Merge pull request #16 from ardaguclu/sync-downstream

Sync downstream

Author: ardaguclu

.tekton/openshift-mcp-server-pull-request.yaml

@@ -12,6 +12,7 @@ require (
 	github.com/spf13/afero v1.14.0
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.7
+	golang.org/x/oauth2 v0.30.0
 	golang.org/x/sync v0.16.0
 	helm.sh/helm/v3 v3.18.4
 	k8s.io/api v0.33.3
@@ -116,7 +117,6 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.40.0 // indirect
 	golang.org/x/net v0.42.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
 	golang.org/x/sys v0.34.0 // indirect
 	golang.org/x/term v0.33.0 // indirect
 	golang.org/x/text v0.27.0 // indirect

.tekton/openshift-mcp-server-push.yaml

@@ -1,18 +1,20 @@
-package mcp
+package test
 
 import (
 	"encoding/json"
 	"errors"
 	"io"
+	"net/http"
+	"net/http/httptest"
+
 	v1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/util/httpstream"
 	"k8s.io/apimachinery/pkg/util/httpstream/spdy"
 	"k8s.io/client-go/rest"
-	"net/http"
-	"net/http/httptest"
+	"k8s.io/client-go/tools/clientcmd/api"
 )
 
 type MockServer struct {
@@ -51,7 +53,26 @@ func (m *MockServer) Handle(handler http.Handler) {
 	m.restHandlers = append(m.restHandlers, handler.ServeHTTP)
 }
 
-func writeObject(w http.ResponseWriter, obj runtime.Object) {
+func (m *MockServer) Config() *rest.Config {
+	return m.config
+}
+
+func (m *MockServer) KubeConfig() *api.Config {
+	fakeConfig := api.NewConfig()
+	fakeConfig.Clusters["fake"] = api.NewCluster()
+	fakeConfig.Clusters["fake"].Server = m.config.Host
+	fakeConfig.Clusters["fake"].CertificateAuthorityData = m.config.CAData
+	fakeConfig.AuthInfos["fake"] = api.NewAuthInfo()
+	fakeConfig.AuthInfos["fake"].ClientKeyData = m.config.KeyData
+	fakeConfig.AuthInfos["fake"].ClientCertificateData = m.config.CertData
+	fakeConfig.Contexts["fake-context"] = api.NewContext()
+	fakeConfig.Contexts["fake-context"].Cluster = "fake"
+	fakeConfig.Contexts["fake-context"].AuthInfo = "fake"
+	fakeConfig.CurrentContext = "fake-context"
+	return fakeConfig
+}
+
+func WriteObject(w http.ResponseWriter, obj runtime.Object) {
 	w.Header().Set("Content-Type", runtime.ContentTypeJSON)
 	if err := json.NewEncoder(w).Encode(obj); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -63,11 +84,11 @@ type streamAndReply struct {
 	replySent <-chan struct{}
 }
 
-type streamContext struct {
-	conn         io.Closer
-	stdinStream  io.ReadCloser
-	stdoutStream io.WriteCloser
-	stderrStream io.WriteCloser
+type StreamContext struct {
+	Closer       io.Closer
+	StdinStream  io.ReadCloser
+	StdoutStream io.WriteCloser
+	StderrStream io.WriteCloser
 	writeStatus  func(status *apierrors.StatusError) error
 }
 
@@ -87,20 +108,20 @@ func v4WriteStatusFunc(stream io.Writer) func(status *apierrors.StatusError) err
 		return err
 	}
 }
-func createHTTPStreams(w http.ResponseWriter, req *http.Request, opts *StreamOptions) (*streamContext, error) {
+func CreateHTTPStreams(w http.ResponseWriter, req *http.Request, opts *StreamOptions) (*StreamContext, error) {
 	_, err := httpstream.Handshake(req, w, []string{"v4.channel.k8s.io"})
 	if err != nil {
 		return nil, err
 	}
 
 	upgrader := spdy.NewResponseUpgrader()
 	streamCh := make(chan streamAndReply)
-	conn := upgrader.UpgradeResponse(w, req, func(stream httpstream.Stream, replySent <-chan struct{}) error {
+	connection := upgrader.UpgradeResponse(w, req, func(stream httpstream.Stream, replySent <-chan struct{}) error {
 		streamCh <- streamAndReply{Stream: stream, replySent: replySent}
 		return nil
 	})
-	ctx := &streamContext{
-		conn: conn,
+	ctx := &StreamContext{
+		Closer: connection,
 	}
 
 	// wait for stream
@@ -128,13 +149,13 @@ WaitForStreams:
 				ctx.writeStatus = v4WriteStatusFunc(stream)
 			case v1.StreamTypeStdout:
 				replyChan <- struct{}{}
-				ctx.stdoutStream = stream
+				ctx.StdoutStream = stream
 			case v1.StreamTypeStdin:
 				replyChan <- struct{}{}
-				ctx.stdinStream = stream
+				ctx.StdinStream = stream
 			case v1.StreamTypeStderr:
 				replyChan <- struct{}{}
-				ctx.stderrStream = stream
+				ctx.StderrStream = stream
 			default:
 				// add other stream ...
 				return nil, errors.New("unimplemented stream type")

go.mod

@@ -19,12 +19,33 @@ type StaticConfig struct {
 	// When true, expose only tools annotated with readOnlyHint=true
 	ReadOnly bool `toml:"read_only,omitempty"`
 	// When true, disable tools annotated with destructiveHint=true
-	DisableDestructive   bool     `toml:"disable_destructive,omitempty"`
-	EnabledTools         []string `toml:"enabled_tools,omitempty"`
-	DisabledTools        []string `toml:"disabled_tools,omitempty"`
-	RequireOAuth         bool     `toml:"require_oauth,omitempty"`
-	AuthorizationURL     string   `toml:"authorization_url,omitempty"`
-	JwksURL              string   `toml:"jwks_url,omitempty"`
+	DisableDestructive bool     `toml:"disable_destructive,omitempty"`
+	EnabledTools       []string `toml:"enabled_tools,omitempty"`
+	DisabledTools      []string `toml:"disabled_tools,omitempty"`
+
+	// Authorization-related fields
+	// RequireOAuth indicates whether the server requires OAuth for authentication.
+	RequireOAuth bool `toml:"require_oauth,omitempty"`
+	// OAuthAudience is the valid audience for the OAuth tokens, used for offline JWT claim validation.
+	OAuthAudience string `toml:"oauth_audience,omitempty"`
+	// ValidateToken indicates whether the server should validate the token against the Kubernetes API Server using TokenReview.
+	ValidateToken bool `toml:"validate_token,omitempty"`
+	// AuthorizationURL is the URL of the OIDC authorization server.
+	// It is used for token validation and for STS token exchange.
+	AuthorizationURL string `toml:"authorization_url,omitempty"`
+	// DisableDynamicClientRegistration indicates whether dynamic client registration is disabled.
+	// If true, the .well-known endpoints will not expose the registration endpoint.
+	DisableDynamicClientRegistration bool `toml:"disable_dynamic_client_registration,omitempty"`
+	// OAuthScopes are the supported **client** scopes requested during the **client/frontend** OAuth flow.
+	OAuthScopes []string `toml:"oauth_scopes,omitempty"`
+	// StsClientId is the OAuth client ID used for backend token exchange
+	StsClientId string `toml:"sts_client_id,omitempty"`
+	// StsClientSecret is the OAuth client secret used for backend token exchange
+	StsClientSecret string `toml:"sts_client_secret,omitempty"`
+	// StsAudience is the audience for the STS token exchange.
+	StsAudience string `toml:"sts_audience,omitempty"`
+	// StsScopes is the scopes for the STS token exchange.
+	StsScopes            []string `toml:"sts_scopes,omitempty"`
 	CertificateAuthority string   `toml:"certificate_authority,omitempty"`
 	ServerURL            string   `toml:"server_url,omitempty"`
 }

pkg/mcp/mock_server_test.go renamed to internal/test/mock_server.go

@@ -9,93 +9,131 @@ import (
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/go-jose/go-jose/v4"
 	"github.com/go-jose/go-jose/v4/jwt"
+	"golang.org/x/oauth2"
+	authenticationapiv1 "k8s.io/api/authentication/v1"
 	"k8s.io/klog/v2"
+	"k8s.io/utils/strings/slices"
 
+	"github.com/containers/kubernetes-mcp-server/pkg/config"
 	"github.com/containers/kubernetes-mcp-server/pkg/mcp"
 )
 
-const (
-	Audience = "kubernetes-mcp-server"
-)
+type KubernetesApiTokenVerifier interface {
+	// KubernetesApiVerifyToken TODO: clarify proper implementation
+	KubernetesApiVerifyToken(ctx context.Context, token, audience string) (*authenticationapiv1.UserInfo, []string, error)
+}
 
-// AuthorizationMiddleware validates the OAuth flow using Kubernetes TokenReview API
-func AuthorizationMiddleware(requireOAuth bool, serverURL string, oidcProvider *oidc.Provider, mcpServer *mcp.Server) func(http.Handler) http.Handler {
+// AuthorizationMiddleware validates the OAuth flow for protected resources.
+//
+// The flow is skipped for unprotected resources, such as health checks and well-known endpoints.
+//
+//	There are several auth scenarios supported by this middleware:
+//
+//	 1. requireOAuth is false:
+//
+//	    - The OAuth flow is skipped, and the server is effectively unprotected.
+//	    - The request is passed to the next handler without any validation.
+//
+//	    see TestAuthorizationRequireOAuthFalse
+//
+//	 2. requireOAuth is set to true, server is protected:
+//
+//	    2.1. Raw Token Validation (oidcProvider is nil):
+//	         - The token is validated offline for basic sanity checks (expiration).
+//	         - If OAuthAudience is set, the token is validated against the audience.
+//	         - If ValidateToken is set, the token is then used against the Kubernetes API Server for TokenReview.
+//
+//	         see TestAuthorizationRawToken
+//
+//	    2.2. OIDC Provider Validation (oidcProvider is not nil):
+//	         - The token is validated offline for basic sanity checks (audience and expiration).
+//	         - If OAuthAudience is set, the token is validated against the audience.
+//	         - The token is then validated against the OIDC Provider.
+//	         - If ValidateToken is set, the token is then used against the Kubernetes API Server for TokenReview.
+//
+//	         see TestAuthorizationOidcToken
+//
+//	    2.3. OIDC Token Exchange (oidcProvider is not nil, StsClientId and StsAudience are set):
+//	         - The token is validated offline for basic sanity checks (audience and expiration).
+//	         - If OAuthAudience is set, the token is validated against the audience.
+//	         - The token is then validated against the OIDC Provider.
+//	         - If the token is valid, an external account token exchange is performed using
+//	           the OIDC Provider to obtain a new token with the specified audience and scopes.
+//	         - If ValidateToken is set, the exchanged token is then used against the Kubernetes API Server for TokenReview.
+//
+//	         see TestAuthorizationOidcTokenExchange
+func AuthorizationMiddleware(staticConfig *config.StaticConfig, oidcProvider *oidc.Provider, verifier KubernetesApiTokenVerifier) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-			if r.URL.Path == healthEndpoint || r.URL.Path == oauthProtectedResourceEndpoint {
+			if r.URL.Path == healthEndpoint || slices.Contains(WellKnownEndpoints, r.URL.EscapedPath()) {
 				next.ServeHTTP(w, r)
 				return
 			}
-			if !requireOAuth {
+			if !staticConfig.RequireOAuth {
 				next.ServeHTTP(w, r)
 				return
 			}
 
-			audience := Audience
-			if serverURL != "" {
-				audience = serverURL
+			wwwAuthenticateHeader := "Bearer realm=\"Kubernetes MCP Server\""
+			if staticConfig.OAuthAudience != "" {
+				wwwAuthenticateHeader += fmt.Sprintf(`, audience="%s"`, staticConfig.OAuthAudience)
 			}
 
 			authHeader := r.Header.Get("Authorization")
 			if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
 				klog.V(1).Infof("Authentication failed - missing or invalid bearer token: %s %s from %s", r.Method, r.URL.Path, r.RemoteAddr)
 
-				if serverURL == "" {
-					w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Bearer realm="Kubernetes MCP Server", audience="%s", error="missing_token"`, audience))
-				} else {
-					w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Bearer realm="Kubernetes MCP Server", audience="%s"", resource_metadata="%s%s", error="missing_token"`, audience, serverURL, oauthProtectedResourceEndpoint))
-				}
+				w.Header().Set("WWW-Authenticate", wwwAuthenticateHeader+", error=\"missing_token\"")
 				http.Error(w, "Unauthorized: Bearer token required", http.StatusUnauthorized)
 				return
 			}
 
 			token := strings.TrimPrefix(authHeader, "Bearer ")
 
-			// Validate the token offline for simple sanity check
-			// Because missing expected audience and expired tokens must be
-			// rejected already.
 			claims, err := ParseJWTClaims(token)
-			if err == nil && claims != nil {
-				err = claims.Validate(r.Context(), audience, oidcProvider)
+			if err == nil && claims == nil {
+				// Impossible case, but just in case
+				err = fmt.Errorf("failed to parse JWT claims from token")
 			}
-			if err != nil {
-				klog.V(1).Infof("Authentication failed - JWT validation error: %s %s from %s, error: %v", r.Method, r.URL.Path, r.RemoteAddr, err)
-
-				if serverURL == "" {
-					w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Bearer realm="Kubernetes MCP Server", audience="%s", error="invalid_token"`, audience))
-				} else {
-					w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Bearer realm="Kubernetes MCP Server", audience="%s"", resource_metadata="%s%s", error="invalid_token"`, audience, serverURL, oauthProtectedResourceEndpoint))
+			// Offline validation
+			if err == nil {
+				err = claims.ValidateOffline(staticConfig.OAuthAudience)
+			}
+			// Online OIDC provider validation
+			if err == nil {
+				err = claims.ValidateWithProvider(r.Context(), staticConfig.OAuthAudience, oidcProvider)
+			}
+			// Scopes propagation, they are likely to be used for authorization.
+			if err == nil {
+				scopes := claims.GetScopes()
+				klog.V(2).Infof("JWT token validated - Scopes: %v", scopes)
+				r = r.WithContext(context.WithValue(r.Context(), mcp.TokenScopesContextKey, scopes))
+			}
+			// Token exchange with OIDC provider
+			sts := NewFromConfig(staticConfig, oidcProvider)
+			// TODO: Maybe the token had already been exchanged, if it has the right audience and scopes, we can skip this step.
+			if err == nil && sts.IsEnabled() {
+				var exchangedToken *oauth2.Token
+				// If the token is valid, we can exchange it for a new token with the specified audience and scopes.
+				exchangedToken, err = sts.ExternalAccountTokenExchange(r.Context(), &oauth2.Token{
+					AccessToken: claims.Token,
+					TokenType:   "Bearer",
+				})
+				if err == nil {
+					// Replace the original token with the exchanged token
+					token = exchangedToken.AccessToken
+					claims, err = ParseJWTClaims(token)
+					r.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) // TODO: Implement test to verify, THIS IS A CRITICAL PART
 				}
-				http.Error(w, "Unauthorized: Invalid token", http.StatusUnauthorized)
-				return
 			}
-
-			// Scopes are likely to be used for authorization.
-			scopes := claims.GetScopes()
-			klog.V(2).Infof("JWT token validated - Scopes: %v", scopes)
-			r = r.WithContext(context.WithValue(r.Context(), mcp.TokenScopesContextKey, scopes))
-
-			// Now, there are a couple of options:
-			// 1. If there is no authorization url configured for this MCP Server,
-			// that means this token will be used against the Kubernetes API Server.
-			// So that we need to validate the token using Kubernetes TokenReview API beforehand.
-			// 2. If there is an authorization url configured for this MCP Server,
-			// that means up to this point, the token is validated against the OIDC Provider already.
-			// 2. a. If this is the only token in the headers, this validated token
-			// is supposed to be used against the Kubernetes API Server as well. Therefore,
-			// TokenReview request must succeed.
-			// 2. b. If this is not the only token in the headers, the token in here is used
-			// only for authentication and authorization. Therefore, we need to send TokenReview request
-			// with the other token in the headers (TODO: still need to validate aud and exp of this token separately).
-			_, _, err = mcpServer.VerifyTokenAPIServer(r.Context(), token, audience)
+			// Kubernetes API Server TokenReview validation
+			if err == nil && staticConfig.ValidateToken {
+				err = claims.ValidateWithKubernetesApi(r.Context(), staticConfig.OAuthAudience, verifier)
+			}
 			if err != nil {
-				klog.V(1).Infof("Authentication failed - API Server token validation error: %s %s from %s, error: %v", r.Method, r.URL.Path, r.RemoteAddr, err)
+				klog.V(1).Infof("Authentication failed - JWT validation error: %s %s from %s, error: %v", r.Method, r.URL.Path, r.RemoteAddr, err)
 
-				if serverURL == "" {
-					w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Bearer realm="Kubernetes MCP Server", audience="%s", error="invalid_token"`, audience))
-				} else {
-					w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Bearer realm="Kubernetes MCP Server", audience="%s"", resource_metadata="%s%s", error="invalid_token"`, audience, serverURL, oauthProtectedResourceEndpoint))
-				}
+				w.Header().Set("WWW-Authenticate", wwwAuthenticateHeader+", error=\"invalid_token\"")
 				http.Error(w, "Unauthorized: Invalid token", http.StatusUnauthorized)
 				return
 			}
@@ -134,16 +172,24 @@ func (c *JWTClaims) GetScopes() []string {
 	return strings.Fields(c.Scope)
 }
 
-// Validate Checks if the JWT claims are valid and if the audience matches the expected one.
-func (c *JWTClaims) Validate(ctx context.Context, audience string, provider *oidc.Provider) error {
-	if err := c.Claims.Validate(jwt.Expected{AnyAudience: jwt.Audience{audience}}); err != nil {
+// ValidateOffline Checks if the JWT claims are valid and if the audience matches the expected one.
+func (c *JWTClaims) ValidateOffline(audience string) error {
+	expected := jwt.Expected{}
+	if audience != "" {
+		expected.AnyAudience = jwt.Audience{audience}
+	}
+	if err := c.Validate(expected); err != nil {
 		return fmt.Errorf("JWT token validation error: %v", err)
 	}
+	return nil
+}
+
+// ValidateWithProvider validates the JWT claims against the OIDC provider.
+func (c *JWTClaims) ValidateWithProvider(ctx context.Context, audience string, provider *oidc.Provider) error {
 	if provider != nil {
 		verifier := provider.Verifier(&oidc.Config{
 			ClientID: audience,
 		})
-
 		_, err := verifier.Verify(ctx, c.Token)
 		if err != nil {
 			return fmt.Errorf("OIDC token validation error: %v", err)
@@ -152,6 +198,16 @@ func (c *JWTClaims) Validate(ctx context.Context, audience string, provider *oid
 	return nil
 }
 
+func (c *JWTClaims) ValidateWithKubernetesApi(ctx context.Context, audience string, verifier KubernetesApiTokenVerifier) error {
+	if verifier != nil {
+		_, _, err := verifier.KubernetesApiVerifyToken(ctx, c.Token, audience)
+		if err != nil {
+			return fmt.Errorf("kubernetes API token validation error: %v", err)
+		}
+	}
+	return nil
+}
+
 func ParseJWTClaims(token string) (*JWTClaims, error) {
 	tkn, err := jwt.ParseSigned(token, allSignatureAlgorithms)
 	if err != nil {