awslabs.eks-mcp-server 0.1.1__py3-none-any.whl → 0.1.2__py3-none-any.whl

awslabs/eks_mcp_server/aws_helper.py

@@ -13,6 +13,7 @@
 
 import boto3
 import os
+from awslabs.eks_mcp_server import __version__
 from botocore.config import Config
 from typing import Any, Optional
 
@@ -38,7 +39,7 @@ class AwsHelper:
     def create_boto3_client(cls, service_name: str, region_name: Optional[str] = None) -> Any:
         """Create a boto3 client with the appropriate profile and region.
 
-        The client is configured with a custom user agent suffix 'awslabs/mcp/eks-mcp-server/0.1.0'
+        The client is configured with a custom user agent suffix 'awslabs/mcp/eks-mcp-server/{version}'
         to identify API calls made by the EKS MCP Server.
 
         Args:
@@ -55,7 +56,7 @@ class AwsHelper:
         profile = cls.get_aws_profile()
 
         # Create config with user agent suffix
-        config = Config(user_agent_extra='awslabs/mcp/eks-mcp-server/0.1.0')
+        config = Config(user_agent_extra=f'awslabs/mcp/eks-mcp-server/{__version__}')
 
         # Create session with profile if specified
         if profile:

awslabs/eks_mcp_server/eks_stack_handler.py

@@ -36,7 +36,7 @@ from awslabs.eks_mcp_server.models import (
 from mcp.server.fastmcp import Context
 from mcp.types import EmbeddedResource, ImageContent, TextContent
 from pydantic import Field
-from typing import Dict, List, Optional, Tuple, Union, cast
+from typing import Any, Dict, List, Optional, Tuple, Union, cast
 
 
 class EksStackHandler:
@@ -345,6 +345,10 @@ class EksStackHandler:
             if 'Parameters' in template_yaml and 'ClusterName' in template_yaml['Parameters']:
                 template_yaml['Parameters']['ClusterName']['Default'] = cluster_name
 
+            # Remove checkov metadata from the EKS cluster resource
+            if 'Resources' in template_yaml and 'EksCluster' in template_yaml['Resources']:
+                self._remove_checkov_metadata(template_yaml['Resources']['EksCluster'])
+
             # Convert back to YAML
             modified_template = yaml.dump(template_yaml, default_flow_style=False)
 
@@ -589,6 +593,22 @@ class EksStackHandler:
                 outputs={},
             )
 
+    def _remove_checkov_metadata(self, resource: Dict[str, Any]) -> None:
+        """Remove checkov metadata from a resource and clean up empty Metadata sections.
+
+        Args:
+            resource: The resource dictionary to process
+        """
+        if 'Metadata' in resource:
+            # Check if there's checkov metadata
+            if 'checkov' in resource['Metadata']:
+                # Remove only the checkov metadata
+                del resource['Metadata']['checkov']
+
+                # If Metadata is now empty, remove it entirely
+                if not resource['Metadata']:
+                    del resource['Metadata']
+
     async def _delete_stack(
         self, ctx: Context, stack_name: str, cluster_name: str
     ) -> DeleteStackResponse:

awslabs/eks_mcp_server/k8s_apis.py

@@ -407,22 +407,26 @@ class K8sApis:
             Pod logs as a string
         """
         try:
-            # Get the Pod resource using the dynamic client
-            pod_resource = self.dynamic_client.resources.get(api_version='v1', kind='Pod')
+            from kubernetes import client
+
+            # Create CoreV1Api client
+            core_v1_api = client.CoreV1Api(self.api_client)
 
-            # Prepare parameters for the log subresource
+            # Prepare parameters for the read_namespaced_pod_log method
             params = {}
             if container_name:
                 params['container'] = container_name
             if since_seconds:
-                params['sinceSeconds'] = since_seconds
+                params['since_seconds'] = since_seconds
             if tail_lines:
-                params['tailLines'] = tail_lines
+                params['tail_lines'] = tail_lines
             if limit_bytes:
-                params['limitBytes'] = limit_bytes
+                params['limit_bytes'] = limit_bytes
 
-            # Call the log subresource (note: singular 'log', not 'logs')
-            logs_response = pod_resource.log.get(name=pod_name, namespace=namespace, **params)
+            # Call the read_namespaced_pod_log method
+            logs_response = core_v1_api.read_namespaced_pod_log(
+                name=pod_name, namespace=namespace, **params
+            )
 
             return logs_response
 

awslabs/eks_mcp_server/k8s_handler.py

@@ -780,6 +780,37 @@ class K8sHandler:
                 output_file_path='',
             )
 
+    def _remove_checkov_skip_annotations(self, content: str) -> str:
+        """Remove checkov skip annotations from YAML content.
+
+        Args:
+            content: YAML content as string
+
+        Returns:
+            YAML content with checkov skip annotations removed
+        """
+        # Use yaml to parse and modify the content
+        yaml_content = yaml.safe_load(content)
+        if (
+            yaml_content
+            and 'metadata' in yaml_content
+            and 'annotations' in yaml_content['metadata']
+        ):
+            # Remove all checkov skip annotations
+            annotations = yaml_content['metadata']['annotations']
+            checkov_keys = [key for key in annotations.keys() if key.startswith('checkov.io/skip')]
+            for key in checkov_keys:
+                del annotations[key]
+
+            # If annotations is now empty, remove it
+            if not annotations:
+                del yaml_content['metadata']['annotations']
+
+            # Convert back to YAML string
+            content = yaml.dump(yaml_content, default_flow_style=False)
+
+        return content
+
     def _load_yaml_template(self, template_files: list, values: Dict[str, Any]) -> str:
         """Load and process Kubernetes template files.
 
@@ -804,6 +835,10 @@ class K8sHandler:
             for key, value in values.items():
                 content = content.replace(key, value)
 
+            # Remove checkov skip annotations if present
+            if template_file == 'deployment.yaml':
+                content = self._remove_checkov_skip_annotations(content)
+
             template_contents.append(content)
 
         # Combine templates into a single YAML document with separator

{awslabs_eks_mcp_server-0.1.1.dist-info → awslabs_eks_mcp_server-0.1.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: awslabs.eks-mcp-server
-Version: 0.1.1
+Version: 0.1.2
 Summary: An AWS Labs Model Context Protocol (MCP) server for EKS
 Project-URL: homepage, https://awslabs.github.io/mcp/
 Project-URL: docs, https://awslabs.github.io/mcp/servers/eks-mcp-server/
@@ -89,30 +89,35 @@ For read operations, the following permissions are required:
 
 ### Write Operations Policy
 
-For write operations, the following permissions are required:
-
-```
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": [
-        "cloudformation:CreateStack",
-        "cloudformation:UpdateStack",
-        "cloudformation:DeleteStack",
-        "iam:PutRolePolicy"
-      ],
-      "Resource": "*",
-      "Condition": {
-        "StringEquals": {
-          "aws:RequestTag/CreatedBy": "EksMcpServer"
-        }
+For write operations, we recommend the following IAM policies to ensure successful deployment of EKS clusters using the CloudFormation template in `/awslabs/eks_mcp_server/templates/eks-templates/eks-with-vpc.yaml`:
+- [**IAMFullAccess**](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/IAMFullAccess.html): Enables creation and management of IAM roles and policies required for cluster operation
+- [**AmazonVPCFullAccess**](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonVPCFullAccess.html): Allows creation and configuration of VPC resources including subnets, route tables, internet gateways, and NAT gateways
+- [**AWSCloudFormationFullAccess**](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSCloudFormationFullAccess.html): Provides permissions to create, update, and delete CloudFormation stacks that orchestrate the deployment
+- **EKS Full Access (provided below)**: Required for creating and managing EKS clusters, including control plane configuration, node groups, and add-ons
+   ```
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": "eks:*",
+        "Resource": "*"
       }
-    }
-  ]
-}
-```
+    ]
+  }
+   ```
+
+
+**Important Security Note**: Users should exercise caution when `--allow-write` and `--allow-sensitive-data-access` modes are enabled with these broad permissions, as this combination grants significant privileges to the MCP server. Only enable these flags when necessary and in trusted environments. For production use, consider creating more restrictive custom policies.
+
+### Kubernetes API Access Requirements
+
+All Kubernetes API operations will only work when one of the following conditions is met:
+
+1. The user's principal (IAM role/user) actually created the EKS cluster being accessed
+2. An EKS Access Entry has been configured for the user's principal
+
+If you encounter authorization errors when using Kubernetes API operations, verify that an access entry has been properly configured for your principal.
 
 ## Quickstart
 

{awslabs_eks_mcp_server-0.1.1.dist-info → awslabs_eks_mcp_server-0.1.2.dist-info}/RECORD

@@ -1,23 +1,23 @@
 awslabs/__init__.py,sha256=47wJeKcStxEJwX7SVVV2pnAWYR8FxcaYoT3YTmZ5Plg,674
 awslabs/eks_mcp_server/__init__.py,sha256=ClxsTrvClkBctqdiivFNI1oYee4M8mHm0E2jlQxmw_Y,611
-awslabs/eks_mcp_server/aws_helper.py,sha256=Ozn0xl5Qup7vQ2HEcIsMJSXZOv74eHA5yeiptKuZVhM,2733
+awslabs/eks_mcp_server/aws_helper.py,sha256=eN8T-khiUVBHlab4PBcuLSErW7Q_dqG6J8Mtm9ukyEw,2793
 awslabs/eks_mcp_server/cloudwatch_handler.py,sha256=ZwWsym2zn4a9ounIXVrB4Xsw9I4TbzkHk5a9eotO-so,28874
 awslabs/eks_mcp_server/consts.py,sha256=tYxCxyDQy_Y1W__U6BeyBsB0Rcz3cTj-meWdJtIzPeE,1323
 awslabs/eks_mcp_server/eks_kb_handler.py,sha256=h5xEo_-X_lMt7ifZmfJm9PiEOkR_85j5BsS5ivskv88,3489
-awslabs/eks_mcp_server/eks_stack_handler.py,sha256=hjl5S3T-9iIIS8-Zkm-IIxLeAr3XeGlwTtTfQaDWEJk,28345
+awslabs/eks_mcp_server/eks_stack_handler.py,sha256=CeQuUNtGOT_cMAIOYjzCAZs7ZtLG7VKAS4agC-N2ZkQ,29237
 awslabs/eks_mcp_server/iam_handler.py,sha256=hRF_YUwjHP-QAQkJOoutjsvTJungBCY0ouMAznXdPug,14266
-awslabs/eks_mcp_server/k8s_apis.py,sha256=VoF9KCD_eEUqqY2bcd2-hTXm02DVAHOTtKwMOEpPdzc,20170
+awslabs/eks_mcp_server/k8s_apis.py,sha256=lo13Uc-1XaY4RuHhsezeU1WZg6jHcb31OS9ZYPHkQec,20203
 awslabs/eks_mcp_server/k8s_client_cache.py,sha256=KFlDt6_tq1PjhGhOy1Q4EOMyK0NkPu6xKzZf4ciGFvI,5814
-awslabs/eks_mcp_server/k8s_handler.py,sha256=Sa3-UwDFa8iELlMpRkM21UpoTvjwpRwfnVmv3LHMESo,47641
+awslabs/eks_mcp_server/k8s_handler.py,sha256=PJUrLdqf8yWdpik6XQZjWwl-SSuhCMT3ktATd8-G-dg,48930
 awslabs/eks_mcp_server/logging_helper.py,sha256=p_7SbWclTIVQNcQvPf5jP7OSFEJNOFbSq9b1U4v6Cxw,1797
 awslabs/eks_mcp_server/models.py,sha256=YlTuQeweBlqt0aBPfK27_OFWhq4XFD023BBjbTPJWnY,11575
 awslabs/eks_mcp_server/server.py,sha256=PDoyTTkhYs_Saqp4uo1M-4jVT6H7ZWvw7MTLIIl7P_E,6247
 awslabs/eks_mcp_server/templates/eks-templates/eks-with-vpc.yaml,sha256=_Lxk2MEXNA7N0-kvXckxwBamDEagjGvC6-Z5uxhVO5s,10774
 awslabs/eks_mcp_server/templates/k8s-templates/deployment.yaml,sha256=J2efYFISlT3sTvf8_BJV3p0_m51cltqiRhXdBXb9YJs,2343
 awslabs/eks_mcp_server/templates/k8s-templates/service.yaml,sha256=DA0Db_5yjUZmnnYy5Bljcv3hj7D6YvFFWFRB6GiIstY,414
-awslabs_eks_mcp_server-0.1.1.dist-info/METADATA,sha256=l7ux4WDJae7sZx4ZOMR6hmpdETdGkgcA0Q1C-tJZllo,24126
-awslabs_eks_mcp_server-0.1.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-awslabs_eks_mcp_server-0.1.1.dist-info/entry_points.txt,sha256=VydotfOJYck8o4TPsaF6Pjmc8Bp_doacYXSE_71qH4c,78
-awslabs_eks_mcp_server-0.1.1.dist-info/licenses/LICENSE,sha256=CeipvOyAZxBGUsFoaFqwkx54aPnIKEtm9a5u2uXxEws,10142
-awslabs_eks_mcp_server-0.1.1.dist-info/licenses/NOTICE,sha256=gnCtD34qTDnb2Lykm9kNFYkqZIvqJHGuq1ZJBkl6EgE,90
-awslabs_eks_mcp_server-0.1.1.dist-info/RECORD,,
+awslabs_eks_mcp_server-0.1.2.dist-info/METADATA,sha256=ka7LZj3o5jeY6Nsdtllq4PkbBNTnd4bTFjzCQVLHZCc,25687
+awslabs_eks_mcp_server-0.1.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+awslabs_eks_mcp_server-0.1.2.dist-info/entry_points.txt,sha256=VydotfOJYck8o4TPsaF6Pjmc8Bp_doacYXSE_71qH4c,78
+awslabs_eks_mcp_server-0.1.2.dist-info/licenses/LICENSE,sha256=CeipvOyAZxBGUsFoaFqwkx54aPnIKEtm9a5u2uXxEws,10142
+awslabs_eks_mcp_server-0.1.2.dist-info/licenses/NOTICE,sha256=gnCtD34qTDnb2Lykm9kNFYkqZIvqJHGuq1ZJBkl6EgE,90
+awslabs_eks_mcp_server-0.1.2.dist-info/RECORD,,