diff options
author | Robert Speicher <robert@gitlab.com> | 2018-09-21 20:51:44 +0000 |
---|---|---|
committer | Robert Speicher <robert@gitlab.com> | 2018-09-21 20:51:44 +0000 |
commit | 4c8d2232ca3e4b97a313e9ac4d96dee2b3de9e84 (patch) | |
tree | d85d1fdeac46d440a9ca702836d8ce6af911e496 | |
parent | e255b88e51b956d92afb5e9b90a2749a60e63459 (diff) | |
parent | 368984e47655190cca5ef8c8e1f10f35bbfa8ee5 (diff) | |
download | gitlab-ce-4c8d2232ca3e4b97a313e9ac4d96dee2b3de9e84.tar.gz |
Merge branch 'gitaly-auth-v2' into 'master'
Use the new gitaly auth scheme (v2)
See merge request gitlab-org/gitlab-ce!21417
-rw-r--r-- | lib/gitlab/gitaly_client.rb | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb index 12307338972..302341d9541 100644 --- a/lib/gitlab/gitaly_client.rb +++ b/lib/gitlab/gitaly_client.rb @@ -174,10 +174,29 @@ module Gitlab end private_class_method :current_transaction_labels + # For some time related tasks we can't rely on `Time.now` since it will be + # affected by Timecop in some tests, and the clock of some gitaly-related + # components (grpc's c-core and gitaly server) use system time instead of + # timecop's time, so tests will fail. + # `Time.at(Process.clock_gettime(Process::CLOCK_REALTIME))` will circumvent + # timecop. + def self.real_time + Time.at(Process.clock_gettime(Process::CLOCK_REALTIME)) + end + private_class_method :real_time + + def self.authorization_token(storage) + token = token(storage).to_s + issued_at = real_time.to_i.to_s + hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, token, issued_at) + + "v2.#{hmac}.#{issued_at}" + end + private_class_method :authorization_token + def self.request_kwargs(storage, timeout, remote_storage: nil) - encoded_token = Base64.strict_encode64(token(storage).to_s) metadata = { - 'authorization' => "Bearer #{encoded_token}", + 'authorization' => "Bearer #{authorization_token(storage)}", 'client_name' => CLIENT_NAME } @@ -195,12 +214,7 @@ module Gitlab return result unless timeout > 0 - # Do not use `Time.now` for deadline calculation, since it - # will be affected by Timecop in some tests, but grpc's c-core - # uses system time instead of timecop's time, so tests will fail - # `Time.at(Process.clock_gettime(Process::CLOCK_REALTIME))` will - # circumvent timecop - deadline = Time.at(Process.clock_gettime(Process::CLOCK_REALTIME)) + timeout + deadline = real_time + timeout result[:deadline] = deadline result |