[MATRIX-1118] support transport type flag for MCP_SERVER (#3181)

Author: yanand0909

cmd/lint/main.go

@@ -255,6 +255,7 @@ var vocabWords = []string{
 	"googleai",
 	"gzip",
 	"hostname",
+	"http",
 	"https",
 	"html",
 	"iam",
@@ -321,11 +322,14 @@ var vocabWords = []string{
 	"sso",
 	"subresource",
 	"stdin",
+	"streamable",
+	"streamable_http",
 	"systest",
 	"tableflow",
 	"tcp",
 	"transactional",
 	"transitgateway",
+	"transport_type",
 	"txt",
 	"ui",
 	"undelete",

internal/flink/command_connection.go

@@ -3,6 +3,7 @@ package flink
 import (
 	"fmt"
 	"slices"
+	"strings"
 	"time"
 
 	"github.com/samber/lo"
@@ -96,6 +97,7 @@ func AddConnectionSecretFlags(cmd *cobra.Command) {
 	cmd.Flags().String("client-secret", "", fmt.Sprintf("Specify OAuth2 client secret for the type: %s.", utils.ArrayToCommaDelimitedString(flink.ConnectionSecretTypeMapping["client-secret"], "or")))
 	cmd.Flags().String("scope", "", fmt.Sprintf("Specify OAuth2 scope for the type: %s.", utils.ArrayToCommaDelimitedString(flink.ConnectionSecretTypeMapping["scope"], "or")))
 	cmd.Flags().String("sse-endpoint", "", fmt.Sprintf("Specify SSE endpoint for the type: %s.", utils.ArrayToCommaDelimitedString(flink.ConnectionSecretTypeMapping["sse-endpoint"], "or")))
+	cmd.Flags().String("transport-type", "", fmt.Sprintf("Specify transport type for the type: %s. Default: SSE.", utils.ArrayToCommaDelimitedString(flink.ConnectionSecretTypeMapping["transport-type"], "or")))
 	cmd.MarkFlagsRequiredTogether("username", "password")
 	cmd.MarkFlagsRequiredTogether("aws-access-key", "aws-secret-key")
 	cmd.MarkFlagsRequiredTogether("token-endpoint", "client-id", "client-secret", "scope")
@@ -109,29 +111,51 @@ func validateConnectionType(connectionType string) error {
 	return nil
 }
 
-func validateConnectionSecrets(cmd *cobra.Command, connectionType string) (map[string]string, error) {
-	var connectionSecrets []string
-	connectionSecrets = append(connectionSecrets, flink.ConnectionTypeSecretMapping[connectionType]...)
+func validateSecretCompatibility(cmd *cobra.Command, connectionType string) error {
+	connectionSecrets := flink.ConnectionTypeSecretMapping[connectionType]
 
 	for key := range flink.ConnectionSecretTypeMapping {
 		secret, err := cmd.Flags().GetString(key)
 		if err != nil {
-			return nil, err
+			return err
 		}
 		if secret != "" && !slices.Contains(connectionSecrets, key) {
-			return nil, errors.NewErrorWithSuggestions(fmt.Sprintf("%s is invalid for connection %s.", key, connectionType), fmt.Sprintf("Valid secret types are %s.", utils.ArrayToCommaDelimitedString(connectionSecrets, "or")))
+			return errors.NewErrorWithSuggestions(
+				fmt.Sprintf("%s is invalid for connection %s.", key, connectionType),
+				fmt.Sprintf("Valid secret types are %s.", utils.ArrayToCommaDelimitedString(connectionSecrets, "or")))
 		}
 	}
+	return nil
+}
 
-	requiredSecretKeys := flink.ConnectionRequiredSecretMapping[connectionType]
-	var optionalSecretKeys []string
-	for _, secretKey := range flink.ConnectionTypeSecretMapping[connectionType] {
-		if !slices.Contains(requiredSecretKeys, secretKey) {
-			optionalSecretKeys = append(optionalSecretKeys, secretKey)
+func validateSecretValues(cmd *cobra.Command) error {
+	for key, allowedValues := range flink.ConnectionSecretAllowedValues {
+		secretValue, err := cmd.Flags().GetString(key)
+		if err != nil {
+			return err
+		}
+		if secretValue != "" && !containsCaseInsensitive(allowedValues, secretValue) {
+			return errors.NewErrorWithSuggestions(
+				fmt.Sprintf("%s is invalid value for flag %s.", secretValue, key),
+				fmt.Sprintf("Valid values for flag %s are %s.", key, utils.ArrayToCommaDelimitedString(allowedValues, "or")))
+		}
+	}
+	return nil
+}
+
+func containsCaseInsensitive(slice []string, item string) bool {
+	for _, s := range slice {
+		if strings.EqualFold(s, item) {
+			return true
 		}
 	}
+	return false
+}
 
+func buildRequiredSecretsMap(cmd *cobra.Command, connectionType string) (map[string]string, error) {
+	requiredSecretKeys := flink.ConnectionRequiredSecretMapping[connectionType]
 	secretMap := map[string]string{}
+
 	for _, requiredKey := range requiredSecretKeys {
 		secret, err := cmd.Flags().GetString(requiredKey)
 		if err != nil {
@@ -146,23 +170,47 @@ func validateConnectionSecrets(cmd *cobra.Command, connectionType string) (map[s
 		}
 		secretMap[backendKey] = secret
 	}
+	return secretMap, nil
+}
+
+func addOptionalSecretsToMap(cmd *cobra.Command, connectionType string, secretMap map[string]string) error {
+	requiredSecretKeys := flink.ConnectionRequiredSecretMapping[connectionType]
+	var optionalSecretKeys []string
+
+	for _, secretKey := range flink.ConnectionTypeSecretMapping[connectionType] {
+		if !slices.Contains(requiredSecretKeys, secretKey) {
+			optionalSecretKeys = append(optionalSecretKeys, secretKey)
+		}
+	}
 
 	for _, optionalSecretKey := range optionalSecretKeys {
 		secret, err := cmd.Flags().GetString(optionalSecretKey)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		backendKey, ok := flink.ConnectionSecretBackendKeyMapping[optionalSecretKey]
 		if !ok {
-			return nil, fmt.Errorf("backend key not found for %s", optionalSecretKey)
+			return fmt.Errorf("backend key not found for %s", optionalSecretKey)
 		}
 
 		if secret != "" {
 			secretMap[backendKey] = secret
 		}
 	}
+	return nil
+}
+
+func validateTransportTypeRules(secretMap map[string]string) error {
+	if transportType, ok := secretMap["TRANSPORT_TYPE"]; ok && transportType == "STREAMABLE_HTTP" {
+		if _, ok := secretMap["SSE_ENDPOINT"]; ok {
+			return fmt.Errorf("sse-endpoint flag is not allowed for STREAMABLE_HTTP transport-type")
+		}
+	}
+	return nil
+}
 
+func determineAndSetAuthType(secretMap map[string]string) {
 	if _, ok := secretMap["API_KEY"]; ok {
 		secretMap[authType] = "API_KEY"
 	} else if _, ok := secretMap["USERNAME"]; ok {
@@ -172,13 +220,52 @@ func validateConnectionSecrets(cmd *cobra.Command, connectionType string) (map[s
 	} else if _, ok := secretMap["OAUTH2_CLIENT_ID"]; ok {
 		secretMap[authType] = "OAUTH2"
 	}
+}
 
+func validateRequiredAuthSecrets(connectionType string, secretMap map[string]string) error {
 	if secretMap[authType] == "" && slices.Contains(types.GetKeys(flink.ConnectionOneOfRequiredSecretsMapping), connectionType) {
-		return nil, fmt.Errorf("no secrets provided for type %s, one of the required secrets %s must be provided", connectionType,
+		return fmt.Errorf("no secrets provided for type %s, one of the required secrets %s must be provided", connectionType,
 			utils.ArrayToCommaDelimitedString(lo.Map(flink.ConnectionOneOfRequiredSecretsMapping[connectionType], func(item []string, _ int) string {
 				return fmt.Sprintf("%s", item)
 			}), "or"))
 	}
+	return nil
+}
+
+func validateConnectionSecrets(cmd *cobra.Command, connectionType string) (map[string]string, error) {
+	// Validate secret compatibility with connection type
+	if err := validateSecretCompatibility(cmd, connectionType); err != nil {
+		return nil, err
+	}
+
+	// Validate secret values against allowed values
+	if err := validateSecretValues(cmd); err != nil {
+		return nil, err
+	}
+
+	// Build secret map from required secrets
+	secretMap, err := buildRequiredSecretsMap(cmd, connectionType)
+	if err != nil {
+		return nil, err
+	}
+
+	// Add optional secrets to the map
+	if err := addOptionalSecretsToMap(cmd, connectionType, secretMap); err != nil {
+		return nil, err
+	}
+
+	// Validate transport type specific rules
+	if err := validateTransportTypeRules(secretMap); err != nil {
+		return nil, err
+	}
+
+	// Determine and set authentication type
+	determineAndSetAuthType(secretMap)
+
+	// Validate required authentication secrets
+	if err := validateRequiredAuthSecrets(connectionType, secretMap); err != nil {
+		return nil, err
+	}
 
 	return secretMap, nil
 }

pkg/flink/utils.go

@@ -16,7 +16,7 @@ var (
 		"couchbase":      {"username", "password"},
 		"confluent_jdbc": {"username", "password"},
 		"rest":           {"username", "password", "token", "token-endpoint", "client-id", "client-secret", "scope"},
-		"mcp_server":     {"api-key", "token", "token-endpoint", "client-id", "client-secret", "scope", "sse-endpoint"},
+		"mcp_server":     {"api-key", "token", "token-endpoint", "client-id", "client-secret", "scope", "sse-endpoint", "transport-type"},
 	}
 
 	ConnectionSecretTypeMapping = map[string][]string{
@@ -33,6 +33,7 @@ var (
 		"client-secret":     {"rest", "mcp_server"},
 		"scope":             {"rest", "mcp_server"},
 		"sse-endpoint":      {"mcp_server"},
+		"transport-type":    {"mcp_server"},
 	}
 
 	ConnectionRequiredSecretMapping = map[string][]string{
@@ -57,6 +58,10 @@ var (
 		"mcp_server": {{"api-key"}, {"token"}, {"token-endpoint", "client-id", "client-secret", "scope"}},
 	}
 
+	ConnectionSecretAllowedValues = map[string][]string{
+		"transport-type": {"SSE", "STREAMABLE_HTTP"},
+	}
+
 	ConnectionSecretBackendKeyMapping = map[string]string{
 		"api-key":           "API_KEY",
 		"aws-access-key":    "AWS_ACCESS_KEY_ID",
@@ -71,5 +76,6 @@ var (
 		"client-secret":     "OAUTH2_CLIENT_SECRET",
 		"scope":             "OAUTH2_SCOPE",
 		"sse-endpoint":      "SSE_ENDPOINT",
+		"transport-type":    "TRANSPORT_TYPE",
 	}
 )

test/fixtures/output/flink/connection/create-help.golden

@@ -26,6 +26,7 @@ Flags:
       --client-secret string       Specify OAuth2 client secret for the type: "rest" or "mcp_server".
       --scope string               Specify OAuth2 scope for the type: "rest" or "mcp_server".
       --sse-endpoint string        Specify SSE endpoint for the type: "mcp_server".
+      --transport-type string      Specify transport type for the type: "mcp_server". Default: SSE.
       --environment string         Environment ID.
   -o, --output string              Specify the output format as "human", "json", or "yaml". (default "human")
 

test/fixtures/output/flink/connection/create/create-mcp_server-missing-required-secret.golden

@@ -25,6 +25,7 @@ Flags:
       --client-secret string       Specify OAuth2 client secret for the type: "rest" or "mcp_server".
       --scope string               Specify OAuth2 scope for the type: "rest" or "mcp_server".
       --sse-endpoint string        Specify SSE endpoint for the type: "mcp_server".
+      --transport-type string      Specify transport type for the type: "mcp_server". Default: SSE.
       --environment string         Environment ID.
   -o, --output string              Specify the output format as "human", "json", or "yaml". (default "human")
 

test/fixtures/output/flink/connection/create/create-mcp_server-mutually-exclusive-secret.golden

@@ -25,6 +25,7 @@ Flags:
       --client-secret string       Specify OAuth2 client secret for the type: "rest" or "mcp_server".
       --scope string               Specify OAuth2 scope for the type: "rest" or "mcp_server".
       --sse-endpoint string        Specify SSE endpoint for the type: "mcp_server".
+      --transport-type string      Specify transport type for the type: "mcp_server". Default: SSE.
       --environment string         Environment ID.
   -o, --output string              Specify the output format as "human", "json", or "yaml". (default "human")
 

test/fixtures/output/flink/connection/create/create-missing-required-secret.golden

@@ -25,6 +25,7 @@ Flags:
       --client-secret string       Specify OAuth2 client secret for the type: "rest" or "mcp_server".
       --scope string               Specify OAuth2 scope for the type: "rest" or "mcp_server".
       --sse-endpoint string        Specify SSE endpoint for the type: "mcp_server".
+      --transport-type string      Specify transport type for the type: "mcp_server". Default: SSE.
       --environment string         Environment ID.
   -o, --output string              Specify the output format as "human", "json", or "yaml". (default "human")
 

test/fixtures/output/flink/connection/create/create-rest-missing-required-secret.golden

@@ -25,6 +25,7 @@ Flags:
       --client-secret string       Specify OAuth2 client secret for the type: "rest" or "mcp_server".
       --scope string               Specify OAuth2 scope for the type: "rest" or "mcp_server".
       --sse-endpoint string        Specify SSE endpoint for the type: "mcp_server".
+      --transport-type string      Specify transport type for the type: "mcp_server". Default: SSE.
       --environment string         Environment ID.
   -o, --output string              Specify the output format as "human", "json", or "yaml". (default "human")
 

test/fixtures/output/flink/connection/create/create-rest-mutually-exclusive-secret.golden

@@ -25,6 +25,7 @@ Flags:
       --client-secret string       Specify OAuth2 client secret for the type: "rest" or "mcp_server".
       --scope string               Specify OAuth2 scope for the type: "rest" or "mcp_server".
       --sse-endpoint string        Specify SSE endpoint for the type: "mcp_server".
+      --transport-type string      Specify transport type for the type: "mcp_server". Default: SSE.
       --environment string         Environment ID.
   -o, --output string              Specify the output format as "human", "json", or "yaml". (default "human")
 

test/fixtures/output/flink/connection/create/create-streamable-http-mcp-connection-with-sse-endpoint.golden

@@ -0,0 +1 @@
+Error: sse-endpoint flag is not allowed for STREAMABLE_HTTP transport-type