret       [0]
     # :scope               [0]
@@ -189,38 +189,41 @@ module Aspera
     def initialize(a_params)
       Log.log.debug{"auth=#{a_params}"}
       # replace default values
-      @gparams = DEFAULT_CREATE_PARAMS.deep_merge(a_params)
+      @generic_parameters = DEFAULT_CREATE_PARAMS.deep_merge(a_params)
+      # legacy
+      @generic_parameters[:grant_method] ||= @generic_parameters.delete(:crtype) if @generic_parameters.key?(:crtype)
       # check that type is known
-      self.class.token_creator(@gparams[:crtype])
+      self.class.token_creator(@generic_parameters[:grant_method])
       # specific parameters for the creation type
-      @sparams = @gparams[@gparams[:crtype]]
-      if @gparams[:crtype].eql?(:web) && @sparams.key?(:redirect_uri)
-        uri = URI.parse(@sparams[:redirect_uri])
+      @specific_parameters = @generic_parameters[@generic_parameters[:grant_method]]
+      if @generic_parameters[:grant_method].eql?(:web) && @specific_parameters.key?(:redirect_uri)
+        uri = URI.parse(@specific_parameters[:redirect_uri])
         raise 'redirect_uri scheme must be http or https' unless %w[http https].include?(uri.scheme)
         raise 'redirect_uri must have a port' if uri.port.nil?
         # TODO: we could check that host is localhost or local address
       end
       rest_params = {
-        base_url:     @gparams[:base_url],
+        base_url:     @generic_parameters[:base_url],
         redirect_max: 2
       }
       rest_params[:auth] = a_params[:auth] if a_params.key?(:auth)
       @api = Rest.new(rest_params)
       # if needed use from api
-      @gparams.delete(:base_url)
-      @gparams.delete(:auth)
-      @gparams.delete(@gparams[:crtype])
-      Log.dump(:gparams, @gparams)
-      Log.dump(:sparams, @sparams)
+      @generic_parameters.delete(:base_url)
+      @generic_parameters.delete(:auth)
+      @generic_parameters.delete(@generic_parameters[:grant_method])
+      Log.dump(:generic_parameters, @generic_parameters)
+      Log.dump(:specific_parameters, @specific_parameters)
     end
 
     public
 
     # helper method to create token as per RFC
     def create_token(www_params)
+      Log.log.debug{'Generating a new token'.bg_green}
       return @api.call({
         operation:       'POST',
-        subpath:         @gparams[:path_token],
+        subpath:         @generic_parameters[:path_token],
         headers:         {'Accept' => 'application/json'},
         www_body_params: www_params})
     end
@@ -228,9 +231,9 @@ module Aspera
     # @return Hash with optional general parameters
     def optional_scope_client_id(add_secret: false)
       call_params = {}
-      call_params[:scope] = @gparams[:scope] unless @gparams[:scope].nil?
-      call_params[:client_id] = @gparams[:client_id] unless @gparams[:client_id].nil?
-      call_params[:client_secret] = @gparams[:client_secret] if add_secret && !@gparams[:client_id].nil?
+      call_params[:scope] = @generic_parameters[:scope] unless @generic_parameters[:scope].nil?
+      call_params[:client_id] = @generic_parameters[:client_id] unless @generic_parameters[:client_id].nil?
+      call_params[:client_secret] = @generic_parameters[:client_secret] if add_secret && !@generic_parameters[:client_id].nil?
       return call_params
     end
 
@@ -241,20 +244,20 @@ module Aspera
       token_id = IdGenerator.from_list([
         PERSIST_CATEGORY_TOKEN,
         @api.params[:base_url],
-        @gparams[:crtype],
-        self.class.id_creator(@gparams[:crtype]).call(self), # array, so we flatten later
-        @gparams[:scope],
+        @generic_parameters[:grant_method],
+        self.class.id_creator(@generic_parameters[:grant_method]).call(self), # array, so we flatten later
+        @generic_parameters[:scope],
         @api.params.dig(%i[auth username])
       ].flatten)
 
       # get token_data from cache (or nil), token_data is what is returned by /token
       token_data = self.class.persist_mgr.get(token_id) if use_cache
       token_data = JSON.parse(token_data) unless token_data.nil?
-      # Optional optimization: check if node token is expired  basd on decoded content then force refresh if close enough
+      # Optional optimization: check if node token is expired based on decoded content then force refresh if close enough
       # might help in case the transfer agent cannot refresh himself
       # `direct` agent is equipped with refresh code
       if !use_refresh_token && !token_data.nil?
-        decoded_token = self.class.decode_token(token_data[@gparams[:token_field]])
+        decoded_token = self.class.decode_token(token_data[@generic_parameters[:token_field]])
         Log.dump('decoded_token', decoded_token) unless decoded_token.nil?
         if decoded_token.is_a?(Hash)
           expires_at_sec =
@@ -295,14 +298,14 @@ module Aspera
 
       # no cache, nor refresh: generate a token
       if token_data.nil?
-        resp = self.class.token_creator(@gparams[:crtype]).call(self)
+        resp = self.class.token_creator(@generic_parameters[:grant_method]).call(self)
         json_data = resp[:http].body
         token_data = JSON.parse(json_data)
         self.class.persist_mgr.put(token_id, json_data)
       end # if ! in_cache
-      raise "API error: No such field in answer: #{@gparams[:token_field]}" unless token_data.key?(@gparams[:token_field])
+      raise "API error: No such field in answer: #{@generic_parameters[:token_field]}" unless token_data.key?(@generic_parameters[:token_field])
       # ok we shall have a token here
-      return 'Bearer ' + token_data[@gparams[:token_field]]
+      return 'Bearer ' + token_data[@generic_parameters[:token_field]]
     end
   end # OAuth
 end # Aspera

data/lib/aspera/proxy_auto_config.js

@@ -1,4 +1,4 @@
-// inspired by PACSuppport.js, 2003-2004 by Apple Computer, Inc., all rights reserved
+// inspired by POCSupport.js, 2003-2004 by Apple Computer, Inc., all rights reserved
 function isPlainHostName(host) {
 	return (host.indexOf('.') == -1 ? true : false);
 }
@@ -10,14 +10,14 @@ function dnsDomainIs(host, domain) {
 		return true;
 	return false;
 }
-function localHostOrDomainIs(host, hostdom) {
+function localHostOrDomainIs(host, host_domain) {
 	var h1 = host.toLowerCase();
-	var h2 = hostdom.toLowerCase();
+	var h2 = host_domain.toLowerCase();
 	return ((h1 == h2) || (isPlainHostName(h1) & !isPlainHostName(h2))) ? true : false;
 }
 function isResolvable(host) {
 	var ip = dnsResolve(host);
-	return ((typeof ip == "string") && ip.length) ? true : false;
+	return ((typeof ip == 'string') && ip.length) ? true : false;
 }
 function isInNet(host, pattern, mask) {
 	var ip = dnsResolve(host);
@@ -39,20 +39,20 @@ function dnsDomainLevels(host) {
 	var parts = host.split('.');
 	return parts.length - 1;
 }
-function shExpMatch(str, shexp) {
-	if (typeof str != "string" || typeof shexp != "string")
+function shExpMatch(str, shell_expr) {
+	if (typeof str != 'string' || typeof shell_expr != 'string')
 		return false;
-	if (shexp == "*")
+	if (shell_expr == '*')
 		return true;
-	if (str == "" && shexp == "")
+	if (str == '' && shell_expr == '')
 		return true;
 	str = str.toLowerCase();
-	shexp = shexp.toLowerCase();
+	shell_expr = shell_expr.toLowerCase();
 	var len = str.length;
-	var pieces = shexp.split('*');
+	var pieces = shell_expr.split('*');
 	var start = 0;
 	for (i = 0; i < pieces.length; i++) {
-		if (pieces[i] == "")
+		if (pieces[i] == '')
 			continue;
 		if (start > len)
 			return false;
@@ -64,13 +64,13 @@ function shExpMatch(str, shexp) {
 		len = str.length;
 	}
 	i--;
-	if ((pieces[i] == "") || (str == ""))
+	if ((pieces[i] == '') || (str == ''))
 		return true;
 	return false;
 }
 function weekdayRange(wd1, wd2, gmt) {
 	var today = new Date();
-	var days = "SUNMONTUEWEDTHUFRISAT";
+	var days = 'SUNMONTUEWEDTHUFRISAT';
 	wd1 = wd1.toUpperCase();
 	if (wd2 == undefined)
 		wd2 = wd1;
@@ -78,7 +78,7 @@ function weekdayRange(wd1, wd2, gmt) {
 		wd2 = wd2.toUpperCase();
 	var d1 = days.indexOf(wd1);
 	var d2 = days.indexOf(wd2);
-	if ((d2 == -1) && (wd2 == "GMT")) {
+	if ((d2 == -1) && (wd2 == 'GMT')) {
 		gmt = wd2;
 		d2 = d1;
 	}
@@ -86,7 +86,7 @@ function weekdayRange(wd1, wd2, gmt) {
 		return false;
 	d1 = d1 / 3;
 	d2 = d2 / 3;
-	if (gmt == "GMT")
+	if (gmt == 'GMT')
 		today = today.getUTCDay();
 	else
 		today = today.getDay();
@@ -100,11 +100,11 @@ function dateRange() {
 	var today = new Date();
 	var num = arguments.length;
 	var gmt = arguments[num - 1];
-	if (typeof gmt != "string")
+	if (typeof gmt != 'string')
 		gmt = false;
 	else {
 		gmt = gmt.toUpperCase();
-		if (gmt != "GMT")
+		if (gmt != 'GMT')
 			gmt = false;
 		else {
 			gmt = true;
@@ -121,7 +121,7 @@ function dateRange() {
 	var y2 = 0;
 	for (i = 0; i < num; i++) {
 		var arg = arguments[i];
-		if (typeof arg == "number") {
+		if (typeof arg == 'number') {
 			if (arg > 31) {
 				if (!y1)
 					y1 = arg;
@@ -137,8 +137,8 @@ function dateRange() {
 				d2 = arg;
 			else
 				return false;
-		} else if (typeof arg == "string") {
-			var months = "JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC";
+		} else if (typeof arg == 'string') {
+			var months = 'JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC';
 			arg = arg.toUpperCase();
 			arg = months.indexOf(arg);
 			if (arg == -1)
@@ -184,11 +184,11 @@ function timeRange() {
 	var date2 = new Date();
 	var num = arguments.length;
 	var gmt = arguments[num - 1];
-	if (typeof gmt != "string")
+	if (typeof gmt != 'string')
 		gmt = false;
 	else {
 		gmt = gmt.toUpperCase();
-		if (gmt != "GMT")
+		if (gmt != 'GMT')
 			gmt = false;
 		else {
 			gmt = true;

data/lib/aspera/proxy_auto_config.rb

@@ -11,14 +11,14 @@ module URI
       def register_proxy_finder
         raise 'mandatory block missing' unless Kernel.block_given?
         # overload the method in URI : call user's provided block and fallback to original method
-        define_method(:find_proxy) {|envars=ENV| yield(to_s) || find_proxy_orig(envars)}
+        define_method(:find_proxy) {|env_vars=ENV| yield(to_s) || find_proxy_orig(env_vars)}
       end
     end
   end
 end
 
 module Aspera
-  # Evaluate a proxy autoconfig script
+  # Evaluate a proxy auto config script
   class ProxyAutoConfig
     # template file is read once, it contains functions that can be used in a proxy autoconf script
     # it is similar to mozilla ascii_pac_utils.inc
@@ -70,7 +70,7 @@ END_OF_JAVASCRIPT
     end
 
     # execute proxy auto config script for the given URL : https://en.wikipedia.org/wiki/Proxy_auto-config
-    # @return either nil, or a String formated following PAC standard
+    # @return either nil, or a String formatted following PAC standard
     def find_proxy_for_url(service_url)
       uri = URI.parse(service_url)
       simple_url = "#{uri.scheme}://#{uri.host}"

data/lib/aspera/rest.rb

@@ -36,6 +36,8 @@ module Aspera
       proxy_pass:              nil
     }
 
+    ARRAY_PARAMS = '[]'
+
     class << self
       # define accessors
       @@global.each_key do |p|
@@ -60,9 +62,9 @@ module Aspera
             orig.each do |k, v|
               case v
               when Array
-                suffix = v.first.eql?('[]') ? v.shift : ''
+                suffix = v.first.eql?(ARRAY_PARAMS) ? v.shift : ''
                 v.each do |e|
-                  params.push([k + suffix, e])
+                  params.push([k.to_s + suffix, e])
                 end
               else
                 params.push([k, v])
@@ -140,7 +142,7 @@ module Aspera
       uri = self.class.build_uri("#{call_data[:base_url]}#{['', '/'].include?(call_data[:subpath]) ? '' : '/'}#{call_data[:subpath]}", call_data[:url_params])
       Log.log.debug{"URI=#{uri}"}
       begin
-        # instanciate request object based on string name
+        # instantiate request object based on string name
         req = Net::HTTP.const_get(call_data[:operation].capitalize).new(uri)
       rescue NameError
         raise "unsupported operation : #{call_data[:operation]}"
@@ -198,7 +200,7 @@ module Aspera
       Log.log.debug{"accessing #{call_data[:subpath]}".red.bold.bg_green}
       call_data[:headers] ||= {}
       call_data[:headers]['User-Agent'] ||= self.class.user_agent
-      # defaults from @params are overriden by call data
+      # defaults from @params are overridden by call data
       call_data = @params.deep_merge(call_data)
       case call_data[:auth][:type]
       when :none
@@ -279,7 +281,7 @@ module Aspera
             e = e_tok
             Log.log.error('refresh failed'.bg_red)
             # regenerate a brand new token
-            req['Authorization'] = oauth_token(use_cache: false)
+            req['Authorization'] = oauth_token(force_refresh: true)
           end
           Log.log.debug{"using new token=#{call_data[:headers]['Authorization']}"}
           retry unless (oauth_tries -= 1).zero?
@@ -291,15 +293,15 @@ module Aspera
           new_url = e.response['location']
           new_url = "#{current_uri.scheme}:#{new_url}" unless new_url.start_with?('http')
           Log.log.info{"URL is moved: #{new_url}"}
-          redir_uri = URI.parse(new_url)
+          redirection_uri = URI.parse(new_url)
           call_data[:base_url] = new_url
           call_data[:subpath] = ''
-          if current_uri.host.eql?(redir_uri.host) && current_uri.port.eql?(redir_uri.port)
+          if current_uri.host.eql?(redirection_uri.host) && current_uri.port.eql?(redirection_uri.port)
             req = build_request(call_data)
             retry
           else
             # change host
-            Log.log.info{"Redirect changes host: #{current_uri.host} -> #{redir_uri.host}"}
+            Log.log.info{"Redirect changes host: #{current_uri.host} -> #{redirection_uri.host}"}
             return self.class.new(call_data).call(call_data)
           end
         end
@@ -327,8 +329,8 @@ module Aspera
       return call({operation: 'PUT', subpath: subpath, headers: {'Accept' => 'application/json'}, json_params: params})
     end
 
-    def delete(subpath)
-      return call({operation: 'DELETE', subpath: subpath, headers: {'Accept' => 'application/json'}})
+    def delete(subpath, args=nil)
+      return call({operation: 'DELETE', subpath: subpath, headers: {'Accept' => 'application/json'}, url_params: args})
     end
 
     def cancel(subpath)

data/lib/aspera/rest_error_analyzer.rb

@@ -47,7 +47,7 @@ module Aspera
       raise RestCallError.new(call_context[:request], call_context[:response], call_context[:messages].join("\n")) unless call_context[:messages].empty?
     end
 
-    # add a new error handler (done at application initialisation)
+    # add a new error handler (done at application initialization)
     # @param name : name of error handler (for logs)
     # @param block : processing of response: takes two parameters: name, call_context
     # name is the one provided here
@@ -69,7 +69,7 @@ module Aspera
         if call_context[:data].is_a?(Hash) && (!call_context[:response].code.start_with?('2') || always)
           msg_key = path.pop
           # dig and find sub entry corresponding to path in deep hash
-          error_struct = path.inject(call_context[:data]) { |subhash, key| subhash.respond_to?(:keys) ? subhash[key] : nil }
+          error_struct = path.inject(call_context[:data]) { |sub_hash, key| sub_hash.respond_to?(:keys) ? sub_hash[key] : nil }
           if error_struct.is_a?(Hash) && error_struct[msg_key].is_a?(String)
             RestErrorAnalyzer.add_error(call_context, type, error_struct[msg_key])
             error_struct.each do |k, v|
@@ -89,10 +89,10 @@ module Aspera
       # @param msg one error message  to add to list
       def add_error(call_context, type, msg)
         call_context[:messages].push(msg)
-        logfile = instance.log_file
+        log_file = instance.log_file
         # log error for further analysis (file must exist to activate)
-        return if logfile.nil? || !File.exist?(logfile)
-        File.open(logfile, 'a+') do |f|
+        return if log_file.nil? || !File.exist?(log_file)
+        File.open(log_file, 'a+') do |f|
           f.write("\n=#{type}=====\n#{call_context[:request].method} #{call_context[:request].path}\n#{call_context[:response].code}\n"\
             "#{JSON.generate(call_context[:data])}\n#{call_context[:messages].join("\n")}")
         end

data/lib/aspera/secret_hider.rb

@@ -10,9 +10,9 @@ module Aspera
     # env vars for ascp with secrets
     ASCP_ENV_SECRETS = %w[ASPERA_SCP_PASS ASPERA_SCP_KEY ASPERA_SCP_FILEPASS ASPERA_PROXY_PASS ASPERA_SCP_TOKEN].freeze
     # keys in hash that contain secrets
-    KEY_SECRETS = %w[password secret private_key passphrase].freeze
-    ALL_SECRETS = [].concat(ASCP_ENV_SECRETS, KEY_SECRETS).freeze
-    # regex that define namec captures :begin and :end
+    KEY_SECRETS = %w[password secret passphrase _key apikey crn token].freeze
+    ALL_SECRETS = [ASCP_ENV_SECRETS, KEY_SECRETS].flatten.freeze
+    # regex that define named captures :begin and :end
     REGEX_LOG_REPLACES = [
       # CLI manager get/set options
       /(?<begin>[sg]et (#{KEY_SECRETS.join('|')})=).*(?<end>)/,
@@ -70,6 +70,7 @@ module Aspera
             end
           end
         end
+        return obj
       end
     end
   end

data/lib/aspera/ssh.rb

@@ -37,14 +37,14 @@ module Aspera
           channel.on_data{|_chan, data|response.push(data)}
           # prepare stderr processing, stderr if type = 1
           channel.on_extended_data do |_chan, _type, data|
-            errormsg = "#{cmd}: [#{data.chomp}]"
+            error_message = "#{cmd}: [#{data.chomp}]"
             # Happens when windows user hasn't logged in and created home account.
             if data.include?('Could not chdir to home directory')
-              errormsg += "\nHint: home not created in Windows?"
+              error_message += "\nHint: home not created in Windows?"
             end
-            raise errormsg
+            raise error_message
           end
-          # send commannd to SSH channel (execute)
+          # send command to SSH channel (execute)
           channel.send('cexe'.reverse, cmd){|_ch, _success|channel.send_data(input) unless input.nil?}
         end
         # wait for channel to finish (command exit)

data/lib/aspera/sync.rb

@@ -10,48 +10,48 @@ module Aspera
   class Sync
     PARAMS_VX_INSTANCE =
       {
-        'alt_logdir'          => { cltype: :opt_with_arg, accepted_types: :string},
-        'watchd'              => { cltype: :opt_with_arg, accepted_types: :string},
-        'apply_local_docroot' => { cltype: :opt_without_arg},
-        'quiet'               => { cltype: :opt_without_arg},
-        'ws_connect'          => { cltype: :opt_without_arg}
+        'alt_logdir'          => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'watchd'              => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'apply_local_docroot' => { cli: { type: :opt_without_arg}},
+        'quiet'               => { cli: { type: :opt_without_arg}},
+        'ws_connect'          => { cli: { type: :opt_without_arg}}
       }.freeze
 
     # map sync session parameters to transfer spec: sync -> ts, true if same
     PARAMS_VX_SESSION =
       {
-        'name'                       => { cltype: :opt_with_arg, accepted_types: :string},
-        'local_dir'                  => { cltype: :opt_with_arg, accepted_types: :string},
-        'remote_dir'                 => { cltype: :opt_with_arg, accepted_types: :string},
-        'local_db_dir'               => { cltype: :opt_with_arg, accepted_types: :string},
-        'remote_db_dir'              => { cltype: :opt_with_arg, accepted_types: :string},
-        'host'                       => { cltype: :opt_with_arg, accepted_types: :string, ts: :remote_host},
-        'user'                       => { cltype: :opt_with_arg, accepted_types: :string, ts: :remote_user},
-        'private_key_paths'          => { cltype: :opt_with_arg, accepted_types: :array, clswitch: '--private-key-path'},
-        'direction'                  => { cltype: :opt_with_arg, accepted_types: :string},
-        'checksum'                   => { cltype: :opt_with_arg, accepted_types: :string},
-        'tags'                       => { cltype: :opt_with_arg, accepted_types: :hash, ts: true,
-                                          clswitch: '--tags64', clconvert: 'Aspera::Fasp::Parameters.clconv_json64'},
-        'tcp_port'                   => { cltype: :opt_with_arg, accepted_types: :int, ts: :ssh_port},
-        'rate_policy'                => { cltype: :opt_with_arg, accepted_types: :string},
-        'target_rate'                => { cltype: :opt_with_arg, accepted_types: :string},
-        'cooloff'                    => { cltype: :opt_with_arg, accepted_types: :int},
-        'pending_max'                => { cltype: :opt_with_arg, accepted_types: :int},
-        'scan_intensity'             => { cltype: :opt_with_arg, accepted_types: :string},
-        'cipher'                     => { cltype: :opt_with_arg, accepted_types: :string, ts: true},
-        'transfer_threads'           => { cltype: :opt_with_arg, accepted_types: :int},
-        'preserve_time'              => { cltype: :opt_without_arg, ts: :preserve_times},
-        'preserve_access_time'       => { cltype: :opt_without_arg, ts: nil},
-        'preserve_modification_time' => { cltype: :opt_without_arg, ts: nil},
-        'preserve_uid'               => { cltype: :opt_without_arg, ts: :preserve_file_owner_uid},
-        'preserve_gid'               => { cltype: :opt_without_arg, ts: :preserve_file_owner_gid},
-        'create_dir'                 => { cltype: :opt_without_arg, ts: true},
-        'reset'                      => { cltype: :opt_without_arg},
+        'name'                       => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'local_dir'                  => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'remote_dir'                 => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'local_db_dir'               => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'remote_db_dir'              => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'host'                       => { cli: { type: :opt_with_arg}, accepted_types: :string, ts: :remote_host},
+        'user'                       => { cli: { type: :opt_with_arg}, accepted_types: :string, ts: :remote_user},
+        'private_key_paths'          => { cli: { type: :opt_with_arg, switch: '--private-key-path'}, accepted_types: :array},
+        'direction'                  => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'checksum'                   => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'tags'                       => { cli: { type: :opt_with_arg, switch: '--tags64', convert: 'Aspera::Fasp::Parameters.convert_json64'},
+                                          accepted_types: :hash, ts: true},
+        'tcp_port'                   => { cli: { type: :opt_with_arg}, accepted_types: :int, ts: :ssh_port},
+        'rate_policy'                => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'target_rate'                => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'cooloff'                    => { cli: { type: :opt_with_arg}, accepted_types: :int},
+        'pending_max'                => { cli: { type: :opt_with_arg}, accepted_types: :int},
+        'scan_intensity'             => { cli: { type: :opt_with_arg}, accepted_types: :string},
+        'cipher'                     => { cli: { type: :opt_with_arg}, accepted_types: :string, ts: true},
+        'transfer_threads'           => { cli: { type: :opt_with_arg}, accepted_types: :int},
+        'preserve_time'              => { cli: { type: :opt_without_arg}, ts: :preserve_times},
+        'preserve_access_time'       => { cli: { type: :opt_without_arg}, ts: nil},
+        'preserve_modification_time' => { cli: { type: :opt_without_arg}, ts: nil},
+        'preserve_uid'               => { cli: { type: :opt_without_arg}, ts: :preserve_file_owner_uid},
+        'preserve_gid'               => { cli: { type: :opt_without_arg}, ts: :preserve_file_owner_gid},
+        'create_dir'                 => { cli: { type: :opt_without_arg}, ts: true},
+        'reset'                      => { cli: { type: :opt_without_arg}},
         # NOTE: only one env var, but multiple sessions... could be a problem
-        'remote_password'            => { cltype: :envvar, clvarname: 'ASPERA_SCP_PASS', ts: true},
-        'cookie'                     => { cltype: :envvar, clvarname: 'ASPERA_SCP_COOKIE', ts: true},
-        'token'                      => { cltype: :envvar, clvarname: 'ASPERA_SCP_TOKEN', ts: true},
-        'license'                    => { cltype: :envvar, clvarname: 'ASPERA_SCP_LICENSE'}
+        'remote_password'            => { cli: { type: :envvar, variable: 'ASPERA_SCP_PASS'}, ts: true},
+        'cookie'                     => { cli: { type: :envvar, variable: 'ASPERA_SCP_COOKIE'}, ts: true},
+        'token'                      => { cli: { type: :envvar, variable: 'ASPERA_SCP_TOKEN'}, ts: true},
+        'license'                    => { cli: { type: :envvar, variable: 'ASPERA_SCP_LICENSE'}}
       }.freeze
 
     Aspera::CommandLineBuilder.normalize_description(PARAMS_VX_INSTANCE)
@@ -59,6 +59,7 @@ module Aspera
 
     PARAMS_VX_KEYS = %w[instance sessions].freeze
 
+    # new API
     TS_TO_PARAMS = {
       'remote_host'     => 'remote.host',
       'remote_user'     => 'remote.user',