Skip to content

Commit d97785f

Browse files
ChrisJBurnsChrisJBurns
authored
ports inline oidc config auth-configmap e2e test to int test (#2644)
Signed-off-by: Chris Burns <29541485+ChrisJBurns@users.noreply.github.com>
1 parent a5a29dc commit d97785f

File tree

5 files changed

+110
-222
lines changed

5 files changed

+110
-222
lines changed

cmd/thv-operator/test-integration/mcp-server/mcpserver_runconfig_integration_test.go

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -547,5 +547,115 @@ var _ = Describe("RunConfig ConfigMap Integration Tests", func() {
547547
Expect(runConfig.CmdArgs).To(Equal([]string{"--arg1", "--arg2", "--arg3"}))
548548
Expect(runConfig.ToolsFilter).To(Equal([]string{"tool3", "tool1", "tool2"}))
549549
})
550+
551+
It("Should handle MCPServer with OIDC authentication configuration", func() {
552+
namespace := "oidc-test-ns"
553+
mcpServerName := "oidc-server"
554+
configMapName := mcpServerName + "-runconfig"
555+
556+
// Create namespace
557+
ns := &corev1.Namespace{
558+
ObjectMeta: metav1.ObjectMeta{
559+
Name: namespace,
560+
},
561+
}
562+
_ = k8sClient.Create(ctx, ns)
563+
564+
// Create MCPServer with OIDC configuration
565+
mcpServer := &mcpv1alpha1.MCPServer{
566+
ObjectMeta: metav1.ObjectMeta{
567+
Name: mcpServerName,
568+
Namespace: namespace,
569+
},
570+
Spec: mcpv1alpha1.MCPServerSpec{
571+
Image: "auth/mcp-server:latest",
572+
Transport: "stdio",
573+
ProxyPort: 8080,
574+
OIDCConfig: &mcpv1alpha1.OIDCConfigRef{
575+
Type: "inline",
576+
Inline: &mcpv1alpha1.InlineOIDCConfig{
577+
Issuer: "https://auth.example.com",
578+
Audience: "toolhive-api",
579+
JWKSURL: "https://auth.example.com/.well-known/jwks.json",
580+
IntrospectionURL: "https://auth.example.com/oauth/introspect",
581+
ClientID: "toolhive-client",
582+
ClientSecret: "secret123",
583+
JWKSAllowPrivateIP: true,
584+
},
585+
},
586+
},
587+
}
588+
589+
Expect(k8sClient.Create(ctx, mcpServer)).Should(Succeed())
590+
defer k8sClient.Delete(ctx, mcpServer)
591+
592+
// Wait for ConfigMap to be created
593+
configMap := &corev1.ConfigMap{}
594+
Eventually(func() error {
595+
return k8sClient.Get(ctx, types.NamespacedName{
596+
Name: configMapName,
597+
Namespace: namespace,
598+
}, configMap)
599+
}, timeout, interval).Should(Succeed())
600+
601+
// Verify ConfigMap has the expected label
602+
Expect(configMap.Labels).To(HaveKeyWithValue("toolhive.stacklok.io/mcp-server", mcpServerName))
603+
604+
// Verify ConfigMap data contains runconfig.json
605+
Expect(configMap.Data).To(HaveKey("runconfig.json"))
606+
runConfigJSON := configMap.Data["runconfig.json"]
607+
Expect(runConfigJSON).NotTo(BeEmpty())
608+
609+
// Parse and verify RunConfig content
610+
var runConfig runner.RunConfig
611+
err := json.Unmarshal([]byte(runConfigJSON), &runConfig)
612+
Expect(err).NotTo(HaveOccurred())
613+
614+
// Verify OIDC configuration
615+
Expect(runConfig.OIDCConfig).NotTo(BeNil())
616+
Expect(runConfig.OIDCConfig.Issuer).To(Equal("https://auth.example.com"))
617+
Expect(runConfig.OIDCConfig.Audience).To(Equal("toolhive-api"))
618+
Expect(runConfig.OIDCConfig.JWKSURL).To(Equal("https://auth.example.com/.well-known/jwks.json"))
619+
Expect(runConfig.OIDCConfig.IntrospectionURL).To(Equal("https://auth.example.com/oauth/introspect"))
620+
Expect(runConfig.OIDCConfig.ClientID).To(Equal("toolhive-client"))
621+
Expect(runConfig.OIDCConfig.ClientSecret).To(Equal("secret123"))
622+
Expect(runConfig.OIDCConfig.AllowPrivateIP).To(BeTrue())
623+
624+
// Verify fields that should be empty/nil
625+
Expect(runConfig.OIDCConfig.CACertPath).To(BeEmpty())
626+
Expect(runConfig.OIDCConfig.AuthTokenFile).To(BeEmpty())
627+
628+
// Verify middleware_configs includes auth middleware
629+
Expect(runConfig.MiddlewareConfigs).NotTo(BeEmpty())
630+
631+
// Find the auth middleware
632+
authMiddlewareFound := false
633+
for _, middleware := range runConfig.MiddlewareConfigs {
634+
if middleware.Type == "auth" {
635+
authMiddlewareFound = true
636+
637+
// Verify auth middleware has the OIDC config
638+
var params map[string]interface{}
639+
err := json.Unmarshal(middleware.Parameters, &params)
640+
Expect(err).NotTo(HaveOccurred(), "Failed to unmarshal auth middleware parameters")
641+
642+
if oidcConfigMap, exists := params["oidc_config"]; exists && oidcConfigMap != nil {
643+
oidcConfig, ok := oidcConfigMap.(map[string]interface{})
644+
Expect(ok).To(BeTrue(), "oidc_config should be a map")
645+
Expect(oidcConfig["Issuer"]).To(Equal("https://auth.example.com"))
646+
Expect(oidcConfig["Audience"]).To(Equal("toolhive-api"))
647+
Expect(oidcConfig["JWKSURL"]).To(Equal("https://auth.example.com/.well-known/jwks.json"))
648+
Expect(oidcConfig["IntrospectionURL"]).To(Equal("https://auth.example.com/oauth/introspect"))
649+
Expect(oidcConfig["ClientID"]).To(Equal("toolhive-client"))
650+
Expect(oidcConfig["ClientSecret"]).To(Equal("secret123"))
651+
Expect(oidcConfig["AllowPrivateIP"]).To(BeTrue())
652+
} else {
653+
Fail("OIDC config not found in auth middleware parameters")
654+
}
655+
break
656+
}
657+
}
658+
Expect(authMiddlewareFound).To(BeTrue(), "Auth middleware should be present in middleware_configs")
659+
})
550660
})
551661
})

test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/assert-mcpserver-pod-running.yaml

Lines changed: 0 additions & 9 deletions
This file was deleted.

test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/assert-mcpserver-running.yaml

Lines changed: 0 additions & 7 deletions
This file was deleted.

test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/chainsaw-test.yaml

Lines changed: 0 additions & 172 deletions
This file was deleted.

test/e2e/chainsaw/operator/single-tenancy/test-scenarios/auth-configmap/mcpserver-auth.yaml

Lines changed: 0 additions & 34 deletions
This file was deleted.

0 commit comments

Comments
 (0)