stacklok / toolhive / 23664634987

coverage: 65.431% (+0.02%) from 65.416%
23664634987

push

github

web-flow 
Wire embedded auth server into VirtualMCPServer converter and deployment (#4383)

* Wire embedded auth server into VirtualMCPServer converter and deployment

The VirtualMCPServer operator lacked the ability to convert an inline
EmbeddedAuthServerConfig into an authserver.RunConfig and mount the
necessary secrets onto the vMCP pod.

Export BuildAuthServerRunConfig from controllerutil (previously the
unexported buildEmbeddedAuthServerRunnerConfig used only by MCPServer)
and call it from the VirtualMCPServer converter. This avoids duplicating
~450 lines of conversion logic (signing keys, HMAC secrets, upstream
providers, Redis storage with Sentinel) and ensures both controllers
use identical mount paths, env var naming, and Redis key prefix format.

Operator side: serialize the RunConfig as a separate ConfigMap key
(authserver-config.yaml) alongside config.yaml. Mount auth server
volumes and env vars onto the deployment via GenerateAuthServerVolumes
and GenerateAuthServerEnvVars. Cross-validate auth server config
against backend strategies via ValidateAuthServerIntegration.

Binary side: load sibling authserver-config.yaml if present, construct
EmbeddedAuthServer, and pass it to the server config. Fail closed on
read errors other than file-not-found.

Fixes #4284

* Fix E2E test to use OIDC incoming auth with auth server config

ValidateAuthServerIntegration (added in 0810bda4a) requires OIDC
incoming auth when AuthServerConfig is present. The pre-existing E2E
test used anonymous auth, causing the condition to be overwritten to
False and the test to time out.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Extract convertSessionStorage to reduce Convert cyclomatic complexity

The Convert function exceeded the gocyclo threshold (17 > 15) after
the rebase added both SessionStorage and AuthServerConfig conversion.
Extract the SessionStorage block into a standalone helper.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthro... (continued)

101 of 142 new or added lines in 6 files covered. (71.13%)

40 existing lines in 5 files now uncovered.

52580 of 80360 relevant lines covered (65.43%)

65.02 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

64.89
/cmd/thv-operator/controllers/virtualmcpserver_controller.go


Source Not Available