alihan/kubernetes-mcp-server
1
0
Fork 0
mirror of https://github.com/containers/kubernetes-mcp-server.git synced 2025-10-23 01:22:57 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat(auth)!: use generic kubernetes-authorization header

Browse Source
This commit is contained in:
Marc Nuri
2025-06-05 12:22:07 +02:00
committed by GitHub
parent a9a81614ba
commit 6da90015a1
3 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/kubernetes/kubernetes.go
View File

@@ -19,11 +19,11 @@ import (
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"k8s.io/klog/v2"
"sigs.k8s.io/yaml"
"strings"
)
const (
AuthorizationHeader = "Kubernetes-Authorization"
AuthorizationBearerTokenHeader = "kubernetes-authorization-bearer-token"
AuthorizationHeader = "kubernetes-authorization"
)
type CloseWatchKubeConfig func() error
@@ -125,13 +125,13 @@ func (k *Kubernetes) ToRESTMapper() (meta.RESTMapper, error) {
}
func (k *Kubernetes) Derived(ctx context.Context) *Kubernetes {
bearerToken, ok := ctx.Value(AuthorizationBearerTokenHeader).(string)
if !ok {
authorization, ok := ctx.Value(AuthorizationHeader).(string)
if !ok || !strings.HasPrefix(authorization, "Bearer ") {
return k
}
klog.V(5).Infof("%s header found, using provided bearer token", AuthorizationBearerTokenHeader)
klog.V(5).Infof("%s header found (Bearer), using provided bearer token", AuthorizationHeader)
derivedCfg := rest.CopyConfig(k.cfg)
derivedCfg.BearerToken = bearerToken
derivedCfg.BearerToken = strings.TrimPrefix(authorization, "Bearer ")
derivedCfg.BearerTokenFile = ""
derivedCfg.Username = ""
derivedCfg.Password = ""

3
pkg/mcp/mcp.go
View File

@@ -109,6 +109,5 @@ func NewTextResult(content string, err error) *mcp.CallToolResult {
}
func contextFunc(ctx context.Context, r *http.Request) context.Context {
//return context.WithValue(ctx, kubernetes.AuthorizationHeader, r.Header.Get(kubernetes.AuthorizationHeader))
return context.WithValue(ctx, kubernetes.AuthorizationBearerTokenHeader, r.Header.Get(kubernetes.AuthorizationBearerTokenHeader))
return context.WithValue(ctx, kubernetes.AuthorizationHeader, r.Header.Get(kubernetes.AuthorizationHeader))
}

2
pkg/mcp/mcp_test.go
View File

@@ -96,7 +96,7 @@ func TestSseHeaders(t *testing.T) {
defer mockServer.Close()
before := func(c *mcpContext) {
c.withKubeConfig(mockServer.config)
c.clientOptions = append(c.clientOptions, client.WithHeaders(map[string]string{"kubernetes-authorization-bearer-token": "a-token-from-mcp-client"}))
c.clientOptions = append(c.clientOptions, client.WithHeaders(map[string]string{"kubernetes-authorization": "Bearer a-token-from-mcp-client"}))
}
pathHeaders := make(map[string]http.Header, 0)
mockServer.Handle(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {