aspera-cli 4.24.2 → 4.25.0

data/lib/aspera/cli/plugins/alee.rb

@@ -17,13 +17,13 @@ module Aspera
             nagios = Nagios.new
             begin
               api = Api::Alee.new(nil, nil, version: 'ping')
-              result = api.call(operation: 'GET')
-              raise "unexpected response: #{result[:http].body}" unless result[:http].body.eql?('pong')
+              http = api.read(nil, ret: :resp)
+              raise "unexpected response: #{http.body}" unless http.body.eql?('pong')
               nagios.add_ok('api', 'answered ok')
             rescue StandardError => e
               nagios.add_critical('api', e.to_s)
             end
-            return nagios.result
+            Main.result_object_list(nagios.status_list)
           when :entitlement
             entitlement_id = options.get_option(:username, mandatory: true)
             customer_id = options.get_option(:password, mandatory: true)

data/lib/aspera/cli/plugins/aoc.rb

@@ -62,6 +62,7 @@ module Aspera
             'Aspera on Cloud'
           end
 
+          # @return [Hash,NilClass]
           def detect(base_url)
             # no protocol ?
             base_url = "https://#{base_url}" unless base_url.match?(%r{^[a-z]{1,6}://})
@@ -69,9 +70,9 @@ module Aspera
             base_url = "#{base_url}.#{Api::AoC::SAAS_DOMAIN_PROD}" unless base_url.include?('.')
             # AoC is only https
             return unless base_url.start_with?('https://')
-            res_http = Rest.new(base_url: base_url, redirect_max: 0).call(operation: 'GET', subpath: 'auth/ping', exception: false)[:http]
-            return if res_http['Location'].nil?
-            redirect_uri = URI.parse(res_http['Location'])
+            location = Rest.new(base_url: base_url, redirect_max: 0).call(operation: 'GET', subpath: 'auth/ping', exception: false, ret: :resp)['Location']
+            return if location.nil?
+            redirect_uri = URI.parse(location)
             od = Api::AoC.split_org_domain(URI.parse(base_url))
             return unless redirect_uri.path.end_with?("oauth2/#{od[:organization]}/login")
             # either in standard domain, or product name in page
@@ -81,8 +82,10 @@ module Aspera
             }
           end
 
-          # @param base [String] Base folder path
-          # @return [String] Folder path that does jot exist, with possible .<number> extension
+          # Get folder path that does not exist
+          # @param base   [String]  Base folder path
+          # @param always [Boolean] `true` always add number, `false` only if base folder already exists
+          # @return [String] Folder path that does not exist, with possible .<number> extension
           def next_available_folder(base, always: false)
             counter = always ? 1 : 0
             loop do
@@ -95,27 +98,26 @@ module Aspera
           # Get folder path that does not exist
           # If it exists, an extension is added
           # or a sequential number if extension == :seq
-          # @param folder [String] base folder
-          def unique_folder(folder, extension: nil, always: false)
-            case extension
-            when nil
-              folder
-            when :seq
-              # reuse helper
-              next_available_folder(folder, always: always)
-            else
-              if Dir.exist?(folder) || always
-                # NOTE: it might already exist
-                "#{folder}.#{Environment.instance.sanitized_filename(extension)}"
-              else
-                folder
-              end
+          # @param package_info       [Hash]   Package information
+          # @param destination_folder [String] Base folder
+          # @param fld.               [Array]  List of fields of package
+          def unique_folder(package_info, destination_folder, fld: nil, seq: false, opt: false)
+            Aspera.assert_array_all(fld, String, type: Cli::BadArgument){'fld'}
+            Aspera.assert([1, 2].include?(fld.length)){'fld must have 1 or 2 elements'}
+            folder = Environment.instance.sanitized_filename(package_info[fld[0]])
+            if seq
+              folder = next_available_folder(folder, always: !opt)
+            elsif fld[1] && (Dir.exist?(folder) || !opt)
+              # NOTE: it might already exist
+              folder = "#{folder}.#{Environment.instance.sanitized_filename(fld[1])}"
             end
+            puts("sub= #{folder}")
+            File.join(destination_folder, folder)
           end
         end
 
         # @param wizard  [Wizard] The wizard object
-        # @param app_url [Wizard] The wizard object
+        # @param app_url [String] Tested URL
         # @return [Hash] :preset_value, :test_args
         def wizard(wizard, app_url)
           pub_link_info = Api::AoC.link_info(app_url)
@@ -132,7 +134,7 @@ module Aspera
               test_args:    'organization'
             }
           end
-          options.declare(:use_generic_client, 'Wizard: AoC: use global or org specific jwt client id', values: :bool, default: Api::AoC.saas_url?(app_url))
+          options.declare(:use_generic_client, 'Wizard: AoC: use global or org specific jwt client id', allowed: Allowed::TYPES_BOOLEAN, default: Api::AoC.saas_url?(app_url))
           options.parse_options!
           # make username mandatory for jwt, this triggers interactive input
           wiz_username = options.get_option(:username, mandatory: true)
@@ -174,7 +176,7 @@ module Aspera
             auto_set_jwt = true
             Aspera.error_not_implemented
             # aoc_api.oauth.grant_method = :web
-            # aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN
+            # aoc_api.oauth.scope = Api::AoC::Scope::ADMIN
             # aoc_api.oauth.specific_parameters[:redirect_uri] = REDIRECT_LOCALHOST
           end
           myself = aoc_api.read('self')
@@ -205,48 +207,58 @@ module Aspera
           @cache_workspace_info = nil
           @cache_home_node_file = nil
           @cache_api_aoc = nil
-          options.declare(:workspace, 'Name of workspace', types: [String, NilClass], default: Api::AoC::DEFAULT_WORKSPACE)
-          options.declare(:new_user_option, 'New user creation option for unknown package recipients', types: Hash)
-          options.declare(:validate_metadata, 'Validate shared inbox metadata', values: :bool, default: true)
-          options.declare(:package_folder, 'Field of package to use as folder name, or @none:', types: [String, NilClass])
+          @scope = Api::AoC::Scope::USER
+          options.declare(:workspace, 'Name of workspace', allowed: [String, NilClass], default: Api::AoC::DEFAULT_WORKSPACE)
+          options.declare(:new_user_option, 'New user creation option for unknown package recipients', allowed: Hash)
+          options.declare(:validate_metadata, 'Validate shared inbox metadata', allowed: Allowed::TYPES_BOOLEAN, default: true)
+          options.declare(:package_folder, 'Handling of reception of packages in folders', allowed: Hash, default: {})
           options.parse_options!
           # add node plugin options (for manual)
           Node.declare_options(options)
         end
 
+        # Change API scope for subsequent calls, re-instantiate API object
+        # @param new_scope [String] New scope
+        def change_api_scope(new_scope)
+          @cache_api_aoc = nil
+          @scope = new_scope
+        end
+
+        # create an API object with the same options, but with a different subpath
+        # @param aoc_base_path [String] New subpath
+        # @return [Api::AoC] API object for AoC (is Rest)
         def api_from_options(aoc_base_path)
-          # create an API object with the same options, but with a different subpath
           return new_with_options(
             Api::AoC,
-            base: {
+            kwargs: {
+              scope:         @scope,
               subpath:       aoc_base_path,
               secret_finder: config
             },
-            add: {
-              scope:     Api::AoC::SCOPE_FILES_USER,
+            option: {
               workspace: nil
             }
           )
         end
 
         # AoC Rest object
-        # @return [Rest]
+        # @return [Api::AoC] API object for AoC (is Rest)
         def aoc_api
           if @cache_api_aoc.nil?
             @cache_api_aoc = api_from_options(Api::AoC::API_V1)
-            organization = @cache_api_aoc.read('organization')
-            if organization['http_gateway_enabled'] && organization['http_gateway_server_url']
-              transfer.httpgw_url_cb = lambda{organization['http_gateway_server_url']}
+            transfer.httpgw_url_cb = lambda do
+              organization = @cache_api_aoc.read('organization')
               # @cache_api_aoc.current_user_info['connect_disabled']
+              organization['http_gateway_server_url'] if organization['http_gateway_enabled'] && organization['http_gateway_server_url']
             end
           end
           return @cache_api_aoc
         end
 
         # Generate or update Hash with workspace id and name (option), if not already set
-        # @param hash   [Hash, Nil] set in provided hash
-        # @param string [Bool] true to set key as string, else as symbol
-        # @param name   [Bool] include name
+        # @param hash   [Hash,nil] Optional base hash (modified)
+        # @param string [Boolean] true to set key as string, else as symbol
+        # @param name   [Boolean] include name
         # @return [Hash] with key `workspace_[id,name]` (symbol or string) only if defined
         def workspace_id_hash(hash: nil, string: false, name: false)
           info = aoc_api.workspace
@@ -288,7 +300,7 @@ module Aspera
           query = query_read_delete(default: default_query)
           # caller may add specific modifications or checks to query
           yield(query) if block_given?
-          result = aoc_api.read_with_paging(resource_class_path, query: base_query.merge(query).compact, formatter: formatter)
+          result = aoc_api.read_with_paging(resource_class_path, base_query.merge(query).compact, formatter: formatter)
           return Main.result_object_list(result[:items], fields: fields, total: result[:total])
         end
 
@@ -313,14 +325,17 @@ module Aspera
           Aspera.assert_type(query, Hash){'query'}
           PACKAGE_RECEIVED_BASE_QUERY.each{ |k, v| query[k] = v unless query.key?(k)}
           resolve_dropbox_name_default_ws_id(query)
-          return aoc_api.read_with_paging('packages', query: query.compact, formatter: formatter)
+          return aoc_api.read_with_paging('packages', query.compact, formatter: formatter)
         end
 
         NODE4_EXT_COMMANDS = %i[transfer].concat(Node::COMMANDS_GEN4).freeze
         private_constant :NODE4_EXT_COMMANDS
 
-        # @param file_id [String] root file id for the operation (can be AK root, or other, e.g. package, or link)
-        # @param scope [String] node scope, or nil (admin)
+        # Execute a node gen4 command
+        # @param command_repo [Symbol] command to execute
+        # @param node_id [String] Node identifier
+        # @param file_id [String] Root file id for the operation (can be AK root, or other, e.g. package, or link). If `nil` use AK root file id.
+        # @param scope [String] node scope (Node::SCOPE_<USER|ADMIN>), or nil (requires secret)
         def execute_nodegen4_command(command_repo, node_id, file_id: nil, scope: nil)
           top_node_api = aoc_api.node_api_from(
             node_id:        node_id,
@@ -374,6 +389,7 @@ module Aspera
           Aspera.error_unreachable_line
         end
 
+        # @param resource_type [Symbol] One of ADMIN_OBJECTS
         def execute_resource_action(resource_type)
           # get path on API, resource type is singular, but api is plural
           resource_class_path =
@@ -391,8 +407,9 @@ module Aspera
           global_operations =  %i[create list]
           supported_operations = %i[show modify]
           supported_operations.push(:delete, *global_operations) unless singleton_object
-          supported_operations.push(:do) if resource_type.eql?(:node)
+          supported_operations.push(:do, :bearer_token) if resource_type.eql?(:node)
           supported_operations.push(:set_pub_key) if resource_type.eql?(:client)
+          supported_operations.push(:shared_folder, :dropbox) if resource_type.eql?(:workspace)
           command = options.get_next_command(supported_operations)
           # require identifier for non global commands
           if !singleton_object && !global_operations.include?(command)
@@ -420,7 +437,7 @@ module Aspera
             when :client_registration_token then default_fields.push('value', 'data.client_subject_scopes', 'created_at')
             when :contact
               default_fields = %w[source_type source_id name email]
-              default_query = {'include_only_user_personal_contacts' => true} if aoc_api.oauth.scope == Api::AoC::SCOPE_FILES_USER
+              default_query = {'include_only_user_personal_contacts' => true} if @scope == Api::AoC::Scope::USER
             when :node then default_fields.push('name', 'host', 'access_key')
             when :operation then default_fields = nil
             when :short_link then default_fields.push('short_url', 'data.url_token_data.purpose')
@@ -453,18 +470,74 @@ module Aspera
             return Main.result_success
           when :do
             command_repo = options.get_next_command(NODE4_EXT_COMMANDS)
-            return execute_nodegen4_command(command_repo, res_id)
+            return execute_nodegen4_command(command_repo, res_id, scope: Api::Node::SCOPE_ADMIN)
+          when :bearer_token
+            node_api = aoc_api.node_api_from(
+              node_id: res_id,
+              scope:   options.get_next_argument('scope')
+            )
+            return Main.result_text(node_api.oauth.authorization)
+          when :dropbox
+            command_shared = options.get_next_command(%i[list])
+            case command_shared
+            when :list
+              query = options.get_option(:query) || {}
+              res_data = aoc_api.read('dropboxes', query.merge({'workspace_id'=>res_id}))
+              return Main.result_object_list(res_data, fields: %w[id name description])
+            end
+          when :shared_folder
+            query = options.get_option(:query) || Api::AoC.workspace_access(res_id).merge({'admin' => true})
+            shared_folders = aoc_api.read_with_paging("#{resource_instance_path}/permissions", query)[:items]
+            # inside a workspace
+            command_shared = options.get_next_command(%i[list member])
+            case command_shared
+            when :list
+              return Main.result_object_list(shared_folders, fields: %w[id node_name node_id file_id file.path tags.aspera.files.workspace.share_as])
+            when :member
+              shared_folder_id = instance_identifier
+              shared_folder = shared_folders.find{ |i| i['id'].eql?(shared_folder_id)}
+              Aspera.assert(shared_folder)
+              command_shared_member = options.get_next_command(%i[list])
+              case command_shared_member
+              when :list
+                node_api = aoc_api.node_api_from(
+                  node_id: shared_folder['node_id'],
+                  workspace_id: res_id,
+                  workspace_name: nil,
+                  scope: Api::Node::SCOPE_USER
+                )
+                result = node_api.read(
+                  'permissions',
+                  {'file_id' => shared_folder['file_id'], 'tag' => "aspera.files.workspace.id=#{res_id}"}
+                )
+                result.each do |item|
+                  item['member'] = begin
+                    if Api::AoC.workspace_access?(item)
+                      {'name'=>'[Internal permission]'}
+                    else
+                      aoc_api.read("admin/#{item['access_type']}s/#{item['access_id']}") rescue {'name': 'not found'}
+                    end
+                  rescue => e
+                    {'name'=>e.to_s}
+                  end
+                end
+                # TODO : read users and group name and add, if query "include_members"
+                return Main.result_object_list(result, fields: %w[access_type access_id access_level last_updated_at member.name member.email member.system_group_type member.system_group])
+              end
+            end
           else Aspera.error_unexpected_value(command)
           end
         end
 
-        ADMIN_ACTIONS = %i[ats resource usage_reports analytics subscription auth_providers].concat(ADMIN_OBJECTS).freeze
+        ADMIN_ACTIONS = %i[ats bearer_token resource usage_reports analytics subscription auth_providers].concat(ADMIN_OBJECTS).freeze
 
         def execute_admin_action
-          # default scope to admin
-          aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN if options.get_option(:scope).nil?
+          # change scope to admin
+          change_api_scope(Api::AoC::Scope::ADMIN)
           command_admin = options.get_next_command(ADMIN_ACTIONS)
           case command_admin
+          when :bearer_token
+            return Main.result_text(aoc_api.oauth.authorization)
           when :resource
             Log.log.warn('resource command is deprecated (4.18), directly use the specific command instead')
             return execute_resource_action(options.get_next_argument('resource', accept_list: ADMIN_OBJECTS))
@@ -593,13 +666,13 @@ module Aspera
           when :ats
             ats_api = Rest.new(**aoc_api.params.deep_merge({
               base_url: "#{aoc_api.base_url}/admin/ats/pub/v1",
-              auth:     {scope: Api::AoC::SCOPE_FILES_ADMIN_USER}
+              auth:     {params: {scope: Api::AoC::Scope::ADMIN_USER}}
             }))
-            return Ats.new(context: context).execute_action_gen(ats_api)
+            return Ats.new(context: context, api: ats_api).execute_action
           when :analytics
             analytics_api = Rest.new(**aoc_api.params.deep_merge({
               base_url: "#{aoc_api.base_url.gsub('/api/v1', '')}/analytics/v2",
-              auth:     {scope: Api::AoC::SCOPE_FILES_ADMIN_USER}
+              auth:     {params: {scope: Api::AoC::Scope::ADMIN_USER}}
             }))
             command_analytics = options.get_next_command(%i[application_events transfers files])
             case command_analytics
@@ -624,13 +697,13 @@ module Aspera
                 start_date_persistency = PersistencyActionOnce.new(
                   manager: persistency,
                   data: saved_date,
-                  id: IdGenerator.from_list([
+                  id: IdGenerator.from_list(
                     'aoc_ana_date',
                     options.get_option(:url, mandatory: true),
                     aoc_api.workspace[:name],
                     event_resource_type.to_s,
                     event_resource_id
-                  ])
+                  )
                 )
                 start_date_time = saved_date.first
                 stop_date_time = Time.now.utc.strftime('%FT%T.%LZ')
@@ -736,7 +809,7 @@ module Aspera
             }
             return result_list('short_links', fields: Formatter.all_but('data'), base_query: list_params) if command.eql?(:list)
             one_id = instance_identifier
-            found = aoc_api.read_with_paging('short_links', query: list_params, formatter: formatter)[:items].find{ |item| item['id'].eql?(one_id)}
+            found = aoc_api.read_with_paging('short_links', list_params, formatter: formatter)[:items].find{ |item| item['id'].eql?(one_id)}
             raise Cli::BadIdentifier.new('Short link', one_id) if found.nil?
             return Main.result_single_object(found, fields: Formatter.all_but('data'))
           when :modify
@@ -783,9 +856,10 @@ module Aspera
             manager: persistency,
             data: [],
             id: IdGenerator.from_list(
-              ['aoc_recv',
-               options.get_option(:url, mandatory: true),
-               aoc_api.workspace[:id]].concat(aoc_api.additional_persistence_ids)
+              'aoc_recv',
+              options.get_option(:url, mandatory: true),
+              aoc_api.workspace[:id],
+              aoc_api.additional_persistence_ids
             )
           )
         end
@@ -886,7 +960,7 @@ module Aspera
                 # enforce workspace id from link (should be already ok, but in case user wanted to override)
                 package_data['workspace_id'] = aoc_api.public_link['data']['workspace_id']
               end
-              package_data['encryption_at_rest'] = true if transfer.option_transfer_spec['content_protection'].eql?('encrypt')
+              package_data['encryption_at_rest'] = true if transfer.user_transfer_spec['content_protection'].eql?('encrypt')
               # transfer may raise an error
               created_package = aoc_api.create_package_simple(package_data, option_validate, new_user_option)
               Main.result_transfer(transfer.start(created_package[:spec], rest_token: created_package[:node]))
@@ -921,13 +995,8 @@ module Aspera
               end
               # download all files, or specified list only
               ts_paths = transfer.ts_source_paths(default: ['.'])
-              per_package_def = options.get_option(:package_folder)
-              unless per_package_def.nil?
-                raise Cli::BadArgument, "Invalid package folder option : #{per_package_def}" unless per_package_def =~ /\A([^+]+)(?:\+([^?]+)(\?)?)?\z/
-                per_package_field1 = Regexp.last_match(1)
-                per_package_field2 = Regexp.last_match(2)
-                per_package_sub_always = Regexp.last_match(3).nil?
-              end
+              per_package_def = options.get_option(:package_folder).symbolize_keys
+              save_metadata = per_package_def.delete(:inf)
               # get value outside of loop
               destination_folder = transfer.destination_folder(Transfer::Spec::DIRECTION_RECEIVE)
               result_transfer = []
@@ -943,23 +1012,14 @@ module Aspera
                   Transfer::Spec::DIRECTION_RECEIVE,
                   {'paths'=> ts_paths}
                 )
-                unless per_package_def.nil?
-                  # folder based on first field
-                  folder = File.join(
-                    destination_folder,
-                    Environment.instance.sanitized_filename(package_info[per_package_field1])
-                  )
-                  transfer.option_transfer_spec['destination_root'] = self.class.unique_folder(
-                    folder,
-                    extension: per_package_field2.eql?('seq') ? :seq : package_info[per_package_field2],
-                    always: per_package_sub_always
-                  )
-                end
-                formatter.display_status(%Q{Downloading package: [#{package_info['id']}] "#{package_info['name']}" to [#{destination_folder}]})
+                transfer.user_transfer_spec['destination_root'] = self.class.unique_folder(package_info, destination_folder, **per_package_def) unless per_package_def.empty?
+                dest_folder = transfer.user_transfer_spec['destination_root'] || destination_folder
+                formatter.display_status(%Q{Downloading package: [#{package_info['id']}] "#{package_info['name']}" to [#{dest_folder}]})
                 statuses = transfer.start(
                   transfer_spec,
                   rest_token: package_node_api
                 )
+                File.write(File.join(dest_folder, "#{package_id}.info.json"), package_info.to_json) if save_metadata
                 result_transfer.push({'package' => package_id, Main::STATUS_FIELD => statuses})
                 # update skip list only if all transfer sessions completed
                 if skip_ids_persistency && TransferAgent.session_status(statuses).eql?(:success)
@@ -1036,6 +1096,7 @@ module Aspera
                      end
             end
           when :automation
+            change_api_scope(Api::AoC::Scope::ADMIN_USER)
             Log.log.warn('BETA: work under progress')
             # automation api is not in the same place
             automation_api = Rest.new(**aoc_api.params, base_url: aoc_api.base_url.gsub('/api/', '/automation/'))

data/lib/aspera/cli/plugins/ats.rb

@@ -18,10 +18,10 @@ module Aspera
         # columns for list of cloud providers
         CLOUD_TABLE = %w[id name].freeze
         private_constant :CLOUD_TABLE
-        def initialize(**_)
-          super
-          @ats_api_pub = nil
-          @ats_api_pub_v1_cache = nil
+        def initialize(api: nil, **base_args)
+          super(**base_args)
+          @ats_api_open = Api::Ats.new
+          @ats_api_auth = api
           options.declare(:ibm_api_key, 'IBM API key, see https://cloud.ibm.com/iam/apikeys')
           options.declare(:instance, 'ATS instance in ibm cloud')
           options.declare(:ats_key, 'ATS key identifier (ats_xxx)')
@@ -36,13 +36,13 @@ module Aspera
           # TODO: provide list ?
           cloud = options.get_option(:cloud, mandatory: true).upcase
           region = options.get_option(:region, mandatory: true)
-          return @ats_api_pub.read("servers/#{cloud}/#{region}")
+          return @ats_api_open.read("servers/#{cloud}/#{region}")
         end
 
         # require api key only if needed
-        def ats_api_pub_v1
-          return @ats_api_pub_v1_cache unless @ats_api_pub_v1_cache.nil?
-          @ats_api_pub_v1_cache = Rest.new(
+        def ats_api
+          return @ats_api_auth unless @ats_api_auth.nil?
+          @ats_api_auth = Rest.new(
             base_url: "#{Api::Ats::SERVICE_BASE_URL}/pub/v1",
             auth:     {
               type:     :basic,
@@ -73,10 +73,10 @@ module Aspera
               when 'ibm-s3'
                 server_data2 = nil
                 if server_data.nil?
-                  server_data2 = @ats_api_pub.all_servers.find{ |s| s['id'].eql?(params['transfer_server_id'])}
+                  server_data2 = @ats_api_open.all_servers.find{ |s| s['id'].eql?(params['transfer_server_id'])}
                   raise "no such transfer server id: #{params['transfer_server_id']}" if server_data2.nil?
                 else
-                  server_data2 = @ats_api_pub.all_servers.find do |s|
+                  server_data2 = @ats_api_open.all_servers.find do |s|
                     s['cloud'].eql?(server_data['cloud']) &&
                       s['region'].eql?(server_data['region']) &&
                       s.key?('s3_authentication_endpoint')
@@ -88,31 +88,31 @@ module Aspera
                 params['storage']['endpoint'] = server_data2['s3_authentication_endpoint'] if !params['storage'].key?('authentication_endpoint')
               end
             end
-            res = ats_api_pub_v1.create('access_keys', params)
+            res = ats_api.create('access_keys', params)
             return Main.result_single_object(res)
             # TODO : action : modify, with "PUT"
           when :list
             params = query_read_delete(default: {'offset' => 0, 'max_results' => 1000})
-            res = ats_api_pub_v1.read('access_keys', params)
+            res = ats_api.read('access_keys', params)
             return Main.result_object_list(res['data'], fields: ['name', 'id', 'created.at', 'modified.at'])
           when :show
-            res = ats_api_pub_v1.read("access_keys/#{access_key_id}")
+            res = ats_api.read("access_keys/#{access_key_id}")
             return Main.result_single_object(res)
           when :modify
             params = value_create_modify(command: command)
             params['id'] = access_key_id
-            ats_api_pub_v1.update("access_keys/#{access_key_id}", params)
+            ats_api.update("access_keys/#{access_key_id}", params)
             return Main.result_status('modified')
           when :entitlement
-            ak = ats_api_pub_v1.read("access_keys/#{access_key_id}")
+            ak = ats_api.read("access_keys/#{access_key_id}")
             api_bss = Api::Alee.new(ak['license']['entitlement_id'], ak['license']['customer_id'])
             return Main.result_single_object(api_bss.read('entitlement'))
           when :delete
-            ats_api_pub_v1.delete("access_keys/#{access_key_id}")
+            ats_api.delete("access_keys/#{access_key_id}")
             return Main.result_status("deleted #{access_key_id}")
           when :node
-            ak_data = ats_api_pub_v1.read("access_keys/#{access_key_id}")
-            server_data = @ats_api_pub.all_servers.find{ |i| i['id'].start_with?(ak_data['transfer_server_id'])}
+            ak_data = ats_api.read("access_keys/#{access_key_id}")
+            server_data = @ats_api_open.all_servers.find{ |i| i['id'].start_with?(ak_data['transfer_server_id'])}
             raise Cli::Error, 'no such server found' if server_data.nil?
             node_url = server_data['transfer_setup_url']
             api_node = Api::Node.new(
@@ -126,7 +126,7 @@ module Aspera
             command = options.get_next_command(Node::COMMANDS_GEN4)
             return Node.new(context: context, api: api_node).execute_command_gen4(command, ak_data['root_file_id'])
           when :cluster
-            ats_url = ats_api_pub_v1.base_url
+            ats_url = ats_api.base_url
             api_ak_auth = Rest.new(
               base_url: ats_url,
               auth:     {
@@ -140,19 +140,19 @@ module Aspera
           end
         end
 
-        def execute_action_cluster_pub
+        def execute_action_cluster_open
           command = options.get_next_command(%i[clouds list show])
           case command
           when :clouds
-            return Main.result_object_list(@ats_api_pub.cloud_names.map{ |k, v| CLOUD_TABLE.zip([k, v]).to_h})
+            return Main.result_object_list(@ats_api_open.cloud_names.map{ |k, v| CLOUD_TABLE.zip([k, v]).to_h})
           when :list
-            return Main.result_object_list(@ats_api_pub.all_servers, fields: %w[id cloud region])
+            return Main.result_object_list(@ats_api_open.all_servers, fields: %w[id cloud region])
           when :show
             if options.get_option(:cloud) || options.get_option(:region)
               server_data = server_by_cloud_region
             else
               server_id = instance_identifier
-              server_data = @ats_api_pub.all_servers.find{ |i| i['id'].eql?(server_id)}
+              server_data = @ats_api_open.all_servers.find{ |i| i['id'].eql?(server_id)}
               raise BadIdentifier.new('server', server_id) if server_data.nil?
             end
             return Main.result_single_object(server_data)
@@ -170,7 +170,9 @@ module Aspera
               # does not work:  base_url:    'https://iam.cloud.ibm.com/identity',
               grant_type:    'urn:ibm:params:oauth:grant-type:apikey',
               response_type: 'cloud_iam',
-              apikey:        options.get_option(:ibm_api_key, mandatory: true)
+              params:        {
+                apikey: options.get_option(:ibm_api_key, mandatory: true)
+              }
             }
           )
         end
@@ -213,31 +215,23 @@ module Aspera
         ACTIONS = %i[cluster access_key api_key aws_trust_policy].freeze
 
         # called for legacy and AoC
-        def execute_action_gen(ats_api_arg)
+        def execute_action
           actions = ACTIONS.dup
-          actions.delete(:api_key) unless ats_api_arg.nil?
+          actions.delete(:api_key) unless @ats_api_auth.nil?
           command = options.get_next_command(actions)
-          @ats_api_pub_v1_cache = ats_api_arg
-          # keep as member variable as we may want to use the api in AoC name space
-          @ats_api_pub = Api::Ats.new
           case command
           when :cluster # display general ATS cluster information, this uses public API, no auth
-            return execute_action_cluster_pub
+            return execute_action_cluster_open
           when :access_key
             return execute_action_access_key
           when :api_key # manage credential to access ATS API
             return execute_action_api_key
           when :aws_trust_policy
-            res = ats_api_pub_v1.read('aws/trustpolicy', {region: options.get_option(:region, mandatory: true)})
+            res = ats_api.read('aws/trustpolicy', {region: options.get_option(:region, mandatory: true)})
             return Main.result_single_object(res)
           else Aspera.error_unexpected_value(command)
           end
         end
-
-        # called for legacy ATS only
-        def execute_action
-          execute_action_gen(nil)
-        end
       end
     end
   end