RubyGems - aspera-cli - Versions diffs - 4.23.0 → 4.24.1 - Mend

aspera-cli 4.23.0 → 4.24.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (110) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +37 -1
data/CONTRIBUTING.md +86 -29
data/README.md +2109 -1300
data/bin/ascli +2 -1
data/bin/asession +4 -4
data/lib/aspera/agent/base.rb +4 -0
data/lib/aspera/agent/connect.rb +20 -18
data/lib/aspera/agent/desktop.rb +14 -11
data/lib/aspera/agent/direct.rb +39 -31
data/lib/aspera/agent/httpgw.rb +2 -2
data/lib/aspera/agent/node.rb +9 -11
data/lib/aspera/agent/transferd.rb +18 -11
data/lib/aspera/api/aoc.rb +44 -31
data/lib/aspera/api/cos_node.rb +7 -5
data/lib/aspera/api/httpgw.rb +15 -18
data/lib/aspera/api/node.rb +104 -22
data/lib/aspera/ascmd.rb +22 -16
data/lib/aspera/ascp/installation.rb +37 -40
data/lib/aspera/ascp/management.rb +5 -4
data/lib/aspera/assert.rb +54 -23
data/lib/aspera/cli/basic_auth_plugin.rb +8 -7
data/lib/aspera/cli/error.rb +1 -1
data/lib/aspera/cli/extended_value.rb +28 -29
data/lib/aspera/cli/formatter.rb +191 -168
data/lib/aspera/cli/hints.rb +29 -3
data/lib/aspera/cli/main.rb +138 -107
data/lib/aspera/cli/manager.rb +50 -30
data/lib/aspera/cli/plugin.rb +148 -77
data/lib/aspera/cli/plugin_factory.rb +2 -2
data/lib/aspera/cli/plugins/aoc.rb +189 -70
data/lib/aspera/cli/plugins/ats.rb +15 -13
data/lib/aspera/cli/plugins/config.rb +100 -214
data/lib/aspera/cli/plugins/console.rb +49 -18
data/lib/aspera/cli/plugins/cos.rb +4 -4
data/lib/aspera/cli/plugins/faspex.rb +45 -51
data/lib/aspera/cli/plugins/faspex5.rb +164 -165
data/lib/aspera/cli/plugins/faspio.rb +6 -5
data/lib/aspera/cli/plugins/httpgw.rb +2 -2
data/lib/aspera/cli/plugins/node.rb +144 -162
data/lib/aspera/cli/plugins/orchestrator.rb +10 -14
data/lib/aspera/cli/plugins/preview.rb +26 -29
data/lib/aspera/cli/plugins/server.rb +28 -28
data/lib/aspera/cli/plugins/shares.rb +40 -28
data/lib/aspera/cli/sync_actions.rb +101 -80
data/lib/aspera/cli/transfer_agent.rb +51 -50
data/lib/aspera/cli/transfer_progress.rb +29 -20
data/lib/aspera/cli/version.rb +1 -1
data/lib/aspera/cli/wizard.rb +157 -0
data/lib/aspera/colors.rb +13 -8
data/lib/aspera/command_line_builder.rb +28 -22
data/lib/aspera/command_line_converter.rb +31 -0
data/lib/aspera/environment.rb +145 -101
data/lib/aspera/faspex_gw.rb +1 -1
data/lib/aspera/faspex_postproc.rb +3 -2
data/lib/aspera/hash_ext.rb +1 -1
data/lib/aspera/id_generator.rb +10 -10
data/lib/aspera/keychain/base.rb +18 -0
data/lib/aspera/keychain/encrypted_hash.rb +6 -12
data/lib/aspera/keychain/factory.rb +9 -3
data/lib/aspera/keychain/hashicorp_vault.rb +9 -6
data/lib/aspera/keychain/macos_security.rb +13 -13
data/lib/aspera/log.rb +91 -19
data/lib/aspera/nagios.rb +5 -6
data/lib/aspera/node_simulator.rb +12 -7
data/lib/aspera/oauth/base.rb +5 -3
data/lib/aspera/oauth/factory.rb +24 -18
data/lib/aspera/oauth/jwt.rb +13 -1
data/lib/aspera/oauth/url_json.rb +3 -3
data/lib/aspera/oauth/web.rb +5 -3
data/lib/aspera/persistency_folder.rb +2 -2
data/lib/aspera/preview/file_types.rb +4 -3
data/lib/aspera/preview/generator.rb +25 -12
data/lib/aspera/preview/terminal.rb +10 -7
data/lib/aspera/preview/utils.rb +11 -9
data/lib/aspera/products/connect.rb +1 -1
data/lib/aspera/products/desktop.rb +1 -1
data/lib/aspera/products/other.rb +2 -2
data/lib/aspera/products/transferd.rb +8 -6
data/lib/aspera/proxy_auto_config.rb +1 -1
data/lib/aspera/rest.rb +29 -22
data/lib/aspera/rest_call_error.rb +1 -1
data/lib/aspera/resumer.rb +1 -1
data/lib/aspera/secret_hider.rb +46 -40
data/lib/aspera/ssh.rb +13 -3
data/lib/aspera/sync/args.schema.yaml +102 -0
data/lib/aspera/sync/conf.schema.yaml +701 -0
data/lib/aspera/sync/database.rb +83 -0
data/lib/aspera/sync/operations.rb +296 -0
data/lib/aspera/temp_file_manager.rb +3 -2
data/lib/aspera/transfer/error.rb +1 -1
data/lib/aspera/transfer/error_info.rb +1 -2
data/lib/aspera/transfer/faux_file.rb +11 -10
data/lib/aspera/transfer/parameters.rb +6 -5
data/lib/aspera/transfer/spec.rb +15 -1
data/lib/aspera/transfer/spec.schema.yaml +316 -293
data/lib/aspera/transfer/spec_doc.rb +34 -16
data/lib/aspera/transfer/uri.rb +5 -5
data/lib/aspera/uri_reader.rb +14 -10
data/lib/aspera/web_auth.rb +2 -2
data/lib/aspera/web_server_simple.rb +2 -2
data.tar.gz.sig +0 -0
metadata +15 -13
metadata.gz.sig +0 -0
data/lib/aspera/transfer/async_conf.schema.yaml +0 -716
data/lib/aspera/transfer/convert.rb +0 -29
data/lib/aspera/transfer/sync.rb +0 -232
data/lib/aspera/transfer/sync_instance.schema.yaml +0 -20
data/lib/aspera/transfer/sync_session.schema.yaml +0 -86

data/lib/aspera/api/aoc.rb CHANGED Viewed

@@ -61,7 +61,7 @@ module Aspera
       # class static methods
       class << self
         # strings /Applications/Aspera\ Drive.app/Contents/MacOS/AsperaDrive|grep -E '.{100}==$'|base64 --decode
-        def get_client_info(client_name=nil)
+        def get_client_info(client_name = nil)
           client_key = client_name.nil? ? GLOBAL_CLIENT_APPS.first : client_name.to_sym
           return client_key, DataRepository.instance.item(client_key)
         end
@@ -82,23 +82,25 @@ module Aspera
         end
         def saas_url?(url)
-          url.include?(SAAS_DOMAIN_PROD)
+          URI.parse(url).host&.end_with?(".#{SAAS_DOMAIN_PROD}")
+        rescue URI::InvalidURIError
+          false
         end
         # @param url [String] URL of AoC public link
         # @return [Hash] information about public link, or nil if not a public link
         def link_info(url)
           final_uri = Rest.new(base_url: url, redirect_max: MAX_AOC_URL_REDIRECT).call(operation: 'GET')[:http].uri
-          Log.log.trace1{Log.dump(:final_uri, final_uri)}
+          Log.dump(:final_uri, final_uri, level: :trace1)
           org_domain = split_org_domain(final_uri)
           if (m = final_uri.path.match(%r{/oauth2/([^/]+)/login$}))
             org_domain[:organization] = m[1] if org_domain[:organization].nil?
           else
             Log.log.debug{"path=#{final_uri.path} does not end with /login"}
           end
-          raise 'AoC shall redirect to login page with a query' if final_uri.query.nil?
+          raise Error, 'AoC shall redirect to login page with a query' if final_uri.query.nil?
           query = Rest.query_to_h(final_uri.query)
-          Log.log.trace1{Log.dump(:query, query)}
+          Log.dump(:query, query, level: :trace1)
           # is that a public link ?
           if query.key?('token')
             Log.log.warn{"Unknown pub link path: #{final_uri.path}"} unless PUBLIC_LINK_PATHS.include?(final_uri.path)
@@ -109,7 +111,7 @@ module Aspera
               token:           query['token']
             }
           end
-          if query['state']
+          if query.key?('state')
             # can be a private link
             state_uri = URI.parse(query['state'])
             if state_uri.query && query['redirect_uri']
@@ -132,7 +134,7 @@ module Aspera
               end
             end
           end
-          Log.log.debug{Log.dump(:org_domain, org_domain)}
+          Log.dump(:org_domain, org_domain)
           return {
             instance_domain: org_domain[:domain],
             organization:    org_domain[:organization]
@@ -166,7 +168,7 @@ module Aspera
         }
         # analyze type of url
         url_info = AoC.link_info(url)
-        Log.log.debug{Log.dump(:url_info, url_info)}
+        Log.dump(:url_info, url_info)
         @private_link = url_info[:private_link]
         auth_params[:grant_method] = if url_info.key?(:token)
           :url_json
@@ -212,7 +214,7 @@ module Aspera
       end
       def public_link
-        return nil unless auth_params[:grant_method].eql?(:url_json)
+        return unless auth_params[:grant_method].eql?(:url_json)
         return @cache_url_token_info unless @cache_url_token_info.nil?
         # TODO: can there be several in list ?
         @cache_url_token_info = read('url_tokens').first
@@ -245,12 +247,12 @@ module Aspera
       end
       def workspace
-        raise 'internal error: AoC workspace context is not set' if @workspace_info.nil?
+        Aspera.assert(!@workspace_info.nil?){'AoC workspace context is not set'}
         @workspace_info
       end
       def home
-        raise 'internal error: AoC home context is not set' if @home_info.nil?
+        Aspera.assert(!@home_info.nil?){'AoC home context is not set'}
         @home_info
       end
@@ -294,8 +296,8 @@ module Aspera
               name: ws_info['name']
             }
           end
-        Log.log.debug{Log.dump(:context, @workspace_info)}
-        return nil unless application.eql?(:files)
+        Log.dump(:context, @workspace_info)
+        return unless application.eql?(:files)
         @home_info =
           if !public_link.nil?
             assert_public_link_types(['view_shared_file'])
@@ -322,7 +324,7 @@ module Aspera
             }
           end
         raise "Cannot get user's home node id, check your default workspace or specify one" if @home_info[:node_id].to_s.empty?
-        Log.log.debug{Log.dump(:context, @home_info)}
+        Log.dump(:context, @home_info)
       end
       # @param node_id [String] identifier of node in AoC
@@ -334,9 +336,7 @@ module Aspera
       def node_api_from(node_id:, workspace_id: nil, workspace_name: nil, scope: Node::SCOPE_USER, package_info: nil)
         Aspera.assert_type(node_id, String)
         node_info = read("nodes/#{node_id}")
-        if workspace_name.nil? && !workspace_id.nil?
-          workspace_name = read("workspaces/#{workspace_id}")['name']
-        end
+        workspace_name = read("workspaces/#{workspace_id}")['name'] if workspace_name.nil? && !workspace_id.nil?
         app_info = {
           api:            self, # for callback
           app:            package_info.nil? ? FILES_APP : PACKAGES_APP,
@@ -345,7 +345,7 @@ module Aspera
           workspace_name: workspace_name
         }
         if PACKAGES_APP.eql?(app_info[:app])
-          raise 'package info required' if package_info.nil?
+          Aspera.assert(!package_info.nil?){'package info required'}
           app_info[:package_id] = package_info['id']
           app_info[:package_name] = package_info['name']
         end
@@ -383,7 +383,7 @@ module Aspera
         Aspera.assert(pkg_data.key?('metadata')){"package requires metadata: #{meta_schema}"}
         pkg_meta = pkg_data['metadata']
         Aspera.assert_type(pkg_meta, Array){'metadata'}
-        Log.log.debug{Log.dump(:metadata, pkg_meta)}
+        Log.dump(:metadata, pkg_meta)
         pkg_meta.each do |field|
           Aspera.assert_type(field, Hash){'metadata field'}
           Aspera.assert(field.key?('name')){'metadata field must have name'}
@@ -443,7 +443,7 @@ module Aspera
         end
         # replace with resolved elements
         package_data[recipient_list_field] = resolved_list
-        return nil
+        return
       end
       # CLI allows simplified format for metadata: transform if necessary for API
@@ -461,7 +461,7 @@ module Aspera
           pkg_data['metadata'] = api_meta
         else Aspera.error_unexpected_value(pkg_meta.class)
         end
-        return nil
+        return
       end
       # create a package
@@ -480,18 +480,24 @@ module Aspera
         validate_metadata(package_data) if validate_meta
+        # tell AoC what to expect in package: 1 transfer (can also be done after transfer)
+        # TODO: if multi session was used we should probably tell
+        # also, currently no "multi-source" , i.e. only from client-side files, unless "node" agent is used
+        # `single_source` is required to allow web UI to ask for CSEAR password on download, see API doc
+        package_data.merge!({
+          'single_source'      => true,
+          'sent'               => true,
+          'transfers_expected' => 1
+        })
         #  create a new package container
         created_package = create('packages', package_data)
         package_node_api = node_api_from(
           node_id: created_package['node_id'],
           workspace_id: created_package['workspace_id'],
-          package_info: created_package)
-        # tell AoC what to expect in package: 1 transfer (can also be done after transfer)
-        # TODO: if multi session was used we should probably tell
-        # also, currently no "multi-source" , i.e. only from client-side files, unless "node" agent is used
-        update("packages/#{created_package['id']}", {'sent' => true, 'transfers_expected' => 1})
+          package_info: created_package
+        )
         return {
           spec: package_node_api.transfer_spec_gen4(created_package['contents_file_id'], Transfer::Spec::DIRECTION_SEND),
@@ -510,8 +516,10 @@ module Aspera
         transfer_spec.deep_merge!({
           'tags' => {
             Transfer::Spec::TAG_RESERVED => {
+              'app'      => app_info[:app],
               'usage_id' => "aspera.files.workspace.#{app_info[:workspace_id]}", # activity tracking
               'files'    => {
+                'node_id'               => app_info[:node_info]['id'],
                 'files_transfer_action' => "#{transfer_type}_#{app_info[:app].gsub(/s$/, '')}",
                 'workspace_name'        => app_info[:workspace_name], # activity tracking
                 'workspace_id'          => app_info[:workspace_id]
@@ -530,8 +538,15 @@ module Aspera
         case app_info[:app]
         when FILES_APP
           file_id = transfer_spec['tags'][Transfer::Spec::TAG_RESERVED]['node']['file_id']
-          transfer_spec.deep_merge!({'tags' => {Transfer::Spec::TAG_RESERVED => {'files' => {'parentCwd' => "#{app_info[:node_info]['id']}:#{file_id}"}}}}) \
-            unless transfer_spec.key?('remote_access_key')
+          transfer_spec.deep_merge!({
+            'tags' => {
+              Transfer::Spec::TAG_RESERVED => {
+                'files' => {
+                  'parentCwd' => "#{app_info[:node_info]['id']}:#{file_id}"
+                }
+              }
+            }
+          }) unless transfer_spec.key?('remote_access_key')
         when PACKAGES_APP
           transfer_spec.deep_merge!({
             'tags' => {
@@ -545,8 +560,6 @@ module Aspera
             }
           })
         end
-        transfer_spec['tags'][Transfer::Spec::TAG_RESERVED]['files']['node_id'] = app_info[:node_info]['id']
-        transfer_spec['tags'][Transfer::Spec::TAG_RESERVED]['app'] = app_info[:app]
       end
       # Callback from Plugins::Node

data/lib/aspera/api/cos_node.rb CHANGED Viewed

@@ -14,13 +14,13 @@ module Aspera
         def parameters_from_svc_credentials(service_credentials, bucket_region)
           # check necessary contents
           Aspera.assert_type(service_credentials, Hash){'service_credentials'}
-          Aspera::Log.dump('service_credentials', service_credentials)
+          Log.dump(:service_credentials, service_credentials)
           %w[apikey resource_instance_id endpoints].each do |field|
             Aspera.assert(service_credentials.key?(field)){"service_credentials must have a field: #{field}"}
           end
           # read endpoints from service provided in service credentials
           endpoints = Aspera::Rest.new(base_url: service_credentials['endpoints']).read('')
-          Aspera::Log.dump('endpoints', endpoints)
+          Log.dump(:endpoints, endpoints)
           endpoint = endpoints.dig('service-endpoints', 'regional', bucket_region, 'public', bucket_region)
           raise "no such region: #{bucket_region}" if endpoint.nil?
           return {
@@ -48,7 +48,8 @@ module Aspera
             grant_type:    'urn:ibm:params:oauth:grant-type:apikey',
             response_type: 'cloud_iam',
             apikey:        @api_key
-          })
+          }
+        )
         # read FASP connection information for bucket
         xml_result_text = s3_api.call(
           operation: 'GET',
@@ -57,7 +58,7 @@ module Aspera
           query:     {'faspConnectionInfo' => nil}
         )[:http].body
         ats_info = XmlSimple.xml_in(xml_result_text, {'ForceArray' => false})
-        Aspera::Log.dump('ats_info', ats_info)
+        Log.dump(:ats_info, ats_info)
         @storage_credentials = {
           'type'  => 'token',
           'token' => {TOKEN_FIELD => nil}
@@ -67,7 +68,8 @@ module Aspera
           auth:     {
             type:     :basic,
             username: ats_info['AccessKey']['Id'],
-            password: ats_info['AccessKey']['Secret']},
+            password: ats_info['AccessKey']['Secret']
+          },
           add_tspec: {'tags'=>{Transfer::Spec::TAG_RESERVED=>{'node'=>{'storage_credentials'=>@storage_credentials}}}}
           )
         # update storage_credentials AND Rest params

data/lib/aspera/api/httpgw.rb CHANGED Viewed

@@ -67,9 +67,7 @@ module Aspera
                 @shared_info[:read_exception].nil? &&
                 (((@shared_info[:count][:sent_general] - @shared_info[:count][:received_general]) > 1) ||
                   ((@shared_info[:count][:received_v2_delimiter] - @shared_info[:count][:sent_v2_delimiter]) > 1))
-              if !@shared_info[:cond_var].wait(@shared_info[:mutex], 2.0)
-                Log.log.trace1{"#{LOG_WS_SEND}#{'timeout'.blue}: #{@shared_info[:count]}"}
-              end
+              Log.log.trace1{"#{LOG_WS_SEND}#{'timeout'.blue}: #{@shared_info[:count]}"} if !@shared_info[:cond_var].wait(@shared_info[:mutex], 2.0)
             end
           end
         end
@@ -110,7 +108,7 @@ module Aspera
         Log.log.debug{"#{LOG_WS_RECV}read thread started"}
         frame_parser = ::WebSocket::Frame::Incoming::Client.new(version: @ws_handshake.version)
         until @ws_io.eof?
-          begin # rubocop:disable Style/RedundantBegin
+          begin
             # ready byte by byte until frame is ready
             # blocking read
             byte = @ws_io.read(1)
@@ -138,16 +136,16 @@ module Aspera
       def upload(transfer_spec)
         # identify this session uniquely
         session_id = SecureRandom.uuid
-        @notify_cb&.call(:pre_start, session_id: nil, info: 'starting')
+        @notify_cb&.call(:sessions_init, info: 'starting')
         # process files to send, modify `paths` in transfer_spec
         files_to_send = process_upload_list(transfer_spec)
         # total size of all files is last element
         total_bytes_to_transfer = files_to_send.pop
-        Log.log.trace1{Log.dump(:modified_tspec, transfer_spec)}
-        Log.log.trace1{Log.dump(:files_to_send, files_to_send)}
+        Log.dump(:modified_tspec, transfer_spec, level: :trace1)
+        Log.dump(:files_to_send, files_to_send, level: :trace1)
         # TODO: check that this is available in endpoints: @api_info['endpoints']
         upload_url = File.join(@gw_root_url, @upload_version, 'upload')
-        @notify_cb&.call(:pre_start, session_id: nil, info: 'connecting wss')
+        @notify_cb&.call(:sessions_init, info: 'connecting wss')
         # open web socket to end point (equivalent to Net::HTTP.start)
         http_session = Rest.start_http_session(upload_url)
         # get the underlying socket i/o
@@ -233,7 +231,8 @@ module Aspera
         end
         # throttling may have skipped last one
         @notify_cb&.call(:transfer, session_id: session_id, info: session_sent_bytes)
-        @notify_cb&.call(:end, session_id: session_id)
+        @notify_cb&.call(:session_end, session_id: session_id)
+        @notify_cb&.call(:end)
         ws_send(ws_type: :close, data: nil)
         Log.log.debug("Finished upload, waiting for end of #{THR_RECV} thread.")
         @ws_read_thread.join
@@ -254,9 +253,7 @@ module Aspera
           # by default it is the name of first file
           download_name = File.basename(default_file_name, '.*')
           # add indication of number of files if there is more than one
-          if transfer_spec['paths'].length > 1
-            download_name += " #{transfer_spec['paths'].length} Files"
-          end
+          download_name += " #{transfer_spec['paths'].length} Files" if transfer_spec['paths'].length > 1
           transfer_spec['download_name'] = download_name
         end
         # start transfer session on httpgw
@@ -265,7 +262,7 @@ module Aspera
         file_name =
           if transfer_spec['zip_required'] || transfer_spec['paths'].length > 1
             # it is a zip file if zip is required or there is more than 1 file
-            transfer_spec['download_name'] + '.zip'
+            "#{transfer_spec['download_name']}.zip"
           else
             # it is a plain file if we don't require zip and there is only one file
             File.basename(default_file_name)
@@ -292,13 +289,13 @@ module Aspera
         notify_cb:         nil,
         **opts
       )
-        Log.log.debug{Log.dump(:gw_url, url)}
+        Log.dump(:gw_url, url)
         # add scheme if missing
         url = "https://#{url}" unless url.match?(%r{^[a-z]{1,6}://})
-        raise 'GW URL shall be with scheme https' unless url.start_with?('https://')
+        raise Error, 'GW URL shall be with scheme https' unless url.start_with?('https://')
         # remove trailing slash and version (o=only once) if present
         # TODO: issue warning ?
-        url = url.gsub(%r{/+$}, '').gsub(%r{/#{API_V1}$}o, '')
+        url = url.chomp('/').gsub(%r{/#{API_V1}$}o, '')
         # assume GW is always under specific path (TODO: remove this ?)
         url = File.join(url, DEFAULT_BASE_PATH) unless url.end_with?(DEFAULT_BASE_PATH)
         @gw_root_url = url
@@ -309,7 +306,7 @@ module Aspera
         @notify_cb = notify_cb
         # get API info
         @api_info = read('info').freeze
-        Log.log.debug{Log.dump(:api_info, @api_info)}
+        Log.dump(:api_info, @api_info)
         # web socket endpoint: by default use v2 (newer gateways), without base64 encoding
         # is the latest supported? else revert to old api
         if !@upload_version.eql?(API_V1)
@@ -332,7 +329,7 @@ module Aspera
       # @return [Array] info on files to send
       def process_upload_list(transfer_spec)
         total_bytes_to_transfer = 0
-        source_prefix = transfer_spec.key?('source_root') && !transfer_spec['source_root'].empty? ? transfer_spec['source_root'] + '/' : ''
+        source_prefix = transfer_spec.key?('source_root') && !transfer_spec['source_root'].empty? ? "#{transfer_spec['source_root']}/" : ''
         files_to_send = []
         transfer_spec['paths'].each do |one_path|
           source_path = source_prefix + one_path['source']

data/lib/aspera/api/node.rb CHANGED Viewed

@@ -9,6 +9,9 @@ require 'aspera/assert'
 require 'aspera/environment'
 require 'zlib'
 require 'base64'
+require 'openssl'
+require 'pathname'
+require 'net/ssh/buffer'
 module Aspera
   module Api
@@ -35,6 +38,7 @@ module Aspera
       HEADER_X_NEXT_ITER_TOKEN = 'X-Aspera-Next-Iteration-Token'
       SCOPE_USER = 'user:all'
       SCOPE_ADMIN = 'admin:all'
+      # / in cloud
       PATH_SEPARATOR = '/'
       # register node special token decoder
@@ -49,6 +53,35 @@ module Aspera
         attr_accessor :use_standard_ports
         # set to false to bypass cache in redis
         attr_accessor :use_node_cache
+        attr_reader :use_dynamic_key
+        # set private key to be used
+        # @param pem_content [String] PEM encoded private key
+        def use_dynamic_key=(pem_content)
+          Aspera.assert_type(pem_content, String)
+          @dynamic_key = OpenSSL::PKey.read(pem_content)
+        end
+        # Adds fields `public_keys` in provided Hash, if dynamic key is set.
+        # @param h [Hash] Hash to add public key to
+        def add_public_key(h)
+          if @dynamic_key
+            ssh_key = Net::SSH::Buffer.from(:key, @dynamic_key)
+            # get pub key in OpenSSH public key format (authorized_keys)
+            h['public_keys'] = [
+              ssh_key.read_string,
+              Base64.strict_encode64(ssh_key.to_s)
+            ].join(' ')
+          end
+          return h
+        end
+        # Adds fields `ssh_private_key` in provided Hash, if dynamic key is set.
+        # @param h [Hash] Hash to add private key to
+        def add_private_key(h)
+          h['ssh_private_key'] = @dynamic_key.to_pem if @dynamic_key
+          return h
+        end
         # For access keys: provide expression to match entry in folder
         # @param match_expression one of supported types
@@ -60,7 +93,7 @@ module Aspera
           when String
             return ->(f){File.fnmatch(match_expression, f['name'], File::FNM_DOTMATCH)}
           when NilClass then return ->(_){true}
-          else Aspera.error_unexpected_value(match_expression.class.name, exception_class: Cli::BadArgument)
+          else Aspera.error_unexpected_value(match_expression.class.name, type: Cli::BadArgument)
           end
         end
@@ -68,6 +101,13 @@ module Aspera
           return file_matcher(options.get_next_argument('filter', validation: MATCH_TYPES, mandatory: false))
         end
+        # @return [Array] containing folder + inside folder/file
+        def split_folder(path)
+          folder = path.split(PATH_SEPARATOR)
+          inside = folder.pop
+          [folder.join(PATH_SEPARATOR), inside]
+        end
         # node API scopes
         def token_scope(access_key, scope)
           return [SCOPE_NODE_PREFIX, access_key, SCOPE_SEPARATOR, scope].join('')
@@ -115,7 +155,7 @@ module Aspera
         def bearer_headers(bearer_auth, access_key: nil)
           # if username is not provided, use the access key from the token
           if access_key.nil?
-            access_key = Node.decode_scope(Node.decode_bearer_token(OAuth::Factory.bearer_extract(bearer_auth))['scope'])[:access_key]
+            access_key = Node.decode_scope(Node.decode_bearer_token(OAuth::Factory.bearer_token(bearer_auth))['scope'])[:access_key]
             Aspera.assert(!access_key.nil?)
           end
           return {
@@ -135,6 +175,7 @@ module Aspera
       def initialize(app_info: nil, add_tspec: nil, **rest_args)
         # init Rest
         super(**rest_args)
+        @dynamic_key = nil
         @app_info = app_info
         # this is added to transfer spec, for instance to add tags (COS)
         @add_tspec = add_tspec
@@ -150,14 +191,15 @@ module Aspera
       end
       # Call node API, possibly adding cache control header, as globally specified
-      def read_with_cache(subpath, query=nil)
+      def read_with_cache(subpath, query = nil)
         headers = {'Accept' => Rest::MIME_JSON}
         headers[HEADER_X_CACHE_CONTROL] = 'no-cache' unless self.class.use_node_cache
         return call(
           operation: 'GET',
           subpath:   subpath,
           headers:   headers,
-          query:     query)[:data]
+          query:     query
+        )[:data]
       end
       # update transfer spec with special additional tags
@@ -173,10 +215,11 @@ module Aspera
           return @app_info[:api].node_api_from(
             node_id: node_id,
             workspace_id: @app_info[:workspace_id],
-            workspace_name: @app_info[:workspace_name])
+            workspace_name: @app_info[:workspace_name]
+          )
         end
         Log.log.warn{"Cannot resolve link with node id #{node_id}, no resolver"}
-        return nil
+        return
       end
       # Check if a link entry in folder has target information
@@ -201,12 +244,12 @@ module Aspera
       # @param state [Object] state object sent to processing method
       # @param top_file_id [String] file id to start at (default = access key root file id)
       # @param top_file_path [String] path of top folder (default = /)
-      def process_folder_tree(method_sym:, state:, top_file_id:, top_file_path: '/', query: nil)
+      def process_folder_tree(method_sym:, state:, top_file_id:, top_file_path: '/')
         Aspera.assert(!top_file_path.nil?){'top_file_path not set'}
         Log.log.debug{"process_folder_tree: node=#{@app_info ? @app_info[:node_info]['id'] : 'nil'}, file id=#{top_file_id},  path=#{top_file_path}"}
         # start at top folder
         folders_to_explore = [{id: top_file_id, path: top_file_path}]
-        Log.log.debug{Log.dump(:folders_to_explore, folders_to_explore)}
+        Log.dump(:folders_to_explore, folders_to_explore)
         until folders_to_explore.empty?
           # consume first in job list
           current_item = folders_to_explore.shift
@@ -220,12 +263,10 @@ module Aspera
               Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
               []
             end
-          Log.log.debug{Log.dump(:folder_contents, folder_contents)}
+          Log.dump(:folder_contents, folder_contents)
           folder_contents.each do |entry|
             if entry.key?('error')
-              if entry['error'].is_a?(Hash) && entry['error'].key?('user_message')
-                Log.log.error(entry['error']['user_message'])
-              end
+              Log.log.error(entry['error']['user_message']) if entry['error'].is_a?(Hash) && entry['error'].key?('user_message')
               next
             end
             current_path = File.join(current_item[:path], entry['name'])
@@ -242,7 +283,8 @@ module Aspera
                   method_sym:    method_sym,
                   state:         state,
                   top_file_id:   entry['target_id'],
-                  top_file_path: current_path)
+                  top_file_path: current_path
+                )
               end
             end
           end
@@ -255,7 +297,7 @@ module Aspera
       # @param path [String] file or folder path (end with "/" is like setting process_last_link)
       # @param process_last_link [Boolean] if true, follow the last link
       # @return [Hash] {.api,.file_id}
-      def resolve_api_fid(top_file_id, path, process_last_link=false)
+      def resolve_api_fid(top_file_id, path, process_last_link = false)
         Aspera.assert_type(top_file_id, String)
         Aspera.assert_type(path, String)
         process_last_link ||= path.end_with?(PATH_SEPARATOR)
@@ -268,6 +310,50 @@ module Aspera
         return resolve_state[:result]
       end
+      # Given a list of paths, finds a common root and list of sub-paths
+      # @param top_file_id [String] Root file id
+      # @param paths [Array(Hash)] List of paths
+      # @return [Array] size=2: apfid, paths (Array(Hash))
+      def resolve_api_fid_paths(top_file_id, paths)
+        Aspera.assert_type(paths, Array)
+        Aspera.assert(paths.size.positive?)
+        split_sources = paths.map{ |p| Pathname(p['source']).each_filename.to_a}
+        root = []
+        split_sources.map(&:size).min.times do |i|
+          parts = split_sources.map{ |s| s[i]}
+          break unless parts.uniq.size == 1
+          root << parts.first
+        end
+        source_folder = File.join(root)
+        source_paths = paths.each_with_index.map do |p, i|
+          m = {'source' => File.join(split_sources[i][root.size..])}
+          m['destination'] = p['destination'] if p.key?('destination')
+          m
+        end
+        apifid = resolve_api_fid(top_file_id, source_folder, true)
+        # If a single item
+        if source_paths.size.eql?(1)
+          # Get precise info in this element
+          file_info = apifid[:api].read("files/#{apifid[:file_id]}")
+          source_paths =
+            case file_info['type']
+            when 'file'
+              # if the single source is a file, we need to split into folder path and filename
+              src_dir_elements = source_folder.split(Api::Node::PATH_SEPARATOR)
+              filename = src_dir_elements.pop
+              apifid = resolve_api_fid(top_file_id, src_dir_elements.join(Api::Node::PATH_SEPARATOR), true)
+              # filename is the last one, source folder is what remains
+              [{'source' => filename}]
+            when 'link', 'folder'
+              # single source is 'folder' or 'link'
+              # TODO: add this ? , 'destination'=>file_info['name']
+              [{'source' => '.'}]
+            else Aspera.error_unexpected_value(file_info['type']){'source type'}
+            end
+        end
+        [apifid, source_paths]
+      end
       def find_files(top_file_id, test_lambda)
         Log.log.debug{"find_files: file id=#{top_file_id}"}
         find_state = {found: [], test_lambda: test_lambda}
@@ -305,7 +391,7 @@ module Aspera
       # @param file_id destination or source folder (id)
       # @param direction one of Transfer::Spec::DIRECTION_SEND, Transfer::Spec::DIRECTION_RECEIVE
       # @param ts_merge additional transfer spec to merge
-      def transfer_spec_gen4(file_id, direction, ts_merge=nil)
+      def transfer_spec_gen4(file_id, direction, ts_merge = nil)
         ak_name = nil
         ak_token = nil
         case auth_params[:type]
@@ -347,9 +433,7 @@ module Aspera
           # by default: same address as node API
           transfer_spec['remote_host'] = URI.parse(base_url).host
           # AoC allows specification of other url
-          if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
-            transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
-          end
+          transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url'] if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
           info = read('info')
           # get the transfer user from info on access key
           transfer_spec['remote_user'] = info['transfer_user'] if info['transfer_user']
@@ -395,10 +479,8 @@ module Aspera
             if state[:process_last_link]
               # we found it
               other_node = nil
-              if entry_has_link_information(entry)
-                other_node = node_id_to_node(entry['target_node_id'])
-              end
-              raise 'Cannot resolve link' if other_node.nil?
+              other_node = node_id_to_node(entry['target_node_id']) if entry_has_link_information(entry)
+              raise Error, 'Cannot resolve link' if other_node.nil?
               state[:result] = {api: other_node, file_id: entry['target_id']}
             else
               # we found it but we do not process the link