aspera-cli 4.12.0 → 4.14.0

data/lib/aspera/cli/plugins/orchestrator.rb

@@ -9,15 +9,11 @@ module Aspera
       class Orchestrator < Aspera::Cli::BasicAuthPlugin
         def initialize(env)
           super(env)
-          options.add_opt_simple(:params, 'parameters hash table, use @json:{"param":"value"}')
-          options.add_opt_simple(:result, "specify result value as: 'work step:parameter'")
-          options.add_opt_boolean(:synchronous, 'work step:parameter expected as result')
-          options.add_opt_list(:ret_style, %i[header arg ext], 'how return type is requested in api')
-          options.add_opt_list(:auth_style, %i[arg_pass head_basic apikey], 'authentication type')
-          options.set_option(:params, {})
-          options.set_option(:synchronous, :no)
-          options.set_option(:ret_style, :arg)
-          options.set_option(:auth_style, :head_basic)
+          options.declare(:params, 'Start parameters', types: Hash, default: {})
+          options.declare(:result, "Specify result value as: 'work step:parameter'")
+          options.declare(:synchronous, 'Work step:parameter expected as result', values: :bool, default: :no)
+          options.declare(:ret_style, 'How return type is requested in api', values: %i[header arg ext], default: :arg)
+          options.declare(:auth_style, 'Authentication type', values: %i[arg_pass head_basic apikey], default: :head_basic)
           options.parse_options!
         end
 
@@ -49,7 +45,7 @@ module Aspera
           call_args[:subpath] = "#{opt[:prefix]}/#{call_args[:subpath]}" unless opt[:prefix].nil?
           # specify id if necessary
           call_args[:subpath] = "#{call_args[:subpath]}/#{opt[:id]}" if opt.key?(:id)
-          call_type = options.get_option(:ret_style, is_type: :mandatory)
+          call_type = options.get_option(:ret_style, mandatory: true)
           call_type = opt[:ret_style] if opt.key?(:ret_style)
           format = 'json'
           format = opt[:format] if opt.key?(:format)
@@ -73,19 +69,19 @@ module Aspera
         end
 
         def execute_action
-          rest_params = {base_url: options.get_option(:url, is_type: :mandatory)}
-          case options.get_option(:auth_style, is_type: :mandatory)
+          rest_params = {base_url: options.get_option(:url, mandatory: true)}
+          case options.get_option(:auth_style, mandatory: true)
           when :arg_pass
             rest_params[:auth] = {
               type:      :url,
               url_creds: {
-                'login'    => options.get_option(:username, is_type: :mandatory),
-                'password' => options.get_option(:password, is_type: :mandatory) }}
+                'login'    => options.get_option(:username, mandatory: true),
+                'password' => options.get_option(:password, mandatory: true) }}
           when :head_basic
             rest_params[:auth] = {
               type:     :basic,
-              username: options.get_option(:username, is_type: :mandatory),
-              password: options.get_option(:password, is_type: :mandatory) }
+              username: options.get_option(:username, mandatory: true),
+              password: options.get_option(:password, mandatory: true) }
           when :apikey
             raise 'Not implemented'
           end
@@ -150,11 +146,12 @@ module Aspera
               call_params = {format: :json}
               override_accept = nil
               # set external parameters if any
-              self.options.get_option(:params, is_type: :mandatory).each do |name, value|
+              # TODO: make not an option, but a parameter
+              self.options.get_option(:params, mandatory: true).each do |name, value|
                 call_params["external_parameters[#{name}]"] = value
               end
               # synchronous call ?
-              call_params['synchronous'] = true if self.options.get_option(:synchronous, is_type: :mandatory)
+              call_params['synchronous'] = true if self.options.get_option(:synchronous, mandatory: true)
               # expected result for synchro call ?
               expected = self.options.get_option(:result)
               unless expected.nil?

data/lib/aspera/cli/plugins/preview.rb

@@ -54,43 +54,42 @@ module Aspera
           # used to trigger periodic processing
           @periodic = TimerLimiter.new(LOG_LIMITER_SEC)
           # link CLI options to gen_info attributes
-          options.set_obj_attr(:skip_format, self, :option_skip_format, []) # no skip
-          options.set_obj_attr(:folder_reset_cache, self, :option_folder_reset_cache, :no)
-          options.set_obj_attr(:skip_types, self, :option_skip_types)
-          options.set_obj_attr(:previews_folder, self, :option_previews_folder, DEFAULT_PREVIEWS_FOLDER)
-          options.set_obj_attr(:skip_folders, self, :option_skip_folders, []) # no skip
-          options.set_obj_attr(:overwrite, self, :option_overwrite, :mtime)
-          options.set_obj_attr(:file_access, self, :option_file_access, :local)
-          options.add_opt_list(:skip_format, Aspera::Preview::Generator::PREVIEW_FORMATS, 'skip this preview format (multiple possible)')
-          options.add_opt_list(:folder_reset_cache, %i[no header read], 'force detection of generated preview by refresh cache')
-          options.add_opt_simple(:skip_types, 'skip types in comma separated list')
-          options.add_opt_simple(:previews_folder, 'preview folder in storage root')
-          options.add_opt_simple(:temp_folder, 'path to temp folder')
-          options.add_opt_simple(:skip_folders, 'list of folder to skip')
-          options.add_opt_simple(:case, 'basename of output for for test')
-          options.add_opt_simple(:scan_path, 'subpath in folder id to start scan in (default=/)')
-          options.add_opt_simple(:scan_id, 'folder id in storage to start scan in, default is access key main folder id')
-          options.add_opt_boolean(:mimemagic, 'use Mime type detection of gem mimemagic')
-          options.add_opt_list(:overwrite, %i[always never mtime], 'when to overwrite result file')
-          options.add_opt_list(:file_access, %i[local remote], 'how to read and write files in repository')
-          options.set_option(:temp_folder, Dir.tmpdir)
-          options.set_option(:mimemagic, false)
+          options.declare(
+            :skip_format, 'Skip this preview format (multiple possible)', values: Aspera::Preview::Generator::PREVIEW_FORMATS,
+            handler: {o: self, m: :option_skip_format}, default: [])
+          options.declare(
+            :folder_reset_cache, 'Force detection of generated preview by refresh cache',
+            values: %i[no header read],
+            handler: {o: self, m: :option_folder_reset_cache},
+            default: :no)
+          options.declare(:skip_types, 'Skip types in comma separated list', handler: {o: self, m: :option_skip_types})
+          options.declare(:previews_folder, 'Preview folder in storage root', handler: {o: self, m: :option_previews_folder}, default: DEFAULT_PREVIEWS_FOLDER)
+          options.declare(:temp_folder, 'Path to temp folder', default: Dir.tmpdir)
+          options.declare(:skip_folders, 'List of folder to skip', handler: {o: self, m: :option_skip_folders}, default: [])
+          options.declare(:case, 'Basename of output for for test')
+          options.declare(:scan_path, 'Subpath in folder id to start scan in (default=/)')
+          options.declare(:scan_id, 'Folder id in storage to start scan in, default is access key main folder id')
+          options.declare(:mimemagic, 'Use Mime type detection of gem mimemagic', values: :bool, default: false)
+          options.declare(:overwrite, 'When to overwrite result file', values: %i[always never mtime], handler: {o: self, m: :option_overwrite}, default: :mtime)
+          options.declare(
+            :file_access, 'How to read and write files in repository',
+            values: %i[local remote],
+            handler: {o: self, m: :option_file_access},
+            default: :local)
 
           # add other options for generator (and set default values)
           Aspera::Preview::Options::DESCRIPTIONS.each do |opt|
-            options.set_obj_attr(opt[:name], @gen_options, opt[:name], opt[:default])
-            if opt.key?(:values)
-              options.add_opt_list(opt[:name], opt[:values], opt[:description])
+            values = if opt.key?(:values)
+              opt[:values]
             elsif Cli::Manager::BOOLEAN_SIMPLE.include?(opt[:default])
-              options.add_opt_boolean(opt[:name], opt[:description])
-            else
-              options.add_opt_simple(opt[:name], opt[:description])
+              :bool
             end
+            options.declare(opt[:name], opt[:description].capitalize, values: values, handler: {o: @gen_options, m: opt[:name]}, default: opt[:default])
           end
 
           options.parse_options!
           raise 'skip_folder shall be an Array, use @json:[...]' unless @option_skip_folders.is_a?(Array)
-          @tmp_folder = File.join(options.get_option(:temp_folder, is_type: :mandatory), "#{TMP_DIR_PREFIX}.#{SecureRandom.uuid}")
+          @tmp_folder = File.join(options.get_option(:temp_folder, mandatory: true), "#{TMP_DIR_PREFIX}.#{SecureRandom.uuid}")
           FileUtils.mkdir_p(@tmp_folder)
           Log.log.debug{"tmpdir: #{@tmp_folder}"}
         end
@@ -149,8 +148,8 @@ module Aspera
             if event['data']['direction'].eql?(Fasp::TransferSpec::DIRECTION_RECEIVE) &&
                 event['data']['status'].eql?('completed') &&
                 event['data']['error_code'].eql?(0) &&
-                event['data'].dig('tags', 'aspera', PREV_GEN_TAG).nil?
-              folder_id = event.dig('data', 'tags', 'aspera', 'node', 'file_id')
+                event['data'].dig('tags', Fasp::TransferSpec::TAG_RESERVED, PREV_GEN_TAG).nil?
+              folder_id = event.dig('data', 'tags', Fasp::TransferSpec::TAG_RESERVED, 'node', 'file_id')
               folder_id ||= event.dig('data', 'file_id')
               if !folder_id.nil?
                 folder_entry = @api_node.read("files/#{folder_id}")[:data] rescue nil
@@ -206,34 +205,12 @@ module Aspera
         end
 
         def do_transfer(direction, folder_id, source_filename, destination='/')
-          raise 'error' if destination.nil? && direction.eql?(Fasp::TransferSpec::DIRECTION_RECEIVE)
-          if @default_transfer_spec.nil?
-            # make a dummy call to get some default transfer parameters
-            res = @api_node.create('files/upload_setup', {'transfer_requests' => [{'transfer_request' => {'paths' => [{}], 'destination_root' => '/'}}]})
-            template_ts = res[:data]['transfer_specs'].first['transfer_spec']
-            # get ports, anyway that should be 33001 for both. add remote_user ?
-            @default_transfer_spec = %w[ssh_port fasp_port].each_with_object({}){|e, h|h[e] = template_ts[e]; }
-            if !@default_transfer_spec['remote_user'].eql?(Aspera::Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
-              Log.log.warn('remote_user shall be xfer')
-              @default_transfer_spec['remote_user'] = Aspera::Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER
-            end
-            @api_node.ts_basic_token(@default_transfer_spec)
-            # NOTE: we use the same address for ascp than for node api instead of the one from upload_setup
-            # TODO: configurable ? useful ?
-            @default_transfer_spec['remote_host'] = @transfer_server_address
-          end
-          t_spec = @default_transfer_spec.merge({
-            'direction' => direction,
-            'paths'     => [{'source' => source_filename}],
-            'tags'      => {
-              'aspera' => {
-                PREV_GEN_TAG => true,
-                'node'       => {
-                  'access_key' => @access_key_self['id'],
-                  'file_id'    => folder_id }}}
+          raise 'Internal ERROR' if destination.nil? && direction.eql?(Fasp::TransferSpec::DIRECTION_RECEIVE)
+          t_spec = @api_node.transfer_spec_gen4(folder_id, direction, {
+            'paths' => [{'source' => source_filename}],
+            'tags'  => {Fasp::TransferSpec::TAG_RESERVED => {PREV_GEN_TAG => true}}
           })
-          # force destination
-          # t_spec['destination_root']=destination
+          # force destination, need to set this in transfer agent else it gets overwritten, not do: t_spec['destination_root']=destination
           transfer.option_transfer_spec_deep_merge({'destination_root' => destination})
           Main.result_transfer(transfer.start(t_spec))
         end
@@ -358,7 +335,7 @@ module Aspera
             scan_start = '/' + scan_start.split('/').reject(&:empty?).join('/')
             scan_start = "#{scan_start}/" # unless scan_start.end_with?('/')
           end
-          filter_block = Aspera::Node.file_matcher(options.get_option(:value))
+          filter_block = Aspera::Node.file_matcher(value_or_query(allowed_types: String))
           Log.log.debug{"scan: #{top_entry} : #{scan_start}".green}
           # don't use recursive call, use list instead
           entries_to_process = [top_entry]
@@ -455,7 +432,7 @@ module Aspera
               end
             end
           end
-          Aspera::Preview::FileTypes.instance.use_mimemagic = options.get_option(:mimemagic, is_type: :mandatory)
+          Aspera::Preview::FileTypes.instance.use_mimemagic = options.get_option(:mimemagic, mandatory: true)
           # check tools that are anyway required for all cases
           Aspera::Preview::Utils.check_tools(@skip_types)
           case command
@@ -477,15 +454,15 @@ module Aspera
             return Main.result_status('scan finished')
           when :events, :trevents
             iteration_persistency = nil
-            if options.get_option(:once_only, is_type: :mandatory)
+            if options.get_option(:once_only, mandatory: true)
               iteration_persistency = PersistencyActionOnce.new(
                 manager: @agents[:persistency],
                 data:    [],
                 id:      IdGenerator.from_list([
                   'preview_iteration',
                   command.to_s,
-                  options.get_option(:url, is_type: :mandatory),
-                  options.get_option(:username, is_type: :mandatory)
+                  options.get_option(:url, mandatory: true),
+                  options.get_option(:username, mandatory: true)
                 ]))
             end
             # call processing method specified by command line command
@@ -506,6 +483,7 @@ module Aspera
             raise 'error'
           end
         ensure
+          Log.log.debug{"cleaning up temp folder #{@tmp_folder}"}
           FileUtils.rm_rf(@tmp_folder)
         end # execute_action
       end # Preview

data/lib/aspera/cli/plugins/server.rb

@@ -13,9 +13,21 @@ module Aspera
   module Cli
     module Plugins
       # implement basic remote access with FASP/SSH
+      class SyncSpecServer
+        def initialize(transfer_spec)
+          @transfer_spec = transfer_spec
+        end
+
+        def transfer_spec(direction, local_path, remote_path)
+          return @transfer_spec
+        end
+      end
+
       class Server < Aspera::Cli::BasicAuthPlugin
         SSH_SCHEME = 'ssh'
-        URI_SCHEMES = %w[https local].push(SSH_SCHEME).freeze
+        LOCAL_SCHEME = 'local'
+        HTTPS_SCHEME = 'https'
+        URI_SCHEMES = [SSH_SCHEME, LOCAL_SCHEME, HTTPS_SCHEME].freeze
         ASCMD_ALIASES = {
           browse: :ls,
           delete: :rm,
@@ -31,7 +43,7 @@ module Aspera
             cmd = cmd.map{|v|%Q("#{v}")}.join(' ') if cmd.is_a?(Array)
             Log.log.debug{"Executing: #{cmd} with '#{line}'"}
             stdout_str, stderr_str, status = Open3.capture3(cmd, stdin_data: line, binmode: true)
-            Log.log.debug(">> #{status} -> #{stderr_str}")
+            Log.log.debug{"exec status: #{status} -> #{stderr_str}"}
             raise "command #{cmd} failed with code #{status.exitstatus} #{stderr_str}" unless status.success?
             return stdout_str
           end
@@ -39,28 +51,32 @@ module Aspera
 
         def initialize(env)
           super(env)
-          options.add_opt_simple(:ssh_keys, 'SSH key path list (Array or single)')
-          options.add_opt_simple(:ssh_options, 'SSH options (Hash)')
+          options.declare(:ssh_keys, 'SSH key path list (Array or single)')
+          options.declare(:passphrase, 'SSH private key passphrase')
+          options.declare(:ssh_options, 'SSH options', types: Hash, default: {})
           options.parse_options!
-          @ssh_opts = nil
+          @ssh_opts = options.get_option(:ssh_options).symbolize_keys
         end
 
         # Read command line options
         # @return [Hash] transfer specification
         def options_to_base_transfer_spec
-          url = options.get_option(:url, is_type: :mandatory)
+          url = options.get_option(:url, mandatory: true)
           server_transfer_spec = {}
           server_uri = URI.parse(url)
-          Log.log.debug{"URI : #{server_uri}, port=#{server_uri.port}, scheme:#{server_uri.scheme}"}
+          Log.log.debug{"URI=#{server_uri}, host=#{server_uri.hostname}, port=#{server_uri.port}, scheme=#{server_uri.scheme}"}
           server_transfer_spec['remote_host'] = server_uri.hostname
           unless URI_SCHEMES.include?(server_uri.scheme)
             Log.log.warn{"Scheme [#{server_uri.scheme}] not supported in #{url}, use one of: #{URI_SCHEMES.join(', ')}. Defaulting to #{SSH_SCHEME}."}
             server_uri.scheme = SSH_SCHEME
           end
-          if server_uri.scheme.eql?('local')
+          if server_uri.scheme.eql?(LOCAL_SCHEME)
             # Using local execution (mostly for testing)
+            server_transfer_spec['remote_host'] = 'localhost'
+            # simulate SSH environment, else ascp will fail
+            ENV['SSH_CLIENT'] = 'local 0 0'
             return server_transfer_spec
-          elsif transfer.option_transfer_spec['token'].is_a?(String) && server_uri.scheme.eql?('https')
+          elsif transfer.option_transfer_spec['token'].is_a?(String) && server_uri.scheme.eql?(HTTPS_SCHEME)
             server_transfer_spec['wss_enabled'] = true
             server_transfer_spec['wss_port'] = server_uri.port
             # Using WSS
@@ -78,11 +94,7 @@ module Aspera
             options.set_option(:username, Aspera::Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
             Log.log.info{"No username provided: Assuming default transfer user: #{Aspera::Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER}"}
           end
-          server_transfer_spec['remote_user'] = options.get_option(:username, is_type: :mandatory)
-          ssh_args = options.get_option(:ssh_options)
-          ssh_args = {} if ssh_args.nil?
-          raise 'expecting a Hash for ssh_options' unless ssh_args.is_a?(Hash)
-          @ssh_opts = ssh_args.symbolize_keys
+          server_transfer_spec['remote_user'] = options.get_option(:username, mandatory: true)
           if !server_uri.port.nil?
             @ssh_opts[:port] = server_uri.port
             server_transfer_spec['ssh_port'] = server_uri.port
@@ -109,6 +121,11 @@ module Aspera
               cred_set = true
             end
           end
+          ssh_passphrase = options.get_option(:passphrase)
+          if !ssh_passphrase.nil?
+            @ssh_opts[:passphrase] = ssh_passphrase
+            server_transfer_spec['ssh_private_key_passphrase'] = ssh_passphrase
+          end
           # if user provided transfer spec has a token, we will use bypass keys
           cred_set = true if transfer.option_transfer_spec['token'].is_a?(String)
           raise 'Either password, key , or transfer spec token must be provided' if !cred_set
@@ -121,7 +138,7 @@ module Aspera
             Fasp::TransferSpec.action_to_direction(transfer_spec, command)
             return Main.result_transfer(transfer.start(transfer_spec))
           when :sync
-            sync_plugin = Sync.new(@agents, transfer_spec: transfer_spec)
+            sync_plugin = Plugins::Sync.new(@agents, sync_spec: SyncSpecServer.new(transfer_spec))
             return sync_plugin.execute_action
           end
         end
@@ -133,7 +150,7 @@ module Aspera
 
         def execute_action
           server_transfer_spec = options_to_base_transfer_spec
-          ascmd_executor = if !@ssh_opts.nil?
+          ascmd_executor = if !@ssh_opts.empty?
             Ssh.new(server_transfer_spec['remote_host'], server_transfer_spec['remote_user'], @ssh_opts)
           elsif server_transfer_spec.key?('wss_enabled')
             nil

data/lib/aspera/cli/plugins/shares.rb

@@ -26,24 +26,25 @@ module Aspera
 
         def initialize(env)
           super(env)
-          options.add_opt_list(:type, %i[any local ldap saml], 'Type of user/group for operations')
-          options.set_option(:type, :any)
+          options.declare(:type, 'Type of user/group for operations', values: %i[any local ldap saml], default: :any)
           options.parse_options!
         end
 
         SAML_IMPORT_MANDATORY = %w[id name_id].freeze
         SAML_IMPORT_ALLOWED = %w[email given_name surname].concat(SAML_IMPORT_MANDATORY).freeze
 
-        ACTIONS = %i[health repository admin].freeze
+        ACTIONS = %i[health files admin].freeze
+        # common to users and groups
+        USR_GRP_SETTINGS = %i[transfer_settings app_authorizations share_permissions].freeze
 
         def execute_action
-          command = options.get_next_command(ACTIONS)
+          command = options.get_next_command(ACTIONS, aliases: {repository: :files})
           case command
           when :health
             nagios = Nagios.new
             begin
               Rest
-                .new(base_url: options.get_option(:url, is_type: :mandatory) + '/node_api')
+                .new(base_url: options.get_option(:url, mandatory: true) + '/node_api')
                 .call(
                   operation: 'GET',
                   subpath: 'ping',
@@ -54,25 +55,28 @@ module Aspera
               nagios.add_critical('node api', e.to_s)
             end
             return nagios.result
-          when :repository
+          when :repository, :files
             api_shares_node = basic_auth_api('node_api')
             repo_command = options.get_next_command(Node::COMMANDS_SHARES)
             return Node.new(@agents.merge(skip_basic_auth_options: true, node_api: api_shares_node)).execute_action(repo_command)
           when :admin
             api_shares_admin = basic_auth_api('api/v1')
-            admin_command = options.get_next_command(%i[user group share node])
+            admin_command = options.get_next_command(%i[user group share node].freeze)
             case admin_command
             when :node
               return entity_action(api_shares_admin, 'data/nodes')
             when :user, :group
               entity_type = admin_command
-              entities_location = options.get_option(:type, is_type: :mandatory)
+              entities_location = options.get_option(:type, mandatory: true)
               entities_path = "data/#{entities_location}_#{entity_type}s"
               entity_action = nil
               case entities_location
               when :any
                 entities_path = "data/#{entity_type}s"
-                entity_action = %i[list show delete share_permissions app_authorizations].freeze
+                entity_action = %i[list show delete]
+                entity_action.concat(USR_GRP_SETTINGS)
+                entity_action.push(:users) if entity_type.eql?(:group)
+                entity_action.freeze
               when :local
                 entity_action = %i[list show create modify delete].freeze
               when :ldap
@@ -80,31 +84,15 @@ module Aspera
               when :saml
                 entity_action = %i[import].freeze
               end
-              entity_command = options.get_next_command(entity_action)
-              entity_path = "#{entities_path}/#{instance_identifier}" if %i[app_authorizations share_permissions].include?(entity_command)
-              case entity_command
-              when :list, :show, :create, :delete, :modify
+              entity_verb = options.get_next_command(entity_action)
+              # entity_path = "#{entities_path}/#{instance_identifier}" if %i[app_authorizations share_permissions].include?(entity_verb)
+              case entity_verb
+              when *Plugin::ALL_OPS
                 display_fields = entity_type.eql?(:user) ? %w[id username first_name last_name email] : nil
                 display_fields.push(:directory_user) if entity_type.eql?(:user) && entities_location.eql?(:any)
-                return entity_command(entity_command, api_shares_admin, entities_path, display_fields: display_fields)
-              when :app_authorizations
-                case options.get_next_command(%i[modify show])
-                when :show
-                  return {type: :single_object, data: api_shares_admin.read("#{entity_path}/app_authorizations")[:data]}
-                when :modify
-                  parameters = options.get_option(:value, is_type: :mandatory)
-                  return {type: :single_object, data: api_shares_admin.update("#{entity_path}/app_authorizations", parameters)[:data]}
-                end
-              when :share_permissions
-                case options.get_next_command(%i[list show])
-                when :list
-                  return {type: :object_list, data: api_shares_admin.read("#{entity_path}/share_permissions")[:data]}
-                when :show
-                  return {type: :single_object, data: api_shares_admin.read("#{entity_path}/share_permissions/#{instance_identifier}")[:data]}
-                end
+                return entity_command(entity_verb, api_shares_admin, entities_path, display_fields: display_fields)
               when :import
-                parameters = options.get_option(:value, is_type: :mandatory)
-                return do_bulk_operation(parameters, 'created') do |entity_parameters|
+                return do_bulk_operation(value_create_modify(type: :bulk_hash), 'created') do |entity_parameters|
                   entity_parameters = entity_parameters.transform_keys{|k|k.gsub(/\s+/, '_').downcase}
                   raise 'expecting Hash' unless entity_parameters.is_a?(Hash)
                   SAML_IMPORT_MANDATORY.each{|p|raise "missing mandatory field: #{p}" if entity_parameters[p].nil?}
@@ -114,11 +102,14 @@ module Aspera
                   api_shares_admin.create("#{entities_path}/import", entity_parameters)[:data]
                 end
               when :add
-                parameters = options.get_option(:value)
-                return do_bulk_operation(parameters, 'created') do |entity_name|
+                return do_bulk_operation(value_create_modify(type: :bulk_hash), 'created') do |entity_name|
                   raise "expecting string (name), have #{entity_name.class}" unless entity_name.is_a?(String)
                   api_shares_admin.create(entities_path, {entity_type=>entity_name})[:data]
                 end
+              when *USR_GRP_SETTINGS
+                group_id = instance_identifier
+                entities_path = "#{entities_path}/#{group_id}/#{entity_verb}"
+                return entity_action(api_shares_admin, entities_path, is_singleton: !entity_verb.eql?(:share_permissions))
               end
             when :share
               share_command = options.get_next_command(%i[user_permissions group_permissions].concat(Plugin::ALL_OPS))

data/lib/aspera/cli/plugins/sync.rb

@@ -11,14 +11,14 @@ module Aspera
     module Plugins
       # Execute Aspera Sync
       class Sync < Aspera::Cli::Plugin
-        def initialize(env, transfer_spec: nil)
+        def initialize(env, sync_spec: nil)
           super(env)
-          options.add_opt_simple(:sync_info, 'Information for sync instance and sessions (Hash)')
-          options.add_opt_simple(:sync_session, 'Name of session to use for admin commands. default: first in parameters')
+          options.declare(:sync_info, 'Information for sync instance and sessions', types: Hash)
+          options.declare(:sync_session, 'Name of session to use for admin commands. default: first in parameters')
           options.parse_options!
           return if env[:man_only]
-          @params = options.get_option(:sync_info, is_type: :mandatory)
-          Aspera::Sync.update_parameters_with_transfer_spec(@params, transfer_spec) unless transfer_spec.nil?
+          @params = options.get_option(:sync_info, mandatory: true)
+          @sync_spec = sync_spec
         end
 
         ACTIONS = %i[start admin].freeze
@@ -27,7 +27,7 @@ module Aspera
           command = options.get_next_command(ACTIONS)
           case command
           when :start
-            Aspera::Sync.new(@params).start
+            Aspera::Sync.new(@params, @sync_spec).start
             return Main.result_success
           when :admin
             sync_admin = Aspera::SyncAdmin.new(@params, options.get_option(:sync_session))