Align X Ray permission model to Duo Pro Add On (!143798) · Merge requests · GitLab.org / GitLab

Mikołaj Wawrzyniak requested to merge mwaw/adjust_x_ray_permissions_to_add_on into master Feb 05, 2024

What does this MR do and why?

Align X Ray permission model to Duo Pro Add On

In prepataion to Add On release, it is required to adjust Repository X Ray permissions model to the add on.

Permission flow for SM

X Ray API before X Ray API after Code Suggestions API

X Ray API before	X Ray API after	Code Suggestions API
`flowchart TD CI[CI Job] -->\|Send X Ray \n API scan request\| B(Authenticate \njob token) B --> C{license feature \n'code suggestions' \n available} C -->\|No\| D[Retrun 404 NOT found] C -->\|Yes\| E{Instance setting: \n 'code suggestion' \nenabled} E -->\|No\| D[Retrun 404 NOT found] E -->\|Yes\| F{namespace setting:\n'code suggestions'\nenabled} F -->\|No\| G[Return 401 UNAUTHORISED] F -->\|Yes\| H{::CloudConnector\n ::AccessService\npresent} H -->\|No\| G H -->\|Yes\| I[Return X Ray scan API response]`	flowchart TD CI[CI Job] -->\|Send X Ray \n API scan request\| B(Authenticate \njob token) %% x_ray_enabled_on_instance? B --> C{license feature \n'code suggestions' \n available} C -->\|No\| D[Retrun 404 NOT found] C -->\|yes\| F{::CodeSuggestions\n::SelfManaged\n::SERVICE_START_DATE\n.past?} F --> \|no\| G{Instance setting: \n 'code suggestion' \nenabled?} G -->\|no\| D F -->\|yes\|J{::GitlabSubscriptions\n::AddOnPurchase\n.for_code_suggestions\n.any?} %% x_ray_available? G -->\|yes\|H{::CloudConnector\n ::AccessService\npresent} J -->\|no\|D J -->\|yes\|H H -->\|No\| K[Return 401 UNAUTHORISED] H -->\|Yes\| I[Return X Ray scan API response]	flowchart TD User -->\|Send Code Suggestion \n API request\| B(Authenticate \n user) B --> C{Feature flag\n 'code_suggestions_tokens_api'\nenabled} C -->\|no\| L[Return 404 NOT FOUND] %% code_suggestions_licensed C -->\|yes\| E{license feature \n'code suggestions' \n available} E -->\|no\| D[Return 401 UNAUTHORISED] %% code_suggestions_enabled_for_user E -->\|yes\| F{::CodeSuggestions\n::SelfManaged\n::SERVICE_START_DATE\n.past?} F --> \|no\| G{Instance setting: \n 'code suggestion' \nenabled?} G -->\|no\| D F -->\|yes\| K{Current user has add on \navailable?} K --> \|yes\|I K -->\|no\|D G --> \|yes\| I{::CloudConnector\n ::AccessService\naccess_token\npresent?} I -->\|no\| D I -->\|yes\| J[Code completion response]

flowchart TD
CI[CI Job] -->|Send X Ray \n API scan request| B(Authenticate \njob token)
B --> C{license feature \n'code suggestions' \n available}
C -->|No| D[Retrun 404 NOT found]
C -->|Yes| E{Instance setting: \n 'code suggestion' \nenabled}
E -->|No| D[Retrun 404 NOT found]
E -->|Yes| F{namespace setting:\n'code suggestions'\nenabled}
F -->|No| G[Return 401 UNAUTHORISED]
F -->|Yes| H{::CloudConnector\n ::AccessService\npresent}
H -->|No| G
H -->|Yes| I[Return X Ray scan API response]

flowchart TD
CI[CI Job] -->|Send X Ray \n API scan request| B(Authenticate \njob token)
%% x_ray_enabled_on_instance?
B --> C{license feature \n'code suggestions' \n available}
C -->|No| D[Retrun 404 NOT found]
C -->|yes| F{::CodeSuggestions\n::SelfManaged\n::SERVICE_START_DATE\n.past?}
F --> |no| G{Instance setting: \n 'code suggestion' \nenabled?}
G -->|no| D
F -->|yes|J{::GitlabSubscriptions\n::AddOnPurchase\n.for_code_suggestions\n.any?}
%% x_ray_available?
G -->|yes|H{::CloudConnector\n ::AccessService\npresent}
J -->|no|D
J -->|yes|H
H -->|No| K[Return 401 UNAUTHORISED]
H -->|Yes| I[Return X Ray scan API response]

flowchart TD
User -->|Send Code Suggestion \n API request| B(Authenticate \n user)
B --> C{Feature flag\n 'code_suggestions_tokens_api'\nenabled}
C -->|no| L[Return 404 NOT FOUND]
%% code_suggestions_licensed
C -->|yes| E{license feature \n'code suggestions' \n available}
E -->|no| D[Return 401 UNAUTHORISED]
%% code_suggestions_enabled_for_user
E -->|yes| F{::CodeSuggestions\n::SelfManaged\n::SERVICE_START_DATE\n.past?}
F --> |no| G{Instance setting: \n 'code suggestion' \nenabled?}
G -->|no| D
F -->|yes| K{Current user has add on \navailable?}
K --> |yes|I
K -->|no|D
G --> |yes| I{::CloudConnector\n ::AccessService\naccess_token\npresent?}
I -->|no| D
I -->|yes| J[Code completion response]

Permission flow for GitLab.com

Due to rendering issues table has been moved to this comment

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Feb 05, 2024 by Mikołaj Wawrzyniak