aspera-cli 4.7.0 → 4.8.0

data/lib/aspera/fasp/resume_policy.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'singleton'
 require 'aspera/log'
 
@@ -7,22 +8,22 @@ module Aspera
     # implements a simple resume policy
     class ResumePolicy
       # list of supported parameters and default values
-      DEFAULTS={
-        iter_max:       7,
-        sleep_initial:  2,
-        sleep_factor:   2,
-        sleep_max:      60
-      }
+      DEFAULTS = {
+        iter_max:      7,
+        sleep_initial: 2,
+        sleep_factor:  2,
+        sleep_max:     60
+      }.freeze
 
       # @param params see DEFAULTS
       def initialize(params=nil)
-        @parameters=DEFAULTS.clone
+        @parameters = DEFAULTS.dup
         if !params.nil?
           raise "expecting Hash (or nil), but have #{params.class}" unless params.is_a?(Hash)
           params.each do |k,v|
             raise "unknown resume parameter: #{k}, expect one of #{DEFAULTS.keys.map(&:to_s).join(',')}" unless DEFAULTS.has_key?(k)
             raise "#{k} must be Integer" unless v.is_a?(Integer)
-            @parameters[k]=v
+            @parameters[k] = v
           end
         end
         Log.log.debug("resume params=#{@parameters}")
@@ -30,7 +31,8 @@ module Aspera
 
       # calls block a number of times (resumes) until success or limit reached
       # this is re-entrant, one resumer can handle multiple transfers in //
-      def process(&block)
+      def execute_with_resume
+        raise 'block manndatory' unless block_given?
         # maximum of retry
         remaining_resumes = @parameters[:iter_max]
         sleep_seconds = @parameters[:sleep_initial]
@@ -39,7 +41,8 @@ module Aspera
         loop do
           Log.log.debug('transfer starting');
           begin
-            block.call
+            # call provided block
+            yield
             break
           rescue Fasp::Error => e
             Log.log.warn("An error occured: #{e.message}");
@@ -57,7 +60,7 @@ module Aspera
           end
 
           # take this retry in account
-          remaining_resumes-=1
+          remaining_resumes -= 1
           Log.log.warn("resuming in  #{sleep_seconds} seconds (retry left:#{remaining_resumes})");
 
           # wait a bit before retrying, maybe network condition will be better

data/lib/aspera/fasp/transfer_spec.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'aspera/fasp/parameters'
 
 module Aspera
@@ -6,14 +7,14 @@ module Aspera
     # parameters for Transfer Spec
     class TransferSpec
       # default transfer username for access key based transfers
-      ACCESS_KEY_TRANSFER_USER='xfer'
-      SSH_PORT=33_001
-      UDP_PORT=33_001
-      AK_TSPEC_BASE={
+      ACCESS_KEY_TRANSFER_USER = 'xfer'
+      SSH_PORT = 33_001
+      UDP_PORT = 33_001
+      AK_TSPEC_BASE = {
         'remote_user' => ACCESS_KEY_TRANSFER_USER,
         'ssh_port'    => SSH_PORT,
         'fasp_port'   => UDP_PORT
-      }
+      }.freeze
       # define constants for enums of parameters: <paramater>_<enum>, e.g. CIPHER_AES_128
       Aspera::Fasp::Parameters.description.each do |k,v|
         next unless v[:enum].is_a?(Array)

data/lib/aspera/fasp/uri.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'aspera/log'
 require 'aspera/command_line_builder'
 
@@ -7,38 +8,38 @@ module Aspera
     # translates a "faspe:" URI (used in Faspex) into transfer spec hash
     class Uri
       def initialize(fasplink)
-        @fasp_uri=URI.parse(fasplink.gsub(' ','%20'))
+        @fasp_uri = URI.parse(fasplink.gsub(' ','%20'))
         # TODO: check scheme is faspe
       end
 
       def transfer_spec
-        result_ts={}
-        result_ts['remote_host']=@fasp_uri.host
-        result_ts['remote_user']=@fasp_uri.user
-        result_ts['ssh_port']=@fasp_uri.port
-        result_ts['paths']=[{'source'=>URI.decode_www_form_component(@fasp_uri.path)}]
+        result_ts = {}
+        result_ts['remote_host'] = @fasp_uri.host
+        result_ts['remote_user'] = @fasp_uri.user
+        result_ts['ssh_port'] = @fasp_uri.port
+        result_ts['paths'] = [{'source' => URI.decode_www_form_component(@fasp_uri.path)}]
         # faspex does not encode trailing base64 encoded tags, fix that
-        fixed_query = @fasp_uri.query.gsub(/(=+)$/){|x|'%3D'*x.length}
+        fixed_query = @fasp_uri.query.gsub(/(=+)$/){|x|'%3D' * x.length}
 
         URI.decode_www_form(fixed_query).each do |i|
-          name=i[0]
-          value=i[1]
+          name = i[0]
+          value = i[1]
           case name
-          when 'cookie' then result_ts['cookie']=value
-          when 'token' then result_ts['token']=value
-          when 'sshfp' then result_ts['sshfp']=value
-          when 'policy' then result_ts['rate_policy']=value
-          when 'httpport' then result_ts['http_fallback_port']=value.to_i
-          when 'targetrate' then result_ts['target_rate_kbps']=value.to_i
-          when 'minrate' then result_ts['min_rate_kbps']=value.to_i
-          when 'port' then result_ts['fasp_port']=value.to_i
-          when 'bwcap' then result_ts['target_rate_cap_kbps']=value.to_i
-          when 'enc' then result_ts['cipher']=value.gsub(/^aes/,'aes-').gsub(/cfb$/,'-cfb').gsub(/gcm$/,'-gcm').gsub(/--/,'-')
-          when 'tags64' then result_ts['tags']=JSON.parse(Base64.strict_decode64(value))
-          when 'createpath' then result_ts['create_dir']=CommandLineBuilder.yes_to_true(value)
-          when 'fallback' then result_ts['http_fallback']=CommandLineBuilder.yes_to_true(value)
-          when 'lockpolicy' then result_ts['lock_rate_policy']=CommandLineBuilder.yes_to_true(value)
-          when 'lockminrate' then result_ts['lock_min_rate']=CommandLineBuilder.yes_to_true(value)
+          when 'cookie' then result_ts['cookie'] = value
+          when 'token' then result_ts['token'] = value
+          when 'sshfp' then result_ts['sshfp'] = value
+          when 'policy' then result_ts['rate_policy'] = value
+          when 'httpport' then result_ts['http_fallback_port'] = value.to_i
+          when 'targetrate' then result_ts['target_rate_kbps'] = value.to_i
+          when 'minrate' then result_ts['min_rate_kbps'] = value.to_i
+          when 'port' then result_ts['fasp_port'] = value.to_i
+          when 'bwcap' then result_ts['target_rate_cap_kbps'] = value.to_i
+          when 'enc' then result_ts['cipher'] = value.gsub(/^aes/,'aes-').gsub(/cfb$/,'-cfb').gsub(/gcm$/,'-gcm').gsub(/--/,'-')
+          when 'tags64' then result_ts['tags'] = JSON.parse(Base64.strict_decode64(value))
+          when 'createpath' then result_ts['create_dir'] = CommandLineBuilder.yes_to_true(value)
+          when 'fallback' then result_ts['http_fallback'] = CommandLineBuilder.yes_to_true(value)
+          when 'lockpolicy' then result_ts['lock_rate_policy'] = CommandLineBuilder.yes_to_true(value)
+          when 'lockminrate' then result_ts['lock_min_rate'] = CommandLineBuilder.yes_to_true(value)
           when 'auth' then Log.log.debug("ignoring auth #{name}=#{value}") # TODO: translate into transfer spec ? yes/no
           when 'v' then Log.log.debug("ignoring v #{name}=#{value}") # TODO: translate into transfer spec ? 2
           when 'protect' then Log.log.debug("ignoring protect #{name}=#{value}") # TODO: translate into transfer spec ?

data/lib/aspera/faspex_gw.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 require 'aspera/log'
 require 'aspera/aoc'
 require 'aspera/fasp/transfer_spec'
@@ -13,14 +14,14 @@ module Aspera
   # this class answers the Faspex /send API and creates a package on Aspera on Cloud
   class FaspexGW
     class FxGwServlet < WEBrick::HTTPServlet::AbstractServlet
-      def initialize(_server,a_aoc_api_user,a_workspace_id)
+      def initialize(_server, a_aoc_api_user, a_workspace_id)
         super
-        @aoc_api_user=a_aoc_api_user
-        @aoc_workspace_id=a_workspace_id
+        @aoc_api_user = a_aoc_api_user
+        @aoc_workspace_id = a_workspace_id
       end
 
       # parameters from user to Faspex API call
-      #{"delivery":{"use_encryption_at_rest":false,"note":"note","sources":[{"paths":["file1"]}],"title":"my title","recipients":["email1"],"send_upload_result":true}}
+      # {"delivery":{"use_encryption_at_rest":false,"note":"note","sources":[{"paths":["file1"]}],"title":"my title","recipients":["email1"],"send_upload_result":true}}
       #    {
       #      "delivery"=>{
       #      "use_encryption_at_rest"=>false,
@@ -33,127 +34,137 @@ module Aspera
       #    }
       def process_faspex_send(request, response)
         raise 'no payload' if request.body.nil?
-        faspex_pkg_parameters=JSON.parse(request.body)
-        faspex_pkg_delivery=faspex_pkg_parameters['delivery']
+
+        faspex_pkg_parameters = JSON.parse(request.body)
+        faspex_pkg_delivery = faspex_pkg_parameters['delivery']
         Log.log.debug("faspex pkg create parameters=#{faspex_pkg_parameters}")
 
         # get recipient ids
-        files_pkg_recipients=[]
+        files_pkg_recipients = []
         faspex_pkg_delivery['recipients'].each do |recipient_email|
-          user_lookup=@aoc_api_user.read('contacts',{'current_workspace_id'=>@aoc_workspace_id,'q'=>recipient_email})[:data]
-          raise StandardError,"no such unique user: #{recipient_email} / #{user_lookup}" unless !user_lookup.nil? && user_lookup.length.eql?(1)
-          recipient_user_info=user_lookup.first
-          files_pkg_recipients.push({'id'=>recipient_user_info['source_id'],'type'=>recipient_user_info['source_type']})
+          user_lookup = @aoc_api_user.read('contacts',
+            { 'current_workspace_id' => @aoc_workspace_id, 'q' => recipient_email })[:data]
+          raise StandardError,
+            "no such unique user: #{recipient_email} / #{user_lookup}" unless !user_lookup.nil? && user_lookup.length.eql?(1)
+
+          recipient_user_info = user_lookup.first
+          files_pkg_recipients.push({
+            'id'   => recipient_user_info['source_id'],
+            'type' => recipient_user_info['source_type']
+          })
         end
 
         #  create a new package with one file
-        the_package=@aoc_api_user.create('packages',{
-          'file_names'  =>faspex_pkg_delivery['sources'][0]['paths'],
-          'name'        =>faspex_pkg_delivery['title'],
-          'note'        =>faspex_pkg_delivery['note'],
-          'recipients'  =>files_pkg_recipients,
-          'workspace_id'=>@aoc_workspace_id})[:data]
+        the_package = @aoc_api_user.create('packages', {
+          'file_names'   => faspex_pkg_delivery['sources'][0]['paths'],
+          'name'         => faspex_pkg_delivery['title'],
+          'note'         => faspex_pkg_delivery['note'],
+          'recipients'   => files_pkg_recipients,
+          'workspace_id' => @aoc_workspace_id
+        })[:data]
 
         #  get node information for the node on which package must be created
-        node_info=@aoc_api_user.read("nodes/#{the_package['node_id']}")[:data]
+        node_info = @aoc_api_user.read("nodes/#{the_package['node_id']}")[:data]
 
         #  get transfer token (for node)
-        node_auth_bearer_token=@aoc_api_user.oauth_token(scope: AoC.node_scope(node_info['access_key'],AoC::SCOPE_NODE_USER))
+        node_auth_bearer_token = @aoc_api_user.oauth_token(scope: AoC.node_scope(node_info['access_key'],
+          AoC::SCOPE_NODE_USER))
 
         # tell Files what to expect in package: 1 transfer (can also be done after transfer)
-        @aoc_api_user.update("packages/#{the_package['id']}",{'sent'=>true,'transfers_expected'=>1})
+        @aoc_api_user.update("packages/#{the_package['id']}", { 'sent' => true, 'transfers_expected' => 1 })
 
         # to return an error:
         # response.status=400
         # return 'ERROR HERE'
 
         # TODO: check about xfer_*
-        ts_tags={
+        ts_tags = {
           'aspera' => {
-          'files'      => { 'package_id' => the_package['id'], 'package_operation' => 'upload' },
-          'node'       => { 'access_key' => node_info['access_key'], 'file_id' => the_package['contents_file_id'] },
-          'xfer_id'    => SecureRandom.uuid,
-          'xfer_retry' => 3600 } }
+            'files'      => { 'package_id' => the_package['id'], 'package_operation' => 'upload' },
+            'node'       => { 'access_key' => node_info['access_key'], 'file_id' => the_package['contents_file_id'] },
+            'xfer_id'    => SecureRandom.uuid,
+            'xfer_retry' => 3600
+          }
+        }
         # this transfer spec is for transfer to AoC
-        faspex_transfer_spec={
-          'direction'   => 'send',
-          'remote_host' => node_info['host'],
-          'remote_user' => Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER,
-          'ssh_port'    => Fasp::TransferSpec::SSH_PORT,
-          'fasp_port'   => Fasp::TransferSpec::UDP_PORT,
-          'tags'        => ts_tags,
-          'token'       => node_auth_bearer_token,
-          'paths'       => [{'destination' => '/'}],
-          'cookie'      => 'unused',
-          'create_dir'  => true,
-          'rate_policy' => 'fair',
-          'rate_policy_allowed'  => 'fixed',
-          'min_rate_cap_kbps'    => nil,
-          'min_rate_kbps'        => 0,
+        faspex_transfer_spec = {
+          'direction'              => 'send',
+          'remote_host'            => node_info['host'],
+          'remote_user'            => Fasp::TransferSpec::ACCESS_KEY_TRANSFER_USER,
+          'ssh_port'               => Fasp::TransferSpec::SSH_PORT,
+          'fasp_port'              => Fasp::TransferSpec::UDP_PORT,
+          'tags'                   => ts_tags,
+          'token'                  => node_auth_bearer_token,
+          'paths'                  => [{ 'destination' => '/' }],
+          'cookie'                 => 'unused',
+          'create_dir'             => true,
+          'rate_policy'            => 'fair',
+          'rate_policy_allowed'    => 'fixed',
+          'min_rate_cap_kbps'      => nil,
+          'min_rate_kbps'          => 0,
           'target_rate_percentage' => nil,
-          'lock_target_rate'     => nil,
-          'fasp_url'             => 'unused',
-          'lock_min_rate'        => true,
-          'lock_rate_policy'     => true,
-          'source_root'          => '',
-          'content_protection'   => nil,
-          'target_rate_cap_kbps' => 20_000, # TODO: is this value useful ?
-          'target_rate_kbps'     => 10_000, # TODO: get from where?
-          'cipher'               => 'aes-128',
-          'cipher_allowed'       => nil,
-          'http_fallback'        => false,
-          'http_fallback_port'   => nil,
-          'https_fallback_port'  => nil,
-          'destination_root'     => '/'
+          'lock_target_rate'       => nil,
+          'fasp_url'               => 'unused',
+          'lock_min_rate'          => true,
+          'lock_rate_policy'       => true,
+          'source_root'            => '',
+          'content_protection'     => nil,
+          'target_rate_cap_kbps'   => 20_000, # TODO: is this value useful ?
+          'target_rate_kbps'       => 10_000, # TODO: get from where?
+          'cipher'                 => 'aes-128',
+          'cipher_allowed'         => nil,
+          'http_fallback'          => false,
+          'http_fallback_port'     => nil,
+          'https_fallback_port'    => nil,
+          'destination_root'       => '/'
         }
         # but we place it in a Faspex package creation response
-        faspex_package_create_result={
-          'links' => {'status' => 'unused'},
+        faspex_package_create_result = {
+          'links'         => { 'status' => 'unused' },
           'xfer_sessions' => [faspex_transfer_spec]
         }
         Log.log.info("faspex_package_create_result=#{faspex_package_create_result}")
-        response.status=200
+        response.status = 200
         response.content_type = 'application/json'
-        response.body=JSON.generate(faspex_package_create_result)
+        response.body = JSON.generate(faspex_package_create_result)
       end
 
-      def do_GET(request, response) # rubocop:disable Naming/MethodName
+      def do_GET(request, response)
         case request.path
         when '/aspera/faspex/send'
           process_faspex_send(request, response)
         else
-          response.status=400
-          return 'ERROR HERE'
+          response.status = 400
+          'ERROR HERE'
         end
       end
     end # FxGwServlet
 
     class NewUserServlet < WEBrick::HTTPServlet::AbstractServlet
-      def do_GET(request, response) # rubocop:disable Naming/MethodName
+      def do_GET(request, response)
         case request.path
         when '/newuser'
-          response.status=200
+          response.status = 200
           response.content_type = 'text/html'
-          response.body='<html><body>hello world</body></html>'
+          response.body = '<html><body>hello world</body></html>'
         else
           raise "unsupported path: [#{request.path}]"
         end
       end
     end
 
-    def initialize(a_aoc_api_user,a_workspace_id)
+    def initialize(a_aoc_api_user, a_workspace_id)
       webrick_options = {
-        Port:                9443,
-        Logger:              Log.log,
-        SSLEnable:           true,
-        SSLVerifyClient:     OpenSSL::SSL::VERIFY_NONE,
-        SSLCertName:         [['CN',WEBrick::Utils.getservername]]
+        Port:        9443,
+        Logger:      Log.log,
+        SSLEnable:   true,
+        SSLCertName: [['CN', WEBrick::Utils.getservername]]
       }
       Log.log.info("Server started on port #{webrick_options[:Port]}")
       @server = WEBrick::HTTPServer.new(webrick_options)
-      @server.mount('/aspera/faspex', FxGwServlet,a_aoc_api_user,a_workspace_id)
+      @server.mount('/aspera/faspex', FxGwServlet, a_aoc_api_user, a_workspace_id)
       @server.mount('/newuser', NewUserServlet)
-      trap('INT') {@server.shutdown}
+      trap('INT') { @server.shutdown }
     end
 
     def start_server

data/lib/aspera/hash_ext.rb

@@ -1,22 +1,12 @@
 # frozen_string_literal: true
-# for older rubies
-unless Hash.method_defined?(:dig)
-  class Hash
-    def dig(*path)
-      path.inject(self) do |location, key|
-        location.respond_to?(:keys) ? location[key] : nil
-      end
-    end
-  end
-end
 
 class ::Hash
   def deep_merge(second)
-    merge(second){|_key,v1,v2|Hash===v1&&Hash===v2 ? v1.deep_merge(v2) : v2}
+    merge(second){|_key,v1,v2|Hash === v1 && Hash === v2 ? v1.deep_merge(v2) : v2}
   end
 
   def deep_merge!(second)
-    merge!(second){|_key,v1,v2|Hash===v1&&Hash===v2 ? v1.deep_merge!(v2) : v2}
+    merge!(second){|_key,v1,v2|Hash === v1 && Hash === v2 ? v1.deep_merge!(v2) : v2}
   end
 end
 
@@ -27,3 +17,11 @@ unless Hash.method_defined?(:symbolize_keys)
     end
   end
 end
+
+unless Hash.method_defined?(:stringify_keys)
+  class Hash
+    def stringify_keys
+      return each_with_object({}){|(k,v),memo| memo[k.to_s] = v }
+    end
+  end
+end

data/lib/aspera/id_generator.rb

@@ -1,23 +1,24 @@
 # frozen_string_literal: true
+
 require 'uri'
 
 module Aspera
   class IdGenerator
-    ID_SEPARATOR='_'
-    WINDOWS_PROTECTED_CHAR=%r{[/:"<>\\*?]}
-    PROTECTED_CHAR_REPLACE='_'
+    ID_SEPARATOR = '_'
+    WINDOWS_PROTECTED_CHAR = %r{[/:"<>\\*?]}.freeze
+    PROTECTED_CHAR_REPLACE = '_'
     private_constant :ID_SEPARATOR,:PROTECTED_CHAR_REPLACE,:WINDOWS_PROTECTED_CHAR
     def self.from_list(object_id)
       if object_id.is_a?(Array)
-        object_id=object_id.reject(&:nil?).map do |i|
+        object_id = object_id.compact.map do |i|
           i.is_a?(String) && i.start_with?('https://') ? URI.parse(i).host : i.to_s
         end.join(ID_SEPARATOR)
       end
       raise 'id must be a String' unless object_id.is_a?(String)
       return object_id.
-        gsub(WINDOWS_PROTECTED_CHAR,PROTECTED_CHAR_REPLACE). # remove windows forbidden chars
-        gsub('.',PROTECTED_CHAR_REPLACE).  # keep dot for extension only (nicer)
-        downcase
+          gsub(WINDOWS_PROTECTED_CHAR,PROTECTED_CHAR_REPLACE). # remove windows forbidden chars
+          gsub('.',PROTECTED_CHAR_REPLACE).  # keep dot for extension only (nicer)
+          downcase
     end
   end
 end

data/lib/aspera/keychain/encrypted_hash.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
+
+require 'aspera/hash_ext'
 require 'openssl'
 
 module Aspera
   module Keychain
     class SimpleCipher
       def initialize(key)
-        @key=Digest::SHA1.hexdigest(key)[0..23]
+        @key = Digest::SHA1.hexdigest(key+('*'*23))[0..23]
         @cipher = OpenSSL::Cipher.new('DES-EDE3-CBC')
       end
 
@@ -26,92 +28,105 @@ module Aspera
 
     # Manage secrets in a simple Hash
     class EncryptedHash
-      SEPARATOR='%'
+      SEPARATOR = '%'
+      ACCEPTED_KEYS = %i[username url secret description].freeze
       private_constant :SEPARATOR
+      attr_reader :legacy_detected
       def initialize(values)
         raise 'values shall be Hash' unless values.is_a?(Hash)
-        @all_secrets=values
+        @all_secrets = values
+      end
+
+      def identifier(options)
+        return options[:username] if options[:url].to_s.empty?
+        %i[url username].map{|s|options[s]}.join(SEPARATOR)
       end
 
       def set(options)
         raise 'options shall be Hash' unless options.is_a?(Hash)
-        unsupported=options.keys-[:username,:url,:secret,:description]
+        unsupported = options.keys - ACCEPTED_KEYS
         raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        username=options[:username]
+        username = options[:username]
         raise 'options shall have username' if username.nil?
-        url=options[:url]
+        url = options[:url]
         raise 'options shall have username' if url.nil?
-        secret=options[:secret]
+        secret = options[:secret]
         raise 'options shall have secret' if secret.nil?
-        key=[url,username].join(SEPARATOR)
+        key = identifier(options)
         raise "secret #{key} already exist, delete first" if @all_secrets.has_key?(key)
-        obj={username: username, url: url, secret: SimpleCipher.new(key).encrypt(secret)}
-        obj[:description]=options[:description] if options.has_key?(:description)
-        @all_secrets[key]=obj
+        obj = {username: username, url: url, secret: SimpleCipher.new(key).encrypt(secret)}
+        obj[:description] = options[:description] if options.has_key?(:description)
+        @all_secrets[key] = obj.stringify_keys
         nil
       end
 
       def list
-        result=[]
-        @all_secrets.each do |k,v|
-          case v
-          when String
-            o={username: k, url: '', description: ''}
-          when Hash
-            o=v.clone
-            o.delete(:secret)
-            o[:description]||=''
-          else raise 'error'
-          end
-          o[:description]=v[:description] if v.is_a?(Hash) && v[:description].is_a?(String)
-          result.push(o)
+        result = []
+        legacy_detected=false
+        @all_secrets.each do |name,value|
+          normal = # normalized version
+            case value
+            when String
+              legacy_detected=true
+              {username: name, url: '', secret: value}
+            when Hash then value.symbolize_keys
+            else raise 'error secret must be String (legacy) or Hash (new)'
+            end
+          normal[:description] = '' unless normal.has_key?(:description)
+          extraneous_keys=normal.keys - ACCEPTED_KEYS
+          Log.log.error("wrongs keys in secret hash: #{extraneous_keys.map(&:to_s).join(',')}") unless extraneous_keys.empty?
+          result.push(normal)
         end
+        Log.log.warn('Legacy vault format detected in config file, please refer to documentation to convert to new format.') if legacy_detected
         return result
       end
 
       def delete(options)
         raise 'options shall be Hash' unless options.is_a?(Hash)
-        unsupported=options.keys-[:username,:url]
+        unsupported = options.keys - %i[username url]
         raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        username=options[:username]
+        username = options[:username]
         raise 'options shall have username' if username.nil?
-        url=options[:url]
-        key=nil
+        url = options[:url]
+        key = nil
         if !url.nil?
-          extk=[url,username].join(SEPARATOR)
-          key=extk if @all_secrets.has_key?(extk)
+          extk = identifier(options)
+          key = extk if @all_secrets.has_key?(extk)
         end
         # backward compatibility: TODO: remove in future ? (make url mandatory ?)
-        key=username if key.nil? && @all_secrets.has_key?(username)
+        key = username if key.nil? && @all_secrets.has_key?(username)
         raise 'no such secret' if key.nil?
         @all_secrets.delete(key)
       end
 
       def get(options)
         raise 'options shall be Hash' unless options.is_a?(Hash)
-        unsupported=options.keys-[:username,:url]
+        unsupported = options.keys - %i[username url]
         raise "unsupported options: #{unsupported}" unless unsupported.empty?
-        username=options[:username]
+        username = options[:username]
         raise 'options shall have username' if username.nil?
-        url=options[:url]
-        val=nil
+        url = options[:url]
+        info = nil
         if !url.nil?
-          val=@all_secrets[[url,username].join(SEPARATOR)]
+          info = @all_secrets[identifier(options)]
         end
         # backward compatibility: TODO: remove in future ? (make url mandatory ?)
-        if val.nil?
-          val=@all_secrets[username]
+        if info.nil?
+          info = @all_secrets[username]
         end
-        result=options.clone
-        case val
+        result = options.clone
+        case info
         when NilClass
-          raise 'no such secret'
+          raise "no such secret: #{options[:url]} #{username}"
         when String
-          result.merge!({secret: val, description: ''})
+          result[:secret] = info
+          result[:description] = ''
         when Hash
-          key=[url,username].join(SEPARATOR)
-          plain=SimpleCipher.new(key).decrypt(val[:secret])
-          result.merge!({secret: plain, description: val[:description]})
+          info=info.symbolize_keys
+          key = identifier(options)
+          plain = SimpleCipher.new(key).decrypt(info[:secret])
+          result[:secret] = plain
+          result[:description] = info[:description]
         else raise 'error'
         end
         return result