Skip to content

Ensure instance-level model selection page is accessible in Dedicated instance

Cindy Halimrequested to merge
ch-569874 into master

What does this MR do and why?

This MR updates authorizations checks to allow Dedicated instance admins to access instance-level model selection while continuing to restrict self-hosted model features that are not currently supported on Dedicated:

  • Ensures model configuration card in the admin GitLab Duo page is rendered when instance-level model selection is available.
  • Updates manage_instance_model_selection global policy to not depend on user_allowed_to_manage_self_hosted_models_settings, which returns false if on Dedicated instance.
  • Updates controller to ensure page is accessible to Dedicated instance.
  • Updates aiFeatureSettings query and mutation to ensure that GitLab-managed models can be queried and updated while also gating self-hosted models.

References

Show Duo Self-Hosted page to Dedicated (#569874 - closed)

Screenshots or screen recordings

Self-managed with Duo Self-Hosted Self-managed offline license Dedicated instance

self_managed

  • Duo Self-Hosted settings are shown in GitLab Duo Settings
  • Self-hosted and GitLab managed models are shown in the model selection dropdown options.
  • Able to create self-hosted model

self_hosted_offline

  • Duo Self-Hosted settings are shown in GitLab Duo settings
  • Only self-hosted models are shown as part of the model selection dropdown options
  • Able to create self-hosted model

dedicated.mov

  • Duo Self-Hosted settings are not shown in GitLab Duo settings
  • Only GitLab managed models are shown as part of the model selection dropdown options.
  • Does not render the Add self-hosted model button in model selection dropdown footer.
  • No Add self-hosted model button and Self-hosted models tab rendered

How to set up and validate locally

Setup:

  • Self-managed with Duo Self-Hosted:
    • Ultimate or Premium online license.
    • Run GDK on non-SAAS mode: GITLAB_SIMULATE_SAAS=0 gdk start
    • Run the following setup script to get Duo Enterprise add on: GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup'
  • Self-managed offline license:
    • Ultimate or Premium offline license.
    • Run GDK on non-SAAS mode: GITLAB_SIMULATE_SAAS=0 gdk start
    • Run the following setup script to get Duo Enterprise add on: GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup'
  • Dedicated:

    • Ultimate or Premium online license

    • Run GDK on non-SAAS mode: GITLAB_SIMULATE_SAAS=0 gdk start

    • Run the following setup script to get Duo Enterprise add on: GITLAB_SIMULATE_SAAS=0 bundle exec 'rake gitlab:duo:setup'

    • Testing Dedicated instance requires Switchboard provisioning as well as setting up GitLab Duo license. To get around this, I ran the following in the Rails console (bin/rails c):

      settings = ApplicationSetting.current
settings.gitlab_dedicated_instance = true
settings.save(validate: false)

    • Make sure to reset this once you're done testing:

      settings = ApplicationSetting.current
settings.gitlab_dedicated_instance = false
settings.save(validate: false)

Validate locally:

  • Go to GitLab Duo admin page: /admin/gitlab_duo
  • Refer to screen recordings in the previous section for key things to look out for.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Cindy Halim

Merge request reports