redhat-ai-tools
diff --git a/‎CLAUDE.md
Lines changed: 31 additions & 3 deletions b/‎CLAUDE.md
Lines changed: 31 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 39 additions & 1 deletion b/‎README.md
Lines changed: 39 additions & 1 deletion
diff --git a/‎go.mod
Lines changed: 14 additions & 13 deletions b/‎go.mod
Lines changed: 14 additions & 13 deletions
@@ -4,7 +4,7 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
 
 ## Project Overview
 
-This is a Model Context Protocol (MCP) server for ROSA HCP (Red Hat OpenShift Service on AWS using Hosted Control Planes) written in Go. It enables AI assistants to integrate with Red Hat Managed OpenShift services through 5 core tools: `whoami`, `get_clusters`, `get_cluster`, `create_rosa_hcp_cluster`, and `get_rosa_hcp_prerequisites_guide`.
+This is a Model Context Protocol (MCP) server for ROSA HCP (Red Hat OpenShift Service on AWS using Hosted Control Planes) written in Go. It enables AI assistants to integrate with Red Hat Managed OpenShift services through 6 core tools: `whoami`, `get_clusters`, `get_cluster`, `create_rosa_hcp_cluster`, `get_rosa_hcp_prerequisites_guide`, and `setup_htpasswd_identity_provider`.
 
 ## Build and Development Commands
 
@@ -50,13 +50,18 @@ The codebase follows the Model Context Protocol (MCP) server pattern with clear
 
 **MCP Layer (`pkg/mcp/`):**
 - `server.go` - Main MCP server implementation, handles transport (stdio/SSE) and authentication
-- `tools.go` - Implements all 4 ROSA HCP tools with parameter validation and OCM client interaction
+- `tools.go` - Implements all 6 ROSA HCP tools with parameter validation and OCM client interaction
 - `formatters.go` - Human-readable response formatters (not JSON) for AI assistant consumption
 - `profiles.go` - Tool profile system for selective tool exposure (currently default profile only)
 
 **OCM Integration (`pkg/ocm/`):**
 - `client.go` - OCM SDK wrapper with authenticated connections and structured error handling
 - `auth.go` - Transport-agnostic token extraction (SSE headers vs stdio environment variables)
+- `htpasswd.go` - HTPasswd identity provider setup methods using ROSA CLI patterns
+
+**ROSA CLI Integration (`pkg/htpasswd/`):**
+- `validation.go` - Username, password, and IDP name validation copied from ROSA CLI
+- `validation_test.go` - Comprehensive test suite for all validation functions
 
 **Configuration (`pkg/config/`):**
 - `config.go` - TOML configuration file support with CLI flag overrides
@@ -87,14 +92,37 @@ Each tool follows this pattern:
 
 All responses are human-readable formatted strings (not JSON) designed for AI assistant consumption. Each tool has a dedicated formatter in `formatters.go` that structures the output consistently.
 
+### ROSA CLI Integration
+
+The HTPasswd identity provider implementation (`setup_htpasswd_identity_provider` tool) integrates directly with ROSA CLI libraries and patterns:
+
+**External Dependencies:**
+- `github.com/openshift-online/ocm-common` v0.0.25 - Password validation and HTPasswd hashing utilities
+
+**ROSA CLI Function Integration (~70% code reuse):**
+- `UsernameValidator()` - Username format validation (no /, :, % characters)
+- `clusterAdminValidator()` - Reserved username check (prevents "cluster-admin")
+- `ValidateIdpName()` - IDP name validation with regex pattern matching
+- `ProcessUserInput()` - Simplified to handle only users array format
+
+**Validation Flow:**
+1. IDP name validation using ROSA CLI regex patterns
+2. Username/password validation with ROSA CLI rules
+3. Password hashing with `ocm-common` utilities (always hash passwords)
+4. OCM API integration following ROSA CLI error handling patterns
+
+**Input Format (Simplified):**
+- Users array format: `["user1:password1", "user2:password2"]` (required parameter)
+- Removed backward compatibility for single user and htpasswd file formats for better consistency
+
 ## Development Notes
 
 - The project uses `github.com/mark3labs/mcp-go` v0.37.0+ as the MCP framework
 - OCM integration via `github.com/openshift-online/ocm-sdk-go`
 - Configuration supports CLI flags, environment variables, and TOML files
 - Uses glog for structured logging throughout the OCM SDK integration
 - OCM client supports configurable client ID (defaults to "cloud-services")
-- Only the `pkg/ocm` package currently has test coverage focusing on authentication logic
+- Test coverage includes `pkg/ocm` (authentication logic) and `pkg/htpasswd` (ROSA CLI validation functions)
 - The server binary is built to `rosa-mcp-server` in the project root
 
 ## Container and OpenShift Deployment
 
@@ -4,7 +4,8 @@ A Model Context Protocol (MCP) server for ROSA HCP (Red Hat OpenShift Service on
 
 ## Features
 
-- **5 Core Tools**: `whoami`, `get_clusters`, `get_cluster`, `create_rosa_hcp_cluster`, `get_rosa_hcp_prerequisites_guide`
+- **6 Core Tools**: `whoami`, `get_clusters`, `get_cluster`, `create_rosa_hcp_cluster`, `get_rosa_hcp_prerequisites_guide`, `setup_htpasswd_identity_provider`
+- **ROSA CLI Integration**: HTPasswd identity provider setup using proven ROSA CLI validation and patterns
 - **Dual Transport Support**: stdio and Server-Sent Events (SSE)
 - **OCM API Integration**: Direct integration with OpenShift Cluster Manager
 - **Multi-Region Support**: Configurable AWS regions (default: us-east-1)
@@ -197,6 +198,41 @@ Get the complete workflow prompt for ROSA HCP cluster installation prerequisites
 }
 ```
 
+### 6. setup_htpasswd_identity_provider
+Setup an HTPasswd identity provider for a ROSA HCP cluster with username/password authentication.
+```json
+{
+  "name": "setup_htpasswd_identity_provider",
+  "parameters": {
+    "cluster_id": {
+      "type": "string",
+      "description": "Target cluster identifier",
+      "required": true
+    },
+    "name": {
+      "type": "string",
+      "description": "Identity provider name",
+      "default": "htpasswd"
+    },
+    "mapping_method": {
+      "type": "string",
+      "description": "User mapping method - options: add, claim, generate, lookup",
+      "default": "claim"
+    },
+    "users": {
+      "type": "array",
+      "description": "List of username:password pairs [\"user1:password1\", \"user2:password2\"]",
+      "required": true
+    },
+    "overwrite_existing": {
+      "type": "boolean",
+      "description": "Whether to overwrite if IDP with same name exists",
+      "default": false
+    }
+  }
+}
+```
+
 ## ROSA HCP Prerequisites
 
 Before creating clusters, ensure you have:
@@ -238,9 +274,11 @@ Before creating clusters, ensure you have:
 ├── cmd/rosa-mcp-server/     # Main entry point
 ├── pkg/
 │   ├── config/              # Configuration management
+│   ├── htpasswd/            # HTPasswd validation (ROSA CLI integration)
 │   ├── mcp/                 # MCP server implementation
 │   ├── ocm/                 # OCM API client wrapper
 │   └── version/             # Version information
+├── spec/                    # Implementation specifications
 ├── go.mod                   # Go module definition
 └── README.md               # This file
 ```
 
@@ -4,8 +4,9 @@ go 1.24.4
 
 require (
 	github.com/BurntSushi/toml v1.5.0
-	github.com/golang/glog v1.0.0
+	github.com/golang/glog v1.2.0
 	github.com/mark3labs/mcp-go v0.37.0
+	github.com/openshift-online/ocm-common v0.0.25
 	github.com/openshift-online/ocm-sdk-go v0.1.473
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
@@ -18,36 +19,36 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/css v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/invopop/jsonschema v0.13.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/microcosm-cc/bluemonday v1.0.18 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+	github.com/microcosm-cc/bluemonday v1.0.23 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/openshift-online/ocm-api-model/clientapi v0.0.426 // indirect
 	github.com/openshift-online/ocm-api-model/model v0.0.426 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
 	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
-	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/oauth2 v0.15.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.34.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )