Fix ci issues

Signed-off-by: Jeremy Alvis <jeremy.alvis@solo.io>

Author: iplay88keys

go/api/config/crd/bases/kagent.dev_modelconfigs.yaml

@@ -652,17 +652,18 @@ spec:
                 properties:
                   caCertSecretKey:
                     description: |-
-                      CACertSecretKey is the key within the Secret that contains the CA certificate data.
-                      This field follows the same pattern as APIKeySecretKey.
-                      Required when CACertSecretRef is set (unless DisableVerify is true).
+                      CACertSecretKey is the key within the Secret that contains the
+                      CA certificate data (PEM-encoded). Required when CACertSecretRef
+                      is set (unless DisableVerify is true).
                     type: string
                   caCertSecretRef:
                     description: |-
                       CACertSecretRef is a reference to a Kubernetes Secret containing
                       CA certificate(s) in PEM format. The Secret must be in the same
-                      namespace as the ModelConfig.
-                      When set, the certificate will be used to verify the provider's SSL certificate.
-                      This field follows the same pattern as APIKeySecret.
+                      namespace as the resource referencing it (ModelConfig,
+                      RemoteMCPServer, or any future consumer of TLSConfig).
+                      When set, the certificate will be used to verify the upstream's
+                      SSL certificate.
                     type: string
                   disableSystemCAs:
                     default: false

go/api/config/crd/bases/kagent.dev_remotemcpservers.yaml

@@ -192,17 +192,18 @@ spec:
                 properties:
                   caCertSecretKey:
                     description: |-
-                      CACertSecretKey is the key within the Secret that contains the CA certificate data.
-                      This field follows the same pattern as APIKeySecretKey.
-                      Required when CACertSecretRef is set (unless DisableVerify is true).
+                      CACertSecretKey is the key within the Secret that contains the
+                      CA certificate data (PEM-encoded). Required when CACertSecretRef
+                      is set (unless DisableVerify is true).
                     type: string
                   caCertSecretRef:
                     description: |-
                       CACertSecretRef is a reference to a Kubernetes Secret containing
                       CA certificate(s) in PEM format. The Secret must be in the same
-                      namespace as the ModelConfig.
-                      When set, the certificate will be used to verify the provider's SSL certificate.
-                      This field follows the same pattern as APIKeySecret.
+                      namespace as the resource referencing it (ModelConfig,
+                      RemoteMCPServer, or any future consumer of TLSConfig).
+                      When set, the certificate will be used to verify the upstream's
+                      SSL certificate.
                     type: string
                   disableSystemCAs:
                     default: false

go/api/v1alpha2/modelconfig_types.go

@@ -294,15 +294,16 @@ type TLSConfig struct {
 
 	// CACertSecretRef is a reference to a Kubernetes Secret containing
 	// CA certificate(s) in PEM format. The Secret must be in the same
-	// namespace as the ModelConfig.
-	// When set, the certificate will be used to verify the provider's SSL certificate.
-	// This field follows the same pattern as APIKeySecret.
+	// namespace as the resource referencing it (ModelConfig,
+	// RemoteMCPServer, or any future consumer of TLSConfig).
+	// When set, the certificate will be used to verify the upstream's
+	// SSL certificate.
 	// +optional
 	CACertSecretRef string `json:"caCertSecretRef,omitempty"`
 
-	// CACertSecretKey is the key within the Secret that contains the CA certificate data.
-	// This field follows the same pattern as APIKeySecretKey.
-	// Required when CACertSecretRef is set (unless DisableVerify is true).
+	// CACertSecretKey is the key within the Secret that contains the
+	// CA certificate data (PEM-encoded). Required when CACertSecretRef
+	// is set (unless DisableVerify is true).
 	// +optional
 	CACertSecretKey string `json:"caCertSecretKey,omitempty"`
 

go/core/internal/controller/reconciler/reconciler.go

@@ -1130,7 +1130,7 @@ func (a *kagentReconciler) buildRemoteMCPServerTLSConfig(ctx context.Context, s
 // requests. When tlsConfig is non-nil it's installed on a cloned
 // transport so tool discovery honors RemoteMCPServer.spec.tls.
 func newHTTPClient(headers map[string]string, timeout time.Duration, tlsConfig *tls.Config) *http.Client {
-	var base http.RoundTripper = http.DefaultTransport
+	var base = http.DefaultTransport
 	if tlsConfig != nil {
 		// Clone the default transport to preserve its dial/keepalive
 		// settings (proxies, dual-stack, HTTP/2) and override only the

go/core/internal/controller/translator/agent/adk_api_translator.go

@@ -415,7 +415,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			},
 		}
 		// Populate TLS fields in BaseModel
-		openai.BaseModel.TLSInsecureSkipVerify, openai.BaseModel.TLSCACertPath, openai.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		openai.TLSInsecureSkipVerify, openai.TLSCACertPath, openai.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		// Populate TokenExchange fields (OpenAI-specific)
 		addTokenExchangeConfiguration(openai, modelDeploymentData, &model.Spec)
 		openai.APIKeyPassthrough = model.Spec.APIKeyPassthrough
@@ -473,7 +473,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			},
 		}
 		// Populate TLS fields in BaseModel
-		anthropic.BaseModel.TLSInsecureSkipVerify, anthropic.BaseModel.TLSCACertPath, anthropic.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		anthropic.TLSInsecureSkipVerify, anthropic.TLSCACertPath, anthropic.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		anthropic.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		if model.Spec.Anthropic != nil {
@@ -522,7 +522,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			},
 		}
 		// Populate TLS fields in BaseModel
-		azureOpenAI.BaseModel.TLSInsecureSkipVerify, azureOpenAI.BaseModel.TLSCACertPath, azureOpenAI.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		azureOpenAI.TLSInsecureSkipVerify, azureOpenAI.TLSCACertPath, azureOpenAI.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		azureOpenAI.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		return azureOpenAI, modelDeploymentData, secretHashBytes, nil
@@ -567,7 +567,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			},
 		}
 		// Populate TLS fields in BaseModel
-		gemini.BaseModel.TLSInsecureSkipVerify, gemini.BaseModel.TLSCACertPath, gemini.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		gemini.TLSInsecureSkipVerify, gemini.TLSCACertPath, gemini.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		gemini.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		return gemini, modelDeploymentData, secretHashBytes, nil
@@ -608,7 +608,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			},
 		}
 		// Populate TLS fields in BaseModel
-		anthropic.BaseModel.TLSInsecureSkipVerify, anthropic.BaseModel.TLSCACertPath, anthropic.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		anthropic.TLSInsecureSkipVerify, anthropic.TLSCACertPath, anthropic.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		anthropic.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		return anthropic, modelDeploymentData, secretHashBytes, nil
@@ -632,7 +632,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			Options: model.Spec.Ollama.Options,
 		}
 		// Populate TLS fields in BaseModel
-		ollama.BaseModel.TLSInsecureSkipVerify, ollama.BaseModel.TLSCACertPath, ollama.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		ollama.TLSInsecureSkipVerify, ollama.TLSCACertPath, ollama.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		ollama.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		return ollama, modelDeploymentData, secretHashBytes, nil
@@ -655,7 +655,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			},
 		}
 		// Populate TLS fields in BaseModel
-		gemini.BaseModel.TLSInsecureSkipVerify, gemini.BaseModel.TLSCACertPath, gemini.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		gemini.TLSInsecureSkipVerify, gemini.TLSCACertPath, gemini.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		return gemini, modelDeploymentData, secretHashBytes, nil
 	case v1alpha2.ModelProviderBedrock:
 		if model.Spec.Bedrock == nil {
@@ -743,7 +743,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 		}
 
 		// Populate TLS fields in BaseModel
-		bedrock.BaseModel.TLSInsecureSkipVerify, bedrock.BaseModel.TLSCACertPath, bedrock.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		bedrock.TLSInsecureSkipVerify, bedrock.TLSCACertPath, bedrock.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		bedrock.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		return bedrock, modelDeploymentData, secretHashBytes, nil
@@ -792,7 +792,7 @@ func (a *adkApiTranslator) translateModel(ctx context.Context, namespace, modelC
 			AuthUrl:       model.Spec.SAPAICore.AuthURL,
 		}
 
-		sapAICore.BaseModel.TLSInsecureSkipVerify, sapAICore.BaseModel.TLSCACertPath, sapAICore.BaseModel.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
+		sapAICore.TLSInsecureSkipVerify, sapAICore.TLSCACertPath, sapAICore.TLSDisableSystemCAs = deriveTLSFields(model.Spec.TLS)
 		sapAICore.APIKeyPassthrough = model.Spec.APIKeyPassthrough
 
 		return sapAICore, modelDeploymentData, secretHashBytes, nil

go/core/internal/httpserver/handlers/toolservers.go

@@ -170,6 +170,10 @@ func (h *ToolServersHandler) handleCreateRemoteMCPServer(w ErrorResponseWriter,
 		"toolServerName", toolRef.Name,
 		"toolServerNamespace", toolRef.Namespace,
 	)
+	if err := Check(h.Authorizer, r, auth.Resource{Type: "ToolServer", Name: toolRef.String()}); err != nil {
+		w.RespondWithError(err)
+		return
+	}
 
 	if err := h.KubeClient.Create(r.Context(), toolServerRequest); err != nil {
 		w.RespondWithError(errors.NewInternalServerError("Failed to create RemoteMCPServer in Kubernetes", err))

go/core/internal/httpserver/handlers/toolservers_test.go

@@ -27,9 +27,22 @@ import (
 	"github.com/kagent-dev/kagent/go/core/internal/httpserver/auth"
 	"github.com/kagent-dev/kagent/go/core/internal/httpserver/handlers"
 	common "github.com/kagent-dev/kagent/go/core/internal/utils"
+	pkgauth "github.com/kagent-dev/kagent/go/core/pkg/auth"
 	"github.com/kagent-dev/kmcp/api/v1alpha1"
 )
 
+// denyAuthorizer satisfies pkgauth.Authorizer by refusing every Check.
+// Used to pin the authorization gate on the create endpoints: a request
+// from an unauthorized caller must surface a 403 BEFORE the handler
+// reaches KubeClient.Create or createOrUpdateCompanionSecrets.
+type denyAuthorizer struct{}
+
+func (denyAuthorizer) Check(_ context.Context, _ pkgauth.Principal, _ pkgauth.Verb, _ pkgauth.Resource) error {
+	return assert.AnError
+}
+
+var _ pkgauth.Authorizer = denyAuthorizer{}
+
 func TestToolServersHandler(t *testing.T) {
 	scheme := runtime.NewScheme()
 
@@ -564,6 +577,83 @@ func TestToolServersHandler(t *testing.T) {
 			assert.Equal(t, []byte("OLD"), fresh.Data["ca.crt"])
 		})
 
+		// AuthorizationRequired_RemoteMCPServer pins the authz gate on the
+		// RMS create path. A caller the authorizer rejects must get a 403
+		// AND no RMS, no companion Secret should land in the cluster.
+		t.Run("AuthorizationRequired_RemoteMCPServer", func(t *testing.T) {
+			handler, kubeClient, _, responseRecorder := setupHandler(t)
+			// Swap the Noop authorizer for one that denies every Check.
+			handler.Authorizer = denyAuthorizer{}
+
+			reqBody := &handlers.ToolServerCreateRequest{
+				Type: "RemoteMCPServer",
+				RemoteMCPServer: &v1alpha2.RemoteMCPServer{
+					ObjectMeta: metav1.ObjectMeta{Name: "denied-rms", Namespace: "default"},
+					Spec: v1alpha2.RemoteMCPServerSpec{
+						Description: "should not be created",
+						URL:         "https://x/y",
+					},
+				},
+				Secrets: []api.SecretMaterial{
+					{Name: "denied-rms-ca", Key: "ca.crt", Value: "PEM"},
+				},
+			}
+			jsonBody, _ := json.Marshal(reqBody)
+			req := httptest.NewRequest("POST", "/api/toolservers/", bytes.NewBuffer(jsonBody))
+			req.Header.Set("Content-Type", "application/json")
+			req = setUser(req, "unauthorized-user")
+
+			handler.HandleCreateToolServer(responseRecorder, req)
+
+			assert.Equal(t, http.StatusForbidden, responseRecorder.Code,
+				"unauthorized RMS create must surface 403")
+			// Neither the RMS nor the companion Secret should have been
+			// created — the authz gate fires before any KubeClient.Create.
+			rms := &v1alpha2.RemoteMCPServer{}
+			err := kubeClient.Get(context.Background(),
+				ctrl_client.ObjectKey{Namespace: "default", Name: "denied-rms"}, rms)
+			assert.Error(t, err, "denied request must not create the RemoteMCPServer")
+			secret := &corev1.Secret{}
+			err = kubeClient.Get(context.Background(),
+				ctrl_client.ObjectKey{Namespace: "default", Name: "denied-rms-ca"}, secret)
+			assert.Error(t, err, "denied request must not create the companion Secret")
+		})
+
+		// AuthorizationRequired_MCPServer pins the symmetric authz gate
+		// on the kmcp MCPServer create path, so a regression on either
+		// branch surfaces in the test suite.
+		t.Run("AuthorizationRequired_MCPServer", func(t *testing.T) {
+			handler, kubeClient, _, responseRecorder := setupHandler(t)
+			handler.Authorizer = denyAuthorizer{}
+
+			reqBody := &handlers.ToolServerCreateRequest{
+				Type: "MCPServer",
+				MCPServer: &v1alpha1.MCPServer{
+					ObjectMeta: metav1.ObjectMeta{Name: "denied-mcp", Namespace: "default"},
+					Spec: v1alpha1.MCPServerSpec{
+						Deployment: v1alpha1.MCPServerDeployment{
+							Image: "example/kmcp:latest",
+							Port:  8080,
+							Cmd:   "/bin/serve",
+						},
+					},
+				},
+			}
+			jsonBody, _ := json.Marshal(reqBody)
+			req := httptest.NewRequest("POST", "/api/toolservers/", bytes.NewBuffer(jsonBody))
+			req.Header.Set("Content-Type", "application/json")
+			req = setUser(req, "unauthorized-user")
+
+			handler.HandleCreateToolServer(responseRecorder, req)
+
+			assert.Equal(t, http.StatusForbidden, responseRecorder.Code,
+				"unauthorized MCPServer create must surface 403")
+			mcp := &v1alpha1.MCPServer{}
+			err := kubeClient.Get(context.Background(),
+				ctrl_client.ObjectKey{Namespace: "default", Name: "denied-mcp"}, mcp)
+			assert.Error(t, err, "denied request must not create the MCPServer")
+		})
+
 		t.Run("ToolServerAlreadyExists", func(t *testing.T) {
 			handler, kubeClient, _, responseRecorder := setupHandler(t)
 

go/core/test/e2e/remotemcpserver_tls_test.go

@@ -29,6 +29,7 @@ import (
 	"math/big"
 	"net"
 	"net/http"
+	"strings"
 	"testing"
 	"time"
 
@@ -52,11 +53,11 @@ import (
 // mock LLM.
 type mockmcpFixture struct {
 	server      *mockmcp.Server
-	baseURL     string  // dial URL from inside the cluster
-	mcpURL      string  // dial URL with the /mcp path appended
-	sseURL      string  // dial URL with the /sse path appended
-	caCertPEM   []byte  // when TLS, the PEM bundle to install as a Secret (nil for plaintext fixtures)
-	hostBindURL string  // local 127.0.0.1 URL for debug logging — NOT the cluster-facing URL
+	baseURL     string // dial URL from inside the cluster
+	mcpURL      string // dial URL with the /mcp path appended
+	sseURL      string // dial URL with the /sse path appended
+	caCertPEM   []byte // when TLS, the PEM bundle to install as a Secret (nil for plaintext fixtures)
+	hostBindURL string // local 127.0.0.1 URL for debug logging — NOT the cluster-facing URL
 }
 
 // setupMockMCP starts a mockmcp fixture. When withTLS is true a fresh
@@ -102,7 +103,12 @@ func setupMockMCP(t *testing.T, withTLS bool, opts mockmcp.Options) *mockmcpFixt
 		_ = server.Stop(ctx)
 	})
 
-	clusterURL := buildK8sURL(hostURL)
+	// buildK8sURL hard-codes "http://" — fine for the mockllm path it
+	// was written for, but mockmcp's TLS scenarios serve HTTPS and the
+	// scheme must round-trip to the controller's dial config. Reuse
+	// buildK8sURL to pick the right host (kind gateway IP / docker
+	// alias), then restore the actual scheme mockmcp listened on.
+	clusterURL := strings.Replace(buildK8sURL(hostURL), "http://", schemeOf(hostURL)+"://", 1)
 
 	return &mockmcpFixture{
 		server:      server,
@@ -114,6 +120,18 @@ func setupMockMCP(t *testing.T, withTLS bool, opts mockmcp.Options) *mockmcpFixt
 	}
 }
 
+// schemeOf returns "http" or "https" depending on the URL's prefix.
+// Used by setupMockMCP to preserve mockmcp's actual listening scheme
+// when buildK8sURL rewrites the host (which it does by string-edit,
+// not by url.Parse, so it can't be asked to preserve the scheme
+// itself without changing its signature for one caller).
+func schemeOf(rawURL string) string {
+	if strings.HasPrefix(rawURL, "https://") {
+		return "https"
+	}
+	return "http"
+}
+
 // createCASecret writes the CA PEM produced by setupMockMCP into a
 // Kubernetes Secret in the kagent namespace under the given name and
 // key. Registers for cleanup. Returns the Secret so the caller can
@@ -223,15 +241,15 @@ func generateSelfSignedCert(t *testing.T, dnsNames []string, ips []net.IP) (cert
 	require.NoError(t, err)
 
 	tmpl := &x509.Certificate{
-		SerialNumber: big.NewInt(time.Now().UnixNano()),
-		Subject:      pkix.Name{CommonName: "kagent-e2e-mockmcp"},
-		NotBefore:    time.Now().Add(-time.Hour),
-		NotAfter:     time.Now().Add(24 * time.Hour),
-		KeyUsage:     x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
-		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		DNSNames:     dnsNames,
-		IPAddresses:  ips,
-		IsCA:         true,
+		SerialNumber:          big.NewInt(time.Now().UnixNano()),
+		Subject:               pkix.Name{CommonName: "kagent-e2e-mockmcp"},
+		NotBefore:             time.Now().Add(-time.Hour),
+		NotAfter:              time.Now().Add(24 * time.Hour),
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		DNSNames:              dnsNames,
+		IPAddresses:           ips,
+		IsCA:                  true,
 		BasicConstraintsValid: true,
 	}
 	der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &key.PublicKey, key)

helm/kagent-crds/templates/kagent.dev_modelconfigs.yaml

@@ -652,17 +652,18 @@ spec:
                 properties:
                   caCertSecretKey:
                     description: |-
-                      CACertSecretKey is the key within the Secret that contains the CA certificate data.
-                      This field follows the same pattern as APIKeySecretKey.
-                      Required when CACertSecretRef is set (unless DisableVerify is true).
+                      CACertSecretKey is the key within the Secret that contains the
+                      CA certificate data (PEM-encoded). Required when CACertSecretRef
+                      is set (unless DisableVerify is true).
                     type: string
                   caCertSecretRef:
                     description: |-
                       CACertSecretRef is a reference to a Kubernetes Secret containing
                       CA certificate(s) in PEM format. The Secret must be in the same
-                      namespace as the ModelConfig.
-                      When set, the certificate will be used to verify the provider's SSL certificate.
-                      This field follows the same pattern as APIKeySecret.
+                      namespace as the resource referencing it (ModelConfig,
+                      RemoteMCPServer, or any future consumer of TLSConfig).
+                      When set, the certificate will be used to verify the upstream's
+                      SSL certificate.
                     type: string
                   disableSystemCAs:
                     default: false