Consolidate JWT access token
What does this MR do and why?
In Add support for new universal tokens (gitlab-org/modelops/applied-ml/code-suggestions/ai-assist!421 - merged) We added support for new universal tokens:
Since we changed the token audience from gitlab-code-suggestions
to gitlab-ai-gateway
, the model gateway needs to maintain compatibility with legacy gitlab-code-suggestions
audience.
For SM, the Rails SM GitLab app could be unchanged as it will continue to obtain and send CS token (no matter what's inside)
For SaaS, the Rails application will generate the JWT token with 'gitlab-code-suggestions' audience: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/gitlab/code_suggestions/access_token.rb#L6
We need at least to change this audience to gitlab-ai-gateway
, before we can remove the backward compatibility that we are going to introduce in #426572 (closed)
This MR
- Renames
Gitlab::CodeSuggestions::AccessToken
toGitlab::Ai::AccessToken
- Introduces
scopes
claim inGitlab::Ai::AccessToken
- Ignores category column from
Ai::ServiceAcceessToken
as we won't usecode-suggestions
category anymore
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
-
Update the
.env
file in the root folder of your local AI gateway with the following variables.GITLAB_URL=http://localhost:3000 # CUSTOMER_PORTAL_BASE_URL=http://localhost:5000/ AUTH_BYPASS_EXTERNAL=false USE_FAKE_MODELS=true FASTAPI_API_PORT=5052 LIB_DIR=/Projects/ai-assist/scripts/lib
-
Run model gateway
poetry run ai_gateway
-
For the local Gtilab app enable GITLAB_SIMULATE_SAAS in
env.runnit
file in order to run Gitlab as SaaSexport GITLAB_SIMULATE_SAAS=true
-
Open your local Gitlab app settings as an admin, http://localhost:3000/admin/application_settings/general and make sure that following checkbox is checked:
-
Make sure that
code_suggestions_tokens_api
feature flag is enabledFeature.enable(:code_suggestions_tokens_api)
-
Open file from local project in WebIde on your local Gitlab and try to use code suggestions
You should get fake response from local AI Gateway
Troubleshooting
- In order to use licensing features, such as code suggestions, you will need to have a test license on customers.staging.gitlab.com
- In case local AI gateway is returning error 500, you will probably need to build tree-sitter library by running
poetry run python scripts/build-tree-sitter-lib.py
- Make sure in .env file to set LIB_DIR env to point to the project
scripts/lib
folderLIB_DIR=/Projects/ai-assist/scripts/lib
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to: Gitlab Rails: Consolidate SaaS mechanism for is... (#426950 - closed)