Refactor/typed backend auth strategy #2797
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Large PR Detected
This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.
How to unblock this PR:
Add a section to your PR description with the following format:
## Large PR Justification [Explain why this PR must be large, such as:] - Generated code that cannot be split - Large refactoring that must be atomic - Multiple related changes that would break if separated - Migration or data transformationAlternative:
Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.
See our Contributing Guidelines for more details.
This review will be automatically dismissed once you add the justification section.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@ ## main #2797 +/- ## ========================================== - Coverage 56.57% 56.55% -0.02% ========================================== Files 320 320 Lines 30882 30874 -8 ========================================== - Hits 17470 17460 -10 Misses 11911 11911 - Partials 1501 1503 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
yrobla force-pushed the refactor/typed-backend-auth-strategy branch from d8bebfd to 43e900d Compare 
github-actions bot added size/XL 
jhrozek force-pushed the refactor/typed-backend-auth-strategy branch from 43e900d to 2b4a59e Compare github-actions bot added size/XL 
Create a new leaf package pkg/vmcp/auth/types containing: - Strategy type constants (StrategyTypeUnauthenticated, etc.) - BackendAuthStrategy struct with typed fields (HeaderInjection, TokenExchange) - HeaderInjectionConfig and TokenExchangeConfig structs The Metadata field is retained in BackendAuthStrategy for backward compatibility - all existing code continues to work unchanged. Update all files to import BackendAuthStrategy from auth/types instead of config package. This is a structural refactoring with zero behavior change, preparing for a follow-up PR that will remove the Metadata field.
jhrozek force-pushed the refactor/typed-backend-auth-strategy branch from 2b4a59e to 964e3fd Compare github-actions bot added size/XL Remove the deprecated Metadata map[string]any field from BackendAuthStrategy and migrate all code to use typed fields (HeaderInjection, TokenExchange). Key changes: - Remove Metadata field from authtypes.BackendAuthStrategy - Update Strategy interface to accept *BackendAuthStrategy instead of map - Update all strategies (header_injection, tokenexchange, unauthenticated) - Update converters to return typed BackendAuthStrategy - Change Backend/BackendTarget structs to use AuthConfig instead of AuthStrategy + AuthMetadata - Update ResolveForBackend to return *BackendAuthStrategy - Update all consumers and tests This provides type safety, better IDE support, and eliminates runtime type assertions throughout the auth subsystem.
jhrozek force-pushed the refactor/typed-backend-auth-strategy branch from 964e3fd to 980f0df Compare github-actions bot added size/XL github-actions bot dismissed their stale review Large PR justification has been provided. Thank you!
Contributor
| ✅ Large PR justification has been provided. The size review has been dismissed and this PR can now proceed with normal review. |
jhrozek changed the title 
amirejaz approved these changes Dec 1, 2025
yrobla approved these changes Dec 1, 2025
amirejaz added a commit that referenced this pull request Dec 1, 2025
- Update convertExternalAuthConfigToStrategy to use authtypes.BackendAuthStrategy - Update convertBackendAuthConfigToVMCP to use typed structures - Remove Metadata map usage in favor of typed fields (TokenExchange, HeaderInjection) - This ensures compatibility with the marshaling fix from PR #2797
amirejaz added a commit that referenced this pull request Dec 1, 2025
…alMCPServer This PR implements the core discovery feature that allows VirtualMCPServer to automatically discover ExternalAuthConfig from MCPServers in the group and include them in the outgoing auth configuration. Changes: - Add discoverExternalAuthConfigs() to discover auth configs from MCPServers - Add buildOutgoingAuthConfig() to build outgoing auth with discovery - Add convertExternalAuthConfigToStrategy() to convert CRD to strategy - Add convertBackendAuthConfigToVMCP() to convert backend auth config - Add comprehensive test suite for discovery and conversion logic - Integration with typed BackendAuthStrategy from PR #2797 Note: Secret management for discovered ExternalAuthConfigs will be added in a follow-up PR.
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
remove Metadata field and use typed auth config
Remove the deprecated Metadata map[string]any field from BackendAuthStrategy and migrate all code to use typed fields (HeaderInjection, TokenExchange).
Large PR Justification
This is a refactoring that touches large number of files. I split it into 2 patches for easier review, the first one just moves constants from 1 package to another, the next patch removes