Implement new credentials scheme on gitaly-ruby

2 files changed, 14 insertions, 3 deletions

diff --git a/changelogs/unreleased/gitaly-client-credentials.yml b/changelogs/unreleased/gitaly-client-credentials.yml
new file mode 100644
index 000000000..d2736bf04
--- /dev/null
+++ b/changelogs/unreleased/gitaly-client-credentials.yml
@@ -0,0 +1,5 @@
+---
+title: Implement new credentials scheme on gitaly-ruby
+merge_request: 873
+author:
+type: changed
diff --git a/ruby/lib/gitlab/git/gitaly_remote_repository.rb b/ruby/lib/gitlab/git/gitaly_remote_repository.rb
index be15f5df7..ab0380ed7 100644
--- a/ruby/lib/gitlab/git/gitaly_remote_repository.rb
+++ b/ruby/lib/gitlab/git/gitaly_remote_repository.rb
@@ -56,20 +56,26 @@ module Gitlab
       end
 
       def token
-        gitaly_client.token(storage)
+        gitaly_client.token(storage).to_s
       end
 
       def request_kwargs
         @request_kwargs ||= begin
-          encoded_token = Base64.strict_encode64(token.to_s)
           metadata = {
-            'authorization' => "Bearer #{encoded_token}",
+            'authorization' => "Bearer #{auhtorization_token}",
             'client_name' => CLIENT_NAME
           }
 
           { metadata: metadata }
         end
       end
+
+      def auhtorization_token
+        issued_at = Time.now.to_i.to_s
+        hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, token, issued_at)
+
+        "v2.#{hmac}.#{issued_at}"
+      end
     end
   end
 end