Return the correct scopes when bypassing auth (!436) · Merge requests · GitLab.org / ModelOps / AI Assisted (formerly Applied ML) / Code Suggestions / AI Gateway

Tan Le requested to merge fix-auth-claims-dev-mode into main Oct 26, 2023

What does this merge request do and why?

Return the correct scopes when bypassing auth.

Developers can opt in to disable authentication for testing by setting AUTH_BYPASS_EXTERNAL=true. Since permission scope is introduced (MR), the authentication credentials for this use case no longer works since the permission scopes are not set correctly. This results in Forbidden error and prohibits us from using this particular flag.

How to set up and validate locally

Check out to this merge request's branch.

Ensure a local Docker image built successfully.

docker buildx build --platform linux/amd64 -t ai-gateway:test .

Run a local service on Docker.

docker run --platform linux/amd64 --rm \
  -p 5052:5052 \
  -e AUTH_BYPASS_EXTERNAL=true \
  -v $PWD:/app -it ai-gateway:test

Send a cURL request to the /v2/completions endpoint

$ curl --request POST \
  --url http://codesuggestions.gdk.test:5052/v2/completions \
  --header 'Content-Type: application/json' \
  --header 'X-Gitlab-Authentication-Type: oidc' \
  --header 'authorization: Bearer jwt \
  --data '{
  "prompt_version": 1,
  "project_path": "gitlab-org/gitlab",
  "project_id": 278964,
  "current_file": {
    "file_name": "main.py",
    "content_above_cursor": "# complete this world\n",
    "content_below_cursor": ""
  }
}'

We should not see 403 Forbidden error.

Merge request checklist

Tests added for new functionality. If not, please raise an issue to follow up.
Documentation added/updated, if needed.

Edited Oct 26, 2023 by Tan Le

Return the correct scopes when bypassing auth

What does this merge request do and why?

How to set up and validate locally

Merge request checklist

Merge request reports