mirror of
https://github.com/openshift/openshift-mcp-server.git
synced 2025-10-17 14:27:48 +03:00
a2d16e9f41
* feat: add cluster provider for kubeconfig Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: move server to use ClusterProvider interface Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: authentication middleware works with cluster provider Signed-off-by: Calum Murray <cmurray@redhat.com> * fix: unit tests work after cluster provider changes Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: add tool mutator to add cluster parameter Signed-off-by: Calum Murray <cmurray@redhat.com> * test: handle cluster parameter Signed-off-by: Calum Murray <cmurray@redhat.com> * fix: handle lazy init correctly Signed-off-by: Calum Murray <cmurray@redhat.com> * refactor: move to using multi-strategy ManagerProvider Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: add contexts_list tool Signed-off-by: Calum Murray <cmurray@redhat.com> * refactor: make tool mutator generic between cluster/context naming Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: introduce tool filter Signed-off-by: Calum Murray <cmurray@redhat.com> * refactor: use new ManagerProvider/mutator/filter within mcp server Signed-off-by: Calum Murray <cmurray@redhat.com> * fix(test): tests expect context parameter in tool defs Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: auth handles multi-cluster case correctly Signed-off-by: Calum Murray <cmurray@redhat.com> * fix: small changes from local testing Signed-off-by: Calum Murray <cmurray@redhat.com> * chore: fix enum test Signed-off-by: Calum Murray <cmurray@redhat.com> * review: Multi Cluster support (#1) * nit: rename contexts_list to configuration_contexts_list Besides the conventional naming, it helps LLMs understand the context of the tool by providing a certain level of hierarchy. Signed-off-by: Marc Nuri <marc@marcnuri.com> * fix(mcp): ToolMutator doesn't rely on magic strings Signed-off-by: Marc Nuri <marc@marcnuri.com> * refactor(api): don't expose ManagerProvider to toolsets Signed-off-by: Marc Nuri <marc@marcnuri.com> * test(mcp): configuration_contexts_list basic tests Signed-off-by: Marc Nuri <marc@marcnuri.com> * test(toolsets): revert edge-case test This test should not be touched. Signed-off-by: Marc Nuri <marc@marcnuri.com> * test(toolsets): add specific metadata tests for multi-cluster Signed-off-by: Marc Nuri <marc@marcnuri.com> * fix(mcp): ToolFilter doesn't rely on magic strings (partially) Signed-off-by: Marc Nuri <marc@marcnuri.com> * test(api): IsClusterAware and IsTargetListProvider default values Signed-off-by: Marc Nuri <marc@marcnuri.com> * test(mcp): revert unneeded changes in mcp_tools_test.go Signed-off-by: Marc Nuri <marc@marcnuri.com> --------- Signed-off-by: Marc Nuri <marc@marcnuri.com> * fix: always include configuration_contexts_list if contexts > 1 Signed-off-by: Calum Murray <cmurray@redhat.com> * feat: include server urls in configuration_contexts_list Signed-off-by: Calum Murray <cmurray@redhat.com> --------- Signed-off-by: Calum Murray <cmurray@redhat.com> Signed-off-by: Marc Nuri <marc@marcnuri.com> Co-authored-by: Marc Nuri <marc@marcnuri.com>
95 lines
3.9 KiB
Go
95 lines
3.9 KiB
Go
package config
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/BurntSushi/toml"
|
|
)
|
|
|
|
const (
|
|
ClusterProviderKubeConfig = "kubeconfig"
|
|
ClusterProviderInCluster = "in-cluster"
|
|
)
|
|
|
|
// StaticConfig is the configuration for the server.
|
|
// It allows to configure server specific settings and tools to be enabled or disabled.
|
|
type StaticConfig struct {
|
|
DeniedResources []GroupVersionKind `toml:"denied_resources"`
|
|
|
|
LogLevel int `toml:"log_level,omitempty"`
|
|
Port string `toml:"port,omitempty"`
|
|
SSEBaseURL string `toml:"sse_base_url,omitempty"`
|
|
KubeConfig string `toml:"kubeconfig,omitempty"`
|
|
ListOutput string `toml:"list_output,omitempty"`
|
|
// When true, expose only tools annotated with readOnlyHint=true
|
|
ReadOnly bool `toml:"read_only,omitempty"`
|
|
// When true, disable tools annotated with destructiveHint=true
|
|
DisableDestructive bool `toml:"disable_destructive,omitempty"`
|
|
Toolsets []string `toml:"toolsets,omitempty"`
|
|
EnabledTools []string `toml:"enabled_tools,omitempty"`
|
|
DisabledTools []string `toml:"disabled_tools,omitempty"`
|
|
|
|
// Authorization-related fields
|
|
// RequireOAuth indicates whether the server requires OAuth for authentication.
|
|
RequireOAuth bool `toml:"require_oauth,omitempty"`
|
|
// OAuthAudience is the valid audience for the OAuth tokens, used for offline JWT claim validation.
|
|
OAuthAudience string `toml:"oauth_audience,omitempty"`
|
|
// ValidateToken indicates whether the server should validate the token against the Kubernetes API Server using TokenReview.
|
|
ValidateToken bool `toml:"validate_token,omitempty"`
|
|
// AuthorizationURL is the URL of the OIDC authorization server.
|
|
// It is used for token validation and for STS token exchange.
|
|
AuthorizationURL string `toml:"authorization_url,omitempty"`
|
|
// DisableDynamicClientRegistration indicates whether dynamic client registration is disabled.
|
|
// If true, the .well-known endpoints will not expose the registration endpoint.
|
|
DisableDynamicClientRegistration bool `toml:"disable_dynamic_client_registration,omitempty"`
|
|
// OAuthScopes are the supported **client** scopes requested during the **client/frontend** OAuth flow.
|
|
OAuthScopes []string `toml:"oauth_scopes,omitempty"`
|
|
// StsClientId is the OAuth client ID used for backend token exchange
|
|
StsClientId string `toml:"sts_client_id,omitempty"`
|
|
// StsClientSecret is the OAuth client secret used for backend token exchange
|
|
StsClientSecret string `toml:"sts_client_secret,omitempty"`
|
|
// StsAudience is the audience for the STS token exchange.
|
|
StsAudience string `toml:"sts_audience,omitempty"`
|
|
// StsScopes is the scopes for the STS token exchange.
|
|
StsScopes []string `toml:"sts_scopes,omitempty"`
|
|
CertificateAuthority string `toml:"certificate_authority,omitempty"`
|
|
ServerURL string `toml:"server_url,omitempty"`
|
|
// ClusterProviderStrategy is how the server finds clusters.
|
|
// If set to "kubeconfig", the clusters will be loaded from those in the kubeconfig.
|
|
// If set to "in-cluster", the server will use the in cluster config
|
|
ClusterProviderStrategy string `toml:"cluster_provider_strategy,omitempty"`
|
|
// ClusterContexts is which context should be used for each cluster
|
|
ClusterContexts map[string]string `toml:"cluster_contexts"`
|
|
}
|
|
|
|
func Default() *StaticConfig {
|
|
return &StaticConfig{
|
|
ListOutput: "table",
|
|
Toolsets: []string{"core", "config", "helm"},
|
|
}
|
|
}
|
|
|
|
type GroupVersionKind struct {
|
|
Group string `toml:"group"`
|
|
Version string `toml:"version"`
|
|
Kind string `toml:"kind,omitempty"`
|
|
}
|
|
|
|
// Read reads the toml file and returns the StaticConfig.
|
|
func Read(configPath string) (*StaticConfig, error) {
|
|
configData, err := os.ReadFile(configPath)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return ReadToml(configData)
|
|
}
|
|
|
|
// ReadToml reads the toml data and returns the StaticConfig.
|
|
func ReadToml(configData []byte) (*StaticConfig, error) {
|
|
config := Default()
|
|
if err := toml.Unmarshal(configData, config); err != nil {
|
|
return nil, err
|
|
}
|
|
return config, nil
|
|
}
|