alihan/openshift-mcp-server
1
0
Fork 0
mirror of https://github.com/openshift/openshift-mcp-server.git synced 2025-10-17 14:27:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
437 Commits 12 Branches 0 Tags
main
Commit Graph

437 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
6d3ac81fdd build(deps): bump k8s.io/api from 0.33.2 to 0.33.3 
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.33.2 to 0.33.3.
- [Commits](https://github.com/kubernetes/api/compare/v0.33.2...v0.33.3)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-version: 0.33.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-17 06:36:48 +02:00
dependabot[bot]
92cad86e9e build(deps): bump github.com/mark3labs/mcp-go from 0.33.0 to 0.34.0 
---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-16 16:44:20 +02:00
Marc Nuri
bfa699049e test(http): bootstrap tests for HTTP server (177) 
test(http): bootstrap tests for HTTP server

Contains tests for the main endpoints (proxied and handled)
- /sse
- /message
- /mcp
- /healthz
- /.well-known/oauth-protected-resource

Verifies graceful shutdown works as expected

Signed-off-by: Marc Nuri <marc@marcnuri.com>
---
fix: empty config for CI

Signed-off-by: Marc Nuri <marc@marcnuri.com>
 2025-07-16 14:46:11 +02:00
Arda Güçlü
77671617df feat(auth): introduce OIDC token verification if authorization-url is specified (176) 
Pass correct audience
---
Validate server and authorization url via url.Parse
---
Import go-oidc/v3
---
Wire initialized oidc provider if authorization url is set
---
Wire oidc issuer validation
 2025-07-16 14:45:18 +02:00
Marc Nuri
5c753275ab test(mcp): refactor tool filtering tests 
- Prevent declaring tools that are both read-only and destructive
- Remove redundant tests and preserve those behavioral and semantic
 2025-07-14 11:36:01 +02:00
dependabot[bot]
83c37ce02f build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.15.0 to 0.16.0.
- [Commits](https://github.com/golang/sync/compare/v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-version: 0.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 06:46:00 +02:00
dependabot[bot]
6a95f35285 build(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.18.3 to 3.18.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.18.3...v3.18.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 06:32:07 +02:00
dependabot[bot]
288b330b5a build(deps): bump github.com/mark3labs/mcp-go from 0.32.0 to 0.33.0 
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.32.0 to 0.33.0.
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](https://github.com/mark3labs/mcp-go/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-14 06:31:55 +02:00
Arda Güçlü
275b91a00d feat(auth): introduce require-oauth flag to comply with OAuth in MCP specification (170) 
Introduce require-oauth flag

When this flag is enabled, authorization middleware will be turned on.
When this flag is enabled, Derived which is generated based on the client
token will not be used.
---
Wire Authorization middleware to http mux

This commit adds authorization middleware. Additionally, this commit
rejects the requests if the bearer token is absent in Authorization
header of the request.
---
Add offline token validation for expiration and audience

Per Model Context Protocol specification, MCP Servers must check the
audience field of the token to ensure that they are generated specifically
for them.

This commits parses the JWT token and asserts that audience is correct
and token is not expired.
---
Add online token verification via TokenReview request to API Server

This commit sends online token verification by sending request to
TokenReview endpoint of API Server with the token and expected audience.

If API Server returns the status as authenticated, that means this token
can be used to generate a new ad hoc token for MCP Server.

If API Server returns the status as not authenticated, that means this token
is invalid and MCP Server returns 401 to force the client to initiate OAuth flow.
---
Serve oauth protected resource metadata endpoint
---
Introduce server-url to be represented in protected resource metadata
---
Add error return type in Derived function
---
Return error if error occurs in Derived, when require-oauth
---
Add test cases for authorization-url and server-url
---
Wire server-url to audience, if it is set
---
Remove redundant ssebaseurl parameter from http
 2025-07-14 06:31:17 +02:00
Arda Güçlü
114726fb7c test(config): add new test case to increase the test coverage of Derived Config (167) 
Add new unit tests to check the values in Derived config
---
Rely on kubeconfig in staticConfig instead of a separate but equal one
 2025-07-08 06:07:18 +02:00
Marc Nuri
c5b2223249 test(config): explicit parsing tests 2025-07-08 06:03:37 +02:00
Arda Güçlü
42e8e3496f feat(http): add graceful shutdown of http server by catching interruption signals (164) 
Move http serving under its specific dir
---
Add gracefully shutdown for http server
 2025-07-08 06:02:54 +02:00
Arda Güçlü
00e4f1816f fix(auth): isolate bearer token config from kubeconfig 2025-07-07 07:09:26 +02:00
Arda Güçlü
9ffb818ab2 feat(auht): accept standard oauth authorization header by keeping the current header 2025-07-03 06:57:42 +02:00
Arda Güçlü
524e4f5d2a feat(http): introduce middleware for audit logs and authentication checks (157) 
Introduce wrapper middleware to intercept http requests
---
Rename middleware to http
 2025-07-02 15:08:17 +02:00
Arda Güçlü
ebe0ba9816 fix(kubernetes): wire static config to Derived object 2025-07-02 14:27:31 +02:00
Arda Güçlü
e6b19034aa feat(mcp): serve sse and streamable from a single port 2025-07-02 14:04:18 +02:00
Arda Güçlü
186f445ca2 feat(config): introduce enabled/disabled tool list in configuration file (155) 
Introduce allow/deny tool functionality in toml config
---
Remove duplicate fields that already defined in staticConfig
---
Add unit tests to verify tool valid check
---
Wire staticConfig to fix unit tests
---
Rename to enabled/disabled instead of allowed/denied
 2025-07-01 16:02:36 +02:00
Marc Nuri
af2a8cd19d feat(config): deny resources by using RESTMapper as an interceptor (149) 
feat(config): deny resources by using RESTMapper as an interceptor

This approach ensures that resources in the deny list are **always**
processed regardless of the implementation.

The RESTMapper takes care of verifying that the requested Group Version Kind
complies with the deny list while checking for the REST endpoint.
---
feat(config): provide a limited clientset which check access
---
review: addressed PR comments
---
feat(config): provide a limited metrics clientset to check access
---
review: addressed PR comments regarding pods_exec
 2025-07-01 14:44:22 +02:00
Arda Güçlü
2a1a3e4fbd feat(config): define flags in configuration file (152) 
Define flags in configuration file
---
Add vscode in .gitignore
 2025-07-01 09:39:38 +02:00
Marc Nuri
b777972c14 test(config): additional test cases for config errors 
Relates to #131
 2025-06-30 15:05:52 +02:00
dependabot[bot]
cd1cb1a630 build(deps): bump sigs.k8s.io/yaml from 1.4.0 to 1.5.0 
Bumps [sigs.k8s.io/yaml](https://github.com/kubernetes-sigs/yaml) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/kubernetes-sigs/yaml/releases)
- [Changelog](https://github.com/kubernetes-sigs/yaml/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/yaml/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/yaml
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-26 09:42:47 +02:00
Marc Nuri
1968652aca test(config): extensive test suite for denied lists 2025-06-23 13:09:02 +02:00
Marc Nuri
f3915cd13e test(profiles): add missing pods_top to full profile tools validation 2025-06-20 16:41:17 +02:00
Arda Güçlü
bca2cda21a fix(mcp): gracefully cast tool call params objects and return err instead of panic 2025-06-20 15:32:13 +02:00
dependabot[bot]
a568ac1d88 build(deps): bump k8s.io/kubectl from 0.33.1 to 0.33.2 
Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.33.1 to 0.33.2.
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.33.1...v0.33.2)

---
updated-dependencies:
- dependency-name: k8s.io/kubectl
  dependency-version: 0.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-20 12:34:57 +02:00
dependabot[bot]
6f7eb53fd8 build(deps): bump k8s.io/cli-runtime from 0.33.1 to 0.33.2 
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.33.1 to 0.33.2.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.33.1...v0.33.2)

---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
  dependency-version: 0.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-20 12:22:55 +02:00
dependabot[bot]
21e8aa38a2 build(deps): bump k8s.io/apiextensions-apiserver from 0.33.1 to 0.33.2 
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.33.1 to 0.33.2.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.33.1...v0.33.2)

---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
  dependency-version: 0.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-20 12:14:29 +02:00
dependabot[bot]
69d1e2895b build(deps): bump k8s.io/api from 0.33.1 to 0.33.2 
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.33.1 to 0.33.2.
- [Commits](https://github.com/kubernetes/api/compare/v0.33.1...v0.33.2)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-version: 0.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-20 12:03:17 +02:00
dependabot[bot]
c21f97057a build(deps): bump k8s.io/metrics from 0.33.1 to 0.33.2 
Bumps [k8s.io/metrics](https://github.com/kubernetes/metrics) from 0.33.1 to 0.33.2.
- [Commits](https://github.com/kubernetes/metrics/compare/v0.33.1...v0.33.2)

---
updated-dependencies:
- dependency-name: k8s.io/metrics
  dependency-version: 0.33.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-20 12:02:37 +02:00
Marc Nuri
f668658217 test(cmd): additional test cases for config flags 
Relates to #131
 2025-06-19 16:26:53 +02:00
Arda Güçlü
754da19d81 feat(config): introduce toml configuration file with a set of deny list 2025-06-19 13:41:47 +02:00
Marc Nuri
25608daf4a fix(kubernetes): remove unneeded CacheInvalidate() method (127) 
fix(kubernetes): remove unneeded CacheInvalidate() method
---
test(output): improve age regex
---
test(kubernetes): remove unneeded CacheInvalidate() method (mutex lock)
---
test(kubernetes): split TestPodsTop to avoid discovery client cache issues
 2025-06-18 12:51:09 +02:00
Marc Nuri
2957faa771 test:refactor(cmd): test verifies behavior from cobra.Command layer 
Previous iteration was running method directly
 2025-06-18 06:46:17 +02:00
Marc Nuri
f138b06ba8 refactor(kubernetes): force usage of Derived kubernetes (125) 
refactor(kubernetes): force usage of Derived kubernetes

Prevents consumers of the kubernetes package the usage of
public methods on a non-derived config instance.
---
review(kubernetes): force usage of Derived kubernetes

Addresses comment by ardaguclu
 2025-06-18 06:46:05 +02:00
Arda Güçlü
4a3ff2f2ce refactor(mcp): use k8s.io/utils ptr.Deref instead of a custom func 2025-06-18 05:10:29 +02:00
dependabot[bot]
85876a4621 build(deps): bump helm.sh/helm/v3 from 3.18.2 to 3.18.3 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.18.2 to 3.18.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.18.2...v3.18.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.18.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-17 19:43:04 +02:00
dependabot[bot]
813bba5285 build(deps): bump k8s.io/kubectl from 0.33.0 to 0.33.1 
Bumps [k8s.io/kubectl](https://github.com/kubernetes/kubectl) from 0.33.0 to 0.33.1.
- [Commits](https://github.com/kubernetes/kubectl/compare/v0.33.0...v0.33.1)

---
updated-dependencies:
- dependency-name: k8s.io/kubectl
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-17 19:42:54 +02:00
Arda Güçlü
2c18ca0822 refactor(cmd): use cobra to align with kubernetes (123) 
Use cobra to align with kubernetes
---
Update unit tests based on new Cobra
---
Add help test back
 2025-06-17 18:57:08 +02:00
dependabot[bot]
b07cd04d60 build(deps): bump k8s.io/metrics from 0.33.0 to 0.33.1 
Bumps [k8s.io/metrics](https://github.com/kubernetes/metrics) from 0.33.0 to 0.33.1.
- [Commits](https://github.com/kubernetes/metrics/compare/v0.33.0...v0.33.1)

---
updated-dependencies:
- dependency-name: k8s.io/metrics
  dependency-version: 0.33.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-17 08:59:12 +02:00
Marc Nuri
1a4605dc2d feat(pods): pods_top retrieves Pod resource consumption (metrics API) (119) 
feat(pods): pods_top retrieves Pod resource consumption (metrics API)
---
doc(pods): pods_top retrieves Pod resource consumption (metrics API)
 2025-06-16 12:07:36 +02:00
Marc Nuri
84782048a6 feat(http): streamable HTTP transport 2025-06-13 10:51:02 +02:00
Marc Nuri
2a9dddfb0a doc(output): add --list-output description to README.md 2025-06-13 09:46:03 +02:00
dependabot[bot]
0eaf2888cc build(deps): bump github.com/mark3labs/mcp-go from 0.31.0 to 0.32.0 
Bumps [github.com/mark3labs/mcp-go](https://github.com/mark3labs/mcp-go) from 0.31.0 to 0.32.0.
- [Release notes](https://github.com/mark3labs/mcp-go/releases)
- [Commits](https://github.com/mark3labs/mcp-go/compare/v0.31.0...v0.32.0)

---
updated-dependencies:
- dependency-name: github.com/mark3labs/mcp-go
  dependency-version: 0.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-12 15:37:33 +02:00
Marc Nuri
187efaaedc feat(output)!: default list-output changed from yaml to table 2025-06-12 15:36:35 +02:00
Marc Nuri
54d3726620 test(output): additional tests for --list-output=table 2025-06-12 13:57:50 +02:00
Marc Nuri
7e10e82a3a feat(output): table output to minimize resource list verbosity 
A new configuration options is available: `--list-output`

There are two modes available:
 - `yaml`: current default (will be changed in subsequent PR), which returns a multi-document YAML
 - `table`: returns a plain-text table as created by the kube-api server when requested with
   `Accept: application/json;as=Table;v=v1;g=meta.k8s.io`

Additional logic has been added to the table format to include the apiVersion and kind.
This is not returned by the server, kubectl doesn't include this either.
However, this is extremely handy for the LLM when using the generic resource tools.
 2025-06-12 13:26:40 +02:00
Marc Nuri
155fe6847f feat(output): configurable output architecture 2025-06-11 12:13:23 +02:00
Yusheng Guo
d070de86eb test: fix typo in test skip message for non-Unix-like platforms 
Darwin (macOS) isn't a linux platform.
 2025-06-10 15:24:30 +02:00
dependabot[bot]
b8212b6f6c build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.40.0 to 0.41.0.
- [Commits](https://github.com/golang/net/compare/v0.40.0...v0.41.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-06-09 12:32:37 +02:00