Skip to content

Commit 8fe30ba

Browse files
committed
Add invalid MCP token configuration and update tests
- Added a new invalid MCP token file for testing purposes. - Updated the Docker Compose configuration to mount the invalid MCP token. - Introduced a new YAML configuration for testing invalid MCP file authentication. - Enhanced the test scenarios to include checks for invalid MCP file authentication. - Updated feature files to reflect the new authentication configurations.
1 parent cef66f2 commit 8fe30ba

5 files changed

Lines changed: 65 additions & 7 deletions

File tree

docker-compose.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ services:
8282
volumes:
8383
- ./lightspeed-stack.yaml:/app-root/lightspeed-stack.yaml:z
8484
- ./tests/e2e/secrets/mcp-token:/tmp/mcp-secret-token:ro
85+
- ./tests/e2e/secrets/invalid-mcp-token:/tmp/invalid-mcp-secret-token:ro
8586
environment:
8687
- OPENAI_API_KEY=${OPENAI_API_KEY}
8788
# Azure Entra ID credentials (AZURE_API_KEY is obtained dynamically)
Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
name: Lightspeed Core Service (LCS)
2+
service:
3+
host: 0.0.0.0
4+
port: 8080
5+
auth_enabled: false
6+
workers: 1
7+
color_log: true
8+
access_log: true
9+
llama_stack:
10+
# Server mode - connects to separate llama-stack service
11+
use_as_library_client: false
12+
url: http://llama-stack:8321
13+
api_key: xyzzy
14+
user_data_collection:
15+
feedback_enabled: true
16+
feedback_storage: "/tmp/data/feedback"
17+
transcripts_enabled: true
18+
transcripts_storage: "/tmp/data/transcripts"
19+
authentication:
20+
module: "noop"
21+
mcp_servers:
22+
- name: "mcp-file"
23+
url: "http://mock-mcp:3001"
24+
authorization_headers:
25+
Authorization: "/tmp/invalid-mcp-secret-token"

tests/e2e/features/environment.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -213,6 +213,11 @@ def before_scenario(context: Context, scenario: Scenario) -> None:
213213
unregister_mcp_toolgroups()
214214
switch_config(context.scenario_config)
215215
restart_container("lightspeed-stack")
216+
if "InvalidMCPFileAuthConfig" in scenario.effective_tags:
217+
context.scenario_config = _get_config_path("invalid-mcp-file-auth", mode_dir)
218+
unregister_mcp_toolgroups()
219+
switch_config(context.scenario_config)
220+
restart_container("lightspeed-stack")
216221
if "MCPKubernetesAuthConfig" in scenario.effective_tags:
217222
context.scenario_config = _get_config_path("mcp-kubernetes", mode_dir)
218223
unregister_mcp_toolgroups()
@@ -267,6 +272,7 @@ def after_scenario(context: Context, scenario: Scenario) -> None:
267272
"InvalidFeedbackStorageConfig",
268273
"NoCacheConfig",
269274
"MCPFileAuthConfig",
275+
"InvalidMCPFileAuthConfig",
270276
"MCPKubernetesAuthConfig",
271277
"MCPClientAuthConfig",
272278
"MCPOAuthAuthConfig",

tests/e2e/features/mcp.feature

Lines changed: 32 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,18 +7,19 @@ Feature: MCP tests
77

88

99
# File-based
10-
@MCPFileAuth
10+
@MCPFileAuthConfig
1111
Scenario: Check if tools endpoint succeeds when MCP file-based auth token is passed
1212
Given The system is in default state
1313
When I access REST API endpoint "tools" using HTTP GET method
1414
Then The status code of the response is 200
1515
And The body of the response contains mcp-file
1616

1717
@skip-in-library-mode # will be fixed in LCORE-1428
18+
@MCPFileAuthConfig
1819
Scenario: Check if query endpoint succeeds when MCP file-based auth token is passed
1920
Given The system is in default state
2021
And I capture the current token metrics
21-
When I use "query" to ask question with authorization header
22+
When I use "query" to ask question
2223
"""
2324
{"query": "Say hello", "model": "{MODEL}", "provider": "{PROVIDER}"}
2425
"""
@@ -29,10 +30,11 @@ Feature: MCP tests
2930
And The token metrics should have increased
3031

3132
@skip-in-library-mode # will be fixed in LCORE-1428
33+
@MCPFileAuthConfig
3234
Scenario: Check if streaming_query endpoint succeeds when MCP file-based auth token is passed
3335
Given The system is in default state
3436
And I capture the current token metrics
35-
When I use "streaming_query" to ask question with authorization header
37+
When I use "streaming_query" to ask question
3638
"""
3739
{"query": "Say hello", "model": "{MODEL}", "provider": "{PROVIDER}"}
3840
"""
@@ -43,7 +45,7 @@ Feature: MCP tests
4345
| Hello |
4446
And The token metrics should have increased
4547

46-
@InvalidMCPFileAuth
48+
@InvalidMCPFileAuthConfig
4749
Scenario: Check if tools endpoint reports error when MCP file-based invalid auth token is passed
4850
Given The system is in default state
4951
When I access REST API endpoint "tools" using HTTP GET method
@@ -58,6 +60,7 @@ Feature: MCP tests
5860
}
5961
"""
6062

63+
@InvalidMCPFileAuthConfig
6164
Scenario: Check if query endpoint reports error when MCP file-based invalid auth token is passed
6265
Given The system is in default state
6366
When I use "query" to ask question with authorization header
@@ -75,6 +78,7 @@ Feature: MCP tests
7578
}
7679
"""
7780

81+
@InvalidMCPFileAuthConfig
7882
Scenario: Check if streaming_query endpoint reports error when MCP file-based invalid auth token is passed
7983
Given The system is in default state
8084
When I use "streaming_query" to ask question with authorization header
@@ -93,7 +97,7 @@ Feature: MCP tests
9397
"""
9498

9599
# Kubernetes
96-
@MCPKubernetesConfig
100+
@MCPKubernetesAuthConfig
97101
Scenario: Check if tools endpoint succeeds when MCP kubernetes auth token is passed
98102
Given The system is in default state
99103
And I set the Authorization header to Bearer kubernetes-test-token
@@ -102,6 +106,7 @@ Feature: MCP tests
102106
And The body of the response contains mcp-kubernetes
103107

104108
@skip-in-library-mode # will be fixed in LCORE-1428
109+
@MCPKubernetesAuthConfig
105110
Scenario: Check if query endpoint succeeds when MCP kubernetes auth token is passed
106111
Given The system is in default state
107112
And I set the Authorization header to Bearer kubernetes-test-token
@@ -117,6 +122,7 @@ Feature: MCP tests
117122
And The token metrics should have increased
118123

119124
@skip-in-library-mode # will be fixed in LCORE-1428
125+
@MCPKubernetesAuthConfig
120126
Scenario: Check if streaming_query endpoint succeeds when MCP kubernetes auth token is passed
121127
Given The system is in default state
122128
And I set the Authorization header to Bearer kubernetes-test-token
@@ -132,6 +138,7 @@ Feature: MCP tests
132138
| Hello |
133139
And The token metrics should have increased
134140

141+
@MCPKubernetesAuthConfig
135142
Scenario: Check if tools endpoint reports error when MCP kubernetes invalid auth token is passed
136143
Given The system is in default state
137144
And I set the Authorization header to Bearer kubernetes-invalid-token
@@ -147,6 +154,7 @@ Feature: MCP tests
147154
}
148155
"""
149156

157+
@MCPKubernetesAuthConfig
150158
Scenario: Check if query endpoint reports error when MCP kubernetes invalid auth token is passed
151159
Given The system is in default state
152160
And I set the Authorization header to Bearer kubernetes-invalid-token
@@ -165,6 +173,7 @@ Feature: MCP tests
165173
}
166174
"""
167175

176+
@MCPKubernetesAuthConfig
168177
Scenario: Check if streaming_query endpoint reports error when MCP kubernetes invalid auth token is passed
169178
Given The system is in default state
170179
And I set the Authorization header to Bearer kubernetes-invalid-token
@@ -184,13 +193,14 @@ Feature: MCP tests
184193
"""
185194

186195
# Client-provided
187-
@MCPClientConfig
196+
@MCPClientAuthConfig
188197
Scenario: Check if tools endpoint succeeds by skipping when MCP client-provided auth token is omitted
189198
Given The system is in default state
190199
When I access REST API endpoint "tools" using HTTP GET method
191200
Then The status code of the response is 200
192201
And The body of the response does not contain mcp-client
193202

203+
@MCPClientAuthConfig
194204
Scenario: Check if query endpoint succeeds by skipping when MCP client-provided auth token is omitted
195205
Given The system is in default state
196206
And I capture the current token metrics
@@ -204,6 +214,7 @@ Feature: MCP tests
204214
| Hello |
205215
And The token metrics should have increased
206216

217+
@MCPClientAuthConfig
207218
Scenario: Check if streaming_query endpoint succeeds by skipping when MCP client-provided auth token is omitted
208219
Given The system is in default state
209220
And I capture the current token metrics
@@ -218,6 +229,7 @@ Feature: MCP tests
218229
| Hello |
219230
And The token metrics should have increased
220231

232+
@MCPClientAuthConfig
221233
Scenario: Check if tools endpoint succeeds when MCP client-provided auth token is passed
222234
Given The system is in default state
223235
And I set the "MCP-HEADERS" header to
@@ -229,6 +241,7 @@ Feature: MCP tests
229241
And The body of the response contains mcp-client
230242

231243
@skip-in-library-mode # will be fixed in LCORE-1428
244+
@MCPClientAuthConfig
232245
Scenario: Check if query endpoint succeeds when MCP client-provided auth token is passed
233246
Given The system is in default state
234247
And I set the "MCP-HEADERS" header to
@@ -247,6 +260,7 @@ Feature: MCP tests
247260
And The token metrics should have increased
248261

249262
@skip-in-library-mode # will be fixed in LCORE-1428
263+
@MCPClientAuthConfig
250264
Scenario: Check if streaming_query endpoint succeeds when MCP client-provided auth token is passed
251265
Given The system is in default state
252266
And I set the "MCP-HEADERS" header to
@@ -265,6 +279,7 @@ Feature: MCP tests
265279
| Hello |
266280
And The token metrics should have increased
267281

282+
@MCPClientAuthConfig
268283
Scenario: Check if tools endpoint reports error when MCP client-provided invalid auth token is passed
269284
Given The system is in default state
270285
And I set the "MCP-HEADERS" header to
@@ -283,6 +298,7 @@ Feature: MCP tests
283298
}
284299
"""
285300

301+
@MCPClientAuthConfig
286302
Scenario: Check if query endpoint reports error when MCP client-provided invalid auth token is passed
287303
Given The system is in default state
288304
And I set the "MCP-HEADERS" header to
@@ -304,6 +320,7 @@ Feature: MCP tests
304320
}
305321
"""
306322

323+
@MCPClientAuthConfig
307324
Scenario: Check if streaming_query endpoint reports error when MCP client-provided invalid auth token is passed
308325
Given The system is in default state
309326
And I set the "MCP-HEADERS" header to
@@ -327,7 +344,7 @@ Feature: MCP tests
327344

328345
# OAuth
329346

330-
@MCPOAuthConfig
347+
@MCPOAuthAuthConfig
331348
Scenario: Check if tools endpoint reports error when MCP OAuth requires authentication
332349
Given The system is in default state
333350
When I access REST API endpoint "tools" using HTTP GET method
@@ -343,6 +360,7 @@ Feature: MCP tests
343360
"""
344361
And The headers of the response contains the following header "www-authenticate"
345362

363+
@MCPOAuthAuthConfig
346364
Scenario: Check if query endpoint reports error when MCP OAuth requires authentication
347365
Given The system is in default state
348366
When I use "query" to ask question
@@ -361,6 +379,7 @@ Feature: MCP tests
361379
"""
362380
And The headers of the response contains the following header "www-authenticate"
363381

382+
@MCPOAuthAuthConfig
364383
Scenario: Check if streaming_query endpoint reports error when MCP OAuth requires authentication
365384
Given The system is in default state
366385
When I use "streaming_query" to ask question
@@ -379,6 +398,7 @@ Feature: MCP tests
379398
"""
380399
And The headers of the response contains the following header "www-authenticate"
381400

401+
@MCPOAuthAuthConfig
382402
Scenario: Check if tools endpoint succeeds when MCP OAuth auth token is passed
383403
Given The system is in default state
384404
And I set the "MCP-HEADERS" header to
@@ -390,6 +410,7 @@ Feature: MCP tests
390410
And The body of the response contains mcp-oauth
391411

392412
@skip-in-library-mode # will be fixed in LCORE-1428
413+
@MCPOAuthAuthConfig
393414
Scenario: Check if query endpoint succeeds when MCP OAuth auth token is passed
394415
Given The system is in default state
395416
And I set the "MCP-HEADERS" header to
@@ -408,6 +429,7 @@ Feature: MCP tests
408429
And The token metrics should have increased
409430

410431
@skip-in-library-mode # will be fixed in LCORE-1428
432+
@MCPOAuthAuthConfig
411433
Scenario: Check if streaming_query endpoint succeeds when MCP OAuth auth token is passed
412434
Given The system is in default state
413435
And I set the "MCP-HEADERS" header to
@@ -426,6 +448,7 @@ Feature: MCP tests
426448
| Hello |
427449
And The token metrics should have increased
428450

451+
@MCPOAuthAuthConfig
429452
Scenario: Check if tools endpoint reports error when MCP OAuth invalid auth token is passed
430453
Given The system is in default state
431454
And I set the "MCP-HEADERS" header to
@@ -445,6 +468,7 @@ Feature: MCP tests
445468
"""
446469
And The headers of the response contains the following header "www-authenticate"
447470

471+
@MCPOAuthAuthConfig
448472
Scenario: Check if query endpoint reports error when MCP OAuth invalid auth token is passed
449473
Given The system is in default state
450474
And I set the "MCP-HEADERS" header to
@@ -467,6 +491,7 @@ Feature: MCP tests
467491
"""
468492
And The headers of the response contains the following header "www-authenticate"
469493

494+
@MCPOAuthAuthConfig
470495
Scenario: Check if streaming_query endpoint reports error when MCP OAuth invalid auth token is passed
471496
Given The system is in default state
472497
And I set the "MCP-HEADERS" header to
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
invalid-token

0 commit comments

Comments
 (0)