MCP access part 2: new role options, access checker, role editor

api/constants/constants.go

@@ -417,6 +417,9 @@ const (
 	// TraitGitHubOrgs is the name of the variable to specify the GitHub
 	// organizations for GitHub integration.
 	TraitGitHubOrgs = "github_orgs"
+	// TraitMCPTools is the name of the variable to specify the MCP tools for
+	// MCP servers.
+	TraitMCPTools = "mcp_tools"
 )
 
 const (

api/proto/teleport/legacy/types/types.proto

@@ -3802,6 +3802,9 @@ message RoleConditions {
   // WorkloadIdentityLabelsExpression is a predicate expression used to
   // allow/deny access to issuing a WorkloadIdentity.
   string WorkloadIdentityLabelsExpression = 45 [(gogoproto.jsontag) = "workload_identity_labels_expression,omitempty"];
+
+  // MCPPermissions defines MCP servers related permissions.
+  MCPPermissions MCP = 46 [(gogoproto.jsontag) = "mcp,omitempty"];
 }
 
 // IdentityCenterAccountAssignment captures an AWS Identity Center account
@@ -3816,6 +3819,15 @@ message GitHubPermission {
   repeated string organizations = 1 [(gogoproto.jsontag) = "orgs,omitempty"];
 }
 
+// MCPPermissions defines MCP servers related permissions.
+message MCPPermissions {
+  // Tools defines the list of tools allowed or denied for this role. Each entry
+  // can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular
+  // expression (must start with '^' and end with '$'). If the list is empty, no
+  // tools are allowed.
+  repeated string tools = 1;
+}
+
 // SPIFFERoleCondition sets out which SPIFFE identities this role is allowed or
 // denied to generate. The Path matcher is required, and is evaluated first. If,
 // the Path does not match then the other matcher fields are not evaluated.

api/types/role.go

@@ -298,6 +298,12 @@ type Role interface {
 	// GetIdentityCenterAccountAssignments sets the allow or deny Account
 	// Assignments for the role
 	SetIdentityCenterAccountAssignments(RoleConditionType, []IdentityCenterAccountAssignment)
+
+	// GetMCPPermissions returns the allow or deny MCP permissions.
+	GetMCPPermissions(RoleConditionType) *MCPPermissions
+	// SetMCPPermissions sets the allow or deny MCP permissions.
+	SetMCPPermissions(RoleConditionType, *MCPPermissions)
+
 	// Clone creats a copy of the role.
 	Clone() Role
 }
@@ -2275,6 +2281,23 @@ func (r *RoleV6) SetIdentityCenterAccountAssignments(rct RoleConditionType, assi
 	cond.AccountAssignments = assignments
 }
 
+// GetMCPPermissions returns the allow or deny MCP permissions.
+func (r *RoleV6) GetMCPPermissions(rct RoleConditionType) *MCPPermissions {
+	if rct == Allow {
+		return r.Spec.Allow.MCP
+	}
+	return r.Spec.Deny.MCP
+}
+
+// SetMCPPermissions sets the allow or deny MCP permissions.
+func (r *RoleV6) SetMCPPermissions(rct RoleConditionType, perms *MCPPermissions) {
+	if rct == Allow {
+		r.Spec.Allow.MCP = perms
+	} else {
+		r.Spec.Deny.MCP = perms
+	}
+}
+
 func (r *RoleV6) Clone() Role {
 	return utils.CloneProtoMsg(r)
 }

constants.go

@@ -654,6 +654,10 @@ const (
 	// TraitInternalGitHubOrgs is the variable used to store allowed GitHub
 	// organizations for GitHub integrations.
 	TraitInternalGitHubOrgs = "{{internal.github_orgs}}"
+
+	// TraitInternalMCPTools is the variable used to store allowed MCP tools for
+	// MCP servers.
+	TraitInternalMCPTools = "{{internal.mcp_tools}}"
 )
 
 // SCP is Secure Copy.

docs/pages/reference/operator-resources/resources-teleport-dev-roles.mdx

@@ -64,6 +64,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specallowkubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specallowmcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specallowrequest)||
@@ -124,6 +125,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.allow.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.allow.request
 
 |Field|Type|Description|
@@ -247,6 +254,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specdenykubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specdenymcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specdenyrequest)||
@@ -307,6 +315,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.deny.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.deny.request
 
 |Field|Type|Description|
@@ -533,6 +547,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specallowkubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specallowmcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specallowrequest)||
@@ -593,6 +608,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.allow.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.allow.request
 
 |Field|Type|Description|
@@ -716,6 +737,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specdenykubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specdenymcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specdenyrequest)||
@@ -776,6 +798,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.deny.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.deny.request
 
 |Field|Type|Description|

docs/pages/reference/operator-resources/resources-teleport-dev-rolesv6.mdx

@@ -64,6 +64,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specallowkubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specallowmcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specallowrequest)||
@@ -124,6 +125,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.allow.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.allow.request
 
 |Field|Type|Description|
@@ -247,6 +254,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specdenykubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specdenymcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specdenyrequest)||
@@ -307,6 +315,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.deny.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.deny.request
 
 |Field|Type|Description|

docs/pages/reference/operator-resources/resources-teleport-dev-rolesv7.mdx

@@ -64,6 +64,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specallowkubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specallowmcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specallowrequest)||
@@ -124,6 +125,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.allow.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.allow.request
 
 |Field|Type|Description|
@@ -247,6 +254,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specdenykubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specdenymcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specdenyrequest)||
@@ -307,6 +315,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.deny.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.deny.request
 
 |Field|Type|Description|

docs/pages/reference/operator-resources/resources-teleport-dev-rolesv8.mdx

@@ -64,6 +64,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specallowkubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specallowmcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specallowrequest)||
@@ -124,6 +125,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.allow.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.allow.request
 
 |Field|Type|Description|
@@ -247,6 +254,7 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |kubernetes_resources|[][object](#specdenykubernetes_resources-items)|KubernetesResources is the Kubernetes Resources this Role grants access to.|
 |kubernetes_users|[]string|KubeUsers is an optional kubernetes users to impersonate|
 |logins|[]string|Logins is a list of *nix system logins.|
+|mcp|[object](#specdenymcp)|MCPPermissions defines MCP servers related permissions.|
 |node_labels|object|NodeLabels is a map of node labels (used to dynamically grant access to nodes).|
 |node_labels_expression|string|NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.|
 |request|[object](#specdenyrequest)||
@@ -307,6 +315,12 @@ resource, which you can apply after installing the Teleport Kubernetes operator.
 |namespace|string|Namespace is the resource namespace. It supports wildcards.|
 |verbs|[]string|Verbs are the allowed Kubernetes verbs for the following resource.|
 
+### spec.deny.mcp
+
+|Field|Type|Description|
+|---|---|---|
+|tools|[]string|Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.|
+
 ### spec.deny.request
 
 |Field|Type|Description|

docs/pages/reference/terraform-provider/data-sources/role.mdx

@@ -79,6 +79,7 @@ Optional:
 - `kubernetes_resources` (Attributes List) KubernetesResources is the Kubernetes Resources this Role grants access to. (see [below for nested schema](#nested-schema-for-specallowkubernetes_resources))
 - `kubernetes_users` (List of String) KubeUsers is an optional kubernetes users to impersonate
 - `logins` (List of String) Logins is a list of *nix system logins.
+- `mcp` (Attributes) MCPPermissions defines MCP servers related permissions. (see [below for nested schema](#nested-schema-for-specallowmcp))
 - `node_labels` (Map of List of String) NodeLabels is a map of node labels (used to dynamically grant access to nodes).
 - `node_labels_expression` (String) NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.
 - `request` (Attributes) (see [below for nested schema](#nested-schema-for-specallowrequest))
@@ -145,6 +146,13 @@ Optional:
 - `verbs` (List of String) Verbs are the allowed Kubernetes verbs for the following resource.
 
 
+### Nested Schema for `spec.allow.mcp`
+
+Optional:
+
+- `tools` (List of String) Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.
+
+
 ### Nested Schema for `spec.allow.request`
 
 Optional:
@@ -279,6 +287,7 @@ Optional:
 - `kubernetes_resources` (Attributes List) KubernetesResources is the Kubernetes Resources this Role grants access to. (see [below for nested schema](#nested-schema-for-specdenykubernetes_resources))
 - `kubernetes_users` (List of String) KubeUsers is an optional kubernetes users to impersonate
 - `logins` (List of String) Logins is a list of *nix system logins.
+- `mcp` (Attributes) MCPPermissions defines MCP servers related permissions. (see [below for nested schema](#nested-schema-for-specdenymcp))
 - `node_labels` (Map of List of String) NodeLabels is a map of node labels (used to dynamically grant access to nodes).
 - `node_labels_expression` (String) NodeLabelsExpression is a predicate expression used to allow/deny access to SSH nodes.
 - `request` (Attributes) (see [below for nested schema](#nested-schema-for-specdenyrequest))
@@ -345,6 +354,13 @@ Optional:
 - `verbs` (List of String) Verbs are the allowed Kubernetes verbs for the following resource.
 
 
+### Nested Schema for `spec.deny.mcp`
+
+Optional:
+
+- `tools` (List of String) Tools defines the list of tools allowed or denied for this role. Each entry can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular expression (must start with '^' and end with '$'). If the list is empty, no tools are allowed.
+
+
 ### Nested Schema for `spec.deny.request`
 
 Optional: