Skip to content

Commit 8a70e10

Browse files
zhaohuabingzhaohuabing
committed
update API
Signed-off-by: Huabing Zhao <[email protected]>
1 parent 0ccf737 commit 8a70e10

File tree

1 file changed

+49
-6
lines changed

1 file changed

+49
-6
lines changed

api/v1alpha1/mcp_route.go

Lines changed: 49 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -245,23 +245,66 @@ type MCPRouteAuthorization struct {
245245
// MCPRouteAuthorizationRule defines an authorization rule for MCPRoute based on the MCP authorization spec.
246246
// Reference: https://modelcontextprotocol.io/specification/draft/basic/authorization#scope-challenge-handling
247247
type MCPRouteAuthorizationRule struct {
248-
// Tools defines the list of tool names this rule applies to. The name must be a fully qualified tool name including the backend name.
249-
// For example, "mcp-backend-name__tool-name".
248+
// Source defines the authorization source for this rule.
250249
//
251-
// If a request calls a tool in this list, this rule is considered a match.
252-
// If this request has a valid JWT token that contains all the required scopes defined in this rule,
253-
// the request will be allowed. If not, the request will be denied.
250+
// +kubebuilder:validation:Required
251+
Source MCPAuthorizationSource `json:"source"`
252+
253+
// Target defines the authorization target for this rule.
254+
//
255+
// +kubebuilder:validation:Required
256+
Target MCPAuthorizationTarget `json:"target"`
257+
}
258+
259+
type MCPAuthorizationTarget struct {
260+
// Tools defines the list of tools this rule applies to.
254261
//
255262
// +kubebuilder:validation:MinItems=1
256263
// +kubebuilder:validation:MaxItems=16
257-
Tools []string `json:"tools"`
264+
Tools []ToolCall `json:"tools"`
265+
266+
// TODO: we can add resources, prompts, etc. in the future.
267+
}
268+
269+
type MCPAuthorizationSource struct {
270+
// JWTSource defines the JWT scopes required for this rule to match.
271+
//
272+
// +kubebuilder:validation:Optional
273+
JWTSource *JWTSource `json:"jwtSource,omitempty"`
274+
}
258275

276+
type JWTSource struct {
259277
// Scopes defines the list of JWT scopes required for the rule.
260278
// If multiple scopes are specified, all scopes must be present in the JWT for the rule to match.
261279
//
262280
// +kubebuilder:validation:MinItems=1
263281
// +kubebuilder:validation:MaxItems=16
264282
Scopes []egv1a1.JWTScope `json:"scopes"`
283+
284+
//TODO : we can add more fields in the future, e.g., audiences, claims, etc.
285+
}
286+
287+
type ToolCall struct {
288+
// Tools defines the list of tool names this rule applies to. The name must be a fully qualified tool name including the backend name.
289+
// For example, "mcp-backend-name__tool-name".
290+
Name string `json:"name"`
291+
292+
// Parameters are the parameters passed to the tool.
293+
Arguments map[string]string `json:"arguments,omitempty"`
294+
}
295+
296+
type ToolArgument struct {
297+
// Name is the name of the argument.
298+
Name string `json:"name"`
299+
300+
// Value is the value of the argument.
301+
Value ArgumentValues `json:"value"`
302+
}
303+
304+
type ArgumentValues struct {
305+
Include []string `json:"include,omitempty"`
306+
307+
IncludeRegex []string `json:"includeRegex,omitempty"`
265308
}
266309

267310
// JWKS defines how to obtain JSON Web Key Sets (JWKS) either from a remote HTTP/HTTPS endpoint or from a local source.

0 commit comments

Comments
 (0)