Enable MCP write tools by setting read_only=false in openshift-mcp-server config

[blublinsky]

Description

Summary

The shipped openshift-mcp-server-rhel9 sidecar defaults to ReadOnly: true at build time (config_default_overrides.go). Removing the --read-only CLI flag (OLS-*) is not enough: without an explicit TOML override, MCP only exposes read-only tools (resources_list, resources_get, …) and the assistant falls back to suggesting oc for mutations.
This change sets read_only = false in the operator-managed openshift-mcp-server-config ConfigMap so core write tools (e.g. resources_create_or_update, resources_delete, resources_scale) are available to Lightspeed while Secret/RBAC denied resources remain unchanged.

Problem

• Operator pod spec: no --read-only ✓
• Operator TOML: did not set read_only → effective read-only from image defaults
• tools/list: 24 tools (read-only)
• User asks to create a ConfigMap → model suggests oc create instead of MCP

Fix

Add read_only = false to OpenShiftMCPServerConfigTOML and document in .ai/spec/what/security.md.

Type of change

• Refactor
• New feature
• [x ] Bug fix
• CVE fix
• Optimization
• Documentation Update
• Configuration Update
• Bump-up dependent library

Related Tickets & Documents

• Related Issue #
• Closes #

Checklist before requesting a review

• I have performed a self-review of my code.
• PR has passed all pre-merge test jobs.
• If it is a core feature, I have added thorough tests.

Testing

• Please provide detailed steps to perform tests related to this code change.
• How were the fix/results from this change verified? Please provide relevant screenshots or results.

Summary by CodeRabbit

• Documentation

  • Security documentation updated to clarify OpenShift MCP server configuration, resource access controls, and how configuration settings override default behavior

• Configuration

  • OpenShift MCP server configuration updated to explicitly enable write operations for core resources while maintaining restrictions on Secret and RBAC resource access

• Tests

  • Configuration tests enhanced to verify server settings and configuration overrides

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 5a7aee92-cd36-4db9-9c0c-af9645d73dc0

📥 Commits

Reviewing files that changed from the base of the PR and between 929f3df and 2771c6e.

📒 Files selected for processing (3)

• .ai/spec/what/security.md
• internal/controller/utils/mcp_server_config.go
• internal/controller/utils/mcp_server_config_test.go

---

📝 Walkthrough

Walkthrough

This PR updates the OpenShift MCP server configuration to explicitly set read_only = false within the embedded TOML configuration, overriding build-time defaults. The change includes test validation and documentation updates clarifying the configuration approach and the absence of a --read-only command-line flag in the sidecar.

Changes

OpenShift MCP server read_only configuration

Layer / File(s)	Summary
read_only configuration override with test validation internal/controller/utils/mcp_server_config.go, internal/controller/utils/mcp_server_config_test.go, .ai/spec/what/security.md	The OpenShiftMCPServerConfigTOML constant now explicitly sets read_only = false with comments explaining it overrides build-time defaults. Test assertion verifies the flag is present in the TOML. Security documentation updated to clarify the shipped server uses this TOML-based configuration and omits the --read-only command-line flag.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title clearly and specifically describes the main change: enabling MCP write tools by setting read_only=false in the openshift-mcp-server configuration.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign blublinsky for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[xrajesh]

/hold
We need to ensure that we are okay with respect to AIA approval

[openshift-ci]

@blublinsky: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.