Skip to content

Fix mcp backend auth #12897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
npolshakova merged 2 commits into from
Nov 17, 2025
Merged

Fix mcp backend auth #12897

npolshakova merged 2 commits into from
Nov 17, 2025
+161 −1

Conversation

@npolshakova
Copy link
Contributor

@npolshakova npolshakova commented Nov 17, 2025

Description

Fixes MCP Auth policies parsing to look at the AgentgatewayPolicy backend config.

Change Type

/kind fix

Changelog

Fixed mcp authorization parsing for backend policy on AgentgatewayPolicy.

@npolshakova
fix mcp backend auth
4e0a8bd 
Signed-off-by: npolshakova <[email protected]>
@npolshakova
add test
d709565 
Signed-off-by: npolshakova <[email protected]>
@gateway-bot gateway-bot added kind/fix Categorizes issue or PR as related to a bug. release-note labels Nov 17, 2025
Copilot AI reviewed Nov 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a bug in MCP authorization policy parsing where the function was incorrectly reading from the Traffic authorization config instead of the Backend MCP authorization config.

  • Corrected translateBackendMCPAuthorization to read from policy.Spec.Backend.MCP.Authorization instead of policy.Spec.Traffic.Authorization
  • Added nil safety checks for backend, MCP, and authorization fields
  • Added comprehensive test coverage for the fix including edge cases

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pkg/agentgateway/plugins/backend_policies.go Fixed authorization parsing to correctly access backend MCP authorization config and added nil safety checks
pkg/agentgateway/plugins/backend_policies_test.go Added comprehensive test coverage for MCP authorization translation including nil checks, allow/deny actions, and verification that traffic authorization is properly ignored

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@npolshakova npolshakova added this pull request to the merge queue Nov 17, 2025
Merged via the queue into kgateway-dev:main with commit ef9fa6a Nov 17, 2025
34 of 35 checks passed
@npolshakova npolshakova deleted the fix-mcp-backend-auth branch November 17, 2025 14:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@timflannagan timflannagan timflannagan approved these changes

@ymesika ymesika ymesika approved these changes

@howardjohn howardjohn Awaiting requested review from howardjohn

Assignees

No one assigned

Labels

kind/fix Categorizes issue or PR as related to a bug. release-note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@npolshakova @timflannagan @ymesika @gateway-bot