stacklok / toolhive / 23855733480
65%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 596
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.561% (+0.06%) from 65.503%
23855733480

push

github

web-flow 
Add MCPOIDCConfig controller for lifecycle management (#4462)

* Add MCPOIDCConfig CRD types and generated manifests

Platform engineers managing multiple MCP servers with the same identity
provider currently must duplicate OIDC configuration across every
MCPServer resource. This introduces the MCPOIDCConfig CRD that allows
defining shared OIDC configuration once.

The CRD supports three configuration variants (kubernetesServiceAccount,
configMapRef, inline) validated via CEL rules with a type discriminator
field following the established MCPExternalAuthConfig pattern. Audience
and scopes are intentionally excluded from the shared config and will be
specified per-server via MCPOIDCConfigReference when workload CRDs add
reference fields (#4253).

Ref #4248

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Remove configMapRef variant from MCPOIDCConfig

A ConfigMap reference inside a dedicated CRD is unnecessary indirection.
The purpose of MCPOIDCConfig is to be the centralized config — pointing
it at a ConfigMap just adds a hop without value. The two remaining
variants (kubernetesServiceAccount and inline) cover all use cases.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add MCPOIDCConfig controller for lifecycle management

Adds the controller that reconciles MCPOIDCConfig resources. It manages
the core CRD lifecycle: adds a finalizer on first reconciliation,
validates the spec and sets a Valid condition, and computes a config
hash for change detection stored in status.

Reference tracking (referencingServers), cascade to workloads via
annotation, deletion protection, and duplicate audience warnings will
be wired up when workload CRDs gain OIDCConfigRef fields (#4253).

Ref #4248

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Add MCPOIDCConfig unit and integration tests

Unit tests (6 functions, 15 subtests):
- Config hash consistency across both spec variants
- Full reconcil... (continued)

63 of 93 new or added lines in 2 files covered. (67.74%)

3 existing lines in 1 file now uncovered.

53309 of 81312 relevant lines covered (65.56%)

62.16 hits per line

Uncovered Changes

Lines Coverage File
24
72.41
 cmd/thv-operator/controllers/mcpoidcconfig_controller.go
6
9.05
 -0.23% cmd/thv-operator/main.go

Coverage Regressions

Lines Coverage File
3
71.85
 -1.11% pkg/ignore/processor.go
Jobs
ID Job ID Ran Files Coverage
1 23855733480.1 596
65.56
 GitHub Action Run
Source Files on build 23855733480