3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-31 23:41:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

mcp: add global runtime flag (#5604)

Browse source 
## Summary

Adds global runtime flag to enable/disable MCP support. (off by
default).

```yaml
runtime_flags:
  mcp: true
```

## Related issues

Fix:
https://linear.app/pomerium/issue/ENG-2367/place-mcp-support-behind-a-runtime-flag

## User Explanation

<!-- How would you explain this change to the user? If this
change doesn't create any user-facing changes, you can leave
this blank. If filled out, add the `docs` label -->

## Checklist

- [x] reference any related issues
- [ ] updated unit tests
- [ ] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [ ] ready for review
This commit is contained in:
Denis Mishin 2025-05-02 16:33:42 -04:00 committed by GitHub
parent d1559eaa86
commit 1a19ccabd8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 100 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

36
config/envoyconfig/routes_test.go
View file

@ -2331,7 +2331,9 @@ func Test_buildPomeriumHTTPRoutesWithMCP(t *testing.T) {
MCP: &config.MCP{}, // This marks the policy as an MCP policy
},
},
RuntimeFlags: config.DefaultRuntimeFlags(),
}
options.RuntimeFlags[config.RuntimeFlagMCP] = true
routes, err := b.buildPomeriumHTTPRoutes(options, "example.com", true)
require.NoError(t, err)
@ -2347,4 +2349,38 @@ func Test_buildPomeriumHTTPRoutesWithMCP(t *testing.T) {
`+routeString("path", "/.well-known/oauth-authorization-server")+`
]`, routes)
})
t.Run("with MCP policy, runtime flag is off", func(t *testing.T) {
b := &Builder{filemgr: filemgr.NewManager()}
options := &config.Options{
Services: "all",
AuthenticateURLString: "https://authenticate.example.com",
Policies: []config.Policy{
{
From: "https://example.com",
To: mustParseWeightedURLs(t, "https://to.example.com"),
},
{
From: "https://mcp.example.com",
To: mustParseWeightedURLs(t, "https://mcp-backend.example.com"),
MCP: &config.MCP{}, // This marks the policy as an MCP policy
},
},
RuntimeFlags: config.DefaultRuntimeFlags(),
}
options.RuntimeFlags[config.RuntimeFlagMCP] = false
routes, err := b.buildPomeriumHTTPRoutes(options, "example.com", true)
require.NoError(t, err)
// Verify the expected route structures
testutil.AssertProtoJSONEqual(t, `[
`+routeString("path", "/ping")+`,
`+routeString("path", "/healthz")+`,
`+routeString("path", "/.pomerium")+`,
`+routeString("prefix", "/.pomerium/")+`,
`+routeString("path", "/.well-known/pomerium")+`,
`+routeString("prefix", "/.well-known/pomerium/")+`
]`, routes)
})
}