aspera-cli 4.25.0.pre2 → 4.25.0

data/lib/aspera/api/aoc.rb

@@ -33,7 +33,7 @@ module Aspera
       # types of events for shared folder creation
       # Node events: permission.created permission.modified permission.deleted
       PERMISSIONS_CREATED = ['permission.created'].freeze
-      # Special name when creating workspace shared folders
+      # Special user identifier when creating workspace shared folders
       ID_AK_ADMIN = 'ASPERA_ACCESS_KEY_ADMIN'
 
       private_constant :MAX_AOC_URL_REDIRECT,
@@ -48,11 +48,13 @@ module Aspera
         :ID_AK_ADMIN
 
       # various API scopes supported
-      SCOPE_FILES_SELF = 'self'
-      SCOPE_FILES_USER = 'user:all'
-      SCOPE_FILES_ADMIN = 'admin:all'
-      SCOPE_FILES_ADMIN_USER = 'admin-user:all'
-      SCOPE_FILES_ADMIN_USER_USER = "#{SCOPE_FILES_ADMIN_USER}+#{SCOPE_FILES_USER}"
+      module Scope
+        SELF = 'self'
+        USER = 'user:all'
+        ADMIN = 'admin:all'
+        ADMIN_USER = 'admin-user:all'
+        ADMIN_USER_USER = "#{ADMIN_USER}+#{USER}"
+      end
       FILES_APP = 'files'
       PACKAGES_APP = 'packages'
       API_V1 = 'api/v1'
@@ -227,10 +229,12 @@ module Aspera
         @workspace_info = nil
         @home_info = nil
         auth_params = {
-          type:          :oauth2,
-          client_id:     client_id,
-          client_secret: client_secret,
-          scope:         scope
+          type:   :oauth2,
+          params: {
+            client_id:     client_id,
+            client_secret: client_secret,
+            scope:         scope
+          }
         }
         # analyze type of url
         url_info = AoC.link_info(url)
@@ -256,20 +260,20 @@ module Aspera
           Aspera.assert(username, 'Missing mandatory option: username', type: ParameterError)
           auth_params[:private_key_obj] = OpenSSL::PKey::RSA.new(private_key, passphrase)
           auth_params[:payload] = {
-            iss: auth_params[:client_id], # issuer
+            iss: client_id, # issuer
             sub: username, # subject
             aud: JWT_AUDIENCE
           }
           # add jwt payload for global client id
-          auth_params[:payload][:org] = url_info[:organization] if GLOBAL_CLIENT_APPS.include?(auth_params[:client_id])
+          auth_params[:payload][:org] = url_info[:organization] if GLOBAL_CLIENT_APPS.include?(client_id)
           auth_params[:cache_ids] = [url_info[:organization]]
         when :url_json
-          auth_params[:url] = {grant_type: 'url_token'} # URL arguments
+          auth_params[:url] = {grant_type: 'url_token'} # Query arguments
           auth_params[:json] = {url_token: url_info[:token]} # JSON body
           # password protection of link
           auth_params[:json][:password] = password unless password.nil?
           # basic auth required for /token
-          auth_params[:auth] = {type: :basic, username: auth_params[:client_id], password: auth_params[:client_secret]}
+          auth_params[:auth] = {type: :basic, username: client_id, password: client_secret}
         else Aspera.error_unexpected_value(auth_params[:grant_method]){'auth, use one of: :web, :jwt'}
         end
         super(
@@ -386,11 +390,12 @@ module Aspera
         @home_info
       end
 
-      # @param node_id [String] identifier of node in AoC
-      # @param workspace_id [String] workspace identifier
-      # @param workspace_name [String] workspace name
-      # @param scope e.g. Node::SCOPE_USER, or nil (requires secret)
-      # @param package_info [Hash] created package information
+      # Return a Node API for given node id, in a given context (files, packages), for the given scope.
+      # @param node_id        [String] identifier of node in AoC
+      # @param workspace_id   [String,nil] workspace identifier
+      # @param workspace_name [String,nil] workspace name
+      # @param scope          [String,nil] e.g. Node::SCOPE_USER, or Node::SCOPE_ADMIN, or nil (requires secret)
+      # @param package_info   [Hash,nil] created package information
       # @returns [Node] a node API for access key
       def node_api_from(node_id:, workspace_id: nil, workspace_name: nil, scope: Node::SCOPE_USER, package_info: nil)
         Aspera.assert_type(node_id, String)
@@ -409,18 +414,22 @@ module Aspera
           app_info[:package_name] = package_info['name']
         end
         node_params = {base_url: node_info['url']}
-        # if secret is available
-        if scope.nil?
+        ak_secret = @secret_finder&.lookup_secret(url: node_info['url'], username: node_info['access_key'])
+        # If secret is available, or no scope, use basic auth
+        if scope.nil? || ak_secret
+          Aspera.assert(ak_secret, "Secret not found for access key #{node_info['access_key']}@#{node_info['url']}", type: Error)
           node_params[:auth] = {
             type:     :basic,
             username: node_info['access_key'],
-            password: @secret_finder&.lookup_secret(url: node_info['url'], username: node_info['access_key'], mandatory: true)
+            password: ak_secret
           }
         else
           # OAuth bearer token
           node_params[:auth] = auth_params.clone
-          node_params[:auth][:scope] = Node.token_scope(node_info['access_key'], scope)
-          # special header required for bearer token only
+          node_params[:auth][:params] ||= {}
+          node_params[:auth][:params][:scope] = Node.token_scope(node_info['access_key'], scope)
+          node_params[:auth][:params][:owner_access] = true if scope.eql?(Node::SCOPE_ADMIN)
+          # Special header required for bearer token only
           node_params[:headers] = {Node::HEADER_X_ASPERA_ACCESS_KEY => node_info['access_key']}
         end
         node_params[:app_info] = app_info

data/lib/aspera/api/ats.rb

@@ -5,6 +5,7 @@ require 'aspera/rest'
 
 module Aspera
   module Api
+    # ATS API without authentication
     class Ats < Aspera::Rest
       SERVICE_BASE_URL = 'https://ats.aspera.io'
       # currently supported clouds

data/lib/aspera/api/faspex.rb

@@ -34,7 +34,7 @@ module Aspera
         query: {
           response_type: :code,
           state:         @context,
-          client_id:     client_id,
+          client_id:     params[:client_id],
           redirect_uri:  @redirect_uri
         },
         exception: false,
@@ -46,7 +46,7 @@ module Aspera
       raise Error, info['action_message'] if info['action_message']
       Aspera.assert(info['code']){'Missing code in answer'}
       # Exchange code for token
-      return create_token_call(optional_scope_client_id.merge(
+      return create_token_call(base_params.merge(
         grant_type:   'authorization_code',
         code:         info['code'],
         redirect_uri: @redirect_uri
@@ -155,7 +155,9 @@ module Aspera
                 base_url:     "#{base_url}/#{PATH_AUTH}",
                 grant_method: :faspex_pub_link,
                 context:      encoded_context,
-                client_id:    config[:client_id],
+                params:       {
+                  client_id: config[:client_id]
+                },
                 redirect_uri: config[:redirect_uri]
               }
             }
@@ -177,7 +179,9 @@ module Aspera
                 type:         :oauth2,
                 base_url:     "#{url}/#{PATH_AUTH}",
                 grant_method: :web,
-                client_id:    client_id,
+                params:       {
+                  client_id: client_id
+                },
                 redirect_uri: redirect_uri
               }
             }
@@ -190,7 +194,9 @@ module Aspera
                 type:            :oauth2,
                 base_url:        "#{url}/#{PATH_AUTH}",
                 grant_method:    :jwt,
-                client_id:       client_id,
+                params:          {
+                  client_id: client_id
+                },
                 payload:         {
                   iss: client_id, # issuer
                   aud: client_id, # audience (this field is not clear...)

data/lib/aspera/ascmd.rb

@@ -89,7 +89,7 @@ module Aspera
     # Version 2 allows use of reverse proxy with multiple addresses.
     # @param [Symbol] one of OPERATIONS
     # @param [Array] parameters for "as" command
-    # @return result of command, type depends on command (bool, array, hash)
+    # @return [Boolean,Array,Hash] result of command, type depends on command
     def execute_single(action_sym, arguments, version: 1, host: nil)
       arguments = [] if arguments.nil?
       Log.log.debug{"execute_single:#{action_sym}:#{arguments}"}

data/lib/aspera/ascp/installation.rb

@@ -294,11 +294,11 @@ module Aspera
       end
 
       # Retrieves ascp binary for current system architecture from URL or file
-      # @param url      [String] URL to SDK archive, or SpecialValues::DEF
-      # @param folder   [String] Destination folder path
-      # @param backup   [Bool]   If destination folder exists, then rename
-      # @param with_exe [Bool]   If false, only retrieves files, but do not generate or restrict access
-      # @param &block   [Proc]   A lambda that receives a file path from archive and tells destination sub folder(end with /) or file, or nil to not extract
+      # @param url      [String]  URL to SDK archive, or SpecialValues::DEF
+      # @param folder   [String]  Destination folder path
+      # @param backup   [Boolean] If destination folder exists, then rename
+      # @param with_exe [Boolean] If false, only retrieves files, but do not generate or restrict access
+      # @param &block   [Proc]    A lambda that receives a file path from archive and tells destination sub folder(end with /) or file, or nil to not extract
       # @return [Array] name, ascp version (from execution), folder
       def install_sdk(url: nil, version: nil, folder: nil, backup: true, with_exe: true, &block)
         url = sdk_url_for_platform(version: version) if url.nil? || url.eql?('DEF')

data/lib/aspera/cli/formatter.rb

@@ -8,6 +8,7 @@ require 'aspera/environment'
 require 'aspera/log'
 require 'aspera/assert'
 require 'aspera/markdown'
+require 'aspera/dot_container'
 require 'terminal-table'
 require 'tty-spinner'
 require 'yaml'
@@ -64,9 +65,10 @@ module Aspera
           end
         end
 
+        # Give Markdown String, or matched data, return formatted string for terminal
         # used by spec_doc
         # @param match [MatchData,String]
-        def markdown(match)
+        def markdown_text(match)
           if match.is_a?(String)
             match = Markdown::FORMATS.match(match)
             Aspera.assert(match)
@@ -84,11 +86,11 @@ module Aspera
           end
         end
 
-        # replace empty values with a readable version on terminal
-        def enhance_display_values_hash(input_hash)
-          stack = [input_hash]
-          until stack.empty?
-            current = stack.pop
+        # Replace special values with a readable version on terminal
+        def replace_specific_for_terminal(input_hash)
+          hash_to_process = [input_hash]
+          until hash_to_process.empty?
+            current = hash_to_process.pop
             current.each do |key, value|
               case value
               when NilClass
@@ -100,73 +102,24 @@ module Aspera
               when Array
                 if value.empty?
                   current[key] = special_format('empty list')
+                elsif value.all?(String)
+                  current[key] = value.join(',')
                 else
                   value.each do |item|
-                    stack.push(item) if item.is_a?(Hash)
+                    hash_to_process.push(item) if item.is_a?(Hash)
                   end
                 end
               when Hash
                 if value.empty?
                   current[key] = special_format('empty dict')
                 else
-                  stack.push(value)
+                  hash_to_process.push(value)
                 end
               end
             end
           end
         end
 
-        # Given a list of string, display that list in a single cell
-        def list_to_string(list)
-          list.join(',')
-        end
-
-        # Build new prefix
-        def add_prefix(prefix, key)
-          [prefix, key].compact.join('.')
-        end
-
-        # Add elements of enumerator to the stack, in reverse order
-        def add_elements(stack, prefix, enum)
-          enum.reverse_each do |key, value|
-            stack.push([add_prefix(prefix, key), value])
-          end
-        end
-
-        # Flatten a Hash into single level hash
-        def flatten_hash(input)
-          Aspera.assert_type(input, Hash)
-          return input if input.empty?
-          flat = {}
-          # tail (pop,push) contains the next element to display
-          stack = [[nil, input]]
-          until stack.empty?
-            prefix, current = stack.pop
-            # empty things will be displayed as such
-            if current.respond_to?(:empty?) && current.empty?
-              flat[prefix] = current
-              next
-            end
-            case current
-            when Hash
-              add_elements(stack, prefix, current)
-            when Array
-              if current.none?{ |i| i.is_a?(Array) || i.is_a?(Hash)}
-                flat[prefix] = list_to_string(current.map(&:to_s))
-              elsif current.all?{ |i| i.is_a?(Hash) && i.keys == ['name']}
-                flat[prefix] = list_to_string(current.map{ |i| i['name']})
-              elsif current.all?{ |i| i.is_a?(Hash) && i.keys.sort == %w[name value]}
-                add_elements(stack, prefix, current.each_with_object({}){ |i, h| h[i['name']] = i['value']})
-              else
-                add_elements(stack, prefix, current.each_with_index.map{ |v, i| [i, v]})
-              end
-            else
-              flat[prefix] = current
-            end
-          end
-          flat
-        end
-
         def all_but(list)
           list = [list] unless list.is_a?(Array)
           return list.map{ |i| "#{FIELDS_LESS}#{i}"}.unshift(SpecialValues::ALL)
@@ -356,13 +309,13 @@ module Aspera
             if data.empty?
               display_message(:data, self.class.special_format('empty dict'))
             else
-              data = self.class.flatten_hash(data) if @options[:flat_hash]
+              data = DotContainer.new(data).to_dotted if @options[:flat_hash]
               display_table([data], compute_fields([data], fields), single: true)
             end
           when :object_list
             # :object_list is an Array of Hash, where key=column name
             Aspera.assert_array_all(data, Hash){'result'}
-            data = data.map{ |obj| self.class.flatten_hash(obj)} if @options[:flat_hash]
+            data = data.map{ |obj| DotContainer.new(obj).to_dotted} if @options[:flat_hash]
             display_table(data, compute_fields(data, fields), single: type.eql?(:single_object))
           when :value_list
             # :value_list is a simple array of values, name of column provided in `name`
@@ -474,7 +427,7 @@ module Aspera
           return
         end
         filter_columns_on_select(object_array)
-        object_array.each{ |i| self.class.enhance_display_values_hash(i)}
+        object_array.each{ |i| self.class.replace_specific_for_terminal(i)}
         # if table has only one element, and only one field, display the value
         if object_array.length == 1 && fields.length == 1
           Log.log.debug("display_table: single element, field: #{fields.first}")

data/lib/aspera/cli/manager.rb

@@ -6,6 +6,7 @@ require 'aspera/colors'
 require 'aspera/secret_hider'
 require 'aspera/log'
 require 'aspera/assert'
+require 'aspera/dot_container'
 require 'io/console'
 require 'optparse'
 
@@ -486,11 +487,12 @@ module Aspera
           Log.log.trace1('After parse')
         rescue OptionParser::InvalidOption => e
           Log.log.trace1{"InvalidOption #{e}".red}
+          # An option like --a.b.c=d does: a={"b":{"c":ext_val(d)}}
           if (m = e.args.first.match(/^--([a-z\-]+)\.([^=]+)=(.+)$/))
             option, path, value = m.captures
             option_sym = self.class.option_line_to_name(option).to_sym
             if @declared_options.key?(option_sym)
-              set_option(option_sym, dotted_to_extended(path, value, get_option(option_sym)), where: 'dotted')
+              set_option(option_sym, DotContainer.dotted_to_container(path, smart_convert(value), get_option(option_sym)), where: 'dotted')
               retry
             end
           end
@@ -561,14 +563,14 @@ module Aspera
 
       # Read remaining args and build an Array or Hash
       # @param value [nil] Argument to `@:` extended value
-      def args_as_extended(value)
+      def args_as_extended(arg)
         # This extended value does not take args (`@:`)
-        ExtendedValue.assert_no_value(value, :p)
+        ExtendedValue.assert_no_value(arg, :p)
         result = nil
         get_next_argument(:args, multiple: true).each do |arg|
           Aspera.assert(arg.include?(OPTION_VALUE_SEPARATOR)){"Positional argument: #{arg} does not inlude #{OPTION_VALUE_SEPARATOR}"}
-          path, raw = arg.split(OPTION_VALUE_SEPARATOR, 2)
-          result = dotted_to_extended(path, raw, result)
+          path, value = arg.split(OPTION_VALUE_SEPARATOR, 2)
+          result = DotContainer.dotted_to_container(path, smart_convert(value), result)
         end
         result
       end
@@ -590,40 +592,6 @@ module Aspera
         end
       end
 
-      # Convert `String` to `Integer`, or keep `String` if not `Integer`
-      def int_or_string(value)
-        Integer(value, exception: false) || value
-      end
-
-      def new_hash_or_array_from_key(key)
-        key.is_a?(Integer) ? [] : {}
-      end
-
-      def array_requires_integer_index!(container, index)
-        Aspera.assert(container.is_a?(Hash) || index.is_a?(Integer)){'Using String index when Integer index used previously'}
-      end
-
-      # Insert extended value `value` into struct `result` at `path`
-      # @param path   [String] dotted path
-      # @param value  [String] Smart expression
-      # @param result [NilClass, Hash, Array] current value
-      # @return [Hash, Array]
-      def dotted_to_extended(path, value, result = nil)
-        # Typed keys
-        keys = path.split(OPTION_DOTTED_SEPARATOR).map{ |k| int_or_string(k)}
-        # Create, or re-use first level container
-        current = (result ||= new_hash_or_array_from_key(keys.first))
-        # walk the path, and create sub-containers if necessary
-        keys.each_cons(2) do |k, next_k|
-          array_requires_integer_index!(current, k)
-          current = (current[k] ||= new_hash_or_array_from_key(next_k))
-        end
-        # Assign value at last index
-        array_requires_integer_index!(current, keys.last)
-        current[keys.last] = smart_convert(value)
-        result
-      end
-
       # generate command line option from option symbol
       def symbol_to_option(symbol, opt_val = nil)
         result = [OPTION_PREFIX, symbol.to_s.gsub(OPTION_SEP_SYMBOL, OPTION_SEP_LINE)].join
@@ -677,15 +645,13 @@ module Aspera
       OPTION_SEP_SYMBOL = '_'
       # Option value separator on command line, e.g. in --option-blah=foo, the "="
       OPTION_VALUE_SEPARATOR = '='
-      # "." : An option like --a.b.c=d does: a={"b":{"c":ext_val(d)}}
-      OPTION_DOTTED_SEPARATOR = '.'
       # Starts an option, e.g. in --option-blah, the two first "--"
       OPTION_PREFIX = '--'
       # when this is alone, this stops option processing
       OPTIONS_STOP = '--'
       SOURCE_USER = 'cmdline' # cspell:disable-line
 
-      private_constant :BOOL_YES, :BOOL_NO, :FALSE_VALUES, :TRUE_VALUES, :OPTION_SEP_LINE, :OPTION_SEP_SYMBOL, :OPTION_VALUE_SEPARATOR, :OPTION_DOTTED_SEPARATOR, :OPTION_PREFIX, :OPTIONS_STOP, :SOURCE_USER
+      private_constant :BOOL_YES, :BOOL_NO, :FALSE_VALUES, :TRUE_VALUES, :OPTION_SEP_LINE, :OPTION_SEP_SYMBOL, :OPTION_VALUE_SEPARATOR, :OPTION_PREFIX, :OPTIONS_STOP, :SOURCE_USER
     end
   end
 end

data/lib/aspera/cli/plugins/aoc.rb

@@ -82,9 +82,10 @@ module Aspera
             }
           end
 
-          # @param base   [String] Base folder path
-          # @param always [Bool]   `true` always add number, `false` only if base folder already exists
-          # @return [String] Folder path that does jot exist, with possible .<number> extension
+          # Get folder path that does not exist
+          # @param base   [String]  Base folder path
+          # @param always [Boolean] `true` always add number, `false` only if base folder already exists
+          # @return [String] Folder path that does not exist, with possible .<number> extension
           def next_available_folder(base, always: false)
             counter = always ? 1 : 0
             loop do
@@ -175,7 +176,7 @@ module Aspera
             auto_set_jwt = true
             Aspera.error_not_implemented
             # aoc_api.oauth.grant_method = :web
-            # aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN
+            # aoc_api.oauth.scope = Api::AoC::Scope::ADMIN
             # aoc_api.oauth.specific_parameters[:redirect_uri] = REDIRECT_LOCALHOST
           end
           myself = aoc_api.read('self')
@@ -206,6 +207,7 @@ module Aspera
           @cache_workspace_info = nil
           @cache_home_node_file = nil
           @cache_api_aoc = nil
+          @scope = Api::AoC::Scope::USER
           options.declare(:workspace, 'Name of workspace', allowed: [String, NilClass], default: Api::AoC::DEFAULT_WORKSPACE)
           options.declare(:new_user_option, 'New user creation option for unknown package recipients', allowed: Hash)
           options.declare(:validate_metadata, 'Validate shared inbox metadata', allowed: Allowed::TYPES_BOOLEAN, default: true)
@@ -215,39 +217,48 @@ module Aspera
           Node.declare_options(options)
         end
 
+        # Change API scope for subsequent calls, re-instantiate API object
+        # @param new_scope [String] New scope
+        def change_api_scope(new_scope)
+          @cache_api_aoc = nil
+          @scope = new_scope
+        end
+
+        # create an API object with the same options, but with a different subpath
+        # @param aoc_base_path [String] New subpath
+        # @return [Api::AoC] API object for AoC (is Rest)
         def api_from_options(aoc_base_path)
-          # create an API object with the same options, but with a different subpath
           return new_with_options(
             Api::AoC,
-            base: {
+            kwargs: {
+              scope:         @scope,
               subpath:       aoc_base_path,
               secret_finder: config
             },
-            add: {
-              scope:     Api::AoC::SCOPE_FILES_USER,
+            option: {
               workspace: nil
             }
           )
         end
 
         # AoC Rest object
-        # @return [Rest]
+        # @return [Api::AoC] API object for AoC (is Rest)
         def aoc_api
           if @cache_api_aoc.nil?
             @cache_api_aoc = api_from_options(Api::AoC::API_V1)
-            organization = @cache_api_aoc.read('organization')
-            if organization['http_gateway_enabled'] && organization['http_gateway_server_url']
-              transfer.httpgw_url_cb = lambda{organization['http_gateway_server_url']}
+            transfer.httpgw_url_cb = lambda do
+              organization = @cache_api_aoc.read('organization')
               # @cache_api_aoc.current_user_info['connect_disabled']
+              organization['http_gateway_server_url'] if organization['http_gateway_enabled'] && organization['http_gateway_server_url']
             end
           end
           return @cache_api_aoc
         end
 
         # Generate or update Hash with workspace id and name (option), if not already set
-        # @param hash   [Hash, Nil] set in provided hash
-        # @param string [TrueClass,FalseClass] true to set key as string, else as symbol
-        # @param name   [Bool] include name
+        # @param hash   [Hash,nil] Optional base hash (modified)
+        # @param string [Boolean] true to set key as string, else as symbol
+        # @param name   [Boolean] include name
         # @return [Hash] with key `workspace_[id,name]` (symbol or string) only if defined
         def workspace_id_hash(hash: nil, string: false, name: false)
           info = aoc_api.workspace
@@ -320,8 +331,11 @@ module Aspera
         NODE4_EXT_COMMANDS = %i[transfer].concat(Node::COMMANDS_GEN4).freeze
         private_constant :NODE4_EXT_COMMANDS
 
-        # @param file_id [String] root file id for the operation (can be AK root, or other, e.g. package, or link)
-        # @param scope [String] node scope, or nil (admin)
+        # Execute a node gen4 command
+        # @param command_repo [Symbol] command to execute
+        # @param node_id [String] Node identifier
+        # @param file_id [String] Root file id for the operation (can be AK root, or other, e.g. package, or link). If `nil` use AK root file id.
+        # @param scope [String] node scope (Node::SCOPE_<USER|ADMIN>), or nil (requires secret)
         def execute_nodegen4_command(command_repo, node_id, file_id: nil, scope: nil)
           top_node_api = aoc_api.node_api_from(
             node_id:        node_id,
@@ -423,7 +437,7 @@ module Aspera
             when :client_registration_token then default_fields.push('value', 'data.client_subject_scopes', 'created_at')
             when :contact
               default_fields = %w[source_type source_id name email]
-              default_query = {'include_only_user_personal_contacts' => true} if aoc_api.oauth.scope == Api::AoC::SCOPE_FILES_USER
+              default_query = {'include_only_user_personal_contacts' => true} if @scope == Api::AoC::Scope::USER
             when :node then default_fields.push('name', 'host', 'access_key')
             when :operation then default_fields = nil
             when :short_link then default_fields.push('short_url', 'data.url_token_data.purpose')
@@ -456,7 +470,7 @@ module Aspera
             return Main.result_success
           when :do
             command_repo = options.get_next_command(NODE4_EXT_COMMANDS)
-            return execute_nodegen4_command(command_repo, res_id)
+            return execute_nodegen4_command(command_repo, res_id, scope: Api::Node::SCOPE_ADMIN)
           when :bearer_token
             node_api = aoc_api.node_api_from(
               node_id: res_id,
@@ -515,13 +529,15 @@ module Aspera
           end
         end
 
-        ADMIN_ACTIONS = %i[ats resource usage_reports analytics subscription auth_providers].concat(ADMIN_OBJECTS).freeze
+        ADMIN_ACTIONS = %i[ats bearer_token resource usage_reports analytics subscription auth_providers].concat(ADMIN_OBJECTS).freeze
 
         def execute_admin_action
-          # default scope to admin
-          aoc_api.oauth.scope = Api::AoC::SCOPE_FILES_ADMIN if options.get_option(:scope).nil?
+          # change scope to admin
+          change_api_scope(Api::AoC::Scope::ADMIN)
           command_admin = options.get_next_command(ADMIN_ACTIONS)
           case command_admin
+          when :bearer_token
+            return Main.result_text(aoc_api.oauth.authorization)
           when :resource
             Log.log.warn('resource command is deprecated (4.18), directly use the specific command instead')
             return execute_resource_action(options.get_next_argument('resource', accept_list: ADMIN_OBJECTS))
@@ -650,13 +666,13 @@ module Aspera
           when :ats
             ats_api = Rest.new(**aoc_api.params.deep_merge({
               base_url: "#{aoc_api.base_url}/admin/ats/pub/v1",
-              auth:     {scope: Api::AoC::SCOPE_FILES_ADMIN_USER}
+              auth:     {params: {scope: Api::AoC::Scope::ADMIN_USER}}
             }))
-            return Ats.new(context: context).execute_action_gen(ats_api)
+            return Ats.new(context: context, api: ats_api).execute_action
           when :analytics
             analytics_api = Rest.new(**aoc_api.params.deep_merge({
               base_url: "#{aoc_api.base_url.gsub('/api/v1', '')}/analytics/v2",
-              auth:     {scope: Api::AoC::SCOPE_FILES_ADMIN_USER}
+              auth:     {params: {scope: Api::AoC::Scope::ADMIN_USER}}
             }))
             command_analytics = options.get_next_command(%i[application_events transfers files])
             case command_analytics
@@ -681,13 +697,13 @@ module Aspera
                 start_date_persistency = PersistencyActionOnce.new(
                   manager: persistency,
                   data: saved_date,
-                  id: IdGenerator.from_list([
+                  id: IdGenerator.from_list(
                     'aoc_ana_date',
                     options.get_option(:url, mandatory: true),
                     aoc_api.workspace[:name],
                     event_resource_type.to_s,
                     event_resource_id
-                  ])
+                  )
                 )
                 start_date_time = saved_date.first
                 stop_date_time = Time.now.utc.strftime('%FT%T.%LZ')
@@ -840,9 +856,10 @@ module Aspera
             manager: persistency,
             data: [],
             id: IdGenerator.from_list(
-              ['aoc_recv',
-               options.get_option(:url, mandatory: true),
-               aoc_api.workspace[:id]].concat(aoc_api.additional_persistence_ids)
+              'aoc_recv',
+              options.get_option(:url, mandatory: true),
+              aoc_api.workspace[:id],
+              aoc_api.additional_persistence_ids
             )
           )
         end
@@ -1079,6 +1096,7 @@ module Aspera
                      end
             end
           when :automation
+            change_api_scope(Api::AoC::Scope::ADMIN_USER)
             Log.log.warn('BETA: work under progress')
             # automation api is not in the same place
             automation_api = Rest.new(**aoc_api.params, base_url: aoc_api.base_url.gsub('/api/', '/automation/'))