Skip to content

Conversation

@n3rdc4ptn
Copy link
Member

@n3rdc4ptn n3rdc4ptn commented May 6, 2025

Builds on: #4

This PR removes the MCPAuthorization header in favor of just using one auth header, the Authorization.

This follows best practices and reduces the risk of secret leakage, as the Authorization header is the pre defined http default header for tokens and authorization information and is respected in reverse proxies etc.

@n3rdc4ptn n3rdc4ptn self-assigned this May 6, 2025
@n3rdc4ptn n3rdc4ptn requested a review from Copilot May 6, 2025 09:52
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR removes the deprecated second auth header usage and related endpoints in favor of the standard "Authorization" header, reducing the risk of secret leakage. Key changes include:

  • Removal of endpoints handling MCP authorization and the associated files (handlerWellKnownKubeconfig.go, handlerBtpSO.go).
  • Updating of handler logic in mainHandler.go and _categoryHandler to exclusively use the "Authorization" header.
  • Elimination of JSONPath handling in favor of solely supporting JQ in response processing.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
internal/server/server.go Removed routes for "/.well-known/openmcp/kubeconfig" and "/btp-so" endpoints
internal/server/handlerWellKnownKubeconfig.go Removed the entire file as it relates to the deprecated auth header handling
internal/server/handlerMain.go Updated auth header usage; removed fields and logic related to secondary and JSONPath support
internal/server/handlerCategory.go Updated auth header usage and removed JSONPath-based logic in favor of JQ support
internal/server/handlerBtpSO.go Removed the entire file to deprecate the old auth handling mechanism
Comments suppressed due to low confidence (3)

internal/server/server.go:15

  • Since the routes '/.well-known/openmcp/kubeconfig' and '/btp-so' are removed, please update any corresponding API documentation or changelogs to reflect these endpoint removals.
mux.HandleFunc("/.well-known/openmcp/kubeconfig", defaultHandler(shared, wellKnownKubeconfigHandler))

internal/server/handlerMain.go:125

  • The removal of the JSONPath branch in favor of solely using JQ may impact clients that rely on JSONPath processing. If JSONPath support is no longer required, please ensure this change is communicated and tested accordingly.
if (data.JQ == "") || k8sResp.StatusCode >= 400 {

internal/server/handlerCategory.go:110

  • The JSONPath branch has been removed in _categoryHandler, which may affect clients expecting JSONPath support. Confirm that this change aligns with the overall API design and that clients have been notified of the adjustment.
if data.JQ != "" {

@n3rdc4ptn n3rdc4ptn merged commit f49b979 into main May 20, 2025
5 checks passed
@n3rdc4ptn n3rdc4ptn deleted the only-one-auth-header branch May 20, 2025 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant