RubyGems - aspera-cli - Versions diffs - 4.12.0 → 4.14.0 - Mend

aspera-cli 4.12.0 → 4.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +45 -5
data/CONTRIBUTING.md +113 -22
data/README.md +1289 -754
data/bin/ascli +3 -3
data/examples/dascli +1 -1
data/examples/rubyc +24 -0
data/lib/aspera/aoc.rb +63 -74
data/lib/aspera/ascmd.rb +5 -3
data/lib/aspera/cli/basic_auth_plugin.rb +6 -6
data/lib/aspera/cli/extended_value.rb +24 -37
data/lib/aspera/cli/formatter.rb +23 -25
data/lib/aspera/cli/info.rb +2 -4
data/lib/aspera/cli/main.rb +27 -27
data/lib/aspera/cli/manager.rb +143 -120
data/lib/aspera/cli/plugin.rb +88 -43
data/lib/aspera/cli/plugins/alee.rb +2 -2
data/lib/aspera/cli/plugins/aoc.rb +235 -104
data/lib/aspera/cli/plugins/ats.rb +16 -18
data/lib/aspera/cli/plugins/bss.rb +3 -3
data/lib/aspera/cli/plugins/config.rb +190 -373
data/lib/aspera/cli/plugins/console.rb +4 -6
data/lib/aspera/cli/plugins/cos.rb +12 -13
data/lib/aspera/cli/plugins/faspex.rb +21 -21
data/lib/aspera/cli/plugins/faspex5.rb +399 -150
data/lib/aspera/cli/plugins/node.rb +260 -174
data/lib/aspera/cli/plugins/orchestrator.rb +15 -18
data/lib/aspera/cli/plugins/preview.rb +40 -62
data/lib/aspera/cli/plugins/server.rb +33 -16
data/lib/aspera/cli/plugins/shares.rb +24 -33
data/lib/aspera/cli/plugins/sync.rb +6 -6
data/lib/aspera/cli/transfer_agent.rb +47 -30
data/lib/aspera/cli/version.rb +2 -1
data/lib/aspera/colors.rb +9 -7
data/lib/aspera/command_line_builder.rb +2 -1
data/lib/aspera/cos_node.rb +1 -1
data/lib/aspera/data/6 +0 -0
data/lib/aspera/environment.rb +7 -3
data/lib/aspera/fasp/agent_connect.rb +6 -1
data/lib/aspera/fasp/agent_direct.rb +17 -17
data/lib/aspera/fasp/agent_httpgw.rb +138 -60
data/lib/aspera/fasp/agent_node.rb +14 -4
data/lib/aspera/fasp/agent_trsdk.rb +2 -0
data/lib/aspera/fasp/error_info.rb +2 -0
data/lib/aspera/fasp/installation.rb +19 -19
data/lib/aspera/fasp/parameters.rb +29 -20
data/lib/aspera/fasp/parameters.yaml +5 -2
data/lib/aspera/fasp/resume_policy.rb +3 -3
data/lib/aspera/fasp/transfer_spec.rb +8 -5
data/lib/aspera/fasp/uri.rb +23 -21
data/lib/aspera/faspex_gw.rb +1 -0
data/lib/aspera/faspex_postproc.rb +3 -3
data/lib/aspera/hash_ext.rb +12 -2
data/lib/aspera/keychain/macos_security.rb +13 -13
data/lib/aspera/log.rb +1 -0
data/lib/aspera/node.rb +73 -84
data/lib/aspera/oauth.rb +4 -3
data/lib/aspera/persistency_action_once.rb +1 -1
data/lib/aspera/preview/file_types.rb +8 -6
data/lib/aspera/preview/generator.rb +23 -11
data/lib/aspera/preview/options.rb +3 -2
data/lib/aspera/preview/terminal.rb +80 -0
data/lib/aspera/preview/utils.rb +11 -11
data/lib/aspera/proxy_auto_config.js +2 -2
data/lib/aspera/rest.rb +42 -4
data/lib/aspera/rest_call_error.rb +3 -1
data/lib/aspera/secret_hider.rb +10 -5
data/lib/aspera/ssh.rb +1 -1
data/lib/aspera/sync.rb +41 -33
data/lib/aspera/web_server_simple.rb +22 -18
data.tar.gz.sig +0 -0
metadata +40 -48
metadata.gz.sig +0 -0
data/docs/test_env.conf +0 -179
data/examples/aoc.rb +0 -30
data/examples/faspex4.rb +0 -94
data/examples/node.rb +0 -96
data/examples/server.rb +0 -93
data/lib/aspera/data/7 +0 -0

data/lib/aspera/cli/plugins/faspex5.rb CHANGED Viewed

@@ -18,42 +18,74 @@ module Aspera
         RECIPIENT_TYPES = %w[user workgroup external_user distribution_list shared_inbox].freeze
         PACKAGE_TERMINATED = %w[completed failed].freeze
         API_DETECT = 'api/v5/configuration/ping'
+        # list of supported mailbox types (to list packages)
+        API_LIST_MAILBOX_TYPES = %w[inbox inbox_history inbox_all inbox_all_history outbox outbox_history pending pending_history all].freeze
+        PACKAGE_ALL_INIT = 'INIT'
+        PACKAGE_SEND_FROM_REMOTE_SOURCE = 'remote_source'
+        ADMIN_RESOURCES = %i[accounts contacts jobs workgroups shared_inboxes nodes oauth_clients registrations saml_configs metadata_profiles
+                             email_notifications].freeze
+        private_constant(*%i[RECIPIENT_TYPES PACKAGE_TERMINATED API_DETECT API_LIST_MAILBOX_TYPES PACKAGE_SEND_FROM_REMOTE_SOURCE])
         class << self
           def detect(base_url)
             api = Rest.new(base_url: base_url, redirect_max: 1)
             result = api.read(API_DETECT)
             if result[:http].code.start_with?('2') && result[:http].body.strip.empty?
-              return {version: '5', url: result[:http].uri.to_s[0..-(API_DETECT.length + 2)]}
+              suffix_length = -2 - API_DETECT.length
+              return {
+                version: result[:http]['x-ibm-aspera'] || '5',
+                url:     result[:http].uri.to_s[0..suffix_length],
+                name:    'Faspex 5'
+              }
             end
             return nil
           end
         end
+        # Faspex API v5: get transfer spec for connect
         TRANSFER_CONNECT = 'connect'
         def initialize(env)
           super(env)
-          options.add_opt_simple(:client_id, 'OAuth client identifier')
-          options.add_opt_simple(:client_secret, 'OAuth client secret')
-          options.add_opt_simple(:redirect_uri, 'OAuth redirect URI for web authentication')
-          options.add_opt_list(:auth, [:boot].concat(Oauth::STD_AUTH_TYPES), 'OAuth type of authentication')
-          options.add_opt_simple(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
-          options.add_opt_simple(:passphrase, 'RSA private key passphrase')
-          options.add_opt_simple(:shared_folder, 'Shared folder source for package files')
-          options.set_option(:auth, :jwt)
+          options.declare(:client_id, 'OAuth client identifier')
+          options.declare(:client_secret, 'OAuth client secret')
+          options.declare(:redirect_uri, 'OAuth redirect URI for web authentication')
+          options.declare(:auth, 'OAuth type of authentication', values: %i[boot link].concat(Oauth::STD_AUTH_TYPES), default: :jwt)
+          options.declare(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
+          options.declare(:passphrase, 'OAuth JWT RSA private key passphrase')
+          options.declare(:link, 'Public link authorization (specific operations)')
+          options.declare(:box, "Package inbox, either shared inbox name or one of #{API_LIST_MAILBOX_TYPES} or #{VAL_ALL}", default: 'inbox')
+          options.declare(:shared_folder, 'Send package with files from shared folder')
+          options.declare(:group_type, 'Shared inbox or workgroup', values: %i[shared_inboxes workgroups], default: :shared_inboxes)
           options.parse_options!
         end
         def set_api
-          @faspex5_api_base_url = options.get_option(:url, is_type: :mandatory).gsub(%r{/+$}, '')
+          public_link = options.get_option(:link)
+          unless public_link.nil?
+            @faspex5_api_base_url = public_link.gsub(%r{/public/.*}, '').gsub(/\?.*/, '')
+            options.set_option(:auth, :link)
+          end
+          @faspex5_api_base_url ||= options.get_option(:url, mandatory: true).gsub(%r{/+$}, '')
           @faspex5_api_auth_url = "#{@faspex5_api_base_url}/auth"
           faspex5_api_v5_url = "#{@faspex5_api_base_url}/api/v5"
-          case options.get_option(:auth, is_type: :mandatory)
+          case options.get_option(:auth, mandatory: true)
+          when :link
+            uri = URI.parse(public_link)
+            args = URI.decode_www_form(uri.query).each_with_object({}){|v, h|h[v.first] = v.last; }
+            Log.dump(:args, args)
+            context = args['context']
+            raise 'missing context' if context.nil?
+            @pub_link_context = JSON.parse(Base64.decode64(context))
+            Log.dump(:@pub_link_context, @pub_link_context)
+            @api_v5 = Rest.new({
+              base_url: faspex5_api_v5_url,
+              headers:  {'Passcode' => @pub_link_context['passcode']}
+            })
           when :boot
             # the password here is the token copied directly from browser in developer mode
             @api_v5 = Rest.new({
               base_url: faspex5_api_v5_url,
-              headers:  {'Authorization' => options.get_option(:password, is_type: :mandatory)}
+              headers:  {'Authorization' => options.get_option(:password, mandatory: true)}
             })
           when :web
             # opens a browser and ask user to auth using web
@@ -63,11 +95,11 @@ module Aspera
                 type:         :oauth2,
                 base_url:     @faspex5_api_auth_url,
                 grant_method: :web,
-                client_id:    options.get_option(:client_id, is_type: :mandatory),
-                web:          {redirect_uri: options.get_option(:redirect_uri, is_type: :mandatory)}
+                client_id:    options.get_option(:client_id, mandatory: true),
+                web:          {redirect_uri: options.get_option(:redirect_uri, mandatory: true)}
               }})
           when :jwt
-            app_client_id = options.get_option(:client_id, is_type: :mandatory)
+            app_client_id = options.get_option(:client_id, mandatory: true)
             @api_v5 = Rest.new({
               base_url: faspex5_api_v5_url,
               auth:     {
@@ -78,27 +110,31 @@ module Aspera
                 jwt:          {
                   payload:         {
                     iss: app_client_id,    # issuer
-                    aud: app_client_id,    # audience TODO: ???
-                    sub: "user:#{options.get_option(:username, is_type: :mandatory)}" # subject also "client:#{app_client_id}" + auth user/pass
+                    aud: app_client_id,    # audience (this field is not clear...)
+                    sub: "user:#{options.get_option(:username, mandatory: true)}" # subject is a user
                   },
-                  # auth:                {type: :basic, options.get_option(:username,is_type: :mandatory), options.get_option(:password,is_type: :mandatory),
-                  private_key_obj: OpenSSL::PKey::RSA.new(options.get_option(:private_key, is_type: :mandatory), options.get_option(:passphrase)),
+                  private_key_obj: OpenSSL::PKey::RSA.new(options.get_option(:private_key, mandatory: true), options.get_option(:passphrase)),
                   headers:         {typ: 'JWT'}
                 }
               }})
+          else raise 'Unexpected case for option: auth'
           end
         end
+        # if recipient is just an email, then convert to expected API hash : name and type
         def normalize_recipients(parameters)
           return unless parameters.key?('recipients')
           raise 'Field recipients must be an Array' unless parameters['recipients'].is_a?(Array)
-          parameters['recipients'] = parameters['recipients'].map do |recipient_data|
+          recipient_types = RECIPIENT_TYPES
+          if parameters.key?('recipient_types')
+            recipient_types = parameters['recipient_types']
+            parameters.delete('recipient_types')
+            recipient_types = [recipient_types] unless recipient_types.is_a?(Array)
+          end
+          parameters['recipients'].map! do |recipient_data|
             # if just a string, assume it is the name
             if recipient_data.is_a?(String)
-              result = @api_v5.read('contacts', {q: recipient_data, context: 'packages', type: [Rest::ARRAY_PARAMS, *RECIPIENT_TYPES]})[:data]
-              raise "No matching contact for #{recipient_data}" if result.empty?
-              raise "Multiple matching contact for #{recipient_data} : #{result['contacts'].map{|i|i['name']}.join(', ')}" unless 1.eql?(result['total_count'])
-              matched = result['contacts'].first
+              matched = @api_v5.lookup_by_name('contacts', recipient_data, {context: 'packages', type: Rest.array_params(recipient_types)})
               recipient_data = {
                 name:           matched['name'],
                 recipient_type: matched['type']
@@ -109,14 +145,14 @@ module Aspera
           end
         end
-        def wait_for_complete_upload(id)
-          parameters = options.get_option(:value)
+        # wait for package status to be in provided list
+        def wait_package_status(id, status_list: PACKAGE_TERMINATED)
           spinner = nil
           progress = nil
           while true
             status = @api_v5.read("packages/#{id}/upload_details")[:data]
             # user asked to not follow
-            break unless parameters
+            break if status_list.nil? || status_list.include?(status['upload_status'])
             if status['upload_status'].eql?('submitted')
               if spinner.nil?
                 spinner = TTY::Spinner.new('[:spinner] :title', format: :classic)
@@ -133,22 +169,233 @@ module Aspera
             else
               progress.progress = status['bytes_written'].to_i
             end
-            break if PACKAGE_TERMINATED.include?(status['upload_status'])
             sleep(0.5)
           end
           status['id'] = id
           return status
         end
-        def lookup_entity(entity_type, property, value)
-          # TODO: what if too many, use paging ?
-          all = @api_v5.read(entity_type)[:data][entity_type]
-          found = all.find{|i|i[property].eql?(value)}
-          raise "No #{entity_type} with #{property} = #{value}" if found.nil?
-          return found
+        # get a (full or partial) list of all entities of a given type
+        # @param type [String] the type of entity to list (just a name)
+        # @param query [Hash,nil] additional query parameters
+        # @param path [String] optional prefix to add to the path (nil or empty string: no prefix)
+        # @param item_list_key [String] key in the result to get the list of items
+        def list_entities(type:, path: nil, query: nil, item_list_key: nil)
+          query = {} if query.nil?
+          type = type.to_s if type.is_a?(Symbol)
+          item_list_key = type if item_list_key.nil?
+          raise "internal error: Invalid type #{type.class}" unless type.is_a?(String)
+          full_path = type
+          full_path = "#{path}/#{full_path}" unless path.nil? || path.empty?
+          result = []
+          offset = 0
+          max_items = query.delete(MAX_ITEMS)
+          remain_pages = query.delete(MAX_PAGES)
+          # merge default parameters, by default 100 per page
+          query = {'limit'=> 100}.merge(query)
+          loop do
+            query['offset'] = offset
+            page_result = @api_v5.read(full_path, query)[:data]
+            result.concat(page_result[item_list_key])
+            # reach the limit set by user ?
+            if !max_items.nil? && (result.length >= max_items)
+              result = result.slice(0, max_items)
+              break
+            end
+            break if result.length >= page_result['total_count']
+            remain_pages -= 1 unless remain_pages.nil?
+            break if remain_pages == 0
+            offset += page_result[item_list_key].length
+          end
+          return result
+        end
+        # lookup an entity id from its name
+        def lookup_entity_by_field(type:, value:, field: 'name', query: :default, path: nil, item_list_key: nil)
+          query = {'q'=> value} if query.eql?(:default)
+          found = list_entities(type: type, path: path, query: query, item_list_key: item_list_key).select{|i|i[field].eql?(value)}
+          case found.length
+          when 0 then raise "No #{type} with #{field} = #{value}"
+          when 1 then return found.first
+          else raise "Found #{found.length} #{path} with #{field} = #{value}"
+          end
+        end
+        # list all packages with optional filter
+        def list_packages_with_filter
+          filter = options.get_next_argument('filter', mandatory: false, type: Proc, default: ->(_x){true})
+          # translate box name to API prefix (with ending slash)
+          box = options.get_option(:box)
+          api_path =
+            case box
+            when VAL_ALL then '' # only admin can list all packages globally
+            when *API_LIST_MAILBOX_TYPES then box
+            else
+              group_type = options.get_option(:group_type)
+              "#{group_type}/#{lookup_entity_by_field(type: group_type, value: box)['id']}"
+            end
+          return list_entities(
+            type: 'packages',
+            query:  query_read_delete(default: {}),
+            path: api_path).select(&filter)
         end
-        ACTIONS = %i[health version user bearer_token package shared_folders admin gateway postprocessing].freeze
+        def package_receive
+          # prepare persistency if needed
+          skip_ids_persistency = nil
+          if options.get_option(:once_only, mandatory: true)
+            # read ids from persistency
+            skip_ids_persistency = PersistencyActionOnce.new(
+              manager: @agents[:persistency],
+              data:    [],
+              id:      IdGenerator.from_list([
+                'faspex_recv',
+                options.get_option(:url, mandatory: true),
+                options.get_option(:username, mandatory: true)]))
+          end
+          package_ids =
+            if @pub_link_context&.key?('package_id')
+              @pub_link_context['package_id']
+            else
+              # one or several packages
+              instance_identifier
+            end
+          case package_ids
+          when PACKAGE_ALL_INIT
+            raise 'Only with option once_only' unless skip_ids_persistency
+            skip_ids_persistency.data.clear.concat(list_packages_with_filter.map{|p|p['id']})
+            skip_ids_persistency.save
+            return Main.result_status("Initialized skip for #{skip_ids_persistency.data.count} package(s)")
+          when VAL_ALL
+            # TODO: if packages have same name, they will overwrite ?
+            package_ids = list_packages_with_filter.map{|p|p['id']}
+            Log.dump(:package_ids, package_ids)
+            Log.dump(:package_ids, skip_ids_persistency.data)
+            package_ids.reject!{|i|skip_ids_persistency.data.include?(i)} if skip_ids_persistency
+            Log.dump(:package_ids, package_ids)
+          end
+          # a single id was provided
+          # TODO: check package_ids is a list of strings
+          package_ids = [package_ids] if package_ids.is_a?(String)
+          result_transfer = []
+          package_ids.each do |pkg_id|
+            formatter.display_status("Receiving package #{pkg_id}")
+            param_file_list = {}
+            begin
+              param_file_list['paths'] = transfer.source_list.map{|source|{'path'=>source}}
+            rescue Aspera::Cli::CliBadArgument
+              # paths is optional
+            end
+            download_params = {
+              type:          'received',
+              transfer_type: TRANSFER_CONNECT
+            }
+            box = options.get_option(:box)
+            case box
+            when /outbox/ then download_params[:type] = 'sent'
+            when *API_LIST_MAILBOX_TYPES then nil # nothing to do
+            else # shared inbox / workgroup
+              download_params[:recipient_workgroup_id] = lookup_entity_by_field(type: options.get_option(:group_type), value: box)['id']
+            end
+            # TODO: allow from sent as well ?
+            transfer_spec = @api_v5.call(
+              operation:   'POST',
+              subpath:     "packages/#{pkg_id}/transfer_spec/download",
+              headers:     {'Accept' => 'application/json'},
+              url_params:  download_params,
+              json_params: param_file_list
+            )[:data]
+            # delete flag for Connect Client
+            transfer_spec.delete('authentication')
+            statuses = transfer.start(transfer_spec)
+            result_transfer.push({'package' => pkg_id, Main::STATUS_FIELD => statuses})
+            # skip only if all sessions completed
+            if TransferAgent.session_status(statuses).eql?(:success) && skip_ids_persistency
+              skip_ids_persistency.data.push(pkg_id)
+              skip_ids_persistency.save
+            end
+          end
+          return Main.result_transfer_multiple(result_transfer)
+        end
+        def package_action
+          command = options.get_next_command(%i[list show browse status delete send receive])
+          case command
+          when :list
+            return {
+              type:   :object_list,
+              data:   list_packages_with_filter,
+              fields: %w[id title release_date total_bytes total_files created_time state]
+            }
+          when :show
+            id = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
+            id ||= instance_identifier
+            return {type: :single_object, data: @api_v5.read("packages/#{id}")[:data]}
+          when :browse
+            id = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
+            id ||= instance_identifier
+            path = options.get_next_argument('path', expected: :single, mandatory: false) || '/'
+            # TODO: support multi-page listing ?
+            params = {
+              # recipient_user_id: 25,
+              # offset:            0,
+              # limit:             25
+            }
+            result = @api_v5.call({
+              operation:   'POST',
+              subpath:     "packages/#{id}/files/received",
+              headers:     {'Accept' => 'application/json'},
+              url_params:  params,
+              json_params: {'path' => path, 'filters' => {'basenames'=>[]}}})[:data]
+            formatter.display_item_count(result['item_count'], result['total_count'])
+            return {type: :object_list, data: result['items']}
+          when :status
+            status = wait_package_status(instance_identifier, status_list: nil)
+            return {type: :single_object, data: status}
+          when :delete
+            ids = instance_identifier
+            ids = [ids] unless ids.is_a?(Array)
+            raise 'Package identifier must be a single id or an Array' unless ids.is_a?(Array) && ids.all?(String)
+            # API returns 204, empty on success
+            @api_v5.call({operation: 'DELETE', subpath: 'packages', headers: {'Accept' => 'application/json'}, json_params: {ids: ids}})
+            return Main.result_status('Package(s) deleted')
+          when :send
+            parameters = value_create_modify(command: command, type: Hash)
+            normalize_recipients(parameters)
+            package = @api_v5.create('packages', parameters)[:data]
+            shared_folder = options.get_option(:shared_folder)
+            if shared_folder.nil?
+              # TODO: option to send from remote source or httpgw
+              transfer_spec = @api_v5.call(
+                operation:   'POST',
+                subpath:     "packages/#{package['id']}/transfer_spec/upload",
+                headers:     {'Accept' => 'application/json'},
+                url_params:  {transfer_type: TRANSFER_CONNECT},
+                json_params: {paths: transfer.source_list}
+              )[:data]
+              # well, we asked a TS for connect, but we actually want a generic one
+              transfer_spec.delete('authentication')
+              return Main.result_transfer(transfer.start(transfer_spec))
+            else
+              if (m = shared_folder.match(REGEX_LOOKUP_ID_BY_FIELD))
+                shared_folder = lookup_entity_by_field(type: 'shared_folders', value: m[2])['id']
+              end
+              transfer_request = {shared_folder_id: shared_folder, paths: transfer.source_list}
+              # start remote transfer and get first status
+              result = @api_v5.create("packages/#{package['id']}/remote_transfer", transfer_request)[:data]
+              result['id'] = package['id']
+              unless result['status'].eql?('completed')
+                formatter.display_status("Package #{package['id']}")
+                result = wait_package_status(package['id'])
+              end
+              return {type: :single_object, data: result}
+            end
+          when :receive
+            return package_receive
+          end # case package
+        end
+        ACTIONS = %i[health version user bearer_token packages shared_folders admin gateway postprocessing].freeze
         def execute_action
           command = options.get_next_command(ACTIONS)
@@ -180,110 +427,20 @@ module Aspera
             end
           when :bearer_token
             return {type: :text, data: @api_v5.oauth_token}
-          when :package
-            command = options.get_next_command(%i[list show send receive status])
-            case command
-            when :list
-              parameters = options.get_option(:value)
-              return {
-                type:   :object_list,
-                data:   @api_v5.read('packages', parameters)[:data]['packages'],
-                fields: %w[id title release_date total_bytes total_files created_time state]
-              }
-            when :show
-              id = instance_identifier
-              return {type: :single_object, data: @api_v5.read("packages/#{id}")[:data]}
-            when :status
-              status = wait_for_complete_upload(instance_identifier)
-              return {type: :single_object, data: status}
-            when :send
-              parameters = options.get_option(:value, is_type: :mandatory)
-              raise CliBadArgument, 'Value must be Hash, refer to API' unless parameters.is_a?(Hash)
-              normalize_recipients(parameters)
-              package = @api_v5.create('packages', parameters)[:data]
-              shared_folder = options.get_option(:shared_folder)
-              if shared_folder.nil?
-                # TODO: option to send from remote source or httpgw
-                transfer_spec = @api_v5.call(
-                  operation:   'POST',
-                  subpath:     "packages/#{package['id']}/transfer_spec/upload",
-                  headers:     {'Accept' => 'application/json'},
-                  url_params:  {transfer_type: TRANSFER_CONNECT},
-                  json_params: {paths: transfer.source_list}
-                )[:data]
-                transfer_spec.delete('authentication')
-                return Main.result_transfer(transfer.start(transfer_spec))
-              else
-                if !shared_folder.to_i.to_s.eql?(shared_folder)
-                  shared_folder = lookup_entity('shared_folders', 'name', shared_folder)['id']
-                end
-                transfer_request = {shared_folder_id: shared_folder, paths: transfer.source_list}
-                # start remote transfer and get first status
-                result = @api_v5.create("packages/#{package['id']}/remote_transfer", transfer_request)[:data]
-                result['id'] = package['id']
-                unless result['status'].eql?('completed')
-                  formatter.display_status("Package #{package['id']}")
-                  result = wait_for_complete_upload(package['id'])
-                end
-                return {type: :single_object, data: result}
-              end
-            when :receive
-              pkg_type = 'received'
-              pack_id = instance_identifier
-              package_ids = [pack_id]
-              skip_ids_data = []
-              skip_ids_persistency = nil
-              if options.get_option(:once_only, is_type: :mandatory)
-                # read ids from persistency
-                skip_ids_persistency = PersistencyActionOnce.new(
-                  manager: @agents[:persistency],
-                  data:    skip_ids_data,
-                  id:      IdGenerator.from_list([
-                    'faspex_recv',
-                    options.get_option(:url, is_type: :mandatory),
-                    options.get_option(:username, is_type: :mandatory),
-                    pkg_type]))
-              end
-              if VAL_ALL.eql?(pack_id)
-                # TODO: if packages have same name, they will overwrite
-                parameters = options.get_option(:value)
-                parameters ||= {'type' => 'received', 'subtype' => 'mypackages', 'limit' => 1000}
-                raise CliBadArgument, 'value filter must be Hash (API GET)' unless parameters.is_a?(Hash)
-                package_ids = @api_v5.read('packages', parameters)[:data]['packages'].map{|p|p['id']}
-                package_ids.reject!{|i|skip_ids_data.include?(i)}
-              end
-              result_transfer = []
-              package_ids.each do |pkg_id|
-                param_file_list = {}
-                begin
-                  param_file_list['paths'] = transfer.source_list
-                rescue Aspera::Cli::CliBadArgument
-                  # paths is optional
-                end
-                # TODO: allow from sent as well ?
-                transfer_spec = @api_v5.call(
-                  operation:   'POST',
-                  subpath:     "packages/#{pkg_id}/transfer_spec/download",
-                  headers:     {'Accept' => 'application/json'},
-                  url_params:  {transfer_type: TRANSFER_CONNECT, type: pkg_type},
-                  json_params: param_file_list
-                )[:data]
-                transfer_spec.delete('authentication')
-                statuses = transfer.start(transfer_spec)
-                result_transfer.push({'package' => pkg_id, Main::STATUS_FIELD => statuses})
-                # skip only if all sessions completed
-                skip_ids_data.push(pkg_id) if TransferAgent.session_status(statuses).eql?(:success)
-              end
-              skip_ids_persistency&.save
-              return Main.result_transfer_multiple(result_transfer)
-            end # case package
+          when :packages
+            return package_action
           when :shared_folders
             all_shared_folders = @api_v5.read('shared_folders')[:data]['shared_folders']
             case options.get_next_command(%i[list browse])
             when :list
               return {type: :object_list, data: all_shared_folders}
             when :browse
-              shared_folder_id = instance_identifier
+              shared_folder_id = instance_identifier do |field, value|
+                matches = all_shared_folders.select{|i|i[field].eql?(value)}
+                raise "no match for #{field} = #{value}" if matches.empty?
+                raise "multiple matches for #{field} = #{value}" if matches.length > 1
+                matches.first['id']
+              end
               path = options.get_next_argument('folder path', mandatory: false) || '/'
               node = all_shared_folders.find{|i|i['id'].eql?(shared_folder_id)}
               raise "No such shared folder id #{shared_folder_id}" if node.nil?
@@ -301,12 +458,14 @@ module Aspera
               end
             end
           when :admin
-            case options.get_next_command(%i[resource])
+            case options.get_next_command(%i[resource smtp].freeze)
             when :resource
-              res_type = options.get_next_command(%i[accounts contacts jobs workgroups shared_inboxes nodes oauth_clients registrations saml_configs metadata_profiles
-                                                     email_notifications])
+              res_type = options.get_next_command(ADMIN_RESOURCES)
               res_path = list_key = res_type.to_s
               id_as_arg = false
+              display_fields = nil
+              adm_api = @api_v5
+              available_commands = [].concat(Plugin::ALL_OPS)
               case res_type
               when :metadata_profiles
                 res_path = 'configuration/metadata_profiles'
@@ -314,34 +473,93 @@ module Aspera
               when :email_notifications
                 list_key = false
                 id_as_arg = 'type'
+              when :accounts
+                display_fields = [:all_but, 'user_profile_data_attributes']
+              when :oauth_clients
+                display_fields = [:all_but, 'public_key']
+                adm_api = Rest.new(@api_v5.params.merge({base_url: @faspex5_api_auth_url}))
+              when :shared_inboxes, :workgroups
+                available_commands.push(:members, :saml_groups, :invite_external_collaborator)
               end
-              display_fields =
-                case res_type
-                when :accounts then [:all_but, 'user_profile_data_attributes']
-                when :oauth_clients then [:all_but, 'public_key']
+              res_command = options.get_next_command(available_commands)
+              case res_command
+              when *Plugin::ALL_OPS
+                return entity_command(res_command, adm_api, res_path, item_list_key: list_key, display_fields: display_fields, id_as_arg: id_as_arg)
+              when :invite_external_collaborator
+                shared_inbox_id = instance_identifier { |field, value| lookup_entity_by_field(type: res_type.to_s, field: field, value: value)['id']}
+                creation_payload = value_create_modify(command: res_command, type: [Hash, String])
+                creation_payload = {'email_address' => creation_payload} if creation_payload.is_a?(String)
+                res_path = "#{res_type}/#{shared_inbox_id}/external_collaborator"
+                result = adm_api.create(res_path, creation_payload)[:data]
+                formatter.display_status(result['message'])
+                result = lookup_entity_by_field(type: 'members', path: "#{res_type}/#{shared_inbox_id}", value: creation_payload['email_address'], query: {})
+                return {type: :single_object, data: result}
+              when :members, :saml_groups
+                res_id = instance_identifier { |field, value| lookup_entity_by_field(type: res_type.to_s, field: field, value: value)['id']}
+                res_prefix = "#{res_type}/#{res_id}"
+                res_path = "#{res_prefix}/#{res_command}"
+                list_key = res_command.to_s
+                list_key = 'groups' if res_command.eql?(:saml_groups)
+                sub_command = options.get_next_command(%i[create list modify delete])
+                if sub_command.eql?(:create) && options.get_option(:value).nil?
+                  raise "use option 'value' to provide saml group_id and access (refer to API)" unless res_command.eql?(:members)
+                  # first arg is one user name or list of users
+                  users = options.get_next_argument('user id, or email, or list of')
+                  users = [users] unless users.is_a?(Array)
+                  users = users.map do |user|
+                    if (m = user.match(REGEX_LOOKUP_ID_BY_FIELD))
+                      lookup_entity_by_field(
+                        type: 'accounts', field: m[1], value: m[2],
+                        query: {type: Rest.array_params(%w{local_user saml_user self_registered_user external_user})})['id']
+                    else
+                      # it's the user id (not member id...)
+                      user
+                    end
+                  end
+                  access = options.get_next_argument('level', mandatory: false, expected: %i[submit_only standard shared_inbox_admin], default: :standard)
+                  # TODO: unshift to command line parameters instead of using deprecated option "value"
+                  options.set_option(:value, {user: users.map{|u|{id: u, access: access}}})
                 end
-              adm_api = @api_v5
-              if res_type.eql?(:oauth_clients)
-                adm_api = Rest.new(@api_v5.params.merge({base_url: @faspex5_api_auth_url}))
+                return entity_command(sub_command, adm_api, res_path, item_list_key: list_key) do |field, value|
+                         lookup_entity_by_field(
+                           type: 'accounts', field: field, value: value,
+                           query: {type: Rest.array_params(%w{local_user saml_user self_registered_user external_user})})['id']
+                       end
+              end
+            when :smtp
+              smtp_path = 'configuration/smtp'
+              smtp_cmd = options.get_next_command(%i[show create modify delete test])
+              case smtp_cmd
+              when :show
+                return { type: :single_object, data: @api_v5.read(smtp_path)[:data] }
+              when :create
+                return { type: :single_object, data: @api_v5.create(smtp_path, value_create_modify(command: smtp_cmd, type: Hash))[:data] }
+              when :modify
+                return { type: :single_object, data: @api_v5.modify(smtp_path, value_create_modify(command: smtp_cmd, type: Hash))[:data] }
+              when :delete
+                return { type: :single_object, data: @api_v5.delete(smtp_path)[:data] }
+              when :test
+                test_data = options.get_next_argument('Email or test data, see API')
+                test_data = {test_email_recipient: test_data} if test_data.is_a?(String)
+                return { type: :single_object, data: @api_v5.create(File.join(smtp_path, 'test'), test_data)[:data] }
               end
-              return entity_action(adm_api, res_path, item_list_key: list_key, display_fields: display_fields, id_as_arg: id_as_arg)
             end
           when :gateway
             require 'aspera/faspex_gw'
-            url = options.get_option(:value, is_type: :mandatory)
+            url = value_create_modify(type: String)
             uri = URI.parse(url)
             server = WebServerSimple.new(uri)
             server.mount(uri.path, Faspex4GWServlet, @api_v5, nil)
+            # on ctrl-c, tell server main loop to exit
             trap('INT') { server.shutdown }
-            formatter.display_status("Faspex 4 gateway listening on #{url}")
+            formatter.display_status("Gateway for Faspex 4-style API listening on #{url}")
             Log.log.info("Listening on #{url}")
             # this is blocking until server exits
             server.start
             return Main.result_status('Gateway terminated')
           when :postprocessing
-            require 'aspera/faspex_postproc'
-            parameters = options.get_option(:value, is_type: :mandatory)
-            raise 'parameters must be Hash' unless parameters.is_a?(Hash)
+            require 'aspera/faspex_postproc' # cspell:disable-line
+            parameters = value_create_modify(type: Hash)
             parameters = parameters.symbolize_keys
             raise 'Missing key: url' unless parameters.key?(:url)
             uri = URI.parse(parameters[:url])
@@ -349,14 +567,45 @@ module Aspera
             parameters[:processing][:root] = uri.path
             server = WebServerSimple.new(uri, certificate: parameters[:certificate])
             server.mount(uri.path, Faspex4PostProcServlet, parameters[:processing])
+            # on ctrl-c, tell server main loop to exit
             trap('INT') { server.shutdown }
-            formatter.display_status("Faspex 4 post processing listening on #{uri.port}")
+            formatter.display_status("Web-hook for Faspex 4-style post processing listening on #{uri.port}")
             Log.log.info("Listening on #{uri.port}")
             # this is blocking until server exits
             server.start
             return Main.result_status('Gateway terminated')
           end # case command
         end # action
+        def wizard(params)
+          if params[:prepare]
+            # if not defined by user, generate unique name
+            params[:preset_name] ||= [params[:plugin_sym]].concat(URI.parse(params[:instance_url]).host.gsub(/[^a-z0-9.]/, '').split('.')).join('_')
+            params[:need_private_key] = true
+            return
+          end
+          formatter.display_status('Ask the ascli client id and secret to your Administrator, or ask them to go to:'.red)
+          OpenApplication.instance.uri(params[:instance_url])
+          formatter.display_status('Then: 𓃑  → Admin → Configurations → API clients')
+          formatter.display_status('Create an API client with:')
+          formatter.display_status('- name: ascli')
+          formatter.display_status('- JWT: enabled')
+          formatter.display_status('Then, logged in as user go to your profile:')
+          formatter.display_status('👤 → Account Settings → Preferences -> Public Key in PEM:')
+          formatter.display_status(params[:pub_key_pem])
+          formatter.display_status('Once set, fill in the parameters:')
+          return {
+            preset_value: {
+              url:           params[:instance_url],
+              username:      options.get_option(:username, mandatory: true),
+              auth:          :jwt.to_s,
+              private_key:   '@file:' + params[:private_key_path],
+              client_id:     options.get_option(:client_id, mandatory: true),
+              client_secret: options.get_option(:client_secret, mandatory: true)
+            },
+            test_args:    "#{params[:plugin_sym]} user profile show"
+          }
+        end
       end # Faspex5
     end # Plugins
   end # Cli