Skip to content

Save IJWT in service_access_tokens table

Roy Zwambag requested to merge 417018-save-jwt-token-from-cdot into master

What does this MR do and why?

With https://gitlab.com/gitlab-org/customers-gitlab-com/-/merge_requests/7745, we send over a JSON Web Token (JWT) from customers.gitlab.com (IJWT). This instance token is used to authenticate self-managed instances for obtaining code suggestions from the model gateway service. In this MR, we save this IJWT in the service_access_tokens table. If we get an empty token in the response, we assume the customer has no more access to code suggestions, so we clear all code suggestion tokens. If there is no token in the response at all, we ignore this step.

How to set up and validate locally

Enable FF :code_suggestions_tokens_from_customers_dot

If you have a running a cdot instance, switch to this branch, and manually run the sync seat worker by going to http://gdk.test:3000/admin/subscription and clicking the refresh icon next to Last sync

Screenshot_2023-07-10_at_14.51.37

After the sync, a token should be added to the Ai::ServiceAccessToken table.

Query plan

Note: the table is empty which could skew the results and the planner

Query

SELECT "service_access_tokens".* FROM "service_access_tokens" WHERE "service_access_tokens"."category" = 1

Results

 Seq Scan on public.service_access_tokens  (cost=0.00..48.00 rows=3 width=98) (actual time=0.003..0.004 rows=0 loops=1)
   Filter: (service_access_tokens.category = 1)
   Rows Removed by Filter: 0
   I/O Timings: read=0.000 write=0.000

https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/20454/commands/66954

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #416468 (closed)

Edited by Aleksei Lipniagov

Merge request reports

Loading