chore: [ML-1336]: Added list_secrets tool and e2e test (#153)

* chore: [ML-1336]: Added list_secrets tool and e2e test

Signed-off-by: Saranya-jena <[email protected]>

Author: Saranya-jena

client/dto/secrets.go

@@ -36,3 +36,35 @@ type SecretSpec struct {
 type SecretGetOptions struct {
 	// Add any additional options needed for getting secrets
 }
+
+// ListSecretsResponse represents the response from the list secrets API
+type ListSecretsResponse struct {
+	Status        string             `json:"status"`
+	Data          ListSecretsData    `json:"data"`
+	MetaData      interface{}        `json:"metaData"`
+	CorrelationID string             `json:"correlationId"`
+}
+
+// ListSecretsData represents the data field in the list secrets response
+type ListSecretsData struct {
+	TotalPages    int          `json:"totalPages"`
+	TotalItems    int          `json:"totalItems"`
+	PageItemCount int          `json:"pageItemCount"`
+	PageSize      int          `json:"pageSize"`
+	Content       []SecretData `json:"content"`
+}
+
+// SecretFilterProperties represents the filter properties for listing secrets
+type SecretFilterProperties struct {
+	SecretName                     string            `json:"secretName,omitempty"`
+	SecretIdentifier               string            `json:"secretIdentifier,omitempty"`
+	SecretTypes                    []string          `json:"secretTypes,omitempty"`
+	SecretManagerIdentifiers       []string          `json:"secretManagerIdentifiers,omitempty"`
+	Description                    string            `json:"description,omitempty"`
+	SearchTerm                     string            `json:"searchTerm,omitempty"`
+	IncludeSecretsFromEverySubScope bool             `json:"includeSecretsFromEverySubScope,omitempty"`
+	IncludeAllSecretsAccessibleAtScope bool          `json:"includeAllSecretsAccessibleAtScope,omitempty"`
+	Tags                           map[string]string `json:"tags,omitempty"`
+	Labels                         map[string]string `json:"labels,omitempty"`
+	FilterType                     string            `json:"filterType,omitempty"`
+}

client/secrets.go

@@ -3,12 +3,14 @@ package client
 import (
 	"context"
 	"fmt"
+	"log/slog"
 
 	"github.com/harness/harness-mcp/client/dto"
 )
 
 const (
 	secretsBasePath = "/v2/secrets"
+	listSecretsPath = "/v2/secrets/list/secrets"
 )
 
 // SecretsClient provides methods to interact with the Harness secrets API
@@ -34,3 +36,33 @@ func (c *SecretsClient) GetSecret(ctx context.Context, scope dto.Scope, secretId
 
 	return &response, nil
 }
+
+// ListSecrets retrieves a list of secrets with pagination and filtering options
+func (c *SecretsClient) ListSecrets(ctx context.Context, scope dto.Scope, pageIndex, pageSize int, sortOrders []string, filters dto.SecretFilterProperties) (*dto.ListSecretsResponse, error) {
+	if scope.AccountID == "" {
+		return nil, fmt.Errorf("accountIdentifier cannot be null")
+	}
+
+	params := make(map[string]string)
+	addScope(scope, params)
+
+	// Add pagination parameters
+	params["pageIndex"] = fmt.Sprintf("%d", pageIndex)
+	params["pageSize"] = fmt.Sprintf("%d", pageSize)
+
+	// The API requires filterType in the request body
+	// Ensure filterType is set to "Secret" for listing secrets
+	if filters.FilterType == "" {
+		filters.FilterType = "Secret"
+	}
+	reqBody := filters
+	slog.Info("Request body", "body", reqBody)
+	var response dto.ListSecretsResponse
+	headers := make(map[string]string)
+	err := c.Post(ctx, listSecretsPath, params, reqBody, headers, &response)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list secrets: %w", err)
+	}
+
+	return &response, nil
+}

pkg/harness/tools/secrets.go

@@ -4,8 +4,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	
+
 	"github.com/harness/harness-mcp/client"
+	"github.com/harness/harness-mcp/client/dto"
 	"github.com/harness/harness-mcp/cmd/harness-mcp-server/config"
 	"github.com/mark3labs/mcp-go/mcp"
 	"github.com/mark3labs/mcp-go/server"
@@ -46,3 +47,142 @@ func GetSecretTool(config *config.Config, client *client.SecretsClient) (tool mc
 			return mcp.NewToolResultText(string(r)), nil
 		}
 }
+
+// Secret types supported by the Harness secrets API
+const (
+	SecretTypeSecretFile       = "SecretFile"
+	SecretTypeSecretText       = "SecretText"
+	SecretTypeSSHKey           = "SSHKey"
+	SecretTypeWinRmCredentials = "WinRmCredentials"
+)
+
+// Sort fields for secrets
+const (
+	SortByName       = "name"
+	SortByIdentifier = "identifier"
+	SortByCreated    = "created"
+	SortByUpdated    = "updated"
+)
+
+// ListSecretsTool creates a tool for listing secrets from Harness
+func ListSecretsTool(config *config.Config, client *client.SecretsClient) (tool mcp.Tool, handler server.ToolHandlerFunc) {
+	return mcp.NewTool("list_secrets",
+			mcp.WithDescription("List secrets from Harness with filtering and pagination options."),
+			mcp.WithArray("secret",
+				mcp.WithStringItems(),
+				mcp.Description("Identifier field of secrets"),
+			),
+			mcp.WithArray("type",
+				mcp.WithStringItems(),
+				mcp.Description("Secret types on which the filter will be applied"),
+				mcp.Enum(
+					SecretTypeSecretFile,
+					SecretTypeSecretText,
+					SecretTypeSSHKey,
+					SecretTypeWinRmCredentials,
+				),
+			),
+			mcp.WithBoolean("recursive",
+				mcp.Description("Expand current scope to include all child scopes"),
+			),
+			mcp.WithString("search_term",
+				mcp.Description("Filter resources having attributes matching with search term"),
+			),
+			mcp.WithString("filter_type",
+				mcp.Description("Type of resources to filter"),
+				mcp.Enum(
+					"Secret", "Connector", "DelegateProfile", "Delegate", "PipelineSetup",
+					"PipelineExecution", "Deployment", "Audit", "Template", "Trigger",
+					"EnvironmentGroup", "FileStore", "CCMRecommendation", "Anomaly",
+					"RIInventory", "SPInventory", "Autocud", "CCMConnector",
+					"CCMK8sConnector", "Environment", "RuleExecution", "Override",
+					"InputSet", "Webhook",
+				),
+			),
+			WithScope(config, false),
+			WithPagination(),
+		),
+		func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
+			scope, err := FetchScope(config, request, false)
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			// Get pagination parameters
+			page, size, err := FetchPagination(request)
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			// Get filter parameters
+			secretIds, err := OptionalAnyArrayParam(request, "secret")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+			// Convert []any to []string
+			secretIdsStr := make([]string, 0, len(secretIds))
+			for _, id := range secretIds {
+				if str, ok := id.(string); ok {
+					secretIdsStr = append(secretIdsStr, str)
+				}
+			}
+
+			secretTypes, err := OptionalAnyArrayParam(request, "type")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+			// Convert []any to []string
+			secretTypesStr := make([]string, 0, len(secretTypes))
+			for _, t := range secretTypes {
+				if str, ok := t.(string); ok {
+					secretTypesStr = append(secretTypesStr, str)
+				}
+			}
+
+			recursive, err := OptionalParam[bool](request, "recursive")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			searchTerm, err := OptionalParam[string](request, "search_term")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			// Temporarily removing sort orders due to API compatibility issues
+			// We'll revisit this once we have more information about the expected format
+			sortOrders := []string{}
+
+			// Get filter_type parameter
+			filterType, err := OptionalParam[string](request, "filter_type")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			// Create filter properties
+			filters := dto.SecretFilterProperties{
+				SecretTypes:                     secretTypesStr,
+				SearchTerm:                      searchTerm,
+				IncludeSecretsFromEverySubScope: recursive,
+				FilterType:                      filterType,
+			}
+
+			// If secretIds is provided, use the first one as secretIdentifier
+			if len(secretIdsStr) > 0 {
+				filters.SecretIdentifier = secretIdsStr[0]
+			}
+
+			// Call the client to list secrets
+			response, err := client.ListSecrets(ctx, scope, page, size, sortOrders, filters)
+			if err != nil {
+				return nil, fmt.Errorf("failed to list secrets: %w", err)
+			}
+
+			r, err := json.Marshal(response)
+			if err != nil {
+				return nil, fmt.Errorf("failed to marshal list secrets response: %w", err)
+			}
+
+			return mcp.NewToolResultText(string(r)), nil
+		}
+}

pkg/modules/core.go

@@ -494,6 +494,7 @@ func RegisterSecrets(config *config.Config, tsg *toolsets.ToolsetGroup) error {
 	secrets := toolsets.NewToolset("secrets", "Harness Secrets related tools").
 		AddReadTools(
 			toolsets.NewServerTool(tools.GetSecretTool(config, secretsClient)),
+			toolsets.NewServerTool(tools.ListSecretsTool(config, secretsClient)),
 		)
 
 	// Add toolset to the group

test/e2e/secrets_test.go

@@ -0,0 +1,136 @@
+//go:build e2e
+
+package e2e
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"testing"
+
+	"github.com/harness/harness-mcp/client/dto"
+	"github.com/mark3labs/mcp-go/mcp"
+	"github.com/stretchr/testify/require"
+)
+
+// TestListSecretsTools verifies that the list_secrets tool is available
+func TestListSecretsTools(t *testing.T) {
+	t.Parallel()
+
+	mcpClient := setupMCPClient(t)
+	ctx := context.Background()
+
+	// List available tools
+	request := mcp.ListToolsRequest{}
+	response, err := mcpClient.ListTools(ctx, request)
+	require.NoError(t, err, "expected to list tools successfully")
+
+	// Check that secrets tools are available and get their actual names
+	var foundSecretsTools = make(map[string]string)
+	secretsToolPatterns := []string{
+		"list_secrets",
+		"get_secret",
+	}
+
+	// Print all available tools
+	fmt.Println("Available tools:")
+	for _, tool := range response.Tools {
+		fmt.Printf("- %s\n", tool.Name)
+
+		// Check if this tool matches any of our patterns
+		for _, pattern := range secretsToolPatterns {
+			if tool.Name == pattern {
+				foundSecretsTools[pattern] = tool.Name
+				break
+			}
+		}
+	}
+
+	// Print what we found
+	fmt.Println("Found secrets tools:")
+	for pattern, actualName := range foundSecretsTools {
+		fmt.Printf("- %s -> %s\n", pattern, actualName)
+	}
+
+	// Check if we found the list_secrets tool
+	require.Contains(t, foundSecretsTools, "list_secrets", "expected to find list_secrets tool")
+}
+
+// TestListSecrets verifies that the list_secrets tool works correctly with the filter_type parameter
+// and then calls get_secret on the first secret found
+func TestListSecrets(t *testing.T) {
+	t.Parallel()
+
+	mcpClient := setupMCPClient(t)
+	ctx := context.Background()
+	accountID := getE2EAccountID(t)
+
+	// Call the list_secrets tool with filter_type parameter
+	listRequest := mcp.CallToolRequest{}
+	listRequest.Params.Name = "list_secrets"
+	listRequest.Params.Arguments = map[string]any{
+		"accountIdentifier": accountID,
+		"page_index":        0,
+		"page_size":         10,
+		"filter_type":       "Secret", // Testing the filter_type parameter
+	}
+
+	listResponse, err := mcpClient.CallTool(ctx, listRequest)
+	require.NoError(t, err, "expected to call 'list_secrets' tool successfully")
+	if listResponse.IsError {
+		t.Logf("Error response: %v", listResponse.Content)
+	}
+	require.False(t, listResponse.IsError, "expected result not to be an error")
+
+	// Verify response content
+	require.NotEmpty(t, listResponse.Content, "expected content to not be empty")
+
+	// Parse the response to extract secrets
+	textContent, ok := listResponse.Content[0].(mcp.TextContent)
+	require.True(t, ok, "expected content to be of type TextContent")
+
+	var secretsResponse dto.ListSecretsResponse
+	err = json.Unmarshal([]byte(textContent.Text), &secretsResponse)
+	require.NoError(t, err, "expected to unmarshal response successfully")
+
+	// Verify the response structure
+	require.Equal(t, "SUCCESS", secretsResponse.Status, "expected status to be SUCCESS")
+	t.Logf("Found %d secrets", len(secretsResponse.Data.Content))
+
+	// If we found any secrets, get the first one using get_secret tool
+	if len(secretsResponse.Data.Content) > 0 {
+		firstSecret := secretsResponse.Data.Content[0]
+		secretIdentifier := firstSecret.Secret.Identifier
+		t.Logf("Getting details for secret: %s", secretIdentifier)
+
+		// Call the get_secret tool with the identifier of the first secret
+		getRequest := mcp.CallToolRequest{}
+		getRequest.Params.Name = "get_secret"
+		getRequest.Params.Arguments = map[string]any{
+			"accountIdentifier": accountID,
+			"secret_identifier": secretIdentifier,
+		}
+
+		getResponse, err := mcpClient.CallTool(ctx, getRequest)
+		require.NoError(t, err, "expected to call 'get_secret' tool successfully")
+		require.False(t, getResponse.IsError, "expected get_secret result not to be an error")
+
+		// Verify get_secret response content
+		require.NotEmpty(t, getResponse.Content, "expected get_secret content to not be empty")
+
+		// Parse the get_secret response
+		getTextContent, ok := getResponse.Content[0].(mcp.TextContent)
+		require.True(t, ok, "expected get_secret content to be of type TextContent")
+
+		var getSecretResponse dto.SecretResponse
+		err = json.Unmarshal([]byte(getTextContent.Text), &getSecretResponse)
+		require.NoError(t, err, "expected to unmarshal get_secret response successfully")
+
+		// Verify the get_secret response structure
+		require.Equal(t, "SUCCESS", getSecretResponse.Status, "expected get_secret status to be SUCCESS")
+		require.Equal(t, secretIdentifier, getSecretResponse.Data.Secret.Identifier, "expected get_secret to return the requested secret")
+		t.Logf("Successfully retrieved secret: %s (Type: %s)", getSecretResponse.Data.Secret.Name, getSecretResponse.Data.Secret.Type)
+	} else {
+		t.Log("No secrets found, skipping get_secret test")
+	}
+}