Save IJWT in service_access_tokens table
What does this MR do and why?
With https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/7745, we send over a JSON Web Token (JWT) from customers.gitlab.com (IJWT). This instance token is used to authenticate self-managed instances for obtaining code suggestions from the model gateway service. In this MR, we save this IJWT in the service_access_tokens table. If we get an empty token in the response, we assume the customer has no more access to code suggestions, so we clear all code suggestion tokens. If there is no token in the response at all, we ignore this step.
How to set up and validate locally
Enable FF :code_suggestions_tokens_from_customers_dot
If you have a running a cdot instance, switch to this branch, and manually run the sync seat worker by going to http://gdk.test:3000/admin/subscription and clicking the refresh icon next to Last sync
After the sync, a token should be added to the Ai::ServiceAccessToken
table.
Query plan
Query
SELECT "service_access_tokens".* FROM "service_access_tokens" WHERE "service_access_tokens"."category" = 1
Results
Seq Scan on public.service_access_tokens (cost=0.00..48.00 rows=3 width=98) (actual time=0.003..0.004 rows=0 loops=1)
Filter: (service_access_tokens.category = 1)
Rows Removed by Filter: 0
I/O Timings: read=0.000 write=0.000
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20454/commands/66954
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #416468 (closed)