PyPI - container-manager-mcp - Versions diffs - 1.1.8__py3-none-any.whl → 1.1.9__py3-none-any.whl - Mend

container-manager-mcp 1.1.8py3-none-any.whl → 1.1.9py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of container-manager-mcp might be problematic. Click here for more details.

Files changed (8) hide show

container_manager_mcp/container_manager_mcp.py CHANGED Viewed

@@ -5,10 +5,16 @@ import argparse
 import os
 import sys
 import logging
-from typing import Optional, List, Dict, Union
-from fastmcp import FastMCP, Context
+from typing import Optional, Dict, List, Union
 from pydantic import Field
+from fastmcp import FastMCP, Context
+from fastmcp.server.auth.oidc_proxy import OIDCProxy
+from fastmcp.server.auth import OAuthProxy, RemoteAuthProvider
+from fastmcp.server.auth.providers.jwt import JWTVerifier, StaticTokenVerifier
+from fastmcp.server.middleware.logging import LoggingMiddleware
+from fastmcp.server.middleware.timing import TimingMiddleware
+from fastmcp.server.middleware.rate_limiting import RateLimitingMiddleware
+from fastmcp.server.middleware.error_handling import ErrorHandlingMiddleware
 from container_manager_mcp.container_manager import create_manager
@@ -1556,6 +1562,83 @@ def container_manager_mcp():
         default=8000,
         help="Port number for HTTP transport (default: 8000)",
     )
+    parser.add_argument(
+        "--auth-type",
+        default="none",
+        choices=["none", "static", "jwt", "oauth-proxy", "oidc-proxy", "remote-oauth"],
+        help="Authentication type for MCP server: 'none' (disabled), 'static' (internal), 'jwt' (external token verification), 'oauth-proxy', 'oidc-proxy', 'remote-oauth' (external) (default: none)",
+    )
+    # JWT/Token params
+    parser.add_argument(
+        "--token-jwks-uri", default=None, help="JWKS URI for JWT verification"
+    )
+    parser.add_argument(
+        "--token-issuer", default=None, help="Issuer for JWT verification"
+    )
+    parser.add_argument(
+        "--token-audience", default=None, help="Audience for JWT verification"
+    )
+    # OAuth Proxy params
+    parser.add_argument(
+        "--oauth-upstream-auth-endpoint",
+        default=None,
+        help="Upstream authorization endpoint for OAuth Proxy",
+    )
+    parser.add_argument(
+        "--oauth-upstream-token-endpoint",
+        default=None,
+        help="Upstream token endpoint for OAuth Proxy",
+    )
+    parser.add_argument(
+        "--oauth-upstream-client-id",
+        default=None,
+        help="Upstream client ID for OAuth Proxy",
+    )
+    parser.add_argument(
+        "--oauth-upstream-client-secret",
+        default=None,
+        help="Upstream client secret for OAuth Proxy",
+    )
+    parser.add_argument(
+        "--oauth-base-url", default=None, help="Base URL for OAuth Proxy"
+    )
+    # OIDC Proxy params
+    parser.add_argument(
+        "--oidc-config-url", default=None, help="OIDC configuration URL"
+    )
+    parser.add_argument("--oidc-client-id", default=None, help="OIDC client ID")
+    parser.add_argument("--oidc-client-secret", default=None, help="OIDC client secret")
+    parser.add_argument("--oidc-base-url", default=None, help="Base URL for OIDC Proxy")
+    # Remote OAuth params
+    parser.add_argument(
+        "--remote-auth-servers",
+        default=None,
+        help="Comma-separated list of authorization servers for Remote OAuth",
+    )
+    parser.add_argument(
+        "--remote-base-url", default=None, help="Base URL for Remote OAuth"
+    )
+    # Common
+    parser.add_argument(
+        "--allowed-client-redirect-uris",
+        default=None,
+        help="Comma-separated list of allowed client redirect URIs",
+    )
+    # Eunomia params
+    parser.add_argument(
+        "--eunomia-type",
+        default="none",
+        choices=["none", "embedded", "remote"],
+        help="Eunomia authorization type: 'none' (disabled), 'embedded' (built-in), 'remote' (external) (default: none)",
+    )
+    parser.add_argument(
+        "--eunomia-policy-file",
+        default="mcp_policies.json",
+        help="Policy file for embedded Eunomia (default: mcp_policies.json)",
+    )
+    parser.add_argument(
+        "--eunomia-remote-url", default=None, help="URL for remote Eunomia server"
+    )
     args = parser.parse_args()
@@ -1563,6 +1646,133 @@ def container_manager_mcp():
         print(f"Error: Port {args.port} is out of valid range (0-65535).")
         sys.exit(1)
+    # Set auth based on type
+    auth = None
+    allowed_uris = (
+        args.allowed_client_redirect_uris.split(",")
+        if args.allowed_client_redirect_uris
+        else None
+    )
+    if args.auth_type == "none":
+        auth = None
+    elif args.auth_type == "static":
+        # Internal static tokens (hardcoded example)
+        auth = StaticTokenVerifier(
+            tokens={
+                "test-token": {"client_id": "test-user", "scopes": ["read", "write"]},
+                "admin-token": {"client_id": "admin", "scopes": ["admin"]},
+            }
+        )
+    elif args.auth_type == "jwt":
+        if not (args.token_jwks_uri and args.token_issuer and args.token_audience):
+            print(
+                "Error: jwt requires --token-jwks-uri, --token-issuer, --token-audience"
+            )
+            sys.exit(1)
+        auth = JWTVerifier(
+            jwks_uri=args.token_jwks_uri,
+            issuer=args.token_issuer,
+            audience=args.token_audience,
+        )
+    elif args.auth_type == "oauth-proxy":
+        if not (
+            args.oauth_upstream_auth_endpoint
+            and args.oauth_upstream_token_endpoint
+            and args.oauth_upstream_client_id
+            and args.oauth_upstream_client_secret
+            and args.oauth_base_url
+            and args.token_jwks_uri
+            and args.token_issuer
+            and args.token_audience
+        ):
+            print(
+                "Error: oauth-proxy requires --oauth-upstream-auth-endpoint, --oauth-upstream-token-endpoint, --oauth-upstream-client-id, --oauth-upstream-client-secret, --oauth-base-url, --token-jwks-uri, --token-issuer, --token-audience"
+            )
+            sys.exit(1)
+        token_verifier = JWTVerifier(
+            jwks_uri=args.token_jwks_uri,
+            issuer=args.token_issuer,
+            audience=args.token_audience,
+        )
+        auth = OAuthProxy(
+            upstream_authorization_endpoint=args.oauth_upstream_auth_endpoint,
+            upstream_token_endpoint=args.oauth_upstream_token_endpoint,
+            upstream_client_id=args.oauth_upstream_client_id,
+            upstream_client_secret=args.oauth_upstream_client_secret,
+            token_verifier=token_verifier,
+            base_url=args.oauth_base_url,
+            allowed_client_redirect_uris=allowed_uris,
+        )
+    elif args.auth_type == "oidc-proxy":
+        if not (
+            args.oidc_config_url
+            and args.oidc_client_id
+            and args.oidc_client_secret
+            and args.oidc_base_url
+        ):
+            print(
+                "Error: oidc-proxy requires --oidc-config-url, --oidc-client-id, --oidc-client-secret, --oidc-base-url"
+            )
+            sys.exit(1)
+        auth = OIDCProxy(
+            config_url=args.oidc_config_url,
+            client_id=args.oidc_client_id,
+            client_secret=args.oidc_client_secret,
+            base_url=args.oidc_base_url,
+            allowed_client_redirect_uris=allowed_uris,
+        )
+    elif args.auth_type == "remote-oauth":
+        if not (
+            args.remote_auth_servers
+            and args.remote_base_url
+            and args.token_jwks_uri
+            and args.token_issuer
+            and args.token_audience
+        ):
+            print(
+                "Error: remote-oauth requires --remote-auth-servers, --remote-base-url, --token-jwks-uri, --token-issuer, --token-audience"
+            )
+            sys.exit(1)
+        auth_servers = [url.strip() for url in args.remote_auth_servers.split(",")]
+        token_verifier = JWTVerifier(
+            jwks_uri=args.token_jwks_uri,
+            issuer=args.token_issuer,
+            audience=args.token_audience,
+        )
+        auth = RemoteAuthProvider(
+            token_verifier=token_verifier,
+            authorization_servers=auth_servers,
+            base_url=args.remote_base_url,
+        )
+    mcp.auth = auth
+    if args.eunomia_type != "none":
+        from eunomia_mcp import create_eunomia_middleware
+        if args.eunomia_type == "embedded":
+            if not args.eunomia_policy_file:
+                print("Error: embedded Eunomia requires --eunomia-policy-file")
+                sys.exit(1)
+            middleware = create_eunomia_middleware(policy_file=args.eunomia_policy_file)
+            mcp.add_middleware(middleware)
+        elif args.eunomia_type == "remote":
+            if not args.eunomia_remote_url:
+                print("Error: remote Eunomia requires --eunomia-remote-url")
+                sys.exit(1)
+            middleware = create_eunomia_middleware(
+                use_remote_eunomia=args.eunomia_remote_url
+            )
+            mcp.add_middleware(middleware)
+    mcp.add_middleware(
+        ErrorHandlingMiddleware(include_traceback=True, transform_errors=True)
+    )
+    mcp.add_middleware(
+        RateLimitingMiddleware(max_requests_per_second=10.0, burst_capacity=20)
+    )
+    mcp.add_middleware(TimingMiddleware())
+    mcp.add_middleware(LoggingMiddleware())
     if args.transport == "stdio":
         mcp.run(transport="stdio")
     elif args.transport == "http":

{container_manager_mcp-1.1.8.dist-info → container_manager_mcp-1.1.9.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: container-manager-mcp
-Version: 1.1.8
+Version: 1.1.9
 Summary: Container Manager manage Docker, Docker Swarm, and Podman containers as an MCP Server
 Author-email: Audel Rouhi <knucklessg1@gmail.com>
 License: MIT
@@ -13,7 +13,7 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: requests>=2.28.1
-Requires-Dist: fastmcp>=2.11.3
+Requires-Dist: fastmcp>=2.12.4
 Requires-Dist: podman>=5.6.0
 Provides-Extra: podman
 Requires-Dist: podman>=5.6.0; extra == "podman"
@@ -21,7 +21,7 @@ Provides-Extra: docker
 Requires-Dist: docker>=7.1.0; extra == "docker"
 Provides-Extra: all
 Requires-Dist: requests>=2.28.1; extra == "all"
-Requires-Dist: fastmcp>=2.11.3; extra == "all"
+Requires-Dist: fastmcp>=2.12.4; extra == "all"
 Requires-Dist: docker>=7.1.0; extra == "all"
 Requires-Dist: podman>=5.6.0; extra == "all"
 Dynamic: license-file
@@ -48,7 +48,7 @@ Dynamic: license-file
 ![PyPI - Wheel](https://img.shields.io/pypi/wheel/container-manager-mcp)
 ![PyPI - Implementation](https://img.shields.io/pypi/implementation/container-manager-mcp)
-*Version: 1.1.8*
+*Version: 1.1.9*
 Container Manager MCP Server provides a robust interface to manage Docker and Podman containers, networks, volumes, and Docker Swarm services through a FastMCP server, enabling programmatic and remote container management.
@@ -66,12 +66,48 @@ This repository is actively maintained - Contributions are welcome!
 <details>
   <summary><b>Usage:</b></summary>
-| Short Flag | Long Flag      | Description                                   |
-|------------|----------------|-----------------------------------------------|
-| -h         | --help         | Display help information                     |
-| -t         | --transport    | Transport method (stdio or http, default: stdio) |
-| -h         | --host         | Host address for HTTP transport (default: 0.0.0.0) |
-| -p         | --port         | Port for HTTP transport (default: 8000)      |
+### MCP CLI
+| Short Flag | Long Flag                          | Description                                                                 |
+|------------|------------------------------------|-----------------------------------------------------------------------------|
+| -h         | --help                             | Display help information                                                    |
+| -t         | --transport                        | Transport method: 'stdio', 'http', or 'sse' [legacy] (default: stdio)       |
+| -s         | --host                             | Host address for HTTP transport (default: 0.0.0.0)                          |
+| -p         | --port                             | Port number for HTTP transport (default: 8000)                              |
+|            | --auth-type                        | Authentication type: 'none', 'static', 'jwt', 'oauth-proxy', 'oidc-proxy', 'remote-oauth' (default: none) |
+|            | --token-jwks-uri                   | JWKS URI for JWT verification                                              |
+|            | --token-issuer                     | Issuer for JWT verification                                                |
+|            | --token-audience                   | Audience for JWT verification                                              |
+|            | --oauth-upstream-auth-endpoint     | Upstream authorization endpoint for OAuth Proxy                             |
+|            | --oauth-upstream-token-endpoint    | Upstream token endpoint for OAuth Proxy                                    |
+|            | --oauth-upstream-client-id         | Upstream client ID for OAuth Proxy                                         |
+|            | --oauth-upstream-client-secret     | Upstream client secret for OAuth Proxy                                     |
+|            | --oauth-base-url                   | Base URL for OAuth Proxy                                                   |
+|            | --oidc-config-url                  | OIDC configuration URL                                                     |
+|            | --oidc-client-id                   | OIDC client ID                                                             |
+|            | --oidc-client-secret               | OIDC client secret                                                         |
+|            | --oidc-base-url                    | Base URL for OIDC Proxy                                                    |
+|            | --remote-auth-servers              | Comma-separated list of authorization servers for Remote OAuth             |
+|            | --remote-base-url                  | Base URL for Remote OAuth                                                  |
+|            | --allowed-client-redirect-uris     | Comma-separated list of allowed client redirect URIs                       |
+|            | --eunomia-type                     | Eunomia authorization type: 'none', 'embedded', 'remote' (default: none)   |
+|            | --eunomia-policy-file              | Policy file for embedded Eunomia (default: mcp_policies.json)              |
+|            | --eunomia-remote-url               | URL for remote Eunomia server                                              |
+### Using as an MCP Server
+The MCP Server can be run in two modes: `stdio` (for local testing) or `http` (for networked access). To start the server, use the following commands:
+#### Run in stdio mode (default):
+```bash
+container-manager-mcp
+```
+#### Run in HTTP mode:
+```bash
+container-manager-mcp --transport "http"  --host "0.0.0.0"  --port "8000"
+```
 ### Available MCP Tools
 - `get_version`: Retrieve version information of the container runtime
@@ -102,14 +138,95 @@ This repository is actively maintained - Contributions are welcome!
 - `create_service`: Create a new service in a Docker Swarm
 - `remove_service`: Remove a service from a Docker Swarm
-</details>
+### Deploy MCP Server as a Service
-<details>
-  <summary><b>Example:</b></summary>
+The ServiceNow MCP server can be deployed using Docker, with configurable authentication, middleware, and Eunomia authorization.
-## Use with AI
+#### Using Docker Run
-Configure `mcp.json`
+```bash
+docker pull knucklessg1/container-manager:latest
+docker run -d \
+  --name container-manager-mcp \
+  -p 8004:8004 \
+  -e HOST=0.0.0.0 \
+  -e PORT=8004 \
+  -e TRANSPORT=http \
+  -e AUTH_TYPE=none \
+  -e EUNOMIA_TYPE=none \
+  knucklessg1/container-manager:latest
+```
+For advanced authentication (e.g., JWT, OAuth Proxy, OIDC Proxy, Remote OAuth) or Eunomia, add the relevant environment variables:
+```bash
+docker run -d \
+  --name container-manager-mcp \
+  -p 8004:8004 \
+  -e HOST=0.0.0.0 \
+  -e PORT=8004 \
+  -e TRANSPORT=http \
+  -e AUTH_TYPE=oidc-proxy \
+  -e OIDC_CONFIG_URL=https://provider.com/.well-known/openid-configuration \
+  -e OIDC_CLIENT_ID=your-client-id \
+  -e OIDC_CLIENT_SECRET=your-client-secret \
+  -e OIDC_BASE_URL=https://your-server.com \
+  -e ALLOWED_CLIENT_REDIRECT_URIS=http://localhost:*,https://*.example.com/* \
+  -e EUNOMIA_TYPE=embedded \
+  -e EUNOMIA_POLICY_FILE=/app/mcp_policies.json \
+  knucklessg1/container-manager:latest
+```
+#### Using Docker Compose
+Create a `docker-compose.yml` file:
+```yaml
+services:
+  container-manager-mcp:
+    image: knucklessg1/container-manager:latest
+    environment:
+      - HOST=0.0.0.0
+      - PORT=8004
+      - TRANSPORT=http
+      - AUTH_TYPE=none
+      - EUNOMIA_TYPE=none
+    ports:
+      - 8004:8004
+```
+For advanced setups with authentication and Eunomia:
+```yaml
+services:
+  container-manager-mcp:
+    image: knucklessg1/container-manager:latest
+    environment:
+      - HOST=0.0.0.0
+      - PORT=8004
+      - TRANSPORT=http
+      - AUTH_TYPE=oidc-proxy
+      - OIDC_CONFIG_URL=https://provider.com/.well-known/openid-configuration
+      - OIDC_CLIENT_ID=your-client-id
+      - OIDC_CLIENT_SECRET=your-client-secret
+      - OIDC_BASE_URL=https://your-server.com
+      - ALLOWED_CLIENT_REDIRECT_URIS=http://localhost:*,https://*.example.com/*
+      - EUNOMIA_TYPE=embedded
+      - EUNOMIA_POLICY_FILE=/app/mcp_policies.json
+    ports:
+      - 8004:8004
+    volumes:
+      - ./mcp_policies.json:/app/mcp_policies.json
+```
+Run the service:
+```bash
+docker-compose up -d
+```
+#### Configure `mcp.json` for AI Integration
 ```json
 {
@@ -133,25 +250,6 @@ Configure `mcp.json`
   }
 }
 ```
-### Deploy MCP Server as a container
-```bash
-docker pull knucklessg1/container-manager:latest
-```
-Modify the `compose.yml`
-```compose
-services:
-  container-manager-mcp:
-    image: knucklessg1/container-manager:latest
-    environment:
-      - HOST=0.0.0.0
-      - PORT=8015
-    ports:
-      - 8015:8015
-```
 </details>
 <details>

container_manager_mcp-1.1.9.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,10 @@
+container_manager_mcp/__init__.py,sha256=Ms3YyGmXg_n_khL1yrD5KKxmTCGJqNhTpg-IGEuboag,860
+container_manager_mcp/__main__.py,sha256=4bpregRyaWJBXOg9_h_F4xcHcX6bPVLL48V2EuwNGBs,168
+container_manager_mcp/container_manager.py,sha256=D8Bleeop3nIlYb5JBkEmhNG6utnJ8JJPuN6bHTmPAto,90354
+container_manager_mcp/container_manager_mcp.py,sha256=Oz1e6Ew9Oxe1Q0HxWiqi0J2034OHCZ18Pt08_eUJxxQ,63726
+container_manager_mcp-1.1.9.dist-info/licenses/LICENSE,sha256=Z1xmcrPHBnGCETO_LLQJUeaSNBSnuptcDVTt4kaPUOE,1060
+container_manager_mcp-1.1.9.dist-info/METADATA,sha256=sQyTPcGryx69g-SyEH5YIfaaCbx9x8C1SNKbwWj-8pk,13491
+container_manager_mcp-1.1.9.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+container_manager_mcp-1.1.9.dist-info/entry_points.txt,sha256=n7fE9uXdRktmjvZwyaiQkY0Dd7tMN6AKiHav0ZQdE2I,186
+container_manager_mcp-1.1.9.dist-info/top_level.txt,sha256=B7QQLOd9mBdu0lsPKqyu4T8-zUtbqKzQJbMbtAzoozU,22
+container_manager_mcp-1.1.9.dist-info/RECORD,,

container_manager_mcp-1.1.8.dist-info/RECORD DELETED Viewed

@@ -1,10 +0,0 @@
-container_manager_mcp/__init__.py,sha256=Ms3YyGmXg_n_khL1yrD5KKxmTCGJqNhTpg-IGEuboag,860
-container_manager_mcp/__main__.py,sha256=4bpregRyaWJBXOg9_h_F4xcHcX6bPVLL48V2EuwNGBs,168
-container_manager_mcp/container_manager.py,sha256=D8Bleeop3nIlYb5JBkEmhNG6utnJ8JJPuN6bHTmPAto,90354
-container_manager_mcp/container_manager_mcp.py,sha256=m45h93-1S2qM8TUNQYP43V5HUgV1QJeyW8b9Fj9hiLQ,55392
-container_manager_mcp-1.1.8.dist-info/licenses/LICENSE,sha256=Z1xmcrPHBnGCETO_LLQJUeaSNBSnuptcDVTt4kaPUOE,1060
-container_manager_mcp-1.1.8.dist-info/METADATA,sha256=nELaXAksLMpoI-MtM3iafTgc9FWltXhTUCoD9slaUMk,8452
-container_manager_mcp-1.1.8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-container_manager_mcp-1.1.8.dist-info/entry_points.txt,sha256=n7fE9uXdRktmjvZwyaiQkY0Dd7tMN6AKiHav0ZQdE2I,186
-container_manager_mcp-1.1.8.dist-info/top_level.txt,sha256=B7QQLOd9mBdu0lsPKqyu4T8-zUtbqKzQJbMbtAzoozU,22
-container_manager_mcp-1.1.8.dist-info/RECORD,,

{container_manager_mcp-1.1.8.dist-info → container_manager_mcp-1.1.9.dist-info}/WHEEL RENAMED Viewed

File without changes

{container_manager_mcp-1.1.8.dist-info → container_manager_mcp-1.1.9.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{container_manager_mcp-1.1.8.dist-info → container_manager_mcp-1.1.9.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{container_manager_mcp-1.1.8.dist-info → container_manager_mcp-1.1.9.dist-info}/top_level.txt RENAMED Viewed

File without changes

container-manager-mcp 1.1.8__py3-none-any.whl → 1.1.9__py3-none-any.whl

Potentially problematic release.

container-manager-mcp 1.1.8py3-none-any.whl → 1.1.9py3-none-any.whl