morpheus-cli 8.0.13 → 8.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aad3ce7f814765f24cd6d8c0c54c234d6c745be616536a92b3005e127740f2d0
-  data.tar.gz: af0212f0f02ee8f85133c36790493e09542112e9e21ee183692cce150a029e29
+  metadata.gz: f058297ee2bc6b9cc1dac3f97bb2aad27785687af9283e89b5275b101a126145
+  data.tar.gz: 21f00f181e173a464d579d2f6368d12fbe9880530d01fd59cebc40775eb9af78
 SHA512:
-  metadata.gz: 648640393d42c0a3dc358a198baf5c513cbf48e8c58202143974f7bbd15e2acc06f7cd3c35305a6404ddabb9ed0ee64c16c4beb84bbda588d7c03df4debca69d
-  data.tar.gz: 4a1b6e530ebcb825f2c1bc54e04ea29ad0ec249f1b3ddc65d1bfce2144db1f17c1389d2368ee9f4dbb4398f5be911b1509f418f6ee9a28c8c42bd1e4e95b3cc2
+  metadata.gz: fea8e30a0ff487c060873ca4ba6a3d4af91c52f819e6956675d653dc57c330d495b2f27b9d821e7314da332573acb8bf6bc17380a283fe1404a80789eebda5b0
+  data.tar.gz: 8d5fb8b37a542e13f5e9656e2d355b9224ed51ede6a4e749620b3dbdf059a3449b2b09e64c4d97a0b2458469d99508dbf3029a158c1a234a72736ccdc7b6437f

data/Dockerfile

@@ -1,5 +1,5 @@
 FROM ruby:2.7.5
 
-RUN gem install morpheus-cli -v 8.0.13
+RUN gem install morpheus-cli -v 8.1.0
 
 ENTRYPOINT ["morpheus"]

data/bin/morpheus

@@ -2,11 +2,14 @@
 require 'morpheus'
 
 # arguments
-args = ARGV
+args = ARGV.dup
 
-# input pipe
-# append piped data as arguments
-if !$stdin.tty?
+# input pipe: only read stdin as arguments when --stdin is explicitly passed.
+# Previously stdin was always consumed when not a TTY, which caused morpheus
+# invoked inside a piped bash script (e.g. base64 -d <<< <script> | bash -l)
+# to consume the remaining script lines as CLI arguments (MORPH-6237).
+# Usage: echo 42 | morpheus instances get --stdin
+if args.delete('--stdin') && !$stdin.tty?
   pipe_data = $stdin.read
   if pipe_data
     args += pipe_data.split

data/lib/morpheus/api/api_client.rb

@@ -412,6 +412,14 @@ class Morpheus::APIClient
     Morpheus::ServersInterface.new(common_interface_options).setopts(@options)
   end
 
+  def systems
+    Morpheus::SystemsInterface.new(common_interface_options).setopts(@options)
+  end
+
+  def system_types
+    Morpheus::SystemTypesInterface.new(common_interface_options).setopts(@options)
+  end
+
   def server_devices
     Morpheus::ServerDevicesInterface.new(common_interface_options).setopts(@options)
   end

data/lib/morpheus/api/roles_interface.rb

@@ -118,6 +118,20 @@ class Morpheus::RolesInterface < Morpheus::APIClient
     execute(method: :put, url: url, headers: headers, payload: payload.to_json)
   end
 
+  def update_cluster_type(account_id, id, options)
+    url = build_url(account_id, id) + "/update-cluster-type"
+    headers = { :authorization => "Bearer #{@access_token}", 'Content-Type' => 'application/json' }
+    payload = options
+    execute(method: :put, url: url, headers: headers, payload: payload.to_json)
+  end
+
+  def validate(account_id, options, params={})
+    url = "#{@base_url}/api/roles/validate"
+    headers = { :authorization => "Bearer #{@access_token}", 'Content-Type' => 'application/json' }
+    payload = options
+    execute(method: :post, url: url, headers: headers, payload: payload.to_json, params: params)
+  end
+
   private
 
   def build_url(account_id=nil, role_id=nil)

data/lib/morpheus/api/system_types_interface.rb

@@ -0,0 +1,13 @@
+require 'morpheus/api/rest_interface'
+
+class Morpheus::SystemTypesInterface < Morpheus::RestInterface
+
+  def base_path
+    "/api/infrastructure/system-types"
+  end
+
+  def list_layouts(type_id, params = {})
+    execute(method: :get, url: "#{base_path}/#{type_id}/layouts", params: params)
+  end
+
+end

data/lib/morpheus/api/systems_interface.rb

@@ -0,0 +1,9 @@
+require 'morpheus/api/rest_interface'
+
+class Morpheus::SystemsInterface < Morpheus::RestInterface
+
+  def base_path
+    "/api/infrastructure/systems"
+  end
+
+end

data/lib/morpheus/cli/commands/backups_command.rb

@@ -528,6 +528,8 @@ EOT
     {
       "ID" => 'id',
       "Name" => 'name',
+      "Type" => lambda {|it| format_backup_type_tag(it) },
+      "Location" => lambda {|it| format_backup_location_tag(it) },
       "Schedule" => lambda {|it| it['schedule']['name'] rescue '' },
       "Backup Job" => lambda {|it| it['job']['name'] rescue '' },
       "Created" => lambda {|it| format_local_dt(it['dateCreated']) },
@@ -539,6 +541,8 @@ EOT
     {
       "ID" => 'id',
       "Name" => 'name',
+      "Backup Type" => lambda {|it| format_backup_type_tag(it) },
+      "Backup Location" => lambda {|it| format_backup_location_tag(it) },
       "Location Type" => lambda {|it| 
         if it['locationType'] == "instance"
           "Instance"
@@ -589,6 +593,33 @@ EOT
     "#{result['backup']['name']} (#{format_local_dt(result['startDate'])})"
   end
 
+  # format backup type tag (manual or policy-based)
+  def format_backup_type_tag(backup)
+    # check if backup has a schdule or job associated with it
+    # manual backups typically dont have a schedule while policy-based do
+    if backup['cronExpression'] || (backup['schedule'] && backup['schedule']['id'])
+      "#{cyan}POLICY#{reset}"
+    elsif backup['job'] && backup['job']['id']
+      "#{cyan}POLICY#{reset}"
+    else
+      "#{yellow}MANUAL#{reset}"
+    end
+  end
+
+  # format backup location tag (local or remote)
+  def format_backup_location_tag(backup)
+    # check storage provider or backup provider indicating remote storage
+    if backup['storageProvider'] && backup['storageProvider']['id']
+      provider_type = backup['storageProvider']['type'] || backup['storageProvider']['providerType'] || ''
+      "#{green}REMOTE#{reset} (#{provider_type})"
+    elsif backup['backupProvider'] && backup['backupProvider']['id']
+      provider_type = backup['backupProvider']['type'] || backup['backupProvider']['providerType'] || ''
+      "#{green}REMOTE#{reset} (#{provider_type})"
+    else
+      "#{blue}LOCAL#{reset}"
+    end
+  end
+
   # prompt for an instance config (vdiPool.instanceConfig)
   def prompt_restore_instance_config(options)
     # use config if user passed one in..

data/lib/morpheus/cli/commands/library_option_lists_command.rb

@@ -171,11 +171,17 @@ class Morpheus::Cli::LibraryOptionListsCommand
           "Credentials" => lambda {|it| it['credential'] ? (it['credential']['type'] == 'local' ? '(Local)' : it['credential']['name']) : nil },
           "Username" => 'serviceUsername',
           "Password" => 'servicePassword',
+          "Inject System Auth Header" => lambda {|it| format_boolean it['injectExecutionLeaseAuth'] },
+          "Use Owner Authorization"   => lambda {|it| format_boolean it['useOwnerAuth'] }
         }
         option_list_columns.delete("API Type") if option_type_list['type'] != 'api'
         option_list_columns.delete("Credentials") if !['rest','ldap'].include?(option_type_list['type']) # || !(option_type_list['credential'] && option_type_list['credential']['id'])
         option_list_columns.delete("Username") if !['rest','ldap'].include?(option_type_list['type']) || !(option_type_list['serviceUsername'])
         option_list_columns.delete("Password") if !['rest','ldap'].include?(option_type_list['type']) || !(option_type_list['servicePassword'])
+        option_list_columns.delete("Inject System Auth Header") if option_type_list['type'] != 'rest'
+        option_list_columns.delete("Use Owner Authorization")   if option_type_list['type'] != 'rest'
+        option_list_columns.delete("Inject System Auth Header") if option_type_list['type'] != 'rest'
+        option_list_columns.delete("Use Owner Authorization") if option_type_list['type'] != 'rest'
         source_headers = []
         if option_type_list['config'] && option_type_list['config']['sourceHeaders']
           source_headers = option_type_list['config']['sourceHeaders'].collect do |header|
@@ -291,7 +297,7 @@ class Morpheus::Cli::LibraryOptionListsCommand
           end
         end
         # tweak payload for API
-        ['ignoreSSLErrors', 'realTime'].each { |k|
+        ['ignoreSSLErrors', 'realTime', 'injectExecutionLeaseAuth', 'useOwnerAuth'].each { |k|
           list_payload[k] = ['on','true'].include?(list_payload[k].to_s) if list_payload.key?(k)
         }
         payload.deep_merge!({'optionTypeList' => list_payload})
@@ -348,7 +354,7 @@ class Morpheus::Cli::LibraryOptionListsCommand
           end
         end
         # tweak payload for API
-        ['ignoreSSLErrors', 'realTime'].each { |k|
+        ['ignoreSSLErrors', 'realTime', 'injectExecutionLeaseAuth', 'useOwnerAuth'].each { |k|
           list_payload[k] = ['on','true'].include?(list_payload[k].to_s) if list_payload.key?(k)
         }
         payload.deep_merge!({'optionTypeList' => list_payload})
@@ -437,6 +443,8 @@ class Morpheus::Cli::LibraryOptionListsCommand
         {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'sourceUrl', 'fieldLabel' => 'Source Url', 'type' => 'text', 'required' => true, 'description' => "A REST URL can be used to fetch list data and is cached in the appliance database.", 'displayOrder' => 6},
         {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'ignoreSSLErrors', 'fieldLabel' => 'Ignore SSL Errors', 'type' => 'checkbox', 'defaultValue' => false, 'displayOrder' => 7},
         {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'realTime', 'fieldLabel' => 'Real Time', 'type' => 'checkbox', 'defaultValue' => false, 'displayOrder' => 8},
+        {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'injectExecutionLeaseAuth', 'switch' => 'inject-execution-lease-auth', 'fieldLabel' => 'Inject System Auth Header', 'type' => 'checkbox', 'defaultValue' => false, 'description' => 'Injects an authorization header using a system lease token when making the REST call.', 'displayOrder' => 21},
+        {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'useOwnerAuth', 'switch' => 'use-owner-auth', 'fieldLabel' => 'Use Owner Authorization', 'type' => 'checkbox', 'defaultValue' => false, 'description' => 'Uses the authorization credentials of the owner of the option list.', 'displayOrder' => 22},
         {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'sourceMethod', 'fieldLabel' => 'Source Method', 'type' => 'select', 'selectOptions' => [{'name' => 'GET', 'value' => 'GET'}, {'name' => 'POST', 'value' => 'POST'}], 'defaultValue' => 'GET', 'required' => true, 'displayOrder' => 9},
         {'dependsOnCode' => 'optionTypeList.type:rest|ldap', 'fieldName' => 'credential', 'fieldLabel' => 'Credentials', 'type' => 'select', 'optionSource' => 'credentials', 'description' => 'Credential ID or use "local" to specify username and password', 'displayOrder' => 10, 'defaultValue' => "local", 'required' => true, :for_help_only => true}, # hacky way to render this but not prompt for it
         {'dependsOnCode' => 'optionTypeList.type:rest', 'fieldName' => 'serviceUsername', 'fieldLabel' => 'Username', 'type' => 'text', 'description' => "A Basic Auth Username for use when type is 'rest'.", 'displayOrder' => 11, "credentialFieldContext" => 'credential', "credentialFieldName" => 'username', "credentialType" => "username-password,oauth2"},

data/lib/morpheus/cli/commands/roles.rb

@@ -5,7 +5,7 @@ class Morpheus::Cli::Roles
   include Morpheus::Cli::AccountsHelper
   include Morpheus::Cli::ProvisioningHelper
   include Morpheus::Cli::WhoamiHelper
-  register_subcommands :list, :get, :add, :update, :remove, 
+  register_subcommands :list, :get, :add, :update, :remove, :validate,
     :'list-permissions', :'update-feature-access',
     :'update-group-access', :'update-global-group-access', :'update-default-group-access',
     :'update-global-cloud-access', :'update-cloud-access', :'update-default-cloud-access',
@@ -16,7 +16,8 @@ class Morpheus::Cli::Roles
     :'update-global-vdi-pool-access', :'update-vdi-pool-access', :'update-default-vdi-pool-access',
     :'update-global-report-type-access', :'update-report-type-access', :'update-default-report-type-access',
     :'update-global-task-access', :'update-task-access', :'update-default-task-access',
-    :'update-global-workflow-access', :'update-workflow-access', :'update-default-workflow-access'
+    :'update-global-workflow-access', :'update-workflow-access', :'update-default-workflow-access',
+    :'update-cluster-type-access', :'update-default-cluster-type-access'
   set_subcommands_hidden(
     subcommands.keys.select{|c|
     c.include?('update-global')
@@ -47,7 +48,7 @@ class Morpheus::Cli::Roles
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[search phrase]")
       opts.on( '--tenant TENANT', "Tenant Filter for list of Roles." ) do |val|
-        options[:tenant] = val
+        options[:account] = val
       end
       build_standard_list_options(opts, options)
       opts.footer = "List roles."
@@ -67,9 +68,6 @@ class Morpheus::Cli::Roles
       return 0, nil
     end
     load_whoami()
-    if options[:tenant]
-      params[:tenant] = options[:tenant]
-    end
     json_response = @roles_interface.list(account_id, params)
 
     render_response(json_response, options, "roles") do
@@ -136,6 +134,9 @@ class Morpheus::Cli::Roles
       opts.on(nil,'--task-access', "Display Task Access") do
         options[:include_task_access] = true
       end
+      opts.on(nil,'--cluster-type-access', "Display Cluster Type Access") do
+        options[:include_cluster_type_access] = true
+      end
       opts.on('-a','--all', "Display All Access Lists") do
         options[:include_all_access] = true
       end
@@ -143,9 +144,7 @@ class Morpheus::Cli::Roles
         options[:include_default_access] = true
       end
       opts.on('--account-id ID', String, "Clarify Owner of Role") do |val|
-        if has_complete_access
-          options[:account_id] = val.to_s
-        end
+        options[:account_id] = val.to_s
       end
       build_standard_get_options(opts, options)
       opts.footer = <<-EOT
@@ -246,6 +245,7 @@ EOT
         "VDI Pools" => lambda {|it| get_access_string(it['globalVdiPoolAccess']) },
         "Workflows" => lambda {|it| get_access_string(it['globalTaskSetAccess']) },
         "Tasks" => lambda {|it| get_access_string(it['globalTaskAccess']) },
+        "Cluster Types" => lambda {|it| get_access_string(it['globalClusterTypeAccess']) },
       }
 
       if role['roleType'].to_s.downcase == 'account'
@@ -449,7 +449,7 @@ EOT
       workflow_permissions = role['taskSets'] ? role['taskSets'] : (json_response['taskSetPermissions'] || [])
       print cyan
       if options[:include_workflow_access] || options[:include_all_access]
-        print_h2 "Workflow", options
+        print_h2 "Workflow Access", options
         rows = workflow_permissions.collect do |it|
           {
             name: it['name'],
@@ -461,9 +461,30 @@ EOT
         end
         print as_pretty_table(rows, [:name, :access], options)
       elsif workflow_permissions.find {|it| it['access'] && it['access'] != 'default'}
-        print_h2 "Workflow", options
+        print_h2 "Workflow Access", options
         print cyan,"Use --workflow-access to list custom access","\n"
       end
+
+      cluster_type_global_access = json_response['globalClusterTypeAccess']
+      cluster_type_permissions = role['clusterTypes'] ? role['clusterTypes'] : (json_response['clusterTypePermissions'] || [])
+      print cyan
+      if options[:include_cluster_type_access] || options[:include_all_access]
+        print_h2 "Cluster Type Access", options
+        rows = cluster_type_permissions.collect do |it|
+          {
+            name: it['name'],
+            access: format_access_string(it['access'], ["none","full"]),
+          }
+        end
+        if !options[:include_default_access]
+          rows = rows.select {|row| row[:access] && row[:access] != 'default '}
+        end
+        print as_pretty_table(rows, [:name, :access], options)
+      elsif cluster_type_permissions.find {|it| it['access'] && it['access'] != 'default'}
+        print_h2 "Cluster Type Access", options
+        print cyan,"Use --cluster-type-access to list custom access","\n"
+      end
+
       print reset,"\n"
       return 0, nil
     end
@@ -471,7 +492,7 @@ EOT
 
   def list_permissions(args)
     options = {}
-    available_categories = ['feature', 'group', 'cloud', 'instance-type', 'blueprint', 'report-type', 'persona', 'catalog-item-type', 'vdi-pool', 'workflow', 'task']
+    available_categories = ['feature', 'group', 'cloud', 'instance-type', 'blueprint', 'report-type', 'persona', 'catalog-item-type', 'vdi-pool', 'workflow', 'task', 'cluster-type']
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[role] [category]")
       build_common_options(opts, options, [:list, :json, :yaml, :csv, :fields, :dry_run, :remote])
@@ -585,7 +606,7 @@ EOT
       opts.banner = subcommand_usage("[name] [options]")
       build_option_type_options(opts, options, add_role_option_types)
       build_role_access_options(opts, options, params)
-      opts.on('--owner ID', String, "Set the owner/tenant/account for the role by account id. Only master tenants with full permission for Tenant and Role may use this option." ) do |val|
+      opts.on('--owner ID', String, "Set the owner/tenant/account for the role by account id. This option requires the admin permission to manage tenants." ) do |val|
         params['owner'] = val
       end
       opts.on(nil, '--include-default-access', "Include default access levels in the response (returns all available resources)") do
@@ -631,24 +652,19 @@ EOT
         params['authority'] = v_prompt['authority']
         v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text', 'displayOrder' => 2}], options[:options])
         params['description'] = v_prompt['description']
-        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'landingUrl', 'fieldLabel' => 'landingUrl', 'type' => 'text', 'displayOrder' => 3, 'description' => 'An optional override for the default landing page after login for a user.'}], options[:options])
+        v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'landingUrl', 'fieldLabel' => 'Landing URL', 'type' => 'text', 'displayOrder' => 3, 'description' => 'An optional override for the default landing page after login for a user.'}], options[:options])
         params['landingUrl'] = v_prompt['landingUrl']
 
-        if params['owner']
-          if @is_master_account && has_complete_access
-            params['owner'] = params['owner']
-          else
-            print_red_alert "You do not have the necessary authority to use owner option"
-            return
-          end
-        elsif @is_master_account && has_complete_access
+        can_manage_accounts = @user_permissions.find { |it| it['code'] == 'admin-accounts' && it['access'] == 'full'}
+
+        if can_manage_accounts
           v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'owner', 'fieldLabel' => 'Owner', 'type' => 'select', 'selectOptions' => role_owner_options, 'defaultValue' => current_account['id'], 'displayOrder' => 3}], options[:options])
           params['owner'] = v_prompt['owner']
         else
           params['owner'] = current_account['id']
         end  
 
-        if @is_master_account && params['owner'] == current_account['id']
+        if can_manage_accounts
           v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'roleType', 'fieldLabel' => 'Type', 'type' => 'select', 'selectOptions' => role_type_options, 'defaultValue' => 'user', 'displayOrder' => 4}], options[:options])
           params['roleType'] = v_prompt['roleType']
         else
@@ -661,6 +677,12 @@ EOT
         if options[:group_permissions] && params['roleType'] == 'account'
           raise_command_error "The --groups option is only available for account roles, not user roles"
         end
+        if params['globalZoneAccess'] && params['roleType'] == 'user'
+          raise_command_error "The --default-cloud-access option is only available for account roles, not user roles"
+        end
+        if params['globalSiteAccess'] && params['roleType'] == 'account'
+          raise_command_error "The --default-group-access option is only available for user roles, not account roles"
+        end
 
         v_prompt = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'baseRole', 'fieldLabel' => 'Copy From Role', 'type' => 'select', 'selectOptions' => base_role_options(params), 'displayOrder' => 5}], options[:options])
         if v_prompt['baseRole'].to_s != ''
@@ -779,9 +801,9 @@ EOT
         # merge -O options into normally parsed options
         params.deep_merge!(passed_options)
         prompt_option_types = update_role_option_types()
-        if !@is_master_account
-          prompt_option_types = prompt_option_types.reject {|it| ['roleType', 'multitenant','multitenantLocked'].include?(it['fieldName']) }
-        end
+        # if !has_complete_access
+        #   prompt_option_types = prompt_option_types.reject {|it| ['roleType', 'multitenant','multitenantLocked'].include?(it['fieldName']) }
+        # end
         if role['roleType'] != 'user'
           prompt_option_types = prompt_option_types.reject {|it| ['multitenant','multitenantLocked'].include?(it['fieldName']) }
         end
@@ -792,6 +814,12 @@ EOT
         if options[:group_permissions] && role['roleType'] == 'account'
           raise_command_error "The --groups option is only available for account roles, not user roles"
         end
+        if params['globalZoneAccess'] && role['roleType'] == 'user'
+          raise_command_error "The --default-cloud-access option is only available for account roles, not user roles"
+        end
+        if params['globalSiteAccess'] && role['roleType'] == 'account'
+          raise_command_error "The --default-group-access option is only available for user roles, not account roles"
+        end
         # bulk role permissions
         parse_role_access_options(options, params)
 
@@ -872,6 +900,109 @@ EOT
     end
   end
 
+  def validate(args)
+    options = {}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[role] [options]")
+      build_option_type_options(opts, options, add_role_option_types)
+      build_role_access_options(opts, options, params)
+      build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
+      opts.footer = <<-EOT
+Validate role permissions without creating or updating a role.
+[role] is optional. This is the name (authority) or id of a role.
+This is useful for testing permission configurations before applying them.
+All the role permissions and access values can be validated.
+Use --feature-access "CODE=ACCESS,CODE=ACCESS" to validate access levels for specific feature permissions.
+Example: morpheus roles validate --authority "Test Role" --feature-access "admin=full,activity=read"
+Example: morpheus roles validate "Existing Role" --feature-access "activity=full"
+EOT
+    end
+    optparse.parse!(args)
+    
+    # allow 0-1 arguments
+    verify_args!(args:args, optparse:optparse, max:1)
+    
+    connect(options)
+    begin
+      account = find_account_from_options(options)
+      account_id = account ? account['id'] : nil
+
+      # load existing role if arg passed
+      role = nil
+      if args[0]
+        role = find_role_by_name_or_id(account_id, args[0])
+        exit 1 if role.nil?
+      end
+
+      passed_options = options[:options] ? options[:options].reject {|k,v| k.is_a?(Symbol) } : {}
+      payload = nil
+      
+      if options[:payload]
+        payload = options[:payload]
+        payload.deep_merge!({'role' => passed_options}) unless passed_options.empty?
+      else
+        # merge -O options into normally parsed options
+        params.deep_merge!(passed_options)
+        
+        # Parse role access options
+        parse_role_access_options(options, params)
+
+        # Validate role type constraints
+        role_type = role ? role['roleType'] : params['roleType']
+        if role_type
+          if params['globalZoneAccess'] && role_type == 'user'
+            raise_command_error "The --default-cloud-access option is only available for account roles, not user roles"
+          end
+          if params['globalSiteAccess'] && role_type == 'account'
+            raise_command_error "The --default-group-access option is only available for user roles, not account roles"
+          end
+        end
+
+        if params.empty? && passed_options.empty? && role.nil?
+          raise_command_error "Specify at least one role configuration option to validate.\n#{optparse}"
+        end
+        
+        payload = {"role" => params}
+      end
+      
+      if role
+        payload['role']['id'] = role['id']
+      end
+      
+      query_params = parse_query_options(options)
+      @roles_interface.setopts(options)
+      
+      if options[:dry_run]
+        print_dry_run @roles_interface.dry.validate(account_id, payload, query_params)
+        return 0, nil
+      end
+      
+      json_response = @roles_interface.validate(account_id, payload, query_params)
+      
+      render_response(json_response, options) do
+        if json_response['success'] && json_response['valid']
+          print_green_success json_response['msg'] || "Role permissions are valid"
+        else
+          print_red_alert "Validation failed: #{json_response['msg'] || 'Invalid role permissions'}"
+          if json_response['errors'] && !json_response['errors'].empty?
+            print_h2 "Validation Errors", options
+            json_response['errors'].each do |key, msg|
+              print red, "  #{key}: #{msg}", reset, "\n"
+            end
+          end
+        end
+      end
+      
+      # Return exit code based on validation result
+      return json_response['success'] && json_response['valid'] ? 0 : 1
+      
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
   def update_feature_access(args)
     options = {}
     allowed_access_values = ["full", "full_decrypted", "group", "listfiles", "managerules", "no", "none", "provision", "read", "rolemappings", "user", "view", "yes"]
@@ -979,6 +1110,10 @@ EOT
       role = find_role_by_name_or_id(account_id, name)
       exit 1 if role.nil?
 
+      if role['roleType'] == 'account'
+        raise_command_error "The default-group-access command is only available for user roles, not account roles"
+      end
+
       params = {permissionCode: 'ComputeSite', access: access_value}
       @roles_interface.setopts(options)
       if options[:dry_run]
@@ -1132,6 +1267,10 @@ EOT
       role = find_role_by_name_or_id(account_id, name)
       exit 1 if role.nil?
 
+      if role['roleType'] == 'user'
+        raise_command_error "The default-cloud-access command is only available for account roles, not user roles"
+      end
+
       params = {permissionCode: 'ComputeZone', access: access_value}
       @roles_interface.setopts(options)
       if options[:dry_run]
@@ -2475,6 +2614,153 @@ Update default workflow access for a role.
     end
   end
 
+  def update_default_cluster_type_access(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[role] [access]")
+      build_common_options(opts, options, [:json, :dry_run, :remote])
+      opts.footer = <<-EOT
+Update default cluster type access for a role.
+[role] is required. This is the id of a role.
+[access] is required. This is the access level to assign: full or none.
+      EOT
+    end
+    optparse.parse!(args)
+    verify_args!(args:args, optparse:optparse, count: 2)
+    name = args[0]
+    access_value = args[1].to_s.downcase
+    if !['full', 'none', 'custom'].include?(access_value)
+      raise_command_error("invalid access value: #{args[1]}", args, optparse)
+    end
+
+    connect(options)
+    begin
+      account = find_account_from_options(options)
+      account_id = account ? account['id'] : nil
+      role = find_role_by_name_or_id(account_id, name)
+      exit 1 if role.nil?
+      params = {permissionCode: 'ServerGroupType', access: access_value}
+      @roles_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @roles_interface.dry.update_permission(account_id, role['id'], params)
+        return
+      end
+      json_response = @roles_interface.update_permission(account_id, role['id'], params)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      else
+        print_green_success "Role #{role['authority']} default cluster type access updated"
+      end
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def update_cluster_type_access(args)
+    options = {}
+    cluster_type_id = nil
+    access_value = nil
+    do_all = false
+    allowed_access_values = ['full', 'none', 'default']
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[role] [cluster-type] [access]")
+      opts.on( '--cluster-type ID', String, "Cluster Type ID, code or Name" ) do |val|
+        cluster_type_id = val
+      end
+      opts.on( nil, '--all', "Update all cluster types at once." ) do
+        do_all = true
+      end
+      opts.on( '--access VALUE', String, "Access value [#{allowed_access_values.join('|')}]" ) do |val|
+        access_value = val
+      end
+      build_common_options(opts, options, [:json, :dry_run, :remote])
+      opts.footer = "Update role access for a cluster type or all cluster types.\n" +
+        "[role] is required. This is the name or id of a role.\n" +
+        "--cluster-type or --all is required. This is the name, code or id of a cluster type.\n" +
+        "--access is required. This is the new access value: #{ored_list(allowed_access_values)}"
+    end
+    optparse.parse!(args)
+
+    name = args[0]
+    if do_all
+      verify_args!(args:args, optparse:optparse, min:1, max:2)
+      access_value = args[1] if args[1]
+    else
+      verify_args!(args:args, optparse:optparse, min:1, max:3)
+      cluster_type_id = args[1] if args[1]
+      access_value = args[2] if args[2]
+    end
+    if !cluster_type_id && !do_all
+      raise_command_error("missing required argument: [cluster-type] or --all", args, optparse)
+    end
+    if !access_value
+      raise_command_error("missing required argument: [access]", args, optparse)
+    end
+    access_value = access_value.to_s.downcase
+    if !allowed_access_values.include?(access_value)
+      raise_command_error("invalid access value: #{access_value}", args, optparse)
+      puts optparse
+      return 1
+    end
+
+    connect(options)
+    begin
+      account = find_account_from_options(options)
+      account_id = account ? account['id'] : nil
+      role = find_role_by_name_or_id(account_id, name)
+      return 1 if role.nil?
+
+      role_json = @roles_interface.get(account_id, role['id'], {'includeDefaultAccess' => true})
+      cluster_type_permissions = role_json['clusterTypePermissions'] || role_json['clusterTypes'] || []
+
+      # hacky, but support name or code lookup via the list returned in the show payload
+      cluster_type = nil
+      if !do_all
+        if cluster_type_id.to_s =~ /\A\d{1,}\Z/
+          cluster_type = cluster_type_permissions.find {|b| b['id'] == cluster_type_id.to_i }
+        else
+          cluster_type = cluster_type_permissions.find {|b| b['name'] == cluster_type_id }
+        end
+        if cluster_type.nil?
+          print_red_alert "Cluster Type not found: '#{cluster_type_id}'"
+          return 1
+        end
+      end
+
+      params = {}
+      if do_all
+        params['allClusterTypes'] = true
+      else
+        params['clusterTypeId'] = cluster_type['id']
+      end
+      params['access'] = access_value == 'default' ? nil : access_value
+      @roles_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @roles_interface.dry.update_cluster_type(account_id, role['id'], params)
+        return
+      end
+      json_response = @roles_interface.update_cluster_type(account_id, role['id'], params)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      else
+        if do_all
+          print_green_success "Role #{role['authority']} access updated for all cluster types"
+        else
+          print_green_success "Role #{role['authority']} access updated for cluster type #{cluster_type['name']}"
+        end
+      end
+      return 0
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
   private
   
   def add_role_option_types
@@ -2511,21 +2797,10 @@ Update default workflow access for a role.
   end
 
   def base_role_options(role_payload)
-    params = {"tenantId" => role_payload['owner'], "userId" => current_user['id'], "roleType" => role_payload['roleType'] }
+    params = {"tenantId" => role_payload['owner'], "roleType" => role_payload['roleType'] }
     @options_interface.options_for_source("copyFromRole", params)['data']
   end
 
-  def has_complete_access
-    has_access = false
-    if @is_master_account
-      admin_accounts = @user_permissions.select { |it| it['code'] == 'admin-accounts' && it['access'] == 'full'}
-      admin_roles = @user_permissions.select { |it| it['code'] == 'admin-roles' && it['access'] == 'full' }
-      if admin_accounts != nil && admin_roles != nil
-        has_access = true
-      end
-    end
-    has_access 
-  end
 
   def parse_access_csv(output, val)
     output ||= {}
@@ -2664,6 +2939,13 @@ Update default workflow access for a role.
       options[:workflow_permissions] ||= {}
       parse_access_csv(options[:workflow_permissions], val)
     end
+    opts.on('--default-cluster-type-access ACCESS', String, "Set the default cluster type access: [none|full]" ) do  |val|
+      params['globalTaskSetAccess'] = val.to_s.downcase
+    end
+    opts.on('--cluster-types CODE=ACCESS', String, "Set cluster type to a custom access by cluster type code. Example: kubernetes-cluster=none,mvm-cluster=full" ) do |val|
+      options[:cluster_type_permissions] ||= {}
+      parse_access_csv(options[:cluster_type_permissions], val)
+    end
     opts.on('--reset-permissions', "Reset all feature permission access to none. This can be used in conjunction with --permissions to recreate the feature permission access for the role." ) do
       options[:reset_permissions] = true
     end
@@ -2814,6 +3096,19 @@ Update default workflow access for a role.
       end
       params['taskSets'] = perms_array
     end
+    if options[:cluster_type_permissions]
+      perms_array = []
+      options[:cluster_type_permissions].each do |k,v|
+        cluster_type_code = k
+        access_value = v.to_s.empty? ? "none" : v.to_s
+        if cluster_type_code =~ /\A\d{1,}\Z/
+          perms_array << {"id" => cluster_type_code.to_i, "access" => access_value}
+        else
+          perms_array << {"code" => cluster_type_code, "access" => access_value}
+        end
+      end
+      params['clusterTypes'] = perms_array
+    end
     if options[:reset_permissions]
       params["resetPermissions"] = true
     end

data/lib/morpheus/cli/commands/service_plans_command.rb

@@ -168,6 +168,7 @@ class Morpheus::Cli::ServicePlanCommand
       description_cols['Core Count'] = lambda {|it| it['maxCores']}
       description_cols['Custom Cores'] = lambda {|it| format_boolean(it['customCores'])}
       description_cols['Cores Per Socket'] = lambda {|it| it['coresPerSocket']} if provision_type['hasConfigurableCpuSockets'] && service_plan['customCores']
+      description_cols['Custom CPU'] = lambda {|it| format_boolean(it['customCpu'])}
 
       ranges = (service_plan['config'] ? service_plan['config']['ranges'] : nil) || {}
 
@@ -279,6 +280,9 @@ class Morpheus::Cli::ServicePlanCommand
       opts.on('--custom-cores [on|off]', String, "Can be used to enable / disable customizable cores. Default is on") do |val|
         params['customCores'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
       end
+      opts.on('--custom-cpu [on|off]', String, "Can be used to enable / disable customizable CPUs. Default is on") do |val|
+        params['customCpu'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
       opts.on('--custom-storage [on|off]', String, "Can be used to enable / disable customizable storage. Default is on") do |val|
         params['customMaxStorage'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
       end
@@ -551,6 +555,9 @@ class Morpheus::Cli::ServicePlanCommand
       opts.on('--custom-cores [on|off]', String, "Can be used to enable / disable customizable cores. Default is on") do |val|
         params['customCores'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
       end
+      opts.on('--custom-cpu [on|off]', String, "Can be used to enable / disable customizable CPUs. Default is on") do |val|
+        params['customCpu'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
       opts.on('--custom-storage [on|off]', String, "Can be used to enable / disable customizable storage. Default is on") do |val|
         params['customMaxStorage'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
       end

data/lib/morpheus/cli/commands/storage_providers_command.rb

@@ -513,8 +513,12 @@ class Morpheus::Cli::StorageProvidersCommand
 
   def remove(args)
     options = {}
+    params = {:removeResources => 'on'}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[storage-bucket]")
+      opts.on('--remove-resources [on|off]', ['on','off'], "Remove From Server. Default is on.") do |val|
+        params[:removeResources] = val.nil? ? 'on' : val
+      end
       build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :remote])
       opts.footer = "Delete a storage bucket." + "\n" +
                     "[storage-bucket] is required. This is the name or id of a storage bucket."
@@ -537,10 +541,10 @@ class Morpheus::Cli::StorageProvidersCommand
       end
       @storage_providers_interface.setopts(options)
       if options[:dry_run]
-        print_dry_run @storage_providers_interface.dry.destroy(storage_provider['id'])
+        print_dry_run @storage_providers_interface.dry.destroy(storage_provider['id'], params)
         return 0
       end
-      json_response = @storage_providers_interface.destroy(storage_provider['id'])
+      json_response = @storage_providers_interface.destroy(storage_provider['id'], params)
       if options[:json]
         print JSON.pretty_generate(json_response)
         print "\n"

data/lib/morpheus/cli/commands/systems.rb

@@ -0,0 +1,270 @@
+require 'morpheus/cli/cli_command'
+
+class Morpheus::Cli::Systems
+  include Morpheus::Cli::CliCommand
+  include Morpheus::Cli::RestCommand
+
+  set_command_name :systems
+  set_command_description "View and manage systems."
+  register_subcommands :list, :get, :add, :update, :remove
+  
+  set_command_hidden
+  
+  protected
+
+  # Systems API uses lowercase keys in payloads.
+  def system_object_key
+    'system'
+  end
+
+  def system_list_key
+    'systems'
+  end
+
+  def system_list_column_definitions(options)
+    {
+      "ID" => 'id',
+      "Name" => 'name',
+      "Type" => lambda {|it| it['type'] ? it['type']['name'] : '' },
+      "Layout" => lambda {|it| it['layout'] ? it['layout']['name'] : '' },
+      "Status" => 'status',
+      "Enabled" => lambda {|it| format_boolean(it['enabled']) },
+      "Date Created" => lambda {|it| format_local_dt(it['dateCreated']) }
+    }
+  end
+
+  def system_column_definitions(options)
+    {
+      "ID" => 'id',
+      "Name" => 'name',
+      "Description" => 'description',
+      "Status" => 'status',
+      "Status Message" => 'statusMessage',
+      "Enabled" => lambda {|it| format_boolean(it['enabled']) },
+      "External ID" => 'externalId',
+      "Date Created" => lambda {|it| format_local_dt(it['dateCreated']) },
+      "Last Updated" => lambda {|it| format_local_dt(it['lastUpdated']) }
+    }
+  end
+
+  def render_response_for_get(json_response, options)
+    render_response(json_response, options, rest_object_key) do
+      record = json_response[rest_object_key] || json_response
+      print_h1 rest_label, [], options
+      print cyan
+      print_description_list(rest_column_definitions(options), record, options)
+      print reset,"\n"
+    end
+  end
+
+  def add(args)
+    options = {}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[name]")
+      opts.on('--name NAME', String, "System Name") do |val|
+        params['name'] = val.to_s
+      end
+      opts.on('--description [TEXT]', String, "Description") do |val|
+        params['description'] = val.to_s
+      end
+      opts.on('--type TYPE', String, "System Type ID or name") do |val|
+        params['type'] = val
+      end
+      opts.on('--layout LAYOUT', String, "System Layout ID or name") do |val|
+        params['layout'] = val
+      end
+      build_standard_add_options(opts, options)
+      opts.footer = "Create a new system.\n[name] is optional and can be passed as the first argument."
+    end
+    optparse.parse!(args)
+    connect(options)
+
+    payload = nil
+    if options[:payload]
+      payload = options[:payload]
+      payload[rest_object_key] ||= {}
+      payload[rest_object_key].deep_merge!(params) unless params.empty?
+      payload[rest_object_key]['name'] ||= args[0] if args[0]
+    else
+      system_payload = {}
+
+      # Name
+      system_payload['name'] = params['name'] || args[0]
+      if !system_payload['name'] && !options[:no_prompt]
+        system_payload['name'] = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'name', 'type' => 'text', 'fieldLabel' => 'Name', 'required' => true}], options[:options], @api_client, {})['name']
+      end
+      raise_command_error "Name is required.\n#{optparse}" if system_payload['name'].to_s.empty?
+
+      # Description
+      if !params['description'] && !options[:no_prompt]
+        system_payload['description'] = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'type' => 'text', 'fieldLabel' => 'Description', 'required' => false}], options[:options], @api_client, {})['description']
+      else
+        system_payload['description'] = params['description']
+      end
+
+      # Type
+      available_types = system_types_for_dropdown
+      type_val = params['type']
+      if type_val
+        type_id = type_val =~ /\A\d+\Z/ ? type_val.to_i : available_types.find { |t| t['name'] == type_val || t['code'] == type_val }&.dig('id')
+        raise_command_error "System type not found: #{type_val}" unless type_id
+        system_payload['type'] = {'id' => type_id}
+      elsif !options[:no_prompt]
+        if available_types.empty?
+          raise_command_error "No system types found."
+        else
+          print cyan, "Available System Types\n", reset
+          available_types.each do |t|
+            print "  #{t['id']}) #{t['name']}#{t['code'] ? " (#{t['code']})" : ''}\n"
+          end
+          selected = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'type', 'type' => 'text', 'fieldLabel' => 'System Type ID', 'required' => true}], options[:options], @api_client, {})['type']
+          type_id = available_types.find { |t| t['id'].to_s == selected.to_s }&.dig('id')
+          raise_command_error "Invalid system type id: #{selected}" unless type_id
+          system_payload['type'] = {'id' => type_id}
+        end
+      end
+
+      # Layout
+      available_layouts = system_layouts_for_dropdown(system_payload.dig('type', 'id'))
+      layout_val = params['layout']
+      if layout_val
+        layout_id = layout_val =~ /\A\d+\Z/ ? layout_val.to_i : available_layouts.find { |l| l['name'] == layout_val || l['code'] == layout_val }&.dig('id')
+        raise_command_error "System layout not found: #{layout_val}" unless layout_id
+        system_payload['layout'] = {'id' => layout_id}
+      elsif !options[:no_prompt]
+        if available_layouts.empty?
+          raise_command_error "No system layouts found for selected type."
+        else
+          print cyan, "Available System Layouts\n", reset
+          available_layouts.each do |l|
+            print "  #{l['id']}) #{l['name']}#{l['code'] ? " (#{l['code']})" : ''}\n"
+          end
+          selected = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'layout', 'type' => 'text', 'fieldLabel' => 'System Layout ID', 'required' => true}], options[:options], @api_client, {})['layout']
+          layout_id = available_layouts.find { |l| l['id'].to_s == selected.to_s }&.dig('id')
+          raise_command_error "Invalid system layout id: #{selected}" unless layout_id
+          system_payload['layout'] = {'id' => layout_id}
+        end
+      end
+
+      payload = {rest_object_key => system_payload}
+    end
+
+    if options[:dry_run]
+      print_dry_run rest_interface.dry.create(payload)
+      return
+    end
+
+    rest_interface.setopts(options)
+    json_response = rest_interface.create(payload)
+    render_response(json_response, options, rest_object_key) do
+      system_id = json_response['id'] || json_response.dig(rest_object_key, 'id')
+      print_green_success "System created"
+      get([system_id.to_s] + (options[:remote] ? ['-r', options[:remote]] : [])) if system_id
+    end
+  end
+
+  def remove(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[system]")
+      build_standard_remove_options(opts, options)
+      opts.footer = <<-EOT
+Delete an existing system.
+[system] is required. This is the name or id of a system.
+EOT
+    end
+    optparse.parse!(args)
+    verify_args!(args: args, optparse: optparse, count: 1)
+    connect(options)
+
+    system = nil
+    if args[0].to_s =~ /\A\d{1,}\Z/
+      json_response = rest_interface.get(args[0].to_i)
+      system = json_response[rest_object_key] || json_response
+    else
+      system = find_by_name(rest_key, args[0])
+    end
+    return 1, "System not found for '#{args[0]}'" if system.nil?
+
+    unless options[:yes] || Morpheus::Cli::OptionTypes.confirm("Are you sure you want to delete the system #{system['name']}?")
+      return 9, "aborted"
+    end
+
+    if options[:dry_run]
+      print_dry_run rest_interface.dry.destroy(system['id'])
+      return
+    end
+
+    rest_interface.setopts(options)
+    json_response = rest_interface.destroy(system['id'])
+    render_response(json_response, options) do
+      print_green_success "System #{system['name']} removed"
+    end
+  end
+
+  def update(args)
+    options = {}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[system] --name --description")
+      opts.on("--name NAME", String, "Updates System Name") do |val|
+        params['name'] = val.to_s
+      end
+      opts.on("--description [TEXT]", String, "Updates System Description") do |val|
+        params['description'] = val.to_s
+      end
+      build_standard_update_options(opts, options, [:find_by_name])
+      opts.footer = <<-EOT
+Update an existing system.
+[system] is required. This is the name or id of a system.
+EOT
+    end
+    optparse.parse!(args)
+    verify_args!(args: args, optparse: optparse, count: 1)
+    connect(options)
+
+    system = nil
+    if args[0].to_s =~ /\A\d{1,}\Z/
+      json_response = rest_interface.get(args[0].to_i)
+      system = json_response[rest_object_key] || json_response
+    else
+      system = find_by_name(rest_key, args[0])
+    end
+    return 1, "System not found for '#{args[0]}'" if system.nil?
+
+    passed_options = parse_passed_options(options)
+    params.deep_merge!(passed_options) unless passed_options.empty?
+    params.booleanize!
+
+    payload = parse_payload(options) || {rest_object_key => params}
+    if payload[rest_object_key].nil? || payload[rest_object_key].empty?
+      raise_command_error "Specify at least one option to update.\n#{optparse}"
+    end
+
+    if options[:dry_run]
+      print_dry_run rest_interface.dry.update(system['id'], payload)
+      return
+    end
+
+    rest_interface.setopts(options)
+    json_response = rest_interface.update(system['id'], payload)
+    render_response(json_response, options, rest_object_key) do
+      print_green_success "Updated system #{system['id']}"
+      get([system['id']] + (options[:remote] ? ['-r', options[:remote]] : []))
+    end
+  end
+
+  def system_types_for_dropdown
+    result = @api_client.system_types.list({'max' => 100})
+    items = result ? (result['systemTypes'] || result[:systemTypes] || result['types'] || result[:types] || []) : []
+    items.map { |t| {'id' => t['id'] || t[:id], 'name' => t['name'] || t[:name], 'value' => (t['id'] || t[:id]).to_s, 'code' => t['code'] || t[:code]} }
+  end
+
+  def system_layouts_for_dropdown(type_id = nil)
+    return [] if type_id.nil?
+    result = @api_client.system_types.list_layouts(type_id, {'max' => 100})
+    items = result ? (result['systemTypeLayouts'] || result[:systemTypeLayouts] || result['layouts'] || result[:layouts] || []) : []
+    items.map { |l| {'id' => l['id'] || l[:id], 'name' => l['name'] || l[:name], 'value' => (l['id'] || l[:id]).to_s, 'code' => l['code'] || l[:code]} }
+  end
+end

data/lib/morpheus/cli/commands/tenants_command.rb

@@ -3,6 +3,7 @@ require 'morpheus/cli/cli_command'
 class Morpheus::Cli::TenantsCommand
   include Morpheus::Cli::CliCommand
   include Morpheus::Cli::AccountsHelper
+  include Morpheus::Cli::WhoamiHelper
   set_command_name :tenants
   set_command_description "View and manage tenants (accounts)."
   register_subcommands :list, :count, :get, :add, :update, :remove
@@ -21,6 +22,7 @@ class Morpheus::Cli::TenantsCommand
     @account_users_interface = @api_client.account_users
     @accounts_interface = @api_client.accounts
     @roles_interface = @api_client.roles
+    @whoami_interface = @api_client.whoami
   end
 
   def handle(args)
@@ -286,18 +288,25 @@ EOT
     [
       {'fieldName' => 'name', 'fieldLabel' => 'Name', 'type' => 'text', 'required' => true, 'displayOrder' => 1},
       {'fieldName' => 'description', 'fieldLabel' => 'Description', 'type' => 'text', 'displayOrder' => 2},
-      {'fieldContext' => 'role', 'fieldName' => 'id', 'fieldLabel' => 'Base Role', 'type' => 'select', 'optionSource' => lambda {  |api_client, api_params|
-        @roles_interface.list(nil, {roleType:'account'})['roles'].collect {|it|
+      {'fieldContext' => 'parentAccount', 'fieldName' => 'id', 'fieldLabel' => 'Parent Tenant', 'type' => 'select', 'optionSource' => lambda {  |api_client, api_params|
+        @accounts_interface.list({max:10000})['accounts'].collect {|it|
           {"name" => (it["authority"] || it["name"]), "value" => it["id"]}
         }
       }, 'displayOrder' => 3},
+      {'fieldContext' => 'role', 'fieldName' => 'id', 'fieldLabel' => 'Base Role', 'type' => 'select', 'optionSource' => lambda {  |api_client, api_params|
+        tenant_id = (api_params['parentAccount']['id'] rescue nil)
+        params = {max: 10000, roleType:'account', tenantId: tenant_id}
+        @roles_interface.list(nil, params)['roles'].collect {|it|
+          {"name" => (it["authority"] || it["name"]), "value" => it["id"]}
+        }
+      }, 'displayOrder' => 4},
       {'fieldName' => 'currency', 'fieldLabel' => 'Currency', 'type' => 'text', 'defaultValue' => 'USD', 'displayOrder' => 4}
     ]
   end
 
   def update_account_option_types
     list = add_account_option_types()
-    # list = list.reject {|it| ["interval"].include? it['fieldName'] }
+    list = list.reject {|it| it['fieldContext'] == 'parentAccount' }
     list.each {|it| it.delete('required') }
     list.each {|it| it.delete('defaultValue') }
     list

data/lib/morpheus/cli/mixins/accounts_helper.rb

@@ -45,6 +45,7 @@ module Morpheus::Cli::AccountsHelper
       "# Instances" => 'stats.instanceCount',
       "# Users" => 'stats.userCount',
       "Role" => lambda {|it| it['role']['authority'] rescue nil },
+      "Parent Tenant" => lambda {|it| it['parent']['name'] rescue nil },
       "Master" => lambda {|it| format_boolean(it['master']) },
       "Currency" => 'currency',
       "Status" => lambda {|it| 

data/lib/morpheus/cli/mixins/backups_helper.rb

@@ -117,6 +117,8 @@ module Morpheus::Cli::BackupsHelper
     {
       "ID" => 'id',
       "Backup" => lambda {|it| it['backup']['name'] rescue '' },
+      "Type" => lambda {|it| format_backup_result_type_tag(it) },
+      "Location" => lambda {|it| format_backup_result_location_tag(it) },
       "Status" => lambda {|it| format_backup_result_status(it) },
       #"Duration" => lambda {|it| format_duration(it['startDate'], it['endDate']) },
       "Duration" => lambda {|it| format_duration_milliseconds(it['durationMillis']) if it['durationMillis'].to_i > 0 },
@@ -168,5 +170,31 @@ module Morpheus::Cli::BackupsHelper
   def format_backup_restore_status(backup_restore, return_color=cyan)
     format_backup_result_status(backup_restore, return_color)
   end
+
+  # format backup result type tag based on associated backup data
+  def format_backup_result_type_tag(backup_result)
+    backup = backup_result['backup'] || {}
+    if backup['cronExpression'] || (backup['schedule'] && backup['schedule']['id']) || (backup['job'] && backup['job']['id'])
+      "#{cyan}POLICY#{reset}"
+    else
+      "#{yellow}MANUAL#{reset}"
+    end
+  end
+
+  # format backup result location tag based on storage provider
+  def format_backup_result_location_tag(backup_result)
+    backup = backup_result['backup'] || {}
+    if backup_result['storageProvider'] && backup_result['storageProvider']['id']
+      "#{green}REMOTE#{reset}"
+    elsif backup['storageProvider'] && backup['storageProvider']['id']
+      "#{green}REMOTE#{reset}"
+    elsif backup_result['backupProvider'] && backup_result['backupProvider']['id']
+      "#{green}REMOTE#{reset}"
+    elsif backup['backupProvider'] && backup['backupProvider']['id']
+      "#{green}REMOTE#{reset}"
+    else
+      "#{blue}LOCAL#{reset}"
+    end
+  end
   
-end
+end

data/lib/morpheus/cli/version.rb

@@ -1,6 +1,6 @@
 
 module Morpheus
   module Cli
-    VERSION = "8.0.13"
+    VERSION = "8.1.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: morpheus-cli
 version: !ruby/object:Gem::Version
-  version: 8.0.13
+  version: 8.1.0
 platform: ruby
 authors:
 - David Estes
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-01-27 00:00:00.000000000 Z
+date: 2026-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tins
@@ -381,6 +381,8 @@ files:
 - lib/morpheus/api/storage_volumes_interface.rb
 - lib/morpheus/api/subnet_types_interface.rb
 - lib/morpheus/api/subnets_interface.rb
+- lib/morpheus/api/system_types_interface.rb
+- lib/morpheus/api/systems_interface.rb
 - lib/morpheus/api/task_sets_interface.rb
 - lib/morpheus/api/tasks_interface.rb
 - lib/morpheus/api/usage_interface.rb
@@ -570,6 +572,7 @@ files:
 - lib/morpheus/cli/commands/storage_volume_types.rb
 - lib/morpheus/cli/commands/storage_volumes.rb
 - lib/morpheus/cli/commands/subnets_command.rb
+- lib/morpheus/cli/commands/systems.rb
 - lib/morpheus/cli/commands/tasks.rb
 - lib/morpheus/cli/commands/tee_command.rb
 - lib/morpheus/cli/commands/tenants_command.rb