alihan/openshift-mcp-server
1
0
Fork 0
mirror of https://github.com/openshift/openshift-mcp-server.git synced 2025-10-17 14:27:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
437 Commits 12 Branches 0 Tags
main
Commit Graph

174 Commits

Author SHA1 Message Date
Marc Nuri
f3a446676f refactor(kubernetes): keep Provider as only external Kubernetes interface (#372) 
* refactor(kubernetes): keep Provider as only external Kubernetes interface

Initial phase to unify-merge the Provider interface with the Manager struct.

- Renamed ManagerProvider to Provider (i.e. kubernets.Provider)
- Moved Manager related logic to specific files
- Exposed relevant method through Provider interface (GetDerivedKubernetes, IsOpenShift, VerifyToken)

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* Update pkg/kubernetes/provider_kubeconfig.go

Co-authored-by: Calum Murray <cmurray@redhat.com>
Signed-off-by: Marc Nuri <marc@marcnuri.com>

---------

Signed-off-by: Marc Nuri <marc@marcnuri.com>
Co-authored-by: Calum Murray <cmurray@redhat.com>
 2025-10-14 15:25:49 +02:00
Marc Nuri
1e154d7587 test(kubernetes): refactor tests for Derived manager functionality to use testify (#369) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-10-13 13:12:29 +02:00
Marc Nuri
086afefc75 test(kubernetes): provider registry tests (#371) 
Required tests prior to refactoring Provider and Manager

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-10-10 15:07:37 +02:00
Harshal Patil
65cc304c3c feat(kubernetes): expose AccessControlClientset to enable its usage in toolsets (#364) 
Signed-off-by: Harshal Patil <12152047+harche@users.noreply.github.com>
 2025-10-10 09:31:19 +02:00
Calum Murray
31e90fbece refactor(kubernetes): move provider initialization into factory (#365) 
Signed-off-by: Calum Murray <cmurray@redhat.com>
 2025-10-09 04:25:34 +02:00
Calum Murray
a056981f53 feat(config): add "disabled" mutli cluster strategy (#360) 
* feat: add 'disabled' ClusterProviderStrategy

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: add --disable-multi-cluster flag

Signed-off-by: Calum Murray <cmurray@redhat.com>

* test: check that --disable-multi-cluster flag changes config

Signed-off-by: Calum Murray <cmurray@redhat.com>

* refactor: move flag names to constants

Signed-off-by: Calum Murray <cmurray@redhat.com>

* fix(test): correct subtest name

Signed-off-by: Calum Murray <cmurray@redhat.com>

* fix: explicit clusterproviderstrategy is now recommended, instead of advisable

Signed-off-by: Calum Murray <cmurray@redhat.com>

---------

Signed-off-by: Calum Murray <cmurray@redhat.com>
 2025-10-08 10:19:34 +02:00
Calum Murray
a2d16e9f41 feat: Multi Cluster Support (#348) 
* feat: add cluster provider for kubeconfig

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: move server to use ClusterProvider interface

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: authentication middleware works with cluster provider

Signed-off-by: Calum Murray <cmurray@redhat.com>

* fix: unit tests work after cluster provider changes

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: add tool mutator to add cluster parameter

Signed-off-by: Calum Murray <cmurray@redhat.com>

* test: handle cluster parameter

Signed-off-by: Calum Murray <cmurray@redhat.com>

* fix: handle lazy init correctly

Signed-off-by: Calum Murray <cmurray@redhat.com>

* refactor: move to using multi-strategy ManagerProvider

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: add contexts_list tool

Signed-off-by: Calum Murray <cmurray@redhat.com>

* refactor: make tool mutator generic between cluster/context naming

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: introduce tool filter

Signed-off-by: Calum Murray <cmurray@redhat.com>

* refactor: use new ManagerProvider/mutator/filter within mcp server

Signed-off-by: Calum Murray <cmurray@redhat.com>

* fix(test): tests expect context parameter in tool defs

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: auth handles multi-cluster case correctly

Signed-off-by: Calum Murray <cmurray@redhat.com>

* fix: small changes from local testing

Signed-off-by: Calum Murray <cmurray@redhat.com>

* chore: fix enum test

Signed-off-by: Calum Murray <cmurray@redhat.com>

* review: Multi Cluster support (#1)

* nit: rename contexts_list to configuration_contexts_list

Besides the conventional naming, it helps LLMs understand the context of the tool by providing a certain level of hierarchy.

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* fix(mcp): ToolMutator doesn't rely on magic strings

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* refactor(api): don't expose ManagerProvider to toolsets

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* test(mcp): configuration_contexts_list basic tests

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* test(toolsets): revert edge-case test

This test should not be touched.

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* test(toolsets): add specific metadata tests for multi-cluster

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* fix(mcp): ToolFilter doesn't rely on magic strings (partially)

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* test(api): IsClusterAware and IsTargetListProvider default values

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* test(mcp): revert unneeded changes in mcp_tools_test.go

Signed-off-by: Marc Nuri <marc@marcnuri.com>

---------

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* fix: always include configuration_contexts_list if contexts > 1

Signed-off-by: Calum Murray <cmurray@redhat.com>

* feat: include server urls in configuration_contexts_list

Signed-off-by: Calum Murray <cmurray@redhat.com>

---------

Signed-off-by: Calum Murray <cmurray@redhat.com>
Signed-off-by: Marc Nuri <marc@marcnuri.com>
Co-authored-by: Marc Nuri <marc@marcnuri.com>
 2025-10-06 12:01:16 +02:00
Matthias Wessendorf
c447bf819f fix(auth): move 401 response handling to a common helper func (#353) 
Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>
 2025-10-02 10:42:19 +02:00
Marc Nuri
b55f28b36e feat(mcp): events_list returns parseable YAML output (#346) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-26 11:01:21 +02:00
Marc Nuri
792d2f5b80 chore(lint): fix linting issues (#344) 
* chore(lint): fix linting issues

Signed-off-by: Marc Nuri <marc@marcnuri.com>

* feat(ci): add linting to build and build-all-platforms target

Signed-off-by: Marc Nuri <marc@marcnuri.com>

---------

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-26 06:56:48 +02:00
Marc Nuri
c69e90c70d fix(mcp): InputSchema schema with empty properties for no-arg tools (#341) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-25 11:54:07 +02:00
iamsudip
053fb2e31c feat(pods): add optional tail parameter to pod logs retrieval (#335) 
* feat(pods): add tailLines parameter to pod logs retrieval with default 256 lines

Signed-off-by: iamsudip <sudip.maji@harness.io>

* address review comments

Signed-off-by: iamsudip <sudip.maji@harness.io>

* test(pods): add tailLines parameter to pod logs retrieval with default 256 lines

Signed-off-by: Marc Nuri <marc@marcnuri.com>

---------

Signed-off-by: iamsudip <sudip.maji@harness.io>
Signed-off-by: Marc Nuri <marc@marcnuri.com>
Co-authored-by: Marc Nuri <marc@marcnuri.com>
 2025-09-25 09:17:53 +02:00
Marc Nuri
8af889bc8f test(mcp): refactor helm toolset tests (#333) 
Refactor tests to new approach before adding more functionality.

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-18 16:08:53 +02:00
Marc Nuri
6e29a2ada5 feat(pods): update metrics to comply with new API 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-18 07:07:46 +02:00
Marc Nuri
94baad6570 fix(cmd): disable klog in STDIO mode (#331) 
Prevents protocol issues with some clients.

Kubernetes tooling uses klog to log messages.
Some of these messages end up logged in the stderr or stdout which breaks some of the clients that expect jsonrpc messages.

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 17:03:40 +02:00
Marc Nuri
e16114dfc5 test(mcp): refactor core toolset tests (namespaces) (#330) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 15:48:57 +02:00
Marc Nuri
2bf6c549fe test(mcp): remove side-effects from toolsets tests (#329) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 12:06:33 +02:00
Marc Nuri
d6936f42d3 test(mcp): refactor events toolset tests (#328) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 11:48:35 +02:00
Marc Nuri
f496c643e7 test(mcp): refactor configuration toolset tests (#327) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 11:11:50 +02:00
Marc Nuri
d9d35b9834 test(toolsets): toolset specific metadata tests (#326) 
- Refactor tests to use testify (more clarity+composability for complex tests)
- Tests for default toolsets
- Tests for configured, granular toolsets

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 11:06:17 +02:00
Marc Nuri
48cf204a89 feat(toolsets): add support for multiple toolsets in configuration (#323) 
Users can now enable or disable different toolsets either by providing
a command-line flag or by setting the toolsets array field in the TOML
configuration.

Downstream Kubernetes API developers can declare toolsets for their
APIs by creating a new nested package in pkg/toolsets and registering
it in pkg/mcp/modules.go

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-17 10:53:56 +02:00
Marc Nuri
209e8434d5 feat(mcp): toolset definitions completely agnostic from underlying MCP impl (#322) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-12 11:56:22 +02:00
Marc Nuri
2b6c886d95 refactor(mcp): toolset Tools definition is agnostic of MCP impl (#319) 
Initial PR to make the toolsets agnostic of the usd MCP implementation (migration to go-sdk).
The decoupling will also be needed to move the different toolsets to separate nested packages (toolsets).

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-12 09:58:54 +02:00
Marc Nuri
ea641e6796 test(mcp): toolset metadata assertion (#318) 
This test ensures that any tool definition refactoring
preserves the current behavior.

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-11 10:31:39 +02:00
Samuel Masuy
6c573f31c8 feat(kubernetes): add support for previousPod container logs (#256) 
Add 'previous' parameter to pods_log tool to retrieve logs from terminated containers, equivalent to kubectl logs --previous functionality.
This enables debugging of containers that have restarted due to crashes or updates.

Signed-off-by: Samuel Masuy <samuel.masuy@goto.com>
Co-authored-by: opencode <noreply@opencode.ai>
 2025-09-11 09:29:51 +02:00
Marc Nuri
10c82f7bff refactor(toolsets): renamed Profile to Toolset (#309) 
As a prior step to providing support for toolsets
this change repurposes the current work in profiles
which partially aligns with the toolsets expected features

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-09-11 09:25:09 +02:00
Marc Nuri
1bd0b32976 test: misc fixes and typos (#284) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-26 15:38:05 +02:00
Marc Nuri
0ec2599bd8 fix:test: prevent usage of real cluster in tests (#282) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-26 14:52:27 +02:00
Marc Nuri
19a92418e4 feat(auth): support for VSCode auth flow (#258) 
Adds DisableDynamicClientRegistration and OAuthScopes to be able to override
the values proxied from the configured authorization server.

DisableDynamicClientRegistration removes the registration_endpoint field from
the well-known authorization resource metadata.
This forces VSCode to show a for to input the Client ID and Client Secret since
these can't be discovered.

The OAuthScopes allows to override the scopes_supported field.
VSCode automatically makes an auth request for all of the
supported scopes.
In many cases, this is not supported by the auth server.
By providing this configuration, the user (MCP Server administrator)
is able to set which scopes are effectively supported and
force VSCode to only request these.

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-11 14:39:27 +03:00
Marc Nuri
90d4bb03f3 feat(auth): token exchange auth workflow (#255) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-08 15:30:33 +03:00
Marc Nuri
58c47dc95c refactor(auth): temporarily disable scope authorization (#254) 
It's unclear how the scopes are going to be populated in the JWT.
Disable scope authorization for the time being.

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-08 12:46:45 +03:00
Marc Nuri
fde4b1dc0f test(auth): complete test cases for token validation (#253) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-08 10:31:50 +03:00
Marc Nuri
dfcecd5089 feat(auth): configurable Kubernetes API token validation (#252) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-08 10:23:12 +03:00
Marc Nuri
7b11c1667a feat(auth): configurable audience validation (#251) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-08 08:50:50 +03:00
Marc Nuri
b0da9fb459 feat(auth): implemented SecurityTokenService to handle token exchange (#250) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-08 06:03:23 +03:00
Marc Nuri
cfc42b3bd3 test(auth): complete test scenarios for raw token and oidc (#248) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-07 16:04:12 +03:00
Marc Nuri
43744f2978 test: extract mock-server for reutilization (#247) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-07 15:32:20 +03:00
Marc Nuri
9ec5c829db feat(auth): .well-known endpoints delegated to auth server (#246) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-07 10:49:21 +03:00
Marc Nuri
aba5f548d8 feat(auth): implement proxied /.well-known/oauth-authorization-server (#244) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-06 15:51:45 +03:00
Marc Nuri
94b85990e3 fix(npm): child process exits gracefully on SIGxxx (#243) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-06 14:31:33 +03:00
Marc Nuri
4dcede178b refactor(auth): consolidate JWT validation into single method (#238) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-06 13:17:44 +03:00
Marc Nuri
c1af9c0335 fix(npm): child process exits gracefully on SIGxxx (#241) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-05 16:39:48 +03:00
Marc Nuri
29b65fd565 fix: linting issues (#240) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-08-05 16:14:00 +03:00
Marc Nuri
9cc7192d4d feat(mcp): log tool call (hide sensitive HTTP headers) (#225) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-31 15:36:34 +02:00
Arda Güçlü
be80db1a01 feat(auth): introduce scoped based authorization 
Signed-off-by: Arda Güçlü <aguclu@redhat.com>
 2025-07-31 11:01:26 +02:00
Marc Nuri
49dcff3f21 feat(mcp): log tool call (HTTP headers) (#221) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-30 15:25:07 +02:00
Marc Nuri
1f670ebec6 test(auth): complete test suite for unauthorized scenarios (#220) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-29 13:32:31 +02:00
Marc Nuri
cad863ff22 fix(migration): rebranded from manusa/kubernetes-mcp-server to containers/kubernetes-mcp-server (#202) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-25 09:53:04 +02:00
Arda Güçlü
0ad8726d01 feat(auth): introduce jwks url flag to be published in oauth metadata (#197) 2025-07-23 09:48:21 +02:00
Marc Nuri
ca0aa4648d feat(mcp): log tool call (function name + arguments) 
Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-22 14:35:19 +02:00