RubyGems - aspera-cli - Versions diffs - 4.14.0 → 4.16.0 - Mend

aspera-cli 4.14.0 → 4.16.0

Files changed (104) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/BUGS.md +29 -3
data/CHANGELOG.md +300 -185
data/CONTRIBUTING.md +74 -23
data/README.md +2346 -1619
data/bin/ascli +16 -25
data/bin/asession +15 -15
data/examples/dascli +2 -2
data/examples/proxy.pac +1 -1
data/lib/aspera/aoc.rb +216 -150
data/lib/aspera/ascmd.rb +25 -18
data/lib/aspera/assert.rb +45 -0
data/lib/aspera/cli/basic_auth_plugin.rb +9 -6
data/lib/aspera/cli/error.rb +17 -0
data/lib/aspera/cli/extended_value.rb +51 -16
data/lib/aspera/cli/formatter.rb +276 -174
data/lib/aspera/cli/hints.rb +81 -0
data/lib/aspera/cli/main.rb +114 -147
data/lib/aspera/cli/manager.rb +181 -136
data/lib/aspera/cli/plugin.rb +82 -64
data/lib/aspera/cli/plugins/alee.rb +0 -1
data/lib/aspera/cli/plugins/aoc.rb +327 -331
data/lib/aspera/cli/plugins/ats.rb +12 -8
data/lib/aspera/cli/plugins/bss.rb +2 -2
data/lib/aspera/cli/plugins/config.rb +575 -439
data/lib/aspera/cli/plugins/console.rb +40 -0
data/lib/aspera/cli/plugins/cos.rb +4 -5
data/lib/aspera/cli/plugins/faspex.rb +111 -92
data/lib/aspera/cli/plugins/faspex5.rb +245 -182
data/lib/aspera/cli/plugins/node.rb +239 -160
data/lib/aspera/cli/plugins/orchestrator.rb +56 -19
data/lib/aspera/cli/plugins/preview.rb +54 -38
data/lib/aspera/cli/plugins/server.rb +63 -20
data/lib/aspera/cli/plugins/shares.rb +64 -38
data/lib/aspera/cli/sync_actions.rb +68 -0
data/lib/aspera/cli/transfer_agent.rb +64 -67
data/lib/aspera/cli/transfer_progress.rb +73 -0
data/lib/aspera/cli/version.rb +1 -1
data/lib/aspera/colors.rb +3 -1
data/lib/aspera/command_line_builder.rb +27 -22
data/lib/aspera/cos_node.rb +6 -4
data/lib/aspera/coverage.rb +22 -0
data/lib/aspera/data_repository.rb +33 -2
data/lib/aspera/environment.rb +21 -8
data/lib/aspera/fasp/agent_alpha.rb +116 -0
data/lib/aspera/fasp/agent_base.rb +40 -76
data/lib/aspera/fasp/agent_connect.rb +21 -22
data/lib/aspera/fasp/agent_direct.rb +169 -179
data/lib/aspera/fasp/agent_httpgw.rb +200 -195
data/lib/aspera/fasp/agent_node.rb +43 -35
data/lib/aspera/fasp/agent_trsdk.rb +124 -41
data/lib/aspera/fasp/error_info.rb +2 -2
data/lib/aspera/fasp/faux_file.rb +52 -0
data/lib/aspera/fasp/installation.rb +89 -191
data/lib/aspera/fasp/management.rb +249 -0
data/lib/aspera/fasp/parameters.rb +86 -47
data/lib/aspera/fasp/parameters.yaml +75 -8
data/lib/aspera/fasp/products.rb +162 -0
data/lib/aspera/fasp/resume_policy.rb +7 -5
data/lib/aspera/fasp/sync.rb +273 -0
data/lib/aspera/fasp/transfer_spec.rb +10 -8
data/lib/aspera/fasp/uri.rb +6 -6
data/lib/aspera/faspex_gw.rb +11 -8
data/lib/aspera/faspex_postproc.rb +8 -7
data/lib/aspera/hash_ext.rb +2 -2
data/lib/aspera/id_generator.rb +3 -1
data/lib/aspera/json_rpc.rb +51 -0
data/lib/aspera/keychain/encrypted_hash.rb +46 -11
data/lib/aspera/keychain/macos_security.rb +15 -13
data/lib/aspera/line_logger.rb +23 -0
data/lib/aspera/log.rb +61 -19
data/lib/aspera/nagios.rb +7 -2
data/lib/aspera/node.rb +105 -21
data/lib/aspera/node_simulator.rb +214 -0
data/lib/aspera/oauth.rb +57 -36
data/lib/aspera/open_application.rb +4 -4
data/lib/aspera/persistency_action_once.rb +13 -14
data/lib/aspera/persistency_folder.rb +5 -4
data/lib/aspera/preview/file_types.rb +56 -268
data/lib/aspera/preview/generator.rb +28 -39
data/lib/aspera/preview/options.rb +2 -0
data/lib/aspera/preview/terminal.rb +36 -16
data/lib/aspera/preview/utils.rb +23 -29
data/lib/aspera/proxy_auto_config.rb +6 -3
data/lib/aspera/rest.rb +127 -80
data/lib/aspera/rest_call_error.rb +1 -1
data/lib/aspera/rest_error_analyzer.rb +16 -14
data/lib/aspera/rest_errors_aspera.rb +39 -34
data/lib/aspera/secret_hider.rb +18 -17
data/lib/aspera/ssh.rb +10 -5
data/lib/aspera/temp_file_manager.rb +11 -4
data/lib/aspera/web_auth.rb +10 -7
data/lib/aspera/web_server_simple.rb +11 -5
data.tar.gz.sig +0 -0
metadata +108 -39
metadata.gz.sig +0 -0
data/lib/aspera/cli/listener/line_dump.rb +0 -19
data/lib/aspera/cli/listener/logger.rb +0 -22
data/lib/aspera/cli/listener/progress.rb +0 -50
data/lib/aspera/cli/listener/progress_multi.rb +0 -84
data/lib/aspera/cli/plugins/sync.rb +0 -44
data/lib/aspera/fasp/listener.rb +0 -13
data/lib/aspera/sync.rb +0 -213

data/lib/aspera/cli/plugins/node.rb CHANGED Viewed

@@ -1,92 +1,91 @@
 # frozen_string_literal: true
+# cspell:ignore snid fnid bidi ssync asyncs rund asnodeadmin mkfile mklink asperabrowser asperabrowserurl watchfolders watchfolderd entsrv
 require 'aspera/cli/basic_auth_plugin'
-require 'aspera/cli/plugins/sync'
+require 'aspera/cli/sync_actions'
+require 'aspera/fasp/transfer_spec'
 require 'aspera/nagios'
 require 'aspera/hash_ext'
 require 'aspera/id_generator'
 require 'aspera/node'
 require 'aspera/aoc'
-require 'aspera/sync'
-require 'aspera/fasp/transfer_spec'
+require 'aspera/oauth'
+require 'aspera/node_simulator'
+require 'aspera/assert'
 require 'base64'
 require 'zlib'
 module Aspera
   module Cli
     module Plugins
-      class SyncSpecGen3
-        def initialize(api_node)
-          @api_node = api_node
-        end
-        def transfer_spec(direction, local_path, remote_path)
-          # empty transfer spec for authorization request
-          direction_sym = direction.to_sym
-          request_transfer_spec = {
-            type:  Aspera::Sync::DIRECTION_TO_REQUEST_TYPE[direction_sym],
-            paths: {
-              source:      remote_path,
-              destination: local_path
-            }
-          }
-          # add fixed parameters if any (for COS)
-          @api_node.add_tspec_info(request_transfer_spec) if @api_node.respond_to?(:add_tspec_info)
-          # prepare payload for single request
-          setup_payload = {transfer_requests: [{transfer_request: request_transfer_spec}]}
-          # only one request, so only one answer
-          transfer_spec = @api_node.create('files/sync_setup', setup_payload)[:data]['transfer_specs'].first['transfer_spec']
-          # API returns null tag... but async does not like it
-          transfer_spec.delete_if{ |_k, v| v.nil? }
-          # delete this part, as the returned value contains only destination, and not sources
-          # transfer_spec.delete('paths') if command.eql?(:upload)
-          Log.dump(:ts, transfer_spec)
-          return transfer_spec
-        end
-      end
-      class SyncSpecGen4
-        def initialize(api_node, top_file_id)
-          @api_node = api_node
-          @top_file_id = top_file_id
-        end
-        def transfer_spec(direction, local_path, remote_path)
-          # remote is specified by option to_folder
-          apifid = @api_node.resolve_api_fid(@top_file_id, remote_path)
-          transfer_spec = apifid[:api].transfer_spec_gen4(apifid[:file_id], Fasp::TransferSpec::DIRECTION_SEND)
-          Log.dump(:ts, transfer_spec)
-          return transfer_spec
-        end
-      end
       class Node < Aspera::Cli::BasicAuthPlugin
+        include SyncActions
         class << self
-          def detect(base_url)
-            api = Rest.new({ base_url: base_url})
-            result = api.call({ operation: 'GET', subpath: 'ping'})
-            if result[:http].body.eql?('')
-              return { product: :node, version: 'unknown'}
+          @@node_options_declared = false # rubocop:disable Style/ClassVars
+          def application_name
+            'HSTS Node API'
+          end
+          def detect(address_or_url)
+            urls = if address_or_url.match?(%r{^[a-z]{1,6}://})
+              [address_or_url]
+            else
+              [
+                "https://#{address_or_url}",
+                "https://#{address_or_url}:9092",
+                "http://#{address_or_url}:9091"
+              ]
+            end
+            urls.each do |base_url|
+              next unless base_url.match?('https?://')
+              api = Rest.new(base_url: base_url)
+              test_endpoint = 'ping'
+              result = api.call(operation: 'GET', subpath: test_endpoint)
+              next unless result[:http].body.eql?('')
+              url_length = -2 - test_endpoint.length
+              return {
+                url: result[:http].uri.to_s[0..url_length]
+              }
+            rescue StandardError => e
+              Log.log.debug{"detect error: #{e}"}
             end
             return nil
           end
-          def register_node_options(env)
-            env[:options].declare(:validator, 'Identifier of validator (optional for central)')
-            env[:options].declare(:asperabrowserurl, 'URL for simple aspera web ui', default: 'https://asperabrowser.mybluemix.net')
-            env[:options].declare(:sync_name, 'Sync name')
-            env[:options].declare(:default_ports, 'Use standard FASP ports or get from node api (gen4)', values: :bool, default: :yes)
-            env[:options].parse_options!
-            Aspera::Node.use_standard_ports = env[:options].get_option(:default_ports)
+          def wizard(object:, private_key_path: nil, pub_key_pem: nil)
+            options = object.options
+            return {
+              preset_value: {
+                url:      options.get_option(:url, mandatory: true),
+                username: options.get_option(:username, mandatory: true),
+                password: options.get_option(:password, mandatory: true)
+              },
+              test_args:    'info'
+            }
+          end
+          def declare_options(options, force: false)
+            return if @@node_options_declared && !force
+            @@node_options_declared = true # rubocop:disable Style/ClassVars
+            options.declare(:validator, 'Identifier of validator (optional for central)')
+            options.declare(:asperabrowserurl, 'URL for simple aspera web ui', default: 'https://asperabrowser.mybluemix.net')
+            options.declare(:sync_name, 'Sync name')
+            options.declare(
+              :default_ports, 'Use standard FASP ports or get from node api (gen4)', values: :bool, default: :yes,
+              handler: {o: Aspera::Node, m: :use_standard_ports})
+            options.declare(:root_id, 'File id of top folder if using bearer tokens')
+            SyncActions.declare_options(options)
+            options.parse_options!
           end
         end
         # spellchecker: disable
         # SOAP API call to test central API
-        CENTRAL_SOAP_API_TEST = '<?xml version="1.0" encoding="UTF-8"?>'\
-          '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="urn:Aspera:XML:FASPSessionNET:2009/11:Types">'\
-          '<soapenv:Header></soapenv:Header>'\
-          '<soapenv:Body><typ:GetSessionInfoRequest><SessionFilter><SessionStatus>running</SessionStatus></SessionFilter></typ:GetSessionInfoRequest></soapenv:Body>'\
+        CENTRAL_SOAP_API_TEST = '<?xml version="1.0" encoding="UTF-8"?>' \
+          '<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="urn:Aspera:XML:FASPSessionNET:2009/11:Types">' \
+          '<soapenv:Header></soapenv:Header>' \
+          '<soapenv:Body><typ:GetSessionInfoRequest><SessionFilter><SessionStatus>running</SessionStatus></SessionFilter></typ:GetSessionInfoRequest></soapenv:Body>' \
           '</soapenv:Envelope>'
         # spellchecker: enable
@@ -94,17 +93,17 @@ module Aspera
         SEARCH_REMOVE_FIELDS = %w[basename permissions].freeze
         # actions in execute_command_gen3
-        COMMANDS_GEN3 = %i[search space mkdir mklink mkfile rename delete browse upload download sync]
+        COMMANDS_GEN3 = %i[search space mkdir mklink mkfile rename delete browse upload download http_node_download sync]
         BASE_ACTIONS = %i[api_details].concat(COMMANDS_GEN3).freeze
-        SPECIAL_ACTIONS = %i[health events info license].freeze
+        SPECIAL_ACTIONS = %i[health events info slash license].freeze
         # actions available in v3 in gen4
-        V3_IN_V4_ACTIONS = %i[access_key].concat(BASE_ACTIONS).concat(SPECIAL_ACTIONS).freeze
+        V3_IN_V4_ACTIONS = %i[access_keys].concat(BASE_ACTIONS).concat(SPECIAL_ACTIONS).freeze
         # actions used commonly when a node is involved
-        COMMON_ACTIONS = %i[access_key].concat(BASE_ACTIONS).concat(SPECIAL_ACTIONS).freeze
+        COMMON_ACTIONS = %i[access_keys].concat(BASE_ACTIONS).concat(SPECIAL_ACTIONS).freeze
         private_constant(*%i[CENTRAL_SOAP_API_TEST SEARCH_REMOVE_FIELDS BASE_ACTIONS SPECIAL_ACTIONS V3_IN_V4_ACTIONS COMMON_ACTIONS])
@@ -114,26 +113,22 @@ module Aspera
         # commands for execute_command_gen4
         COMMANDS_GEN4 = %i[mkdir rename delete upload download sync http_node_download show modify permission thumbnail v3].concat(NODE4_READ_ACTIONS).freeze
-        COMMANDS_COS = %i[upload download info access_key api_details transfer].freeze
+        COMMANDS_COS = %i[upload download info access_keys api_details transfer].freeze
         COMMANDS_SHARES = (BASE_ACTIONS - %i[search]).freeze
         COMMANDS_FASPEX = COMMON_ACTIONS
-        def initialize(env)
+        def initialize(env, api: nil)
           super(env)
-          self.class.register_node_options(env) unless env[:skip_node_options]
-          return if env[:man_only]
+          Node.declare_options(options, force: env[:all_manuals])
           @api_node =
-            if env.key?(:node_api)
+            if !api.nil? || env[:all_manuals]
               # this can be Aspera::Node or Aspera::Rest (shares)
-              env[:node_api]
-            elsif options.get_option(:password, mandatory: true).start_with?('Bearer ')
+              api
+            elsif Oauth.bearer?(options.get_option(:password, mandatory: true))
               # info is provided like node_info of aoc
               Aspera::Node.new(params: {
                 base_url: options.get_option(:url, mandatory: true),
-                headers:  {
-                  Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY => options.get_option(:username, mandatory: true),
-                  'Authorization'                          => options.get_option(:password, mandatory: true)
-                }
+                headers:  Aspera::Node.bearer_headers(options.get_option(:password, mandatory: true))
               })
             else
               # this is normal case
@@ -147,26 +142,6 @@ module Aspera
             end
         end
-        def c_textify_browse(table_data)
-          return table_data.map do |i|
-                   i['permissions'] = i['permissions'].map { |x| x['name'] }.join(',')
-                   i
-                 end
-        end
-        # key/value is defined in main in hash_table
-        def c_textify_bool_list_result(list, name_list)
-          list.each_index do |i|
-            next unless name_list.include?(list[i]['key'])
-            list[i]['value'].each do |item|
-              list.push({'key' => item['name'], 'value' => item['value']})
-            end
-            list.delete_at(i)
-            # continue at same index because we delete current one
-            redo
-          end
-        end
         # reduce the path from a result on given named column
         def c_result_remove_prefix_path(result, column, path_prefix)
           if !path_prefix.nil?
@@ -222,7 +197,7 @@ module Aspera
           when :search
             search_root = get_next_arg_add_prefix(prefix_path, 'search root')
             parameters = {'path' => search_root}
-            other_options = value_or_query(allowed_types: Hash)
+            other_options = query_option
             parameters.merge!(other_options) unless other_options.nil?
             resp = @api_node.create('files/search', parameters)
             result = { type: :object_list, data: resp[:data]['items']}
@@ -268,17 +243,40 @@ module Aspera
             # if there is no items
             case send_result['self']['type']
             when 'directory', 'container' # directory: node, container: shares
-              result = { data: send_result['items'], type: :object_list, textify: lambda { |table_data| c_textify_browse(table_data) } }
+              result = { data: send_result['items'], type: :object_list }
               formatter.display_item_count(send_result['item_count'], send_result['total_count'])
             else # 'file','symbolic_link'
               result = { data: send_result['self'], type: :single_object}
-              # result={ data: [send_result['self']] , type: :object_list, textify: lambda { |table_data| c_textify_browse(table_data) } }
-              # raise "unknown type: #{send_result['self']['type']}"
             end
             return c_result_remove_prefix_path(result, 'path', prefix_path)
           when :sync
-            node_sync = SyncSpecGen3.new(@api_node)
-            return Plugins::Sync.new(@agents, sync_spec: node_sync).execute_action
+            return execute_sync_action do |sync_direction, local_path, remote_path|
+              # Gen3 API
+              # empty transfer spec for authorization request
+              request_transfer_spec = {
+                type:  case sync_direction
+                       when :push then :sync_upload
+                       when :pull then :sync_download
+                       when :bidi then :sync
+                       end,
+                paths: [{
+                  source:      remote_path,
+                  destination: local_path
+                }]
+              }
+              # add fixed parameters if any (for COS)
+              @api_node.add_tspec_info(request_transfer_spec) if @api_node.respond_to?(:add_tspec_info)
+              # prepare payload for single request
+              setup_payload = {transfer_requests: [{transfer_request: request_transfer_spec}]}
+              # only one request, so only one answer
+              transfer_spec = @api_node.create('files/sync_setup', setup_payload)[:data]['transfer_specs'].first['transfer_spec']
+              # API returns null tag... but async does not like it
+              transfer_spec.delete_if{ |_k, v| v.nil? }
+              # delete this part, as the returned value contains only destination, and not sources
+              # transfer_spec.delete('paths') if command.eql?(:upload)
+              Log.log.debug{Log.dump(:ts, transfer_spec)}
+              transfer_spec
+            end
           when :upload, :download
             # empty transfer spec for authorization request
             request_transfer_spec = {}
@@ -297,8 +295,16 @@ module Aspera
             # delete this part, as the returned value contains only destination, and not sources
             transfer_spec.delete('paths') if command.eql?(:upload)
             return Main.result_transfer(transfer.start(transfer_spec))
+          when :http_node_download
+            remote_path = get_next_arg_add_prefix(prefix_path, 'remote path')
+            file_name = File.basename(remote_path)
+            @api_node.call(
+              operation: 'GET',
+              subpath: "files/#{URI.encode_www_form_component(remote_path)}/contents",
+              save_to_file: File.join(transfer.destination_folder(Fasp::TransferSpec::DIRECTION_RECEIVE), file_name))
+            return Main.result_status("downloaded: #{file_name}")
           end
-          raise 'INTERNAL ERROR'
+          error_unreachable_line
         end
         # common API to node and Shares
@@ -307,20 +313,37 @@ module Aspera
           case command
           when *COMMANDS_GEN3
             execute_command_gen3(command, prefix_path)
-          when :access_key
-            ak_command = options.get_next_command([:do].concat(Plugin::ALL_OPS))
+          when :access_keys
+            ak_command = options.get_next_command(%i[do set_bearer_key].concat(Plugin::ALL_OPS))
             case ak_command
-            when *Plugin::ALL_OPS then return entity_command(ak_command, @api_node, 'access_keys', id_default: 'self')
+            when *Plugin::ALL_OPS
+              return entity_command(ak_command, @api_node, 'access_keys') do |field, value|
+                       raise 'only selector: %id:self' unless field.eql?('id') && value.eql?('self')
+                       @api_node.read('access_keys/self')[:data]['id']
+                     end
             when :do
-              access_key = options.get_next_argument('access key id')
-              ak_info = @api_node.read("access_keys/#{access_key}")[:data]
-              # change API credentials if different access key
-              if !access_key.eql?('self')
-                @api_node.params[:auth][:username] = ak_info['id']
-                @api_node.params[:auth][:password] = config.lookup_secret(url: @api_node.params[:base_url], username: ak_info['id'], mandatory: true)
+              access_key_id = options.get_next_argument('access key id')
+              root_file_id = options.get_option(:root_id)
+              if root_file_id.nil?
+                ak_info = @api_node.read("access_keys/#{access_key_id}")[:data]
+                # change API credentials if different access key
+                if !access_key_id.eql?('self')
+                  @api_node.params[:auth][:username] = ak_info['id']
+                  @api_node.params[:auth][:password] = config.lookup_secret(url: @api_node.params[:base_url], username: ak_info['id'], mandatory: true)
+                end
+                root_file_id = ak_info['root_file_id']
               end
               command_repo = options.get_next_command(COMMANDS_GEN4)
-              return execute_command_gen4(command_repo, ak_info['root_file_id'])
+              return execute_command_gen4(command_repo, root_file_id)
+            when :set_bearer_key
+              access_key_id = options.get_next_argument('access key id')
+              access_key_id = @api_node.read('access_keys/self')[:data]['id'] if access_key_id.eql?('self')
+              bearer_key_pem = options.get_next_argument('public or private RSA key PEM value', type: String)
+              key = OpenSSL::PKey.read(bearer_key_pem)
+              key = key.public_key if key.private?
+              bearer_key_pem = key.to_pem
+              @api_node.update("access_keys/#{access_key_id}", {token_verification_key: bearer_key_pem})
+              return Main.result_status('public key updated')
             end
           when :health
             nagios = Nagios.new
@@ -345,10 +368,13 @@ module Aspera
             return nagios.result
           when :events
             events = @api_node.read('events', query_read_delete)[:data]
-            return { type: :object_list, data: events}
+            return { type: :object_list, data: events, fields: ->(f){!f.start_with?('data')} }
           when :info
             nd_info = @api_node.read('info')[:data]
-            return { type: :single_object, data: nd_info, textify: lambda { |table_data| c_textify_bool_list_result(table_data, %w[capabilities settings])}}
+            return { type: :single_object, data: nd_info}
+          when :slash
+            nd_info = @api_node.read('')[:data]
+            return { type: :single_object, data: nd_info}
           when :license
             # requires: asnodeadmin -mu <node user> --acl-add=internal --internal
             node_license = @api_node.read('license')[:data]
@@ -364,7 +390,7 @@ module Aspera
         # @return [Hash] api and main file id for given path or id
         # Allows to specify a file by its path or by its id on the node
         def apifid_from_next_arg(top_file_id)
-          file_path = instance_identifier(description: 'path or id') do |attribute, value|
+          file_path = instance_identifier(description: 'path or %id:<id>') do |attribute, value|
             raise 'Only selection "id" is supported (file id)' unless attribute.eql?('id')
             # directly return result for method
             return {api: @api_node, file_id: value}
@@ -380,14 +406,14 @@ module Aspera
             command_legacy = options.get_next_command(V3_IN_V4_ACTIONS)
             # TODO: shall we support all methods here ? what if there is a link ?
             apifid = @api_node.resolve_api_fid(top_file_id, '')
-            return Node.new(@agents.merge(skip_basic_auth_options: true, skip_node_options: true, node_api: apifid[:api])).execute_action(command_legacy)
+            return Node.new(@agents, api: apifid[:api]).execute_action(command_legacy)
           when :node_info, :bearer_token_node
             apifid = @api_node.resolve_api_fid(top_file_id, options.get_next_argument('path'))
             result = {
               url:     apifid[:api].params[:base_url],
               root_id: apifid[:file_id]
             }
-            raise 'No auth for node' if apifid[:api].params[:auth].nil?
+            assert_values(apifid[:api].params[:auth][:type], %i[basic oauth2])
             case apifid[:api].params[:auth][:type]
             when :basic
               result[:username] = apifid[:api].params[:auth][:username]
@@ -395,10 +421,11 @@ module Aspera
             when :oauth2
               result[:username] = apifid[:api].params[:headers][Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY]
               result[:password] = apifid[:api].oauth_token
-            else raise 'unknown'
+            else error_unreachable_line
             end
             return {type: :single_object, data: result} if command_repo.eql?(:node_info)
-            raise 'not bearer token' unless result[:password].start_with?('Bearer ')
+            # check format of bearer token
+            Oauth.bearer_extract(result[:password])
             return Main.result_status(result[:password])
           when :browse
             apifid = @api_node.resolve_api_fid(top_file_id, options.get_next_argument('path'))
@@ -413,7 +440,7 @@ module Aspera
             return {type: :object_list, data: items, fields: %w[name type recursive_size size modified_time access_level]}
           when :find
             apifid = @api_node.resolve_api_fid(top_file_id, options.get_next_argument('path'))
-            test_block = Aspera::Node.file_matcher(value_or_query(allowed_types: String))
+            test_block = Aspera::Node.file_matcher_from_argument(options)
             return {type: :object_list, data: @api_node.find_files(apifid[:file_id], test_block), fields: ['path']}
           when :mkdir
             containing_folder_path = options.get_next_argument('path').split(Aspera::Node::PATH_SEPARATOR)
@@ -428,15 +455,27 @@ module Aspera
             result = apifid[:api].update("files/#{apifid[:file_id]}", {name: newname})[:data]
             return Main.result_status("renamed to #{newname}")
           when :delete
-            return do_bulk_operation(options.get_next_argument('path'), 'deleted', id_result: 'path') do |l_path|
-              raise "expecting String (path), got #{l_path.class.name} (#{l_path})" unless l_path.is_a?(String)
+            return do_bulk_operation(command: command_repo, descr: 'path', values: String, id_result: 'path') do |l_path|
               apifid = @api_node.resolve_api_fid(top_file_id, l_path)
               result = apifid[:api].delete("files/#{apifid[:file_id]}")[:data]
               {'path' => l_path}
             end
           when :sync
-            node_sync = SyncSpecGen4.new(@api_node, top_file_id)
-            return Plugins::Sync.new(@agents, sync_spec: node_sync).execute_action
+            return execute_sync_action do |sync_direction, _local_path, remote_path|
+              # Gen4 API
+              # direction is push pull, bidi
+              assert_values(sync_direction, %i[push pull bidi])
+              ts_direction = case sync_direction
+              when :push, :bidi then Fasp::TransferSpec::DIRECTION_SEND
+              when :pull then Fasp::TransferSpec::DIRECTION_RECEIVE
+              else error_unreachable_line
+              end
+              # remote is specified by option to_folder
+              apifid = @api_node.resolve_api_fid(top_file_id, remote_path)
+              transfer_spec = apifid[:api].transfer_spec_gen4(apifid[:file_id], ts_direction)
+              Log.log.debug{Log.dump(:ts, transfer_spec)}
+              transfer_spec
+            end
           when :upload
             apifid = @api_node.resolve_api_fid(top_file_id, transfer.destination_folder(Fasp::TransferSpec::DIRECTION_SEND))
             return Main.result_transfer(transfer.start(apifid[:api].transfer_spec_gen4(apifid[:file_id], Fasp::TransferSpec::DIRECTION_SEND)))
@@ -475,7 +514,7 @@ module Aspera
               source_paths = [{'source' => source_folder.pop}]
               source_folder = source_folder.join(Aspera::Node::PATH_SEPARATOR)
             end
-            raise CliBadArgument, 'one file at a time only in HTTP mode' if source_paths.length > 1
+            raise Cli::BadArgument, 'one file at a time only in HTTP mode' if source_paths.length > 1
             file_name = source_paths.first['source']
             apifid = @api_node.resolve_api_fid(top_file_id, File.join(source_folder, file_name))
             apifid[:api].call(
@@ -499,8 +538,7 @@ module Aspera
               subpath: "files/#{apifid[:file_id]}/preview",
               headers: {'Accept' => 'image/png'}
             )
-            require 'aspera/preview/terminal'
-            return Main.result_status(Preview::Terminal.build(result[:http].body, reserved_lines: 3))
+            return Main.result_picture_in_terminal(options, result[:http].body)
           when :permission
             apifid = apifid_from_next_arg(top_file_id)
             command_perm = options.get_next_command(%i[list create delete])
@@ -514,10 +552,8 @@ module Aspera
               items = apifid[:api].read('permissions', list_options)[:data]
               return {type: :object_list, data: items}
             when :delete
-              perm_id = instance_identifier
-              return do_bulk_operation(perm_id, 'deleted') do |one_id|
-                # TODO: notify event ?
-                apifid[:api].delete("permissions/#{perm_id}")
+              return do_bulk_operation(command: command_perm, descr: 'identifier', values: :identifier) do |one_id|
+                apifid[:api].delete("permissions/#{one_id}")
                 # notify application of deletion
                 the_app[:api].permissions_send_event(created_data: created_data, app_info: the_app, types: ['permission.deleted']) unless the_app.nil?
                 {'id' => one_id}
@@ -535,11 +571,11 @@ module Aspera
               # notify application of creation
               the_app[:api].permissions_send_event(created_data: created_data, app_info: the_app) unless the_app.nil?
               return { type: :single_object, data: created_data}
-            else raise "internal error:shall not reach here (#{command_perm})"
+            else error_unreachable_line
             end
-          else raise "INTERNAL ERROR: no case for #{command_repo}"
+          else error_unreachable_line
           end # command_repo
-          # raise 'INTERNAL ERROR: missing return'
+          error_unreachable_line
         end # execute_command_gen4
         # This is older API
@@ -549,7 +585,7 @@ module Aspera
             async_name = options.get_option(:sync_name)
             if async_name.nil?
               async_id = instance_identifier
-              if async_id.eql?(VAL_ALL) && %i[show delete].include?(command)
+              if async_id.eql?(ExtendedValue::ALL) && %i[show delete].include?(command)
                 async_ids = @api_node.read('async/list')[:data]['sync_ids']
               else
                 Integer(async_id) # must be integer
@@ -572,7 +608,7 @@ module Aspera
           when :show
             resp = @api_node.create('async/summary', post_data)[:data]['sync_summaries']
             return Main.result_empty if resp.empty?
-            return { type: :object_list, data: resp, fields: %w[snid name local_dir remote_dir] } if async_id.eql?(VAL_ALL)
+            return { type: :object_list, data: resp, fields: %w[snid name local_dir remote_dir] } if async_id.eql?(ExtendedValue::ALL)
             return { type: :single_object, data: resp.first }
           when :delete
             resp = @api_node.create('async/delete', post_data)[:data]
@@ -589,7 +625,7 @@ module Aspera
             # filename str
             # skip int
             # status int
-            filter = value_or_query(allowed_types: Hash)
+            filter = query_option
             post_data.merge!(filter) unless filter.nil?
             resp = @api_node.create('async/files', post_data)[:data]
             data = resp['sync_files']
@@ -620,6 +656,20 @@ module Aspera
           end
         end
+        # @return [Integer] id of the sync
+        # @raise [Cli::BadArgument] if no such sync, or not by name
+        # @param [String] field name of the field to search
+        # @param [String] value value of the field to search
+        def ssync_lookup(field, value)
+          raise Cli::BadArgument, "Only search by name is supported (#{field})" unless field.eql?('name')
+          @api_node.read('asyncs')[:data]['ids'].each do |id|
+            sync_info = @api_node.read("asyncs/#{id}")[:data]['configuration']
+            # name is unique, so we can return
+            return id if sync_info[field].eql?(value)
+          end
+          raise Cli::BadArgument, "no such sync: #{field}=#{value}"
+        end
         ACTIONS = %i[
           async
           ssync
@@ -629,7 +679,9 @@ module Aspera
           watch_folder
           central
           asperabrowser
-          basic_token].concat(COMMON_ACTIONS).freeze
+          basic_token
+          bearer_token
+          simulator].concat(COMMON_ACTIONS).freeze
         def execute_action(command=nil, prefix_path=nil)
           command ||= options.get_next_command(ACTIONS)
@@ -640,17 +692,15 @@ module Aspera
             # newer API
             sync_command = options.get_next_command(%i[start stop bandwidth counters files state summary].concat(Plugin::ALL_OPS) - %i[modify])
             case sync_command
-            when *Plugin::ALL_OPS then return entity_command(sync_command, @api_node, 'asyncs', item_list_key: 'ids')
+            when *Plugin::ALL_OPS then return entity_command(sync_command, @api_node, 'asyncs', item_list_key: 'ids'){|field, value|ssync_lookup(field, value)}
             else
-              asyncs_id = instance_identifier
+              asyncs_id = instance_identifier {|field, value|ssync_lookup(field, value)}
               parameters = nil
               if %i[start stop].include?(sync_command)
                 @api_node.create("asyncs/#{asyncs_id}/#{sync_command}", parameters)
                 return Main.result_status('Done')
               end
-              if %i[bandwidth counters files].include?(sync_command)
-                parameters = value_or_query(allowed_types: Hash, mandatory: false) || {}
-              end
+              parameters = query_option(default: {}) if %i[bandwidth counters files].include?(sync_command)
               return { type: :single_object, data: @api_node.read("asyncs/#{asyncs_id}/#{sync_command}", parameters)[:data] }
             end
           when :stream
@@ -660,13 +710,13 @@ module Aspera
               resp = @api_node.read('ops/transfers', old_query_read_delete)
               return { type: :object_list, data: resp[:data], fields: %w[id status] } # TODO: useful?
             when :create
-              resp = @api_node.create('streams', value_create_modify(command: command, type: Hash))
+              resp = @api_node.create('streams', value_create_modify(command: command))
               return { type: :single_object, data: resp[:data] }
             when :show
               resp = @api_node.read("ops/transfers/#{options.get_next_argument('transfer id')}")
               return { type: :other_struct, data: resp[:data] }
             when :modify
-              resp = @api_node.update("streams/#{options.get_next_argument('transfer id')}", value_create_modify(command: command, type: Hash))
+              resp = @api_node.update("streams/#{options.get_next_argument('transfer id')}", value_create_modify(command: command))
               return { type: :other_struct, data: resp[:data] }
             when :cancel
               resp = @api_node.cancel("streams/#{options.get_next_argument('transfer id')}")
@@ -675,7 +725,7 @@ module Aspera
               raise 'error'
             end
           when :transfer
-            command = options.get_next_command(%i[list cancel show modify bandwidth_average])
+            command = options.get_next_command(%i[list cancel show modify bandwidth_average sessions])
             res_class_path = 'ops/transfers'
             if %i[cancel show modify].include?(command)
               one_res_id = instance_identifier
@@ -683,15 +733,24 @@ module Aspera
             end
             case command
             when :list
-              # could use ? subpath: 'transfers'
-              query = query_read_delete
-              raise 'Query must be a Hash' unless query.nil? || query.is_a?(Hash)
-              transfers_data = @api_node.read(res_class_path, query)[:data]
+              transfers_data = @api_node.read(res_class_path, query_read_delete)[:data]
               return {
                 type:   :object_list,
                 data:   transfers_data,
                 fields: %w[id status start_spec.direction start_spec.remote_user start_spec.remote_host start_spec.destination_path]
               }
+            when :sessions
+              transfers_data = @api_node.read(res_class_path, query_read_delete)[:data]
+              sessions = transfers_data.map{|t|t['sessions']}.flatten
+              sessions.each do |session|
+                session['start_time'] = Time.at(session['start_time_usec'] / 1_000_000.0).utc.iso8601(0)
+                session['end_time'] = Time.at(session['end_time_usec'] / 1_000_000.0).utc.iso8601(0)
+              end
+              return {
+                type:   :object_list,
+                data:   sessions,
+                fields: %w[id status start_time end_time target_rate_kbps]
+              }
             when :cancel
               resp = @api_node.cancel(one_res_path)
               return { type: :other_struct, data: resp[:data] }
@@ -702,7 +761,7 @@ module Aspera
               resp = @api_node.update(one_res_path, options.get_next_argument('update value', type: Hash))
               return { type: :other_struct, data: resp[:data] }
             when :bandwidth_average
-              transfers_data = @api_node.read(res_class_path, query)[:data]
+              transfers_data = @api_node.read(res_class_path, query_read_delete)[:data]
               # collect all key dates
               bandwidth_period = {}
               dir_info = %i[avg_kbps sessions].freeze
@@ -779,7 +838,7 @@ module Aspera
             @api_node.params[:headers]['X-aspera-WF-version'] = '2017_10_23'
             case command
             when :create
-              resp = @api_node.create(res_class_path, value_create_modify(command: command, type: Hash))
+              resp = @api_node.create(res_class_path, value_create_modify(command: command))
               return Main.result_status("#{resp[:data]['id']} created")
             when :list
               resp = @api_node.read(res_class_path, old_query_read_delete)
@@ -787,7 +846,7 @@ module Aspera
             when :show
               return { type: :single_object, data: @api_node.read(one_res_path)[:data]}
             when :modify
-              @api_node.update(one_res_path, value_or_query(mandatory: true, allowed_types: Hash))
+              @api_node.update(one_res_path, query_option(mandatory: true))
               return Main.result_status("#{one_res_id} updated")
             when :delete
               @api_node.delete(one_res_path)
@@ -799,7 +858,7 @@ module Aspera
             command = options.get_next_command(%i[session file])
             validator_id = options.get_option(:validator)
             validation = {'validator_id' => validator_id} unless validator_id.nil?
-            request_data = value_create_modify(default: {}, type: Hash)
+            request_data = query_option(default: {})
             case command
             when :session
               command = options.get_next_command([:list])
@@ -820,7 +879,7 @@ module Aspera
                 request_data.deep_merge!({'validation' => validation}) unless validation.nil?
                 resp = @api_node.create('services/rest/transfers/v1/files', request_data)[:data]
                 resp = JSON.parse(resp) if resp.is_a?(String)
-                Log.dump(:resp, resp)
+                Log.log.debug{Log.dump(:resp, resp)}
                 return { type: :object_list, data: resp['file_transfer_info_result']['file_transfer_info'], fields: %w[session_uuid file_id status path]}
               when :modify
                 request_data.deep_merge!(validation) unless validation.nil?
@@ -839,7 +898,27 @@ module Aspera
             OpenApplication.instance.uri(options.get_option(:asperabrowserurl) + '?goto=' + encoded_params)
             return Main.result_status('done')
           when :basic_token
-            return Main.result_status(Rest.basic_creds(options.get_option(:username, mandatory: true), options.get_option(:password, mandatory: true)))
+            return Main.result_status(Rest.basic_token(options.get_option(:username, mandatory: true), options.get_option(:password, mandatory: true)))
+          when :bearer_token
+            private_key = OpenSSL::PKey::RSA.new(options.get_next_argument('private RSA key PEM value', type: String))
+            token_info = options.get_next_argument('user and group identification', type: Hash)
+            access_key = options.get_option(:username, mandatory: true)
+            return Main.result_status(Aspera::Node.bearer_token(payload: token_info, access_key: access_key, private_key: private_key))
+          when :simulator
+            require 'aspera/node_simulator'
+            parameters = value_create_modify(command: command)
+            parameters = parameters.symbolize_keys
+            raise 'Missing key: url' unless parameters.key?(:url)
+            uri = URI.parse(parameters[:url])
+            server = WebServerSimple.new(uri, certificate: parameters[:certificate])
+            server.mount(uri.path, NodeSimulatorServlet, parameters[:credentials], transfer)
+            # on ctrl-c, tell server main loop to exit
+            trap('INT') { server.shutdown }
+            formatter.display_status("Node Simulator listening on #{uri.port}")
+            Log.log.info{"Listening on #{uri.port}"}
+            # this is blocking until server exits
+            server.start
+            return Main.result_status('Simulator terminated')
           end # case command
           raise 'ERROR: shall not reach this line'
         end # execute_action