aspera-cli 4.17.0 → 4.18.0

data/lib/aspera/cli/plugins/aoc.rb

@@ -18,12 +18,41 @@ module Aspera
   module Cli
     module Plugins
       class Aoc < Cli::BasicAuthPlugin
-        AOC_PATH_API_CLIENTS = 'admin/api-clients'
         # default redirect for AoC web auth
         REDIRECT_LOCALHOST = 'http://localhost:12345'
         # OAuth methods supported
         STD_AUTH_TYPES = %i[web jwt].freeze
-        private_constant :AOC_PATH_API_CLIENTS, :REDIRECT_LOCALHOST, :STD_AUTH_TYPES
+        # admin objects that can be manipulated
+        ADMIN_OBJECTS = %i[
+          self
+          organization
+          user
+          group
+          group_membership
+          client
+          contact
+          dropbox
+          node
+          operation
+          package
+          saml_configuration
+          workspace
+          workspace_membership
+          dropbox_membership
+          short_link
+          application
+          client_registration_token
+          client_access_key
+          kms_profile].freeze
+        # query to list fully received packages
+        PACKAGE_RECEIVED_BASE_QUERY = {
+          'archived'    => false,
+          'has_content' => true,
+          'received'    => true,
+          'completed'   => true}.freeze
+        # options and parameters for Api::AoC.new
+        OPTIONS_NEW = %i[url auth client_id client_secret scope redirect_uri private_key passphrase username password workspace].freeze
+        private_constant :REDIRECT_LOCALHOST, :STD_AUTH_TYPES, :ADMIN_OBJECTS, :PACKAGE_RECEIVED_BASE_QUERY, :OPTIONS_NEW
         class << self
           def application_name
             'Aspera on Cloud'
@@ -33,12 +62,12 @@ module Aspera
             # no protocol ?
             base_url = "https://#{base_url}" unless base_url.match?(%r{^[a-z]{1,6}://})
             # only org provided ?
-            base_url = "#{base_url}.#{Api::AoC::PROD_DOMAIN}" unless base_url.include?('.')
+            base_url = "#{base_url}.#{Api::SAAS_DOMAIN_PROD}" unless base_url.include?('.')
             # AoC is only https
             return nil unless base_url.start_with?('https://')
             result = Rest.new(base_url: base_url, redirect_max: 10).read('')
             # Any AoC is on this domain
-            return nil unless result[:http].uri.host.end_with?(Api::AoC::PROD_DOMAIN)
+            return nil unless result[:http].uri.host.end_with?(Api::SAAS_DOMAIN_PROD)
             Log.log.debug{"AoC Main page: #{result[:http].body.include?(Api::AoC::PRODUCT_NAME)}"}
             base_url = result[:http].uri.to_s if result[:http].uri.path.include?('/public')
             # either in standard domain, or product name in page
@@ -48,6 +77,8 @@ module Aspera
             }
           end
 
+          # @param [String] url : url to check
+          # @return [Bool] true if private key is required for the url (i.e. no passcode)
           def private_key_required?(url)
             # pub link do not need private key
             return Api::AoC.link_info(url)[:token].nil?
@@ -106,7 +137,7 @@ module Aspera
                 formatter.display_status('- origin: localhost')
                 formatter.display_status('Use the generated client id and secret in the following prompts.'.red)
               end
-              OpenApplication.instance.uri("#{instance_url}/#{AOC_PATH_API_CLIENTS}")
+              OpenApplication.instance.uri("#{instance_url}/admin/api-clients")
               options.get_option(:client_id, mandatory: true)
               options.get_option(:client_secret, mandatory: true)
               use_browser_authentication = true
@@ -147,35 +178,8 @@ module Aspera
             }
           end
         end
-        # special value for package id
-        KNOWN_AOC_RES = %i[
-          self
-          organization
-          user
-          group
-          group_membership
-          client
-          contact
-          dropbox
-          node
-          operation
-          package
-          saml_configuration
-          workspace
-          workspace_membership
-          dropbox_membership
-          short_link
-          application
-          client_registration_token
-          client_access_key
-          kms_profile].freeze
-        PACKAGE_RECEIVED_BASE_QUERY = {
-          'archived'    => false,
-          'has_content' => true,
-          'received'    => true,
-          'completed'   => true}.freeze
 
-        def initialize(**env)
+        def initialize(**_)
           super
           @cache_workspace_info = nil
           @cache_home_node_file = nil
@@ -186,17 +190,15 @@ module Aspera
           options.declare(:scope, 'OAuth scope for AoC API calls', default: Api::AoC::SCOPE_FILES_USER)
           options.declare(:redirect_uri, 'OAuth API client redirect URI')
           options.declare(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
-          options.declare(:passphrase, 'RSA private key passphrase')
+          options.declare(:passphrase, 'RSA private key passphrase', types: String)
           options.declare(:workspace, 'Name of workspace', types: [String, NilClass], default: Api::AoC::DEFAULT_WORKSPACE)
-          options.declare(:new_user_option, 'New user creation option for unknown package recipients')
+          options.declare(:new_user_option, 'New user creation option for unknown package recipients', types: Hash)
           options.declare(:validate_metadata, 'Validate shared inbox metadata', values: :bool, default: true)
           options.parse_options!
           # add node plugin options (for manual)
           Node.declare_options(options)
         end
 
-        OPTIONS_NEW = %i[url auth client_id client_secret scope redirect_uri private_key passphrase username password workspace].freeze
-
         def api_from_options(new_base_path)
           create_values = {subpath: new_base_path, secret_finder: config}
           # create an API object with the same options, but with a different subpath
@@ -333,12 +335,12 @@ module Aspera
             client_apfid = top_node_api.resolve_api_fid(file_id, client_folder)
             server_apfid = top_node_api.resolve_api_fid(file_id, server_folder)
             # force node as transfer agent
-            transfer.agent_instance = Agent::Node.new({
+            transfer.agent_instance = Agent::Node.new(
               url:      client_apfid[:api].base_url,
               username: client_apfid[:api].app_info[:node_info]['access_key'],
-              password: client_apfid[:api].oauth_token,
+              password: client_apfid[:api].oauth.token,
               root_id:  client_apfid[:file_id]
-            })
+            )
             # additional node to node TS info
             add_ts = {
               'remote_access_key'   => server_apfid[:api].app_info[:node_info]['access_key'],
@@ -350,15 +352,106 @@ module Aspera
               client_direction,
               add_ts)))
           else Aspera.error_unreachable_line
-          end # command_repo
+          end
           Aspera.error_unreachable_line
-        end # execute_nodegen4_command
+        end
+
+        def execute_resource_action(resource_type)
+          # get path on API, resource type is singular, but api is plural
+          resource_class_path =
+            case resource_type
+            # special cases: singleton, in admin, with x
+            when :self, :organization then resource_type
+            when :client_registration_token, :client_access_key then "admin/#{resource_type}s"
+            when :application then 'admin/apps_new'
+            when :dropbox then "#{resource_type}es"
+            when :kms_profile then "integrations/#{resource_type}s"
+            else "#{resource_type}s"
+            end
+          # build list of supported operations
+          singleton_object = %i[self organization].include?(resource_type)
+          global_operations =  %i[create list]
+          supported_operations = %i[show modify]
+          supported_operations.push(:delete, *global_operations) unless singleton_object
+          supported_operations.push(:do) if resource_type.eql?(:node)
+          supported_operations.push(:set_pub_key) if resource_type.eql?(:client)
+          command = options.get_next_command(supported_operations)
+          # require identifier for non global commands
+          if !singleton_object && !global_operations.include?(command)
+            res_id = get_resource_id_from_args(resource_class_path)
+            resource_instance_path = "#{resource_class_path}/#{res_id}"
+          end
+          resource_instance_path = resource_class_path if singleton_object
+          case command
+          when :create
+            id_result = 'id'
+            id_result = 'token' if resource_class_path.eql?('admin/client_registration_tokens')
+            # TODO: report inconsistency: creation url is !=, and does not return id.
+            resource_class_path = 'admin/client_registration/token' if resource_class_path.eql?('admin/client_registration_tokens')
+            return do_bulk_operation(command: command, descr: 'creation data', id_result: id_result) do |params|
+              aoc_api.create(resource_class_path, params)[:data]
+            end
+          when :list
+            default_fields = ['id']
+            default_query = {}
+            case resource_type
+            when :application
+              default_query = {organization_apps: true}
+              default_fields.push('app_type', 'app_name', 'available', 'direct_authorizations_allowed', 'workspace_authorizations_allowed')
+            when :client, :client_access_key, :dropbox, :group, :package, :saml_configuration, :workspace then default_fields.push('name')
+            when :client_registration_token then default_fields.push('value', 'data.client_subject_scopes', 'created_at')
+            when :contact then default_fields = %w[email name source_id source_type]
+            when :node then default_fields.push('name', 'host', 'access_key')
+            when :operation then default_fields = nil
+            when :short_link then default_fields.push('short_url', 'data.url_token_data.purpose')
+            when :user then default_fields.push('name', 'email')
+            when :group_membership then default_fields.push(*%w[group_id member_type member_id])
+            when :workspace_membership then default_fields.push(*%w[workspace_id member_type member_id])
+            end
+            return result_list(resource_class_path, fields: default_fields, default_query: default_query)
+          when :show
+            object = aoc_api.read(resource_instance_path)[:data]
+            # default: show all, but certificate
+            fields = object.keys.reject{|k|k.eql?('certificate')}
+            return { type: :single_object, data: object, fields: fields }
+          when :modify
+            changes = options.get_next_argument('properties', type: Hash)
+            return do_bulk_operation(command: command, descr: 'identifier', values: res_id) do |one_id|
+              aoc_api.update("#{resource_class_path}/#{one_id}", changes)
+              {'id' => one_id}
+            end
+          when :delete
+            return do_bulk_operation(command: command, descr: 'identifier', values: res_id) do |one_id|
+              aoc_api.delete("#{resource_class_path}/#{one_id}")
+              {'id' => one_id}
+            end
+          when :set_pub_key
+            # special : reads private and generate public
+            the_private_key = options.get_next_argument('private_key PEM value', type: String)
+            the_public_key = OpenSSL::PKey::RSA.new(the_private_key).public_key.to_s
+            aoc_api.update(resource_instance_path, {jwt_grant_enabled: true, public_key: the_public_key})
+            return Main.result_success
+          when :do
+            command_repo = options.get_next_command(NODE4_EXT_COMMANDS)
+            # init context
+            aoc_api.context(:files)
+            return execute_nodegen4_command(command_repo, res_id)
+          else Aspera.error_unexpected_value(command)
+          end
+        end
+
+        ADMIN_ACTIONS = %i[ats resource usage_reports analytics subscription auth_providers].concat(ADMIN_OBJECTS).freeze
 
         def execute_admin_action
           # upgrade scope to admin
           aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN
-          command_admin = options.get_next_command(%i[ats resource usage_reports analytics subscription auth_providers])
+          command_admin = options.get_next_command(ADMIN_ACTIONS)
           case command_admin
+          when :resource
+            Log.log.warn('resource command is deprecated (4.18), directly use the specific command instead')
+            return execute_resource_action(options.get_next_argument('resource', expected: ADMIN_OBJECTS))
+          when *ADMIN_OBJECTS
+            return execute_resource_action(command_admin)
           when :auth_providers
             command_auth_prov = options.get_next_command(%i[list update])
             case command_auth_prov
@@ -480,89 +573,6 @@ module Aspera
               end
               return {type: :object_list, data: events}
             end
-          when :resource
-            resource_type = options.get_next_argument('resource', expected: KNOWN_AOC_RES)
-            # get path on API, resource type is singular, but api is plural
-            resource_class_path =
-              case resource_type
-              # special cases: singleton, in admin, with x
-              when :self, :organization then resource_type
-              when :client_registration_token, :client_access_key then "admin/#{resource_type}s"
-              when :application then 'admin/apps_new'
-              when :dropbox then "#{resource_type}es"
-              when :kms_profile then "integrations/#{resource_type}s"
-              else "#{resource_type}s"
-              end
-            # build list of supported operations
-            singleton_object = %i[self organization].include?(resource_type)
-            global_operations =  %i[create list]
-            supported_operations = %i[show modify]
-            supported_operations.push(:delete, *global_operations) unless singleton_object
-            supported_operations.push(:do) if resource_type.eql?(:node)
-            supported_operations.push(:set_pub_key) if resource_type.eql?(:client)
-            command = options.get_next_command(supported_operations)
-            # require identifier for non global commands
-            if !singleton_object && !global_operations.include?(command)
-              res_id = get_resource_id_from_args(resource_class_path)
-              resource_instance_path = "#{resource_class_path}/#{res_id}"
-            end
-            resource_instance_path = resource_class_path if singleton_object
-            case command
-            when :create
-              id_result = 'id'
-              id_result = 'token' if resource_class_path.eql?('admin/client_registration_tokens')
-              # TODO: report inconsistency: creation url is !=, and does not return id.
-              resource_class_path = 'admin/client_registration/token' if resource_class_path.eql?('admin/client_registration_tokens')
-              return do_bulk_operation(command: command, descr: 'creation data', id_result: id_result) do |params|
-                aoc_api.create(resource_class_path, params)[:data]
-              end
-            when :list
-              default_fields = ['id']
-              default_query = {}
-              case resource_type
-              when :application
-                default_query = {organization_apps: true}
-                default_fields.push('app_type', 'app_name', 'available', 'direct_authorizations_allowed', 'workspace_authorizations_allowed')
-              when :client, :client_access_key, :dropbox, :group, :package, :saml_configuration, :workspace then default_fields.push('name')
-              when :client_registration_token then default_fields.push('value', 'data.client_subject_scopes', 'created_at')
-              when :contact then default_fields = %w[email name source_id source_type]
-              when :node then default_fields.push('name', 'host', 'access_key')
-              when :operation then default_fields = nil
-              when :short_link then default_fields.push('short_url', 'data.url_token_data.purpose')
-              when :user then default_fields.push('name', 'email')
-              when :group_membership then default_fields.push(*%w[group_id member_type member_id])
-              when :workspace_membership then default_fields.push(*%w[workspace_id member_type member_id])
-              end
-              return result_list(resource_class_path, fields: default_fields, default_query: default_query)
-            when :show
-              object = aoc_api.read(resource_instance_path)[:data]
-              # default: show all, but certificate
-              fields = object.keys.reject{|k|k.eql?('certificate')}
-              return { type: :single_object, data: object, fields: fields }
-            when :modify
-              changes = options.get_next_argument('properties', type: Hash)
-              return do_bulk_operation(command: command, descr: 'identifier', values: res_id) do |one_id|
-                aoc_api.update("#{resource_class_path}/#{one_id}", changes)
-                {'id' => one_id}
-              end
-            when :delete
-              return do_bulk_operation(command: command, descr: 'identifier', values: res_id) do |one_id|
-                aoc_api.delete("#{resource_class_path}/#{one_id}")
-                {'id' => one_id}
-              end
-            when :set_pub_key
-              # special : reads private and generate public
-              the_private_key = options.get_next_argument('private_key PEM value', type: String)
-              the_public_key = OpenSSL::PKey::RSA.new(the_private_key).public_key.to_s
-              aoc_api.update(resource_instance_path, {jwt_grant_enabled: true, public_key: the_public_key})
-              return Main.result_success
-            when :do
-              command_repo = options.get_next_command(NODE4_EXT_COMMANDS)
-              # init context
-              aoc_api.context(:files)
-              return execute_nodegen4_command(command_repo, res_id)
-            else Aspera.error_unexpected_value(command)
-            end
           when :usage_reports
             return result_list('usage_reports', base_query: {workspace_id: aoc_api.context(:files)[:workspace_id]})
           end
@@ -591,7 +601,7 @@ module Aspera
           when :servers
             return {type: :object_list, data: Rest.new(base_url: "#{Api::AoC.api_base_url}/#{Api::AoC::API_V1}").read('servers')[:data]}
           when :bearer_token
-            return {type: :text, data: aoc_api.oauth_token}
+            return {type: :text, data: aoc_api.oauth.token}
           when :organization
             return { type: :single_object, data: aoc_api.read('organization')[:data] }
           when :tier_restrictions
@@ -696,7 +706,7 @@ module Aspera
                 ids_to_download = all_ids.reject{|id|skip_ids_data.include?(id)}
               else
                 ids_to_download = [ids_to_download] unless ids_to_download.is_a?(Array)
-              end # ExtendedValue::ALL
+              end
               # list here
               result_transfer = []
               formatter.display_status("found #{ids_to_download.length} package(s).")
@@ -847,8 +857,8 @@ module Aspera
                   # TODO: event ?
                 end
                 return {type: :single_object, data: result_create_short_link}
-              end # short_link command
-            end # files command
+              end
+            end
             raise 'Error: shall not reach this line'
           when :automation
             Log.log.warn('BETA: work under progress')
@@ -891,7 +901,7 @@ module Aspera
             server.start
             return Main.result_status('Gateway terminated')
           else Aspera.error_unreachable_line
-          end # action
+          end
           Aspera.error_unreachable_line
         end
 

data/lib/aspera/cli/plugins/ats.rb

@@ -100,7 +100,7 @@ module Aspera
             return Main.result_status('modified')
           when :entitlement
             ak = ats_api_pub_v1.read("access_keys/#{access_key_id}")[:data]
-            api_bss = Api::AoC.metering_api(ak['license']['entitlement_id'], ak['license']['customer_id'])
+            api_bss = Api::Alee.new(ak['license']['entitlement_id'], ak['license']['customer_id'])
             return {type: :single_object, data: api_bss.read('entitlement')[:data]}
           when :delete
             ats_api_pub_v1.delete("access_keys/#{access_key_id}")

data/lib/aspera/cli/plugins/config.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-# cspell:ignore initdemo genkey pubkey asperasoft
+# cspell:ignore initdemo genkey pubkey asperasoft filelists
 require 'aspera/cli/basic_auth_plugin'
 require 'aspera/cli/extended_value'
 require 'aspera/cli/version'
@@ -25,6 +25,7 @@ require 'aspera/rest'
 require 'aspera/log'
 require 'aspera/assert'
 require 'aspera/oauth'
+require 'openssl'
 require 'open3'
 require 'date'
 require 'erb'
@@ -141,7 +142,7 @@ module Aspera
             Aspera.assert(!app_name.empty?)
             return File.join(module_family_folder, app_name)
           end
-        end # self
+        end
 
         def initialize(gem:, name:, help:, version:, **env)
           # we need to defer parsing of options until we have the config file, so we can use @extend with @preset
@@ -163,7 +164,6 @@ module Aspera
           @option_http_options = {}
           @ssl_warned_urls = []
           @option_cache_tokens = true
-          @proxy_credentials = nil
           @main_folder = nil
           @option_config_file = nil
           # store is used for ruby https
@@ -230,9 +230,10 @@ module Aspera
           options.declare(:silent_insecure, 'Issue a warning if certificate is ignored', values: :bool, handler: {o: self, m: :option_warn_insecure_cert}, default: :yes)
           options.declare(:cert_stores, 'List of folder with trusted certificates', types: [Array, String], handler: {o: self, m: :trusted_cert_locations})
           options.declare(:http_options, 'Options for HTTP/S socket', types: Hash, handler: {o: self, m: :option_http_options}, default: {})
+          options.declare(:http_proxy, 'URL for HTTP proxy with optional credentials', types: String, handler: {o: self, m: :option_http_proxy})
           options.declare(:cache_tokens, 'Save and reuse OAuth tokens', values: :bool, handler: {o: self, m: :option_cache_tokens})
           options.declare(:fpac, 'Proxy auto configuration script')
-          options.declare(:proxy_credentials, 'HTTP proxy credentials (user and password)', types: Array)
+          options.declare(:proxy_credentials, 'HTTP proxy credentials for fpac. Array: user,password', types: Array)
           options.parse_options!
           @progress_bar = TransferProgress.new if options.get_option(:progress_bar)
           # Check SDK folder is set or not, for compatibility, we check in two places
@@ -255,20 +256,21 @@ module Aspera
           end
           pac_script = options.get_option(:fpac)
           # create PAC executor
-          @pac_exec = ProxyAutoConfig.new(pac_script).register_uri_generic unless pac_script.nil?
-          proxy_user_pass = options.get_option(:proxy_credentials)
-          if !proxy_user_pass.nil?
-            Aspera.assert(proxy_user_pass.length.eql?(2), exception_class: Cli::BadArgument){"proxy_credentials shall have two elements (#{proxy_user_pass.length})"}
-            @proxy_credentials = {user: proxy_user_pass[0], pass: proxy_user_pass[1]}
-            @pac_exec.proxy_user = @proxy_credentials[:user]
-            @pac_exec.proxy_pass = @proxy_credentials[:pass]
+          if !pac_script.nil?
+            @pac_exec = ProxyAutoConfig.new(pac_script).register_uri_generic
+            proxy_user_pass = options.get_option(:proxy_credentials)
+            if !proxy_user_pass.nil?
+              Aspera.assert(proxy_user_pass.length.eql?(2), exception_class: Cli::BadArgument){"proxy_credentials shall have two elements (#{proxy_user_pass.length})"}
+              @pac_exec.proxy_user = proxy_user_pass[0]
+              @pac_exec.proxy_pass = proxy_user_pass[1]
+            end
           end
           Rest.set_parameters(
             user_agent:  PROGRAM_NAME,
             session_cb:  lambda{|http_session|update_http_session(http_session)},
             progress_bar: @progress_bar)
           OAuth::Factory.instance.persist_mgr = persistency if @option_cache_tokens
-          Transfer::Parameters.file_list_folder = File.join(@main_folder, 'filelists') # cspell: disable-line
+          Transfer::Parameters.file_list_folder = File.join(@main_folder, 'filelists')
           RestErrorAnalyzer.instance.log_file = File.join(@main_folder, 'rest_exceptions.log')
           # register aspera REST call error handlers
           RestErrorsAspera.register_handlers
@@ -330,6 +332,15 @@ module Aspera
           return locations
         end
 
+        def option_http_proxy
+          return ENV['http_proxy']
+        end
+
+        def option_http_proxy=(value)
+          URI.parse(value)
+          ENV['http_proxy'] = value
+        end
+
         def option_ignore_cert_host_port=(url_list)
           url_list.each do |url|
             uri = URI.parse(url)
@@ -365,10 +376,6 @@ module Aspera
           http_session.verify_mode = SELF_SIGNED_CERT if http_session.use_ssl? && ignore_cert?(http_session.address, http_session.port)
           http_session.cert_store = @certificate_store if @certificate_store
           Log.log.debug{"using cert store #{http_session.cert_store} (#{@certificate_store})"} unless http_session.cert_store.nil?
-          if @proxy_credentials
-            http_session.proxy_user = @proxy_credentials[:user]
-            http_session.proxy_pass = @proxy_credentials[:pass]
-          end
           @option_http_options.each do |k, v|
             method = "#{k}=".to_sym
             # check if accessor is a method of Net::HTTP
@@ -453,7 +460,7 @@ module Aspera
         def add_plugin_default_preset(plugin_name_sym)
           default_config_name = get_plugin_default_config_name(plugin_name_sym)
           Log.log.debug{"add_plugin_default_preset:#{plugin_name_sym}:#{default_config_name}"}
-          options.add_option_preset(preset_by_name(default_config_name), op: :unshift) unless default_config_name.nil?
+          options.add_option_preset(preset_by_name(default_config_name), 'default_plugin', override: false) unless default_config_name.nil?
           return nil
         end
 
@@ -539,12 +546,12 @@ module Aspera
 
         def option_preset=(value)
           case value
-          when String
-            options.add_option_preset(preset_by_name(value))
           when Hash
-            options.add_option_preset(value)
+            options.add_option_preset(value, 'set')
+          when String
+            options.add_option_preset(preset_by_name(value), 'set_by_name')
           else
-            raise 'Preset definition must be a String for name, or Hash for value'
+            raise 'Preset definition must be a String for preset name, or Hash for set of values'
           end
         end
 
@@ -613,18 +620,18 @@ module Aspera
           check_only = check_only.to_sym unless check_only.nil?
           found_apps = []
           my_self_plugin_sym = self.class.name.split('::').last.downcase.to_sym
-          PluginFactory.instance.plugins.each do |plugin_name_sym, plugin_info|
+          PluginFactory.instance.plugin_list.each do |plugin_name_sym|
             # no detection for internal plugin
             next if plugin_name_sym.eql?(my_self_plugin_sym)
             next if check_only && !check_only.eql?(plugin_name_sym)
             # load plugin class
-            require plugin_info[:require_stanza]
-            detect_plugin_class = PluginFactory.plugin_class(plugin_name_sym)
+            detect_plugin_class = PluginFactory.instance.plugin_class(plugin_name_sym)
             # requires detection method
             next unless detect_plugin_class.respond_to?(:detect)
             detection_info = nil
             begin
               Log.log.debug{"detecting #{plugin_name_sym} at #{app_url}"}
+              formatter.long_operation_running("#{plugin_name_sym}\r")
               detection_info = detect_plugin_class.detect(app_url)
             rescue OpenSSL::SSL::SSLError => e
               Log.log.warn(e.message)
@@ -639,7 +646,7 @@ module Aspera
             app_name = detect_plugin_class.respond_to?(:application_name) ? detect_plugin_class.application_name : detect_plugin_class.name.split('::').last
             # if there is a redirect, then the detector can override the url.
             found_apps.push({product: plugin_name_sym, name: app_name, url: app_url, version: 'unknown'}.merge(detection_info))
-          end # loop
+          end
           raise "No known application found at #{app_url}" if found_apps.empty?
           Aspera.assert(found_apps.all?{|a|a.keys.all?(Symbol)})
           return found_apps
@@ -726,7 +733,7 @@ module Aspera
           when :spec
             return {
               type:   :object_list,
-              data:   Transfer::Parameters.man_table,
+              data:   Transfer::Parameters.man_table(formatter),
               fields: [%w[name type], Transfer::Parameters::SUPPORTED_AGENTS_SHORT.map(&:to_s), %w[description]].flatten.freeze
             }
           when :errors
@@ -791,7 +798,7 @@ module Aspera
             return Main.result_status("Modified: #{@option_config_file}")
           when :update
             #  get unprocessed options
-            unprocessed_options = options.get_options_table
+            unprocessed_options = options.unprocessed_options_with_value
             Log.log.debug{"opts=#{unprocessed_options}"}
             @config_presets[name] ||= {}
             @config_presets[name].merge!(unprocessed_options)
@@ -853,6 +860,7 @@ module Aspera
           wizard
           detect
           coffee
+          image
           ascp
           email_test
           smtp_settings
@@ -908,14 +916,13 @@ module Aspera
             case options.get_next_command(%i[list create])
             when :list
               result = []
-              PluginFactory.instance.plugins.each do |name, info|
-                require info[:require_stanza]
-                plugin_klass = PluginFactory.plugin_class(name)
+              PluginFactory.instance.plugin_list.each do |name|
+                plugin_class = PluginFactory.instance.plugin_class(name)
                 result.push({
                   plugin: name,
-                  detect: Formatter.tick(plugin_klass.respond_to?(:detect)),
-                  wizard: Formatter.tick(plugin_klass.respond_to?(:wizard)),
-                  path:   info[:source]
+                  detect: Formatter.tick(plugin_class.respond_to?(:detect)),
+                  wizard: Formatter.tick(plugin_class.respond_to?(:wizard)),
+                  path:   PluginFactory.instance.plugin_source(name)
                 })
               end
               return {type: :object_list, data: result, fields: %w[plugin detect wizard path]}
@@ -950,11 +957,9 @@ module Aspera
             } if action.eql?(:detect)
             return wizard_find(apps)
           when :coffee
-            if OpenApplication.instance.url_method.eql?(:text)
-              return Main.result_picture_in_terminal(options, Rest.new(base_url: COFFEE_IMAGE).read('')[:http].body)
-            end
-            OpenApplication.instance.uri(COFFEE_IMAGE)
-            return Main.result_nothing
+            return Main.result_image(COFFEE_IMAGE, formatter: formatter)
+          when :image
+            return Main.result_image(options.get_next_argument('image uri or blob'), formatter: formatter)
           when :ascp
             execute_action_ascp
           when :gem
@@ -1019,17 +1024,17 @@ module Aspera
             apps.first
           else
             formatter.display_status('Multiple applications detected, please select from:')
-            formatter.display_results({type: :object_list, data: apps, fields: %w[product url version]})
+            formatter.display_results(type: :object_list, data: apps, fields: %w[product url version])
             answer = options.prompt_user_input_in_list('product', apps.map{|a|a[:product]})
             apps.find{|a|a[:product].eql?(answer)}
           end
-          wiz_url = identification[:url]
           Log.log.debug{Log.dump(:identification, identification)}
+          wiz_url = identification[:url]
           formatter.display_status("Using: #{identification[:name]} at #{wiz_url}".bold)
           # set url for instantiation of plugin
-          options.add_option_preset({url: wiz_url})
+          options.add_option_preset({url: wiz_url}, 'wizard')
           # instantiate plugin: command line options will be known and wizard can be called
-          wiz_plugin_class = PluginFactory.plugin_class(identification[:product])
+          wiz_plugin_class = PluginFactory.instance.plugin_class(identification[:product])
           Aspera.assert(wiz_plugin_class.respond_to?(:wizard), exception_class: Cli::BadArgument) do
             "Detected: #{identification[:product]}, but this application has no wizard"
           end
@@ -1198,7 +1203,7 @@ module Aspera
             return default_config_name
           end
           return nil
-        end # get_plugin_default_config_name
+        end
 
         # TODO: delete: ALLOWED_KEYS = %i[password username description].freeze
         # @return [Hash] result of execution of vault command
@@ -1208,7 +1213,7 @@ module Aspera
           when :info
             return {type: :single_object, data: vault_info}
           when :list
-            return {type: :object_list, data: vault.list}
+            return {type: :object_list, data: vault.list, fields: %w(label url username password description)}
           when :show
             return {type: :single_object, data: vault.get(label: options.get_next_argument('label'))}
           when :create
@@ -1219,8 +1224,9 @@ module Aspera
             vault.set(info)
             return Main.result_status('Password added')
           when :delete
-            vault.delete(label: options.get_next_argument('label'))
-            return Main.result_status('Password deleted')
+            label_to_delete = options.get_next_argument('label')
+            vault.delete(label: label_to_delete)
+            return Main.result_status("Entry deleted: #{label_to_delete}")
           when :password
             Aspera.assert(vault.respond_to?(:password=)){'Vault does not support password change'}
             new_password = options.get_next_argument('new_password')