fix(automl,autorag): extend dynamic port-forwarding to S3 and LlamaStack paths

[chrjones-rh]

https://issues.redhat.com/browse/RHOAIENG-58535

Description

Follow-up to #7281. The initial dynamic port-forwarding implementation only covered the DSPA middleware path in AttachPipelineServerClient. Three additional code paths also use in-cluster URLs that need rewriting for local development:

S3 resolveS3Client (both automl and autorag)

When the caller provides an explicit secretName query parameter, the attachPipelineClientIfNeeded shim skips AttachPipelineServerClient entirely — so the DSPA storage discovery and its port-forward rewriting never run. The S3 endpoint URL from the secret (e.g. http://minio-dspa.namespace.svc.cluster.local:9000) was used as-is, failing with no such host locally.

Fix: Add port-forward rewrite in resolveS3Client before S3 client creation, covering both the DSPA and explicit secretName paths.

LlamaStack AttachLlamaStackClientFromSecret (autorag)

The LlamaStack base URL is read from a K8s secret and used directly to create the client. When the secret contains an in-cluster URL (e.g. http://llama-stack-service.llama-stack.svc.cluster.local:8321), it's unreachable locally.

Fix: Add port-forward rewrite before LlamaStack client creation.

LlamaStack ListProviders auth token (autorag)

The ListProviders method intentionally strips the Authorization: Bearer header on HTTP requests to prevent token leakage over cleartext. After port-forwarding rewrites the URL to http://localhost:<port>, the scheme is HTTP and the token is dropped — causing the LlamaStack server to reject the request.

Fix: Allow the auth token to be sent over HTTP when the destination is localhost (traffic stays on loopback, never leaves the machine).

Safety

• S3 and LlamaStack middleware changes are guarded by app.portForwardManager != nil (requires DevMode=true, never set in production)
• The localhost auth token exception only applies when the hostname is literally localhost or 127.0.0.1 — secrets in production always contain in-cluster or external URLs

How Has This Been Tested?

• Verified S3 file browsing works locally with explicit secretName for managed MinIO
• Verified LlamaStack models and vector stores load locally via port-forwarded in-cluster service
• All automl and autorag BFF Go tests pass

Test Impact

No tests added — changes are dev-only port-forward rewriting following the same pattern established in #7281.

Request review criteria:

Self checklist (all need to be checked):

• The developer has manually tested the changes and verified that the changes work
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has added tests or explained why testing cannot be added
• The code follows our Best Practices

If you have UI changes:

• Included any necessary screenshots or gifs if it was a UI change.
• Included tags to the UX team if it was a UI/UX change.

N/A -- backend-only change, no UI impact.

After the PR is posted & before it merges:

• The developer has tested their solution on a cluster by using the image produced by the PR to main

Summary by CodeRabbit

• Infrastructure
  • Enhanced endpoint URL handling for local development environments.
  • Improved localhost authentication support for API client connections.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

Warning

Rate limit exceeded

@chrjones-rh has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 13 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 48 minutes and 13 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: ecccb540-1072-406c-ab15-064a6532516a

📥 Commits

Reviewing files that changed from the base of the PR and between acf5a82 and 95b4611.

📒 Files selected for processing (3)

• packages/automl/bff/internal/api/s3_handler.go
• packages/autorag/bff/internal/api/middleware.go
• packages/autorag/bff/internal/api/s3_handler.go

📝 Walkthrough

Walkthrough

This change adds port-forwarding capability for development environments across multiple service handlers. Three files conditionally rewrite endpoint URLs (S3 and llama_stack_client_base_url) when a portForwardManager is available (nil in production). Additionally, Authorization header logic in the llamastack client now includes localhost and 127.0.0.1 targets alongside HTTPS connections, expanding where bearer tokens are attached to requests.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Security Issues

CWE-522 (Insufficiently Protected Credentials) / CWE-295 (Improper Certificate Validation):
The expanded Authorization header logic now attaches bearer tokens to requests targeting localhost and 127.0.0.1 without verifying HTTPS. In development environments where port-forwarding is active, this could expose sensitive credentials over unencrypted HTTP if the forwarded endpoint uses HTTP. Verify that all forwarded services enforce TLS or that token transmission over HTTP is intentional and acceptable for dev-only code paths.

CWE-200 (Exposure of Sensitive Information):
The S3 endpoint rewriting silently ignores ForwardURL() errors. If the port-forward operation fails (e.g., misconfiguration, network issues), the original endpoint URL is used without logging or alerting. This could mask credential leakage if the endpoint URL contains sensitive information (e.g., temporary credentials embedded in the URL string). Confirm that S3 endpoint URLs in use never embed credentials inline.

CWE-1025 (Comparison Using Wrong Factors):
Middleware and S3 handler rewrite logic checks portForwardManager != nil but does not verify that the manager is in a valid/initialized state. If portForwardManager is instantiated but misconfigured, ForwardURL() could return unpredictable results. Add state validation before invoking forwarding operations.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately summarizes the main change: extending port-forwarding to S3 and LlamaStack paths in both automl and autorag packages.
Description check	✅ Passed	Description is comprehensive, covering all required sections: issue reference, detailed change explanations with context, testing performed, and self-checklist completion.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chrjones-rh]

@jefho-rh @nickmazzi @GAUNSD I hit some issues today when trying to test the execution of the latest air-gap cluster compatible pipeline yaml files for #7307 against cluster https://console-openshift-console.apps.ods-dis-rhoai-test.aws.rh-ods.com. The earlier port-forwarding changes fixed issues connecting to managed minio as part of retrieving pipeline results, but missed a couple other local development scenarios:

• connecting to managed minio instance when browsing for input data to the experiment
• connecting to the llama stack instance to query for vector store providers and models when it is not accessible outside the cluster

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.97%. Comparing base (ab20759) to head (95b4611).
⚠️ Report is 13 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7310      +/-   ##
==========================================
+ Coverage   63.92%   64.97%   +1.05%     
==========================================
  Files        2502     2447      -55     
  Lines       77696    76159    -1537     
  Branches    19756    19216     -540     
==========================================
- Hits        49664    49488     -176     
+ Misses      28032    26671    -1361     

see 73 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ab20759...95b4611. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[chrjones-rh]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

🧹 Nitpick comments (3)

packages/automl/bff/internal/api/s3_handler.go (1)

149-155: Same silent-pfErr pattern — please log and fall through.

Matches the finding in autorag/.../middleware.go. The sibling AttachPipelineServerClient block already uses the logger.Warn + fallback pattern; this S3 endpoint rewrite should too, or dev-mode failures will surface as opaque S3 connection errors.

🔧 Proposed diff

 	if app.portForwardManager != nil && creds.EndpointURL != "" {
-		if rewritten, pfErr := app.portForwardManager.ForwardURL(ctx, creds.EndpointURL); pfErr == nil {
+		if rewritten, pfErr := app.portForwardManager.ForwardURL(ctx, creds.EndpointURL); pfErr != nil {
+			app.logger.Warn("dynamic port-forward failed for S3 endpoint, using original URL",
+				"error", pfErr, "url", creds.EndpointURL)
+		} else {
 			creds.EndpointURL = rewritten
 		}
 	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/automl/bff/internal/api/s3_handler.go` around lines 149 - 155, The
S3 endpoint rewrite currently swallows port-forward errors; update the block
that calls app.portForwardManager.ForwardURL so that when pfErr != nil it logs
the error (use the same logger.Warn pattern as AttachPipelineServerClient) and
then falls through without modifying creds.EndpointURL, and only assign
creds.EndpointURL = rewritten when pfErr == nil; reference
app.portForwardManager, creds.EndpointURL, and ForwardURL to locate and change
the code.

packages/autorag/bff/internal/api/middleware.go (1)

387-393: Port-forward error is silently swallowed — inconsistent with the sibling block 15 lines down.

AttachPipelineServerClient (lines 506-513) logs a warning on pfErr and falls back to the original URL, but this new LlamaStack block drops the error on the floor. In dev, that turns "port-forward failed" into a confusing DNS error later with no breadcrumb. Mirror the existing pattern for consistency and debuggability.

🔧 Proposed diff

 			if app.portForwardManager != nil {
-				if rewritten, pfErr := app.portForwardManager.ForwardURL(ctx, baseURL); pfErr == nil {
+				if rewritten, pfErr := app.portForwardManager.ForwardURL(ctx, baseURL); pfErr != nil {
+					logger.Warn("dynamic port-forward failed for LlamaStack base URL, using original URL",
+						"error", pfErr, "url", baseURL)
+				} else {
 					baseURL = rewritten
 				}
 			}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/autorag/bff/internal/api/middleware.go` around lines 387 - 393, The
LlamaStack dev-only port-forward block is silently dropping errors from
app.portForwardManager.ForwardURL which hides why requests later fail; update
the block that calls app.portForwardManager.ForwardURL(ctx, baseURL) to mirror
the sibling AttachPipelineServerClient behavior: if ForwardURL returns an error,
log a warning including the error and original baseURL (e.g. via
app.logger.Warnf or the same logger used in AttachPipelineServerClient) and then
continue using the original baseURL as the fallback. Ensure you reference the
same logging call/signature used in the sibling block so the behavior and
message format remain consistent.

packages/autorag/bff/internal/api/s3_handler.go (1)

147-153: Duplicate of the silent-pfErr issue flagged in automl's s3_handler.go and autorag's middleware.go.

Same fix pattern — log a warning on pfErr and fall through to the original endpoint so failed port-forwards are diagnosable rather than masquerading as S3 connect errors.

🔧 Proposed diff

 	if app.portForwardManager != nil && creds.EndpointURL != "" {
-		if rewritten, pfErr := app.portForwardManager.ForwardURL(ctx, creds.EndpointURL); pfErr == nil {
+		if rewritten, pfErr := app.portForwardManager.ForwardURL(ctx, creds.EndpointURL); pfErr != nil {
+			app.logger.Warn("dynamic port-forward failed for S3 endpoint, using original URL",
+				"error", pfErr, "url", creds.EndpointURL)
+		} else {
 			creds.EndpointURL = rewritten
 		}
 	}

Also note: the three call sites (LlamaStack base URL, two S3 endpoints) plus the two existing ones in AttachPipelineServerClient are now five near-identical portForwardManager.ForwardURL wrappers across autorag/automl. A small shared helper like app.rewriteURLWithPortForward(ctx, logger, "S3 endpoint", url) would DRY this up and guarantee uniform logging going forward.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/autorag/bff/internal/api/s3_handler.go` around lines 147 - 153, The
port-forward failure is currently ignored in the
app.portForwardManager.ForwardURL call, so update the block around
app.portForwardManager and creds.EndpointURL to log a warning when pfErr != nil
and then continue using the original creds.EndpointURL (do not overwrite it on
error); specifically, change the ForwardURL handling for
app.portForwardManager.ForwardURL(ctx, creds.EndpointURL) to check pfErr and
call the logger (e.g., app.logger.Warn or similar) with context like
"port-forward failed for S3 endpoint" plus pfErr, only assign creds.EndpointURL
= rewritten when pfErr == nil, and consider extracting this pattern into a
shared helper (e.g., app.rewriteURLWithPortForward(ctx, logger, "S3 endpoint",
url)) to reuse for other ForwardURL call sites.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/automl/bff/internal/api/s3_handler.go`:
- Around line 149-155: The S3 endpoint rewrite currently swallows port-forward
errors; update the block that calls app.portForwardManager.ForwardURL so that
when pfErr != nil it logs the error (use the same logger.Warn pattern as
AttachPipelineServerClient) and then falls through without modifying
creds.EndpointURL, and only assign creds.EndpointURL = rewritten when pfErr ==
nil; reference app.portForwardManager, creds.EndpointURL, and ForwardURL to
locate and change the code.

In `@packages/autorag/bff/internal/api/middleware.go`:
- Around line 387-393: The LlamaStack dev-only port-forward block is silently
dropping errors from app.portForwardManager.ForwardURL which hides why requests
later fail; update the block that calls app.portForwardManager.ForwardURL(ctx,
baseURL) to mirror the sibling AttachPipelineServerClient behavior: if
ForwardURL returns an error, log a warning including the error and original
baseURL (e.g. via app.logger.Warnf or the same logger used in
AttachPipelineServerClient) and then continue using the original baseURL as the
fallback. Ensure you reference the same logging call/signature used in the
sibling block so the behavior and message format remain consistent.

In `@packages/autorag/bff/internal/api/s3_handler.go`:
- Around line 147-153: The port-forward failure is currently ignored in the
app.portForwardManager.ForwardURL call, so update the block around
app.portForwardManager and creds.EndpointURL to log a warning when pfErr != nil
and then continue using the original creds.EndpointURL (do not overwrite it on
error); specifically, change the ForwardURL handling for
app.portForwardManager.ForwardURL(ctx, creds.EndpointURL) to check pfErr and
call the logger (e.g., app.logger.Warn or similar) with context like
"port-forward failed for S3 endpoint" plus pfErr, only assign creds.EndpointURL
= rewritten when pfErr == nil, and consider extracting this pattern into a
shared helper (e.g., app.rewriteURLWithPortForward(ctx, logger, "S3 endpoint",
url)) to reuse for other ForwardURL call sites.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited), Organization UI (inherited)

Review profile: CHILL

Plan: Pro Plus

Run ID: 6a6aac3c-a4e9-4397-8e37-89d9c11cf7e6

📥 Commits

Reviewing files that changed from the base of the PR and between ab20759 and acf5a82.

📒 Files selected for processing (4)

• packages/automl/bff/internal/api/s3_handler.go
• packages/autorag/bff/internal/api/middleware.go
• packages/autorag/bff/internal/api/s3_handler.go
• packages/autorag/bff/internal/integrations/llamastack/llamastack_client.go

[jefho-rh]

Thanks for finding and fixing the in-cluster service URL flows @chrjones-rh! No critical issues from AI-Assisted review

✅ Manual testing AutoRAG S3 with external service URL

✅ Manual testing AutoRAG S3 with internal service URL

✅ Manual testing AutoRAG LS with external service URL

✅ Manual testing AutoRAG LS with internal service URL

---

✅ Manual testing AutoML S3 with external service URL

✅ Manual testing AutoML S3 with internal service URL

---

✅ All tests passing

Package	Lint	Type-check	Unit Tests	BFF Tests
@odh-dashboard/automl	pass	pass	pass	pass
@odh-dashboard/autorag	pass	pass	pass	pass

/lgtm

[nickmazzi]

/approve

AI assisted review

Overall Assessment

Approve — This is a clean, well-scoped follow-up that correctly extends an established pattern. The changes are minimal, consistent, and properly guarded for dev-only use.

Suggestions

These are non-blocking observations:

1. Minor: isLocalhost computed but potentially unused — In ListProviders (line 115), isLocalhost is computed even when c.authToken is empty. This is a trivial cost and the code reads better with the variable extracted, so no change needed.

2. Consider: extract isLocalhost to a shared helper — The isLocalhost check (req.URL.Hostname() == "localhost" || req.URL.Hostname() == "127.0.0.1") is now used in both ListModels and ListProviders. If more methods are added to the LlamaStack client in the future, a small helper like func isLocalhostRequest(r *http.Request) bool could reduce repetition. Not urgent for two call sites.

3. Consider: IPv6 loopback — The isLocalhost check doesn't cover [::1] (IPv6 loopback). The portForwardManager.ForwardURL likely always rewrites to localhost (IPv4), so this is probably a non-issue in practice. Worth a quick check if IPv6 environments are ever used for dev.

4. Test coverage — The PR notes "No tests added" since this follows the established dev-only pattern from chore(automl,autorag): simplify local development set-up when running in federated mode #7281. This is reasonable, but if unit tests are ever added for the port-forward paths, the resolveS3Client rewrite and the isLocalhost auth token logic would be the most valuable to cover.

Test Validation

autorag

Frontend ✅

Test Suites: 40 passed, 40 total
Tests:       730 passed, 730 total
Snapshots:   0 total
Time:        51.712 s

BFF ✅

go fmt ./...
go vet ./...
ok      github.com/opendatahub-io/autorag-library/bff/cmd       0.868s
ok      github.com/opendatahub-io/autorag-library/bff/internal/api      79.576s
?       github.com/opendatahub-io/autorag-library/bff/internal/config   [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/constants        [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/helpers  [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations     [no test files]
ok      github.com/opendatahub-io/autorag-library/bff/internal/integrations/kubernetes  5.288s
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations/kubernetes/k8mocks  [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations/kubernetes/k8smocks [no test files]
ok      github.com/opendatahub-io/autorag-library/bff/internal/integrations/llamastack  0.885s
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations/llamastack/lsmocks  [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations/pipelineserver      [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations/pipelineserver/psmocks      [no test files]
ok      github.com/opendatahub-io/autorag-library/bff/internal/integrations/s3  (cached)
?       github.com/opendatahub-io/autorag-library/bff/internal/integrations/s3/s3mocks  [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/mocks    [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/models   [no test files]
?       github.com/opendatahub-io/autorag-library/bff/internal/pipelines        [no test files]
ok      github.com/opendatahub-io/autorag-library/bff/internal/repositories     0.659s

Contract ✅

Test Suites: 1 passed, 1 total
Tests:       111 passed, 111 total
Snapshots:   0 total
Time:        3.743 s
Test Suites: 1 passed, 1 total
Tests:       111 passed, 111 total

automl

Frontend ✅

Test Suites: 48 passed, 48 total
Tests:       831 passed, 831 total
Snapshots:   0 total
Time:        29.466 s

BFF ✅

go fmt ./...
go vet ./...
ok      github.com/opendatahub-io/automl-library/bff/cmd        (cached)
ok      github.com/opendatahub-io/automl-library/bff/internal/api       69.263s
?       github.com/opendatahub-io/automl-library/bff/internal/config    [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/constants [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/helpers   [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/integrations      [no test files]
ok      github.com/opendatahub-io/automl-library/bff/internal/integrations/kubernetes   (cached)
?       github.com/opendatahub-io/automl-library/bff/internal/integrations/kubernetes/k8mocks   [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/integrations/modelregistry        [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/integrations/pipelineserver       [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/integrations/pipelineserver/psmocks       [no test files]
ok      github.com/opendatahub-io/automl-library/bff/internal/integrations/s3   (cached)
?       github.com/opendatahub-io/automl-library/bff/internal/integrations/s3/s3mocks   [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/mocks     [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/models    [no test files]
?       github.com/opendatahub-io/automl-library/bff/internal/pipelines [no test files]
ok      github.com/opendatahub-io/automl-library/bff/internal/repositories      (cached)

Contract ✅

Test Suites: 1 passed, 1 total
Tests:       87 passed, 87 total
Snapshots:   0 total
Time:        2.083 s
Test Suites: 1 passed, 1 total
Tests:       87 passed, 87 total

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nickmazzi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [nickmazzi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment