config

package
v0.17.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 9, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package config provides management for the registry server configuration

Index

Constants

View Source 
const (
	// SourceTypeGit is the type for registry data stored in Git repositories
	SourceTypeGit = "git"

	// SourceTypeAPI is the type for registry data fetched from API endpoints
	SourceTypeAPI = "api"

	// SourceTypeFile is the type for registry data stored in local files
	SourceTypeFile = "file"

	// RegistryJSONFilePath is the file path where the registry JSON file will be mounted
	RegistryJSONFilePath = "/config/registry"

	// RegistryJSONFileName is the name of the registry JSON file
	RegistryJSONFileName = "registry.json"

	// RegistryServerConfigFilePath is the file path where the registry server config file will be mounted
	RegistryServerConfigFilePath = "/config"

	// RegistryServerConfigFileName is the name of the registry server config file
	RegistryServerConfigFileName = "config.yaml"
)

Variables

This section is empty.

Functions

func RawConfigToConfigMap added in v0.17.0 

func RawConfigToConfigMap(registryName, namespace, configYAML string) (*corev1.ConfigMap, error)

RawConfigToConfigMap creates a ConfigMap from a raw YAML config string without parsing or transforming its content. It applies the same content checksum annotation used by ToConfigMapWithContentChecksum.

Types

type APIConfig 

type APIConfig struct {
	// Endpoint is the base API URL (without path)
	// The source handler will append the appropriate paths, for instance:
	//   - /v0/servers - List all servers (single response, no pagination)
	//   - /v0/servers/{name} - Get specific server (future)
	//   - /v0/info - Get registry metadata (future)
	// Example: "http://my-registry-api.default.svc.cluster.local/api"
	Endpoint string `yaml:"endpoint"`
}

APIConfig defines API source configuration for ToolHive Registry APIs

type AuthConfig added in v0.6.12 

type AuthConfig struct {
	// Mode specifies the authentication mode (anonymous or oauth)
	// Defaults to "oauth" if not specified (security-by-default).
	// Use "anonymous" to explicitly disable authentication for development.
	Mode AuthMode `yaml:"mode,omitempty"`

	// PublicPaths defines additional paths that bypass authentication
	PublicPaths []string `yaml:"publicPaths,omitempty"`

	// OAuth defines OAuth/OIDC specific authentication settings
	// Only used when Mode is "oauth"
	OAuth *OAuthConfig `yaml:"oauth,omitempty"`

	// Authz defines authorization configuration for role-based access control
	Authz *AuthzConfig `yaml:"authz,omitempty"`
}

AuthConfig defines authentication configuration for the registry server

type AuthMode added in v0.6.12 

type AuthMode string

AuthMode represents the authentication mode 

const (
	// AuthModeAnonymous allows unauthenticated access
	AuthModeAnonymous AuthMode = "anonymous"

	// AuthModeOAuth enables OAuth/OIDC authentication
	AuthModeOAuth AuthMode = "oauth"
)

type AuthzConfig added in v0.17.0 

type AuthzConfig struct {
	Roles RolesConfig `yaml:"roles,omitempty"`
}

AuthzConfig defines authorization configuration for role-based access control

type Config 

type Config struct {
	Sources    []SourceConfig   `yaml:"sources"`
	Registries []RegistryConfig `yaml:"registries,omitempty"`
	Database   *DatabaseConfig  `yaml:"database,omitempty"`
	Auth       *AuthConfig      `yaml:"auth,omitempty"`
	Telemetry  *TelemetryConfig `yaml:"telemetry,omitempty"`
}

Config represents the root configuration structure (v2 format)

func (*Config) ToConfigMapWithContentChecksum 

func (c *Config) ToConfigMapWithContentChecksum(mcpRegistry *mcpv1alpha1.MCPRegistry) (*corev1.ConfigMap, error)

ToConfigMapWithContentChecksum converts the Config to a ConfigMap with a content checksum annotation

type ConfigManager 

type ConfigManager interface {
	BuildConfig() (*Config, error)
	GetRegistryServerConfigMapName() string
}

ConfigManager provides methods to build registry server configuration from MCPRegistry resources

func NewConfigManager 

func NewConfigManager(mcpRegistry *mcpv1alpha1.MCPRegistry) ConfigManager

NewConfigManager creates a new instance of ConfigManager

type DatabaseConfig added in v0.6.9 

type DatabaseConfig struct {
	// Host is the database server hostname
	Host string `yaml:"host"`

	// Port is the database server port
	Port int32 `yaml:"port"`

	// User is the application user (limited privileges: SELECT, INSERT, UPDATE, DELETE)
	// Credentials provided via pgpass file
	User string `yaml:"user"`

	// MigrationUser is the migration user (elevated privileges: CREATE, ALTER, DROP)
	// Used for running database schema migrations
	// Credentials provided via pgpass file
	MigrationUser string `yaml:"migrationUser"`

	// Database is the database name
	Database string `yaml:"database"`

	// SSLMode is the SSL mode for the connection
	SSLMode string `yaml:"sslMode"`

	// MaxOpenConns is the maximum number of open connections to the database
	MaxOpenConns int32 `yaml:"maxOpenConns"`

	// MaxIdleConns is the maximum number of idle connections in the pool
	MaxIdleConns int32 `yaml:"maxIdleConns"`

	// ConnMaxLifetime is the maximum amount of time a connection may be reused
	ConnMaxLifetime string `yaml:"connMaxLifetime"`

	// MaxMetaSize is the maximum allowed size in bytes for publisher-provided metadata extensions
	MaxMetaSize *int32 `yaml:"maxMetaSize,omitempty"`

	// DynamicAuth defines dynamic database authentication configuration
	DynamicAuth *DynamicAuthConfig `yaml:"dynamicAuth,omitempty"`
}

DatabaseConfig defines PostgreSQL database configuration Uses two-user security model: separate users for operations and migrations

type DynamicAuthAWSRDSIAM added in v0.17.0 

type DynamicAuthAWSRDSIAM struct {
	Region string `yaml:"region,omitempty"`
}

DynamicAuthAWSRDSIAM defines AWS RDS IAM authentication configuration

type DynamicAuthConfig added in v0.17.0 

type DynamicAuthConfig struct {
	AWSRDSIAM *DynamicAuthAWSRDSIAM `yaml:"awsRdsIam,omitempty"`
}

DynamicAuthConfig defines dynamic database authentication configuration

type FileConfig 

type FileConfig struct {
	// Path is the path to the registry.json file on the local filesystem
	// Can be absolute or relative to the working directory
	Path string `yaml:"path,omitempty"`

	// URL is the HTTP/HTTPS URL to fetch the registry file from
	URL string `yaml:"url,omitempty"`

	// Data is the inline registry data as a JSON string
	Data string `yaml:"data,omitempty"`

	// Timeout is the timeout for HTTP requests when using URL
	Timeout string `yaml:"timeout,omitempty"`
}

FileConfig defines file source configuration

type FilterConfig 

type FilterConfig struct {
	Names *NameFilterConfig `yaml:"names,omitempty"`
	Tags  *TagFilterConfig  `yaml:"tags,omitempty"`
}

FilterConfig defines filtering rules for registry entries

type GitAuthConfig added in v0.9.2 

type GitAuthConfig struct {
	// Username is the Git username for HTTP Basic authentication
	Username string `yaml:"username,omitempty"`

	// PasswordFile is the path to a file containing the Git password/token
	PasswordFile string `yaml:"passwordFile,omitempty"`
}

GitAuthConfig defines authentication settings for Git repositories

type GitConfig 

type GitConfig struct {
	// Repository is the Git repository URL (HTTP/HTTPS/SSH)
	Repository string `yaml:"repository"`

	// Branch is the Git branch to use (mutually exclusive with Tag and Commit)
	Branch string `yaml:"branch,omitempty"`

	// Tag is the Git tag to use (mutually exclusive with Branch and Commit)
	Tag string `yaml:"tag,omitempty"`

	// Commit is the Git commit SHA to use (mutually exclusive with Branch and Tag)
	Commit string `yaml:"commit,omitempty"`

	// Path is the path to the registry file within the repository
	Path string `yaml:"path,omitempty"`

	// Auth contains optional authentication for private repositories
	Auth *GitAuthConfig `yaml:"auth,omitempty"`
}

GitConfig defines Git source settings

type KubernetesConfig added in v0.6.10 

type KubernetesConfig struct {
	// Namespaces is a list of Kubernetes namespaces to watch for MCP servers.
	// If empty, watches the operator's configured namespace.
	Namespaces []string `yaml:"namespaces,omitempty"`
}

KubernetesConfig defines a Kubernetes-based source where data is discovered from MCPServer resources in the cluster.

type ManagedConfig added in v0.17.0 

type ManagedConfig struct{}

ManagedConfig defines configuration for managed sources. Managed sources are directly manipulated via API and do not sync from external sources.

type MetricsConfig added in v0.17.0 

type MetricsConfig struct {
	Enabled bool `yaml:"enabled"`
}

MetricsConfig defines metrics-specific configuration

type NameFilterConfig 

type NameFilterConfig struct {
	Include []string `yaml:"include,omitempty"`
	Exclude []string `yaml:"exclude,omitempty"`
}

NameFilterConfig defines name-based filtering

type OAuthConfig added in v0.6.15 

type OAuthConfig struct {
	// ResourceURL is the URL identifying this protected resource (RFC 9728)
	// Used in the /.well-known/oauth-protected-resource endpoint
	ResourceURL string `yaml:"resourceUrl,omitempty"`

	// Providers defines the OAuth/OIDC providers for authentication
	// Multiple providers can be configured (e.g., Kubernetes + external IDP)
	Providers []OAuthProviderConfig `yaml:"providers,omitempty"`

	// ScopesSupported defines the OAuth scopes supported by this resource (RFC 9728)
	// Defaults to ["mcp-registry:read", "mcp-registry:write"] if not specified
	ScopesSupported []string `yaml:"scopesSupported,omitempty"`

	// Realm is the protection space identifier for WWW-Authenticate header (RFC 7235)
	// Defaults to "mcp-registry" if not specified
	Realm string `yaml:"realm,omitempty"`
}

OAuthConfig defines OAuth/OIDC specific authentication settings

type OAuthProviderConfig added in v0.6.15 

type OAuthProviderConfig struct {
	// Name is a unique identifier for this provider (e.g., "kubernetes", "keycloak")
	Name string `yaml:"name"`

	// IssuerURL is the OIDC issuer URL (e.g., https://accounts.google.com)
	// The JWKS URL will be discovered automatically from .well-known/openid-configuration
	// unless JwksUrl is explicitly specified
	IssuerURL string `yaml:"issuerUrl"`

	// JwksUrl is the URL to fetch the JSON Web Key Set (JWKS) from
	// If specified, OIDC discovery is skipped and this URL is used directly
	// Example: https://kubernetes.default.svc/openid/v1/jwks
	JwksUrl string `yaml:"jwksUrl,omitempty"`

	// Audience is the expected audience claim in the token (REQUIRED)
	// Per RFC 6749 Section 4.1.3, tokens must be validated against expected audience
	// For Kubernetes, this is typically the API server URL
	Audience string `yaml:"audience"`

	// ClientID is the OAuth client ID for token introspection (optional)
	ClientID string `yaml:"clientId,omitempty"`

	// ClientSecretFile is the path to a file containing the client secret
	// The file should contain only the secret with optional trailing whitespace
	ClientSecretFile string `yaml:"clientSecretFile,omitempty"`

	// CACertPath is the path to a CA certificate bundle for verifying the provider's TLS certificate
	// Required for Kubernetes in-cluster authentication or self-signed certificates
	CACertPath string `yaml:"caCertPath,omitempty"`

	// AuthTokenFile is the path to a file containing a bearer token for authenticating to OIDC/JWKS endpoints
	// Useful when the OIDC discovery or JWKS endpoint requires authentication
	// Example: /var/run/secrets/kubernetes.io/serviceaccount/token
	AuthTokenFile string `yaml:"authTokenFile,omitempty"`

	// IntrospectionURL is the OAuth 2.0 Token Introspection endpoint (RFC 7662)
	// Used for validating opaque (non-JWT) tokens
	// If not specified, only JWT tokens can be validated via JWKS
	IntrospectionURL string `yaml:"introspectionUrl,omitempty"`

	// AllowPrivateIP allows JWKS/OIDC endpoints on private IP addresses
	// Required when the OAuth provider (e.g., Kubernetes API server) is running on a private network
	// Example: Set to true when using https://kubernetes.default.svc as the issuer URL
	AllowPrivateIP bool `yaml:"allowPrivateIP,omitempty"`
}

OAuthProviderConfig defines configuration for an OAuth/OIDC provider

type RegistryConfig added in v0.6.7 

type RegistryConfig struct {
	Name    string         `yaml:"name"`
	Sources []string       `yaml:"sources"`
	Claims  map[string]any `yaml:"claims,omitempty"`
}

RegistryConfig defines a lightweight registry view that aggregates sources (v2 format)

type RolesConfig added in v0.17.0 

type RolesConfig struct {
	SuperAdmin       []map[string]any `yaml:"superAdmin,omitempty"`
	ManageSources    []map[string]any `yaml:"manageSources,omitempty"`
	ManageRegistries []map[string]any `yaml:"manageRegistries,omitempty"`
	ManageEntries    []map[string]any `yaml:"manageEntries,omitempty"`
}

RolesConfig defines role-based authorization rules

type SourceConfig 

type SourceConfig struct {
	Name       string            `yaml:"name"`
	Format     string            `yaml:"format,omitempty"`
	Claims     map[string]any    `yaml:"claims,omitempty"`
	Git        *GitConfig        `yaml:"git,omitempty"`
	API        *APIConfig        `yaml:"api,omitempty"`
	File       *FileConfig       `yaml:"file,omitempty"`
	Managed    *ManagedConfig    `yaml:"managed,omitempty"`
	Kubernetes *KubernetesConfig `yaml:"kubernetes,omitempty"`
	SyncPolicy *SyncPolicyConfig `yaml:"syncPolicy,omitempty"`
	Filter     *FilterConfig     `yaml:"filter,omitempty"`
}

SourceConfig defines a single data source configuration (v2 format)

type SyncPolicyConfig 

type SyncPolicyConfig struct {
	Interval string `yaml:"interval"`
}

SyncPolicyConfig defines synchronization settings

type TagFilterConfig 

type TagFilterConfig struct {
	Include []string `yaml:"include,omitempty"`
	Exclude []string `yaml:"exclude,omitempty"`
}

TagFilterConfig defines tag-based filtering

type TelemetryConfig added in v0.17.0 

type TelemetryConfig struct {
	Enabled        bool           `yaml:"enabled"`
	ServiceName    string         `yaml:"serviceName,omitempty"`
	ServiceVersion string         `yaml:"serviceVersion,omitempty"`
	Endpoint       string         `yaml:"endpoint,omitempty"`
	Insecure       bool           `yaml:"insecure,omitempty"`
	Tracing        *TracingConfig `yaml:"tracing,omitempty"`
	Metrics        *MetricsConfig `yaml:"metrics,omitempty"`
}

TelemetryConfig defines OpenTelemetry configuration

type TracingConfig added in v0.17.0 

type TracingConfig struct {
	Enabled  bool     `yaml:"enabled"`
	Sampling *float64 `yaml:"sampling,omitempty"`
}

TracingConfig defines tracing-specific configuration

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.