Add policy demo sample for MCP Gateway

[mugiwaraluffy56]

summary

This adds a policy demo sample under config/samples/policy-demo.

The sample wires together local test MCP servers, MCPServerRegistration resources, virtual server views, and an optional AuthPolicy. It gives contributors a single place to try federation, backend credentials, custom paths, virtual servers, and tool-level authorization with the local environment.

testing

• kubectl kustomize config/samples/policy-demo
• git diff --check

I also checked the optional AuthPolicy manifest by inspection. A client dry-run tried to reach a local Kubernetes API server in this environment, so I did not count that as a manifest validation result.

Summary by CodeRabbit

• Documentation
  • Added a comprehensive policy demonstration sample including documentation and example manifests for deploying and securing MCP servers in production environments. Features Keycloak JWT authentication, fine-grained authorization checks based on user roles and tool permissions, virtual server configurations for tool organization and isolation, and MCP server registrations with credential management and custom request path support.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new policy-demo sample configuration for MCP Gateway, comprising five test MCP server registrations with tool prefixes, three virtual servers exposing specific tool sets, a Keycloak JWT-based AuthPolicy for tool access control, and supporting documentation with usage examples.

Changes

Cohort / File(s)	Summary
Policy Demo Sample config/samples/policy-demo/README.md, config/samples/policy-demo/kustomization.yaml, config/samples/policy-demo/mcpserverregistrations.yaml, config/samples/policy-demo/mcpvirtualservers.yaml, config/samples/policy-demo/authpolicy.yaml	New sample configuration introducing five MCP server registrations with varying credentials and request paths, three virtual servers with scoped tool sets, Keycloak JWT authentication policy, and detailed documentation explaining deployment, tool inspection, and authorization checks using router headers and JWT claims.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• doc-verifcation skill - suggested fixes #757: Aligns with router-set header names (x-mcp-servername, x-mcp-toolname) used in the new authpolicy manifest and documentation.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding a policy demo sample for MCP Gateway. It directly reflects the primary purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@config/samples/policy-demo/authpolicy.yaml`:
- Around line 21-23: The predicate is currently unconditional and can block
non-tool methods; update the predicate used in the policy to first check
request.method == "tools/call" and only then perform the existing
header-and-role validation (i.e., check request.headers['x-mcp-toolname']
against auth.identity.resource_access and the roles list), otherwise allow the
request; modify the predicate expression referenced as predicate (using
request.method, request.headers['x-mcp-toolname'], and
auth.identity.resource_access) so only tools/call is role-checked.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0a593aca-2450-4af6-be9a-94dfb4183c83

📥 Commits

Reviewing files that changed from the base of the PR and between 58e3a13 and 2a33b14.

📒 Files selected for processing (5)

• config/samples/policy-demo/README.md
• config/samples/policy-demo/authpolicy.yaml
• config/samples/policy-demo/kustomization.yaml
• config/samples/policy-demo/mcpserverregistrations.yaml
• config/samples/policy-demo/mcpvirtualservers.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Scope authorization to tools/call to avoid blocking non-tool methods.

Current predicate is unconditional; it can deny initialize/tools/list because they don’t carry a usable tool header. Add a method guard so only tools/call is role-checked.

Suggested patch

       'tool-access-check':
         patternMatching:
           patterns:
           - predicate: |
-              request.headers['x-mcp-toolname'] in (has(auth.identity.resource_access) && auth.identity.resource_access.exists(p, p == request.headers['x-mcp-servername']) ? auth.identity.resource_access[request.headers['x-mcp-servername']].roles : [])
+              request.headers['x-mcp-method'] != 'tools/call' || (
+                request.headers['x-mcp-toolname'] in (
+                  has(auth.identity.resource_access) &&
+                  auth.identity.resource_access.exists(p, p == request.headers['x-mcp-servername'])
+                    ? auth.identity.resource_access[request.headers['x-mcp-servername']].roles
+                    : []
+                )
+              )

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- predicate: |
	request.headers['x-mcp-toolname'] in (has(auth.identity.resource_access) && auth.identity.resource_access.exists(p, p == request.headers['x-mcp-servername']) ? auth.identity.resource_access[request.headers['x-mcp-servername']].roles : [])
	response:
	- predicate: |
	request.headers['x-mcp-method'] != 'tools/call' || (
	request.headers['x-mcp-toolname'] in (
	has(auth.identity.resource_access) &&
	auth.identity.resource_access.exists(p, p == request.headers['x-mcp-servername'])
	? auth.identity.resource_access[request.headers['x-mcp-servername']].roles
	: []
	)
	)
	response:

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@config/samples/policy-demo/authpolicy.yaml` around lines 21 - 23, The
predicate is currently unconditional and can block non-tool methods; update the
predicate used in the policy to first check request.method == "tools/call" and
only then perform the existing header-and-role validation (i.e., check
request.headers['x-mcp-toolname'] against auth.identity.resource_access and the
roles list), otherwise allow the request; modify the predicate expression
referenced as predicate (using request.method,
request.headers['x-mcp-toolname'], and auth.identity.resource_access) so only
tools/call is role-checked.