Include psudonymised user id into X Ray scan req
What does this MR do and why?
Include psudonymised user id into X Ray scan req
X-Gitlab-Global-User-Id header is being used to apply rate limiting to assure correct feature SLO. Add X-Gitlab-Global-User-Id into Repository X Ray scan request, passing pseudonymised user id of CI/CD pipeline author.
Solves: #440589 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
logs from AI Gateway tail -f modelgateway_debug.log
Before
{"url": "http://127.0.0.1:5052/v1/x-ray/libraries", "path": "/v1/x-ray/libraries", "status_code": 200, "method": "POST", "correlation_id": "01HV44S63G0HSBZ06KVSG82W12", "http_version": "1.1", "client_ip": "127.0.0.1", "client_port": 53619, "duration_s": 8.351280292030424, "cpu_s": 0.029932999999971344, "user_agent": "gitlab-workhorse (11-10-0cfa69752d8-74ffd66ae-ee-260627-g7bf7b7995e5e)-(20240410.084954)", "gitlab_instance_id": "091c4551-a0b4-42e3-979b-64ed6be70cf8", "gitlab_global_user_id": null, "gitlab_host_name": "gdk.test", "gitlab_saas_duo_pro_namespace_ids": null, "gitlab_saas_namespace_ids": "24", "gitlab_realm": "saas", "meta.feature_category": "code_suggestions", "logger": "api.access", "level": "info", "type": "mlops", "stage": "main", "timestamp": "2024-04-10T13:57:39.785827Z", "message": "127.0.0.1:53619 - \"POST /v1/x-ray/libraries HTTP/1.1\" 200"}
After
{"url": "http://127.0.0.1:5052/v1/x-ray/libraries", "path": "/v1/x-ray/libraries", "status_code": 200, "method": "POST", "correlation_id": "01HV44PANKFPSN7F6W88AS87C9", "http_version": "1.1", "client_ip": "127.0.0.1", "client_port": 53595, "duration_s": 9.116826582991052, "cpu_s": 0.038810000000012224, "user_agent": "gitlab-workhorse (11-10-0cfa69752d8-74ffd66ae-ee-260627-g7bf7b7995e5e)-(20240410.084954)", "gitlab_instance_id": "091c4551-a0b4-42e3-979b-64ed6be70cf8", "gitlab_global_user_id": "aAjGR9Z9Od0lD9y+PtMEhDWAghmnZ204dyHKtxehk8c=", "gitlab_host_name": "gdk.test", "gitlab_saas_duo_pro_namespace_ids": null, "gitlab_saas_namespace_ids": "24", "gitlab_realm": "saas", "meta.feature_category": "code_suggestions", "logger": "api.access", "level": "info", "type": "mlops", "stage": "main", "timestamp": "2024-04-10T13:56:07.108253Z", "message": "127.0.0.1:53595 - \"POST /v1/x-ray/libraries HTTP/1.1\" 200"}
How to set up and validate locally
- Make sure that AI Gateway is working on your local env
- Select
Ci::Build
from namespace with code suggestions add on purchased - Update build state to running
- Set build
token
to any value eg:secret
project = Project.find 2
build = project.builds.first
build.set_token 'secret'
build.status = "running"
build.save
Use build id
and token
to make curl request to API endpoint
curl -v -X POST -H "Content-Type: Application/json" http://gdk.test:3000/api/v4/internal/jobs/1/x_ray/scan --data '{
"token": "secret",
"prompt_components": [
{
"type":"x_ray_package_file_prompt",
"payload":{
"prompt": "Human: Parse following content of {file_name}. Respond using only valid JSON with list of libraries available to use and their short description\n\n{file_name} content:\n\n```\n{content}\n```\n\n Assistant: {{\n\"libraries\":[{{\"name\": \"",
"provider": "anthropic",
"model": "claude-2.0"
},
"metadata": { "scannerVersion": "0.0.1" }
}
]
}'
Parameter has to be complicent with https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist#xray-libraries, the only additional param to the one allowed in AI Gateway docs is token
that is designed to pass CI_JOB_TOKEN
from https://docs.gitlab.com/ee/ci/variables/predefined_variables.html