stacklok / toolhive / 21506200086

push

github

Limit RBAC permissions for inline mode VirtualMCPServers (#3504)

In inline mode, VirtualMCPServer pods receive all backend configuration
through the VirtualMCPServer spec and don't need to discover backends
from Kubernetes resources. However, they were still granted full RBAC
permissions including access to secrets and configmaps.

Since vMCP is exposed to the outside world via HTTP, granting unnecessary
Kubernetes API permissions increases the security risk. This change
implements conditional RBAC based on the outgoing auth source mode:

  - Inline mode: Minimal permissions (read own spec + update status)
  - Discovered mode: Full permissions (read secrets, configmaps, MCP resources)

The implementation creates two separate RBAC rule sets and selects the
appropriate one based on spec.outgoingAuth.source. Existing resources
default to discovered mode for backward compatibility.

Added comprehensive tests to verify correct permissions are granted for
each mode, including validation that inline mode has no secret or
configmap access while still maintaining status update capabilities.

Also removed orphaned comment and nolint directive for deleted
discoverBackends function.

Related-to: #3149

Co-authored-by: taskbot <taskbot@users.noreply.github.com>

10 of 10 new or added lines in 1 file covered. (100.0%)

39377 of 65095 relevant lines covered (60.49%)

76.1 hits per line