Code suggestions third party group settings API and token
What does this MR do and why?
Code suggestions third party group settings API and token
- Empowers group admins to decide on third party AI API access
- Makes the legacy ml/ai-assist API return user's third party AI service setting
- Makes the new JWT token to wrap and return user's third party AI service setting
Related https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/issues/143
Screenshots or screen recordings
We now use the toggle for Third party AI Services, independent of the AI Experimental features.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- In rails console enable all related feature flags
Feature.enable(:openai_experimentation)
Feature.enable(:ai_assist_ui)
Feature.enable(:ai_assist_flag)
Feature.enable(:ai_related_settings)
Feature.enable(:ai_assist_api)- Call the legacy ML/AI assist API and get the result
curl http://gdk.test:3000/api/v4/ml/ai-assist --header "Authorization: Bearer <oauth/pat>" Result
{
"user_is_allowed": true,
"third_party_ai_features_enabled": true
}- Call the other token API
curl --request POST "http://gdk.test:3000/api/v4/code_suggestions/tokens" --header "Authorization: Bearer <oauth/pat>" --header "Content-type: application/json"- The decoded JWT token will look like the following
{
"jti": "427a2ee4-225f-4fe8-9f9a-3cdc6ecf6782",
"aud": "gitlab-code-suggestions",
"iss": "http://gdk.test:3000",
"iat": 1686225596,
"nbf": 1686225591,
"exp": 1686229196,
"third_party_ai_features_enabled": false
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Tan Le