Merge pull request #50 from Azure/guwe/access-level

Feat: support flexible access-level

Author: feiskyer

README.md

@@ -96,15 +96,37 @@ Command line arguments:
 
 ```sh
 Usage of ./mcp-kubernetes:
+      --access-level string       Access level (readonly, readwrite, or admin) (default "readonly")
       --additional-tools string   Comma-separated list of additional tools to support (kubectl is always enabled). Available: helm,cilium
       --allow-namespaces string   Comma-separated list of namespaces to allow (empty means all allowed)
       --host string               Host to listen for the server (only used with transport sse or streamable-http) (default "127.0.0.1")
       --port int                  Port to listen for the server (only used with transport sse or streamable-http) (default 8000)
-      --readonly                  Enable read-only mode (prevents write operations)
       --timeout int               Timeout for command execution in seconds, default is 60s (default 60)
       --transport string          Transport mechanism to use (stdio, sse or streamable-http) (default "stdio")
 ```
 
+### Access Levels
+
+The `--access-level` flag controls what operations are allowed:
+
+- **`readonly`** (default): Only read operations are allowed (get, describe, logs, etc.)
+- **`readwrite`**: Read and write operations are allowed (create, delete, apply, etc.)
+- **`admin`**: All operations are allowed, including admin operations (cordon, drain, taint, etc.)
+
+Example configurations:
+
+```json
+// Admin access
+{
+  "mcpServers": {
+    "kubernetes": {
+      "command": "mcp-kubernetes", 
+      "args": ["--access-level", "admin"]
+    }
+  }
+}
+```
+
 ## Usage
 
 Ask any questions about Kubernetes cluster in your AI client, e.g.

cmd/mcp-kubernetes/main.go

@@ -12,7 +12,10 @@ import (
 func main() {
 	// Create configuration instance and parse command line arguments
 	cfg := config.NewConfig()
-	cfg.ParseFlags()
+	if err := cfg.ParseFlags(); err != nil {
+		fmt.Fprintf(os.Stderr, "Error parsing flags: %v\n", err)
+		os.Exit(1)
+	}
 
 	// Create validator and run validation checks
 	v := config.NewValidator(cfg)

example/clients/autogen/main.py

@@ -83,15 +83,15 @@ async def get_tools(
     mcp_kubernetes_bin: str,
     additional_tools: str,
     allow_namespaces: str,
-    readonly: bool,
+    access_level: str,
 ) -> list:
     """Initialize and return tools for the MCP Kubernetes server."""
     server_params = StdioServerParams(
         command=mcp_kubernetes_bin,
         args=[
             f"--additional-tools={additional_tools}",
             f"--allow-namespaces={allow_namespaces}",
-            "--readonly" if readonly else "",
+            f"--access-level={access_level}",
         ],
     )
 
@@ -133,12 +133,12 @@ async def main() -> None:
 
     additional_tools = app_config.get("additional_tools", "")
     allow_namespaces = app_config.get("allow_namespaces", "")
-    readonly = app_config.get("readonly", False)
+    access_level = app_config.get("access_level", "readonly")
 
     az_model_client = get_az_model_client(model_config)
 
     tools = await get_tools(
-        mcp_kubernetes_bin, additional_tools, allow_namespaces, readonly
+        mcp_kubernetes_bin, additional_tools, allow_namespaces, access_level
     )
 
     agent = AssistantAgent(

pkg/config/config.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/Azure/mcp-kubernetes/pkg/security"
@@ -20,7 +21,7 @@ type ConfigData struct {
 	Transport       string
 	Host            string
 	Port            int
-	ReadOnly        bool
+	AccessLevel     string
 	AllowNamespaces string
 }
 
@@ -32,13 +33,13 @@ func NewConfig() *ConfigData {
 		SecurityConfig:  security.NewSecurityConfig(),
 		Transport:       "stdio",
 		Port:            8000,
-		ReadOnly:        false,
+		AccessLevel:     "readonly",
 		AllowNamespaces: "",
 	}
 }
 
 // ParseFlags parses command line arguments and updates the configuration
-func (cfg *ConfigData) ParseFlags() {
+func (cfg *ConfigData) ParseFlags() error {
 	// Server configuration
 	flag.StringVar(&cfg.Transport, "transport", "stdio", "Transport mechanism to use (stdio, sse or streamable-http)")
 	flag.StringVar(&cfg.Host, "host", "127.0.0.1", "Host to listen for the server (only used with transport sse or streamable-http)")
@@ -50,14 +51,24 @@ func (cfg *ConfigData) ParseFlags() {
 		"Comma-separated list of additional tools to support (kubectl is always enabled). Available: helm,cilium")
 
 	// Security settings
-	flag.BoolVar(&cfg.ReadOnly, "readonly", false, "Enable read-only mode (prevents write operations)")
+	flag.StringVar(&cfg.AccessLevel, "access-level", "readonly", "Access level (readonly, readwrite, or admin)")
 	flag.StringVar(&cfg.AllowNamespaces, "allow-namespaces", "",
 		"Comma-separated list of namespaces to allow (empty means all allowed)")
 
 	flag.Parse()
 
-	// Update security config
-	cfg.SecurityConfig.ReadOnly = cfg.ReadOnly
+	// Update security config with access level
+	switch cfg.AccessLevel {
+	case "readonly":
+		cfg.SecurityConfig.AccessLevel = security.AccessLevelReadOnly
+	case "readwrite":
+		cfg.SecurityConfig.AccessLevel = security.AccessLevelReadWrite
+	case "admin":
+		cfg.SecurityConfig.AccessLevel = security.AccessLevelAdmin
+	default:
+		return fmt.Errorf("invalid access level '%s'. Valid values are: readonly, readwrite, admin", cfg.AccessLevel)
+	}
+
 	if cfg.AllowNamespaces != "" {
 		cfg.SecurityConfig.SetAllowedNamespaces(cfg.AllowNamespaces)
 	}
@@ -72,6 +83,8 @@ func (cfg *ConfigData) ParseFlags() {
 			cfg.AdditionalTools[tool] = true
 		}
 	}
+
+	return nil
 }
 
 var availableTools = []string{"kubectl", "helm", "cilium"}

pkg/config/config_test.go

@@ -0,0 +1,52 @@
+package config
+
+import (
+	"testing"
+)
+
+func TestAccessLevelValidation(t *testing.T) {
+	tests := []struct {
+		name        string
+		accessLevel string
+		expectError bool
+	}{
+		{"Valid readonly", "readonly", false},
+		{"Valid readwrite", "readwrite", false},
+		{"Valid admin", "admin", false},
+		{"Invalid value", "invalid", true},
+		{"Empty value", "", true},
+		{"Case sensitive", "READONLY", true},
+		{"Case sensitive", "ReadOnly", true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cfg := NewConfig()
+			cfg.AccessLevel = tt.accessLevel
+			
+			// Skip flag parsing, just test the validation logic
+			var err error
+			switch cfg.AccessLevel {
+			case "readonly", "readwrite", "admin":
+				err = nil
+			default:
+				err = &ValidationError{Message: "invalid access level"}
+			}
+
+			if tt.expectError && err == nil {
+				t.Errorf("Expected error for access level '%s', but got none", tt.accessLevel)
+			} else if !tt.expectError && err != nil {
+				t.Errorf("Did not expect error for access level '%s', but got: %v", tt.accessLevel, err)
+			}
+		})
+	}
+}
+
+// ValidationError for testing purposes
+type ValidationError struct {
+	Message string
+}
+
+func (e *ValidationError) Error() string {
+	return e.Message
+}

pkg/security/security.go

@@ -5,10 +5,19 @@ import (
 	"strings"
 )
 
+// AccessLevel defines the level of access allowed
+type AccessLevel string
+
+const (
+	AccessLevelReadOnly   AccessLevel = "readonly"
+	AccessLevelReadWrite  AccessLevel = "readwrite"
+	AccessLevelAdmin      AccessLevel = "admin"
+)
+
 // SecurityConfig holds security-related configuration
 type SecurityConfig struct {
-	// ReadOnly mode prevents write operations
-	ReadOnly bool
+	// AccessLevel defines the level of access allowed (readonly, readwrite, admin)
+	AccessLevel AccessLevel
 	// AllowedNamespaces is a list of literal namespace names
 	allowedNamespaces []string
 	// allowedNamespacesRe is a list of compiled regex patterns for namespace matching
@@ -18,7 +27,7 @@ type SecurityConfig struct {
 // NewSecurityConfig creates a new SecurityConfig instance
 func NewSecurityConfig() *SecurityConfig {
 	return &SecurityConfig{
-		ReadOnly:            false,
+		AccessLevel:         AccessLevelReadOnly,
 		allowedNamespaces:   []string{},
 		allowedNamespacesRe: []*regexp.Regexp{},
 	}

pkg/security/validator.go

@@ -17,7 +17,18 @@ var (
 	KubectlReadOperations = []string{
 		"get", "describe", "explain", "logs", "top", "auth", "config",
 		"cluster-info", "api-resources", "api-versions", "version", "diff",
-		"completion", "help", "kustomize", "options", "plugin", "proxy", "wait", "cp",
+		"completion", "help", "kustomize", "options", "plugin", "proxy", "wait", "events",
+	}
+
+	// KubectlReadWriteOperations defines kubectl operations that modify state but are not admin operations
+	KubectlReadWriteOperations = []string{
+		"create", "delete", "apply", "expose", "run", "set", "rollout", "scale",
+		"autoscale", "label", "annotate", "patch", "replace", "cp", "exec",
+	}
+
+	// KubectlAdminOperations defines kubectl operations that require admin privileges
+	KubectlAdminOperations = []string{
+		"cordon", "uncordon", "drain", "taint", "certificate",
 	}
 
 	// HelmReadOperations defines helm operations that don't modify state
@@ -69,12 +80,46 @@ func (v *Validator) getReadOperationsList(commandType string) []string {
 	}
 }
 
+// getReadWriteOperationsList returns the appropriate list of read-write operations based on command type
+func (v *Validator) getReadWriteOperationsList(commandType string) []string {
+	switch commandType {
+	case CommandTypeKubectl:
+		return KubectlReadWriteOperations
+	case CommandTypeHelm:
+		// For now, assume helm write operations are same as read operations
+		// This can be expanded when helm write operations are defined
+		return []string{}
+	case CommandTypeCilium:
+		// For now, assume cilium write operations are same as read operations  
+		// This can be expanded when cilium write operations are defined
+		return []string{}
+	default:
+		return []string{}
+	}
+}
+
+// getAdminOperationsList returns the appropriate list of admin operations based on command type
+func (v *Validator) getAdminOperationsList(commandType string) []string {
+	switch commandType {
+	case CommandTypeKubectl:
+		return KubectlAdminOperations
+	case CommandTypeHelm:
+		// For now, assume helm admin operations are not defined
+		// This can be expanded when helm admin operations are defined
+		return []string{}
+	case CommandTypeCilium:
+		// For now, assume cilium admin operations are not defined
+		// This can be expanded when cilium admin operations are defined
+		return []string{}
+	default:
+		return []string{}
+	}
+}
+
 // ValidateCommand validates a command against all security settings
 func (v *Validator) ValidateCommand(command, commandType string) error {
-	readOperations := v.getReadOperationsList(commandType)
-
-	// Check readonly restrictions
-	if err := v.validateReadOnly(command, readOperations); err != nil {
+	// Check access level restrictions
+	if err := v.validateAccessLevel(command, commandType); err != nil {
 		return err
 	}
 
@@ -86,11 +131,36 @@ func (v *Validator) ValidateCommand(command, commandType string) error {
 	return nil
 }
 
-// validateReadOnly validates if a command is allowed in read-only mode
-func (v *Validator) validateReadOnly(command string, readOperations []string) error {
-	// Check if we're in readonly mode and if this is a write operation
-	if v.secConfig.ReadOnly && !v.isReadOperation(command, readOperations) {
-		return &ValidationError{Message: "Error: Cannot execute write operations in read-only mode"}
+// validateAccessLevel validates if a command is allowed based on the configured access level
+func (v *Validator) validateAccessLevel(command, commandType string) error {
+	readOperations := v.getReadOperationsList(commandType)
+	readWriteOperations := v.getReadWriteOperationsList(commandType)
+	adminOperations := v.getAdminOperationsList(commandType)
+
+	operation := v.extractOperationFromCommand(command, commandType)
+
+	switch v.secConfig.AccessLevel {
+	case AccessLevelReadOnly:
+		if !v.isOperationInList(operation, readOperations) {
+			return &ValidationError{Message: "Error: Cannot execute write or admin operations in read-only mode"}
+		}
+	case AccessLevelReadWrite:
+		if !v.isOperationInList(operation, readOperations) && !v.isOperationInList(operation, readWriteOperations) {
+			// Check if it's an admin operation to provide better error message
+			if v.isOperationInList(operation, adminOperations) {
+				return &ValidationError{Message: "Error: Cannot execute admin operations in read-write mode"}
+			}
+			return &ValidationError{Message: "Error: Operation not allowed in read-write mode"}
+		}
+	case AccessLevelAdmin:
+		// Admin level allows all operations (read, write, and admin)
+		if !v.isOperationInList(operation, readOperations) && 
+		   !v.isOperationInList(operation, readWriteOperations) && 
+		   !v.isOperationInList(operation, adminOperations) {
+			return &ValidationError{Message: "Error: Unknown operation"}
+		}
+	default:
+		return &ValidationError{Message: "Error: Invalid access level configuration"}
 	}
 
 	return nil
@@ -118,28 +188,32 @@ func (v *Validator) validateNamespaceScope(command string) error {
 	return nil
 }
 
-// isReadOperation checks if a command is a read operation
-func (v *Validator) isReadOperation(command string, allowedOperations []string) bool {
+// isOperationInList checks if an operation is in the given list
+func (v *Validator) isOperationInList(operation string, allowedOperations []string) bool {
+	for _, allowed := range allowedOperations {
+		if operation == allowed {
+			return true
+		}
+	}
+	return false
+}
+
+// extractOperationFromCommand extracts the operation from a command
+func (v *Validator) extractOperationFromCommand(command, commandType string) string {
 	cmdParts := strings.Fields(command)
 	var operation string
 
 	for _, part := range cmdParts {
 		if !strings.HasPrefix(part, "-") {
 			// Skip the initial command name (kubectl, helm, cilium)
-			if part != CommandTypeKubectl && part != CommandTypeHelm && part != CommandTypeCilium {
+			if part != commandType {
 				operation = part
 				break
 			}
 		}
 	}
 
-	for _, allowed := range allowedOperations {
-		if operation == allowed {
-			return true
-		}
-	}
-
-	return false
+	return operation
 }
 
 // extractNamespaceFromCommand extracts the namespace from a command