RubyGems - aspera-cli - Versions diffs - 4.24.1 → 4.25.0.pre - Mend

aspera-cli 4.24.1 → 4.25.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +1064 -745
data/CONTRIBUTING.md +43 -100
data/README.md +1281 -720
data/bin/ascli +20 -1
data/bin/asession +23 -27
data/lib/aspera/agent/base.rb +10 -21
data/lib/aspera/agent/connect.rb +2 -3
data/lib/aspera/agent/desktop.rb +2 -2
data/lib/aspera/agent/direct.rb +49 -32
data/lib/aspera/agent/factory.rb +31 -0
data/lib/aspera/api/aoc.rb +134 -76
data/lib/aspera/api/cos_node.rb +3 -2
data/lib/aspera/api/faspex.rb +213 -0
data/lib/aspera/api/node.rb +107 -94
data/lib/aspera/ascmd.rb +1 -2
data/lib/aspera/ascp/installation.rb +73 -58
data/lib/aspera/ascp/management.rb +119 -23
data/lib/aspera/assert.rb +39 -11
data/lib/aspera/cli/error.rb +4 -2
data/lib/aspera/cli/extended_value.rb +91 -67
data/lib/aspera/cli/formatter.rb +62 -27
data/lib/aspera/cli/hints.rb +8 -0
data/lib/aspera/cli/info.rb +4 -4
data/lib/aspera/cli/main.rb +76 -84
data/lib/aspera/cli/manager.rb +352 -248
data/lib/aspera/cli/plugins/alee.rb +5 -4
data/lib/aspera/cli/plugins/aoc.rb +175 -195
data/lib/aspera/cli/plugins/ats.rb +4 -4
data/lib/aspera/cli/plugins/base.rb +343 -0
data/lib/aspera/cli/plugins/basic_auth.rb +45 -0
data/lib/aspera/cli/plugins/config.rb +283 -269
data/lib/aspera/cli/plugins/console.rb +27 -22
data/lib/aspera/cli/plugins/cos.rb +3 -3
data/lib/aspera/cli/plugins/factory.rb +78 -0
data/lib/aspera/cli/plugins/faspex.rb +49 -46
data/lib/aspera/cli/plugins/faspex5.rb +113 -225
data/lib/aspera/cli/plugins/faspio.rb +19 -18
data/lib/aspera/cli/plugins/httpgw.rb +14 -13
data/lib/aspera/cli/plugins/node.rb +162 -149
data/lib/aspera/cli/plugins/oauth.rb +48 -0
data/lib/aspera/cli/plugins/orchestrator.rb +129 -45
data/lib/aspera/cli/plugins/preview.rb +30 -50
data/lib/aspera/cli/plugins/server.rb +21 -21
data/lib/aspera/cli/plugins/shares.rb +45 -47
data/lib/aspera/cli/sync_actions.rb +50 -39
data/lib/aspera/cli/transfer_agent.rb +35 -49
data/lib/aspera/cli/transfer_progress.rb +6 -6
data/lib/aspera/cli/version.rb +3 -3
data/lib/aspera/cli/wizard.rb +70 -55
data/lib/aspera/colors.rb +6 -0
data/lib/aspera/command_line_builder.rb +59 -61
data/lib/aspera/command_line_converter.rb +2 -1
data/lib/aspera/coverage.rb +2 -2
data/lib/aspera/data_repository.rb +1 -1
data/lib/aspera/environment.rb +51 -41
data/lib/aspera/faspex_gw.rb +7 -5
data/lib/aspera/faspex_postproc.rb +1 -1
data/lib/aspera/keychain/factory.rb +1 -2
data/lib/aspera/keychain/macos_security.rb +1 -1
data/lib/aspera/log.rb +37 -9
data/lib/aspera/markdown.rb +31 -0
data/lib/aspera/nagios.rb +7 -6
data/lib/aspera/oauth/base.rb +25 -28
data/lib/aspera/oauth/factory.rb +9 -9
data/lib/aspera/oauth/url_json.rb +2 -1
data/lib/aspera/oauth/web.rb +2 -2
data/lib/aspera/preview/file_types.rb +23 -37
data/lib/aspera/products/connect.rb +7 -6
data/lib/aspera/products/desktop.rb +1 -4
data/lib/aspera/products/other.rb +9 -1
data/lib/aspera/products/transferd.rb +0 -1
data/lib/aspera/rest.rb +168 -113
data/lib/aspera/rest_error_analyzer.rb +4 -4
data/lib/aspera/ssh.rb +7 -4
data/lib/aspera/ssl.rb +41 -0
data/lib/aspera/sync/args.schema.yaml +46 -3
data/lib/aspera/sync/conf.schema.yaml +307 -123
data/lib/aspera/sync/database.rb +2 -1
data/lib/aspera/sync/operations.rb +135 -79
data/lib/aspera/temp_file_manager.rb +17 -5
data/lib/aspera/transfer/error.rb +16 -7
data/lib/aspera/transfer/parameters.rb +35 -22
data/lib/aspera/transfer/resumer.rb +74 -0
data/lib/aspera/transfer/spec.rb +5 -5
data/lib/aspera/transfer/spec.schema.yaml +170 -59
data/lib/aspera/transfer/spec_doc.rb +49 -43
data/lib/aspera/uri_reader.rb +2 -2
data/lib/aspera/web_auth.rb +6 -6
data/lib/transferd_pb.rb +2 -2
data.tar.gz.sig +0 -0
metadata +26 -11
metadata.gz.sig +0 -0
data/lib/aspera/cli/basic_auth_plugin.rb +0 -43
data/lib/aspera/cli/plugin.rb +0 -333
data/lib/aspera/cli/plugin_factory.rb +0 -81
data/lib/aspera/resumer.rb +0 -77
data/lib/aspera/transfer/error_info.rb +0 -91

data/lib/aspera/cli/plugins/faspex5.rb CHANGED Viewed

@@ -2,9 +2,11 @@
 # spellchecker: ignore workgroups mypackages passcode
-require 'aspera/cli/basic_auth_plugin'
+require 'aspera/cli/plugins/oauth'
 require 'aspera/cli/extended_value'
 require 'aspera/cli/special_values'
+require 'aspera/cli/wizard'
+require 'aspera/api/faspex'
 require 'aspera/persistency_action_once'
 require 'aspera/id_generator'
 require 'aspera/nagios'
@@ -15,60 +17,7 @@ require 'securerandom'
 module Aspera
   module Cli
     module Plugins
-      class Faspex5 < Cli::BasicAuthPlugin
-        RECIPIENT_TYPES = %w[user workgroup external_user distribution_list shared_inbox].freeze
-        PACKAGE_TERMINATED = %w[completed failed].freeze
-        # list of supported mailbox types (to list packages)
-        API_LIST_MAILBOX_TYPES = %w[inbox inbox_history inbox_all inbox_all_history outbox outbox_history pending pending_history all].freeze
-        PACKAGE_SEND_FROM_REMOTE_SOURCE = 'remote_source'
-        # Faspex API v5: get transfer spec for connect
-        TRANSFER_CONNECT = 'connect'
-        ADMIN_RESOURCES = %i[
-          accounts distribution_lists contacts jobs workgroups shared_inboxes nodes oauth_clients registrations saml_configs
-          metadata_profiles email_notifications alternate_addresses webhooks
-        ].freeze
-        # states for jobs not in final state
-        JOB_RUNNING = %w[queued working].freeze
-        PATH_STANDARD_ROOT = '/aspera/faspex'
-        PATH_API_V5 = 'api/v5'
-        # endpoint for authentication API
-        PATH_AUTH = 'auth'
-        PATH_HEALTH = 'configuration/ping'
-        PATH_API_DETECT = "#{PATH_API_V5}/#{PATH_HEALTH}"
-        # OAuth methods supported
-        STD_AUTH_TYPES = %i[web jwt boot].freeze
-        HEADER_ITERATION_TOKEN = 'X-Aspera-Next-Iteration-Token'
-        HEADER_FASPEX_VERSION = 'X-IBM-Aspera'
-        EMAIL_NOTIF_LIST = %w[
-          welcome_email
-          forgot_password
-          package_received
-          package_received_cc
-          package_sent_cc
-          package_downloaded
-          package_downloaded_cc
-          workgroup_package
-          upload_result
-          upload_result_cc
-          relay_started_cc
-          relay_finished_cc
-          relay_error_cc
-          shared_inbox_invitation
-          shared_inbox_submit
-          personal_invitation
-          personal_submit
-          account_approved
-          account_denied
-          package_file_processing_failed_sender
-          package_file_processing_failed_recipient
-          relay_failed_admin
-          relay_failed
-          admin_sync_failed
-          sync_failed
-          account_exist
-          mfa_code
-        ]
-        private_constant :JOB_RUNNING, :RECIPIENT_TYPES, :PACKAGE_TERMINATED, :PATH_HEALTH, :API_LIST_MAILBOX_TYPES, :PACKAGE_SEND_FROM_REMOTE_SOURCE, :STD_AUTH_TYPES, :HEADER_ITERATION_TOKEN, :HEADER_FASPEX_VERSION, :EMAIL_NOTIF_LIST
+      class Faspex5 < Oauth
         class << self
           def application_name
             'Faspex'
@@ -78,19 +27,19 @@ module Aspera
             # add scheme if missing
             address_or_url = "https://#{address_or_url}" unless address_or_url.match?(%r{^[a-z]{1,6}://})
             urls = [address_or_url]
-            urls.push("#{address_or_url}#{PATH_STANDARD_ROOT}") unless address_or_url.end_with?(PATH_STANDARD_ROOT)
+            urls.push("#{address_or_url}#{Api::Faspex::PATH_STANDARD_ROOT}") unless address_or_url.end_with?(Api::Faspex::PATH_STANDARD_ROOT)
             error = nil
             urls.each do |base_url|
               # Faspex is always HTTPS
               next unless base_url.start_with?('https://')
               api = Rest.new(base_url: base_url, redirect_max: 1)
-              response = api.call(operation: 'GET', subpath: PATH_API_DETECT)[:http]
+              response = api.read(Api::Faspex::PATH_API_DETECT, ret: :resp)
               next unless response.code.start_with?('2') && response.body.strip.empty?
               # end is at -1, and subtract 1 for "/"
-              url_length = -2 - PATH_API_DETECT.length
+              url_length = -2 - Api::Faspex::PATH_API_DETECT.length
               # take redirect if any
               return {
-                version: response[HEADER_FASPEX_VERSION] || '5',
+                version: response[Api::Faspex::HEADER_FASPEX_VERSION] || '5',
                 url:     response.uri.to_s[0..url_length]
               }
             rescue StandardError => e
@@ -100,122 +49,57 @@ module Aspera
             raise error if error
             return
           end
+        end
-          # @param object [Plugin] An instance of this class
-          # @param private_key_path [String] path to private key
-          # @param pub_key_pem [String] PEM of public key
-          # @return [Hash] :preset_value, :test_args
-          def wizard(object:, private_key_path:, pub_key_pem:)
-            options = object.options
-            formatter = object.formatter
-            instance_url = options.get_option(:url, mandatory: true)
-            wiz_username = options.get_option(:username, mandatory: true)
-            raise "Username shall be an email in Faspex: #{wiz_username}" if !(wiz_username =~ /\A[\w+\-.]+@[a-z\d\-.]+\.[a-z]+\z/i)
-            if options.get_option(:client_id).nil? || options.get_option(:client_secret).nil?
-              formatter.display_status('Ask the ascli client id and secret to your Administrator.'.red)
-              formatter.display_status("Log in as an admin user at: #{instance_url}")
-              Environment.instance.open_uri(instance_url)
-              formatter.display_status('Navigate to: 𓃑  → Admin → Configurations → API clients')
-              formatter.display_status('Create an API client with:')
-              formatter.display_status('- name: ascli')
-              formatter.display_status('- JWT: enabled')
-              formatter.display_status("Log in as user #{wiz_username.red}. Navigate to your profile:")
-              formatter.display_status('👤 → Account Settings → Preferences → Public Key in PEM:')
-              formatter.display_status(pub_key_pem)
-              formatter.display_status('Once set, fill in the parameters:')
-            end
-            return {preset_value: {}, test_args: ''} if options.get_option(:test_mode)
-            return {
-              preset_value: {
-                url:           instance_url,
-                username:      wiz_username,
-                auth:          :jwt.to_s,
-                private_key:   "@file:#{private_key_path}",
-                client_id:     options.get_option(:client_id, mandatory: true),
-                client_secret: options.get_option(:client_secret, mandatory: true)
-              },
-              test_args:    'user profile show'
-            }
-          end
-          # @return true if the URL is a public link
-          def public_link?(url)
-            url.include?('?context=')
+        # @param wizard  [Wizard] The wizard object
+        # @param app_url [Wizard] The wizard object
+        # @return [Hash] :preset_value, :test_args
+        def wizard(wizard, app_url)
+          client_id = options.get_option(:client_id)
+          client_secret = options.get_option(:client_secret)
+          if client_id.nil? || client_secret.nil?
+            formatter.display_status('Ask the ascli client id and secret to your Administrator.'.red)
+            formatter.display_status("Log in as an admin user at: #{app_url}")
+            Environment.instance.open_uri(app_url)
+            formatter.display_status('Navigate to: 𓃑  → Admin → Configurations → API clients')
+            formatter.display_status('Create an API client with:')
+            formatter.display_status('- name: ascli')
+            formatter.display_status('- JWT: enabled')
+            formatter.display_status('Upon creation, the admin shall get those parameters:')
+            client_id = options.get_option(:client_id, mandatory: wizard.required)
+            client_secret = options.get_option(:client_secret, mandatory: wizard.required)
           end
+          wiz_username = options.get_option(:username, mandatory: true)
+          wizard.check_email(wiz_username)
+          private_key_path = wizard.ask_private_key(
+            user: wiz_username,
+            url: app_url,
+            page: '👤 → Account Settings → Preferences → Public Key in PEM'
+          )
+          return {
+            preset_value: {
+              url:           app_url,
+              username:      wiz_username,
+              auth:          :jwt.to_s,
+              private_key:   "@file:#{private_key_path}",
+              client_id:     client_id,
+              client_secret: client_secret
+            },
+            test_args:    'user profile show'
+          }
         end
         def initialize(**_)
           super
-          options.declare(:client_id, 'OAuth client identifier')
-          options.declare(:client_secret, 'OAuth client secret')
-          options.declare(:redirect_uri, 'OAuth redirect URI for web authentication')
-          options.declare(:auth, 'OAuth type of authentication', values: STD_AUTH_TYPES, default: :jwt)
-          options.declare(:private_key, 'OAuth JWT RSA private key PEM value (prefix file path with @file:)')
-          options.declare(:passphrase, 'OAuth JWT RSA private key passphrase')
-          options.declare(:box, "Package inbox, either shared inbox name or one of: #{API_LIST_MAILBOX_TYPES.join(', ')} or #{SpecialValues::ALL}", default: 'inbox')
+          options.declare(:box, "Package inbox, either shared inbox name or one of: #{Api::Faspex::API_LIST_MAILBOX_TYPES.join(', ')} or #{SpecialValues::ALL}", default: 'inbox')
           options.declare(:shared_folder, 'Send package with files from shared folder')
-          options.declare(:group_type, 'Type of shared box', values: %i[shared_inboxes workgroups], default: :shared_inboxes)
+          options.declare(:group_type, 'Type of shared box', allowed: %i[shared_inboxes workgroups], default: :shared_inboxes)
           options.parse_options!
-          @pub_link_context = nil
         end
         def set_api
-          # get endpoint, remove unnecessary trailing slashes
-          @faspex5_api_base_url = options.get_option(:url, mandatory: true).gsub(%r{/+$}, '')
-          auth_type = self.class.public_link?(@faspex5_api_base_url) ? :public_link : options.get_option(:auth, mandatory: true)
-          case auth_type
-          when :public_link
-            # resolve any redirect
-            @faspex5_api_base_url = Rest.new(base_url: @faspex5_api_base_url, redirect_max: 3).call(operation: 'GET')[:http].uri.to_s
-            encoded_context = Rest.query_to_h(URI.parse(@faspex5_api_base_url).query)['context']
-            raise BadArgument, 'Bad faspex5 public link, missing context in query' if encoded_context.nil?
-            # public link information (allowed usage)
-            @pub_link_context = JSON.parse(Base64.decode64(encoded_context))
-            Log.dump(:@pub_link_context, @pub_link_context, level: :trace1)
-            # ok, we have the additional parameters, get the base url
-            @faspex5_api_base_url = @faspex5_api_base_url.gsub(%r{/public/.*}, '').gsub(/\?.*/, '')
-            @api_v5 = Rest.new(
-              base_url: "#{@faspex5_api_base_url}/#{PATH_API_V5}",
-              headers:  {'Passcode' => @pub_link_context['passcode']}
-            )
-          when :boot
-            # the password here is the token copied directly from browser in developer mode
-            @api_v5 = Rest.new(
-              base_url: "#{@faspex5_api_base_url}/#{PATH_API_V5}",
-              headers:  {'Authorization' => options.get_option(:password, mandatory: true)}
-            )
-          when :web
-            # opens a browser and ask user to auth using web
-            @api_v5 = Rest.new(
-              base_url: "#{@faspex5_api_base_url}/#{PATH_API_V5}",
-              auth:     {
-                type:         :oauth2,
-                base_url:     "#{@faspex5_api_base_url}/#{PATH_AUTH}",
-                grant_method: :web,
-                client_id:    options.get_option(:client_id, mandatory: true),
-                redirect_uri: options.get_option(:redirect_uri, mandatory: true)
-              }
-            )
-          when :jwt
-            app_client_id = options.get_option(:client_id, mandatory: true)
-            @api_v5 = Rest.new(
-              base_url: "#{@faspex5_api_base_url}/#{PATH_API_V5}",
-              auth:     {
-                type:            :oauth2,
-                grant_method:    :jwt,
-                base_url:        "#{@faspex5_api_base_url}/#{PATH_AUTH}",
-                client_id:       app_client_id,
-                payload:         {
-                  iss: app_client_id, # issuer
-                  aud: app_client_id, # audience (this field is not clear...)
-                  sub: "user:#{options.get_option(:username, mandatory: true)}" # subject is a user
-                },
-                private_key_obj: OpenSSL::PKey::RSA.new(options.get_option(:private_key, mandatory: true), options.get_option(:passphrase)),
-                headers:         {typ: 'JWT'}
-              }
-            )
-          else Aspera.error_unexpected_value(auth_type)
-          end
+          # create an API object with the same options, but with a different subpath
+          @api_v5 = new_with_options(Api::Faspex)
           # in case user wants to use HTTPGW tell transfer agent how to get address
           transfer.httpgw_url_cb = lambda{@api_v5.read('account')['gateway_url']}
         end
@@ -224,7 +108,7 @@ module Aspera
         def normalize_recipients(parameters)
           return unless parameters.key?('recipients')
           Aspera.assert_type(parameters['recipients'], Array){'recipients'}
-          recipient_types = RECIPIENT_TYPES
+          recipient_types = Api::Faspex::RECIPIENT_TYPES
           if parameters.key?('recipient_types')
             recipient_types = parameters['recipient_types']
             parameters.delete('recipient_types')
@@ -233,7 +117,7 @@ module Aspera
           parameters['recipients'].map! do |recipient_data|
             # if just a string, make a general lookup and build expected name/type hash
             if recipient_data.is_a?(String)
-              matched = @api_v5.lookup_by_name('contacts', recipient_data, query: {context: 'packages', type: Rest.array_params(recipient_types)})
+              matched = @api_v5.lookup_by_name('contacts', recipient_data, query: Rest.php_style({context: 'packages', type: recipient_types}))
               recipient_data = {
                 name:           matched['name'],
                 recipient_type: matched['type']
@@ -245,7 +129,7 @@ module Aspera
         end
         # wait for package status to be in provided list
-        def wait_package_status(id, status_list: PACKAGE_TERMINATED)
+        def wait_package_status(id, status_list: Api::Faspex::PACKAGE_TERMINATED)
           total_sent = false
           loop do
             status = @api_v5.read("packages/#{id}/upload_details")
@@ -276,7 +160,7 @@ module Aspera
           result = nil
           loop do
             result = @api_v5.read("jobs/#{job_id}", {type: :formatted})
-            break unless JOB_RUNNING.include?(result['status'])
+            break unless Api::Faspex::JOB_RUNNING.include?(result['status'])
             formatter.long_operation_running(result['status'])
             sleep(0.5)
           end
@@ -292,7 +176,7 @@ module Aspera
           entity =
             case box
             when SpecialValues::ALL then 'packages' # only admin can list all packages globally
-            when *API_LIST_MAILBOX_TYPES then "#{box}/packages"
+            when *Api::Faspex::API_LIST_MAILBOX_TYPES then "#{box}/packages"
             else
               group_type = options.get_option(:group_type)
               "#{group_type}/#{lookup_entity_by_field(api: @api_v5, entity: group_type, value: box)['id']}/packages"
@@ -338,8 +222,7 @@ module Aspera
           else
             # a single id was provided, or a list of ids
             package_ids = [package_ids] unless package_ids.is_a?(Array)
-            Aspera.assert_type(package_ids, Array){'Expecting a single package id or a list of ids'}
-            Aspera.assert(package_ids.all?(String)){'Package id shall be String'}
+            Aspera.assert_array_all(package_ids, String){'Package id(s)'}
             # packages = package_ids.map{|pkg_id|@api_v5.read("packages/#{pkg_id}")}
             packages = package_ids.map{ |pkg_id| {'id'=>pkg_id}}
           end
@@ -352,12 +235,12 @@ module Aspera
           end
           download_params = {
             type:          'received',
-            transfer_type: TRANSFER_CONNECT
+            transfer_type: Api::Faspex::TRANSFER_CONNECT
           }
           box = options.get_option(:box)
           case box
           when /outbox/ then download_params[:type] = 'sent'
-          when *API_LIST_MAILBOX_TYPES then nil # nothing to do
+          when *Api::Faspex::API_LIST_MAILBOX_TYPES then nil # nothing to do
           else # shared inbox / workgroup
             download_params[:recipient_workgroup_id] = lookup_entity_by_field(api: @api_v5, entity: options.get_option(:group_type), value: box)['id']
           end
@@ -372,7 +255,7 @@ module Aspera
               content_type: Rest::MIME_JSON,
               body:         param_file_list,
               headers:      {'Accept' => Rest::MIME_JSON}
-            )[:data]
+            )
             # delete flag for Connect Client
             transfer_spec.delete('authentication')
             statuses = transfer.start(transfer_spec)
@@ -410,28 +293,29 @@ module Aspera
           until folders_to_process.empty?
             path = folders_to_process.shift
             loop do
-              response = @api_v5.call(
+              data, http = @api_v5.call(
                 operation:    'POST',
                 subpath:      browse_endpoint,
                 query:        query,
                 content_type: Rest::MIME_JSON,
                 body:         {'path' => path, 'filters' => filters},
-                headers:      {'Accept' => Rest::MIME_JSON}
+                headers:      {'Accept' => Rest::MIME_JSON},
+                ret:          :both
               )
-              all_items.concat(response[:data]['items'])
+              all_items.concat(data['items'])
               if !max_items.nil? && (all_items.count >= max_items)
                 all_items = all_items.slice(0, max_items) if all_items.count > max_items
                 break
               end
-              folders_to_process.concat(response[:data]['items'].select{ |i| i['type'].eql?('directory')}.map{ |i| i['path']}) if recursive
+              folders_to_process.concat(data['items'].select{ |i| i['type'].eql?('directory')}.map{ |i| i['path']}) if recursive
               if use_paging
-                iteration_token = response[:http][HEADER_ITERATION_TOKEN]
+                iteration_token = http[Api::Faspex::HEADER_ITERATION_TOKEN]
                 break if iteration_token.nil? || iteration_token.empty?
                 query['iteration_token'] = iteration_token
               else
-                total_count = response[:data]['total_count'] if total_count.nil?
-                break if response[:data]['item_count'].eql?(0)
-                query['offset'] += response[:data]['item_count']
+                total_count = data['total_count'] if total_count.nil?
+                break if data['item_count'].eql?(0)
+                query['offset'] += data['item_count']
               end
               formatter.long_operation_running(all_items.count)
             end
@@ -446,7 +330,7 @@ module Aspera
           command = options.get_next_command(%i[show browse status delete receive send list])
           package_id =
             if %i[receive show browse status delete].include?(command)
-              @pub_link_context&.key?('package_id') ? @pub_link_context['package_id'] : instance_identifier
+              @api_v5.pub_link_context&.key?('package_id') ? @api_v5.pub_link_context['package_id'] : instance_identifier
             end
           case command
           when :show
@@ -465,8 +349,7 @@ module Aspera
           when :delete
             ids = package_id
             ids = [ids] unless ids.is_a?(Array)
-            Aspera.assert_type(ids, Array){'Package identifier'}
-            Aspera.assert(ids.all?(String)){"Package id(s) shall be String, but have: #{ids.map(&:class).uniq.join(', ')}"}
+            Aspera.assert_array_all(ids, String){'Package id(s)'}
             # API returns 204, empty on success
             @api_v5.call(
               operation:    'DELETE',
@@ -481,36 +364,39 @@ module Aspera
           when :send
             parameters = value_create_modify(command: command)
             # autofill recipient for public url
-            if @pub_link_context&.key?('recipient_type') && !parameters.key?('recipients')
+            if @api_v5.pub_link_context&.key?('recipient_type') && !parameters.key?('recipients')
               parameters['recipients'] = [{
-                name:           @pub_link_context['name'],
-                recipient_type: @pub_link_context['recipient_type']
+                name:           @api_v5.pub_link_context['name'],
+                recipient_type: @api_v5.pub_link_context['recipient_type']
               }]
             end
             normalize_recipients(parameters)
+            # User specified content prot in tspec, but faspex requires in package creation
+            # `transfer_spec/upload` will set `content_protection`
+            if transfer.user_transfer_spec['content_protection'] && !parameters.key?('ear_enabled')
+              transfer.user_transfer_spec.delete('content_protection')
+              parameters['ear_enabled'] = true
+            end
             package = @api_v5.create('packages', parameters)
             shared_folder = options.get_option(:shared_folder)
             if shared_folder.nil?
               # send from local files
-              transfer_spec = @api_v5.call(
-                operation:    'POST',
-                subpath:      "packages/#{package['id']}/transfer_spec/upload",
-                query:        {transfer_type: TRANSFER_CONNECT},
-                content_type: Rest::MIME_JSON,
-                body:         {paths: transfer.source_list},
-                headers:      {'Accept' => Rest::MIME_JSON}
-              )[:data]
+              transfer_spec = @api_v5.create(
+                "packages/#{package['id']}/transfer_spec/upload",
+                {paths: transfer.source_list},
+                query: {transfer_type: Api::Faspex::TRANSFER_CONNECT}
+              )
               # well, we asked a TS for connect, but we actually want a generic one
               transfer_spec.delete('authentication')
               return Main.result_transfer(transfer.start(transfer_spec))
             else
               # send from remote shared folder
-              if (m = shared_folder.match(REGEX_LOOKUP_ID_BY_FIELD))
+              if (m = Base.percent_selector(shared_folder))
                 shared_folder = lookup_entity_by_field(
                   api: @api_v5,
                   entity: 'shared_folders',
-                  field: m[1],
-                  value: ExtendedValue.instance.evaluate(m[2])
+                  field: m[:field],
+                  value: m[:value]
                 )['id']
               end
               transfer_request = {shared_folder_id: shared_folder, paths: transfer.source_list}
@@ -536,7 +422,7 @@ module Aspera
             tclo:   true
           }
           res_id_query = :default
-          available_commands = Plugin::ALL_OPS
+          available_commands = ALL_OPS
           case res_sym
           when :metadata_profiles
             exec_args[:entity] = 'configuration/metadata_profiles'
@@ -554,7 +440,7 @@ module Aspera
             available_commands += [:reset_password]
           when :oauth_clients
             exec_args[:display_fields] = Formatter.all_but('public_key')
-            exec_args[:api] = Rest.new(**@api_v5.params, base_url: "#{@faspex5_api_base_url}/#{PATH_AUTH}")
+            exec_args[:api] = @api_v5.auth_api
             exec_args[:list_query] = {'expand': true, 'no_api_path': true, 'client_types[]': 'public'}
           when :shared_inboxes, :workgroups
             available_commands += %i[members saml_groups invite_external_collaborator]
@@ -563,9 +449,9 @@ module Aspera
             available_commands += %i[shared_folders browse]
           end
           res_command = options.get_next_command(available_commands)
-          return Main.result_value_list(EMAIL_NOTIF_LIST, name: 'email_id') if res_command.eql?(:list) && res_sym.eql?(:email_notifications)
+          return Main.result_value_list(Api::Faspex::EMAIL_NOTIF_LIST, name: 'email_id') if res_command.eql?(:list) && res_sym.eql?(:email_notifications)
           case res_command
-          when *Plugin::ALL_OPS
+          when *ALL_OPS
             return entity_execute(command: res_command, **exec_args) do |field, value|
                      lookup_entity_by_field(api: @api_v5, entity: exec_args[:entity], value: value, field: field, items_key: exec_args[:items_key], query: res_id_query)['id']
                    end
@@ -575,9 +461,9 @@ module Aspera
               lookup_entity_by_field(api: @api_v5, entity: 'nodes', field: field, value: value)['id']
             end
             shfld_entity = "nodes/#{node_id}/shared_folders"
-            sh_command = options.get_next_command(Plugin::ALL_OPS + [:user])
+            sh_command = options.get_next_command(ALL_OPS + [:user])
             case sh_command
-            when *Plugin::ALL_OPS
+            when *ALL_OPS
               return entity_execute(
                 api: @api_v5,
                 entity: shfld_entity,
@@ -628,20 +514,20 @@ module Aspera
               users = options.get_next_argument('user id, %name:, or Array')
               users = [users] unless users.is_a?(Array)
               users = users.map do |user|
-                if (m = user.match(REGEX_LOOKUP_ID_BY_FIELD))
+                if (m = Base.percent_selector(user))
                   lookup_entity_by_field(
                     api: @api_v5,
                     entity: 'accounts',
-                    field: m[1],
-                    value: ExtendedValue.instance.evaluate(m[2]),
-                    query: {type: Rest.array_params(%w{local_user saml_user self_registered_user external_user})}
+                    field: m[:field],
+                    value: m[:value],
+                    query: Rest.php_style({type: ACCOUNT_TYPES})
                   )['id']
                 else
                   # it's the user id (not member id...)
                   user
                 end
               end
-              access = options.get_next_argument('level', mandatory: false, accept_list: %i[submit_only standard shared_inbox_admin], default: :standard)
+              access = options.get_next_argument('level', mandatory: false, accept_list: SHARED_INBOX_MEMBER_LEVELS, default: :standard)
               options.unshift_next_argument({user: users.map{ |u| {id: u, access: access}}})
             end
             return entity_execute(
@@ -652,10 +538,10 @@ module Aspera
             ) do |field, value|
                      lookup_entity_by_field(
                        api: @api_v5,
-                       entity: 'accounts',
+                       entity: 'contacts',
                        field: field,
                        value: value,
-                       query: {type: Rest.array_params(%w{local_user saml_user self_registered_user external_user})}
+                       query: Rest.php_style({type: %w[user]})
                      )['id']
                    end
           when :reset_password
@@ -668,13 +554,9 @@ module Aspera
         end
         def execute_admin
-          command = options.get_next_command(%i[configuration smtp resource events clean_deleted].concat(ADMIN_RESOURCES).freeze)
+          command = options.get_next_command(%i[configuration smtp events clean_deleted].concat(Api::Faspex::ADMIN_RESOURCES).freeze)
           case command
-          when :resource
-            # resource will be deprecated
-            Log.log.warn('resource command is deprecated (4.18), directly use the specific command instead')
-            return execute_resource(options.get_next_command(ADMIN_RESOURCES))
-          when *ADMIN_RESOURCES
+          when *Api::Faspex::ADMIN_RESOURCES
             return execute_resource(command)
           when :clean_deleted
             delete_data = value_create_modify(command: command, default: {})
@@ -739,25 +621,27 @@ module Aspera
         def execute_action
           command = options.get_next_command(ACTIONS)
-          set_api unless command.eql?(:postprocessing)
+          set_api unless %i{postprocessing health}.include?(command)
           case command
           when :version
             return Main.result_single_object(@api_v5.read('version'))
           when :health
             nagios = Nagios.new
             begin
-              result = Rest.new(base_url: @faspex5_api_base_url).read('health')
-              result.each do |k, v|
+              data, http = Rest.new(base_url: options.get_option(:url, mandatory: true))
+                .read('health', ret: :both)
+              data.each do |k, v|
                 nagios.add_ok(k, v.to_s)
               end
+              nagios.add_ok('version', http['X-IBM-Aspera']) if http['X-IBM-Aspera']
             rescue StandardError => e
-              nagios.add_critical('faspex api', e.to_s)
+              nagios.add_critical('core', e.to_s)
             end
-            return nagios.result
+            Main.result_object_list(nagios.status_list)
           when :user
             case options.get_next_command(%i[account profile])
             when :account
-              return Main.result_single_object(@api_v5.read('account'))
+              return Main.result_single_object(@api_v5.read('account', query_read_delete))
             when :profile
               case options.get_next_command(%i[show modify])
               when :show
@@ -791,7 +675,7 @@ module Aspera
             return execute_admin
           when :invitations
             invitation_endpoint = 'invitations'
-            invitation_command = options.get_next_command(%i[resend].concat(Plugin::ALL_OPS))
+            invitation_command = options.get_next_command(%i[resend].concat(ALL_OPS))
             case invitation_command
             when :create
               return do_bulk_operation(command: invitation_command, descr: 'data') do |params|
@@ -832,6 +716,10 @@ module Aspera
             return Main.result_status('Gateway terminated')
           end
         end
+        SHARED_INBOX_MEMBER_LEVELS = %i[submit_only standard shared_inbox_admin].freeze
+        ACCOUNT_TYPES = %w{local_user saml_user self_registered_user external_user}.freeze
+        CONTACT_TYPES = %w{workgroup shared_inbox distribution_list user external_user}.freeze
+        private_constant :SHARED_INBOX_MEMBER_LEVELS, :ACCOUNT_TYPES, :CONTACT_TYPES
       end
     end
   end