netapi Decisions
Design Decisions
Unified CLI Pattern
Decision: Single netapi binary with subcommands per vendor rather than separate tools.
Rationale:
-
Consistent UX across all platforms (same flags, output formats)
-
Single credential management integration via
dsource -
Shell completions work across all vendors
-
Reduces cognitive load when switching between platforms
Python + Click
Decision: Python with Click framework rather than Go/Cobra.
Rationale:
-
Rapid prototyping for API client development
-
Rich ecosystem for REST API interaction (requests, httpx)
-
Click provides declarative CLI definition with auto-help
-
Future: Consider Go rewrite for distribution (single binary, no runtime)
dsource Credential Integration
Decision: Environment-variable-based credential loading via dsource rather than config files.
Rationale:
-
Credentials never touch disk in plaintext
-
Works across all platforms without per-vendor config
-
Integrates with existing gopass/vault secret management
-
Shell session scoping prevents credential leakage
Risks
| Risk | Description | Mitigation |
|---|---|---|
Vendor API changes |
API breaking changes from ISE, pfSense, WLC firmware updates |
Pin tested firmware versions in docs; version-locked API clients |
Python distribution |
pip install requires Python runtime on target machines |
Phase 3.1: Homebrew formula; consider Go rewrite for static binary |
Credential exposure |
Environment variables visible in |
Document threat model; recommend short-lived shell sessions |