Skip to content

fix oidc and token exchange config for k8s #2537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 13, 2025
Merged

fix oidc and token exchange config for k8s #2537

merged 6 commits into from
Nov 13, 2025

Conversation

@yrobla
Copy link
Contributor

@yrobla yrobla commented Nov 11, 2025

No description provided.

@codecov
Copy link

codecov bot commented Nov 11, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 19.14894% with 38 lines in your changes missing coverage. Please review.
✅ Project coverage is 55.95%. Comparing base (d3ed163) to head (b56d807).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
pkg/runner/middleware.go 0.00% 15 Missing ⚠️
...d/thv-operator/pkg/controllerutil/tokenexchange.go 0.00% 11 Missing ⚠️
...v-operator/controllers/mcpremoteproxy_runconfig.go 33.33% 2 Missing and 2 partials ⚠️
...md/thv-operator/controllers/mcpserver_runconfig.go 33.33% 2 Missing and 2 partials ⚠️
pkg/runner/config_builder.go 0.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2537      +/-   ##
==========================================
- Coverage   55.99%   55.95%   -0.05%     
==========================================
  Files         316      316              
  Lines       29748    29766      +18     
==========================================
- Hits        16658    16655       -3     
- Misses      11636    11652      +16     
- Partials     1454     1459       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@yrobla yrobla requested review from JAORMX and Copilot November 11, 2025 09:42
Copilot finished reviewing on behalf of yrobla November 11, 2025 09:45
Copilot AI reviewed Nov 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enables consuming the resource URL for CRD (Custom Resource Definition) configurations by introducing a mechanism to append middleware configurations incrementally in the operator context.

  • Introduced WithAppendMiddlewareConfig function to append individual middleware configs instead of replacing the entire list
  • Updated AddExternalAuthConfigOptions to use the append pattern for token exchange middleware
  • Enhanced AddOIDCConfigOptions to create and append auth middleware configuration for OAuth discovery endpoint support

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
pkg/runner/config_builder.go Added WithAppendMiddlewareConfig function to support incremental middleware configuration
cmd/thv-operator/pkg/controllerutil/tokenexchange.go Changed to use WithAppendMiddlewareConfig instead of WithMiddlewareConfig to preserve existing middlewares
cmd/thv-operator/pkg/controllerutil/oidc.go Added auth middleware creation to enable authInfoHandler for OAuth discovery endpoints and support ResourceURL field

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@yrobla yrobla requested a review from jhrozek November 11, 2025 09:56
@yrobla
Copy link
Contributor Author

yrobla commented Nov 11, 2025

@claude please review. wasn't there any other opportunity for code reuse, or any other optimization?

@claude
Copy link
Contributor

claude bot commented Nov 11, 2025
edited
Loading

Claude encountered an error —— View job

I'll analyze this and get back to you.

JAORMX
JAORMX reviewed Nov 11, 2025
View reviewed changes
Copy link
Collaborator

@JAORMX JAORMX left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uhm... shouldn't this come from the runconfig we form? Ideally it should already be formed that way from there.

@yrobla yrobla force-pushed the feat/add_resource_url_k8s branch from ef9a7ac to 6207348 Compare November 11, 2025 13:45
blkt
blkt reviewed Nov 11, 2025
View reviewed changes
Copy link
Contributor

@blkt blkt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I won't block this because I don't get the full scope of the change, but I'm a bit concerned by some of the added code, could you clarify the changes?

@yrobla yrobla requested a review from Copilot November 11, 2025 14:46
Copilot finished reviewing on behalf of yrobla November 11, 2025 14:48
Copilot AI reviewed Nov 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@yrobla yrobla force-pushed the feat/add_resource_url_k8s branch 2 times, most recently from 15329fc to 53f1133 Compare November 11, 2025 15:17
@yrobla yrobla changed the title allow to consume the resource url for crd fix oidc and token exchange config for k8s Nov 11, 2025
@yrobla yrobla requested review from JAORMX, blkt and Copilot November 11, 2025 15:23
@JAORMX
Copy link
Collaborator

JAORMX commented Nov 11, 2025

@yrobla could it be that we're not seeing yo the middleware correctly in the proxyrunner? Then the changes would go there instead of the general runner package cc @blkt @ChrisJBurns

Copilot finished reviewing on behalf of yrobla November 11, 2025 15:26
Copilot AI reviewed Nov 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@yrobla
Copy link
Contributor Author

yrobla commented Nov 11, 2025

@yrobla could it be that we're not seeing yo the middleware correctly in the proxyrunner? Then the changes would go there instead of the general runner package cc @blkt @ChrisJBurns

proxyrunner should be picking the config from runconfig as well, right?

@yrobla yrobla force-pushed the feat/add_resource_url_k8s branch 3 times, most recently from 451c4e3 to bb4421a Compare November 13, 2025 08:42
@yrobla yrobla force-pushed the feat/add_resource_url_k8s branch 2 times, most recently from 9965f1d to 5c67232 Compare November 13, 2025 08:52
@yrobla yrobla requested a review from Copilot November 13, 2025 08:52
Copilot finished reviewing on behalf of yrobla November 13, 2025 08:54
@yrobla yrobla force-pushed the feat/add_resource_url_k8s branch from 5c67232 to b56d807 Compare November 13, 2025 08:54
Copilot AI reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 16 out of 18 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@yrobla yrobla merged commit 4571696 into main Nov 13, 2025
32 checks passed
@yrobla yrobla deleted the feat/add_resource_url_k8s branch November 13, 2025 12:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jhrozek jhrozek jhrozek approved these changes

@blkt blkt Awaiting requested review from blkt

@JAORMX JAORMX Awaiting requested review from JAORMX

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@yrobla @JAORMX @blkt @jhrozek @taskbot