Movatterモバイル変換

Skip to content

coder/coderPublic

NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commitfa5ca69

dannykopping

committed

feat: external auth MCP URL & allow/denylist

1 parent8487216 commitfa5ca69Copy full SHA for fa5ca69

File tree

11 files changed

+86

-0

lines changed

cli
- server.go
coderd
- apidoc
  - docs.go
  - swagger.json
- externalauth
  - externalauth.go
codersdk
- deployment.go
- deployment_test.go
- testdata
  - githubcfg.yaml
docs/reference/api
- general.md
- schemas.md
site/src
- api
  - typesGenerated.ts
- pages/DeploymentSettingsPage/ExternalAuthSettingsPage
  - ExternalAuthSettingsPageView.stories.tsx

11 files changed

+86

-0

lines changed

`‎cli/server.go‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2722,6 +2722,12 @@ func parseExternalAuthProvidersFromEnv(prefix string, environ []string) ([]coder`
`2722`	`2722`	`provider.DisplayName=v.Value`
`2723`	`2723`	`case"DISPLAY_ICON":`
`2724`	`2724`	`provider.DisplayIcon=v.Value`
	`2725`	`+case"MCP_URL":`
	`2726`	`+provider.MCPURL=v.Value`
	`2727`	`+case"MCP_TOOL_ALLOWLIST":`
	`2728`	`+provider.MCPToolAllowlist=v.Value`
	`2729`	`+case"MCP_TOOL_DENYLIST":`
	`2730`	`+provider.MCPToolDenylist=v.Value`
`2725`	`2731`	`}`
`2726`	`2732`	`providers[providerNum]=provider`
`2727`	`2733`	`}`

`‎coderd/apidoc/docs.go‎`

Lines changed: 9 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/apidoc/swagger.json‎`

Lines changed: 9 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎coderd/externalauth/externalauth.go‎`

Lines changed: 29 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,17 @@ type Config struct {`
`81`	`81`	`// AppInstallationsURL is an API endpoint that returns a list of`
`82`	`82`	`// installations for the user. This is used for GitHub Apps.`
`83`	`83`	`AppInstallationsURLstring`
	`84`	`+// MCPURL is the endpoint that clients must use to communicate with the associated`
	`85`	`+// MCP server.`
	`86`	`+MCPURLstring`
	`87`	`+// MCPToolAllowlistPattern is a [regexp.Regexp] to match tools which are explicitly allowed to be`
	`88`	`+// injected into Coder AI Bridge upstream requests.`
	`89`	`+// In the case of conflicts, [MCPToolDenylistPattern] overrides items evaluated by this list.`
	`90`	`+MCPToolAllowlistPattern*regexp.Regexp`
	`91`	`+// MCPToolAllowlistPattern is a [regexp.Regexp] to match tools which are explicitly NOT allowed to be`
	`92`	`+// injected into Coder AI Bridge upstream requests.`
	`93`	`+// In the case of conflicts, items evaluated by this list override [MCPToolAllowlistPattern].`
	`94`	`+MCPToolDenylistPattern*regexp.Regexp`
`84`	`95`	`}`
`85`	`96`
`86`	`97`	`// GenerateTokenExtra generates the extra token data to store in the database.`
`@@ -608,6 +619,21 @@ func ConvertConfig(instrument *promoauth.Factory, entries []codersdk.ExternalAut`
`608`	`619`	`instrumented=instrument.NewGithub(entry.ID,oauthConfig)`
`609`	`620`	`}`
`610`	`621`
	`622`	`+varmcpToolAllow*regexp.Regexp`
	`623`	`+varmcpToolDeny*regexp.Regexp`
	`624`	`+ifentry.MCPToolAllowlist!="" {`
	`625`	`+mcpToolAllow,err=regexp.Compile(entry.MCPToolAllowlist)`
	`626`	`+iferr!=nil {`
	`627`	`+returnnil,xerrors.Errorf("compile MCP tool allowlist for external auth provider %q: %w",entry.ID,entry.MCPToolAllowlist)`
	`628`	`+}`
	`629`	`+}`
	`630`	`+ifentry.MCPToolDenylist!="" {`
	`631`	`+mcpToolDeny,err=regexp.Compile(entry.MCPToolDenylist)`
	`632`	`+iferr!=nil {`
	`633`	`+returnnil,xerrors.Errorf("compile MCP tool denylist for external auth provider %q: %w",entry.ID,entry.MCPToolDenylist)`
	`634`	`+}`
	`635`	`+}`
	`636`	`+`
`611`	`637`	`cfg:=&Config{`
`612`	`638`	`InstrumentedOAuth2Config:instrumented,`
`613`	`639`	`ID:entry.ID,`
`@@ -620,6 +646,9 @@ func ConvertConfig(instrument *promoauth.Factory, entries []codersdk.ExternalAut`
`620`	`646`	`DisplayName:entry.DisplayName,`
`621`	`647`	`DisplayIcon:entry.DisplayIcon,`
`622`	`648`	`ExtraTokenKeys:entry.ExtraTokenKeys,`
	`649`	`+MCPURL:entry.MCPURL,`
	`650`	`+MCPToolAllowlistPattern:mcpToolAllow,`
	`651`	`+MCPToolDenylistPattern:mcpToolDeny,`
`623`	`652`	`}`
`624`	`653`
`625`	`654`	`ifentry.DeviceFlow {`

`‎codersdk/deployment.go‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -742,6 +742,9 @@ type ExternalAuthConfig struct {`
`742`	`742`	ExtraTokenKeys []string`json:"-" yaml:"extra_token_keys"`
`743`	`743`	DeviceFlowbool`json:"device_flow" yaml:"device_flow"`
`744`	`744`	DeviceCodeURLstring`json:"device_code_url" yaml:"device_code_url"`
	`745`	+MCPURLstring`json:"mcp_url" yaml:"mcp_url"`
	`746`	+MCPToolAllowliststring`json:"mcp_tool_allowlist" yaml:"mcp_tool_allowlist"`
	`747`	+MCPToolDenyliststring`json:"mcp_tool_denylist" yaml:"mcp_tool_denylist"`
`745`	`748`	`// Regex allows API requesters to match an auth config by`
`746`	`749`	`// a string (e.g. coder.com) instead of by it's type.`
`747`	`750`	`//`

`‎codersdk/deployment_test.go‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -399,6 +399,9 @@ func TestExternalAuthYAMLConfig(t *testing.T) {`
`399`	`399`	`Regex:"^https://example.com/.*$",`
`400`	`400`	`DisplayName:"GitHub",`
`401`	`401`	`DisplayIcon:"/static/icons/github.svg",`
	`402`	`+MCPURL:"https://api.githubcopilot.com/mcp/",`
	`403`	`+MCPToolAllowlist:".*",`
	`404`	`+MCPToolDenylist:"create_gist",`
`402`	`405`	`}`
`403`	`406`
`404`	`407`	`// Input the github section twice for testing a slice of configs.`

`‎codersdk/testdata/githubcfg.yaml‎`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,9 @@ externalAuthProviders:`
`17`	`17`	`-token`
`18`	`18`	`device_flow:true`
`19`	`19`	`device_code_url:https://example.com/device`
	`20`	`+mcp_url:https://api.githubcopilot.com/mcp/`
	`21`	`+mcp_tool_allowlist:.*`
	`22`	`+mcp_tool_denylist:create_gist`
`20`	`23`	`regex:^https://example.com/.*$`
`21`	`24`	`display_name:GitHub`
`22`	`25`	`display_icon:/static/icons/github.svg`

`‎docs/reference/api/general.md‎`

Lines changed: 3 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎docs/reference/api/schemas.md‎`

Lines changed: 15 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

`‎site/src/api/typesGenerated.ts‎`

Lines changed: 3 additions & 0 deletions

Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

0 commit comments

Comments

(0)

[8]ページ先頭

©2009-2025 Movatter.jp