aspera-cli 4.24.1 → 4.25.0.pre

data/lib/aspera/cli/plugins/alee.rb

@@ -2,11 +2,12 @@
 
 require 'aspera/api/alee'
 require 'aspera/nagios'
+require 'aspera/cli/plugins/basic_auth'
 
 module Aspera
   module Cli
     module Plugins
-      class Alee < Cli::BasicAuthPlugin
+      class Alee < BasicAuth
         ACTIONS = %i[health entitlement].freeze
 
         def execute_action
@@ -16,13 +17,13 @@ module Aspera
             nagios = Nagios.new
             begin
               api = Api::Alee.new(nil, nil, version: 'ping')
-              result = api.call(operation: 'GET')
-              raise "unexpected response: #{result[:http].body}" unless result[:http].body.eql?('pong')
+              http = api.read(nil, ret: :resp)
+              raise "unexpected response: #{http.body}" unless http.body.eql?('pong')
               nagios.add_ok('api', 'answered ok')
             rescue StandardError => e
               nagios.add_critical('api', e.to_s)
             end
-            return nagios.result
+            Main.result_object_list(nagios.status_list)
           when :entitlement
             entitlement_id = options.get_option(:username, mandatory: true)
             customer_id = options.get_option(:password, mandatory: true)

data/lib/aspera/cli/plugins/aoc.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
+require 'aspera/cli/plugins/oauth'
 require 'aspera/cli/plugins/node'
 require 'aspera/cli/plugins/ats'
-require 'aspera/cli/basic_auth_plugin'
 require 'aspera/cli/transfer_agent'
 require 'aspera/cli/special_values'
+require 'aspera/cli/wizard'
 require 'aspera/agent/node'
 require 'aspera/transfer/spec'
 require 'aspera/api/aoc'
@@ -18,11 +19,9 @@ require 'date'
 module Aspera
   module Cli
     module Plugins
-      class Aoc < Cli::BasicAuthPlugin
+      class Aoc < Oauth
         # default redirect for AoC web auth
         REDIRECT_LOCALHOST = 'http://localhost:12345'
-        # OAuth methods supported
-        STD_AUTH_TYPES = %i[web jwt].freeze
         # admin objects that can be manipulated
         ADMIN_OBJECTS = %i[
           self
@@ -57,7 +56,7 @@ module Aspera
         # options and parameters for Api::AoC.new
         OPTIONS_NEW = %i[url auth client_id client_secret scope redirect_uri private_key passphrase username password workspace].freeze
 
-        private_constant :REDIRECT_LOCALHOST, :STD_AUTH_TYPES, :ADMIN_OBJECTS, :PACKAGE_RECEIVED_BASE_QUERY, :OPTIONS_NEW, :PACKAGE_LIST_DEFAULT_FIELDS
+        private_constant :REDIRECT_LOCALHOST, :ADMIN_OBJECTS, :PACKAGE_RECEIVED_BASE_QUERY, :OPTIONS_NEW, :PACKAGE_LIST_DEFAULT_FIELDS
         class << self
           def application_name
             'Aspera on Cloud'
@@ -70,9 +69,9 @@ module Aspera
             base_url = "#{base_url}.#{Api::AoC::SAAS_DOMAIN_PROD}" unless base_url.include?('.')
             # AoC is only https
             return unless base_url.start_with?('https://')
-            res_http = Rest.new(base_url: base_url, redirect_max: 0).call(operation: 'GET', subpath: 'auth/ping', return_error: true)[:http]
-            return if res_http['Location'].nil?
-            redirect_uri = URI.parse(res_http['Location'])
+            location = Rest.new(base_url: base_url, redirect_max: 0).call(operation: 'GET', subpath: 'auth/ping', exception: false, ret: :resp)['Location']
+            return if location.nil?
+            redirect_uri = URI.parse(location)
             od = Api::AoC.split_org_domain(URI.parse(base_url))
             return unless redirect_uri.path.end_with?("oauth2/#{od[:organization]}/login")
             # either in standard domain, or product name in page
@@ -82,108 +81,6 @@ module Aspera
             }
           end
 
-          # @param url [String] url to check
-          # @return [Bool] true if private key is required for the url (i.e. no passcode)
-          def private_key_required?(url)
-            # pub link do not need private key
-            return Api::AoC.link_info(url)[:token].nil?
-          end
-
-          # @param object [Plugin] An instance of this class
-          # @param private_key_path [String] path to private key
-          # @param pub_key_pem [String] PEM of public key
-          # @return [Hash] :preset_value, :test_args
-          def wizard(object:, private_key_path: nil, pub_key_pem: nil)
-            # set vars to look like object
-            options = object.options
-            formatter = object.formatter
-            instance_url = options.get_option(:url, mandatory: true)
-            pub_link_info = Api::AoC.link_info(instance_url)
-            if !pub_link_info[:token].nil?
-              pub_api = Rest.new(base_url: "https://#{URI.parse(pub_link_info[:url]).host}/api/v1")
-              pub_info = pub_api.read('env/url_token_check', {token: pub_link_info[:token]})
-              preset_value = {
-                link: instance_url
-              }
-              preset_value[:password] = options.get_option(:password, mandatory: true) if pub_info['password_protected']
-              return {
-                preset_value: preset_value,
-                test_args:    'organization'
-              }
-            end
-            options.declare(:use_generic_client, 'Wizard: AoC: use global or org specific jwt client id', values: :bool, default: Api::AoC.saas_url?(instance_url))
-            options.parse_options!
-            # make username mandatory for jwt, this triggers interactive input
-            wiz_username = options.get_option(:username, mandatory: true)
-            raise "Username shall be an email in AoC: #{wiz_username}" if !(wiz_username =~ /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i)
-            # Set the pub key and jwt tag in the user's profile automatically
-            auto_set_pub_key = false
-            auto_set_jwt = false
-            # use browser authentication to bootstrap
-            use_browser_authentication = false
-            if options.get_option(:use_generic_client)
-              formatter.display_status('Using global client_id.')
-              formatter.display_status('Please Login to your Aspera on Cloud instance.')
-              formatter.display_status('Navigate to: 👤 → Account Settings → Profile → Public Key')
-              formatter.display_status('Check or update the value to:'.red.blink)
-              formatter.display_status(pub_key_pem, hide_secrets: false)
-              if !options.get_option(:test_mode)
-                formatter.display_status('Once updated or validated, press enter.')
-                Environment.instance.open_uri(instance_url)
-                $stdin.gets
-              end
-            else
-              formatter.display_status('Using organization specific client_id.')
-              if options.get_option(:client_id).nil? || options.get_option(:client_secret).nil?
-                formatter.display_status('Please login to your Aspera on Cloud instance.'.red)
-                formatter.display_status('Navigate to: 𓃑  → Admin → Integrations → API Clients')
-                formatter.display_status('Check or create in integration:')
-                formatter.display_status('- name: cli')
-                formatter.display_status("- redirect uri: #{REDIRECT_LOCALHOST}")
-                formatter.display_status('- origin: localhost')
-                formatter.display_status('Use the generated client id and secret in the following prompts.'.red)
-              end
-              Environment.instance.open_uri("#{instance_url}/admin/integrations/api-clients")
-              options.get_option(:client_id, mandatory: true)
-              options.get_option(:client_secret, mandatory: true)
-              # use_browser_authentication = true
-            end
-            if use_browser_authentication
-              formatter.display_status('We will use web authentication to bootstrap.')
-              auto_set_pub_key = true
-              auto_set_jwt = true
-              Aspera.error_not_implemented
-              # aoc_api.oauth.grant_method = :web
-              # aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN
-              # aoc_api.oauth.specific_parameters[:redirect_uri] = REDIRECT_LOCALHOST
-            end
-            myself = object.aoc_api.read('self')
-            if auto_set_pub_key
-              Aspera.assert(myself['public_key'].empty?, type: Cli::Error){'Public key is already set in profile (use --override=yes)'} unless option_override
-              formatter.display_status('Updating profile with the public key.')
-              aoc_api.update("users/#{myself['id']}", {'public_key' => pub_key_pem})
-            end
-            if auto_set_jwt
-              formatter.display_status('Enabling JWT for client')
-              aoc_api.update("clients/#{options.get_option(:client_id)}", {'jwt_grant_enabled' => true, 'explicit_authorization_required' => false})
-            end
-            preset_result = {
-              url:         instance_url,
-              username:    myself['email'],
-              auth:        :jwt.to_s,
-              private_key: "@file:#{private_key_path}"
-            }
-            # set only if non nil
-            %i[client_id client_secret].each do |s|
-              o = options.get_option(s)
-              preset_result[s.to_s] = o unless o.nil?
-            end
-            return {
-              preset_value: preset_result,
-              test_args:    'user profile show'
-            }
-          end
-
           # @param base [String] Base folder path
           # @return [String] Folder path that does jot exist, with possible .<number> extension
           def next_available_folder(base, always: false)
@@ -217,44 +114,123 @@ module Aspera
           end
         end
 
+        # @param wizard  [Wizard] The wizard object
+        # @param app_url [Wizard] The wizard object
+        # @return [Hash] :preset_value, :test_args
+        def wizard(wizard, app_url)
+          pub_link_info = Api::AoC.link_info(app_url)
+          # public link case
+          if pub_link_info.key?(:token)
+            pub_api = Rest.new(base_url: "https://#{URI.parse(pub_link_info[:url]).host}/api/v1")
+            pub_info = pub_api.read('env/url_token_check', {token: pub_link_info[:token]})
+            preset_value = {
+              link: app_url
+            }
+            preset_value[:password] = options.get_option(:password, mandatory: true) if pub_info['password_protected']
+            return {
+              preset_value: preset_value,
+              test_args:    'organization'
+            }
+          end
+          options.declare(:use_generic_client, 'Wizard: AoC: use global or org specific jwt client id', allowed: Allowed::TYPES_BOOLEAN, default: Api::AoC.saas_url?(app_url))
+          options.parse_options!
+          # make username mandatory for jwt, this triggers interactive input
+          wiz_username = options.get_option(:username, mandatory: true)
+          wizard.check_email(wiz_username)
+          # Set the pub key and jwt tag in the user's profile automatically
+          auto_set_pub_key = false
+          auto_set_jwt = false
+          # use browser authentication to bootstrap
+          use_browser_authentication = false
+          private_key_path = wizard.ask_private_key(
+            user: wiz_username,
+            url: app_url,
+            page: '👤 → Account Settings → Profile → Public Key'
+          )
+          client_id = options.get_option(:client_id)
+          client_secret = options.get_option(:client_secret)
+          if client_id.nil? || client_secret.nil?
+            if options.get_option(:use_generic_client)
+              client_id = client_secret = nil
+              formatter.display_status('Using global client_id.')
+            else
+              formatter.display_status('Using organization specific client_id.')
+              formatter.display_status('Please login to your Aspera on Cloud instance.'.red)
+              formatter.display_status('Navigate to: 𓃑  → Admin → Integrations → API Clients')
+              formatter.display_status('Check or create in integration:')
+              formatter.display_status('- name: cli')
+              formatter.display_status("- redirect uri: #{REDIRECT_LOCALHOST}")
+              formatter.display_status('- origin: localhost')
+              formatter.display_status('Use the generated client id and secret in the following prompts.'.red)
+              Environment.instance.open_uri("#{app_url}/admin/integrations/api-clients")
+              client_id = options.get_option(:client_id, mandatory: true)
+              client_secret = options.get_option(:client_secret, mandatory: true)
+              # use_browser_authentication = true
+            end
+          end
+          if use_browser_authentication
+            formatter.display_status('We will use web authentication to bootstrap.')
+            auto_set_pub_key = true
+            auto_set_jwt = true
+            Aspera.error_not_implemented
+            # aoc_api.oauth.grant_method = :web
+            # aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN
+            # aoc_api.oauth.specific_parameters[:redirect_uri] = REDIRECT_LOCALHOST
+          end
+          myself = aoc_api.read('self')
+          if auto_set_pub_key
+            Aspera.assert(myself['public_key'].empty?, type: Cli::Error){'Public key is already set in profile (use --override=yes)'} unless option_override
+            formatter.display_status('Updating profile with the public key.')
+            aoc_api.update("users/#{myself['id']}", {'public_key' => pub_key_pem})
+          end
+          if auto_set_jwt
+            formatter.display_status('Enabling JWT for client')
+            aoc_api.update("clients/#{options.get_option(:client_id)}", {'jwt_grant_enabled' => true, 'explicit_authorization_required' => false})
+          end
+          return {
+            preset_value: {
+              url:           app_url,
+              username:      myself['email'],
+              auth:          :jwt.to_s,
+              private_key:   "@file:#{private_key_path}",
+              client_id:     client_id,
+              client_secret: client_secret
+            }.compact,
+            test_args:    'user profile show'
+          }
+        end
+
         def initialize(**_)
           super
           @cache_workspace_info = nil
           @cache_home_node_file = nil
           @cache_api_aoc = nil
-          options.declare(:auth, 'OAuth type of authentication', values: STD_AUTH_TYPES, default: :jwt)
-          options.declare(:client_id, 'OAuth API client identifier')
-          options.declare(:client_secret, 'OAuth API client secret')
-          options.declare(:scope, 'OAuth scope for AoC API calls')
-          options.declare(:redirect_uri, 'OAuth API client redirect URI')
-          options.declare(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
-          options.declare(:passphrase, 'RSA private key passphrase', types: String)
-          options.declare(:workspace, 'Name of workspace', types: [String, NilClass], default: Api::AoC::DEFAULT_WORKSPACE)
-          options.declare(:new_user_option, 'New user creation option for unknown package recipients', types: Hash)
-          options.declare(:validate_metadata, 'Validate shared inbox metadata', values: :bool, default: true)
-          options.declare(:package_folder, 'Field of package to use as folder name, or @none:', types: [String, NilClass])
+          options.declare(:workspace, 'Name of workspace', allowed: [String, NilClass], default: Api::AoC::DEFAULT_WORKSPACE)
+          options.declare(:new_user_option, 'New user creation option for unknown package recipients', allowed: Hash)
+          options.declare(:validate_metadata, 'Validate shared inbox metadata', allowed: Allowed::TYPES_BOOLEAN, default: true)
+          options.declare(:package_folder, 'Field of package to use as folder name, or @none:', allowed: [String, NilClass])
           options.parse_options!
           # add node plugin options (for manual)
           Node.declare_options(options)
         end
 
         def api_from_options(aoc_base_path)
-          create_values = OPTIONS_NEW.each_with_object({
-            subpath:       aoc_base_path,
-            secret_finder: config
-          }) do |i, m|
-            m[i] = options.get_option(i) unless options.get_option(i).nil?
-          end
-          create_values[:scope] = Api::AoC::SCOPE_FILES_USER if create_values[:scope].nil?
           # create an API object with the same options, but with a different subpath
-          return Api::AoC.new(**create_values)
-        rescue ArgumentError => e
-          if (m = e.message.match(/missing keyword: :(.*)$/))
-            raise Cli::Error, "Missing option: #{m[1]}"
-          end
-          raise
+          return new_with_options(
+            Api::AoC,
+            base: {
+              subpath:       aoc_base_path,
+              secret_finder: config
+            },
+            add: {
+              scope:     Api::AoC::SCOPE_FILES_USER,
+              workspace: nil
+            }
+          )
         end
 
+        # AoC Rest object
+        # @return [Rest]
         def aoc_api
           if @cache_api_aoc.nil?
             @cache_api_aoc = api_from_options(Api::AoC::API_V1)
@@ -300,56 +276,11 @@ module Aspera
           return "#{resource_class_path}/#{get_resource_id_from_args(resource_class_path)}"
         end
 
-        # Call block with same query using paging and response information
-        # block must return a hash with :data and :http keys
-        # @return [Hash] {items: , total: }
-        def api_call_paging(base_query = {})
-          Aspera.assert_type(base_query, Hash){'query'}
-          Aspera.assert(block_given?)
-          # set default large page if user does not specify own parameters. AoC Caps to 1000 anyway
-          base_query['per_page'] = 1000 unless base_query.key?('per_page')
-          max_items = base_query.delete(MAX_ITEMS)
-          max_pages = base_query.delete(MAX_PAGES)
-          item_list = []
-          total_count = nil
-          current_page = base_query['page']
-          current_page = 1 if current_page.nil?
-          page_count = 0
-          loop do
-            query = base_query.clone
-            query['page'] = current_page
-            result = yield(query)
-            Aspera.assert(result[:data])
-            Aspera.assert(result[:http])
-            total_count = result[:http]['X-Total-Count']
-            page_count += 1
-            current_page += 1
-            add_items = result[:data]
-            break if add_items.empty?
-            # append new items to full list
-            item_list += add_items
-            break if !max_items.nil? && item_list.count >= max_items
-            break if !max_pages.nil? && page_count >= max_pages
-            formatter.long_operation_running("#{item_list.count} / #{total_count}") unless total_count.eql?(item_list.count.to_s)
-          end
-          formatter.long_operation_terminated
-          item_list = item_list[0..max_items - 1] if !max_items.nil? && item_list.count > max_items
-          return {items: item_list, total: total_count}
-        end
-
-        # read using the query and paging
-        # @return [Hash] {data: , total: }
-        def api_read_all(resource_class_path, base_query = {})
-          return api_call_paging(base_query) do |query|
-            aoc_api.call(operation: 'GET', subpath: resource_class_path, headers: {'Accept' => Rest::MIME_JSON}, query: query)
-          end
-        end
-
         # List all entities, given additional, default and user's queries
         # @param resource_class_path path to query on API
         # @param fields fields to display
         # @param base_query a query applied always
-        # @param default_query default query unless overriden by user
+        # @param default_query default query unless overridden by user
         # @param &block (Optional) calls block with user's or default query
         def result_list(resource_class_path, fields: nil, base_query: {}, default_query: {})
           Aspera.assert_type(base_query, Hash)
@@ -357,7 +288,7 @@ module Aspera
           query = query_read_delete(default: default_query)
           # caller may add specific modifications or checks to query
           yield(query) if block_given?
-          result = api_read_all(resource_class_path, base_query.merge(query).compact)
+          result = aoc_api.read_with_paging(resource_class_path, base_query.merge(query).compact, formatter: formatter)
           return Main.result_object_list(result[:items], fields: fields, total: result[:total])
         end
 
@@ -382,7 +313,7 @@ module Aspera
           Aspera.assert_type(query, Hash){'query'}
           PACKAGE_RECEIVED_BASE_QUERY.each{ |k, v| query[k] = v unless query.key?(k)}
           resolve_dropbox_name_default_ws_id(query)
-          return api_read_all('packages', query.compact)
+          return aoc_api.read_with_paging('packages', query.compact, formatter: formatter)
         end
 
         NODE4_EXT_COMMANDS = %i[transfer].concat(Node::COMMANDS_GEN4).freeze
@@ -443,6 +374,7 @@ module Aspera
           Aspera.error_unreachable_line
         end
 
+        # @param resource_type [Symbol] One of ADMIN_OBJECTS
         def execute_resource_action(resource_type)
           # get path on API, resource type is singular, but api is plural
           resource_class_path =
@@ -460,8 +392,9 @@ module Aspera
           global_operations =  %i[create list]
           supported_operations = %i[show modify]
           supported_operations.push(:delete, *global_operations) unless singleton_object
-          supported_operations.push(:do) if resource_type.eql?(:node)
+          supported_operations.push(:do, :bearer_token) if resource_type.eql?(:node)
           supported_operations.push(:set_pub_key) if resource_type.eql?(:client)
+          supported_operations.push(:shared_folder, :dropbox) if resource_type.eql?(:workspace)
           command = options.get_next_command(supported_operations)
           # require identifier for non global commands
           if !singleton_object && !global_operations.include?(command)
@@ -522,9 +455,61 @@ module Aspera
             return Main.result_success
           when :do
             command_repo = options.get_next_command(NODE4_EXT_COMMANDS)
-            # init context
-            aoc_api.context = :files
             return execute_nodegen4_command(command_repo, res_id)
+          when :bearer_token
+            node_api = aoc_api.node_api_from(
+              node_id: res_id,
+              scope:   options.get_next_argument('scope')
+            )
+            return Main.result_text(node_api.oauth.authorization)
+          when :dropbox
+            command_shared = options.get_next_command(%i[list])
+            case command_shared
+            when :list
+              query = options.get_option(:query) || {}
+              res_data = aoc_api.read('dropboxes', query.merge({'workspace_id'=>res_id}))
+              return Main.result_object_list(res_data, fields: %w[id name description])
+            end
+          when :shared_folder
+            query = options.get_option(:query) || Api::AoC.workspace_access(res_id).merge({'admin' => true})
+            shared_folders = aoc_api.read_with_paging("#{resource_instance_path}/permissions", query)[:items]
+            # inside a workspace
+            command_shared = options.get_next_command(%i[list member])
+            case command_shared
+            when :list
+              return Main.result_object_list(shared_folders, fields: %w[id node_name node_id file_id file.path tags.aspera.files.workspace.share_as])
+            when :member
+              shared_folder_id = instance_identifier
+              shared_folder = shared_folders.find{ |i| i['id'].eql?(shared_folder_id)}
+              Aspera.assert(shared_folder)
+              command_shared_member = options.get_next_command(%i[list])
+              case command_shared_member
+              when :list
+                node_api = aoc_api.node_api_from(
+                  node_id: shared_folder['node_id'],
+                  workspace_id: res_id,
+                  workspace_name: nil,
+                  scope: Api::Node::SCOPE_USER
+                )
+                result = node_api.read(
+                  'permissions',
+                  {'file_id' => shared_folder['file_id'], 'tag' => "aspera.files.workspace.id=#{res_id}"}
+                )
+                result.each do |item|
+                  item['member'] = begin
+                    if Api::AoC.workspace_access?(item)
+                      {'name'=>'[Internal permission]'}
+                    else
+                      aoc_api.read("admin/#{item['access_type']}s/#{item['access_id']}") rescue {'name': 'not found'}
+                    end
+                  rescue => e
+                    {'name'=>e.to_s}
+                  end
+                end
+                # TODO : read users and group name and add, if query "include_members"
+                return Main.result_object_list(result, fields: %w[access_type access_id access_level last_updated_at member.name member.email member.system_group_type member.system_group])
+              end
+            end
           else Aspera.error_unexpected_value(command)
           end
         end
@@ -691,7 +676,6 @@ module Aspera
               filter = query_read_delete(default: {})
               filter['limit'] ||= 100
               if options.get_option(:once_only, mandatory: true)
-                aoc_api.context = :files
                 saved_date = []
                 start_date_persistency = PersistencyActionOnce.new(
                   manager: persistency,
@@ -736,7 +720,6 @@ module Aspera
               return Main.result_object_list(events)
             end
           when :usage_reports
-            aoc_api.context = :files
             return result_list('usage_reports', base_query: workspace_id_hash)
           end
         end
@@ -809,7 +792,7 @@ module Aspera
             }
             return result_list('short_links', fields: Formatter.all_but('data'), base_query: list_params) if command.eql?(:list)
             one_id = instance_identifier
-            found = api_read_all('short_links', list_params)[:items].find{ |item| item['id'].eql?(one_id)}
+            found = aoc_api.read_with_paging('short_links', list_params, formatter: formatter)[:items].find{ |item| item['id'].eql?(one_id)}
             raise Cli::BadIdentifier.new('Short link', one_id) if found.nil?
             return Main.result_single_object(found, fields: Formatter.all_but('data'))
           when :modify
@@ -876,7 +859,6 @@ module Aspera
           command = options.get_next_command(ACTIONS)
           if %i[files packages].include?(command)
             default_flag = ' (default)' if options.get_option(:workspace).eql?(:default)
-            aoc_api.context = command
             formatter.display_status("Workspace: #{aoc_api.workspace[:name].to_s.red}#{default_flag}")
             if !aoc_api.private_link.nil?
               folder_name = aoc_api.node_api_from(node_id: aoc_api.home[:node_id]).read("files/#{aoc_api.home[:file_id]}")['name']
@@ -908,7 +890,6 @@ module Aspera
               when :list
                 return result_list('workspaces', fields: %w[id name])
               when :current
-                aoc_api.context = :files
                 return Main.result_single_object(aoc_api.workspace)
               end
             when :profile
@@ -961,7 +942,7 @@ module Aspera
                 # enforce workspace id from link (should be already ok, but in case user wanted to override)
                 package_data['workspace_id'] = aoc_api.public_link['data']['workspace_id']
               end
-              package_data['encryption_at_rest'] = true if transfer.option_transfer_spec['content_protection'].eql?('encrypt')
+              package_data['encryption_at_rest'] = true if transfer.user_transfer_spec['content_protection'].eql?('encrypt')
               # transfer may raise an error
               created_package = aoc_api.create_package_simple(package_data, option_validate, new_user_option)
               Main.result_transfer(transfer.start(created_package[:spec], rest_token: created_package[:node]))
@@ -1024,7 +1005,7 @@ module Aspera
                     destination_folder,
                     Environment.instance.sanitized_filename(package_info[per_package_field1])
                   )
-                  transfer.option_transfer_spec['destination_root'] = self.class.unique_folder(
+                  transfer.user_transfer_spec['destination_root'] = self.class.unique_folder(
                     folder,
                     extension: per_package_field2.eql?('seq') ? :seq : package_info[per_package_field2],
                     always: per_package_sub_always
@@ -1119,9 +1100,9 @@ module Aspera
             when :instances
               return entity_execute(api: aoc_api, entity: 'workflow_instances')
             when :workflows
-              wf_command = options.get_next_command(%i[action launch].concat(Plugin::ALL_OPS))
+              wf_command = options.get_next_command(%i[action launch].concat(ALL_OPS))
               case wf_command
-              when *Plugin::ALL_OPS
+              when *ALL_OPS
                 return entity_execute(
                   api: automation_api,
                   entity: 'workflows',
@@ -1152,7 +1133,6 @@ module Aspera
             uri = URI.parse(parameters.delete(:url){WebServerSimple::DEFAULT_URL})
             server = WebServerSimple.new(uri, **parameters.slice(*WebServerSimple::PARAMS))
             Aspera.assert(parameters.except(*WebServerSimple::PARAMS).empty?)
-            aoc_api.context = :files
             server.mount(uri.path, Faspex4GWServlet, aoc_api, aoc_api.workspace[:id])
             server.start
             return Main.result_status('Gateway terminated')

data/lib/aspera/cli/plugins/ats.rb

@@ -2,6 +2,7 @@
 
 # cspell:ignore trustpolicy
 
+require 'aspera/cli/plugins/base'
 require 'aspera/cli/plugins/node'
 require 'aspera/api/ats'
 require 'aspera/api/aoc'
@@ -13,7 +14,7 @@ module Aspera
     module Plugins
       # Access Aspera Transfer Service
       # https://developer.ibm.com/aspera/docs/ats-api-reference/creating-ats-api-keys/
-      class Ats < Cli::Plugin
+      class Ats < Base
         # columns for list of cloud providers
         CLOUD_TABLE = %w[id name].freeze
         private_constant :CLOUD_TABLE
@@ -25,7 +26,6 @@ module Aspera
           options.declare(:instance, 'ATS instance in ibm cloud')
           options.declare(:ats_key, 'ATS key identifier (ats_xxx)')
           options.declare(:ats_secret, 'ATS key secret')
-          options.declare(:params, 'Parameters access key creation (@json:)')
           options.declare(:cloud, 'Cloud provider')
           options.declare(:region, 'Cloud region')
           options.parse_options!
@@ -59,7 +59,7 @@ module Aspera
           access_key_id = instance_identifier unless %i[create list].include?(command)
           case command
           when :create
-            params = options.get_option(:params) || {}
+            params = value_create_modify(command: command, default: {})
             server_data = nil
             # if transfer_server_id not provided, get it from command line options
             if !params.key?('transfer_server_id')
@@ -92,7 +92,7 @@ module Aspera
             return Main.result_single_object(res)
             # TODO : action : modify, with "PUT"
           when :list
-            params = options.get_option(:params) || {'offset' => 0, 'max_results' => 1000}
+            params = query_read_delete(default: {'offset' => 0, 'max_results' => 1000})
             res = ats_api_pub_v1.read('access_keys', params)
             return Main.result_object_list(res['data'], fields: ['name', 'id', 'created.at', 'modified.at'])
           when :show