As you mentioned ACI and DNA we don't have to worry too much about "one nice GUI to handle everything without any CLI stuff". As those Cisco thingies require you to do lot's of stuff with CLI and then a lot's of stuff between different GUIs to get to that "yes it's just a single click" level.
Aruba version of GUI would be Aruba Central, but as I haven't used that myself I can't say anything about that. Except that it's a web thingie to handle all the APs, switches, SD-branch routers (SD-WAN) etc. Waiting to get some gear to try that out too, would probably be good for our remote branches.
And I think some Aruba presentation said that they are planning to do on-prem central, which would be great for us.
We ended up choosing Aruba's dynamic segmentation and Aruba wireless. Even though there's no "single pane of glass" management and monitoring for enterprise networks, the different management softwares etc. still amount to less work than what it is to deal with that "some other vendors".
With Aruba you tunnel everything from the switches to controllers. Then you assign users to different roles, and it doesn't matter if the user is wired or wireless client you still assign the same role. And you do your fw rules based on those roles. And the firewall rules are stateful, unlike that "some other vendor" that uses just switch ACLs. Also there are upper level stuff available like web site categorizations and VoIP/(Skype/Teams) recognition.
When you tunnel everything to the controller, you can assign every single user (authenticated either based on MAC address or preferably with 802.1X) to a role that you can assign fw rules to. Yes, you tunnel everything and it might eat some bandwidth etc. but in our network most of the traffic is towards the DC anyways. We could do some split-tunneling at the remote sites if we decided to. And tunneling everything towards the controller is better than just being able to do ACLs on the switches.
Of course with the new CX-series you can do VXLAN tunneling between endpoints at the access layer, controller by BGP EVPN.