Add ability to release feature at AI services

Mikołaj Wawrzyniakrequested to merge
mwaw/add_ability_to_release_feature_flags_with_ai_gateway into master

What does this MR do and why?

Add ability to release feature at AI services

AI services like AI Gateway and Duo Workflow do not have persistance layer, and can't store state of released feature flags. For that reason they need to relay on GitLab feature flag system. This commit add method to fix state of released feature flag sent via http headers to AI services

References

gitlab-org/duo-workflow/duo-workflow-service#295 (comment 2414282512)

Screenshots or screen recordings

After

curl -v -X GET -H "Authorization: Bearer $GDK_API_TOKEN" http://gdk.test:3000/api/v4/ai/duo_workflows/workflows/613                                 
Note: Unnecessary use of -X or --request, GET is already inferred.
* Host gdk.test:3000 was resolved.
* IPv6: (none)
* IPv4: 172.16.123.1
*   Trying 172.16.123.1:3000...
* Connected to gdk.test (172.16.123.1) port 3000
> GET /api/v4/ai/duo_workflows/workflows/613 HTTP/1.1
> Host: gdk.test:3000
> User-Agent: curl/8.7.1
> Accept: */*
> Authorization: Bearer glpat-...........
>
* Request completely sent off
< HTTP/1.1 200 OK
< Content-Length: 231
< Date: Wed, 26 Mar 2025 11:27:58 GMT
< Content-Type: application/json
< Cache-Control: max-age=0, private, must-revalidate
< ETag: W/"acf31d48d2cd7d837f6cb3d751f41251"
< Server: nginx/1.27.0
< Vary: Origin
< Content-Security-Policy: default-src 'none'
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Gitlab-Duo-Seat-Count: 1
< X-Gitlab-Enabled-Feature-Flags: plan_approval
< X-Gitlab-Feature-Enabled-By-Namespace-Ids:
< X-Gitlab-Feature-Enablement-Type:
< X-Gitlab-Host-Name: gdk.test
< X-Gitlab-Instance-Id: 091c4551-a0b4-42e3-979b-64ed6be70cf8
< X-Gitlab-Meta: {"correlation_id":"01JQ93AWN6BV9ACWFSBGM4HGRV","version":"1"}
< X-Gitlab-Realm: self-managed
< X-Gitlab-Version: 17.11.0
< X-Request-Id: 01JQ93AWN6BV9ACWFSBGM4HGRV
< X-Runtime: 5.557513
<
* Connection #0 to host gdk.test left intact
{"id":613,"project_id":51,"agent_privileges":[1,2],"agent_privileges_names":["read_write_files","read_only_gitlab"],"workflow_definition":"software_development","status":"created","allow_agent_to_request_user":true,"pipeline":null}%

Before

curl -v -X GET -H "Authorization: Bearer $GDK_API_TOKEN" http://gdk.test:3000/api/v4/ai/duo_workflows/workflows/613
Note: Unnecessary use of -X or --request, GET is already inferred.
* Host gdk.test:3000 was resolved.
* IPv6: (none)
* IPv4: 172.16.123.1
*   Trying 172.16.123.1:3000...
* Connected to gdk.test (172.16.123.1) port 3000
> GET /api/v4/ai/duo_workflows/workflows/613 HTTP/1.1
> Host: gdk.test:3000
> User-Agent: curl/8.7.1
> Accept: */*
> Authorization: Bearer glpat-........
>
* Request completely sent off
< HTTP/1.1 200 OK
< Content-Length: 196
< Date: Wed, 26 Mar 2025 12:43:35 GMT
< Content-Type: application/json
< Cache-Control: max-age=0, private, must-revalidate
< ETag: W/"3b379bb4a70ca5553e498113d15dbe36"
< Server: nginx/1.27.0
< Vary: Origin
< Content-Security-Policy: default-src 'none'
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Gitlab-Meta: {"correlation_id":"01JQ97NGAK7X2GX58FS175N099","version":"1"}
< X-Request-Id: 01JQ97NGAK7X2GX58FS175N099
< X-Runtime: 0.192966
<
* Connection #0 to host gdk.test left intact
{"id":613,"project_id":51,"agent_privileges":[1,2],"agent_privileges_names":["read_write_files","read_only_gitlab"],"workflow_definition":"software_development","status":"created","pipeline":null}%

How to set up and validate locally

  1. Create a new feature flag or add any existing feature flag to the duo_workflow_helper module. Example patch
diff --git i/ee/lib/api/helpers/duo_workflow_helpers.rb w/ee/lib/api/helpers/duo_workflow_helpers.rb
index 1a777675bc65..676da0bd2e8e 100644
--- i/ee/lib/api/helpers/duo_workflow_helpers.rb
+++ w/ee/lib/api/helpers/duo_workflow_helpers.rb
@@ -4,6 +4,7 @@ module API
   module Helpers
     module DuoWorkflowHelpers
       def push_ai_gateway_headers
+        Gitlab::AiGateway.push_feature_flag(:duo_workflow)
         Gitlab::AiGateway.public_headers(user: current_user, service_name: :duo_workflow).each do |name, value|
           header(name, value)
         end
  1. Enable the feature flag for the user/globally.
  2. Execute the curl to fetch workflow
curl -v -X GET -H "Authorization: Bearer $GDK_API_TOKEN" http://gdk.test:3000/api/v4/ai/duo_workflows/workflows/$WORKFLOW_ID
  1. OR create a new workflow
curl --location 'http://gdk.test:3000/api/v4/ai/duo_workflows/workflows' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer $GDK_API_TOKEN' \
--data '{
    "project_id": "$PROJECT_ID",
    "goal": "Create a hello_world file"
}'
  1. You should see duo_workflow in X-Gitlab-Enabled-Feature-Flags response header.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Surabhi Suman

Merge request reports