3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-06 03:18:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

mcp: add mcp method and tool logging to authorize (#5668)

Browse source 
## Summary

Adds support for extending authorization log with Model Context Protocol
details.

i.e. 
```json
{
  "level": "info",
  "server-name": "all",
  "service": "authorize",
  "mcp-method": "tools/call",
  "mcp-tool": "describe_table",
  "mcp-tool-parameters": { "table_name": "Categories" },
  "allow": true,
  "allow-why-true": ["email-ok", "mcp-tool-ok"],
  "deny": false,
  "deny-why-false": [],
  "time": "2025-06-24T17:40:41-04:00",
  "message": "authorize check"
}
```

## Related issues

Fixes
https://linear.app/pomerium/issue/ENG-2393/mcp-authorize-each-incoming-request-to-an-mcp-route

## User Explanation

<!-- How would you explain this change to the user? If this
change doesn't create any user-facing changes, you can leave
this blank. If filled out, add the `docs` label -->

## Checklist

- [x] reference any related issues
- [x] updated unit tests
- [x] add appropriate label (`enhancement`, `bug`, `breaking`,
`dependencies`, `ci`)
- [x] ready for review
This commit is contained in:
Denis Mishin 2025-06-24 17:58:51 -07:00 committed by GitHub
parent eacf19cd64
commit 9363457849
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 271 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

87
authorize/log_test.go
View file

@ -31,6 +31,13 @@ func Test_populateLogEvent(t *testing.T) {
Headers: map[string]string{"X-Request-Id": "CHECK-REQUEST-ID"},
IP: "127.0.0.1",
},
MCP: evaluator.RequestMCP{
Method: "tools/call",
ToolCall: &evaluator.RequestMCPToolCall{
Name: "list_tables",
Arguments: map[string]interface{}{"database": "test", "schema": "public"},
},
},
EnvoyRouteChecksum: 1234,
EnvoyRouteID: "ROUTE-ID",
Policy: &config.Policy{
@ -79,6 +86,9 @@ func Test_populateLogEvent(t *testing.T) {
{log.AuthorizeLogFieldImpersonateSessionID, s, `{"impersonate-session-id":"IMPERSONATE-SESSION-ID"}`},
{log.AuthorizeLogFieldImpersonateUserID, s, `{"impersonate-user-id":"IMPERSONATE-USER-ID"}`},
{log.AuthorizeLogFieldIP, s, `{"ip":"127.0.0.1"}`},
{log.AuthorizeLogFieldMCPMethod, s, `{"mcp-method":"tools/call"}`},
{log.AuthorizeLogFieldMCPTool, s, `{"mcp-tool":"list_tables"}`},
{log.AuthorizeLogFieldMCPToolParameters, s, `{"mcp-tool-parameters":{"database":"test","schema":"public"}}`},
{log.AuthorizeLogFieldMethod, s, `{"method":"GET"}`},
{log.AuthorizeLogFieldPath, s, `{"path":"/some/path"}`},
{log.AuthorizeLogFieldQuery, s, `{"query":"a=b"}`},
@ -105,3 +115,80 @@ func Test_populateLogEvent(t *testing.T) {
})
}
}
// Test_MCP_LogFields tests that MCP-specific log fields are properly populated
func Test_MCP_LogFields(t *testing.T) {
t.Parallel()
ctx := t.Context()
ctx = requestid.WithValue(ctx, "MCP-REQUEST-ID")
// Test with a tools/call request
req := &evaluator.Request{
MCP: evaluator.RequestMCP{
Method: "tools/call",
ToolCall: &evaluator.RequestMCPToolCall{
Name: "database_query",
Arguments: map[string]interface{}{
"query": "SELECT * FROM users",
"limit": 100,
"format": "json",
},
},
},
}
var buf bytes.Buffer
logger := zerolog.New(&buf)
// Test MCP method field
evt := logger.Log()
evt = populateLogEvent(ctx, log.AuthorizeLogFieldMCPMethod, evt, req, nil, nil, nil, nil)
evt.Send()
assert.Contains(t, buf.String(), `"mcp-method":"tools/call"`)
buf.Reset()
// Test MCP tool field
evt = logger.Log()
evt = populateLogEvent(ctx, log.AuthorizeLogFieldMCPTool, evt, req, nil, nil, nil, nil)
evt.Send()
assert.Contains(t, buf.String(), `"mcp-tool":"database_query"`)
buf.Reset()
// Test MCP tool parameters field
evt = logger.Log()
evt = populateLogEvent(ctx, log.AuthorizeLogFieldMCPToolParameters, evt, req, nil, nil, nil, nil)
evt.Send()
assert.Contains(t, buf.String(), `"mcp-tool-parameters":`)
assert.Contains(t, buf.String(), `"query":"SELECT * FROM users"`)
assert.Contains(t, buf.String(), `"limit":100`)
assert.Contains(t, buf.String(), `"format":"json"`)
buf.Reset()
// Test with a non-tools/call request (no tool or parameters)
req.MCP = evaluator.RequestMCP{
Method: "tools/list",
}
evt = logger.Log()
evt = populateLogEvent(ctx, log.AuthorizeLogFieldMCPMethod, evt, req, nil, nil, nil, nil)
evt.Send()
assert.Contains(t, buf.String(), `"mcp-method":"tools/list"`)
buf.Reset()
evt = logger.Log()
evt = populateLogEvent(ctx, log.AuthorizeLogFieldMCPTool, evt, req, nil, nil, nil, nil)
evt.Send()
// Should not contain the field when ToolCall is nil
assert.NotContains(t, buf.String(), `"mcp-tool"`)
buf.Reset()
// Test with empty MCP data
req.MCP = evaluator.RequestMCP{}
evt = logger.Log()
evt = populateLogEvent(ctx, log.AuthorizeLogFieldMCPToolParameters, evt, req, nil, nil, nil, nil)
evt.Send()
// Should not contain the field when parameters are nil
assert.NotContains(t, buf.String(), `"mcp-tool-parameters"`)
}