Skip to content

Set MCP parent on resource entities for server-scoped policies#4965

Merged
jhrozek merged 1 commit intomainfrom
authz-mcp-parent-6b
Apr 21, 2026
Merged

Set MCP parent on resource entities for server-scoped policies#4965
jhrozek merged 1 commit intomainfrom
authz-mcp-parent-6b

Conversation

@jhrozek
Copy link
Copy Markdown
Contributor

@jhrozek jhrozek commented Apr 21, 2026

Summary

Server-scoped Cedar policies like resource in MCP::"github" silently matched nothing because resource entities (Tool, Prompt, Resource) had no MCP parent in their entity hierarchy. The serverName stored on the authorizer (#4861) was available but unused when building request entities.

  • Thread a.serverName through authorizeToolCall, authorizePromptGet, authorizeResourceRead, and authorizeFeatureList into CreateEntitiesForRequest
  • When serverName is non-empty, add MCP::"<serverName>" as a parent UID on the resource entity so Cedar's in operator can traverse the hierarchy
  • Test through AuthorizeWithJWTClaims (the production entry point) to pin the serverName threading at all four call sites

Type of change

  • New feature

Test plan

  • Unit tests (task test)
  • Linting (task lint-fix)
  • Manual testing (describe below)

Tested end-to-end on a Kind cluster with a real Entra ID token (roles: ["developer", "mcp-admin"]) against two MCPServers sharing one compiled Cedar ConfigMap with server-scoped policies:

  • permit(principal in THVRole::"dev-access", action, resource in MCP::"github") — github server: tools/list returned tools, call_tool returned HTTP 200
  • permit(principal in THVRole::"ops-access", action, resource in MCP::"internal-tools") — internal-tools server: call_tool returned HTTP 403 (no ops-team role in token, default deny)

Does this introduce a user-facing change?

No — enables server-scoped Cedar policies that were previously inert.

Special notes for reviewers

The test uses AuthorizeWithJWTClaims rather than calling CreateEntitiesForRequest directly, so it would fail if any of the four a.serverName call sites were accidentally dropped.

Generated with Claude Code

@github-actions github-actions Bot added the size/S Small PR: 100-299 lines changed label Apr 21, 2026
@jhrozek @claude
Set MCP parent on resource entities for server-scoped policies
3cbc17e 
When serverName is configured on the Cedar authorizer, resource entities
(Tool, Prompt, Resource) need an MCP parent so that server-scoped Cedar
policies like `resource in MCP::"github"` evaluate correctly. Without
this parent, those policies silently match nothing and deny all requests.

Add serverName parameter to CreateEntitiesForRequest and build an
MCP::"<serverName>" parent UID when non-empty. Thread a.serverName
through all four authorize* methods in core.go.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jhrozek jhrozek force-pushed the authz-mcp-parent-6b branch from 936ad59 to 3cbc17e Compare April 21, 2026 11:11
@github-actions github-actions Bot added size/S Small PR: 100-299 lines changed and removed size/S Small PR: 100-299 lines changed labels Apr 21, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 21, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.49%. Comparing base (108f6fa) to head (3cbc17e).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4965      +/-   ##
==========================================
- Coverage   69.55%   69.49%   -0.07%     
==========================================
  Files         551      551              
  Lines       55906    55917      +11     
==========================================
- Hits        38887    38858      -29     
- Misses      14025    14063      +38     
- Partials     2994     2996       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jhrozek jhrozek merged commit f3c9f24 into main Apr 21, 2026
42 checks passed
@jhrozek jhrozek deleted the authz-mcp-parent-6b branch April 21, 2026 13:42
This was referenced Apr 21, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amirejaz amirejaz amirejaz approved these changes

@JAORMX JAORMX Awaiting requested review from JAORMX JAORMX is a code owner

@ChrisJBurns ChrisJBurns Awaiting requested review from ChrisJBurns ChrisJBurns is a code owner

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

Assignees

No one assigned

Labels

size/S Small PR: 100-299 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jhrozek @amirejaz