mcp-proxy-adapter 6.4.48__py3-none-any.whl → 6.6.0__py3-none-any.whl

mcp_proxy_adapter/examples/config_builder_simple.py

@@ -0,0 +1,271 @@
+"""
+Simplified configuration builder for MCP Proxy Adapter.
+
+Author: Vasiliy Zdanovskiy
+email: vasilyvz@gmail.com
+"""
+
+import json
+import uuid
+from enum import Enum
+from typing import Dict, List, Optional, Any
+
+
+class Protocol(Enum):
+    """Supported protocols."""
+    HTTP = "http"
+    HTTPS = "https"
+    MTLS = "mtls"
+
+
+class AuthMethod(Enum):
+    """Authentication methods."""
+    NONE = "none"
+    TOKEN = "token"
+    TOKEN_ROLES = "token_roles"
+
+
+class ConfigBuilder:
+    """Simplified configuration builder."""
+    
+    def __init__(self):
+        """Initialize the configuration builder."""
+        self._reset_to_defaults()
+    
+    def _reset_to_defaults(self):
+        """Reset configuration to default values."""
+        self.config = {
+            "uuid": str(uuid.uuid4()),
+            "server": {
+                "host": "0.0.0.0",
+                "port": 8000,
+                "protocol": "http",
+                "debug": False,
+                "log_level": "INFO"
+            },
+            "logging": {
+                "level": "INFO",
+                "file": None,
+                "log_dir": "./logs",
+                "log_file": "mcp_proxy_adapter.log",
+                "max_size": 10,
+                "backup_count": 5,
+                "console_output": True,
+                "json_format": False
+            },
+            "security": {
+                "enabled": False,
+                "tokens": {
+                    "admin": "admin-secret-key",
+                    "user": "user-secret-key",
+                    "readonly": "readonly-secret-key"
+                },
+                "roles": {
+                    "admin": ["read", "write", "delete", "admin"],
+                    "user": ["read", "write"],
+                    "readonly": ["read"]
+                },
+                "roles_file": None
+            },
+            "debug": {
+                "enabled": False,
+                "log_level": "DEBUG",
+                "trace_requests": False,
+                "trace_responses": False
+            }
+        }
+    
+    def set_protocol(self, protocol: Protocol, cert_dir: str = "./certs", key_dir: str = "./keys"):
+        """Set protocol configuration (HTTP, HTTPS, or mTLS)."""
+        self.config["server"]["protocol"] = protocol.value
+        
+        if protocol == Protocol.HTTP:
+            # HTTP - no SSL
+            pass
+            
+        elif protocol == Protocol.HTTPS:
+            # HTTPS - server SSL only
+            # SSL configuration will be handled by the server based on protocol
+            pass
+            
+        elif protocol == Protocol.MTLS:
+            # mTLS - server SSL + client certificates
+            # SSL configuration will be handled by the server based on protocol
+            pass
+        
+        return self
+    
+    def set_auth(self, auth_method: AuthMethod, api_keys: Optional[Dict[str, str]] = None, roles: Optional[Dict[str, List[str]]] = None):
+        """Set authentication configuration."""
+        if auth_method == AuthMethod.NONE:
+            self.config["security"]["enabled"] = False
+            self.config["security"]["tokens"] = {}
+            self.config["security"]["roles"] = {}
+            self.config["security"]["roles_file"] = None
+            
+        elif auth_method == AuthMethod.TOKEN:
+            self.config["security"]["enabled"] = True
+            self.config["security"]["tokens"] = api_keys or {
+                "admin": "admin-secret-key",
+                "user": "user-secret-key"
+            }
+            self.config["security"]["roles"] = {}
+            self.config["security"]["roles_file"] = None
+            
+        elif auth_method == AuthMethod.TOKEN_ROLES:
+            self.config["security"]["enabled"] = True
+            self.config["security"]["tokens"] = api_keys or {
+                "admin": "admin-secret-key",
+                "user": "user-secret-key",
+                "readonly": "readonly-secret-key"
+            }
+            self.config["security"]["roles"] = roles or {
+                "admin": ["read", "write", "delete", "admin"],
+                "user": ["read", "write"],
+                "readonly": ["read"]
+            }
+            self.config["security"]["roles_file"] = "configs/roles.json"
+        
+        return self
+    
+    def set_server(self, host: str = "0.0.0.0", port: int = 8000):
+        """Set server configuration."""
+        self.config["server"]["host"] = host
+        self.config["server"]["port"] = port
+        return self
+    
+    def set_roles_file(self, roles_file: str):
+        """Set roles file path."""
+        self.config["security"]["roles_file"] = roles_file
+        return self
+    
+    def build(self) -> Dict[str, Any]:
+        """Build and return the configuration."""
+        return self.config.copy()
+    
+    def save(self, file_path: str) -> None:
+        """Save configuration to file."""
+        with open(file_path, 'w', encoding='utf-8') as f:
+            json.dump(self.config, f, indent=2, ensure_ascii=False)
+
+
+class ConfigFactory:
+    """Factory for creating common configurations."""
+    
+    @staticmethod
+    def create_http_config(port: int = 8000) -> Dict[str, Any]:
+        """Create HTTP configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.HTTP)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_http_token_config(port: int = 8001) -> Dict[str, Any]:
+        """Create HTTP with token authentication configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.HTTP)
+                .set_auth(AuthMethod.TOKEN)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_http_token_roles_config(port: int = 8002) -> Dict[str, Any]:
+        """Create HTTP with token and roles configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.HTTP)
+                .set_auth(AuthMethod.TOKEN_ROLES)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_https_config(port: int = 8003) -> Dict[str, Any]:
+        """Create HTTPS configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.HTTPS)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_https_token_config(port: int = 8004) -> Dict[str, Any]:
+        """Create HTTPS with token authentication configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.HTTPS)
+                .set_auth(AuthMethod.TOKEN)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_https_token_roles_config(port: int = 8005) -> Dict[str, Any]:
+        """Create HTTPS with token and roles configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.HTTPS)
+                .set_auth(AuthMethod.TOKEN_ROLES)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_mtls_config(port: int = 8006) -> Dict[str, Any]:
+        """Create mTLS configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.MTLS)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_mtls_token_config(port: int = 8007) -> Dict[str, Any]:
+        """Create mTLS with token authentication configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.MTLS)
+                .set_auth(AuthMethod.TOKEN)
+                .set_server(port=port)
+                .build())
+    
+    @staticmethod
+    def create_mtls_token_roles_config(port: int = 8008) -> Dict[str, Any]:
+        """Create mTLS with token and roles configuration."""
+        return (ConfigBuilder()
+                .set_protocol(Protocol.MTLS)
+                .set_auth(AuthMethod.TOKEN_ROLES)
+                .set_server(port=port)
+                .build())
+
+
+def create_config_from_flags(protocol: str, token: bool = False, roles: bool = False, port: int = 8000) -> Dict[str, Any]:
+    """
+    Create configuration from command line flags.
+    
+    Args:
+        protocol: Protocol type (http, https, mtls)
+        token: Enable token authentication
+        roles: Enable role-based access control
+        port: Server port
+        
+    Returns:
+        Configuration dictionary
+    """
+    protocol_map = {
+        "http": Protocol.HTTP,
+        "https": Protocol.HTTPS,
+        "mtls": Protocol.MTLS
+    }
+    
+    if protocol not in protocol_map:
+        raise ValueError(f"Unsupported protocol: {protocol}")
+    
+    builder = ConfigBuilder().set_protocol(protocol_map[protocol]).set_server(port=port)
+    
+    if roles:
+        builder.set_auth(AuthMethod.TOKEN_ROLES)
+    elif token:
+        builder.set_auth(AuthMethod.TOKEN)
+    else:
+        builder.set_auth(AuthMethod.NONE)
+    
+    return builder.build()
+
+
+if __name__ == "__main__":
+    # Example usage
+    config = create_config_from_flags("http", token=True, port=8001)
+    print(json.dumps(config, indent=2))

mcp_proxy_adapter/examples/run_security_tests_fixed.py

@@ -27,9 +27,7 @@ class SecurityTestRunner:
 
     def __init__(self):
         self.project_root = Path(__file__).parent.parent.parent
-        self.configs_dir = (
-            self.project_root / "mcp_proxy_adapter" / "examples" / "configs"
-        )
+        self.configs_dir = self.project_root / "configs"
         self.server_processes = {}
         self.test_results = []
 
@@ -137,23 +135,21 @@ class SecurityTestRunner:
             ]
         try:
             # Get remaining config for client setup
-            auth_enabled = (
-                config.get("security", {}).get("auth", {}).get("enabled", False)
-            )
-            auth_methods = config.get("security", {}).get("auth", {}).get("methods", [])
+            auth_enabled = config.get("security", {}).get("enabled", False)
+            # For new simplified structure, if security is enabled, we use token auth
+            auth_methods = ["api_key"] if auth_enabled else []
             # Create test client with correct protocol
-            protocol = (
-                "https" if config.get("ssl", {}).get("enabled", False) else "http"
-            )
+            server_protocol = config.get("server", {}).get("protocol", "http")
+            protocol = "https" if server_protocol in ["https", "mtls"] else "http"
             client = SecurityTestClient(base_url=f"{protocol}://localhost:{port}")
+            print(f"🔍 DEBUG: Created client with URL: {client.base_url}")
             client.auth_enabled = auth_enabled
             client.auth_methods = auth_methods
-            client.api_keys = (
-                config.get("security", {}).get("auth", {}).get("api_keys", {})
-            )
-            client.roles_file = config.get("security", {}).get("permissions", {}).get("roles_file")
+            client.api_keys = config.get("security", {}).get("tokens", {})
+            client.roles_file = config.get("security", {}).get("roles_file")
+            client.roles = config.get("security", {}).get("roles", {})
             # For mTLS, override SSL context creation and change working directory
-            if config_name == "mtls":
+            if server_protocol == "mtls":
                 client.create_ssl_context = client.create_ssl_context_for_mtls
                 # Ensure mTLS uses certificate auth
                 client.auth_methods = ["certificate"]
@@ -214,10 +210,10 @@ class SecurityTestRunner:
                     result = await client.test_negative_authentication()
                     results.append(result)
         except Exception as e:
-            results.append(
+                results.append(
                 TestResult(
                     test_name=f"{config_name}_client_error",
-                    server_url=f"http://localhost:{port}",
+                    server_url=f"{protocol}://localhost:{port}",
                     auth_type="none",
                     success=False,
                     error_message=str(e),
@@ -228,17 +224,68 @@ class SecurityTestRunner:
             self.stop_server(config_name, process)
         return results
 
+    def create_variant_from_full_config(self, full_config_path: Path, protocol: str, auth: str, port: int) -> Path:
+        """
+        Create a variant configuration from full config.
+        
+        Args:
+            full_config_path: Path to the full configuration file
+            protocol: Protocol type (http, https, mtls)
+            auth: Authentication type (none, token, token_roles)
+            port: Server port
+            
+        Returns:
+            Path to the temporary configuration file
+        """
+        import tempfile
+        import json
+        
+        # Load the full configuration
+        with open(full_config_path, 'r') as f:
+            full_config = json.load(f)
+        
+        # Create a copy of the full config
+        variant_config = full_config.copy()
+        
+        # Set server port and protocol
+        variant_config["server"]["port"] = port
+        variant_config["server"]["protocol"] = protocol
+        
+        # Apply protocol configuration
+        if protocol in variant_config.get("protocol_variants", {}):
+            protocol_config = variant_config["protocol_variants"][protocol]
+            variant_config["server"].update(protocol_config["server"])
+        
+        # Apply authentication configuration
+        if auth in variant_config.get("auth_variants", {}):
+            auth_config = variant_config["auth_variants"][auth]
+            variant_config["security"].update(auth_config["security"])
+        
+        # Remove the helper sections
+        variant_config.pop("protocol_variants", None)
+        variant_config.pop("auth_variants", None)
+        
+        # Create temporary config file
+        temp_dir = tempfile.mkdtemp(prefix="full_config_test_")
+        config_name = f"{protocol}_{auth}.json"
+        config_path = Path(temp_dir) / config_name
+        
+        with open(config_path, 'w') as f:
+            json.dump(variant_config, f, indent=2, ensure_ascii=False)
+        
+        return config_path
+
     async def run_all_tests(self):
         """Run all security tests."""
         print("🔒 Starting Security Testing Suite")
         print("=" * 50)
         # Test configurations
         configs = [
-            ("basic_http", "http_simple.json"),
-            ("http_token", "http_token.json"),
-            ("https", "https_simple.json"),
-            ("https_token", "https_token.json"),
-            ("mtls", "mtls_simple.json"),
+            ("basic_http", "http.json"),
+            ("http_token", "http_token_roles.json"),
+            ("https", "https.json"),
+            ("https_token", "https_token_roles.json"),
+            ("mtls", "mtls.json"),
         ]
         total_tests = 0
         passed_tests = 0
@@ -280,12 +327,128 @@ class SecurityTestRunner:
                 print(f"   Error: {result.error_message}")
         return passed_tests == total_tests
 
+    async def run_full_config_tests(self, full_config_path: str):
+        """Run tests using full configuration with all variants."""
+        print("🚀 Full Configuration Variants Testing")
+        print("=" * 60)
+        print(f"📁 Using full config: {full_config_path}")
+        
+        full_config_file = Path(full_config_path)
+        if not full_config_file.exists():
+            print(f"❌ Full configuration file not found: {full_config_path}")
+            return False
+        
+        # Define all combinations to test
+        variants = [
+            # HTTP variants
+            ("http", "none", 20000),
+            ("http", "token", 20001),
+            ("http", "token_roles", 20002),
+            
+            # HTTPS variants
+            ("https", "none", 20003),
+            ("https", "token", 20004),
+            ("https", "token_roles", 20005),
+            
+            # mTLS variants
+            ("mtls", "none", 20006),
+            ("mtls", "token", 20007),
+            ("mtls", "token_roles", 20008),
+        ]
+        
+        total_tests = 0
+        passed_tests = 0
+        all_results = []
+        
+        for protocol, auth, port in variants:
+            print(f"\n{'='*60}")
+            print(f"🧪 Testing {protocol.upper()} with {auth.upper()} authentication")
+            print(f"{'='*60}")
+            
+            # Create variant configuration
+            config_path = self.create_variant_from_full_config(full_config_file, protocol, auth, port)
+            
+            # Test the variant
+            config_name = f"{protocol}_{auth}"
+            results = await self.test_server(config_name, config_path)
+            
+            # Count results
+            for result in results:
+                total_tests += 1
+                if result.success:
+                    passed_tests += 1
+                    print(f"✅ {result.test_name}: PASS")
+                else:
+                    print(f"❌ {result.test_name}: FAIL - {result.error_message}")
+            
+            all_results.extend(results)
+            
+            # Clean up temporary config
+            import shutil
+            shutil.rmtree(config_path.parent)
+        
+        # Print final summary
+        print(f"\n{'='*60}")
+        print("📊 FULL CONFIG TEST SUMMARY")
+        print(f"{'='*60}")
+        print(f"Total tests: {total_tests}")
+        print(f"Passed: {passed_tests}")
+        print(f"Failed: {total_tests - passed_tests}")
+        print(f"Success rate: {(passed_tests/total_tests)*100:.1f}%")
+        
+        if total_tests - passed_tests > 0:
+            print(f"\n❌ Failed tests:")
+            for result in all_results:
+                if not result.success:
+                    print(f"   • {result.test_name}: {result.error_message}")
+        
+        return passed_tests == total_tests
+
+    def print_summary(self):
+        """Print test summary."""
+        if not self.test_results:
+            print("📊 No test results to display")
+            return
+            
+        total_tests = len(self.test_results)
+        passed_tests = sum(1 for result in self.test_results if result.success)
+        
+        print("\n" + "=" * 50)
+        print("📊 TEST SUMMARY")
+        print("=" * 50)
+        print(f"Total tests: {total_tests}")
+        print(f"Passed: {passed_tests}")
+        print(f"Failed: {total_tests - passed_tests}")
+        print(f"Success rate: {(passed_tests/total_tests)*100:.1f}%")
+        
+        if total_tests - passed_tests > 0:
+            print(f"\n📋 DETAILED RESULTS")
+            print("-" * 30)
+            for result in self.test_results:
+                status = "✅ PASS" if result.success else "❌ FAIL"
+                print(f"{status} {result.test_name}")
+                if not result.success and result.error_message:
+                    print(f"   Error: {result.error_message}")
+
 
 async def main():
     """Main function."""
+    import argparse
+    
+    parser = argparse.ArgumentParser(description="Security Testing Suite for MCP Proxy Adapter")
+    parser.add_argument("--full-config", help="Path to full configuration file for variant testing")
+    parser.add_argument("--verbose", action="store_true", help="Enable verbose output")
+    
+    args = parser.parse_args()
+    
     runner = SecurityTestRunner()
     try:
-        success = await runner.run_all_tests()
+        if args.full_config:
+            # Test full configuration variants
+            success = await runner.run_full_config_tests(args.full_config)
+        else:
+            # Run standard tests
+            success = await runner.run_all_tests()
         sys.exit(0 if success else 1)
     except KeyboardInterrupt:
         print("\n⚠️ Testing interrupted by user")

mcp_proxy_adapter/examples/security_test_client.py

@@ -83,6 +83,7 @@ class SecurityTestClient:
         self.auth_methods = []
         self.api_keys = {}
         self.roles_file = None
+        self.roles = {}
 
         if self._security_available:
             # For testing purposes, we don't initialize SecurityManager
@@ -99,7 +100,7 @@ class SecurityTestClient:
         self.test_tokens = {
             "admin": "admin-secret-key",
             "user": "user-secret-key",
-            "readonly": "readonly-token-123",
+            "readonly": "readonly-secret-key",
             "guest": "guest-token-123",
             "proxy": "proxy-token-123",
             "invalid": "invalid-token-999",
@@ -123,9 +124,11 @@ class SecurityTestClient:
     def create_ssl_context_for_mtls(self) -> ssl.SSLContext:
         """Create SSL context for mTLS connections."""
         # For mTLS, we need client certificates - check if they exist
-        cert_file = "./certs/user_cert.pem"
-        key_file = "./keys/user_key.pem"
-        ca_cert_file = "./certs/mcp_proxy_adapter_ca_ca.crt"
+        # Paths are relative to project root (../../ from examples directory)
+        # Use admin certificates to match server configuration
+        cert_file = "../../certs/admin.crt"
+        key_file = "../../certs/client_admin.key"
+        ca_cert_file = "../../certs/localhost_server.crt"
         
         # CRITICAL: For mTLS, certificates are REQUIRED
         if not os.path.exists(cert_file):
@@ -152,7 +155,13 @@ class SecurityTestClient:
         timeout = ClientTimeout(total=30)
         # Create SSL context only for HTTPS URLs
         if self.base_url.startswith('https://'):
-            ssl_context = self.create_ssl_context()
+            # Check if this is mTLS (ports 20006, 20007, 20008 are mTLS test ports)
+            if any(port in self.base_url for port in ['20006', '20007', '20008']):
+                # Use mTLS context with client certificates
+                ssl_context = self.create_ssl_context_for_mtls()
+            else:
+                # Use regular HTTPS context
+                ssl_context = self.create_ssl_context()
             connector = TCPConnector(ssl=ssl_context)
         else:
             # For HTTP URLs, use default connector without SSL
@@ -209,6 +218,11 @@ class SecurityTestClient:
             # Provide both common header styles to maximize compatibility
             headers["X-API-Key"] = token
             headers["Authorization"] = f"Bearer {token}"
+            
+            # Add role header if provided
+            role = kwargs.get("role")
+            if role:
+                headers["X-Role"] = role
         elif auth_type == "basic":
             username = kwargs.get("username")
             password = kwargs.get("password")
@@ -983,7 +997,7 @@ class SecurityTestClient:
 
     async def test_role_based_access(self, server_url: str, auth_type: str, role: str = "admin") -> TestResult:
         """Test role-based access control."""
-        if not self.roles_file:
+        if not self.roles_file and not self.roles:
             return TestResult(
                 test_name="Role-Based Access Test",
                 server_url=server_url,
@@ -1001,7 +1015,7 @@ class SecurityTestClient:
 
     async def test_role_permissions(self, server_url: str, auth_type: str, role: str = "admin", action: str = "read") -> TestResult:
         """Test role permissions."""
-        if not self.roles_file:
+        if not self.roles_file and not self.roles:
             return TestResult(
                 test_name="Role Permissions Test",
                 server_url=server_url,