Summary
The sso_entra_admin_groups setting in mcpgateway/config.py uses Annotated[list[str], NoDecode()] but is not included in the _parse_list_from_env field validator.
Details
All other list[str] settings with NoDecode are validated by _parse_list_from_env (line 1530):
sso_trusted_domains ✅sso_auto_admin_domains ✅sso_github_admin_orgs ✅sso_google_admin_domains ✅insecure_queryparam_auth_allowed_hosts ✅
But sso_entra_admin_groups (line 259) is missing from this validator, despite using the same type annotation and description format ("CSV/JSON").
Fix
Add "sso_entra_admin_groups" to the @field_validator decorator at line 1530:
@field_validator(
"sso_entra_admin_groups", # Add this line
"sso_trusted_domains",
"sso_auto_admin_domains",
"sso_github_admin_orgs",
"sso_google_admin_domains",
"insecure_queryparam_auth_allowed_hosts",
mode="before",
)Impact
Without this validator, environment variable values for SSO_ENTRA_ADMIN_GROUPS may not be properly parsed from CSV or JSON format strings.
Summary
The
sso_entra_admin_groupssetting inmcpgateway/config.pyusesAnnotated[list[str], NoDecode()]but is not included in the_parse_list_from_envfield validator.Details
All other
list[str]settings withNoDecodeare validated by_parse_list_from_env(line 1530):sso_trusted_domains✅sso_auto_admin_domains✅sso_github_admin_orgs✅sso_google_admin_domains✅insecure_queryparam_auth_allowed_hosts✅But
sso_entra_admin_groups(line 259) is missing from this validator, despite using the same type annotation and description format ("CSV/JSON").Fix
Add
"sso_entra_admin_groups"to the@field_validatordecorator at line 1530:Impact
Without this validator, environment variable values for
SSO_ENTRA_ADMIN_GROUPSmay not be properly parsed from CSV or JSON format strings.