fix: remove tokencache from vmcp

cmd/thv-operator/api/v1alpha1/virtualmcpserver_types.go

@@ -34,10 +34,6 @@ type VirtualMCPServerSpec struct {
 	// +optional
 	CompositeToolRefs []CompositeToolDefinitionRef `json:"compositeToolRefs,omitempty"`
 
-	// TokenCache configures token caching behavior
-	// +optional
-	TokenCache *TokenCacheConfig `json:"tokenCache,omitempty"`
-
 	// Operational defines operational settings like timeouts and health checks
 	// +optional
 	Operational *OperationalConfig `json:"operational,omitempty"`
@@ -283,64 +279,6 @@ type ErrorHandling struct {
 	RetryDelay string `json:"retryDelay,omitempty"`
 }
 
-// TokenCacheConfig configures token caching behavior
-type TokenCacheConfig struct {
-	// Provider defines the cache provider type
-	// +kubebuilder:validation:Enum=memory;redis
-	// +kubebuilder:default=memory
-	// +optional
-	Provider string `json:"provider,omitempty"`
-
-	// Memory configures in-memory token caching
-	// Only used when Provider is "memory"
-	// +optional
-	Memory *MemoryCacheConfig `json:"memory,omitempty"`
-
-	// Redis configures Redis token caching
-	// Only used when Provider is "redis"
-	// +optional
-	Redis *RedisCacheConfig `json:"redis,omitempty"`
-}
-
-// MemoryCacheConfig configures in-memory token caching
-type MemoryCacheConfig struct {
-	// MaxEntries is the maximum number of cache entries
-	// +kubebuilder:default=1000
-	// +optional
-	MaxEntries int `json:"maxEntries,omitempty"`
-
-	// TTLOffset is the duration before token expiry to refresh
-	// +kubebuilder:default="5m"
-	// +optional
-	TTLOffset string `json:"ttlOffset,omitempty"`
-}
-
-// RedisCacheConfig configures Redis token caching
-type RedisCacheConfig struct {
-	// Address is the Redis server address
-	// +kubebuilder:validation:Required
-	Address string `json:"address"`
-
-	// DB is the Redis database number
-	// +kubebuilder:default=0
-	// +optional
-	DB int `json:"db,omitempty"`
-
-	// KeyPrefix is the prefix for cache keys
-	// +kubebuilder:default="vmcp:tokens:"
-	// +optional
-	KeyPrefix string `json:"keyPrefix,omitempty"`
-
-	// PasswordRef references a secret containing the Redis password
-	// +optional
-	PasswordRef *SecretKeyRef `json:"passwordRef,omitempty"`
-
-	// TLS enables TLS for Redis connections
-	// +kubebuilder:default=false
-	// +optional
-	TLS bool `json:"tls,omitempty"`
-}
-
 // OperationalConfig defines operational settings
 type OperationalConfig struct {
 	// Timeouts configures timeout settings

cmd/thv-operator/api/v1alpha1/virtualmcpserver_types_test.go

@@ -147,17 +147,13 @@ func TestVirtualMCPServerDefaultValues(t *testing.T) {
 			Aggregation: &AggregationConfig{
 				ConflictResolution: "", // Should default to "prefix"
 			},
-			TokenCache: &TokenCacheConfig{
-				Provider: "", // Should default to "memory"
-			},
 		},
 	}
 
 	// These defaults are enforced by kubebuilder markers
 	// but we document expected values here
 	assert.NotNil(t, vmcp.Spec.OutgoingAuth)
 	assert.NotNil(t, vmcp.Spec.Aggregation)
-	assert.NotNil(t, vmcp.Spec.TokenCache)
 }
 
 func TestVirtualMCPServerNamespaceIsolation(t *testing.T) {

cmd/thv-operator/api/v1alpha1/virtualmcpserver_webhook.go

@@ -74,13 +74,6 @@ func (r *VirtualMCPServer) Validate() error {
 		}
 	}
 
-	// Validate TokenCache configuration
-	if r.Spec.TokenCache != nil {
-		if err := r.validateTokenCache(); err != nil {
-			return err
-		}
-	}
-
 	return nil
 }
 
@@ -355,39 +348,3 @@ func validateStepErrorHandling(toolIndex, stepIndex int, step WorkflowStep) erro
 
 	return nil
 }
-
-// validateTokenCache validates token cache configuration
-func (r *VirtualMCPServer) validateTokenCache() error {
-	cache := r.Spec.TokenCache
-
-	// Validate provider
-	if cache.Provider != "" {
-		validProviders := map[string]bool{
-			"memory": true,
-			"redis":  true,
-		}
-		if !validProviders[cache.Provider] {
-			return fmt.Errorf("spec.tokenCache.provider must be memory or redis")
-		}
-	}
-
-	// Validate provider-specific configuration
-	if cache.Provider == "redis" || (cache.Provider == "" && cache.Redis != nil) {
-		if cache.Redis == nil {
-			return fmt.Errorf("spec.tokenCache.redis is required when provider is redis")
-		}
-		if cache.Redis.Address == "" {
-			return fmt.Errorf("spec.tokenCache.redis.address is required")
-		}
-		if cache.Redis.PasswordRef != nil {
-			if cache.Redis.PasswordRef.Name == "" {
-				return fmt.Errorf("spec.tokenCache.redis.passwordRef.name is required when passwordRef is specified")
-			}
-			if cache.Redis.PasswordRef.Key == "" {
-				return fmt.Errorf("spec.tokenCache.redis.passwordRef.key is required when passwordRef is specified")
-			}
-		}
-	}
-
-	return nil
-}

cmd/thv-operator/api/v1alpha1/virtualmcpserver_webhook_test.go

@@ -369,67 +369,6 @@ func TestVirtualMCPServerValidate(t *testing.T) {
 			wantErr: true,
 			errMsg:  "spec.compositeTools[0].steps[1].id \"step1\" is duplicated",
 		},
-		{
-			name: "valid token cache - memory",
-			vmcp: &VirtualMCPServer{
-				Spec: VirtualMCPServerSpec{
-					GroupRef: GroupRef{Name: "test-group"},
-					TokenCache: &TokenCacheConfig{
-						Provider: "memory",
-						Memory: &MemoryCacheConfig{
-							MaxEntries: 1000,
-						},
-					},
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "valid token cache - redis with password",
-			vmcp: &VirtualMCPServer{
-				Spec: VirtualMCPServerSpec{
-					GroupRef: GroupRef{Name: "test-group"},
-					TokenCache: &TokenCacheConfig{
-						Provider: "redis",
-						Redis: &RedisCacheConfig{
-							Address: "redis:6379",
-							PasswordRef: &SecretKeyRef{
-								Name: "redis-secret",
-								Key:  "password",
-							},
-						},
-					},
-				},
-			},
-			wantErr: false,
-		},
-		{
-			name: "invalid token cache - redis without address",
-			vmcp: &VirtualMCPServer{
-				Spec: VirtualMCPServerSpec{
-					GroupRef: GroupRef{Name: "test-group"},
-					TokenCache: &TokenCacheConfig{
-						Provider: "redis",
-						Redis:    &RedisCacheConfig{},
-					},
-				},
-			},
-			wantErr: true,
-			errMsg:  "spec.tokenCache.redis.address is required",
-		},
-		{
-			name: "invalid token cache - invalid provider",
-			vmcp: &VirtualMCPServer{
-				Spec: VirtualMCPServerSpec{
-					GroupRef: GroupRef{Name: "test-group"},
-					TokenCache: &TokenCacheConfig{
-						Provider: "invalid",
-					},
-				},
-			},
-			wantErr: true,
-			errMsg:  "spec.tokenCache.provider must be memory or redis",
-		},
 	}
 
 	for _, tt := range tests {