Self-managed support and access control (unit primitive) for Duo Code Review
Context
We originally built this AI feature independently of the AI Gateway (AI GW). In order to mature the feature to GA, we need it to support self-managed instances.
This is Phase 1A and Phase 1B of using the AI GW to access LLMs. More context: AI Gateway as the Sole Access Point for Monolit... (&13024)
Goal
Route the feature via the AI GW.
Restrict access and visibility of the feature to users who have Duo Enterprise.
Validate that self-managed works as expected for combinations of licenses, as per instructions/examples in #512078 (comment 2289644353).
Implementation
Follow the checklist in https://gitlab.com/gitlab-org/gitlab/-/issues/444274#note_1972656569:
-
Verify the feature is marked as available for self-managed in the AI features catalogue -
Ensure checks (for example: checks for Saas-only feature flag or if the instance is SaaS) are adjusted throughout the entire lifecycle of the request -
Follow this documentation to register new service -
Confirm that checks connected to unit primitives have been added -
Verify the feature uses either Anthropic Client or Vertex Client for making requests to large language models (no other methods allowed - those two clients are routing the request to AI gateway)
Additionally:
-
Remove experiment_features_enabledcheck (if it exists)
For support, talk to groupcloud connector.
Note: this feature is standalone, i.e. NOT delivered as part of Chat
Example
Refer to work done in #463539 (closed) for a real-world example of changes required to achieve this:
- Added unit primitive for generate AI commit mes... (!157432 - merged)
- https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/10371+
Testing instructions/examples: #512078 (comment 2289644353)