feat: [ML-1106]: Abstract out authentication and separate out clients (#7)

* add account ID in internal mode
* update how clients are created and passed around
* use auth provider intfc in client
* add internal command
* move client creation out of main.go
* add interface for authentication and implementations for api-key/jwt

Author: vistaarjuneja

client/client.go

@@ -5,22 +5,21 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/harness/harness-mcp/client/ar"
 	"io"
 	"log/slog"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
 
+	"github.com/harness/harness-mcp/pkg/harness/auth"
+
 	"github.com/cenkalti/backoff/v4"
 	"github.com/harness/harness-mcp/client/dto"
 	"github.com/rs/zerolog/log"
 )
 
 var (
-	defaultBaseURL = "https://app.harness.io/"
-
 	// these can be moved to a level above if we want to make this a generic
 	// client, keeping these here to ensure we don't end up returning too much info
 	// when different tools get added.
@@ -43,17 +42,8 @@ type Client struct {
 	// set to a domain endpoint to use with custom Harness installations
 	BaseURL *url.URL
 
-	// API key for authentication
-	// TODO: We can abstract out the auth provider
-	APIKey string
-
-	// Services used for talking to different Harness entities
-	Connectors   *ConnectorService
-	PullRequests *PullRequestService
-	Pipelines    *PipelineService
-	Repositories *RepositoryService
-	Logs         *LogService
-	Registry     *ar.ClientWithResponses
+	// AuthProvider used for authentication
+	AuthProvider auth.Provider
 }
 
 type service struct {
@@ -67,49 +57,19 @@ func defaultHTTPClient() *http.Client {
 }
 
 // NewWithToken creates a new client with the specified base URL and API token
-func NewWithToken(uri, apiKey string) (*Client, error) {
+func NewWithAuthProvider(uri string, authProvider auth.Provider) (*Client, error) {
 	parsedURL, err := url.Parse(uri)
 	if err != nil {
 		return nil, err
 	}
 	c := &Client{
-		client:  defaultHTTPClient(),
-		BaseURL: parsedURL,
-		APIKey:  apiKey,
+		client:       defaultHTTPClient(),
+		BaseURL:      parsedURL,
+		AuthProvider: authProvider,
 	}
-	c.initialize()
 	return c, nil
 }
 
-func (c *Client) initialize() error {
-	if c.client == nil {
-		c.client = defaultHTTPClient()
-	}
-	if c.BaseURL == nil {
-		baseURL, err := url.Parse(defaultBaseURL)
-		if err != nil {
-			return err
-		}
-		c.BaseURL = baseURL
-	}
-
-	c.Connectors = &ConnectorService{client: c}
-	c.PullRequests = &PullRequestService{client: c}
-	c.Pipelines = &PipelineService{client: c}
-	c.Repositories = &RepositoryService{client: c}
-	c.Logs = &LogService{client: c}
-
-	// TODO: Replace it with harness-go-sdk
-	arClient, err := ar.NewClientWithResponses(c.BaseURL.String()+"/har/api/v1", ar.WithHTTPClient(c.client),
-		ar.WithRequestEditorFn(getEditor(c.APIKey)))
-	if err != nil {
-		return err
-	}
-	c.Registry = arClient
-
-	return nil
-}
-
 // Get is a simple helper that builds up the request URL, adding the path and parameters.
 // The response from the request is unmarshalled into the data parameter.
 func (c *Client) Get(
@@ -262,7 +222,14 @@ func (c *Client) PostRaw(
 // Do is a wrapper of http.Client.Do that injects the auth header in the request.
 func (c *Client) Do(r *http.Request) (*http.Response, error) {
 	slog.Debug("Request", "method", r.Method, "url", r.URL.String())
-	r.Header.Add(apiKeyHeader, c.APIKey)
+
+	// set the auth header
+	ctx := r.Context()
+	k, v, err := c.AuthProvider.GetHeader(ctx)
+	if err != nil {
+		return nil, err
+	}
+	r.Header.Set(k, v)
 
 	return c.client.Do(r)
 }
@@ -367,11 +334,3 @@ func setDefaultPagination(opts *dto.PaginationOptions) {
 		}
 	}
 }
-
-// TODO: Remove once we have Client service or we integrate with go-sdk
-func getEditor(token string) func(ctx context.Context, req *http.Request) error {
-	return func(ctx context.Context, req *http.Request) error {
-		req.Header.Set("x-api-key", token)
-		return nil
-	}
-}

client/connectors.go

@@ -1,5 +1,5 @@
 package client
 
 type ConnectorService struct {
-	client *Client
+	Client *Client
 }

client/logs.go

@@ -13,13 +13,13 @@ const (
 
 // LogService handles operations related to pipeline logs
 type LogService struct {
-	client *Client
+	Client *Client
 }
 
 // DownloadLogs fetches a download URL for pipeline execution logs
 func (l *LogService) DownloadLogs(ctx context.Context, scope dto.Scope, planExecutionID string) (string, error) {
 	// First, get the pipeline execution details to determine the prefix format
-	pipelineService := &PipelineService{client: l.client}
+	pipelineService := &PipelineService{Client: l.Client} // TODO: needs to be changed for internal case, we should move this above
 	execution, err := pipelineService.GetExecution(ctx, scope, planExecutionID)
 	if err != nil {
 		return "", fmt.Errorf("failed to get execution details: %w", err)
@@ -53,7 +53,7 @@ func (l *LogService) DownloadLogs(ctx context.Context, scope dto.Scope, planExec
 	response := &dto.LogDownloadResponse{}
 
 	// Make the POST request
-	err = l.client.Post(ctx, logDownloadPath, params, nil, response)
+	err = l.Client.Post(ctx, logDownloadPath, params, nil, response)
 	if err != nil {
 		return "", fmt.Errorf("failed to fetch log download URL: %w", err)
 	}

client/pipelines.go

@@ -3,6 +3,7 @@ package client
 import (
 	"context"
 	"fmt"
+
 	"github.com/harness/harness-mcp/client/dto"
 )
 
@@ -15,7 +16,7 @@ const (
 )
 
 type PipelineService struct {
-	client *Client
+	Client *Client
 }
 
 func (p *PipelineService) Get(ctx context.Context, scope dto.Scope, pipelineID string) (
@@ -32,7 +33,7 @@ func (p *PipelineService) Get(ctx context.Context, scope dto.Scope, pipelineID s
 	response := &dto.Entity[dto.PipelineData]{}
 
 	// Make the GET request
-	err := p.client.Get(ctx, path, params, map[string]string{}, response)
+	err := p.Client.Get(ctx, path, params, map[string]string{}, response)
 	if err != nil {
 		return nil, err
 	}
@@ -75,7 +76,7 @@ func (p *PipelineService) List(
 	response := &dto.ListOutput[dto.PipelineListItem]{}
 
 	// Make the POST request
-	err := p.client.Post(ctx, pipelineListPath, params, requestBody, response)
+	err := p.Client.Post(ctx, pipelineListPath, params, requestBody, response)
 	if err != nil {
 		return nil, err
 	}
@@ -131,7 +132,7 @@ func (p *PipelineService) ListExecutions(
 	response := &dto.ListOutput[dto.PipelineExecution]{}
 
 	// Make the POST request
-	err := p.client.Post(ctx, pipelineExecutionSummaryPath, params, requestBody, response)
+	err := p.Client.Post(ctx, pipelineExecutionSummaryPath, params, requestBody, response)
 	if err != nil {
 		return nil, fmt.Errorf("failed to list pipeline executions: %w", err)
 	}
@@ -155,7 +156,7 @@ func (p *PipelineService) GetExecution(
 	response := &dto.Entity[dto.PipelineExecutionResponse]{}
 
 	// Make the GET request
-	err := p.client.Get(ctx, path, params, map[string]string{}, response)
+	err := p.Client.Get(ctx, path, params, map[string]string{}, response)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get execution details: %w", err)
 	}
@@ -186,7 +187,7 @@ func (p *PipelineService) FetchExecutionURL(
 	urlResponse := &dto.Entity[string]{}
 
 	// Make the POST request
-	err := p.client.Post(ctx, path, params, nil, urlResponse)
+	err := p.Client.Post(ctx, path, params, nil, urlResponse)
 	if err != nil {
 		return "", fmt.Errorf("failed to fetch execution URL: %w", err)
 	}

client/pullrequest.go

@@ -17,7 +17,7 @@ const (
 )
 
 type PullRequestService struct {
-	client *Client
+	Client *Client
 }
 
 func (p *PullRequestService) Get(ctx context.Context, scope dto.Scope, repoID string, prNumber int) (*dto.PullRequest, error) {
@@ -26,7 +26,7 @@ func (p *PullRequestService) Get(ctx context.Context, scope dto.Scope, repoID st
 	addScope(scope, params)
 
 	pr := new(dto.PullRequest)
-	err := p.client.Get(ctx, path, params, nil, pr)
+	err := p.Client.Get(ctx, path, params, nil, pr)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get pull request: %w", err)
 	}
@@ -115,7 +115,7 @@ func (p *PullRequestService) List(ctx context.Context, scope dto.Scope, repoID s
 	}
 
 	var prs []*dto.PullRequest
-	err := p.client.Get(ctx, path, params, nil, &prs)
+	err := p.Client.Get(ctx, path, params, nil, &prs)
 	if err != nil {
 		return nil, fmt.Errorf("failed to list pull requests: %w", err)
 	}
@@ -134,7 +134,7 @@ func (p *PullRequestService) Create(ctx context.Context, scope dto.Scope, repoID
 	}
 
 	pr := new(dto.PullRequest)
-	err := p.client.Post(ctx, path, params, createPR, pr)
+	err := p.Client.Post(ctx, path, params, createPR, pr)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create pull request: %w", err)
 	}
@@ -149,7 +149,7 @@ func (p *PullRequestService) GetChecks(ctx context.Context, scope dto.Scope, rep
 	addScope(scope, params)
 
 	checks := new(dto.PullRequestChecksResponse)
-	err := p.client.Get(ctx, path, params, nil, checks)
+	err := p.Client.Get(ctx, path, params, nil, checks)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get pull request checks: %w", err)
 	}

client/repositories.go

@@ -14,7 +14,7 @@ const (
 )
 
 type RepositoryService struct {
-	client *Client
+	Client *Client
 }
 
 func (r *RepositoryService) Get(ctx context.Context, scope dto.Scope, repoIdentifier string) (*dto.Repository, error) {
@@ -23,7 +23,7 @@ func (r *RepositoryService) Get(ctx context.Context, scope dto.Scope, repoIdenti
 	addScope(scope, params)
 
 	repo := new(dto.Repository)
-	err := r.client.Get(ctx, path, params, nil, repo)
+	err := r.Client.Get(ctx, path, params, nil, repo)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get repository: %w", err)
 	}
@@ -73,7 +73,7 @@ func (r *RepositoryService) List(ctx context.Context, scope dto.Scope, opts *dto
 	}
 
 	var repos []*dto.Repository
-	err := r.client.Get(ctx, path, params, nil, &repos)
+	err := r.Client.Get(ctx, path, params, nil, &repos)
 	if err != nil {
 		return nil, fmt.Errorf("failed to list repositories: %w", err)
 	}

cmd/harness-mcp-server/config/config.go

@@ -1,14 +1,27 @@
 package config
 
 type Config struct {
-	Version          string
+	// Common fields for both modes
+	Version     string
+	ReadOnly    bool
+	Toolsets    []string
+	LogFilePath string
+	Debug       bool
+
+	Internal bool
+
+	// Only used for external mode
 	BaseURL          string
 	AccountID        string
 	DefaultOrgID     string
 	DefaultProjectID string
 	APIKey           string
-	ReadOnly         bool
-	Toolsets         []string
-	LogFilePath      string
-	Debug            bool
+
+	// Only used for internal mode
+	BearerToken        string
+	PipelineSvcBaseURL string
+	PipelineSvcSecret  string
+	NgManagerBaseURL   string
+	NgManagerSecret    string
+	McpSvcSecret       string
 }