Skip to content

Store duo_chat IJWT on SM instance

Aleksei Lipniagov requested to merge 425046-store-duo-chat-token into master

What does this MR do and why?

Store the access token we receive from CDot.

On SaaS: no changes are expected at all (the code path is not executed).

On SM instances: the change is no-op until CustomersDot sends the token (protected by FF on the CustomersDot side).

How to set up and validate locally

  1. Make sure CustomersDot is set up locally and connected to GDK as described in: https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/8265

  2. Use https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/8265 for local CDot instance until it's merged.

  3. Enable or hack Cdot FF in app/services/gitlab/add_on_purchases/duo_chat_tokens_service.rb: https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/8265/diffs#19c778726dc2e16211f393fd63590a786027a8d3_0_15:

diff --git a/app/services/gitlab/add_on_purchases/duo_chat_tokens_service.rb b/app/services/gitlab/add_on_purchases/duo_chat_tokens_service.rb
index 604b9c867..2dd240193 100644
--- a/app/services/gitlab/add_on_purchases/duo_chat_tokens_service.rb
+++ b/app/services/gitlab/add_on_purchases/duo_chat_tokens_service.rb
@@ -12,6 +12,7 @@ def initialize(license)
       private

       def issue_token?
+        return true
         Unleash.enabled?(:create_duo_chat_token)
       end

(in case of latter, restart the CDot)

  1. Make sure you have Ultimate license on your GDK (obtained via local CDot)

  2. Do the manual license sync:

Screenshot_2023-09-19_at_15.53.09

  1. Open rails console.

  2. You should be able to see duo_chat tokens saved into GitLab DB:

[18] pry(main)> Ai::ServiceAccessToken.active.duo_chat
  Ai::ServiceAccessToken Load (1.6ms)  SELECT "service_access_tokens".* FROM "service_access_tokens" WHERE (expires_at > '2023-09-19 13:46:49.343845') AND "service_access_tokens"."category" = 2 /*application:console,db_config_name:main,console_hostname:Alekseis-MBP-2.home,console_username:al,line:bin/rails:4:in `<main>'*/
=> [#<Ai::ServiceAccessToken:0x0000000169d3ea68
  id: 7,
  created_at: Tue, 19 Sep 2023 12:42:13.984615000 UTC +00:00,
  updated_at: Tue, 19 Sep 2023 12:42:13.984615000 UTC +00:00,
  category: "duo_chat",
  encrypted_token: "[FILTERED]",
  encrypted_token_iv: "\xDD\xC0\xA8\xC9\xC2\xAC\x0F\xB6\xB0\xD6\xBE\xD0",
  expires_at: Fri, 22 Sep 2023 12:42:13.000000000 UTC +00:00,
  token: nil>]

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #425046 (closed)

Edited by Aleksei Lipniagov

Merge request reports