RubyGems - aspera-cli - Versions diffs - 4.15.0 → 4.17.0 - Mend

aspera-cli 4.15.0 → 4.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/BUGS.md +29 -3
data/CHANGELOG.md +375 -280
data/CONTRIBUTING.md +71 -18
data/README.md +1978 -1656
data/bin/ascli +13 -31
data/bin/asession +32 -22
data/examples/dascli +2 -2
data/lib/aspera/agent/alpha.rb +117 -0
data/lib/aspera/agent/base.rb +61 -0
data/lib/aspera/{fasp/agent_connect.rb → agent/connect.rb} +13 -11
data/lib/aspera/{fasp/agent_direct.rb → agent/direct.rb} +116 -116
data/lib/aspera/{fasp/agent_httpgw.rb → agent/httpgw.rb} +21 -19
data/lib/aspera/{fasp/agent_node.rb → agent/node.rb} +21 -33
data/lib/aspera/agent/trsdk.rb +188 -0
data/lib/aspera/api/aoc.rb +586 -0
data/lib/aspera/api/ats.rb +46 -0
data/lib/aspera/api/cos_node.rb +95 -0
data/lib/aspera/api/node.rb +344 -0
data/lib/aspera/ascmd.rb +47 -14
data/lib/aspera/{fasp → ascp}/installation.rb +54 -15
data/lib/aspera/{fasp → ascp}/management.rb +14 -14
data/lib/aspera/{fasp → ascp}/products.rb +1 -1
data/lib/aspera/assert.rb +45 -0
data/lib/aspera/cli/basic_auth_plugin.rb +11 -10
data/lib/aspera/cli/extended_value.rb +5 -5
data/lib/aspera/cli/formatter.rb +27 -14
data/lib/aspera/cli/hints.rb +7 -6
data/lib/aspera/cli/main.rb +49 -29
data/lib/aspera/cli/manager.rb +46 -36
data/lib/aspera/cli/plugin.rb +34 -20
data/lib/aspera/cli/plugin_factory.rb +61 -0
data/lib/aspera/cli/plugins/alee.rb +7 -7
data/lib/aspera/cli/plugins/aoc.rb +168 -132
data/lib/aspera/cli/plugins/ats.rb +33 -33
data/lib/aspera/cli/plugins/bss.rb +3 -4
data/lib/aspera/cli/plugins/config.rb +250 -272
data/lib/aspera/cli/plugins/console.rb +8 -6
data/lib/aspera/cli/plugins/cos.rb +20 -19
data/lib/aspera/cli/plugins/faspex.rb +71 -60
data/lib/aspera/cli/plugins/faspex5.rb +212 -133
data/lib/aspera/cli/plugins/node.rb +83 -75
data/lib/aspera/cli/plugins/orchestrator.rb +36 -44
data/lib/aspera/cli/plugins/preview.rb +33 -31
data/lib/aspera/cli/plugins/server.rb +33 -32
data/lib/aspera/cli/plugins/shares.rb +39 -33
data/lib/aspera/cli/sync_actions.rb +9 -9
data/lib/aspera/cli/transfer_agent.rb +45 -25
data/lib/aspera/cli/transfer_progress.rb +2 -3
data/lib/aspera/cli/version.rb +1 -1
data/lib/aspera/colors.rb +5 -0
data/lib/aspera/command_line_builder.rb +16 -14
data/lib/aspera/coverage.rb +21 -0
data/lib/aspera/data_repository.rb +33 -2
data/lib/aspera/environment.rb +5 -4
data/lib/aspera/faspex_gw.rb +13 -11
data/lib/aspera/faspex_postproc.rb +6 -5
data/lib/aspera/id_generator.rb +4 -2
data/lib/aspera/json_rpc.rb +10 -8
data/lib/aspera/keychain/encrypted_hash.rb +46 -11
data/lib/aspera/keychain/macos_security.rb +29 -22
data/lib/aspera/log.rb +5 -4
data/lib/aspera/nagios.rb +7 -2
data/lib/aspera/node_simulator.rb +213 -0
data/lib/aspera/oauth/base.rb +143 -0
data/lib/aspera/oauth/factory.rb +124 -0
data/lib/aspera/oauth/generic.rb +34 -0
data/lib/aspera/oauth/jwt.rb +51 -0
data/lib/aspera/oauth/url_json.rb +31 -0
data/lib/aspera/oauth/web.rb +50 -0
data/lib/aspera/oauth.rb +5 -328
data/lib/aspera/open_application.rb +7 -7
data/lib/aspera/persistency_action_once.rb +13 -14
data/lib/aspera/persistency_folder.rb +3 -2
data/lib/aspera/preview/file_types.rb +53 -267
data/lib/aspera/preview/generator.rb +7 -5
data/lib/aspera/preview/terminal.rb +17 -7
data/lib/aspera/preview/utils.rb +8 -7
data/lib/aspera/proxy_auto_config.rb +6 -3
data/lib/aspera/rest.rb +187 -140
data/lib/aspera/rest_error_analyzer.rb +1 -0
data/lib/aspera/rest_errors_aspera.rb +5 -3
data/lib/aspera/resumer.rb +77 -0
data/lib/aspera/secret_hider.rb +5 -2
data/lib/aspera/ssh.rb +15 -8
data/lib/aspera/temp_file_manager.rb +1 -1
data/lib/aspera/{fasp → transfer}/error.rb +3 -3
data/lib/aspera/{fasp → transfer}/error_info.rb +1 -1
data/lib/aspera/{fasp → transfer}/faux_file.rb +1 -1
data/lib/aspera/{fasp → transfer}/parameters.rb +95 -120
data/lib/aspera/{fasp/transfer_spec.rb → transfer/spec.rb} +23 -19
data/lib/aspera/{fasp/parameters.yaml → transfer/spec.yaml} +4 -99
data/lib/aspera/transfer/sync.rb +273 -0
data/lib/aspera/{fasp → transfer}/uri.rb +10 -9
data/lib/aspera/web_server_simple.rb +12 -3
data.tar.gz.sig +0 -0
metadata +92 -68
metadata.gz.sig +0 -0
data/lib/aspera/aoc.rb +0 -606
data/lib/aspera/ats_api.rb +0 -47
data/lib/aspera/cos_node.rb +0 -93
data/lib/aspera/fasp/agent_aspera.rb +0 -126
data/lib/aspera/fasp/agent_base.rb +0 -48
data/lib/aspera/fasp/agent_trsdk.rb +0 -146
data/lib/aspera/fasp/resume_policy.rb +0 -77
data/lib/aspera/node.rb +0 -338
data/lib/aspera/sync.rb +0 -219

data/lib/aspera/node.rb DELETED Viewed

@@ -1,338 +0,0 @@
-# frozen_string_literal: true
-require 'aspera/cli/error'
-require 'aspera/fasp/transfer_spec'
-require 'aspera/rest'
-require 'aspera/oauth'
-require 'aspera/log'
-require 'aspera/environment'
-require 'zlib'
-require 'base64'
-module Aspera
-  # Provides additional functions using node API with gen4 extensions (access keys)
-  class Node < Aspera::Rest
-    # permissions
-    ACCESS_LEVELS = %w[delete list mkdir preview read rename write].freeze
-    # prefix for ruby code for filter (deprecated)
-    MATCH_EXEC_PREFIX = 'exec:'
-    MATCH_TYPES = [String, Proc, Regexp, NilClass].freeze
-    HEADER_X_ASPERA_ACCESS_KEY = 'X-Aspera-AccessKey'
-    PATH_SEPARATOR = '/'
-    TS_FIELDS_TO_COPY = %w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].freeze
-    SCOPE_USER = 'user:all'
-    SCOPE_ADMIN = 'admin:all'
-    SCOPE_PREFIX = 'node.'
-    SCOPE_SEPARATOR = ':'
-    SIGNATURE_DELIMITER = '==SIGNATURE=='
-    BEARER_TOKEN_VALIDITY_DEFAULT = 86400
-    BEARER_TOKEN_SCOPE_DEFAULT = SCOPE_USER
-    # register node special token decoder
-    Oauth.register_decoder(lambda{|token|Node.decode_bearer_token(token)})
-    # class instance variable, access with accessors on class
-    @use_standard_ports = true
-    class << self
-      attr_accessor :use_standard_ports
-      # For access keys: provide expression to match entry in folder
-      def file_matcher(match_expression)
-        case match_expression
-        when Proc then return match_expression
-        when Regexp then return ->(f){f['name'].match?(match_expression)}
-        when String
-          if match_expression.start_with?(MATCH_EXEC_PREFIX)
-            code = "->(f){#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}"
-            Log.log.warn{"Use of prefix #{MATCH_EXEC_PREFIX} is deprecated (4.15), instead use: @ruby:'#{code}'"}
-            return Environment.secure_eval(code, __FILE__, __LINE__)
-          end
-          return lambda{|f|File.fnmatch(match_expression, f['name'], File::FNM_DOTMATCH)}
-        when NilClass then return ->(_){true}
-        else raise Cli::BadArgument, "Invalid match expression type: #{match_expression.class}"
-        end
-      end
-      def file_matcher_from_argument(options)
-        return file_matcher(options.get_next_argument('filter', type: MATCH_TYPES, mandatory: false))
-      end
-      # node API scopes
-      def token_scope(access_key, scope)
-        return [SCOPE_PREFIX, access_key, SCOPE_SEPARATOR, scope].join('')
-      end
-      def decode_scope(scope)
-        items = scope.split(SCOPE_SEPARATOR, 2)
-        raise "invalid scope: #{scope}" unless items.length.eql?(2)
-        raise "invalid scope: #{scope}" unless items[0].start_with?(SCOPE_PREFIX)
-        return {access_key: items[0][SCOPE_PREFIX.length..-1], scope: items[1]}
-      end
-      # Create an Aspera Node bearer token
-      # @param payload [String] JSON payload to be included in the token
-      # @param private_key [OpenSSL::PKey::RSA] Private key to sign the token
-      def bearer_token(access_key:, payload:, private_key:)
-        raise 'payload shall be Hash' unless payload.is_a?(Hash)
-        raise 'missing user_id' unless payload.key?('user_id')
-        raise 'user_id must be a String' unless payload['user_id'].is_a?(String)
-        raise 'user_id must not be empty' if payload['user_id'].empty?
-        raise 'private_key shall be OpenSSL::PKey::RSA' unless private_key.is_a?(OpenSSL::PKey::RSA)
-        # manage convenience parameters
-        expiration_sec = payload['_validity'] || BEARER_TOKEN_VALIDITY_DEFAULT
-        payload.delete('_validity')
-        scope = payload['_scope'] || BEARER_TOKEN_SCOPE_DEFAULT
-        payload.delete('_scope')
-        payload['scope'] ||= token_scope(access_key, scope)
-        payload['auth_type'] ||= 'access_key'
-        payload['expires_at'] ||= (Time.now + expiration_sec).utc.strftime('%FT%TZ')
-        payload_json = JSON.generate(payload)
-        return Base64.strict_encode64(Zlib::Deflate.deflate([
-          payload_json,
-          SIGNATURE_DELIMITER,
-          Base64.strict_encode64(private_key.sign(OpenSSL::Digest.new('sha512'), payload_json)).scan(/.{1,60}/).join("\n"),
-          ''
-        ].join("\n")))
-      end
-      def decode_bearer_token(token)
-        return JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition(SIGNATURE_DELIMITER).first)
-      end
-      def bearer_headers(bearer_auth, access_key: nil)
-        # if username is not provided, use the access key from the token
-        if access_key.nil?
-          access_key = Aspera::Node.decode_scope(Aspera::Node.decode_bearer_token(Oauth.bearer_extract(bearer_auth))['scope'])[:access_key]
-          raise "internal error #{access_key}" if access_key.nil?
-        end
-        return {
-          Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY => access_key,
-          'Authorization'                          => bearer_auth
-        }
-      end
-    end
-    # fields in @app_info
-    REQUIRED_APP_INFO_FIELDS = %i[api app node_info workspace_id workspace_name].freeze
-    # methods of @app_info[:api]
-    REQUIRED_APP_API_METHODS = %i[node_api_from add_ts_tags].freeze
-    private_constant :REQUIRED_APP_INFO_FIELDS, :REQUIRED_APP_API_METHODS
-    attr_reader :app_info
-    # @param params [Hash] Rest parameters
-    # @param app_info [Hash,NilClass] special processing for AoC
-    def initialize(params:, app_info: nil, add_tspec: nil)
-      # init Rest
-      super(params)
-      @app_info = app_info
-      # this is added to transfer spec, for instance to add tags (COS)
-      @add_tspec = add_tspec
-      if !@app_info.nil?
-        REQUIRED_APP_INFO_FIELDS.each do |field|
-          raise "INTERNAL ERROR: app_info lacks field #{field}" unless @app_info.key?(field)
-        end
-        REQUIRED_APP_API_METHODS.each do |method|
-          raise "INTERNAL ERROR: #{@app_info[:api].class} lacks method #{method}" unless @app_info[:api].respond_to?(method)
-        end
-      end
-    end
-    # update transfer spec with special additional tags
-    def add_tspec_info(tspec)
-      tspec.deep_merge!(@add_tspec) unless @add_tspec.nil?
-      return tspec
-    end
-    # @returns [Aspera::Node] a Node or nil
-    def node_id_to_node(node_id)
-      if !@app_info.nil?
-        return self if node_id.eql?(@app_info[:node_info]['id'])
-        return @app_info[:api].node_api_from(
-          node_id: node_id,
-          workspace_id: @app_info[:workspace_id],
-          workspace_name: @app_info[:workspace_name])
-      end
-      Log.log.warn{"cannot resolve link with node id #{node_id}"}
-      return nil
-    end
-    # Recursively browse in a folder (with non-recursive method)
-    # sub folders are processed if the processing method returns true
-    # @param state [Object] state object sent to processing method
-    # @param top_file_id [String] file id to start at (default = access key root file id)
-    # @param top_file_path [String] path of top folder (default = /)
-    # @param block [Proc] processing method, arguments: entry, path, state
-    def process_folder_tree(state:, top_file_id:, top_file_path: '/', &block)
-      raise 'INTERNAL ERROR: top_file_path not set' if top_file_path.nil?
-      raise 'INTERNAL ERROR: Missing block' unless block
-      # start at top folder
-      folders_to_explore = [{id: top_file_id, path: top_file_path}]
-      Log.log.debug{Log.dump(:folders_to_explore, folders_to_explore)}
-      until folders_to_explore.empty?
-        current_item = folders_to_explore.shift
-        Log.log.debug{"searching #{current_item[:path]}".bg_green}
-        # get folder content
-        folder_contents =
-          begin
-            read("files/#{current_item[:id]}/files")[:data]
-          rescue StandardError => e
-            Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
-            []
-          end
-        Log.log.debug{Log.dump(:folder_contents, folder_contents)}
-        folder_contents.each do |entry|
-          relative_path = File.join(current_item[:path], entry['name'])
-          Log.log.debug{"process_folder_tree checking #{relative_path}"}
-          # continue only if method returns true
-          next unless yield(entry, relative_path, state)
-          # entry type is file, folder or link
-          case entry['type']
-          when 'folder'
-            folders_to_explore.push({id: entry['id'], path: relative_path})
-          when 'link'
-            node_id_to_node(entry['target_node_id'])&.process_folder_tree(
-              state:         state,
-              top_file_id:   entry['target_id'],
-              top_file_path: relative_path,
-              &block)
-          end
-        end
-      end
-    end # process_folder_tree
-    # Navigate the path from given file id
-    # @param top_file_id [String] id initial file id
-    # @param path [String]  file path
-    # @return [Hash] {.api,.file_id}
-    def resolve_api_fid(top_file_id, path)
-      raise 'file id shall be String' unless top_file_id.is_a?(String)
-      process_last_link = path.end_with?(PATH_SEPARATOR)
-      path_elements = path.split(PATH_SEPARATOR).reject(&:empty?)
-      return {api: self, file_id: top_file_id} if path_elements.empty?
-      resolve_state = {path: path_elements, result: nil}
-      process_folder_tree(state: resolve_state, top_file_id: top_file_id) do |entry, _path, state|
-        # this block is called recursively for each entry in folder
-        # stop digging here if not in right path
-        next false unless entry['name'].eql?(state[:path].first)
-        # ok it matches, so we remove the match
-        state[:path].shift
-        case entry['type']
-        when 'file'
-          # file must be terminal
-          raise "#{entry['name']} is a file, expecting folder to find: #{state[:path]}" unless state[:path].empty?
-          # it's terminal, we found it
-          state[:result] = {api: self, file_id: entry['id']}
-          next false
-        when 'folder'
-          if state[:path].empty?
-            # we found it
-            state[:result] = {api: self, file_id: entry['id']}
-            next false
-          end
-        when 'link'
-          if state[:path].empty?
-            if process_last_link
-              # we found it
-              other_node = node_id_to_node(entry['target_node_id'])
-              raise 'cannot resolve link' if other_node.nil?
-              state[:result] = {api: other_node, file_id: entry['target_id']}
-            else
-              # we found it but we do not process the link
-              state[:result] = {api: self, file_id: entry['id']}
-            end
-            next false
-          end
-        else
-          Log.log.warn{"Unknown element type: #{entry['type']}"}
-        end
-        # continue to dig folder
-        next true
-      end
-      raise "entry not found: #{resolve_state[:path]}" if resolve_state[:result].nil?
-      return resolve_state[:result]
-    end
-    def find_files(top_file_id, test_block)
-      Log.log.debug{"find_files: file id=#{top_file_id}"}
-      find_state = {found: [], test_block: test_block}
-      process_folder_tree(state: find_state, top_file_id: top_file_id) do |entry, path, state|
-        state[:found].push(entry.merge({'path' => path})) if state[:test_block].call(entry)
-        # test all files deeply
-        true
-      end
-      return find_state[:found]
-    end
-    def refreshed_transfer_token
-      return oauth_token(force_refresh: true)
-    end
-    # Create transfer spec for gen4
-    def transfer_spec_gen4(file_id, direction, ts_merge=nil)
-      ak_name = nil
-      ak_token = nil
-      case params[:auth][:type]
-      when :basic
-        ak_name = params[:auth][:username]
-        raise 'ERROR: no secret in node object' unless params[:auth][:password]
-        ak_token = Rest.basic_token(params[:auth][:username], params[:auth][:password])
-      when :oauth2
-        ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
-        # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
-        # get bearer token, possibly use cache
-        ak_token = oauth_token(force_refresh: false)
-      else raise "Unsupported auth method for node gen4: #{params[:auth][:type]}"
-      end
-      transfer_spec = {
-        'direction' => direction,
-        'token'     => ak_token,
-        'tags'      => {
-          Fasp::TransferSpec::TAG_RESERVED => {
-            'node' => {
-              'access_key' => ak_name,
-              'file_id'    => file_id
-            } # node
-          } # aspera
-        } # tags
-      }
-      # add specials tags (cos)
-      add_tspec_info(transfer_spec)
-      transfer_spec.deep_merge!(ts_merge) unless ts_merge.nil?
-      # add application specific tags (AoC)
-      app_info[:api].add_ts_tags(transfer_spec: transfer_spec, app_info: app_info) unless app_info.nil?
-      # add remote host info
-      if self.class.use_standard_ports
-        # get default TCP/UDP ports and transfer user
-        transfer_spec.merge!(Fasp::TransferSpec::AK_TSPEC_BASE)
-        # by default: same address as node API
-        transfer_spec['remote_host'] = URI.parse(params[:base_url]).host
-        # AoC allows specification of other url
-        if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
-          transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
-        end
-        info = read('info')[:data]
-        # get the transfer user from info on access key
-        transfer_spec['remote_user'] = info['transfer_user'] if info['transfer_user']
-        # get settings from name.value array to hash key.value
-        settings = info['settings']&.each_with_object({}){|i, h|h[i['name']] = i['value']}
-        # check WSS ports
-        %w[wss_enabled wss_port].each do |i|
-          transfer_spec[i] = settings[i] if settings.key?(i)
-        end if settings.is_a?(Hash)
-      else
-        # retrieve values from API (and keep a copy/cache)
-        @std_t_spec_cache ||= create(
-          'files/download_setup',
-          {transfer_requests: [{ transfer_request: {paths: [{'source' => '/'}] } }] }
-        )[:data]['transfer_specs'].first['transfer_spec']
-        # copy some parts
-        TS_FIELDS_TO_COPY.each {|i| transfer_spec[i] = @std_t_spec_cache[i] if @std_t_spec_cache.key?(i)}
-      end
-      Log.log.warn{"Expected transfer user: #{Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER}, but have #{transfer_spec['remote_user']}"} \
-        unless transfer_spec['remote_user'].eql?(Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER)
-      return transfer_spec
-    end
-  end
-end

data/lib/aspera/sync.rb DELETED Viewed

@@ -1,219 +0,0 @@
-# frozen_string_literal: true
-# cspell:words logdir bidi watchd cooloff asyncadmin
-require 'aspera/command_line_builder'
-require 'aspera/fasp/installation'
-require 'aspera/log'
-require 'json'
-require 'base64'
-require 'open3'
-require 'English'
-module Aspera
-  # builds command line arg for async
-  module Sync
-    # sync direction, default is push
-    DIRECTIONS = %i[push pull bidi].freeze
-    PARAMS_VX_INSTANCE =
-      {
-        'alt_logdir'          => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'watchd'              => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'apply_local_docroot' => { cli: { type: :opt_without_arg}},
-        'quiet'               => { cli: { type: :opt_without_arg}},
-        'ws_connect'          => { cli: { type: :opt_without_arg}}
-      }.freeze
-    # map sync session parameters to transfer spec: sync -> ts, true if same
-    PARAMS_VX_SESSION =
-      {
-        'name'                       => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'local_dir'                  => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'remote_dir'                 => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'local_db_dir'               => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'remote_db_dir'              => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'host'                       => { cli: { type: :opt_with_arg}, accepted_types: :string, ts: :remote_host},
-        'user'                       => { cli: { type: :opt_with_arg}, accepted_types: :string, ts: :remote_user},
-        'private_key_paths'          => { cli: { type: :opt_with_arg, switch: '--private-key-path'}, accepted_types: :array},
-        'direction'                  => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'checksum'                   => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'tags'                       => { cli: { type: :opt_with_arg, switch: '--tags64', convert: 'Aspera::Fasp::Parameters.convert_json64'},
-                                          accepted_types: :hash, ts: true},
-        'tcp_port'                   => { cli: { type: :opt_with_arg}, accepted_types: :int, ts: :ssh_port},
-        'rate_policy'                => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'target_rate'                => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'cooloff'                    => { cli: { type: :opt_with_arg}, accepted_types: :int},
-        'pending_max'                => { cli: { type: :opt_with_arg}, accepted_types: :int},
-        'scan_intensity'             => { cli: { type: :opt_with_arg}, accepted_types: :string},
-        'cipher'                     => { cli: { type: :opt_with_arg, convert: 'Aspera::Fasp::Parameters.convert_remove_hyphen'}, accepted_types: :string, ts: true},
-        'transfer_threads'           => { cli: { type: :opt_with_arg}, accepted_types: :int},
-        'preserve_time'              => { cli: { type: :opt_without_arg}, ts: :preserve_times},
-        'preserve_access_time'       => { cli: { type: :opt_without_arg}, ts: nil},
-        'preserve_modification_time' => { cli: { type: :opt_without_arg}, ts: nil},
-        'preserve_uid'               => { cli: { type: :opt_without_arg}, ts: :preserve_file_owner_uid},
-        'preserve_gid'               => { cli: { type: :opt_without_arg}, ts: :preserve_file_owner_gid},
-        'create_dir'                 => { cli: { type: :opt_without_arg}, ts: true},
-        'reset'                      => { cli: { type: :opt_without_arg}},
-        # NOTE: only one env var, but multiple sessions... could be a problem
-        'remote_password'            => { cli: { type: :envvar, variable: 'ASPERA_SCP_PASS'}, ts: true},
-        'cookie'                     => { cli: { type: :envvar, variable: 'ASPERA_SCP_COOKIE'}, ts: true},
-        'token'                      => { cli: { type: :envvar, variable: 'ASPERA_SCP_TOKEN'}, ts: true},
-        'license'                    => { cli: { type: :envvar, variable: 'ASPERA_SCP_LICENSE'}}
-      }.freeze
-    Aspera::CommandLineBuilder.normalize_description(PARAMS_VX_INSTANCE)
-    Aspera::CommandLineBuilder.normalize_description(PARAMS_VX_SESSION)
-    PARAMS_VX_KEYS = %w[instance sessions].freeze
-    # new API
-    TS_TO_PARAMS_V2 = {
-      'remote_host'     => 'remote.host',
-      'remote_user'     => 'remote.user',
-      'remote_password' => 'remote.pass',
-      'sshfp'           => 'remote.fingerprint',
-      'ssh_port'        => 'remote.port',
-      'wss_port'        => 'remote.ws_port',
-      'proxy'           => 'remote.proxy',
-      'token'           => 'remote.token',
-      'tags'            => 'tags'
-    }.freeze
-    ASYNC_EXECUTABLE = 'async'
-    ASYNC_ADMIN_EXECUTABLE = 'asyncadmin'
-    private_constant :PARAMS_VX_INSTANCE, :PARAMS_VX_SESSION, :PARAMS_VX_KEYS, :TS_TO_PARAMS_V2, :ASYNC_EXECUTABLE, :ASYNC_ADMIN_EXECUTABLE
-    class << self
-      # Set remote_dir in sync parameters based on transfer spec
-      # @param params [Hash] sync parameters, old or new format
-      # @param remote_dir_key [String] key to update in above hash
-      # @param transfer_spec [Hash] transfer spec
-      def update_remote_dir(sync_params, remote_dir_key, transfer_spec)
-        if transfer_spec.dig(*%w[tags aspera node file_id])
-          # in AoC, use gen4
-          sync_params[remote_dir_key] = '/'
-        elsif transfer_spec['cookie']&.start_with?('aspera.shares2')
-          # TODO : something more generic, independent of Shares
-          # in Shares, the actual folder on remote end is not always the same as the name of the share
-          actual_remote = transfer_spec['paths']&.first&.[]('source')
-          sync_params[remote_dir_key] = actual_remote if actual_remote
-        end
-        nil
-      end
-      # @param sync_params [Hash] sync parameters, old or new format
-      # @param block [nil, Proc] block to generate transfer spec, takes: direction (one of DIRECTIONS), local_dir, remote_dir
-      def start(sync_params, &block)
-        raise 'Internal Error: sync_params parameter must be Hash' unless sync_params.is_a?(Hash)
-        env_args = {
-          args: [],
-          env:  {}
-        }
-        if sync_params.key?('local')
-          # async native JSON format (v2)
-          raise StandardError, 'remote must be Hash' unless sync_params['remote'].is_a?(Hash)
-          if block
-            transfer_spec = yield((sync_params['direction'] || 'push').to_sym, sync_params['local']['path'], sync_params['remote']['path'])
-            # async native JSON format
-            raise StandardError, 'sync parameter "local" must be Hash' unless sync_params['local'].is_a?(Hash)
-            TS_TO_PARAMS_V2.each do |ts_param, sy_path|
-              next unless transfer_spec.key?(ts_param)
-              sy_dig = sy_path.split('.')
-              param = sy_dig.pop
-              hash = sy_dig.empty? ? sync_params : sync_params[sy_dig.first]
-              hash = sync_params[sy_dig.first] = {} if hash.nil?
-              hash[param] = transfer_spec[ts_param]
-            end
-            sync_params['remote']['connect_mode'] ||= sync_params['remote'].key?('ws_port') ? 'ws' : 'ssh'
-            sync_params['remote']['private_key_paths'] ||= Fasp::Installation.instance.aspera_token_ssh_key_paths if transfer_spec.key?('token')
-            update_remote_dir(sync_params['remote'], 'path', transfer_spec)
-          end
-          env_args[:args] = ["--conf64=#{Base64.strict_encode64(JSON.generate(sync_params))}"]
-        elsif sync_params.key?('sessions')
-          # ascli JSON format (v1)
-          if block
-            sync_params['sessions'].each do |session|
-              transfer_spec = yield((session['direction'] || 'push').to_sym, session['local_dir'], session['remote_dir'])
-              PARAMS_VX_SESSION.each do |async_param, behavior|
-                if behavior.key?(:ts)
-                  tspec_param = behavior[:ts].is_a?(TrueClass) ? async_param : behavior[:ts].to_s
-                  session[async_param] ||= transfer_spec[tspec_param] if transfer_spec.key?(tspec_param)
-                end
-              end
-              session['private_key_paths'] = Fasp::Installation.instance.aspera_token_ssh_key_paths if transfer_spec.key?('token')
-              update_remote_dir(session, 'remote_dir', transfer_spec)
-            end
-          end
-          raise StandardError, "Only 'sessions', and optionally 'instance' keys are allowed" unless
-            sync_params.keys.push('instance').uniq.sort.eql?(PARAMS_VX_KEYS)
-          raise StandardError, 'sessions key must be Array' unless sync_params['sessions'].is_a?(Array)
-          raise StandardError, 'sessions key requires at least one Hash' unless sync_params['sessions'].first.is_a?(Hash)
-          if sync_params.key?('instance')
-            raise StandardError, 'instance key must be Hash' unless sync_params['instance'].is_a?(Hash)
-            instance_builder = Aspera::CommandLineBuilder.new(sync_params['instance'], PARAMS_VX_INSTANCE)
-            instance_builder.process_params
-            instance_builder.add_env_args(env_args)
-          end
-          sync_params['sessions'].each do |session_params|
-            raise StandardError, 'sessions must contain hashes' unless session_params.is_a?(Hash)
-            raise StandardError, 'session must contain at least name' unless session_params.key?('name')
-            session_builder = Aspera::CommandLineBuilder.new(session_params, PARAMS_VX_SESSION)
-            session_builder.process_params
-            session_builder.add_env_args(env_args)
-          end
-        else
-          raise 'At least one of `local` or `sessions` must be present in async parameters'
-        end
-        Log.log.debug{Log.dump(:sync_params, sync_params)}
-        Log.log.debug{"execute: #{env_args[:env].map{|k, v| "#{k}=\"#{v}\""}.join(' ')} \"#{ASYNC_EXECUTABLE}\" \"#{env_args[:args].join('" "')}\""}
-        res = system(env_args[:env], [ASYNC_EXECUTABLE, ASYNC_EXECUTABLE], *env_args[:args])
-        Log.log.debug{"result=#{res}"}
-        case res
-        when true then return nil
-        when false then raise "failed: #{$CHILD_STATUS}"
-        when nil then raise "not started: #{$CHILD_STATUS}"
-        else raise 'internal error: unspecified case'
-        end
-      end
-      def admin_status(sync_params, session_name)
-        command_line = [ASYNC_ADMIN_EXECUTABLE, '--quiet']
-        if sync_params.key?('local')
-          raise 'Missing session name' if sync_params['name'].nil?
-          raise 'Session not found' unless session_name.nil? || session_name.eql?(sync_params['name'])
-          command_line.push("--name=#{sync_params['name']}")
-          if sync_params.key?('local_db_dir')
-            command_line.push("--local-db-dir=#{sync_params['local_db_dir']}")
-          elsif sync_params.dig('local', 'path')
-            command_line.push("--local-dir=#{sync_params.dig('local', 'path')}")
-          else
-            raise 'Missing either local_db_dir or local.path'
-          end
-        elsif sync_params.key?('sessions')
-          session = session_name.nil? ? sync_params['sessions'].first : sync_params['sessions'].find{|s|s['name'].eql?(session_name)}
-          raise "Session #{session_name} not found in #{sync_params['sessions'].map{|s|s['name']}.join(',')}" if session.nil?
-          raise 'Missing session name' if session['name'].nil?
-          command_line.push("--name=#{session['name']}")
-          if session.key?('local_db_dir')
-            command_line.push("--local-db-dir=#{session['local_db_dir']}")
-          elsif session.key?('local_dir')
-            command_line.push("--local-dir=#{session['local_dir']}")
-          else
-            raise 'Missing either local_db_dir or local_dir'
-          end
-        else
-          raise 'At least one of `local` or `sessions` must be present in async parameters'
-        end
-        Log.log.debug{"execute: #{command_line.join(' ')}"}
-        stdout, stderr, status = Open3.capture3(*command_line)
-        Log.log.debug{"status=#{status}, stderr=#{stderr}"}
-        raise "Sync failed: #{status.exitstatus} : #{stderr}" unless status.success?
-        return stdout.split("\n").each_with_object({}){|l, m|i = l.split(':', 2); m[i.first.lstrip] = i.last.lstrip} # rubocop:disable Style/Semicolon
-      end
-    end
-  end # end Sync
-end # end Aspera