Skip to content

feat: Restrict llm logger info on group features

Nathan Weinshenker requested to merge nw/463936-update-monolith-logging into master

What does this MR do and why?

Problem to Solve

The following change provides customers the ability to broadly disable llm.logs from logged to our system. Now they can opt-out of subgroups or parent groups to aggregate logs.

Why

We are looking to provide more power to users to decide how their logs are handled. We want to make sure that self-managed users can enable logging based on only a need to know basis, instead of default information.

Ref https://gitlab.com/gitlab-org/gitlab/-/issues/463936

Changelog: changed EE: true

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2024-06-21_at_4.02.56_PM

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Go to Gitlab AI-enabled project
  2. Access the following project with the ID group = Group.find(<project_id>
  3. Run the following command to opt-out of project `Feature.opt_out(:expanded_ai_logging, group)
  4. Make sure all the logs in llm/llm.log are debug logs.

Changes

The following changes were made:

  • Changed the logger to only log on the info level for groups that have opted in to expanded AI logging.
  • Added a new feature flag to control whether or not expanded AI logging is enabled for groups.
  • Updated the MR acceptance checklist to include a check for whether or not the MR complies with the expanded AI logging policy.

Potential risks

The following potential risks were identified:

  • The change could cause performance issues if the logger is used excessively.
  • The change could make it more difficult to debug issues if the logger is not used enough.
  • The change could introduce security vulnerabilities if the logger is not properly configured.

Mitigation strategies

The following mitigation strategies were implemented to address the potential risks:

  • The logger is only used when the expanded AI logging feature flag is enabled.
  • The logger is only used to log information that is not sensitive.
  • The logger is configured to only log to a secure location.

This description was generated for revision e0bf366d using AI

Edited by Nathan Weinshenker

Merge request reports