mcp-proxy-adapter 2.0.1__py3-none-any.whl → 6.9.50__py3-none-any.whl

mcp_proxy_adapter/core/config_converter.py

@@ -0,0 +1,252 @@
+"""
+Configuration Converter for security framework integration.
+
+This module provides utilities to convert between mcp_proxy_adapter configuration
+format and mcp_security_framework configuration format, ensuring backward compatibility.
+"""
+
+import json
+import logging
+from typing import Dict, Any, Optional
+from pathlib import Path
+
+from mcp_proxy_adapter.core.logging import get_global_logger
+
+
+class ConfigConverter:
+    """
+    Converter for configuration formats.
+
+    Provides methods to convert between mcp_proxy_adapter configuration
+    and mcp_security_framework configuration formats.
+    """
+
+    @staticmethod
+    def to_security_framework_config(mcp_config: Dict[str, Any]) -> Dict[str, Any]:
+        """
+        Convert mcp_proxy_adapter configuration to SecurityConfig format.
+
+        Args:
+            mcp_config: mcp_proxy_adapter configuration dictionary
+
+        Returns:
+            SecurityConfig compatible dictionary
+        """
+        try:
+            # Start with default security framework config
+            security_config = {
+                "auth": {
+                    "enabled": True,
+                    "methods": ["api_key"],
+                    "api_keys": {},
+                    "jwt_secret": "",
+                    "jwt_algorithm": "HS256",
+                },
+                "ssl": {
+                    "enabled": False,
+                    "cert_file": None,
+                    "key_file": None,
+                    "ca_cert": None,
+                    "min_tls_version": "TLSv1.2",
+                    "verify_client": False,
+                    "client_cert_required": False,
+                },
+                "permissions": {
+                    "enabled": True,
+                    "roles_file": "roles.json",
+                    "default_role": "user",
+                    "deny_by_default": True,
+                },
+                "rate_limit": {
+                    "enabled": True,
+                    "requests_per_minute": 60,
+                    "requests_per_hour": 1000,
+                    "burst_limit": 10,
+                    "by_ip": True,
+                    "by_user": True,
+                },
+            }
+
+            # Convert from security section if exists
+            if "security" in mcp_config:
+                security_section = mcp_config["security"]
+
+                # Convert auth config
+                if "auth" in security_section:
+                    auth_config = security_section["auth"]
+                    security_config["auth"].update(
+                        {
+                            "enabled": auth_config.get("enabled", True),
+                            "methods": auth_config.get("methods", ["api_key"]),
+                            "api_keys": auth_config.get("api_keys", {}),
+                            "jwt_secret": auth_config.get("jwt_secret", ""),
+                            "jwt_algorithm": auth_config.get("jwt_algorithm", "HS256"),
+                        }
+                    )
+
+                # Convert SSL config
+                if "ssl" in security_section:
+                    ssl_config = security_section["ssl"]
+                    security_config["ssl"].update(
+                        {
+                            "enabled": ssl_config.get("enabled", False),
+                            "cert_file": ssl_config.get("cert_file"),
+                            "key_file": ssl_config.get("key_file"),
+                            "ca_cert": ssl_config.get("ca_cert"),
+                            "min_tls_version": ssl_config.get(
+                                "min_tls_version", "TLSv1.2"
+                            ),
+                            "verify_client": ssl_config.get("verify_client", False),
+                            "client_cert_required": ssl_config.get(
+                                "client_cert_required", False
+                            ),
+                        }
+                    )
+
+                # Convert permissions config
+                if "permissions" in security_section:
+                    permissions_config = security_section["permissions"]
+                    security_config["permissions"].update(
+                        {
+                            "enabled": permissions_config.get("enabled", True),
+                            "roles_file": permissions_config.get(
+                                "roles_file", "roles.json"
+                            ),
+                            "default_role": permissions_config.get(
+                                "default_role", "user"
+                            ),
+                            "deny_by_default": permissions_config.get(
+                                "deny_by_default", True
+                            ),
+                        }
+                    )
+
+                # Convert rate limit config
+                if "rate_limit" in security_section:
+                    rate_limit_config = security_section["rate_limit"]
+                    security_config["rate_limit"].update(
+                        {
+                            "enabled": rate_limit_config.get("enabled", True),
+                            "requests_per_minute": rate_limit_config.get(
+                                "requests_per_minute", 60
+                            ),
+                            "requests_per_hour": rate_limit_config.get(
+                                "requests_per_hour", 1000
+                            ),
+                            "burst_limit": rate_limit_config.get("burst_limit", 10),
+                            "by_ip": rate_limit_config.get("by_ip", True),
+                            "by_user": rate_limit_config.get("by_user", True),
+                        }
+                    )
+
+            # Convert from legacy SSL config if security section doesn't exist
+            elif "ssl" in mcp_config:
+                ssl_config = mcp_config["ssl"]
+                security_config["ssl"].update(
+                    {
+                        "enabled": ssl_config.get("enabled", False),
+                        "cert_file": ssl_config.get("cert_file"),
+                        "key_file": ssl_config.get("key_file"),
+                        "ca_cert": ssl_config.get("ca_cert"),
+                        "min_tls_version": ssl_config.get("min_tls_version", "TLSv1.2"),
+                        "verify_client": ssl_config.get("verify_client", False),
+                        "client_cert_required": ssl_config.get(
+                            "client_cert_required", False
+                        ),
+                    }
+                )
+
+                # Extract API keys from legacy SSL config
+                if "api_keys" in ssl_config:
+                    security_config["auth"]["api_keys"] = ssl_config["api_keys"]
+
+            # Convert from legacy roles config
+            if "roles" in mcp_config:
+                roles_config = mcp_config["roles"]
+                security_config["permissions"].update(
+                    {
+                        "enabled": roles_config.get("enabled", True),
+                        "roles_file": roles_config.get("config_file", "roles.json"),
+                        "default_role": "user",
+                        "deny_by_default": roles_config.get("default_policy", {}).get(
+                            "deny_by_default", True
+                        ),
+                    }
+                )
+
+            get_global_logger().info(
+                "Configuration converted to security framework format successfully"
+            )
+            return security_config
+
+        except Exception as e:
+            get_global_logger().error(
+                f"Failed to convert configuration to security framework format: {e}"
+            )
+            return ConfigConverter._get_default_security_config()
+
+    @staticmethod
+
+    @staticmethod
+
+    @staticmethod
+
+    @staticmethod
+    def _get_default_security_config() -> Dict[str, Any]:
+        """
+        Get default security framework configuration.
+
+        Returns:
+            Default security framework configuration
+        """
+        return {
+            "auth": {
+                "enabled": True,
+                "methods": ["api_key"],
+                "api_keys": {},
+                "jwt_secret": "",
+                "jwt_algorithm": "HS256",
+            },
+            "ssl": {
+                "enabled": False,
+                "cert_file": None,
+                "key_file": None,
+                "ca_cert": None,
+                "min_tls_version": "TLSv1.2",
+                "verify_client": False,
+                "client_cert_required": False,
+            },
+            "permissions": {
+                "enabled": True,
+                "roles_file": "roles.json",
+                "default_role": "user",
+                "deny_by_default": True,
+            },
+            "rate_limit": {
+                "enabled": True,
+                "requests_per_minute": 60,
+                "requests_per_hour": 1000,
+                "burst_limit": 10,
+                "by_ip": True,
+                "by_user": True,
+            },
+        }
+
+    @staticmethod
+    def _get_default_mcp_config() -> Dict[str, Any]:
+        """
+        Get default mcp_proxy_adapter configuration.
+
+        Returns:
+            Default mcp_proxy_adapter configuration
+        """
+        return {
+            "security": {
+                "framework": "mcp_security_framework",
+                "enabled": True,
+                "auth": {"enabled": True, "methods": ["api_key"], "api_keys": {}},
+                "ssl": {"enabled": False, "cert_file": None, "key_file": None},
+                "permissions": {"enabled": True, "roles_file": "roles.json"},
+                "rate_limit": {"enabled": True, "requests_per_minute": 60},
+            }
+        }

mcp_proxy_adapter/core/config_validator.py

@@ -0,0 +1,211 @@
+"""
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+
+Main configuration validator for MCP Proxy Adapter.
+"""
+
+import json
+import logging
+from pathlib import Path
+from typing import Dict, List, Any, Optional
+
+from .file_validator import FileValidator
+from .security_validator import SecurityValidator
+from .protocol_validator import ProtocolValidator
+
+logger = logging.getLogger(__name__)
+
+
+class ConfigValidator:
+    """
+    Comprehensive configuration validator for MCP Proxy Adapter.
+    
+    Validates:
+    - Required sections and keys
+    - File existence for referenced files
+    - Feature flag dependencies
+    - Protocol-specific requirements
+    - Security configuration consistency
+    """
+    
+    def __init__(self, config_path: Optional[str] = None):
+        """
+        Initialize configuration validator.
+
+        Args:
+            config_path: Path to configuration file (optional)
+        """
+        self.config_path = config_path
+        self.config_data: Dict[str, Any] = {}
+        self.validation_results: List[ValidationResult] = []
+
+    def load_config(self, config_path: Optional[str] = None) -> None:
+        """
+        Load configuration from file.
+
+        Args:
+            config_path: Path to configuration file
+        """
+        if config_path:
+            self.config_path = config_path
+        
+        if not self.config_path:
+            raise ValueError("No configuration path provided")
+        
+        try:
+            with open(self.config_path, 'r', encoding='utf-8') as f:
+                self.config_data = json.load(f)
+            logger.info(f"Configuration loaded from {self.config_path}")
+        except FileNotFoundError:
+            raise FileNotFoundError(f"Configuration file not found: {self.config_path}")
+        except json.JSONDecodeError as e:
+            raise ValueError(f"Invalid JSON in configuration file: {e}")
+        except Exception as e:
+            raise RuntimeError(f"Error loading configuration: {e}")
+
+    def validate_config(self, config_data: Optional[Dict[str, Any]] = None) -> List[ValidationResult]:
+        """
+        Validate configuration data.
+
+        Args:
+            config_data: Configuration data to validate (optional)
+
+        Returns:
+            List of validation results
+        """
+        if config_data is not None:
+            self.config_data = config_data
+        
+        if not self.config_data:
+            raise ValueError("No configuration data to validate")
+        
+        self.validation_results = []
+        
+        # Initialize validators
+        file_validator = FileValidator(self.config_data)
+        security_validator = SecurityValidator(self.config_data)
+        protocol_validator = ProtocolValidator(self.config_data)
+        
+        # Run all validations
+        self.validation_results.extend(protocol_validator.validate_required_sections())
+        self.validation_results.extend(protocol_validator.validate_protocol_requirements())
+        self.validation_results.extend(file_validator.validate_file_existence())
+        self.validation_results.extend(security_validator.validate_security_consistency())
+        self.validation_results.extend(security_validator.validate_ssl_configuration())
+        self.validation_results.extend(security_validator.validate_roles_configuration())
+        self.validation_results.extend(security_validator.validate_proxy_registration())
+        
+        # Additional validations
+        self._validate_unknown_fields()
+        self._validate_uuid_format()
+        
+        return self.validation_results
+
+    def validate_all(self, config_data: Optional[Dict[str, Any]] = None) -> List[ValidationResult]:
+        """
+        Validate all aspects of the configuration.
+
+        Args:
+            config_data: Configuration data to validate (optional)
+
+        Returns:
+            List of validation results
+        """
+        return self.validate_config(config_data)
+
+    def _validate_unknown_fields(self) -> None:
+        """Validate for unknown configuration fields."""
+        known_sections = {
+            "server", "protocols", "security", "ssl", "auth", "roles", 
+            "logging", "commands", "proxy_registration", "transport"
+        }
+        
+        for section in self.config_data.keys():
+            if section not in known_sections:
+                self.validation_results.append(ValidationResult(
+                    level="warning",
+                    message=f"Unknown configuration section: {section}",
+                    section=section,
+                    suggestion="Check if this section is needed or if it's a typo"
+                ))
+
+    def _validate_uuid_format(self) -> None:
+        """Validate UUID format in configuration."""
+        uuid_fields = ["server.server_id", "proxy_registration.server_id"]
+        
+        for field in uuid_fields:
+            value = self._get_nested_value_safe(field)
+            if value and not self._is_valid_uuid4(str(value)):
+                self.validation_results.append(ValidationResult(
+                    level="warning",
+                    message=f"Invalid UUID format in {field}: {value}",
+                    section=field.split(".")[0],
+                    key=field.split(".")[1],
+                    suggestion="Use a valid UUID4 format"
+                ))
+
+    def _is_valid_uuid4(self, uuid_str: str) -> bool:
+        """Check if string is a valid UUID4."""
+        import re
+        uuid_pattern = r'^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$'
+        return bool(re.match(uuid_pattern, uuid_str, re.IGNORECASE))
+
+    def _get_nested_value_safe(self, key: str, default: Any = None) -> Any:
+        """Safely get a nested value from configuration."""
+        keys = key.split('.')
+        value = self.config_data
+        
+        for k in keys:
+            if isinstance(value, dict) and k in value:
+                value = value[k]
+            else:
+                return default
+        
+        return value
+
+    def get_validation_summary(self) -> Dict[str, Any]:
+        """
+        Get a summary of validation results.
+
+        Returns:
+            Dictionary with validation summary
+        """
+        error_count = sum(1 for r in self.validation_results if r.level == "error")
+        warning_count = sum(1 for r in self.validation_results if r.level == "warning")
+        info_count = sum(1 for r in self.validation_results if r.level == "info")
+        
+        return {
+            "total_issues": len(self.validation_results),
+            "errors": error_count,
+            "warnings": warning_count,
+            "info": info_count,
+            "is_valid": error_count == 0
+        }
+
+    def print_validation_report(self) -> None:
+        """Print a formatted validation report."""
+        summary = self.get_validation_summary()
+        
+        print(f"\\n📋 Configuration Validation Report")
+        print(f"{'=' * 40}")
+        print(f"Total issues: {summary['total_issues']}")
+        print(f"Errors: {summary['errors']}")
+        print(f"Warnings: {summary['warnings']}")
+        print(f"Info: {summary['info']}")
+        print(f"Valid: {'✅ Yes' if summary['is_valid'] else '❌ No'}")
+        
+        if self.validation_results:
+            print(f"\\n📝 Issues:")
+            for i, result in enumerate(self.validation_results, 1):
+                level_icon = {"error": "❌", "warning": "⚠️", "info": "ℹ️"}[result.level]
+                print(f"{i:2d}. {level_icon} {result.message}")
+                if result.section:
+                    print(f"    Section: {result.section}")
+                if result.key:
+                    print(f"    Key: {result.key}")
+                if result.suggestion:
+                    print(f"    Suggestion: {result.suggestion}")
+                print()
+
+