address comments

Signed-off-by: Huabing Zhao <[email protected]>

Author: zhaohuabing

api/v1alpha1/mcp_route.go

@@ -272,10 +272,10 @@ type MCPAuthorizationTarget struct {
 
 // MCPAuthorizationSource defines the source of an authorization rule.
 type MCPAuthorizationSource struct {
-	// JWTSource defines the JWT scopes required for this rule to match.
+	// JWT defines the JWT scopes required for this rule to match.
 	//
 	// +kubebuilder:validation:Required
-	JWTSource JWTSource `json:"jwtSource"`
+	JWT JWTSource `json:"jwt"`
 
 	// TODO: JWTSource can be optional in the future when we support more source types.
 }
@@ -295,10 +295,10 @@ type JWTSource struct {
 
 // ToolCall represents a tool call in the MCP authorization target.
 type ToolCall struct {
-	// BackendName is the name of the backend this tool belongs to.
+	// Backend is the name of the backend this tool belongs to.
 	//
 	// +kubebuilder:validation:Required
-	BackendName string `json:"backendName"`
+	Backend string `json:"backend"`
 
 	// ToolName is the name of the tool.
 	//

api/v1alpha1/zz_generated.deepcopy.go

@@ -481,23 +481,23 @@ func mcpConfig(mcpRoutes []aigv1a1.MCPRoute) *filterapi.MCPConfig {
 			}
 
 			for _, rule := range authorization.Rules {
-				scopes := make([]string, len(rule.Source.JWTSource.Scopes))
-				for i, scope := range rule.Source.JWTSource.Scopes {
+				scopes := make([]string, len(rule.Source.JWT.Scopes))
+				for i, scope := range rule.Source.JWT.Scopes {
 					scopes[i] = string(scope)
 				}
 
 				tools := make([]filterapi.ToolCall, len(rule.Target.Tools))
 				for i, tool := range rule.Target.Tools {
 					tools[i] = filterapi.ToolCall{
-						BackendName: tool.BackendName,
-						ToolName:    tool.ToolName,
-						Arguments:   tool.Arguments,
+						Backend:   tool.Backend,
+						ToolName:  tool.ToolName,
+						Arguments: tool.Arguments,
 					}
 				}
 
 				mcpRule := filterapi.MCPRouteAuthorizationRule{
 					Source: filterapi.MCPAuthorizationSource{
-						JWTSource: filterapi.JWTSource{
+						JWT: filterapi.JWTSource{
 							Scopes: scopes,
 						},
 					},

internal/controller/gateway.go

@@ -91,8 +91,8 @@ type MCPAuthorizationTarget struct {
 }
 
 type MCPAuthorizationSource struct {
-	// JWTSource defines the JWT scopes required for this rule to match.
-	JWTSource JWTSource `json:"jwtSource,omitempty"`
+	// JWT defines the JWT scopes required for this rule to match.
+	JWT JWTSource `json:"jwt,omitempty"`
 }
 
 type JWTSource struct {
@@ -102,8 +102,8 @@ type JWTSource struct {
 }
 
 type ToolCall struct {
-	// BackendName is the name of the backend this tool belongs to.
-	BackendName string `json:"backendName"`
+	// Backend is the name of the backend this tool belongs to.
+	Backend string `json:"backend"`
 
 	// ToolName is the name of the tool.
 	ToolName string `json:"toolName"`

internal/filterapi/mcpconfig.go

@@ -31,10 +31,10 @@ type compiledAuthorizationRule struct {
 }
 
 type compiledToolCall struct {
-	BackendName string
-	ToolName    string
-	Expression  string
-	program     cel.Program
+	Backend    string
+	ToolName   string
+	Expression string
+	program    cel.Program
 }
 
 // compileAuthorization compiles the MCPRouteAuthorization into a compiledAuthorization for efficient CEL evaluation.
@@ -61,18 +61,18 @@ func compileAuthorization(auth *filterapi.MCPRouteAuthorization) (*compiledAutho
 		}
 		for _, tool := range rule.Target.Tools {
 			ct := compiledToolCall{
-				BackendName: tool.BackendName,
-				ToolName:    tool.ToolName,
+				Backend:  tool.Backend,
+				ToolName: tool.ToolName,
 			}
 			if tool.Arguments != nil && strings.TrimSpace(*tool.Arguments) != "" {
 				expr := strings.TrimSpace(*tool.Arguments)
 				ast, issues := env.Compile(expr)
 				if issues != nil && issues.Err() != nil {
-					return nil, fmt.Errorf("failed to compile arguments CEL for tool %s/%s: %w", tool.BackendName, tool.ToolName, issues.Err())
+					return nil, fmt.Errorf("failed to compile arguments CEL for tool %s/%s: %w", tool.Backend, tool.ToolName, issues.Err())
 				}
 				program, err := env.Program(ast, cel.CostLimit(10000), cel.EvalOptions(cel.OptOptimize))
 				if err != nil {
-					return nil, fmt.Errorf("failed to build arguments CEL program for tool %s/%s: %w", tool.BackendName, tool.ToolName, err)
+					return nil, fmt.Errorf("failed to build arguments CEL program for tool %s/%s: %w", tool.Backend, tool.ToolName, err)
 				}
 				ct.Expression = expr
 				ct.program = program
@@ -121,7 +121,7 @@ func (m *MCPProxy) authorizeRequest(authorization *compiledAuthorization, header
 			continue
 		}
 
-		requiredScopes := rule.Source.JWTSource.Scopes
+		requiredScopes := rule.Source.JWT.Scopes
 		if scopesSatisfied(scopeSet, requiredScopes) {
 			return true, nil
 		}
@@ -182,7 +182,7 @@ func (m *MCPProxy) toolMatches(backendName, toolName string, tools []compiledToo
 	}
 
 	for _, t := range tools {
-		if t.BackendName != backendName || t.ToolName != toolName {
+		if t.Backend != backendName || t.ToolName != toolName {
 			continue
 		}
 		if t.program == nil {
@@ -191,7 +191,7 @@ func (m *MCPProxy) toolMatches(backendName, toolName string, tools []compiledToo
 
 		result, _, err := t.program.Eval(map[string]any{"args": args})
 		if err != nil {
-			m.l.Error("failed to evaluate arguments CEL", slog.String("backend", t.BackendName), slog.String("tool", t.ToolName), slog.String("error", err.Error()))
+			m.l.Error("failed to evaluate arguments CEL", slog.String("backend", t.Backend), slog.String("tool", t.ToolName), slog.String("error", err.Error()))
 			continue
 		}
 
@@ -205,7 +205,7 @@ func (m *MCPProxy) toolMatches(backendName, toolName string, tools []compiledToo
 				return true
 			}
 		default:
-			m.l.Error("arguments CEL did not return a boolean", slog.String("backend", t.BackendName), slog.String("tool", t.ToolName), slog.String("expression", t.Expression))
+			m.l.Error("arguments CEL did not return a boolean", slog.String("backend", t.Backend), slog.String("tool", t.ToolName), slog.String("expression", t.Expression))
 		}
 	}
 	// If no matching tool entry or no arguments matched, fail.