Track GitLab realm in Code Suggest access token
What does this MR do and why?
See https://gitlab.com/gitlab-org/modelops/applied-ml/code-suggestions/ai-assist/-/issues/152
Track GitLab realm in Code Suggest access token.
We will use this in the model gateway to split proxied self-managed traffic from SaaS traffic. By encoding this in the JWT claims, clients can transparently pass this information to the model gateway service.
Background
To allow self-managed customers to use code suggestions (which are hosted by us), we currently let self-managed users auth against their local GitLab instances, which then requests a JWT for use in code suggestions from SaaS. Clients then go to the code suggest service ("model gateway") directly.
This makes it challenging currently to partition requests into those users coming directly from SaaS, and those who originally came from a self-managed GitLab.
I therefore introduce the concept of an authentication realm here, which can be either saas or self-managed. This information is embedded into the token itself, which allows us to include it in code suggest telemetry (separate MR.)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
Testing this locally is very complex since it would require spinning up two GitLabs, one acting as SaaS, the other acting as the self-managed instance; I don't think this is necessary to do though.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.