Gitlab Rails: Consolidate SaaS mechanism for issuing JWT token for Code suggestions
For SaaS, the Rails application will generate the JWT token with 'gitlab-code-suggestions' audience:
https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/code_suggestions/access_token.rb#L6
We need at least to change this audience to gitlab-ai-gateway
, before we can remove the backward compatibility that we are going to introduce in #426572 (closed)
Based on https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/issues/312#note_1582297362, if we move Antrophic calls behind the AI gateway for SaaS as well, we will need to modify Gitlab::CodeSuggestions::AccessToken
to issue scopes for chat as well, sooner or later.
Proposal
- We should rename
Gitlab::CodeSuggestions::AccessToken
toGitlab::Ai::AccessToken
- Introduce
scopes
claim inGitlab::Ai::AccessToken
- so we could self-issue this token for SaaS with different scopes when needed (i.e. duo_chat) - Ignore/remove category column from
Ai::ServiceAcceessToken
as we won't usecode-suggestions
category anymore
Timeline for category removal
release | related actions |
---|---|
16.6 | Ignore category column |
16.7 | Remove column with migration |
16.8 | Remove ignore rule for category column |
Edited by Nikola Milojevic