feat(validation): add pre-execution validation layer

[nader-ziada]

Add validation middleware that catches errors before they reach the Kubernetes API.

Changes:

• Resource validation: catches typos in resource types (GVK)
• Schema validation: validates manifests against OpenAPI schema
• RBAC validation: pre-checks permissions using SelfSubjectAccessReview
• All validators are enabled by default and can be configured via environment variables (MCP_VALIDATION_*) or TOML config.

Closes #775

[matzew]

@Cali0707 just wondering (un releated) some sort of validation of "larger cluster" access would be nice for multi-cluster/acm use-case. I think we currently list all "managed clusters", w/o some sort of "validation"

[manusa]

Note that we already have a canIUser method defined here:

kubernetes-mcp-server/pkg/kubernetes/resources.go

Lines 232 to 248 in dbc1bd0

	func (c *Core) canIUse(ctx context.Context, gvr *schema.GroupVersionResource, namespace, verb string) bool {
	accessReviews := c.AuthorizationV1().SelfSubjectAccessReviews()
	response, err := accessReviews.Create(ctx, &authv1.SelfSubjectAccessReview{
	Spec: authv1.SelfSubjectAccessReviewSpec{ResourceAttributes: &authv1.ResourceAttributes{
	Namespace: namespace,
	Verb: verb,
	Group: gvr.Group,
	Version: gvr.Version,
	Resource: gvr.Resource,
	}},
	}, metav1.CreateOptions{})
	if err != nil {
	// TODO: maybe return the error too
	return false
	}
	return response.Status.Allowed
	}

[nader-ziada]

both methods are unexposed (private methods) and serve different purposes in different contexts
I prefer to have them in different packages with clear separation of concerns.

but let me know if you prefer to combine them somehow and I can do that

[manusa]

Just noting in the context of the downstream issue that relates to this fix.
I'm not sure that if in that context, we might just want to put this in the AccessControlRoundTripper.
Here, we're already checking for denied resources in the configuration (for example)

[nader-ziada]

my understanding is that AccessControlRoundTripper checks configured denials (checks against a static deny list that the server operator configures. This is separate from Kubernetes RBAC) while the RBACValidator checks actual RBAC (what the cluster says about the current user's permissions)

Are you saying we don't need the RBACValidator since we will get the AccessControlRoundTripper check anyways? but the error message and logging would be different?

[manusa]

No, I was saying that maybe (if we're just tackling the downstream issue -it's unclear to me the scope of it since it's not properly described-) we can just add RBAC validation to the roundrtipper (simple solution: KISS, YAGNI)

In any case, I'll review everything else in the issue.

What I'd also suggest is to make this opt-in for a couple of vesions at least upstream, since it might have side-effects we haven't accounted for.

[manusa]

Thx for putting this together.
I gave it an initial look and added a few comments.

[nader-ziada]

made a refactor of how this works, sorry to the reviewers, to make work from the kubernetes pkg instead of the mcp pkg, now more dynamic and flexible. also disabled by default.

[manusa]

I think that the decoupling from the mcp layer is going great, thx.
I added some more comments regarding the new approach.

[manusa]

I don't recall we support config overrides through environment variables at the moment, we do support those through CLI flags.

Is there any reason why we need to be able to override this through an environment variable?

[nader-ziada]

removed

[manusa]

Are we planning to add more config options to validation?
If so, I understand the nesting of the config into a different struct.
If not, why is the nesting needed?

[nader-ziada]

i originally had different flags for each validator, but decided its too much complexity, will remove struct

[manusa]

This seems to be a substitute to the AccessControlRoundTripper, but the former is still retained (which is confusing).

I'm not sure if we prefer to make the composable and compose the when wiring together in kubernetes.go.
Or merging both into this one.
Whatever works better, but we should trim and clean up the redundant bits.

[nader-ziada]

merged the validation login into the AccessControlRoundTripper