RubyGems - aspera-cli - Versions diffs - 4.13.0 → 4.14.0 - Mend

aspera-cli 4.13.0 → 4.14.0

Files changed (64) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +28 -5
data/CONTRIBUTING.md +17 -1
data/README.md +782 -401
data/examples/dascli +1 -1
data/examples/rubyc +24 -0
data/lib/aspera/aoc.rb +21 -32
data/lib/aspera/ascmd.rb +1 -0
data/lib/aspera/cli/basic_auth_plugin.rb +6 -6
data/lib/aspera/cli/formatter.rb +17 -25
data/lib/aspera/cli/main.rb +21 -27
data/lib/aspera/cli/manager.rb +128 -114
data/lib/aspera/cli/plugin.rb +87 -38
data/lib/aspera/cli/plugins/alee.rb +2 -2
data/lib/aspera/cli/plugins/aoc.rb +216 -102
data/lib/aspera/cli/plugins/ats.rb +16 -18
data/lib/aspera/cli/plugins/bss.rb +3 -3
data/lib/aspera/cli/plugins/config.rb +177 -367
data/lib/aspera/cli/plugins/console.rb +4 -6
data/lib/aspera/cli/plugins/cos.rb +12 -13
data/lib/aspera/cli/plugins/faspex.rb +17 -18
data/lib/aspera/cli/plugins/faspex5.rb +332 -216
data/lib/aspera/cli/plugins/node.rb +171 -142
data/lib/aspera/cli/plugins/orchestrator.rb +15 -18
data/lib/aspera/cli/plugins/preview.rb +38 -60
data/lib/aspera/cli/plugins/server.rb +22 -15
data/lib/aspera/cli/plugins/shares.rb +24 -33
data/lib/aspera/cli/plugins/sync.rb +3 -3
data/lib/aspera/cli/transfer_agent.rb +29 -26
data/lib/aspera/cli/version.rb +1 -1
data/lib/aspera/colors.rb +9 -7
data/lib/aspera/data/6 +0 -0
data/lib/aspera/environment.rb +7 -3
data/lib/aspera/fasp/agent_connect.rb +5 -0
data/lib/aspera/fasp/agent_direct.rb +5 -5
data/lib/aspera/fasp/agent_httpgw.rb +138 -60
data/lib/aspera/fasp/agent_trsdk.rb +2 -0
data/lib/aspera/fasp/error_info.rb +2 -0
data/lib/aspera/fasp/installation.rb +18 -19
data/lib/aspera/fasp/parameters.rb +18 -17
data/lib/aspera/fasp/parameters.yaml +2 -1
data/lib/aspera/fasp/resume_policy.rb +3 -3
data/lib/aspera/fasp/transfer_spec.rb +6 -5
data/lib/aspera/fasp/uri.rb +23 -21
data/lib/aspera/faspex_postproc.rb +1 -1
data/lib/aspera/hash_ext.rb +12 -2
data/lib/aspera/keychain/macos_security.rb +13 -13
data/lib/aspera/log.rb +1 -0
data/lib/aspera/node.rb +62 -80
data/lib/aspera/oauth.rb +1 -1
data/lib/aspera/persistency_action_once.rb +1 -1
data/lib/aspera/preview/terminal.rb +61 -15
data/lib/aspera/preview/utils.rb +3 -3
data/lib/aspera/proxy_auto_config.js +2 -2
data/lib/aspera/rest.rb +37 -0
data/lib/aspera/secret_hider.rb +6 -1
data/lib/aspera/ssh.rb +1 -1
data/lib/aspera/sync.rb +2 -0
data.tar.gz.sig +0 -0
metadata +3 -4
metadata.gz.sig +0 -0
data/docs/test_env.conf +0 -186
data/lib/aspera/data/7 +0 -0

data/lib/aspera/cli/plugins/faspex5.rb CHANGED Viewed

@@ -18,11 +18,13 @@ module Aspera
         RECIPIENT_TYPES = %w[user workgroup external_user distribution_list shared_inbox].freeze
         PACKAGE_TERMINATED = %w[completed failed].freeze
         API_DETECT = 'api/v5/configuration/ping'
-        # list of supported mailbox types
-        API_MAILBOXES = %w[inbox inbox_history inbox_all inbox_all_history outbox outbox_history pending pending_history all].freeze
-        PACKAGE_TYPE_RECEIVED = 'received'
+        # list of supported mailbox types (to list packages)
+        API_LIST_MAILBOX_TYPES = %w[inbox inbox_history inbox_all inbox_all_history outbox outbox_history pending pending_history all].freeze
         PACKAGE_ALL_INIT = 'INIT'
-        private_constant(*%i[RECIPIENT_TYPES PACKAGE_TERMINATED API_DETECT API_MAILBOXES PACKAGE_TYPE_RECEIVED])
+        PACKAGE_SEND_FROM_REMOTE_SOURCE = 'remote_source'
+        ADMIN_RESOURCES = %i[accounts contacts jobs workgroups shared_inboxes nodes oauth_clients registrations saml_configs metadata_profiles
+                             email_notifications].freeze
+        private_constant(*%i[RECIPIENT_TYPES PACKAGE_TERMINATED API_DETECT API_LIST_MAILBOX_TYPES PACKAGE_SEND_FROM_REMOTE_SOURCE])
         class << self
           def detect(base_url)
             api = Rest.new(base_url: base_url, redirect_max: 1)
@@ -31,27 +33,29 @@ module Aspera
               suffix_length = -2 - API_DETECT.length
               return {
                 version: result[:http]['x-ibm-aspera'] || '5',
-                url:     result[:http].uri.to_s[0..suffix_length]}
+                url:     result[:http].uri.to_s[0..suffix_length],
+                name:    'Faspex 5'
+              }
             end
             return nil
           end
         end
+        # Faspex API v5: get transfer spec for connect
         TRANSFER_CONNECT = 'connect'
         def initialize(env)
           super(env)
-          options.add_opt_simple(:client_id, 'OAuth client identifier')
-          options.add_opt_simple(:client_secret, 'OAuth client secret')
-          options.add_opt_simple(:redirect_uri, 'OAuth redirect URI for web authentication')
-          options.add_opt_list(:auth, %i[boot link].concat(Oauth::STD_AUTH_TYPES), 'OAuth type of authentication')
-          options.add_opt_simple(:box, "Package inbox, either shared inbox name or one of #{API_MAILBOXES}")
-          options.add_opt_simple(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
-          options.add_opt_simple(:passphrase, 'RSA private key passphrase')
-          options.add_opt_simple(:shared_folder, 'Shared folder source for package files')
-          options.add_opt_simple(:link, 'public link for specific operation')
-          options.set_option(:auth, :jwt)
-          options.set_option(:box, 'inbox')
+          options.declare(:client_id, 'OAuth client identifier')
+          options.declare(:client_secret, 'OAuth client secret')
+          options.declare(:redirect_uri, 'OAuth redirect URI for web authentication')
+          options.declare(:auth, 'OAuth type of authentication', values: %i[boot link].concat(Oauth::STD_AUTH_TYPES), default: :jwt)
+          options.declare(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
+          options.declare(:passphrase, 'OAuth JWT RSA private key passphrase')
+          options.declare(:link, 'Public link authorization (specific operations)')
+          options.declare(:box, "Package inbox, either shared inbox name or one of #{API_LIST_MAILBOX_TYPES} or #{VAL_ALL}", default: 'inbox')
+          options.declare(:shared_folder, 'Send package with files from shared folder')
+          options.declare(:group_type, 'Shared inbox or workgroup', values: %i[shared_inboxes workgroups], default: :shared_inboxes)
           options.parse_options!
         end
@@ -61,10 +65,10 @@ module Aspera
             @faspex5_api_base_url = public_link.gsub(%r{/public/.*}, '').gsub(/\?.*/, '')
             options.set_option(:auth, :link)
           end
-          @faspex5_api_base_url ||= options.get_option(:url, is_type: :mandatory).gsub(%r{/+$}, '')
+          @faspex5_api_base_url ||= options.get_option(:url, mandatory: true).gsub(%r{/+$}, '')
           @faspex5_api_auth_url = "#{@faspex5_api_base_url}/auth"
           faspex5_api_v5_url = "#{@faspex5_api_base_url}/api/v5"
-          case options.get_option(:auth, is_type: :mandatory)
+          case options.get_option(:auth, mandatory: true)
           when :link
             uri = URI.parse(public_link)
             args = URI.decode_www_form(uri.query).each_with_object({}){|v, h|h[v.first] = v.last; }
@@ -81,7 +85,7 @@ module Aspera
             # the password here is the token copied directly from browser in developer mode
             @api_v5 = Rest.new({
               base_url: faspex5_api_v5_url,
-              headers:  {'Authorization' => options.get_option(:password, is_type: :mandatory)}
+              headers:  {'Authorization' => options.get_option(:password, mandatory: true)}
             })
           when :web
             # opens a browser and ask user to auth using web
@@ -91,11 +95,11 @@ module Aspera
                 type:         :oauth2,
                 base_url:     @faspex5_api_auth_url,
                 grant_method: :web,
-                client_id:    options.get_option(:client_id, is_type: :mandatory),
-                web:          {redirect_uri: options.get_option(:redirect_uri, is_type: :mandatory)}
+                client_id:    options.get_option(:client_id, mandatory: true),
+                web:          {redirect_uri: options.get_option(:redirect_uri, mandatory: true)}
               }})
           when :jwt
-            app_client_id = options.get_option(:client_id, is_type: :mandatory)
+            app_client_id = options.get_option(:client_id, mandatory: true)
             @api_v5 = Rest.new({
               base_url: faspex5_api_v5_url,
               auth:     {
@@ -107,9 +111,9 @@ module Aspera
                   payload:         {
                     iss: app_client_id,    # issuer
                     aud: app_client_id,    # audience (this field is not clear...)
-                    sub: "user:#{options.get_option(:username, is_type: :mandatory)}" # subject is a user
+                    sub: "user:#{options.get_option(:username, mandatory: true)}" # subject is a user
                   },
-                  private_key_obj: OpenSSL::PKey::RSA.new(options.get_option(:private_key, is_type: :mandatory), options.get_option(:passphrase)),
+                  private_key_obj: OpenSSL::PKey::RSA.new(options.get_option(:private_key, mandatory: true), options.get_option(:passphrase)),
                   headers:         {typ: 'JWT'}
                 }
               }})
@@ -121,13 +125,16 @@ module Aspera
         def normalize_recipients(parameters)
           return unless parameters.key?('recipients')
           raise 'Field recipients must be an Array' unless parameters['recipients'].is_a?(Array)
-          parameters['recipients'] = parameters['recipients'].map do |recipient_data|
+          recipient_types = RECIPIENT_TYPES
+          if parameters.key?('recipient_types')
+            recipient_types = parameters['recipient_types']
+            parameters.delete('recipient_types')
+            recipient_types = [recipient_types] unless recipient_types.is_a?(Array)
+          end
+          parameters['recipients'].map! do |recipient_data|
             # if just a string, assume it is the name
             if recipient_data.is_a?(String)
-              result = @api_v5.read('contacts', {q: recipient_data, context: 'packages', type: [Rest::ARRAY_PARAMS, *RECIPIENT_TYPES]})[:data]
-              raise "No matching contact for #{recipient_data}" if 0.eql?(result['total_count'])
-              raise "Multiple matching contact for #{recipient_data} : #{result['contacts'].map{|i|i['name']}.join(', ')}" unless 1.eql?(result['total_count'])
-              matched = result['contacts'].first
+              matched = @api_v5.lookup_by_name('contacts', recipient_data, {context: 'packages', type: Rest.array_params(recipient_types)})
               recipient_data = {
                 name:           matched['name'],
                 recipient_type: matched['type']
@@ -139,14 +146,13 @@ module Aspera
         end
         # wait for package status to be in provided list
-        def wait_package_status(id, status_list=PACKAGE_TERMINATED)
-          parameters = options.get_option(:value)
+        def wait_package_status(id, status_list: PACKAGE_TERMINATED)
           spinner = nil
           progress = nil
           while true
             status = @api_v5.read("packages/#{id}/upload_details")[:data]
             # user asked to not follow
-            break unless parameters
+            break if status_list.nil? || status_list.include?(status['upload_status'])
             if status['upload_status'].eql?('submitted')
               if spinner.nil?
                 spinner = TTY::Spinner.new('[:spinner] :title', format: :classic)
@@ -163,20 +169,24 @@ module Aspera
             else
               progress.progress = status['bytes_written'].to_i
             end
-            break if status_list.include?(status['upload_status'])
             sleep(0.5)
           end
           status['id'] = id
           return status
         end
-        # get a list of all entities of a given type
-        # @param entity_type [String] the type of entity to list
-        # @param query [Hash] additional query parameters
-        # @param prefix [String] optional prefix to add to the path (nil or empty string: no prefix)
-        def list_entities(entity_type, query: {}, prefix: nil)
-          path = entity_type
-          path = "#{prefix}/#{path}" unless prefix.nil? || prefix.empty?
+        # get a (full or partial) list of all entities of a given type
+        # @param type [String] the type of entity to list (just a name)
+        # @param query [Hash,nil] additional query parameters
+        # @param path [String] optional prefix to add to the path (nil or empty string: no prefix)
+        # @param item_list_key [String] key in the result to get the list of items
+        def list_entities(type:, path: nil, query: nil, item_list_key: nil)
+          query = {} if query.nil?
+          type = type.to_s if type.is_a?(Symbol)
+          item_list_key = type if item_list_key.nil?
+          raise "internal error: Invalid type #{type.class}" unless type.is_a?(String)
+          full_path = type
+          full_path = "#{path}/#{full_path}" unless path.nil? || path.empty?
           result = []
           offset = 0
           max_items = query.delete(MAX_ITEMS)
@@ -185,45 +195,204 @@ module Aspera
           query = {'limit'=> 100}.merge(query)
           loop do
             query['offset'] = offset
-            page = @api_v5.read(path, query)[:data]
-            result.concat(page[entity_type])
+            page_result = @api_v5.read(full_path, query)[:data]
+            result.concat(page_result[item_list_key])
             # reach the limit set by user ?
             if !max_items.nil? && (result.length >= max_items)
               result = result.slice(0, max_items)
               break
             end
-            break if result.length >= page['total_count']
+            break if result.length >= page_result['total_count']
             remain_pages -= 1 unless remain_pages.nil?
             break if remain_pages == 0
-            offset += page[entity_type].length
+            offset += page_result[item_list_key].length
           end
           return result
         end
         # lookup an entity id from its name
-        def lookup_name_to_id(entity_type, name)
-          found = list_entities(entity_type, query: {'q'=> name}).select{|i|i['name'].eql?(name)}
+        def lookup_entity_by_field(type:, value:, field: 'name', query: :default, path: nil, item_list_key: nil)
+          query = {'q'=> value} if query.eql?(:default)
+          found = list_entities(type: type, path: path, query: query, item_list_key: item_list_key).select{|i|i[field].eql?(value)}
           case found.length
-          when 0 then raise "No #{entity_type} with name = #{name}"
-          when 1 then return found.first['id']
-          else raise "Multiple #{entity_type} with name = #{name}"
+          when 0 then raise "No #{type} with #{field} = #{value}"
+          when 1 then return found.first
+          else raise "Found #{found.length} #{path} with #{field} = #{value}"
           end
         end
-        # translate box name to API prefix (with ending slash)
-        def box_to_prefix(box)
-          return \
-          case box
-          when VAL_ALL then ''
-          when *API_MAILBOXES then box
-          else "shared_inboxes/#{lookup_name_to_id('shared_inboxes', box)}"
+        # list all packages with optional filter
+        def list_packages_with_filter
+          filter = options.get_next_argument('filter', mandatory: false, type: Proc, default: ->(_x){true})
+          # translate box name to API prefix (with ending slash)
+          box = options.get_option(:box)
+          api_path =
+            case box
+            when VAL_ALL then '' # only admin can list all packages globally
+            when *API_LIST_MAILBOX_TYPES then box
+            else
+              group_type = options.get_option(:group_type)
+              "#{group_type}/#{lookup_entity_by_field(type: group_type, value: box)['id']}"
+            end
+          return list_entities(
+            type: 'packages',
+            query:  query_read_delete(default: {}),
+            path: api_path).select(&filter)
+        end
+        def package_receive
+          # prepare persistency if needed
+          skip_ids_persistency = nil
+          if options.get_option(:once_only, mandatory: true)
+            # read ids from persistency
+            skip_ids_persistency = PersistencyActionOnce.new(
+              manager: @agents[:persistency],
+              data:    [],
+              id:      IdGenerator.from_list([
+                'faspex_recv',
+                options.get_option(:url, mandatory: true),
+                options.get_option(:username, mandatory: true)]))
+          end
+          package_ids =
+            if @pub_link_context&.key?('package_id')
+              @pub_link_context['package_id']
+            else
+              # one or several packages
+              instance_identifier
+            end
+          case package_ids
+          when PACKAGE_ALL_INIT
+            raise 'Only with option once_only' unless skip_ids_persistency
+            skip_ids_persistency.data.clear.concat(list_packages_with_filter.map{|p|p['id']})
+            skip_ids_persistency.save
+            return Main.result_status("Initialized skip for #{skip_ids_persistency.data.count} package(s)")
+          when VAL_ALL
+            # TODO: if packages have same name, they will overwrite ?
+            package_ids = list_packages_with_filter.map{|p|p['id']}
+            Log.dump(:package_ids, package_ids)
+            Log.dump(:package_ids, skip_ids_persistency.data)
+            package_ids.reject!{|i|skip_ids_persistency.data.include?(i)} if skip_ids_persistency
+            Log.dump(:package_ids, package_ids)
+          end
+          # a single id was provided
+          # TODO: check package_ids is a list of strings
+          package_ids = [package_ids] if package_ids.is_a?(String)
+          result_transfer = []
+          package_ids.each do |pkg_id|
+            formatter.display_status("Receiving package #{pkg_id}")
+            param_file_list = {}
+            begin
+              param_file_list['paths'] = transfer.source_list.map{|source|{'path'=>source}}
+            rescue Aspera::Cli::CliBadArgument
+              # paths is optional
+            end
+            download_params = {
+              type:          'received',
+              transfer_type: TRANSFER_CONNECT
+            }
+            box = options.get_option(:box)
+            case box
+            when /outbox/ then download_params[:type] = 'sent'
+            when *API_LIST_MAILBOX_TYPES then nil # nothing to do
+            else # shared inbox / workgroup
+              download_params[:recipient_workgroup_id] = lookup_entity_by_field(type: options.get_option(:group_type), value: box)['id']
+            end
+            # TODO: allow from sent as well ?
+            transfer_spec = @api_v5.call(
+              operation:   'POST',
+              subpath:     "packages/#{pkg_id}/transfer_spec/download",
+              headers:     {'Accept' => 'application/json'},
+              url_params:  download_params,
+              json_params: param_file_list
+            )[:data]
+            # delete flag for Connect Client
+            transfer_spec.delete('authentication')
+            statuses = transfer.start(transfer_spec)
+            result_transfer.push({'package' => pkg_id, Main::STATUS_FIELD => statuses})
+            # skip only if all sessions completed
+            if TransferAgent.session_status(statuses).eql?(:success) && skip_ids_persistency
+              skip_ids_persistency.data.push(pkg_id)
+              skip_ids_persistency.save
+            end
           end
+          return Main.result_transfer_multiple(result_transfer)
         end
-        # list all packages with optional filter
-        def list_packages
-          parameters = options.get_option(:value) || {}
-          return list_entities('packages', query: parameters, prefix: box_to_prefix(options.get_option(:box)))
+        def package_action
+          command = options.get_next_command(%i[list show browse status delete send receive])
+          case command
+          when :list
+            return {
+              type:   :object_list,
+              data:   list_packages_with_filter,
+              fields: %w[id title release_date total_bytes total_files created_time state]
+            }
+          when :show
+            id = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
+            id ||= instance_identifier
+            return {type: :single_object, data: @api_v5.read("packages/#{id}")[:data]}
+          when :browse
+            id = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
+            id ||= instance_identifier
+            path = options.get_next_argument('path', expected: :single, mandatory: false) || '/'
+            # TODO: support multi-page listing ?
+            params = {
+              # recipient_user_id: 25,
+              # offset:            0,
+              # limit:             25
+            }
+            result = @api_v5.call({
+              operation:   'POST',
+              subpath:     "packages/#{id}/files/received",
+              headers:     {'Accept' => 'application/json'},
+              url_params:  params,
+              json_params: {'path' => path, 'filters' => {'basenames'=>[]}}})[:data]
+            formatter.display_item_count(result['item_count'], result['total_count'])
+            return {type: :object_list, data: result['items']}
+          when :status
+            status = wait_package_status(instance_identifier, status_list: nil)
+            return {type: :single_object, data: status}
+          when :delete
+            ids = instance_identifier
+            ids = [ids] unless ids.is_a?(Array)
+            raise 'Package identifier must be a single id or an Array' unless ids.is_a?(Array) && ids.all?(String)
+            # API returns 204, empty on success
+            @api_v5.call({operation: 'DELETE', subpath: 'packages', headers: {'Accept' => 'application/json'}, json_params: {ids: ids}})
+            return Main.result_status('Package(s) deleted')
+          when :send
+            parameters = value_create_modify(command: command, type: Hash)
+            normalize_recipients(parameters)
+            package = @api_v5.create('packages', parameters)[:data]
+            shared_folder = options.get_option(:shared_folder)
+            if shared_folder.nil?
+              # TODO: option to send from remote source or httpgw
+              transfer_spec = @api_v5.call(
+                operation:   'POST',
+                subpath:     "packages/#{package['id']}/transfer_spec/upload",
+                headers:     {'Accept' => 'application/json'},
+                url_params:  {transfer_type: TRANSFER_CONNECT},
+                json_params: {paths: transfer.source_list}
+              )[:data]
+              # well, we asked a TS for connect, but we actually want a generic one
+              transfer_spec.delete('authentication')
+              return Main.result_transfer(transfer.start(transfer_spec))
+            else
+              if (m = shared_folder.match(REGEX_LOOKUP_ID_BY_FIELD))
+                shared_folder = lookup_entity_by_field(type: 'shared_folders', value: m[2])['id']
+              end
+              transfer_request = {shared_folder_id: shared_folder, paths: transfer.source_list}
+              # start remote transfer and get first status
+              result = @api_v5.create("packages/#{package['id']}/remote_transfer", transfer_request)[:data]
+              result['id'] = package['id']
+              unless result['status'].eql?('completed')
+                formatter.display_status("Package #{package['id']}")
+                result = wait_package_status(package['id'])
+              end
+              return {type: :single_object, data: result}
+            end
+          when :receive
+            return package_receive
+          end # case package
         end
         ACTIONS = %i[health version user bearer_token packages shared_folders admin gateway postprocessing].freeze
@@ -259,148 +428,19 @@ module Aspera
           when :bearer_token
             return {type: :text, data: @api_v5.oauth_token}
           when :packages
-            command = options.get_next_command(%i[list show browse status delete send receive])
-            case command
-            when :list
-              return {
-                type:   :object_list,
-                data:   list_packages,
-                fields: %w[id title release_date total_bytes total_files created_time state]
-              }
-            when :show
-              id = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
-              id ||= instance_identifier
-              return {type: :single_object, data: @api_v5.read("packages/#{id}")[:data]}
-            when :browse
-              id = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
-              id ||= instance_identifier
-              path = options.get_next_argument('path', expected: :single, mandatory: false) || '/'
-              # TODO: support multi-page listing ?
-              params = {
-                # recipient_user_id: 25,
-                # offset:            0,
-                # limit:             25
-              }
-              result = @api_v5.call({
-                operation:   'POST',
-                subpath:     "packages/#{id}/files/received",
-                headers:     {'Accept' => 'application/json'},
-                url_params:  params,
-                json_params: {'path' => path, 'filters' => {'basenames'=>[]}}})[:data]
-              formatter.display_item_count(result['item_count'], result['total_count'])
-              return {type: :object_list, data: result['items']}
-            when :status
-              status = wait_package_status(instance_identifier)
-              return {type: :single_object, data: status}
-            when :delete
-              ids = instance_identifier
-              ids = [ids] unless ids.is_a?(Array)
-              raise 'Package identifier must be a single id or an Array' unless ids.is_a?(Array) && ids.all?(String)
-              # API returns 204, empty on success
-              @api_v5.call({operation: 'DELETE', subpath: 'packages', headers: {'Accept' => 'application/json'}, json_params: {ids: ids}})
-              return Main.result_status('Package(s) deleted')
-            when :send
-              parameters = options.get_option(:value, is_type: :mandatory)
-              raise CliBadArgument, 'Value must be Hash, refer to API' unless parameters.is_a?(Hash)
-              normalize_recipients(parameters)
-              package = @api_v5.create('packages', parameters)[:data]
-              shared_folder = options.get_option(:shared_folder)
-              if shared_folder.nil?
-                # TODO: option to send from remote source or httpgw
-                transfer_spec = @api_v5.call(
-                  operation:   'POST',
-                  subpath:     "packages/#{package['id']}/transfer_spec/upload",
-                  headers:     {'Accept' => 'application/json'},
-                  url_params:  {transfer_type: TRANSFER_CONNECT},
-                  json_params: {paths: transfer.source_list}
-                )[:data]
-                # well, we asked a TS for connect, but we actually want a generic one
-                transfer_spec.delete('authentication')
-                return Main.result_transfer(transfer.start(transfer_spec))
-              else
-                if !shared_folder.to_i.to_s.eql?(shared_folder)
-                  shared_folder = lookup_name_to_id('shared_folders', shared_folder)
-                end
-                transfer_request = {shared_folder_id: shared_folder, paths: transfer.source_list}
-                # start remote transfer and get first status
-                result = @api_v5.create("packages/#{package['id']}/remote_transfer", transfer_request)[:data]
-                result['id'] = package['id']
-                unless result['status'].eql?('completed')
-                  formatter.display_status("Package #{package['id']}")
-                  result = wait_package_status(package['id'])
-                end
-                return {type: :single_object, data: result}
-              end
-            when :receive
-              # prepare persistency if needed
-              skip_ids_persistency = nil
-              if options.get_option(:once_only, is_type: :mandatory)
-                # read ids from persistency
-                skip_ids_persistency = PersistencyActionOnce.new(
-                  manager: @agents[:persistency],
-                  data:    [],
-                  id:      IdGenerator.from_list([
-                    'faspex_recv',
-                    options.get_option(:url, is_type: :mandatory),
-                    options.get_option(:username, is_type: :mandatory),
-                    PACKAGE_TYPE_RECEIVED]))
-              end
-              # one or several packages
-              package_ids = @pub_link_context['package_id'] if @pub_link_context&.key?('package_id')
-              package_ids ||= instance_identifier
-              case package_ids
-              when PACKAGE_ALL_INIT
-                raise 'Only with option once_only' unless skip_ids_persistency
-                skip_ids_persistency.data.clear.concat(list_packages.map{|p|p['id']})
-                skip_ids_persistency.save
-                return Main.result_status("Initialized skip for #{skip_ids_persistency.data.count} package(s)")
-              when VAL_ALL
-                # TODO: if packages have same name, they will overwrite ?
-                package_ids = list_packages.map{|p|p['id']}
-                Log.dump(:package_ids, package_ids)
-                Log.dump(:package_ids, skip_ids_persistency.data)
-                package_ids.reject!{|i|skip_ids_persistency.data.include?(i)} if skip_ids_persistency
-                Log.dump(:package_ids, package_ids)
-              end
-              # a single id was provided
-              # TODO: check package_ids is a list of strings
-              package_ids = [package_ids] if package_ids.is_a?(String)
-              result_transfer = []
-              package_ids.each do |pkg_id|
-                formatter.display_status("Receiving package #{pkg_id}")
-                param_file_list = {}
-                begin
-                  param_file_list['paths'] = transfer.source_list.map{|source|{'path'=>source}}
-                rescue Aspera::Cli::CliBadArgument
-                  # paths is optional
-                end
-                # TODO: allow from sent as well ?
-                transfer_spec = @api_v5.call(
-                  operation:   'POST',
-                  subpath:     "packages/#{pkg_id}/transfer_spec/download",
-                  headers:     {'Accept' => 'application/json'},
-                  url_params:  {transfer_type: TRANSFER_CONNECT, type: PACKAGE_TYPE_RECEIVED},
-                  json_params: param_file_list
-                )[:data]
-                # delete flag for Connect Client
-                transfer_spec.delete('authentication')
-                statuses = transfer.start(transfer_spec)
-                result_transfer.push({'package' => pkg_id, Main::STATUS_FIELD => statuses})
-                # skip only if all sessions completed
-                if TransferAgent.session_status(statuses).eql?(:success) && skip_ids_persistency
-                  skip_ids_persistency.data.push(pkg_id)
-                  skip_ids_persistency.save
-                end
-              end
-              return Main.result_transfer_multiple(result_transfer)
-            end # case package
+            return package_action
           when :shared_folders
             all_shared_folders = @api_v5.read('shared_folders')[:data]['shared_folders']
             case options.get_next_command(%i[list browse])
             when :list
               return {type: :object_list, data: all_shared_folders}
             when :browse
-              shared_folder_id = instance_identifier
+              shared_folder_id = instance_identifier do |field, value|
+                matches = all_shared_folders.select{|i|i[field].eql?(value)}
+                raise "no match for #{field} = #{value}" if matches.empty?
+                raise "multiple matches for #{field} = #{value}" if matches.length > 1
+                matches.first['id']
+              end
               path = options.get_next_argument('folder path', mandatory: false) || '/'
               node = all_shared_folders.find{|i|i['id'].eql?(shared_folder_id)}
               raise "No such shared folder id #{shared_folder_id}" if node.nil?
@@ -418,12 +458,14 @@ module Aspera
               end
             end
           when :admin
-            case options.get_next_command(%i[resource smtp])
+            case options.get_next_command(%i[resource smtp].freeze)
             when :resource
-              res_type = options.get_next_command(%i[accounts contacts jobs workgroups shared_inboxes nodes oauth_clients registrations saml_configs metadata_profiles
-                                                     email_notifications])
+              res_type = options.get_next_command(ADMIN_RESOURCES)
               res_path = list_key = res_type.to_s
               id_as_arg = false
+              display_fields = nil
+              adm_api = @api_v5
+              available_commands = [].concat(Plugin::ALL_OPS)
               case res_type
               when :metadata_profiles
                 res_path = 'configuration/metadata_profiles'
@@ -431,26 +473,69 @@ module Aspera
               when :email_notifications
                 list_key = false
                 id_as_arg = 'type'
+              when :accounts
+                display_fields = [:all_but, 'user_profile_data_attributes']
+              when :oauth_clients
+                display_fields = [:all_but, 'public_key']
+                adm_api = Rest.new(@api_v5.params.merge({base_url: @faspex5_api_auth_url}))
+              when :shared_inboxes, :workgroups
+                available_commands.push(:members, :saml_groups, :invite_external_collaborator)
               end
-              display_fields =
-                case res_type
-                when :accounts then [:all_but, 'user_profile_data_attributes']
-                when :oauth_clients then [:all_but, 'public_key']
+              res_command = options.get_next_command(available_commands)
+              case res_command
+              when *Plugin::ALL_OPS
+                return entity_command(res_command, adm_api, res_path, item_list_key: list_key, display_fields: display_fields, id_as_arg: id_as_arg)
+              when :invite_external_collaborator
+                shared_inbox_id = instance_identifier { |field, value| lookup_entity_by_field(type: res_type.to_s, field: field, value: value)['id']}
+                creation_payload = value_create_modify(command: res_command, type: [Hash, String])
+                creation_payload = {'email_address' => creation_payload} if creation_payload.is_a?(String)
+                res_path = "#{res_type}/#{shared_inbox_id}/external_collaborator"
+                result = adm_api.create(res_path, creation_payload)[:data]
+                formatter.display_status(result['message'])
+                result = lookup_entity_by_field(type: 'members', path: "#{res_type}/#{shared_inbox_id}", value: creation_payload['email_address'], query: {})
+                return {type: :single_object, data: result}
+              when :members, :saml_groups
+                res_id = instance_identifier { |field, value| lookup_entity_by_field(type: res_type.to_s, field: field, value: value)['id']}
+                res_prefix = "#{res_type}/#{res_id}"
+                res_path = "#{res_prefix}/#{res_command}"
+                list_key = res_command.to_s
+                list_key = 'groups' if res_command.eql?(:saml_groups)
+                sub_command = options.get_next_command(%i[create list modify delete])
+                if sub_command.eql?(:create) && options.get_option(:value).nil?
+                  raise "use option 'value' to provide saml group_id and access (refer to API)" unless res_command.eql?(:members)
+                  # first arg is one user name or list of users
+                  users = options.get_next_argument('user id, or email, or list of')
+                  users = [users] unless users.is_a?(Array)
+                  users = users.map do |user|
+                    if (m = user.match(REGEX_LOOKUP_ID_BY_FIELD))
+                      lookup_entity_by_field(
+                        type: 'accounts', field: m[1], value: m[2],
+                        query: {type: Rest.array_params(%w{local_user saml_user self_registered_user external_user})})['id']
+                    else
+                      # it's the user id (not member id...)
+                      user
+                    end
+                  end
+                  access = options.get_next_argument('level', mandatory: false, expected: %i[submit_only standard shared_inbox_admin], default: :standard)
+                  # TODO: unshift to command line parameters instead of using deprecated option "value"
+                  options.set_option(:value, {user: users.map{|u|{id: u, access: access}}})
                 end
-              adm_api = @api_v5
-              if res_type.eql?(:oauth_clients)
-                adm_api = Rest.new(@api_v5.params.merge({base_url: @faspex5_api_auth_url}))
+                return entity_command(sub_command, adm_api, res_path, item_list_key: list_key) do |field, value|
+                         lookup_entity_by_field(
+                           type: 'accounts', field: field, value: value,
+                           query: {type: Rest.array_params(%w{local_user saml_user self_registered_user external_user})})['id']
+                       end
               end
-              return entity_action(adm_api, res_path, item_list_key: list_key, display_fields: display_fields, id_as_arg: id_as_arg)
             when :smtp
               smtp_path = 'configuration/smtp'
-              case options.get_next_command(%i[show create modify delete test])
+              smtp_cmd = options.get_next_command(%i[show create modify delete test])
+              case smtp_cmd
               when :show
                 return { type: :single_object, data: @api_v5.read(smtp_path)[:data] }
               when :create
-                return { type: :single_object, data: @api_v5.create(smtp_path, options.get_option(:value, is_type: :mandatory))[:data] }
+                return { type: :single_object, data: @api_v5.create(smtp_path, value_create_modify(command: smtp_cmd, type: Hash))[:data] }
               when :modify
-                return { type: :single_object, data: @api_v5.modify(smtp_path, options.get_option(:value, is_type: :mandatory))[:data] }
+                return { type: :single_object, data: @api_v5.modify(smtp_path, value_create_modify(command: smtp_cmd, type: Hash))[:data] }
               when :delete
                 return { type: :single_object, data: @api_v5.delete(smtp_path)[:data] }
               when :test
@@ -461,20 +546,20 @@ module Aspera
             end
           when :gateway
             require 'aspera/faspex_gw'
-            url = options.get_option(:value, is_type: :mandatory)
+            url = value_create_modify(type: String)
             uri = URI.parse(url)
             server = WebServerSimple.new(uri)
             server.mount(uri.path, Faspex4GWServlet, @api_v5, nil)
+            # on ctrl-c, tell server main loop to exit
             trap('INT') { server.shutdown }
-            formatter.display_status("Faspex 4 gateway listening on #{url}")
+            formatter.display_status("Gateway for Faspex 4-style API listening on #{url}")
             Log.log.info("Listening on #{url}")
             # this is blocking until server exits
             server.start
             return Main.result_status('Gateway terminated')
           when :postprocessing
-            require 'aspera/faspex_postproc'
-            parameters = options.get_option(:value, is_type: :mandatory)
-            raise 'parameters must be Hash' unless parameters.is_a?(Hash)
+            require 'aspera/faspex_postproc' # cspell:disable-line
+            parameters = value_create_modify(type: Hash)
             parameters = parameters.symbolize_keys
             raise 'Missing key: url' unless parameters.key?(:url)
             uri = URI.parse(parameters[:url])
@@ -482,14 +567,45 @@ module Aspera
             parameters[:processing][:root] = uri.path
             server = WebServerSimple.new(uri, certificate: parameters[:certificate])
             server.mount(uri.path, Faspex4PostProcServlet, parameters[:processing])
+            # on ctrl-c, tell server main loop to exit
             trap('INT') { server.shutdown }
-            formatter.display_status("Faspex 4 post processing listening on #{uri.port}")
+            formatter.display_status("Web-hook for Faspex 4-style post processing listening on #{uri.port}")
             Log.log.info("Listening on #{uri.port}")
             # this is blocking until server exits
             server.start
             return Main.result_status('Gateway terminated')
           end # case command
         end # action
+        def wizard(params)
+          if params[:prepare]
+            # if not defined by user, generate unique name
+            params[:preset_name] ||= [params[:plugin_sym]].concat(URI.parse(params[:instance_url]).host.gsub(/[^a-z0-9.]/, '').split('.')).join('_')
+            params[:need_private_key] = true
+            return
+          end
+          formatter.display_status('Ask the ascli client id and secret to your Administrator, or ask them to go to:'.red)
+          OpenApplication.instance.uri(params[:instance_url])
+          formatter.display_status('Then: 𓃑  → Admin → Configurations → API clients')
+          formatter.display_status('Create an API client with:')
+          formatter.display_status('- name: ascli')
+          formatter.display_status('- JWT: enabled')
+          formatter.display_status('Then, logged in as user go to your profile:')
+          formatter.display_status('👤 → Account Settings → Preferences -> Public Key in PEM:')
+          formatter.display_status(params[:pub_key_pem])
+          formatter.display_status('Once set, fill in the parameters:')
+          return {
+            preset_value: {
+              url:           params[:instance_url],
+              username:      options.get_option(:username, mandatory: true),
+              auth:          :jwt.to_s,
+              private_key:   '@file:' + params[:private_key_path],
+              client_id:     options.get_option(:client_id, mandatory: true),
+              client_secret: options.get_option(:client_secret, mandatory: true)
+            },
+            test_args:    "#{params[:plugin_sym]} user profile show"
+          }
+        end
       end # Faspex5
     end # Plugins
   end # Cli