Draft: feat: POC: package CC PubKeys with AIGW build (!1327) · Merge requests · GitLab.org / ModelOps / AI Assisted (formerly Applied ML) / Code Suggestions / AI Gateway

Matthias Käppler requested to merge 639-package-pubkeys-poc into main Sep 11, 2024

What does this merge request do and why?

NOT INTENDED FOR MERGE

Explore the idea of baking public keys for CC token validation straight into the AI GW container:

Create Cloud Connector Docker image with keyfiles. For purposes of this POC, it has been included in this repo as build context. For a production-ready solution, we would move cloud-connector-build contents into a separate repo from which we publish a Docker image to the GitLab Registry.
During AIGW Docker build, copy config from CC Docker image into AIGW image
Create new DiskKeyProvider for reading these keys into a JWKS. For purposes of this POC, I store the keys in JWK format. This made it easier to integrate. For production, we would probably store them in PEM format instead, then convert them to JWK in the application.

I did not have JWKs available to me from a local CDot deployment (because reasons), so I grabbed the staging ones. Of course they will fail to validate signatures from tokens coming from a local Rails instance, but the general mechanism appears to work.

How to set up and validate locally

Run docker build -t mk-cc-poc cloud-connector-build
Run make develop-local

Merge request checklist

Tests added for new functionality. If not, please raise an issue to follow up.
Documentation added/updated, if needed.

Closes #639

Edited Sep 11, 2024 by Matthias Käppler

Draft: feat: POC: package CC PubKeys with AIGW build

What does this merge request do and why?

How to set up and validate locally

Merge request checklist

Merge request reports