-
Notifications
You must be signed in to change notification settings - Fork 77
implementing auth, dynamic tool registry, updating mcp-go library #121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR implements authentication and dynamic tool registry functionality while updating the mcp-go library. The changes introduce context-based client management, session-aware tool availability, and middleware for handling Terraform configuration through HTTP headers or environment variables.
Key changes:
- Added dynamic tool registry that registers TFE-specific tools only when valid TFE credentials are available
- Implemented middleware to extract Terraform configuration from HTTP headers/query parameters/environment variables
- Refactored HTTP client creation from static dependency injection to context-based retrieval
Reviewed Changes
Copilot reviewed 21 out of 22 changed files in this pull request and generated 6 comments.
Show a summary per file
File | Description |
---|---|
pkg/client/client.go |
New client management system with session-based TFE client creation and context retrieval |
pkg/client/middleware.go |
New middleware for extracting Terraform configuration from requests and adding to context |
pkg/tools/dynamic_tool.go |
Dynamic tool registry that conditionally registers TFE tools based on session state |
pkg/tools/*.go |
Refactored all tool handlers to use context-based client retrieval instead of injected HTTP client |
cmd/terraform-mcp-server/main.go |
Updated server initialization to include session hooks and remove direct HTTP client injection |
go.mod |
Updated mcp-go library version and added new dependencies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work here, I would really recommend looking at the elicitation feature to allow interactive user inputs for what we pass as environment variables. Also, left some suggestions.
@dduzgun-security Thanks for the review deniz, elicitation is not yet supported in the mcp-go library yet, def consideration for the future, depends on mark3labs/mcp-go#495 |
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
Co-authored-by: Deniz Onur Duzgun <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for looking into the suggestions 🎉
Reminder to the contributor that merged this PR: if your changes have added important functionality or fixed a relevant bug, open a follow-up PR to update CHANGELOG.md with a note on your changes. |
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.