Skip to content

Consolidate JWT access token

Nikola Milojevic requested to merge nmilojevic-consolidate-ijwt-access-token into master

What does this MR do and why?

In Add support for new universal tokens (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!421 - merged) We added support for new universal tokens:

Since we changed the token audience from gitlab-code-suggestions to gitlab-ai-gateway, the model gateway needs to maintain compatibility with legacy gitlab-code-suggestions audience.

For SM, the Rails SM GitLab app could be unchanged as it will continue to obtain and send CS token (no matter what's inside)

For SaaS, the Rails application will generate the JWT token with 'gitlab-code-suggestions' audience: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/code_suggestions/access_token.rb#L6

We need at least to change this audience to gitlab-ai-gateway, before we can remove the backward compatibility that we are going to introduce in #426572 (closed)

This MR

  • Renames Gitlab::CodeSuggestions::AccessToken to Gitlab::Ai::AccessToken
  • Introduces scopes claim in Gitlab::Ai::AccessToken
  • Ignores category column from Ai::ServiceAcceessToken as we won't use code-suggestions category anymore

blocked by Add support for new universal tokens (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!421 - merged)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Run your local Ai Gateway

  2. Update the .env file in the root folder of your local AI gateway with the following variables.

      GITLAB_URL=http://localhost:3000
  # CUSTOMER_PORTAL_BASE_URL=http://localhost:5000/
  AUTH_BYPASS_EXTERNAL=false
  USE_FAKE_MODELS=true
  FASTAPI_API_PORT=5052
  LIB_DIR=/Projects/ai-assist/scripts/lib

  3. Run model gateway

      poetry run ai_gateway

  4. For the local Gtilab app enable GITLAB_SIMULATE_SAAS in env.runnit file in order to run Gitlab as SaaS

       export GITLAB_SIMULATE_SAAS=true

  5. Open your local Gitlab app settings as an admin, http://localhost:3000/admin/application_settings/general and make sure that following checkbox is checked:

    image

  6. Make sure that code_suggestions_tokens_api feature flag is enabled

       Feature.enable(:code_suggestions_tokens_api)

  7. Open file from local project in WebIde on your local Gitlab and try to use code suggestions

    You should get fake response from local AI Gateway

    image

Troubleshooting

  • In order to use licensing features, such as code suggestions, you will need to have a test license on customers.staging.gitlab.com
  • In case local AI gateway is returning error 500, you will probably need to build tree-sitter library by running 
    poetry run python scripts/build-tree-sitter-lib.py
  • Make sure in .env file to set LIB_DIR env to point to the project scripts/lib folder 
    LIB_DIR=/Projects/ai-assist/scripts/lib

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to: Gitlab Rails: Consolidate SaaS mechanism for is... (#426950 - closed)

Edited by Nikola Milojevic

Merge request reports