add e2e test

Signed-off-by: Huabing Zhao <[email protected]>

Author: zhaohuabing

api/v1alpha1/mcp_route.go

@@ -177,6 +177,8 @@ type MCPBackendAPIKey struct {
 }
 
 // MCPRouteSecurityPolicy defines the security policy for a MCPRoute.
+//
+// +kubebuilder:validation:XValidation:rule="!has(self.authorization) || has(self.oauth)",message="oauth must be configured when authorization is set"
 type MCPRouteSecurityPolicy struct {
 	// OAuth defines the configuration for the MCP spec compatible OAuth authentication.
 	//

internal/mcpproxy/handlers_test.go

@@ -680,7 +680,7 @@ func TestHandleToolCallRequest_UnknownBackend(t *testing.T) {
 	params := &mcp.CallToolParams{Name: "unknown-backend__unknown-tool"}
 	rr := httptest.NewRecorder()
 
-	err := proxy.handleToolCallRequest(t.Context(), s, rr, &jsonrpc.Request{}, params, nil, nil)
+	err := proxy.handleToolCallRequest(t.Context(), s, rr, &jsonrpc.Request{}, params, nil, http.Header{})
 	require.Error(t, err)
 
 	require.Equal(t, http.StatusNotFound, rr.Code)
@@ -710,7 +710,7 @@ func TestHandleToolCallRequest_BackendError(t *testing.T) {
 	params := &mcp.CallToolParams{Name: "backend1__test-tool"}
 	rr := httptest.NewRecorder()
 
-	err := proxy.handleToolCallRequest(t.Context(), s, rr, &jsonrpc.Request{}, params, nil, nil)
+	err := proxy.handleToolCallRequest(t.Context(), s, rr, &jsonrpc.Request{}, params, nil, http.Header{})
 	require.Error(t, err)
 
 	require.Equal(t, http.StatusInternalServerError, rr.Code)

manifests/charts/ai-gateway-crds-helm/templates/aigateway.envoyproxy.io_mcproutes.yaml

@@ -4211,6 +4211,9 @@ spec:
                     - protectedResourceMetadata
                     type: object
                 type: object
+                x-kubernetes-validations:
+                - message: oauth must be configured when authorization is set
+                  rule: '!has(self.authorization) || has(self.oauth)'
             required:
             - backendRefs
             - parentRefs

tests/crdcel/main_test.go

@@ -250,6 +250,10 @@ func TestMCPRoutes(t *testing.T) {
 			name:   "jwks_both.yaml",
 			expErr: "spec.securityPolicy.oauth.jwks: Invalid value: \"object\": remoteJWKS and localJWKS cannot both be specified.",
 		},
+		{
+			name:   "authorization_without_oauth.yaml",
+			expErr: "spec.securityPolicy: Invalid value: \"object\": oauth must be configured when authorization is set",
+		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
 			data, err := testdata.ReadFile(path.Join("testdata/mcpgatewayroutes", tc.name))

tests/crdcel/testdata/mcpgatewayroutes/authorization_without_oauth.yaml

@@ -0,0 +1,32 @@
+# Copyright Envoy AI Gateway Authors
+# SPDX-License-Identifier: Apache-2.0
+# The full text of the Apache license is available in the LICENSE file at
+# the root of the repo.
+
+apiVersion: aigateway.envoyproxy.io/v1alpha1
+kind: MCPRoute
+metadata:
+  name: authorization-without-oauth
+  namespace: default
+spec:
+  parentRefs:
+    - name: some-gateway
+      kind: Gateway
+      group: gateway.networking.k8s.io
+  backendRefs:
+    - name: mcp-service
+      kind: Service
+      port: 80
+  securityPolicy:
+    authorization:
+      defaultAction: Deny
+      rules:
+        - source:
+            jwtSource:
+              scopes:
+                - echo
+          target:
+            tools:
+              - backendName: mcp-service
+                toolName: echo
+          action: Allow

tests/e2e/mcp_route_authorization_test.go

@@ -0,0 +1,176 @@
+// Copyright Envoy AI Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package e2e
+
+import (
+	"context"
+	"crypto/rsa"
+	"encoding/base64"
+	"fmt"
+	"math/big"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/modelcontextprotocol/go-sdk/mcp"
+	"github.com/stretchr/testify/require"
+
+	"github.com/envoyproxy/ai-gateway/tests/internal/e2elib"
+	"github.com/envoyproxy/ai-gateway/tests/internal/testmcp"
+)
+
+// bearerTokenTransport injects a bearer token into outgoing requests.
+type bearerTokenTransport struct {
+	token string
+	base  http.RoundTripper
+}
+
+// RoundTrip implements [http.RoundTripper.RoundTrip].
+func (t *bearerTokenTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	base := t.base
+	if base == nil {
+		base = http.DefaultTransport
+	}
+	req.Header.Set("Authorization", "Bearer "+t.token)
+	return base.RoundTrip(req)
+}
+
+func TestMCPRouteAuthorization(t *testing.T) {
+	const manifest = "testdata/mcp_route_authorization.yaml"
+	require.NoError(t, e2elib.KubectlApplyManifest(t.Context(), manifest))
+	t.Cleanup(func() {
+		_ = e2elib.KubectlDeleteManifest(context.Background(), manifest)
+	})
+
+	const egSelector = "gateway.envoyproxy.io/owning-gateway-name=mcp-gateway-authorization"
+	e2elib.RequireWaitForGatewayPodReady(t, egSelector)
+
+	fwd := e2elib.RequireNewHTTPPortForwarder(t, e2elib.EnvoyGatewayNamespace, egSelector, e2elib.EnvoyGatewayDefaultServicePort)
+	defer fwd.Kill()
+
+	client := mcp.NewClient(&mcp.Implementation{Name: "demo-http-client", Version: "0.1.0"}, nil)
+
+	t.Run("allow rules with matching scopes", func(t *testing.T) {
+		token := makeSignedJWT(t, "echo", "sum")
+		authHTTPClient := &http.Client{
+			Timeout: 10 * time.Second,
+			Transport: &bearerTokenTransport{
+				token: token,
+			},
+		}
+		testMCPRouteTools(
+			t.Context(),
+			t,
+			client,
+			fwd.Address(),
+			"/mcp-authorization",
+			testMCPServerAllToolNames("mcp-backend-authorization__"),
+			authHTTPClient,
+			true,
+			true,
+		)
+	})
+
+	t.Run("missing scopes fall back to deny", func(t *testing.T) {
+		// Only includes the sum scope, so the echo tool should be denied.
+		token := makeSignedJWT(t, "sum")
+		authHTTPClient := &http.Client{
+			Timeout: 10 * time.Second,
+			Transport: &bearerTokenTransport{
+				token: token,
+			},
+		}
+
+		ctx, cancel := context.WithTimeout(t.Context(), 30*time.Second)
+		t.Cleanup(cancel)
+
+		var sess *mcp.ClientSession
+		require.Eventually(t, func() bool {
+			var err error
+			sess, err = client.Connect(
+				ctx,
+				&mcp.StreamableClientTransport{
+					Endpoint:   fmt.Sprintf("%s/mcp-authorization", fwd.Address()),
+					HTTPClient: authHTTPClient,
+				}, nil)
+			if err != nil {
+				t.Logf("failed to connect to MCP server: %v", err)
+				return false
+			}
+			return true
+		}, 30*time.Second, 100*time.Millisecond, "failed to connect to MCP server")
+		t.Cleanup(func() {
+			if sess != nil {
+				_ = sess.Close()
+			}
+		})
+
+		_, err := sess.CallTool(ctx, &mcp.CallToolParams{
+			Name:      "mcp-backend-authorization__" + testmcp.ToolEcho.Tool.Name,
+			Arguments: testmcp.ToolEchoArgs{Text: "hello"},
+		})
+		require.Error(t, err)
+		errMsg := strings.ToLower(err.Error())
+		require.True(t, strings.Contains(errMsg, "401") || strings.Contains(errMsg, "authorization"), "unexpected error: %v", err)
+	})
+}
+
+func makeSignedJWT(t *testing.T, scopes ...string) string {
+	t.Helper()
+
+	claims := jwt.MapClaims{
+		"iss":        "https://auth-server.example.com",
+		"aud":        "mcp-test",
+		"sub":        "robin",
+		"client_id":  "my_mcp_gateway",
+		"scope":      strings.Join(scopes, " "),
+		"exp":        time.Now().Add(30 * time.Minute).Unix(),
+		"iat":        time.Now().Unix(),
+		"auth_time":  time.Now().Unix(),
+		"token_type": "Bearer",
+	}
+
+	key := jwkPrivateKey(t)
+	token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
+	token.Header["kid"] = jwkPrivateKeyID
+	signed, err := token.SignedString(key)
+	require.NoError(t, err)
+	return signed
+}
+
+func jwkPrivateKey(t *testing.T) *rsa.PrivateKey {
+	t.Helper()
+
+	mustBigInt := func(val string) *big.Int {
+		bytes, err := base64.RawURLEncoding.DecodeString(val)
+		require.NoError(t, err)
+		return new(big.Int).SetBytes(bytes)
+	}
+
+	key := &rsa.PrivateKey{
+		PublicKey: rsa.PublicKey{
+			N: mustBigInt(jwkN),
+			E: 65537, // AQAB
+		},
+		D: mustBigInt(jwkD),
+		Primes: []*big.Int{
+			mustBigInt(jwkP),
+			mustBigInt(jwkQ),
+		},
+	}
+	key.Precompute()
+	return key
+}
+
+const (
+	jwkPrivateKeyID = "8b267675394d7786f98ae29d8fddf905"
+	jwkN            = "lQiREO6mH0tV14KjhSz02zNaJ1SExS1QjlGoMSbG2-NUeURmvnwg-eY95sDCFpWuH3_ovFyRBGTi0e3j79mrQhM53PZQys-gr-rYGz8LeHp8G6H3XmeDxTvyemhB6uiN4EZkjOo6xT2ipmPEN3u315xPCR60Pwac2E0t4vZGxtU4LGYatIFOYtUvDdMPBLfGMKVapHBzbx9Ll4INEic1fNrAIUVtOn6i3sxzGHj4iGWsMrEUIXDOWEHzioXgPuRjJDRjhHRuEeA9i_Y-a9hY92q6P-dcPnCDLNF3349WDyw7jIMlU6TLM8lQ5ci_TS_0avovXPNECsuOObtT78LJJKLg58ghTnqrihwvSccVgW4M43Ntv7TOAgOsRl-NKY7QQJIbkxemvh14-gzwA6LijMvb0Tjrh6NynKfCIO0ASsMp3K3uks4cYhBALLJ1E41V-cYqdwg0c6Jam0Y4OXxNv_0FfmcsOk8iXdroNgWjBs3KaObMiMvNOKHNWZ4PsEll"
+	jwkD            = "CCv3lFeZmUautsntgGxmIqzOqTBrtUoWTC9zCvrm1YDCDYIwJgq1Xi5_P2tbWRSs_wIq90UWGIkVnNAv-uNTDiTyu8hvxqca1vqIDfpnfRwuOO-pGi6P3Z07XvXfg2tr-Bu0ALwJK-6EwB3hUO-CNZrXBJd_56LLr9qPhQ3e9KEVWu3gUfxzGV06HsZvYOFYxysR7MlTswiiwvR5FgE7YBS4izp80kPGV3QbbYCYlBYLGp52DZ1bWyCGo5ZSpPAt4Az9wdDTzJoTtflLymg8kZ-idQqk2_re214xQgeCuVAHujjC4r3GqSzbQGUqXicd-rbRLenyB22Ul8wyHqY8WtcFrGmHojK8b-W3M9m0-xYkMXmWcllYQuQ0LMP9K8Tl0uMpKsyd0AePItaWa_ft3dAzoBiUZA15X2_Nbbc9WbkmjN0Et8E1RWlrL5fzppbvLUl4mlSKHsLnwgmLx2OROjEnQsfzjMGxV2KhMZXzdvbRPTkaDtq3YT70ZiRIyvRD"
+	jwkP            = "yO5hho-83vQQ3t7HeVeinZClemDazWT5T7f2ZVMigcuyUNQjC69tyMzJ3I_UN5nUCwpKCw5wY8uCeT82o1j-OJC3irxWjAPHkkbsYTNxRnk8ShJ2UFdu5a7MEF82-QuRKciAv11cebEpk5ggf-jQrtTY2yQru0fW0WZB8hz19XywhFQ_mVMMahNHfycfXT2BMaV0wiBFKY8FXKqb5cErsCodcZ_STvqOTykWBaA4AWmJFRqd4i4enpf-MhgtkQK3"
+	jwkQ            = "veD3yFnEOZegVIpIxPqIsj7zazjKRn-io1s3KJxkgaz5ND1o1JwbxiLuUNL9ufkj6cPOVCEHRkjQ2GabHnA0NYci4qRHBWdHhCD7aisS2D60xZAiAVmNZlEGLxRS7gFnyD8uneLILFFMalvJdIccCXzN3c8vPlC_9FlEzaEyDUmWzT_1zZES2GpaYeC73fNg7h-mJ6m-96Y6Wwvlx6YlCRCIPLU7l4kA-jca37T0IMNhobWmg8u4yqvVaqdDhojD"
+)