morpheus-cli 4.2.21 → 5.2.0

data/lib/morpheus/cli/ping.rb

@@ -199,7 +199,6 @@ EOT
               "Version" => lambda {|it| appliance[:build_version] },
               # "Active" => lambda {|it| it[:active] ? "Yes " + format_is_current() : "No" },
               "Response Time" => lambda {|it| format_duration_seconds(took_sec) },
-              #"Response Time" => lambda {|it| format_sig_dig(took_sec, 3) + "s" rescue "" },
               # "Error" => lambda {|it| error_string },
               "Status" => lambda {|it| format_appliance_status(appliance, cyan) },
             }

data/lib/morpheus/cli/remote.rb

@@ -23,6 +23,8 @@ class Morpheus::Cli::Remote
 
   set_default_subcommand :list
 
+  set_subcommands_hidden :setup # this is going away too
+
   def initialize()
     @appliance_name, @appliance_url = Morpheus::Cli::Remote.active_appliance
   end
@@ -137,7 +139,6 @@ EOT
             check_str
           },
           "Response Time" => lambda {|it| format_duration_milliseconds(it[:last_check][:took]) rescue "" },
-          #"Response Time" => lambda {|it| format_sig_dig((it[:last_check][:took]/ 1000.to_f), 3) + "s" rescue "" },
           "Error" => {display_method: lambda {|it| 
             error_str = it[:last_check] ? it[:last_check][:error].to_s : "" 
             error_str
@@ -596,7 +597,7 @@ EOT
     if args.count != 0
       raise_command_error "wrong number of arguments, expected 0-1 and got (#{args.count}) #{args.join(' ')}\n#{optparse}"
     end
-    connect(options) # needed?
+    #connect(options) # needed?
     _check_all_appliances(options)
   end
   
@@ -827,6 +828,12 @@ EOT
         options[:do_offline] = true
       end
       build_common_options(opts, options, [:json,:yaml,:csv,:fields, :quiet])
+      opts.footer = <<-EOT
+Print details about the a remote appliance.
+[name] is optional. This is the name of a remote. 
+By default, the current appliance is used.
+Returns an error if the specified remote is not found, or there is no current remote.
+EOT
     end
     optparse.parse!(args)
     id_list = nil
@@ -844,7 +851,16 @@ EOT
 
   def _get(appliance_name, options)
     exit_code, err = 0, nil
-    
+    if appliance_name == 'current'
+      current_appliance = ::Morpheus::Cli::Remote.load_active_remote()
+      if current_appliance.nil?
+        #raise_command_error "No current appliance, see the command `remote use`"
+        unless options[:quiet]
+          print yellow, "No current appliance, see the command `remote use`", reset, "\n"
+        end
+        return 1, "No current appliance"
+      end
+    end
     appliance = load_remote_by_name(appliance_name)
     appliance_name = appliance[:name]
     appliance_url = appliance[:url]
@@ -1040,15 +1056,14 @@ EOT
       end
       build_common_options(opts, options, [:quiet])
       opts.footer = <<-EOT
-[name] is required. This is the name of a remote, see the command `remote list`.
+[name] is required. This is the name of a remote to begin using.
 Start using a remote, making it the active (current) remote appliance.
 This switches the remote context of your client configuration for all subsequent commands.
-So rely on 'remote use' with caution.
 It is important to always be aware of the context your commands are running in.
 The command `remote current` will return the current remote information.
-Also, instead of using an active remote, the -r option can be specified in your commands.
+Instead of using an active remote, the -r option can be specified with each command.
 
-It is recommeneded to set a custom prompt to show the remote name.
+It is recommeneded to set a custom prompt to show the current remote name.
 For example, add the following to your .morpheusrc file:
 
   # set your shell prompt to display the current username and remote
@@ -1156,13 +1171,22 @@ EOT
     end
     optparse.parse!(args)
     verify_args!(args:args, count:0, optparse:optparse)
-    connect(options)
+    #connect(options)
+
+    current_appliance = ::Morpheus::Cli::Remote.load_active_remote()
+    if current_appliance.nil?
+      #raise_command_error "No current appliance, see the command `remote use`"
+      unless options[:quiet]
+        print yellow, "No current appliance, see the command `remote use`", reset, "\n"
+      end
+      return 1, "No current appliance"
+    end
 
     # this does the same thing
     #return _get("current", options)
-
-    # appliance = load_remote_by_name("current")
-    appliance = @remote_appliance
+    appliance = current_appliance
+    #appliance = load_remote_by_name("current")
+    #appliance = @remote_appliance
     exit_code, err = 0, nil
     if appliance.nil?
       raise_command_error "no current remote appliance, see command `remote add`."
@@ -1283,7 +1307,6 @@ EOT
         end
       },
       "Response Time" => lambda {|it| format_duration_milliseconds(it[:last_check][:took]) rescue "" },
-      #"Response Time" => lambda {|it| format_sig_dig((it[:last_check][:took]/ 1000.to_f), 3) + "s" rescue "" },
       "Status" => lambda {|it| format_appliance_status(it, cyan) },
       "Error" => lambda {|it| 
         error_str = it[:last_check] ? it[:last_check][:error] : "" 

data/lib/morpheus/cli/reports_command.rb

@@ -15,7 +15,10 @@ class Morpheus::Cli::ReportsCommand
     @reports_interface = @api_client.reports
   end
 
-  register_subcommands :list, :get, :run, :view, :export, :remove, :types
+  register_subcommands :list, :get, :run, :view, :export, :remove
+  register_subcommands :'list-types' => :list_types
+  register_subcommands :'get-type' => :get_type
+  alias_subcommand :types, :'list-types'
   
   def default_refresh_interval
     5
@@ -271,10 +274,10 @@ class Morpheus::Cli::ReportsCommand
 
         # Report Types tell us what the available filters are...
         report_option_types = report_type['optionTypes'] || []
-        report_option_types = report_option_types.collect {|it|
-          it['fieldContext'] = nil
-          it
-        }
+        # report_option_types = report_option_types.collect {|it|
+        #   it['fieldContext'] = nil
+        #   it
+        # }
         # pluck out optionTypes like the UI does..
         metadata_option_type = nil
         if report_option_types.find {|it| it['fieldName'] == 'metadata' }
@@ -284,6 +287,13 @@ class Morpheus::Cli::ReportsCommand
         v_prompt = Morpheus::Cli::OptionTypes.prompt(report_option_types, options[:options], @api_client)
         payload.deep_merge!({'report' => v_prompt}) unless v_prompt.empty?
 
+        # strip out fieldContext: 'config' please
+        # just report.startDate instead of report.config.startDate
+        if payload['report']['config'].is_a?(Hash)
+          payload['report']['config']
+          payload['report'].deep_merge!(payload['report'].delete('config'))
+        end
+
         if metadata_option_type
           if !options[:options]['metadata']
             metadata_filter = prompt_metadata(options)
@@ -466,33 +476,30 @@ class Morpheus::Cli::ReportsCommand
     end
   end
 
-  def types(args)
+  def list_types(args)
+    params = {}
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage()
-      build_common_options(opts, options, [:list, :json, :dry_run, :remote])
+      build_standard_list_options(opts, options)
       opts.footer = "List report types."
     end
     optparse.parse!(args)
+    if args.count > 0
+      options[:phrase] = args.join(" ")
+    end
     connect(options)
-    begin
-      params = {}
-      params.merge!(parse_list_options(options))
-      
-      @reports_interface.setopts(options)
-      if options[:dry_run]
-        print_dry_run @reports_interface.dry.types(params)
-        return
-      end
-
-      json_response = @reports_interface.types(params)
-      if options[:json]
-        print JSON.pretty_generate(json_response)
-        print "\n"
-        return
-      end
-      
+    params.merge!(parse_list_options(options))
+    
+    @reports_interface.setopts(options)
+    if options[:dry_run]
+      print_dry_run @reports_interface.dry.types(params)
+      return
+    end
 
+    json_response = @reports_interface.types(params)
+    report_types = json_response['reportTypes']
+    render_response(json_response, options, 'reportTypes') do
       title = "Morpheus Report Types"
       subtitles = []
       subtitles += parse_list_subtitles(options)
@@ -520,13 +527,75 @@ class Morpheus::Cli::ReportsCommand
         end
       end
       print reset,"\n"
-      return 0
-    rescue RestClient::Exception => e
-      print_rest_exception(e, options)
-      exit 1
+    end
+    if report_types.empty?
+      return 1, "no report types found"
+    else
+      return 0, nil
     end
   end
 
+  def get_type(args)
+    params = {}
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage()
+      build_standard_get_options(opts, options)
+      opts.footer = <<-EOT
+Get report type
+[name] is required. This is the name of a report type
+EOT
+    end
+    optparse.parse!(args)
+    connect(options)
+    verify_args!(args:args, optparse:optparse, min:1)
+    params.merge!(parse_query_options(options))
+    params['name'] = args.join(" ")
+    @reports_interface.setopts(options)
+    if options[:dry_run]
+      print_dry_run @reports_interface.dry.types(params)
+      return
+    end
+    
+    # json_response = @reports_interface.types(params)
+    # api does not have a show() action right now... so find by code or name only
+    report_type = find_report_type_by_name_or_code_id(params['name'])
+    return 1 if report_type.nil?
+    
+    # json_response = @reports_interface.get_type(report_type['id'])
+    # report_type = json_response['reportType']
+    json_response = {'reportType' => report_type}
+    render_response(json_response, options, 'reportType') do
+      print_h1 "Report Type Details", [], options
+      
+      description_cols = {
+        "ID" => 'id',
+        "Name" => 'name',
+        "Code" => 'code',
+        "Description" => 'description',
+        "Category" => 'category'
+      }
+      print_description_list(description_cols, report_type)
+
+      print_h2 "Option Types", options
+      opt_columns = [
+        {"ID" => lambda {|it| it['id'] } },
+        {"NAME" => lambda {|it| it['name'] } },
+        {"TYPE" => lambda {|it| it['type'] } },
+        {"FIELD NAME" => lambda {|it| it['fieldName'] } },
+        {"FIELD LABEL" => lambda {|it| it['fieldLabel'] } },
+        {"DEFAULT" => lambda {|it| it['defaultValue'] } },
+        {"REQUIRED" => lambda {|it| format_boolean it['required'] } },
+      ]
+      option_types = report_type['optionTypes']
+      sorted_option_types = (option_types && option_types[0] && option_types[0]['displayOrder']) ? option_types.sort { |x,y| x['displayOrder'].to_i <=> y['displayOrder'].to_i } : option_types
+      print as_pretty_table(sorted_option_types, opt_columns)
+
+      print reset,"\n"
+    end
+    return 0, nil
+    
+  end
 
   def find_report_result_by_id(id)
     begin
@@ -551,7 +620,7 @@ class Morpheus::Cli::ReportsCommand
   end
 
   def find_report_type_by_id(id)
-    @all_report_types ||= @reports_interface.list({max: 1000})['reportTypes'] || []
+    @all_report_types ||= @reports_interface.types({max: 10000})['reportTypes'] || []
     report_types = @all_report_types.select { |it| id && it['id'] == id.to_i }
     if report_types.empty?
       print_red_alert "Report Type not found by id #{id}"
@@ -570,7 +639,7 @@ class Morpheus::Cli::ReportsCommand
   end
 
   def find_report_type_by_name_or_code(name)
-    @all_report_types ||= @reports_interface.list({max: 1000})['reportTypes'] || []
+    @all_report_types ||= @reports_interface.types({max: 10000})['reportTypes'] || []
     report_types = @all_report_types.select { |it| name && it['code'] == name || it['name'] == name }
     if report_types.empty?
       print_red_alert "Report Type not found by code #{name}"

data/lib/morpheus/cli/roles.rb

@@ -13,7 +13,7 @@ class Morpheus::Cli::Roles
   include Morpheus::Cli::AccountsHelper
   include Morpheus::Cli::ProvisioningHelper
   include Morpheus::Cli::WhoamiHelper
-  register_subcommands :list, :get, :add, :update, :remove, :'list-permissions', :'update-feature-access', :'update-global-group-access', :'update-group-access', :'update-global-cloud-access', :'update-cloud-access', :'update-global-instance-type-access', :'update-instance-type-access', :'update-global-blueprint-access', :'update-blueprint-access'
+  register_subcommands :list, :get, :add, :update, :remove, :'list-permissions', :'update-feature-access', :'update-global-group-access', :'update-group-access', :'update-global-cloud-access', :'update-cloud-access', :'update-global-instance-type-access', :'update-instance-type-access', :'update-global-blueprint-access', :'update-blueprint-access', :'update-global-catalog-item-type-access', :'update-catalog-item-type-access', :'update-persona-access'
   alias_subcommand :details, :get
   set_default_subcommand :list
 
@@ -101,12 +101,20 @@ class Morpheus::Cli::Roles
       opts.on('-b','--blueprint-access', "Display Blueprint Access") do
         options[:include_blueprint_access] = true
       end
-      opts.on('-a','--all-access', "Display All Access Lists") do
+      opts.on(nil,'--catalog-item-type-access', "Display Catalog Item Type Access") do
+        options[:include_catalog_item_types_access] = true
+      end
+      opts.on(nil,'--personas', "Display Persona Access") do
+        options[:include_personas_access] = true
+      end
+      opts.on('-a','--all', "Display All Access Lists") do
         options[:include_feature_access] = true
         options[:include_group_access] = true
         options[:include_cloud_access] = true
         options[:include_instance_type_access] = true
         options[:include_blueprint_access] = true
+        options[:include_catalog_item_types_access] = true
+        options[:include_personas_access] = true
       end
       build_standard_get_options(opts, options)
       opts.footer = <<-EOT
@@ -198,57 +206,75 @@ EOT
           rows = rows.select {|row| row[:code].to_s =~ phrase_regexp || row[:name].to_s =~ phrase_regexp }
         end
         print as_pretty_table(rows, [:code, :name, :access], options)
+        print reset,"\n"
       else
         print cyan,"Use --permissions to list permissions","\n"
       end
 
+      has_group_access = true
+      has_cloud_access = true
       print_h2 "Global Access", options
-      puts as_pretty_table([json_response], [
-        {"Groups" => lambda {|it| get_access_string(it['globalSiteAccess']) } },
-        {"Clouds" => lambda {|it| get_access_string(it['globalZoneAccess']) } },
-        {"Instance Types" => lambda {|it| get_access_string(it['globalInstanceTypeAccess']) } },
-        {"Blueprints" => lambda {|it| get_access_string(it['globalAppTemplateAccess'] || it['globalBlueprintAccess']) } },
-      ], options)
-
-      #print_h2 "Group Access: #{get_access_string(json_response['globalSiteAccess'])}", options
-      print cyan
-      if json_response['globalSiteAccess'] == 'custom'
-        print_h2 "Group Access", options
-        if options[:include_group_access]
-          rows = json_response['sites'].collect do |it|
-            {
-              name: it['name'],
-              access: format_access_string(it['access'], ["none","read","full"]),
-            }
+      global_access_columns = {
+        "Groups" => lambda {|it| get_access_string(it['globalSiteAccess']) },
+        "Clouds" => lambda {|it| get_access_string(it['globalZoneAccess']) },
+        "Instance Types" => lambda {|it| get_access_string(it['globalInstanceTypeAccess']) },
+        "Blueprints" => lambda {|it| get_access_string(it['globalAppTemplateAccess'] || it['globalBlueprintAccess']) },
+        "Catalog Item Types" => lambda {|it| get_access_string(it['globalCatalogItemTypeAccess']) },
+      }
+      if role['roleType'].to_s.downcase == 'account'
+        global_access_columns.delete("Groups")
+        has_group_access = false
+      else
+        global_access_columns.delete("Clouds")
+        has_cloud_access = false
+      end
+      puts as_pretty_table([json_response], global_access_columns, options)
+
+      if has_group_access
+        #print_h2 "Group Access: #{get_access_string(json_response['globalSiteAccess'])}", options
+        print cyan
+        if json_response['globalSiteAccess'] == 'custom'
+          print_h2 "Group Access", options
+          if options[:include_group_access]
+            rows = json_response['sites'].collect do |it|
+              {
+                name: it['name'],
+                access: format_access_string(it['access'], ["none","read","full"]),
+              }
+            end
+            print as_pretty_table(rows, [:name, :access], options)
+          else
+            print cyan,"Use -g, --group-access to list custom access","\n"
           end
-          print as_pretty_table(rows, [:name, :access], options)
+          print reset,"\n"
         else
-          print cyan,"Use -g, --group-access to list custom access","\n"
+          # print "\n"
+          # print cyan,bold,"Group Access: #{get_access_string(json_response['globalSiteAccess'])}",reset,"\n"
         end
-      else
-        # print "\n"
-        # print cyan,bold,"Group Access: #{get_access_string(json_response['globalSiteAccess'])}",reset,"\n"
       end
       
-      print cyan
-      #puts "Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}"
-      #print "\n"
-      if json_response['globalZoneAccess'] == 'custom'
-        print_h2 "Cloud Access", options
-        if options[:include_cloud_access]
-          rows = json_response['zones'].collect do |it|
-            {
-              name: it['name'],
-              access: format_access_string(it['access'], ["none","read","full"]),
-            }
+      if has_cloud_access
+        print cyan
+        #puts "Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}"
+        #print "\n"
+        if json_response['globalZoneAccess'] == 'custom'
+          print_h2 "Cloud Access", options
+          if options[:include_cloud_access]
+            rows = json_response['zones'].collect do |it|
+              {
+                name: it['name'],
+                access: format_access_string(it['access'], ["none","read","full"]),
+              }
+            end
+            print as_pretty_table(rows, [:name, :access], options)
+          else
+            print cyan,"Use -c, --cloud-access to list custom access","\n"
           end
-          print as_pretty_table(rows, [:name, :access], options)
+          print reset,"\n"
         else
-          print cyan,"Use -c, --cloud-access to list custom access","\n"
+          # print "\n"
+          # print cyan,bold,"Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}",reset,"\n"
         end
-      else
-        # print "\n"
-        # print cyan,bold,"Cloud Access: #{get_access_string(json_response['globalZoneAccess'])}",reset,"\n"
       end
 
       print cyan
@@ -267,6 +293,7 @@ EOT
         else
           print cyan,"Use -i, --instance-type-access to list custom access","\n"
         end
+        print reset,"\n"
       else
         # print "\n"
         # print cyan,bold,"Instance Type Access: #{get_access_string(json_response['globalInstanceTypeAccess'])}",reset,"\n"
@@ -290,12 +317,55 @@ EOT
         else
           print cyan,"Use -b, --blueprint-access to list custom access","\n"
         end
+        print reset,"\n"
       else
         # print "\n"
         # print cyan,bold,"Blueprint Access: #{get_access_string(json_response['globalAppTemplateAccess'])}",reset,"\n"
       end
-      print reset,"\n"
+
+      
+      catalog_item_type_global_access = json_response['globalCatalogItemTypeAccess']
+      catalog_item_type_permissions = json_response['catalogItemTypePermissions'] || []
+      print cyan
+      # print_h2 "catalog_item_type Access: #{get_access_string(json_response['globalCatalogItemTypeAccess'])}", options
+      # print "\n"
+      if catalog_item_type_global_access == 'custom'
+        print_h2 "Catalog Item Type Access", options
+        if options[:include_catalog_item_types_access]
+          rows = catalog_item_type_permissions.collect do |it|
+            {
+              name: it['name'],
+              access: format_access_string(it['access'], ["none","read","full"]),
+            }
+          end
+          print as_pretty_table(rows, [:name, :access], options)
+        else
+          print cyan,"Use --catalog-item-type-access to list custom access","\n"
+        end
+      else
+        # print "\n"
+        # print cyan,bold,"Catalog Item Type Access: #{get_access_string(json_response['globalCatalogItemTypeAccess'])}",reset,"\n"
+      end
+      
+
+      persona_permissions = json_response['personaPermissions'] || json_response['personas'] || []
+      # if options[:include_personas_access]
+      if persona_permissions
+        print_h2 "Persona Access", options
+        rows = persona_permissions.collect do |it|
+          {
+            name: it['name'],
+            access: format_access_string(it['access'], ["none","read","full"]),
+          }
+        end
+        print as_pretty_table(rows, [:name, :access], options)
+        print reset,"\n"        
+      end
+
+      # print reset,"\n"
+      
     end
+
     return 0, nil
   end
 
@@ -449,6 +519,10 @@ EOT
           end
         end
 
+        # v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'optionSource' => 'personas', 'description' => 'Default Persona'}], options[:options], @api_client)
+        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'selectOptions' => [{'name'=>'Service Catalog','value'=>'serviceCatalog'},{'name'=>'Standard','value'=>'standard'}], 'description' => 'Default Persona'}], options[:options], @api_client)
+        role_payload['defaultPersona'] = {'code' => v_prompt['defaultPersona']} unless v_prompt['defaultPersona'].to_s.strip.empty?
+
         payload = {"role" => role_payload}
       end
       @roles_interface.setopts(options)
@@ -493,7 +567,7 @@ EOT
     options = {}
     params = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name] [options]")
+      opts.banner = subcommand_usage("[role] [options]")
       build_option_type_options(opts, options, update_role_option_types)
       build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
     end
@@ -571,7 +645,7 @@ EOT
   def remove(args)
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name]")
+      opts.banner = subcommand_usage("[role]")
       build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :remote])
     end
     optparse.parse!(args)
@@ -711,41 +785,46 @@ EOT
     group_name = nil
     access_value = nil
     do_all = false
+    allowed_access_values = ['full', 'read', 'none']
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name]")
+      opts.banner = subcommand_usage("[role] [group] [access]")
       opts.on( '-g', '--group GROUP', "Group name or id" ) do |val|
         group_name = val
       end
       opts.on( nil, '--all', "Update all groups at once." ) do
         do_all = true
       end
-      opts.on( '--access VALUE', String, "Access value [full|read|none]" ) do |val|
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
         access_value = val
       end
       build_common_options(opts, options, [:json, :dry_run, :remote])
       opts.footer = "Update role access for a group or all groups.\n" +
-                    "[name] is required. This is the name or id of a role.\n" + 
+                    "[role] is required. This is the name or id of a role.\n" + 
                     "--group or --all is required. This is the name or id of a group.\n" + 
-                    "--access is required. This is the new access value."
+                    "--access is required. This is the new access value. #{anded_list(allowed_access_values)}"
     end
     optparse.parse!(args)
-    if args.count < 1
-      puts optparse
-      return 1
-    end
-    name = args[0]
-    # support old usage: [name] [group] [access]
-    group_name ||= args[1]
-    access_value ||= args[2]
 
-    if (!group_name && !do_all) || !access_value
-      puts optparse
-      return 1
+    # usage: update-group-access [role] [access] --all
+    #        update-group-access [role] [group] [access]
+    name = args[0]
+    if do_all
+      verify_args!(args:args, optparse:optparse, min:1, max:2)
+      access_value = args[1] if args[1]
+    else
+      verify_args!(args:args, optparse:optparse, min:1, max:3)
+      group_id = args[1] if args[1]
+      access_value = args[2] if args[2]
+    end
+    if !group_id && !do_all
+      raise_command_error("missing required argument: [group] or --all", optparse)
+    end
+    if !access_value
+      raise_command_error("missing required argument: [access]", optparse)
     end
-    
     access_value = access_value.to_s.downcase
-
-    if !['full', 'read', 'none'].include?(access_value)
+    if !allowed_access_values.include?(access_value)
+      raise_command_error("invalid access value: #{access_value}", optparse)
       puts optparse
       return 1
     end
@@ -856,6 +935,7 @@ EOT
     cloud_name = nil
     access_value = nil
     do_all = false
+    allowed_access_values = ['full', 'read', 'none']
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[name]")
       opts.on( '-c', '--cloud CLOUD', "Cloud name or id" ) do |val|
@@ -865,7 +945,7 @@ EOT
       opts.on( nil, '--all', "Update all clouds at once." ) do
         do_all = true
       end
-      opts.on( '--access VALUE', String, "Access value [full|read|none]" ) do |val|
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
         access_value = val
       end
       opts.on( '-g', '--group GROUP', "Group to find cloud in" ) do |val|
@@ -873,32 +953,34 @@ EOT
       end
       build_common_options(opts, options, [:json, :dry_run, :remote])
       opts.footer = "Update role access for a cloud or all clouds.\n" +
-                    "[name] is required. This is the name or id of a role.\n" + 
+                    "[role] is required. This is the name or id of a role.\n" + 
                     "--cloud or --all is required. This is the name or id of a cloud.\n" + 
-                    "--access is required. This is the new access value."
+                    "--access is required. This is the new access value. #{anded_list(allowed_access_values)}"
     end
     optparse.parse!(args)
 
-    if args.count < 1
-      puts optparse
-      return 1
-    end
+    # usage: update-cloud-access [role] [access] --all
+    #        update-cloud-access [role] [cloud] [access]
     name = args[0]
-    # support old usage: [name] [cloud] [access]
-    cloud_name ||= args[1]
-    access_value ||= args[2]
-
-    if (!cloud_name && !do_all) || !access_value
-      puts optparse
-      return 1
+    if do_all
+      verify_args!(args:args, optparse:optparse, min:1, max:2)
+      access_value = args[1] if args[1]
+    else
+      verify_args!(args:args, optparse:optparse, min:1, max:3)
+      cloud_id = args[1] if args[1]
+      access_value = args[2] if args[2]
+    end
+    if !cloud_id && !do_all
+      raise_command_error("missing required argument: [cloud] or --all", optparse)
+    end
+    if !access_value
+      raise_command_error("missing required argument: [access]", optparse)
     end
-    puts "cloud_name is : #{cloud_name}"
-    puts "access_value is : #{access_value}"
     access_value = access_value.to_s.downcase
-
-    if !['full', 'none'].include?(access_value)
+    if !allowed_access_values.include?(access_value)
+      raise_command_error("invalid access value: #{access_value}", optparse)
       puts optparse
-      exit 1
+      return 1
     end
 
     connect(options)
@@ -966,10 +1048,10 @@ EOT
   end
 
   def update_global_instance_type_access(args)
-    usage = "Usage: morpheus roles update-global-instance-type-access [name] [full|custom|none]"
+    usage = "Usage: morpheus roles update-global-instance-type-access [role] [full|custom|none]"
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name] [full|custom|none]")
+      opts.banner = subcommand_usage("[role] [full|custom|none]")
       build_common_options(opts, options, [:json, :dry_run, :remote])
     end
     optparse.parse!(args)
@@ -1018,22 +1100,23 @@ EOT
     instance_type_name = nil
     access_value = nil
     do_all = false
+    allowed_access_values = ['full', 'none']
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name]")
+      opts.banner = subcommand_usage("[role] [type] [access]")
       opts.on( '--instance-type INSTANCE_TYPE', String, "Instance Type name" ) do |val|
         instance_type_name = val
       end
       opts.on( nil, '--all', "Update all instance types at once." ) do
         do_all = true
       end
-      opts.on( '--access VALUE', String, "Access value [full|read|none]" ) do |val|
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
         access_value = val
       end
       build_common_options(opts, options, [:json, :dry_run, :remote])
       opts.footer = "Update role access for an instance type or all instance types.\n" +
-                    "[name] is required. This is the name or id of a role.\n" + 
+                    "[role] is required. This is the name or id of a role.\n" + 
                     "--instance-type or --all is required. This is the name of an instance type.\n" + 
-                    "--access is required. This is the new access value."
+                    "--access is required. This is the new access value. #{anded_list(allowed_access_values)}"
     end
     optparse.parse!(args)
 
@@ -1042,7 +1125,7 @@ EOT
       return 1
     end
     name = args[0]
-    # support old usage: [name] [instance-type] [access]
+    # support old usage: [role] [instance-type] [access]
     instance_type_name ||= args[1]
     access_value ||= args[2]
 
@@ -1111,10 +1194,10 @@ EOT
   end
 
   def update_global_blueprint_access(args)
-    usage = "Usage: morpheus roles update-global-blueprint-access [name] [full|custom|none]"
+    usage = "Usage: morpheus roles update-global-blueprint-access [role] [full|custom|none]"
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name] [full|custom|none]")
+      opts.banner = subcommand_usage("[role] [full|custom|none]")
       build_common_options(opts, options, [:json, :dry_run, :remote])
     end
     optparse.parse!(args)
@@ -1163,42 +1246,46 @@ EOT
     blueprint_id = nil
     access_value = nil
     do_all = false
+    allowed_access_values = ['full', 'none']
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[name]")
+      opts.banner = subcommand_usage("[role] [blueprint] [access]")
       opts.on( '--blueprint ID', String, "Blueprint ID or Name" ) do |val|
         blueprint_id = val
       end
       opts.on( nil, '--all', "Update all blueprints at once." ) do
         do_all = true
       end
-      opts.on( '--access VALUE', String, "Access value [full|read|none]" ) do |val|
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
         access_value = val
       end
       build_common_options(opts, options, [:json, :dry_run, :remote])
       opts.footer = "Update role access for an blueprint or all blueprints.\n" +
-                    "[name] is required. This is the name or id of a role.\n" + 
+                    "[role] is required. This is the name or id of a role.\n" + 
                     "--blueprint or --all is required. This is the name or id of a blueprint.\n" + 
-                    "--access is required. This is the new access value."
+                    "--access is required. This is the new access value. #{anded_list(allowed_access_values)}"
     end
     optparse.parse!(args)
 
-    if args.count < 1
-      puts optparse
-      return 1
-    end
+    # usage: update-blueprint-access [role] [access] --all
+    #        update-blueprint-access [role] [blueprint] [access]
     name = args[0]
-    # support old usage: [name] [blueprint] [access]
-    blueprint_id ||= args[1]
-    access_value ||= args[2]
-
-    if (!blueprint_id && !do_all) || !access_value
-      puts_error optparse
-      return 1
+    if do_all
+      verify_args!(args:args, optparse:optparse, min:1, max:2)
+      access_value = args[1] if args[1]
+    else
+      verify_args!(args:args, optparse:optparse, min:1, max:3)
+      blueprint_id = args[1] if args[1]
+      access_value = args[2] if args[2]
+    end
+    if !blueprint_id && !do_all
+      raise_command_error("missing required argument: [blueprint] or --all", optparse)
+    end
+    if !access_value
+      raise_command_error("missing required argument: [access]", optparse)
     end
-    
     access_value = access_value.to_s.downcase
-
-    if !['full', 'none'].include?(access_value)
+    if !allowed_access_values.include?(access_value)
+      raise_command_error("invalid access value: #{access_value}", optparse)
       puts optparse
       return 1
     end
@@ -1267,16 +1354,269 @@ EOT
     end
   end
 
+  def update_global_catalog_item_type_access(args)
+    usage = "Usage: morpheus roles update-global-catalog-item-type-access [role] [full|custom|none]"
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[role] [full|custom|none]")
+      build_common_options(opts, options, [:json, :dry_run, :remote])
+    end
+    optparse.parse!(args)
+
+    if args.count < 2
+      puts optparse
+      exit 1
+    end
+    name = args[0]
+    access_value = args[1].to_s.downcase
+    if !['full', 'custom', 'none'].include?(access_value)
+      puts optparse
+      exit 1
+    end
+
+
+    connect(options)
+    begin
+      account = find_account_from_options(options)
+      account_id = account ? account['id'] : nil
+      role = find_role_by_name_or_id(account_id, name)
+      exit 1 if role.nil?
+
+      params = {permissionCode: 'CatalogItemType', access: access_value}
+      @roles_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
+        return
+      end
+      json_response = @roles_interface.update_permission(account_id, role['id'], params)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      else
+        print_green_success "Role #{role['authority']} global catalog item type access updated"
+      end
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def update_catalog_item_type_access(args)
+    options = {}
+    catalog_item_type_id = nil
+    access_value = nil
+    do_all = false
+    allowed_access_values = ['full', 'none']
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[role] [catalog-item-type] [access]")
+      opts.on( '--catalog-item-type ID', String, "Catalog Item Type ID or Name" ) do |val|
+        catalog_item_type_id = val
+      end
+      opts.on( nil, '--all', "Update all catalog item types at once." ) do
+        do_all = true
+      end
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
+        access_value = val
+      end
+      build_common_options(opts, options, [:json, :dry_run, :remote])
+      opts.footer = "Update role access for an catalog item type or all types.\n" +
+                    "[role] is required. This is the name or id of a role.\n" + 
+                    "--catalog-item-type or --all is required. This is the name or id of a catalog item type.\n" + 
+                    "--access is required. This is the new access value. #{anded_list(allowed_access_values)}"
+    end
+    optparse.parse!(args)
+
+    # usage: update-catalog_item_type-access [role] [access] --all
+    #        update-catalog_item_type-access [role] [catalog-item-type] [access]
+    name = args[0]
+    if do_all
+      verify_args!(args:args, optparse:optparse, min:1, max:2)
+      access_value = args[1] if args[1]
+    else
+      verify_args!(args:args, optparse:optparse, min:1, max:3)
+      catalog_item_type_id = args[1] if args[1]
+      access_value = args[2] if args[2]
+    end
+    if !catalog_item_type_id && !do_all
+      raise_command_error("missing required argument: [catalog-item-type] or --all", optparse)
+    end
+    if !access_value
+      raise_command_error("missing required argument: [access]", optparse)
+    end
+    access_value = access_value.to_s.downcase
+    if !allowed_access_values.include?(access_value)
+      raise_command_error("invalid access value: #{access_value}", optparse)
+      puts optparse
+      return 1
+    end
+
+    connect(options)
+    begin
+      account = find_account_from_options(options)
+      account_id = account ? account['id'] : nil
+      role = find_role_by_name_or_id(account_id, name)
+      return 1 if role.nil?
+
+      role_json = @roles_interface.get(account_id, role['id'])
+      catalog_item_type_global_access = role_json['globalCatalogItemTypeAccess']
+      catalog_item_type_permissions = role_json['catalogItemTypePermissions'] || []
+      if catalog_item_type_global_access != 'custom'
+        print "\n", red, "Global Catalog Item Type Access is currently: #{catalog_item_type_global_access.to_s.capitalize}"
+        print "\n", "You must first set it to Custom via `morpheus roles update-global-catalog-item-type-access \"#{name}\" custom`"
+        print "\n\n", reset
+        return 1
+      end
+
+      # hacky, but support name or code lookup via the list returned in the show payload
+      catalog_item_type = nil
+      if !do_all
+        if catalog_item_type_id.to_s =~ /\A\d{1,}\Z/
+          catalog_item_type = catalog_item_type_permissions.find {|b| b['id'] == catalog_item_type_id.to_i }
+        else
+          catalog_item_type = catalog_item_type_permissions.find {|b| b['name'] == catalog_item_type_id }
+        end
+        if catalog_item_type.nil?
+          print_red_alert "Catalog Item Type not found: '#{catalog_item_type_id}'"
+          return 1
+        end
+      end
+
+      params = {}
+      if do_all
+        params['allCatalogItemTypes'] = true
+      else
+        params['catalogItemTypeId'] = catalog_item_type['id']
+      end
+      params['access'] = access_value
+      @roles_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @roles_interface.dry.update_catalog_item_type(account_id, role['id'], params)
+        return
+      end
+      json_response = @roles_interface.update_catalog_item_type(account_id, role['id'], params)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      else
+        if do_all
+          print_green_success "Role #{role['authority']} access updated for all catalog item types"
+        else
+          print_green_success "Role #{role['authority']} access updated for catalog item type #{catalog_item_type['name']}"
+        end
+      end
+      return 0
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def update_persona_access(args)
+    options = {}
+    persona_id = nil
+    name = nil
+    access_value = nil
+    do_all = false
+    allowed_access_values = ['full', 'none']
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[role] [persona] [access]")
+      opts.on( '--persona CODE', String, "Persona Code" ) do |val|
+        persona_id = val
+      end
+      opts.on( nil, '--all', "Update all personas at once." ) do
+        do_all = true
+      end
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
+        access_value = val
+      end
+      build_common_options(opts, options, [:json, :dry_run, :remote])
+      opts.footer = "Update role access for a persona or all personas.\n" +
+                    "[role] is required. This is the name or id of a role.\n" + 
+                    "--persona or --all is required. This is the code of a persona. Service Catalog or Standard\n" + 
+                    "--access is required. This is the new access value. #{anded_list(allowed_access_values)}"
+    end
+    optparse.parse!(args)
+
+    # usage: update-persona-access [role] [access] --all
+    #        update-persona-access [role] [persona] [access]
+    name = args[0]
+    if do_all
+      verify_args!(args:args, optparse:optparse, min:1, max:2)
+      access_value = args[1] if args[1]
+    else
+      verify_args!(args:args, optparse:optparse, min:1, max:3)
+      persona_id = args[1] if args[1]
+      access_value = args[2] if args[2]
+    end
+    if !persona_id && !do_all
+      raise_command_error("missing required argument: [persona] or --all", optparse)
+    end
+    if !access_value
+      raise_command_error("missing required argument: [access]", optparse)
+    end
+    access_value = access_value.to_s.downcase
+    if !allowed_access_values.include?(access_value)
+      raise_command_error("invalid access value: #{access_value}", optparse)
+      puts optparse
+      return 1
+    end
+
+    connect(options)
+    begin
+      account = find_account_from_options(options)
+      account_id = account ? account['id'] : nil
+      role = find_role_by_name_or_id(account_id, name)
+      return 1 if role.nil?
+
+      role_json = @roles_interface.get(account_id, role['id'])
+      
+      # no lookup right now, pass the code serviceCatalog|standard
+      persona_code = persona_id
+
+      params = {}
+      if do_all
+        params['allPersonas'] = true
+      else
+        params['personaCode'] = persona_code
+      end
+      params['access'] = access_value
+      @roles_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @roles_interface.dry.update_persona(account_id, role['id'], params)
+        return
+      end
+      json_response = @roles_interface.update_persona(account_id, role['id'], params)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      else
+        if do_all
+          print_green_success "Role #{role['authority']} access updated for all personas"
+        else
+          print_green_success "Role #{role['authority']} access updated for persona #{persona_code}"
+        end
+      end
+      return 0
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
   private
   
   def add_role_option_types
     [
-      {'fieldName' => 'authority', 'fieldLabel' => 'Name', 'type' => 'text', 'required' => true, 'displayOrder' => 1},
-      {'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text', 'displayOrder' => 2},
-      {'fieldName' => 'roleType', 'fieldLabel' => 'Role Type', 'type' => 'select', 'selectOptions' => [{'name' => 'User Role', 'value' => 'user'}, {'name' => 'Account Role', 'value' => 'account'}], 'defaultValue' => 'user', 'displayOrder' => 3},
-      {'fieldName' => 'baseRole', 'fieldLabel' => 'Copy From Role', 'type' => 'text', 'displayOrder' => 4},
-      {'fieldName' => 'multitenant', 'fieldLabel' => 'Multitenant', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'A Multitenant role is automatically copied into all existing subaccounts as well as placed into a subaccount when created. Useful for providing a set of predefined roles a Customer can use', 'displayOrder' => 5},
-      {'fieldName' => 'multitenantLocked', 'fieldLabel' => 'Multitenant Locked', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'Prevents subtenants from branching off this role/modifying it. ', 'displayOrder' => 6}
+      {'fieldName' => 'authority', 'fieldLabel' => 'Name', 'type' => 'text', 'required' => true},
+      {'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text'},
+      {'fieldName' => 'roleType', 'fieldLabel' => 'Role Type', 'type' => 'select', 'selectOptions' => [{'name' => 'User Role', 'value' => 'user'}, {'name' => 'Account Role', 'value' => 'account'}], 'defaultValue' => 'user'},
+      {'fieldName' => 'baseRole', 'fieldLabel' => 'Copy From Role', 'type' => 'text'},
+      {'fieldName' => 'multitenant', 'fieldLabel' => 'Multitenant', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'A Multitenant role is automatically copied into all existing subaccounts as well as placed into a subaccount when created. Useful for providing a set of predefined roles a Customer can use'},
+      {'fieldName' => 'multitenantLocked', 'fieldLabel' => 'Multitenant Locked', 'type' => 'checkbox', 'defaultValue' => 'off', 'description' => 'Prevents subtenants from branching off this role/modifying it. '},
+      {'fieldName' => 'defaultPersona', 'fieldLabel' => 'Default Persona', 'type' => 'select', 'selectOptions' => [{'name'=>'Service Catalog','value'=>'serviceCatalog'},{'name'=>'Standard','value'=>'standard'}], 'description' => 'Default Persona'}
     ]
   end