Fix auth bypass external flag is not respected
What does this merge request do and why?
This MR fixes that AIGW_AUTH__BYPASS_EXTERNAL=true
flag stopped taking an effect after fix: use a custom self issued scope for user JWT (!872 - merged). This issue is currently failing CI jobs in GitLab-Rails https://gitlab.slack.com/archives/C051K31F30R/p1717479004054009.
The root cause is that, no places import ai_gateway.auth.authentication
monkey patch, which includes if conn.user.is_debug is True:
flag to respect the AIGW_AUTH__BYPASS_EXTERNAL
flag. It turned out the patch is silently overriding starlette.authentication.requires
, so we didn't notice this issue for while.
We're fully migrating to fine-grained auth logic, so that we can remove the patch.
How to set up and validate locally
- Set
AIGW_AUTH__BYPASS_EXTERNAL
toTrue
.
Test request and confirm that the request succeeds:
curl -X 'POST' 'http://localhost:5052/v1/search/gitlab-docs' -H 'accept: application/json' -H 'Content-Type: application/json' -d '{
"type": "string",
"metadata": {
"source": "string",
"version": "string"
},
"payload": {
"query": "string"
}
}'
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.
Edited by Shinya Maeda