Merge pull request #23 from antonbricks/streamlit-uc-connections

Streamlit uc connections

Author: antonbricks

docs/docs/dash/external_services/_category_.json

@@ -0,0 +1,4 @@
+{
+  "label": "External services",
+  "position": 8
+}

docs/docs/dash/external_services/external_connections.mdx

@@ -0,0 +1,215 @@
+---
+sidebar_position: 1
+---
+
+# External connections
+
+This recipe demonstrates how to use Unity Catalog-managed external HTTP connections for secure and governed access to MCP and non-MCP servers, for example, to GitHub, or Jira, and Slack.
+
+## Code snippets
+
+### Bearer Token Method
+
+```python title="app.py"
+from databricks.sdk import WorkspaceClient
+from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod
+w = WorkspaceClient()
+
+response = w.serving_endpoints.http_request(
+    conn="github_connection",
+    method=ExternalFunctionRequestHttpMethod.GET,
+    path="/traffic/views",
+    headers={"Accept": "application/vnd.github+json"},
+)
+
+print(response.json())
+```
+
+### Github Non-MCP API with Oauth On-Behalf-Of User
+
+```python title="app.py"
+from databricks.sdk import WorkspaceClient
+from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod
+from flask import request
+token = request.headers.get("x-forwarded-access-token")
+w = WorkspaceClient(token=token, auth_type="pat")
+
+response = w.serving_endpoints.http_request(
+    conn="github_u2m",
+    method=ExternalFunctionRequestHttpMethod.GET,
+    path="/user",
+    headers={"Accept": "application/vnd.github+json"},
+)
+
+print(response.json())
+```
+
+### Github API (Non-MCP) with OAuth User to Machine Per User (On-behalf-of-user)
+
+```python title="app.py"
+import contextvars
+import os
+import uuid
+from pathlib import Path
+from mcp.server.fastmcp import FastMCP
+from fastapi import FastAPI, Request
+from fastapi.responses import FileResponse
+from typing import Dict, Any
+from databricks.sdk import WorkspaceClient
+from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod
+
+
+STATIC_DIR = Path(__file__).parent / "static"
+
+# Create an MCP server
+mcp = FastMCP("Custom MCP Server on Databricks Apps")
+
+# Context variable for headers
+header_store = contextvars.ContextVar("header_store")
+
+def init_github_tools() -> Dict[str, Any]:
+    headers = header_store.get({})
+    token=headers["x-forwarded-access-token"]
+
+    json = {
+        "jsonrpc": "2.0",
+        "id": "init-1",
+        "method": "initialize",
+        "params": {}
+    }
+
+    try:
+        response =  WorkspaceClient(token=token, auth_type="pat").serving_endpoints.http_request(
+            conn="github_u2m_connection",
+            method=ExternalFunctionRequestHttpMethod.POST,
+            path="/",
+            json=json,
+        )
+    except Exception as e:
+        print(f"Error making the init request: {e}")
+        return {"error": str(e)}
+
+    # Extract the Mcp-Session-Id from response headers
+    print("MCP_HEADERS", response.headers)
+    session_id = response.headers.get("mcp-session-id")
+    if not session_id:
+        print("No session ID returned by server.")
+
+    print(f"✅ Got MCP Session ID: {session_id}")
+    return session_id
+
+# Tool using header_store
+def list_github_tools() -> Dict[str, Any]:
+    session_id = init_github_tools()
+    headers = header_store.get({})
+    token=headers["x-forwarded-access-token"]
+
+    json = {
+        "jsonrpc": "2.0",
+        "id": "list-1",
+        "method": "tools/list",
+    }
+
+    try:
+        response =  WorkspaceClient(token=token, auth_type="pat").serving_endpoints.http_request(
+            conn="github_u2m_connection",
+            method=ExternalFunctionRequestHttpMethod.POST,
+            path="/",
+            json=json,
+            headers={
+                "Mcp-Session-Id": session_id
+            }
+        )
+    except Exception as e:
+        print(f"Error: {e}")
+        return {"error": str(e)}
+
+    print(f"Response list tools: {response.json()}")
+
+    return response.json()
+
+
+def call_github_tool(name: str, arguments: dict) -> Dict[str, Any]:
+    session_id = init_github_tools()
+    headers = header_store.get({})
+    token=headers["x-forwarded-access-token"]
+    json = {
+        "jsonrpc": "2.0",
+        "id": "call-1",
+        "method": "tools/call",
+        "params": {
+            "name": name,
+            "arguments": arguments
+        }
+    }
+    try:
+        response =  WorkspaceClient(token=token, auth_type="pat").serving_endpoints.http_request(
+            conn="github_u2m_connection",
+            method=ExternalFunctionRequestHttpMethod.POST,
+            path="/",
+            json=json,
+            headers={
+                "Mcp-Session-Id": session_id
+            }
+        )
+    except Exception as e:
+        print(f"Error: {e}")
+        return {"error": str(e)}
+
+    print(f"Response call tools: {response.json()}")
+    return response.json()
+
+@mcp._mcp_server.list_tools()
+async def list_tools():
+    tools_dict = list_github_tools()
+    return tools_dict.get("result", {}).get("tools", [])
+
+@mcp._mcp_server.call_tool()
+async def call_tool(name: str, arguments: dict):
+    response = call_github_tool(name, arguments)
+    return response.get("result", {}).get("content", [])
+
+mcp_app = mcp.streamable_http_app()
+
+
+app = FastAPI(
+    lifespan=lambda _: mcp.session_manager.run(),
+)
+
+@app.middleware("http")
+async def capture_headers(request: Request, call_next):
+    header_store.set(dict(request.headers))
+    return await call_next(request)
+
+@app.get("/", include_in_schema=False)
+async def serve_index():
+    return FileResponse(STATIC_DIR / "index.html")
+
+
+app.mount("/", mcp_app)
+```
+
+## Resources
+
+- [Unity Catalog HTTP Connection](https://docs.databricks.com/aws/en/query-federation/http), either MCP or non-MCP
+
+## Permissions
+
+Your [app service principal](https://docs.databricks.com/aws/en/dev-tools/databricks-apps/#how-does-databricks-apps-manage-authorization) needs the following permissions:
+
+- `USE CONNECTION` permission on the HTTP Connection
+
+When using OAuth User to Machine Per User (On-behalf-of-user), you need to configure [User authorization](https://docs.databricks.com/aws/en/dev-tools/databricks-apps/auth#user-authorization) by adding the Unity Catalog connection or other scopes.
+
+## Dependencies
+
+- [Databricks SDK for Python](https://pypi.org/project/databricks-sdk/) - `databricks-sdk`
+- [Streamlit](https://pypi.org/project/streamlit/) - `streamlit`
+
+```python title="requirements.txt"
+databricks-sdk
+streamlit
+uvicorn
+mcp[cli]
+fastapi
+```

docs/docs/streamlit/external_services/_category_.json

@@ -0,0 +1,4 @@
+{
+  "label": "External services",
+  "position": 8
+}

docs/docs/streamlit/external_services/external_connections.mdx

@@ -0,0 +1,120 @@
+---
+sidebar_position: 1
+---
+
+# External connections
+
+This recipe demonstrates how to use Unity Catalog-managed external HTTP connections for secure and governed access to MCP and non-MCP servers, for example, to GitHub, or Jira, and Slack.
+
+## Code snippets
+
+### Bearer token
+
+```python title="app.py"
+import streamlit as st
+from databricks.sdk import WorkspaceClient
+from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod
+
+w = WorkspaceClient()
+
+response = w.serving_endpoints.http_request(
+    conn="github_connection",
+    method=ExternalFunctionRequestHttpMethod.GET,
+    path="/traffic/views",
+    headers={"Accept": "application/vnd.github+json"},
+)
+
+st.json(response.json())
+```
+
+### Github MCP with OAuth User to Machine Per User (On-behalf-of-user)
+
+```python title="app.py"
+import streamlit as st
+from databricks.sdk import WorkspaceClient
+from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod
+
+token = st.context.headers.get("x-forwarded-access-token")
+w = WorkspaceClient(token=token, auth_type="pat")
+
+response = w.serving_endpoints.http_request(
+    conn="github_u2m",
+    method=ExternalFunctionRequestHttpMethod.GET,
+    path="/user",
+    headers={"Accept": "application/vnd.github+json"},
+)
+
+st.json(response.json())
+```
+
+### Github API (Non-MCP) with OAuth User to Machine Per User (On-behalf-of-user)
+
+```python title="app.py"
+import streamlit as st
+from databricks.sdk import WorkspaceClient
+from databricks.sdk.service.serving import ExternalFunctionRequestHttpMethod
+import json
+
+
+token = st.context.headers.get("x-forwarded-access-token")
+w = WorkspaceClient(token=token, auth_type="pat")
+
+
+def init_mcp_session(w: WorkspaceClient, connection_name: str):
+    init_payload = {
+        "jsonrpc": "2.0",
+        "id": "init-1",
+        "method": "initialize",
+        "params": {}
+    }
+    response = w.serving_endpoints.http_request(
+        conn=connection_name,
+        method=ExternalFunctionRequestHttpMethod.POST,
+        path="/",
+        json=init_payload,
+    )
+    return response.headers.get("mcp-session-id")
+
+
+connection_name = "github_u2m_connection"
+http_method = ExternalFunctionRequestHttpMethod.POST
+path = "/"
+headers = {"Content-Type": "application/json"}
+payload = {"jsonrpc": "2.0", "id": "list-1", "method": "tools/list"}
+
+if st.button("Run"):
+    session_id = init_mcp_session(w, connection_name)
+    headers["Mcp-Session-Id"] = session_id
+
+    response = w.serving_endpoints.http_request(
+        conn=connection_name,
+        method=http_method,
+        path=path,
+        headers=headers,
+        json=payload,
+    )
+    st.json(response.json())
+```
+
+## Resources
+
+- [Unity Catalog HTTP Connection](https://docs.databricks.com/aws/en/query-federation/http), either MCP or non-MCP
+
+## Permissions
+
+Your [app service principal](https://docs.databricks.com/aws/en/dev-tools/databricks-apps/#how-does-databricks-apps-manage-authorization) needs the following permissions:
+
+- `USE CONNECTION` permission on the HTTP Connection
+
+When using OAuth User to Machine Per User (On-behalf-of-user), you need to configure [User authorization](https://docs.databricks.com/aws/en/dev-tools/databricks-apps/auth#user-authorization) by adding the Unity Catalog connection or other scopes.
+
+## Dependencies
+
+- [Databricks SDK for Python](https://pypi.org/project/databricks-sdk/) - `databricks-sdk`
+- [Streamlit](https://pypi.org/project/streamlit/) - `streamlit`
+
+```python title="requirements.txt"
+databricks-sdk
+streamlit
+mcp[cli]
+```