@robinmordasiewicz/f5xc-auth 1.0.0

package/dist/auth/credential-manager.js

@@ -0,0 +1,417 @@
+/**
+ * Credential Manager for F5 Distributed Cloud API
+ *
+ * Handles authentication configuration and URL normalization.
+ * Supports dual-mode operation:
+ * - Documentation mode: No credentials required
+ * - Execution mode: API token or P12/Certificate authentication
+ *
+ * Uses XDG-compliant profile storage at ~/.config/f5xc/
+ */
+import { readFileSync } from "fs";
+import { logger } from "../utils/logging.js";
+import { getProfileManager } from "../profile/index.js";
+/**
+ * Authentication modes supported by the server
+ */
+export var AuthMode;
+(function (AuthMode) {
+    /** No authentication - documentation mode only */
+    AuthMode["NONE"] = "none";
+    /** API token authentication */
+    AuthMode["TOKEN"] = "token";
+    /** P12 certificate authentication (mTLS) */
+    AuthMode["CERTIFICATE"] = "certificate";
+})(AuthMode || (AuthMode = {}));
+/**
+ * Environment variable names for authentication
+ * These take priority over profile settings
+ */
+export const AUTH_ENV_VARS = {
+    API_URL: "F5XC_API_URL",
+    API_TOKEN: "F5XC_API_TOKEN",
+    P12_BUNDLE: "F5XC_P12_BUNDLE",
+    CERT: "F5XC_CERT",
+    KEY: "F5XC_KEY",
+    NAMESPACE: "F5XC_NAMESPACE",
+    // TLS configuration
+    TLS_INSECURE: "F5XC_TLS_INSECURE",
+    CA_BUNDLE: "F5XC_CA_BUNDLE",
+};
+/**
+ * URL normalization patterns
+ */
+const URL_PATTERNS = {
+    // Match staging short-form URLs: tenant.staging.volterra.us (keep as-is)
+    STAGING_SHORT_FORM: /^https?:\/\/([^./]+)\.staging\.volterra\.us\/?/i,
+    // Match production short-form URLs: tenant.volterra.us (convert to console.ves)
+    PROD_SHORT_FORM: /^https?:\/\/([^./]+)\.volterra\.us\/?/i,
+    // Match console URLs: tenant.console.ves.volterra.io or tenant.staging.console.ves.volterra.io
+    CONSOLE_FORM: /^https?:\/\/([^./]+)\.(staging\.)?console\.ves\.volterra\.io\/?/i,
+    // Trailing slashes and /api suffix
+    TRAILING_CLEANUP: /\/+$|\/api\/?$/gi,
+};
+/**
+ * Normalize F5XC tenant URL to standard API endpoint format
+ *
+ * Handles various input formats:
+ * - tenant.volterra.us -> tenant.console.ves.volterra.io/api (production)
+ * - tenant.staging.volterra.us -> tenant.staging.volterra.us/api (staging - keep as-is)
+ * - tenant.console.ves.volterra.io -> tenant.console.ves.volterra.io/api
+ * - Any of the above with trailing slashes or /api suffix
+ *
+ * @param input - Raw URL from user configuration
+ * @returns Normalized API URL
+ */
+export function normalizeApiUrl(input) {
+    // Remove trailing slashes and existing /api suffix
+    let url = input.replace(URL_PATTERNS.TRAILING_CLEANUP, "");
+    // Handle staging short-form URLs - keep as-is (don't convert to console.ves)
+    const stagingMatch = url.match(URL_PATTERNS.STAGING_SHORT_FORM);
+    if (stagingMatch) {
+        const tenant = stagingMatch[1];
+        url = `https://${tenant}.staging.volterra.us`;
+        // Ensure /api suffix and return early
+        return `${url}/api`;
+    }
+    // Handle production short-form URLs (tenant.volterra.us -> tenant.console.ves.volterra.io)
+    const prodMatch = url.match(URL_PATTERNS.PROD_SHORT_FORM);
+    if (prodMatch) {
+        const tenant = prodMatch[1];
+        url = `https://${tenant}.console.ves.volterra.io`;
+    }
+    // Handle console URLs - ensure https
+    const consoleMatch = url.match(URL_PATTERNS.CONSOLE_FORM);
+    if (consoleMatch) {
+        const tenant = consoleMatch[1];
+        const staging = consoleMatch[2] ?? "";
+        url = `https://${tenant}.${staging}console.ves.volterra.io`;
+    }
+    // Ensure /api suffix
+    return `${url}/api`;
+}
+/**
+ * Extract tenant name from a normalized URL
+ *
+ * @param url - Normalized API URL
+ * @returns Tenant name or null if not parseable
+ */
+export function extractTenantFromUrl(url) {
+    const match = url.match(/https?:\/\/([^./]+)\./);
+    return match?.[1] ?? null;
+}
+/**
+ * Credential Manager
+ *
+ * Manages authentication credentials for F5 Distributed Cloud API.
+ * Supports credential loading with priority:
+ * 1. Environment variables (highest priority - overrides all)
+ * 2. Active profile from ~/.config/f5xc/ (XDG Base Directory compliant)
+ * 3. No credentials (documentation mode - lowest priority)
+ */
+export class CredentialManager {
+    credentials;
+    activeProfileName = null;
+    initialized = false;
+    constructor() {
+        // Initialize with empty credentials - will be loaded async
+        this.credentials = {
+            mode: AuthMode.NONE,
+            apiUrl: null,
+            token: null,
+            p12Certificate: null,
+            cert: null,
+            key: null,
+            namespace: null,
+            tlsInsecure: false,
+            caBundle: null,
+        };
+    }
+    /**
+     * Initialize credentials asynchronously
+     * Must be called before using credentials
+     */
+    async initialize() {
+        if (this.initialized)
+            return;
+        this.credentials = await this.loadCredentials();
+        this.initialized = true;
+    }
+    /**
+     * Load credentials from environment variables
+     */
+    loadFromEnvironment() {
+        const apiUrl = process.env[AUTH_ENV_VARS.API_URL];
+        const apiToken = process.env[AUTH_ENV_VARS.API_TOKEN];
+        const p12Bundle = process.env[AUTH_ENV_VARS.P12_BUNDLE];
+        const cert = process.env[AUTH_ENV_VARS.CERT];
+        const key = process.env[AUTH_ENV_VARS.KEY];
+        const defaultNamespace = process.env[AUTH_ENV_VARS.NAMESPACE];
+        const tlsInsecure = process.env[AUTH_ENV_VARS.TLS_INSECURE]?.toLowerCase() === "true";
+        const caBundle = process.env[AUTH_ENV_VARS.CA_BUNDLE];
+        const hasAuth = !!(apiToken || p12Bundle || (cert && key));
+        return {
+            name: "__env__",
+            apiUrl: apiUrl || "",
+            apiToken,
+            p12Bundle,
+            cert,
+            key,
+            defaultNamespace,
+            hasAuth,
+            tlsInsecure,
+            caBundle,
+        };
+    }
+    /**
+     * Load credentials from active profile
+     */
+    async loadFromProfile() {
+        try {
+            const profileManager = getProfileManager();
+            const profile = await profileManager.getActiveProfile();
+            if (profile) {
+                this.activeProfileName = profile.name;
+                return profile;
+            }
+            return null;
+        }
+        catch (error) {
+            logger.debug("Failed to load credentials from profile", {
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return null;
+        }
+    }
+    /**
+     * Build credentials object from profile data
+     */
+    buildCredentials(profile) {
+        const apiUrl = profile.apiUrl;
+        // Determine authentication mode
+        let mode = AuthMode.NONE;
+        let normalizedUrl = null;
+        let p12Certificate = null;
+        let cert = null;
+        let key = null;
+        // TLS configuration
+        const tlsInsecure = profile.tlsInsecure ?? false;
+        let caBundle = null;
+        // Load CA bundle if specified
+        if (profile.caBundle) {
+            try {
+                caBundle = readFileSync(profile.caBundle);
+                logger.info("Loaded CA bundle", { file: profile.caBundle });
+            }
+            catch (error) {
+                logger.warn("Failed to load CA bundle", {
+                    file: profile.caBundle,
+                    error: error instanceof Error ? error.message : String(error),
+                });
+            }
+        }
+        // Log TLS insecure mode warning
+        if (tlsInsecure) {
+            logger.warn("TLS certificate verification is DISABLED. This is insecure and should only be used for staging/development environments.");
+        }
+        if (apiUrl) {
+            normalizedUrl = normalizeApiUrl(apiUrl);
+            if (profile.p12Bundle) {
+                // P12 certificate authentication
+                mode = AuthMode.CERTIFICATE;
+                try {
+                    p12Certificate = readFileSync(profile.p12Bundle);
+                    logger.info("Loaded P12 certificate", { file: profile.p12Bundle });
+                }
+                catch (error) {
+                    logger.error("Failed to load P12 certificate", {
+                        file: profile.p12Bundle,
+                        error: error instanceof Error ? error.message : String(error),
+                    });
+                    // Fall back to token auth if certificate load fails
+                    if (profile.apiToken) {
+                        mode = AuthMode.TOKEN;
+                        logger.info("Falling back to token authentication");
+                    }
+                    else {
+                        mode = AuthMode.NONE;
+                    }
+                }
+            }
+            else if (profile.cert && profile.key) {
+                // Certificate + key authentication
+                mode = AuthMode.CERTIFICATE;
+                try {
+                    cert = readFileSync(profile.cert, "utf-8");
+                    key = readFileSync(profile.key, "utf-8");
+                    logger.info("Loaded certificate and key", {
+                        cert: profile.cert,
+                        key: profile.key,
+                    });
+                }
+                catch (error) {
+                    logger.error("Failed to load certificate/key", {
+                        error: error instanceof Error ? error.message : String(error),
+                    });
+                    if (profile.apiToken) {
+                        mode = AuthMode.TOKEN;
+                        logger.info("Falling back to token authentication");
+                    }
+                    else {
+                        mode = AuthMode.NONE;
+                    }
+                }
+            }
+            else if (profile.apiToken) {
+                mode = AuthMode.TOKEN;
+            }
+        }
+        return {
+            mode,
+            apiUrl: normalizedUrl,
+            token: profile.apiToken ?? null,
+            p12Certificate,
+            cert,
+            key,
+            namespace: profile.defaultNamespace ?? null,
+            tlsInsecure,
+            caBundle,
+        };
+    }
+    /**
+     * Load credentials with priority order:
+     * 1. Environment variables (highest)
+     * 2. Active profile from ~/.config/f5xc/
+     * 3. No credentials - documentation mode (lowest)
+     */
+    async loadCredentials() {
+        // Step 1: Check environment variables first (highest priority)
+        const envCreds = this.loadFromEnvironment();
+        if (envCreds.apiUrl && envCreds.hasAuth) {
+            const credentials = this.buildCredentials(envCreds);
+            const tenant = credentials.apiUrl ? extractTenantFromUrl(credentials.apiUrl) : null;
+            logger.info("Credentials loaded from environment variables", {
+                mode: credentials.mode,
+                tenant,
+            });
+            return credentials;
+        }
+        // Step 2: Try active profile from ~/.config/f5xc/
+        const profile = await this.loadFromProfile();
+        if (profile) {
+            const credentials = this.buildCredentials(profile);
+            if (credentials.mode !== AuthMode.NONE) {
+                const tenant = credentials.apiUrl ? extractTenantFromUrl(credentials.apiUrl) : null;
+                logger.info("Credentials loaded from profile", {
+                    mode: credentials.mode,
+                    tenant,
+                    profile: this.activeProfileName,
+                });
+                return credentials;
+            }
+        }
+        // Step 3: No credentials - documentation mode (lowest priority)
+        logger.info("No credentials configured - running in documentation mode");
+        return {
+            mode: AuthMode.NONE,
+            apiUrl: null,
+            token: null,
+            p12Certificate: null,
+            cert: null,
+            key: null,
+            namespace: null,
+            tlsInsecure: false,
+            caBundle: null,
+        };
+    }
+    /**
+     * Get the active profile name (if any)
+     * Returns null if credentials are from environment variables or no profile is active
+     */
+    getActiveProfile() {
+        return this.activeProfileName;
+    }
+    /**
+     * Get the current authentication mode
+     */
+    getAuthMode() {
+        return this.credentials.mode;
+    }
+    /**
+     * Check if the server is in authenticated mode
+     */
+    isAuthenticated() {
+        return this.credentials.mode !== AuthMode.NONE;
+    }
+    /**
+     * Get the normalized API URL
+     */
+    getApiUrl() {
+        return this.credentials.apiUrl;
+    }
+    /**
+     * Get the tenant name
+     */
+    getTenant() {
+        return this.credentials.apiUrl ? extractTenantFromUrl(this.credentials.apiUrl) : null;
+    }
+    /**
+     * Get API token (for token authentication)
+     */
+    getToken() {
+        return this.credentials.token;
+    }
+    /**
+     * Get P12 certificate buffer (for certificate authentication)
+     */
+    getP12Certificate() {
+        return this.credentials.p12Certificate;
+    }
+    /**
+     * Get certificate content (for mTLS)
+     */
+    getCert() {
+        return this.credentials.cert;
+    }
+    /**
+     * Get private key content (for mTLS)
+     */
+    getKey() {
+        return this.credentials.key;
+    }
+    /**
+     * Get default namespace
+     */
+    getNamespace() {
+        return this.credentials.namespace;
+    }
+    /**
+     * Check if TLS certificate verification is disabled
+     * WARNING: Only use for staging/development environments
+     */
+    getTlsInsecure() {
+        return this.credentials.tlsInsecure;
+    }
+    /**
+     * Get custom CA bundle for TLS verification
+     */
+    getCaBundle() {
+        return this.credentials.caBundle;
+    }
+    /**
+     * Get full credentials object
+     */
+    getCredentials() {
+        return Object.freeze({ ...this.credentials });
+    }
+    /**
+     * Reload credentials from environment/profile
+     * Useful for testing or when credentials change
+     */
+    async reload() {
+        this.initialized = false;
+        this.activeProfileName = null;
+        await this.initialize();
+    }
+}
+//# sourceMappingURL=credential-manager.js.map

package/dist/auth/credential-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-manager.js","sourceRoot":"","sources":["../../src/auth/credential-manager.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAgB,MAAM,qBAAqB,CAAC;AAEtE;;GAEG;AACH,MAAM,CAAN,IAAY,QAOX;AAPD,WAAY,QAAQ;IAClB,kDAAkD;IAClD,yBAAa,CAAA;IACb,+BAA+B;IAC/B,2BAAe,CAAA;IACf,4CAA4C;IAC5C,uCAA2B,CAAA;AAC7B,CAAC,EAPW,QAAQ,KAAR,QAAQ,QAOnB;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,OAAO,EAAE,cAAc;IACvB,SAAS,EAAE,gBAAgB;IAC3B,UAAU,EAAE,iBAAiB;IAC7B,IAAI,EAAE,WAAW;IACjB,GAAG,EAAE,UAAU;IACf,SAAS,EAAE,gBAAgB;IAC3B,oBAAoB;IACpB,YAAY,EAAE,mBAAmB;IACjC,SAAS,EAAE,gBAAgB;CACnB,CAAC;AA0BX;;GAEG;AACH,MAAM,YAAY,GAAG;IACnB,yEAAyE;IACzE,kBAAkB,EAAE,iDAAiD;IACrE,gFAAgF;IAChF,eAAe,EAAE,wCAAwC;IACzD,+FAA+F;IAC/F,YAAY,EAAE,kEAAkE;IAChF,mCAAmC;IACnC,gBAAgB,EAAE,kBAAkB;CACrC,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,mDAAmD;IACnD,IAAI,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;IAE3D,6EAA6E;IAC7E,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAChE,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,GAAG,GAAG,WAAW,MAAM,sBAAsB,CAAC;QAC9C,sCAAsC;QACtC,OAAO,GAAG,GAAG,MAAM,CAAC;IACtB,CAAC;IAED,2FAA2F;IAC3F,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;IAC1D,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QAC5B,GAAG,GAAG,WAAW,MAAM,0BAA0B,CAAC;IACpD,CAAC;IAED,qCAAqC;IACrC,MAAM,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IAC1D,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACtC,GAAG,GAAG,WAAW,MAAM,IAAI,OAAO,yBAAyB,CAAC;IAC9D,CAAC;IAED,qBAAqB;IACrB,OAAO,GAAG,GAAG,MAAM,CAAC;AACtB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAW;IAC9C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACjD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,iBAAiB;IACpB,WAAW,CAAc;IACzB,iBAAiB,GAAkB,IAAI,CAAC;IACxC,WAAW,GAAG,KAAK,CAAC;IAE5B;QACE,2DAA2D;QAC3D,IAAI,CAAC,WAAW,GAAG;YACjB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,IAAI;YACX,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,IAAI;YACV,GAAG,EAAE,IAAI;YACT,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,KAAK;YAClB,QAAQ,EAAE,IAAI;SACf,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,mBAAmB;QAKzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QACxD,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAC3C,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,EAAE,WAAW,EAAE,KAAK,MAAM,CAAC;QACtF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAEtD,MAAM,OAAO,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,SAAS,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC;QAE3D,OAAO;YACL,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,QAAQ;YACR,SAAS;YACT,IAAI;YACJ,GAAG;YACH,gBAAgB;YAChB,OAAO;YACP,WAAW;YACX,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe;QAC3B,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,iBAAiB,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,gBAAgB,EAAE,CAAC;YAExD,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC;gBACtC,OAAO,OAAO,CAAC;YACjB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE;gBACtD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,gBAAgB,CACtB,OAA+D;QAE/D,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAE9B,gCAAgC;QAChC,IAAI,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;QACzB,IAAI,aAAa,GAAkB,IAAI,CAAC;QACxC,IAAI,cAAc,GAAkB,IAAI,CAAC;QACzC,IAAI,IAAI,GAAkB,IAAI,CAAC;QAC/B,IAAI,GAAG,GAAkB,IAAI,CAAC;QAE9B,oBAAoB;QACpB,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,KAAK,CAAC;QACjD,IAAI,QAAQ,GAAkB,IAAI,CAAC;QAEnC,8BAA8B;QAC9B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC1C,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC9D,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;oBACtC,IAAI,EAAE,OAAO,CAAC,QAAQ;oBACtB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;iBAC9D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,CAAC,IAAI,CACT,0HAA0H,CAC3H,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,EAAE,CAAC;YACX,aAAa,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;YAExC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,iCAAiC;gBACjC,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC5B,IAAI,CAAC;oBACH,cAAc,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBACjD,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;gBACrE,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;wBAC7C,IAAI,EAAE,OAAO,CAAC,SAAS;wBACvB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC,CAAC;oBACH,oDAAoD;oBACpD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;wBACrB,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC;wBACtB,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;oBACtD,CAAC;yBAAM,CAAC;wBACN,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBACvC,mCAAmC;gBACnC,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC5B,IAAI,CAAC;oBACH,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAC3C,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;oBACzC,MAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE;wBACxC,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,GAAG,EAAE,OAAO,CAAC,GAAG;qBACjB,CAAC,CAAC;gBACL,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,KAAK,CAAC,gCAAgC,EAAE;wBAC7C,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;qBAC9D,CAAC,CAAC;oBACH,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;wBACrB,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC;wBACtB,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;oBACtD,CAAC;yBAAM,CAAC;wBACN,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC5B,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO;YACL,IAAI;YACJ,MAAM,EAAE,aAAa;YACrB,KAAK,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;YAC/B,cAAc;YACd,IAAI;YACJ,GAAG;YACH,SAAS,EAAE,OAAO,CAAC,gBAAgB,IAAI,IAAI;YAC3C,WAAW;YACX,QAAQ;SACT,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,eAAe;QAC3B,+DAA+D;QAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC5C,IAAI,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACxC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAmB,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACpF,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;gBAC3D,IAAI,EAAE,WAAW,CAAC,IAAI;gBACtB,MAAM;aACP,CAAC,CAAC;YACH,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,kDAAkD;QAClD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAEnD,IAAI,WAAW,CAAC,IAAI,KAAK,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvC,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBACpF,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;oBAC7C,IAAI,EAAE,WAAW,CAAC,IAAI;oBACtB,MAAM;oBACN,OAAO,EAAE,IAAI,CAAC,iBAAiB;iBAChC,CAAC,CAAC;gBACH,OAAO,WAAW,CAAC;YACrB,CAAC;QACH,CAAC;QAED,gEAAgE;QAChE,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAC;QACzE,OAAO;YACL,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,IAAI;YACX,cAAc,EAAE,IAAI;YACpB,IAAI,EAAE,IAAI;YACV,GAAG,EAAE,IAAI;YACT,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,KAAK;YAClB,QAAQ,EAAE,IAAI;SACf,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,gBAAgB;QACd,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,KAAK,QAAQ,CAAC,IAAI,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,CAAC;IAED;;OAEG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC;IACpC,CAAC;IAED;;;OAGG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAChD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM;QACV,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAC9B,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;IAC1B,CAAC;CACF"}

package/dist/auth/http-client.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Authenticated HTTP Client for F5 Distributed Cloud API
+ *
+ * Provides a configured Axios client for making authenticated API requests.
+ * Supports both API token and P12 certificate (mTLS) authentication.
+ */
+import { AxiosInstance, AxiosRequestConfig } from "axios";
+import { CredentialManager } from "./credential-manager.js";
+/**
+ * HTTP client configuration options
+ */
+export interface HttpClientConfig {
+    /** Request timeout in milliseconds */
+    timeout?: number;
+    /** Custom headers to include in all requests */
+    headers?: Record<string, string>;
+    /** Enable request/response logging */
+    debug?: boolean;
+}
+/**
+ * API response wrapper with metadata
+ */
+export interface ApiResponse<T = unknown> {
+    /** Response data */
+    data: T;
+    /** HTTP status code */
+    status: number;
+    /** Response headers */
+    headers: Record<string, string>;
+    /** Request duration in milliseconds */
+    duration: number;
+}
+/**
+ * HTTP Client for F5XC API
+ *
+ * Creates and manages an authenticated Axios instance for making
+ * API requests to F5 Distributed Cloud.
+ */
+export declare class HttpClient {
+    private client;
+    private credentialManager;
+    private config;
+    constructor(credentialManager: CredentialManager, config?: HttpClientConfig);
+    /**
+     * Build HTTPS agent options from credential manager TLS configuration
+     * Handles SSL/TLS configuration including insecure mode and custom CA
+     */
+    private buildHttpsAgentOptions;
+    /**
+     * Create configured Axios client
+     */
+    private createClient;
+    /**
+     * Check if the client is available (authenticated mode)
+     */
+    isAvailable(): boolean;
+    /**
+     * Make a GET request
+     */
+    get<T = unknown>(path: string, config?: AxiosRequestConfig): Promise<ApiResponse<T>>;
+    /**
+     * Make a POST request
+     */
+    post<T = unknown>(path: string, data?: unknown, config?: AxiosRequestConfig): Promise<ApiResponse<T>>;
+    /**
+     * Make a PUT request
+     */
+    put<T = unknown>(path: string, data?: unknown, config?: AxiosRequestConfig): Promise<ApiResponse<T>>;
+    /**
+     * Make a DELETE request
+     */
+    delete<T = unknown>(path: string, config?: AxiosRequestConfig): Promise<ApiResponse<T>>;
+    /**
+     * Make a generic request
+     */
+    private request;
+    /**
+     * Get the underlying Axios instance
+     */
+    getAxiosInstance(): AxiosInstance | null;
+}
+/**
+ * Create HTTP client from credential manager
+ */
+export declare function createHttpClient(credentialManager: CredentialManager, config?: HttpClientConfig): HttpClient;
+//# sourceMappingURL=http-client.d.ts.map

package/dist/auth/http-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client.d.ts","sourceRoot":"","sources":["../../src/auth/http-client.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAc,EACZ,aAAa,EACb,kBAAkB,EAGnB,MAAM,OAAO,CAAC;AAEf,OAAO,EAAE,iBAAiB,EAAY,MAAM,yBAAyB,CAAC;AAItE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,sCAAsC;IACtC,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAWD;;GAEG;AACH,MAAM,WAAW,WAAW,CAAC,CAAC,GAAG,OAAO;IACtC,oBAAoB;IACpB,IAAI,EAAE,CAAC,CAAC;IACR,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,uCAAuC;IACvC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;GAKG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,iBAAiB,CAAoB;IAC7C,OAAO,CAAC,MAAM,CAA6B;gBAE/B,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,GAAE,gBAAqB;IAS/E;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAgC9B;;OAEG;IACH,OAAO,CAAC,YAAY;IAuJpB;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAI1F;;OAEG;IACG,IAAI,CAAC,CAAC,GAAG,OAAO,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,MAAM,CAAC,EAAE,kBAAkB,GAC1B,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAI1B;;OAEG;IACG,GAAG,CAAC,CAAC,GAAG,OAAO,EACnB,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,MAAM,CAAC,EAAE,kBAAkB,GAC1B,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAI1B;;OAEG;IACG,MAAM,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAI7F;;OAEG;YACW,OAAO;IAgCrB;;OAEG;IACH,gBAAgB,IAAI,aAAa,GAAG,IAAI;CAGzC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,iBAAiB,EAAE,iBAAiB,EACpC,MAAM,CAAC,EAAE,gBAAgB,GACxB,UAAU,CAEZ"}