@robinmordasiewicz/f5xc-terraform-mcp 2.9.0 → 2.11.0

package/dist/docs/guides/authentication.md

@@ -12,11 +12,11 @@ This guide covers authentication configuration for the F5 Distributed Cloud Terr
 
 ## Quick Reference
 
-| Method | Complexity | Best For | Security |
-|--------|------------|----------|----------|
-| API Token | Simplest | Development, quick testing | Bearer token over TLS |
-| P12 Certificate | Moderate | Production, CI/CD | Mutual TLS (mTLS) |
-| PEM Certificate | Advanced | When tooling requires PEM format | Derived from P12, mTLS |
+| Method          | Complexity | Best For                         | Security               |
+| --------------- | ---------- | -------------------------------- | ---------------------- |
+| API Token       | Simplest   | Development, quick testing       | Bearer token over TLS  |
+| P12 Certificate | Moderate   | Production, CI/CD                | Mutual TLS (mTLS)      |
+| PEM Certificate | Advanced   | When tooling requires PEM format | Derived from P12, mTLS |
 
 ## Prerequisites
 
@@ -79,7 +79,7 @@ Service credentials are managed through IAM and recommended for production. They
 7. Select an expiry date
 8. Click **Download** to get the `.p12` file
 
-## Authentication Methods
+## Provider Configuration
 
 ### Method 1: API Token Authentication (Simplest)
 
@@ -170,15 +170,15 @@ provider "f5xc" {
 
 ## Environment Variable Reference
 
-| Variable | Description | Required |
-|----------|-------------|----------|
-| `F5XC_API_URL` | F5XC tenant API URL | Yes |
-| `F5XC_API_TOKEN` | API token for bearer authentication | One of: token, P12, or PEM |
-| `F5XC_P12_FILE` | Path to P12 certificate file | With `F5XC_P12_PASSWORD` |
-| `F5XC_P12_PASSWORD` | Password for P12 file | With `F5XC_P12_FILE` |
-| `F5XC_CERT` | Path to PEM certificate file | With `F5XC_KEY` |
-| `F5XC_KEY` | Path to PEM private key file | With `F5XC_CERT` |
-| `F5XC_CACERT` | Path to CA certificate for server verification | No |
+| Variable            | Description                                    | Required                       |
+| ------------------- | ---------------------------------------------- | ------------------------------ |
+| `F5XC_API_URL`      | F5XC tenant API URL                            | Yes                            |
+| `F5XC_API_TOKEN`    | API token for bearer authentication            | One of: token, P12, or PEM     |
+| `F5XC_P12_FILE`     | Path to P12 certificate file                   | With `F5XC_P12_PASSWORD`       |
+| `F5XC_P12_PASSWORD` | Password for P12 file                          | With `F5XC_P12_FILE`           |
+| `F5XC_CERT`         | Path to PEM certificate file                   | With `F5XC_KEY`                |
+| `F5XC_KEY`          | Path to PEM private key file                   | With `F5XC_CERT`               |
+| `F5XC_CACERT`       | Path to CA certificate for server verification | No                             |
 
 **Adding to Shell Profile:**
 
@@ -241,10 +241,10 @@ jobs:
 
 **GitHub Secrets to configure:**
 
-| Secret Name | Value |
-|-------------|-------|
-| `F5XC_API_URL` | `https://your-tenant.console.ves.volterra.io` |
-| `F5XC_API_TOKEN` | Your API token value |
+| Secret Name        | Value                                          |
+| ------------------ | ---------------------------------------------- |
+| `F5XC_API_URL`     | `https://your-tenant.console.ves.volterra.io`  |
+| `F5XC_API_TOKEN`   | Your API token value                           |
 
 ### GitHub Actions with P12 Certificate
 
@@ -306,11 +306,11 @@ base64 -w 0 your-credentials.p12
 
 **GitHub Secrets to configure:**
 
-| Secret Name | Value |
-|-------------|-------|
-| `F5XC_API_URL` | `https://your-tenant.console.ves.volterra.io` |
-| `F5XC_P12_BASE64` | Base64-encoded P12 file contents |
-| `F5XC_P12_PASSWORD` | Password for the P12 file |
+| Secret Name         | Value                                          |
+| ------------------- | ---------------------------------------------- |
+| `F5XC_API_URL`      | `https://your-tenant.console.ves.volterra.io`  |
+| `F5XC_P12_BASE64`   | Base64-encoded P12 file contents               |
+| `F5XC_P12_PASSWORD` | Password for the P12 file                      |
 
 ## Security Best Practices
 
@@ -321,10 +321,10 @@ base64 -w 0 your-credentials.p12
 
 ### Choosing the Right Method
 
-| Use Case | Recommended Method | Reason |
-|----------|-------------------|--------|
-| Local development | API Token | Simplest setup |
-| CI/CD pipelines | P12 Certificate | mTLS security |
+| Use Case              | Recommended Method  | Reason                    |
+| --------------------- | ------------------- | ------------------------- |
+| Local development     | API Token           | Simplest setup            |
+| CI/CD pipelines       | P12 Certificate     | mTLS security             |
 | Production automation | Service Credentials | Role-based access control |
 
 ## Troubleshooting
@@ -366,8 +366,8 @@ export F5XC_API_TOKEN="token"  # Correct
 F5XC_API_TOKEN="token"         # Won't work
 ```
 
-2. Verify spelling is exact (case-sensitive)
-3. Check for hidden characters in values
+1. Verify spelling is exact (case-sensitive)
+2. Check for hidden characters in values
 
 ## Revoking Credentials
 

package/dist/docs/guides/blindfold.md

@@ -21,7 +21,7 @@ F5 Distributed Cloud Secret Management ("blindfold") provides client-side encryp
 
 ### How It Works
 
-```
+```text
 ┌─────────────────────────────────────────────────────────────────────┐
 │                     Your Local Machine                              │
 │                                                                     │
@@ -64,13 +64,15 @@ Before you begin, ensure you have:
 
 Configure one of these authentication methods via environment variables:
 
-**Option 1: API Token (Recommended for development)**
+#### Option 1: API Token (Recommended for development)
+
 ```bash
 export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
 export F5XC_API_TOKEN="your-api-token"
 ```
 
-**Option 2: P12 Certificate (Recommended for production)**
+#### Option 2: P12 Certificate (Recommended for production)
+
 ```bash
 export F5XC_API_URL="https://your-tenant.console.ves.volterra.io"
 export F5XC_P12_FILE="/path/to/your-credentials.p12"
@@ -143,13 +145,14 @@ Encrypts base64-encoded plaintext:
 provider::f5xc::blindfold(plaintext, policy_name, namespace)
 ```
 
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| `plaintext` | string | Base64-encoded secret to encrypt |
-| `policy_name` | string | Name of the SecretPolicy |
-| `namespace` | string | Namespace containing the policy |
+| Parameter     | Type   | Description                      |
+| ------------- | ------ | -------------------------------- |
+| `plaintext`   | string | Base64-encoded secret to encrypt |
+| `policy_name` | string | Name of the SecretPolicy         |
+| `namespace`   | string | Namespace containing the policy  |
 
 **Example:**
+
 ```hcl
 location = provider::f5xc::blindfold(
   base64encode(var.my_secret),
@@ -166,13 +169,14 @@ Reads a file and encrypts its contents:
 provider::f5xc::blindfold_file(path, policy_name, namespace)
 ```
 
-| Parameter | Type | Description |
-|-----------|------|-------------|
-| `path` | string | Path to the file to encrypt |
-| `policy_name` | string | Name of the SecretPolicy |
-| `namespace` | string | Namespace containing the policy |
+| Parameter     | Type   | Description                     |
+| ------------- | ------ | ------------------------------- |
+| `path`        | string | Path to the file to encrypt     |
+| `policy_name` | string | Name of the SecretPolicy        |
+| `namespace`   | string | Namespace containing the policy |
 
 **Example:**
+
 ```hcl
 location = provider::f5xc::blindfold_file(
   "${path.module}/certs/server.key",
@@ -361,9 +365,9 @@ locals {
 RSA-OAEP encryption has a maximum plaintext size based on the key size:
 
 | Key Size | Maximum Plaintext |
-|----------|-------------------|
-| 2048-bit | ~190 bytes |
-| 4096-bit | ~446 bytes |
+| -------- | ----------------- |
+| 2048-bit | ~190 bytes        |
+| 4096-bit | ~446 bytes        |
 
 ~> **Note:** If your secret exceeds the size limit, consider splitting it or using a different approach. The function will return a clear error message if the plaintext is too large.
 
@@ -371,7 +375,7 @@ RSA-OAEP encryption has a maximum plaintext size based on the key size:
 
 The blindfold functions return a sealed secret string with the `string:///` prefix followed by a base64-encoded JSON structure:
 
-```
+```text
 string:///eyJrZXlfdmVyc2lvbiI6InYxLjIuMyIsInBvbGljeV9pZCI6InNoYXJlZC92ZXMtaW8tYWxsb3ctdm9sdGVycmEiLCJ0ZW5hbnQiOiJ5b3VyLXRlbmFudCIsImRhdGEiOiJBQkNERUYxMjM0NTY3ODkwLi4uIn0=
 ```
 
@@ -387,6 +391,7 @@ When base64-decoded, the sealed JSON contains these fields:
 ```
 
 Field descriptions:
+
 - `key_version`: Public key version used for encryption
 - `policy_id`: Reference to the SecretPolicy (namespace/name format)
 - `tenant`: Your F5XC tenant identifier
@@ -405,6 +410,7 @@ Field descriptions:
 **Symptom:** Error message about missing authentication configuration.
 
 **Solution:**
+
 ```bash
 # Verify environment variables are set
 echo $F5XC_API_URL
@@ -422,6 +428,7 @@ export F5XC_API_TOKEN="your-api-token"
 **Solutions:**
 
 1. Use the built-in policy:
+
    ```hcl
    policy_name = "ves-io-allow-volterra"
    namespace   = "shared"
@@ -436,6 +443,7 @@ export F5XC_API_TOKEN="your-api-token"
 **Solutions:**
 
 1. Verify your secret size:
+
    ```bash
    wc -c < your-secret-file
    ```
@@ -451,6 +459,7 @@ export F5XC_API_TOKEN="your-api-token"
 **Solutions:**
 
 1. Use `${path.module}` for relative paths:
+
    ```hcl
    location = provider::f5xc::blindfold_file(
      "${path.module}/certs/server.key",  # Correct
@@ -465,6 +474,7 @@ export F5XC_API_TOKEN="your-api-token"
 **Symptom:** Error about invalid base64 encoding.
 
 **Solution:** Ensure you're base64-encoding your plaintext:
+
 ```hcl
 # Correct
 location = provider::f5xc::blindfold(

package/dist/docs/guides/http-loadbalancer.md

@@ -89,9 +89,9 @@ Review the plan output, then type `yes` to confirm deployment.
 
 After deployment, Terraform outputs a CNAME target. Create a DNS record:
 
-| Type | Name | Value |
-|------|------|-------|
-| CNAME | app.example.com | ves-io-app-example-com.ac.vh.ves.io |
+| Type  | Name            | Value                                |
+| ----- | --------------- | ------------------------------------ |
+| CNAME | app.example.com | ves-io-app-example-com.ac.vh.ves.io  |
 
 ~> **Note:** DNS propagation may take up to 48 hours, though typically completes within minutes.
 
@@ -153,7 +153,7 @@ labels = {
 
 This guide creates the following resources:
 
-```
+```text
                     ┌─────────────────────────────────────────┐
                     │        F5 Distributed Cloud             │
                     │                                         │
@@ -185,14 +185,14 @@ This guide creates the following resources:
 
 ### Resources Created
 
-| Resource | Purpose |
-|----------|---------|
-| `f5xc_namespace` | Isolates resources (optional) |
-| `f5xc_healthcheck` | Monitors origin server health |
-| `f5xc_origin_pool` | Defines backend servers |
-| `f5xc_app_firewall` | WAF configuration |
-| `f5xc_rate_limiter` | Rate limiting policy |
-| `f5xc_http_loadbalancer` | Main load balancer |
+| Resource                 | Purpose                       |
+| ------------------------ | ----------------------------- |
+| `f5xc_namespace`         | Isolates resources (optional) |
+| `f5xc_healthcheck`       | Monitors origin server health |
+| `f5xc_origin_pool`       | Defines backend servers       |
+| `f5xc_app_firewall`      | WAF configuration             |
+| `f5xc_rate_limiter`      | Rate limiting policy          |
+| `f5xc_http_loadbalancer` | Main load balancer            |
 
 ## Troubleshooting
 

package/dist/docs/resources/api_credential.md

@@ -49,8 +49,6 @@ resource "f5xc_api_credential" "example" {
 
 <a id="name"></a>&#x2022; [`name`](#name) - Required String<br>Name of the API Credential. Must be unique within the namespace
 
-<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Required String<br>Namespace where the API Credential will be created
-
 <a id="annotations"></a>&#x2022; [`annotations`](#annotations) - Optional Map<br>Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
 
 <a id="description"></a>&#x2022; [`description`](#description) - Optional String<br>Human readable description for the object
@@ -59,6 +57,8 @@ resource "f5xc_api_credential" "example" {
 
 <a id="labels"></a>&#x2022; [`labels`](#labels) - Optional Map<br>Labels is a user defined key value map that can be attached to resources for organization and filtering
 
+<a id="namespace"></a>&#x2022; [`namespace`](#namespace) - Optional String<br>Namespace for the API Credential. For this resource type, namespace should be empty or omitted
+
 ### Spec Argument Reference
 
 <a id="password"></a>&#x2022; [`password`](#password) - Optional String<br>Password. Password is used for generating an API certificate P12 bundle user can use to protect access to it. this password will not be saved/persisted anywhere in the system. Applicable for credential type API_CERTIFICATE Users have to use this password when they use the certificate, e.g. in curl or while adding to key chain