Return the correct scopes when bypassing auth
What does this merge request do and why?
Return the correct scopes when bypassing auth.
Developers can opt in to disable authentication for testing by setting
AUTH_BYPASS_EXTERNAL=true
. Since permission scope is introduced (MR), the
authentication credentials for this use case no longer works since the permission scopes are not set correctly. This
results in Forbidden error and prohibits us from using this particular flag.
How to set up and validate locally
- Check out to this merge request's branch.
- Ensure a local Docker image built successfully.
docker buildx build --platform linux/amd64 -t ai-gateway:test .
- Run a local service on Docker.
docker run --platform linux/amd64 --rm \ -p 5052:5052 \ -e AUTH_BYPASS_EXTERNAL=true \ -v $PWD:/app -it ai-gateway:test
- Send a cURL request to the
/v2/completions
endpoint$ curl --request POST \ --url http://codesuggestions.gdk.test:5052/v2/completions \ --header 'Content-Type: application/json' \ --header 'X-Gitlab-Authentication-Type: oidc' \ --header 'authorization: Bearer jwt \ --data '{ "prompt_version": 1, "project_path": "gitlab-org/gitlab", "project_id": 278964, "current_file": { "file_name": "main.py", "content_above_cursor": "# complete this world\n", "content_below_cursor": "" } }'
- We should not see 403 Forbidden error.
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.
Edited by Tan Le