Trim secret before signing JWT tokens
Related issue: https://gitlab.com/gitlab-org/gitlab/-/issues/325167
Currently, we send plain secret to Gitlab Rails in order to authenticate gitlab-shell requests, but we want to use JWT tokens instead: https://gitlab.com/gitlab-org/gitlab/-/issues/325167. However, Rails part removes trailing new lines both from the input (sent gitlab-shell header) and the secret that it reads from the config.
I thought that we could workaround it by reading plain values for the secret from the file. But it's unreliable since shared secrets for Rails, Gitlab Shell and Gitaly can be different files.
With this change, we don't rely on the secret to either contain a newline or not contain it. When we update the version of gitlab-shell with this change on Rails part, some test may fail because Gitaly won't contain the change yet. So my plan is:
- Review and merge this change
- Update the gitlab-shell version and fix the failed tests (probably by explicitly disabling
gitlab_shell_jwt_token
) - Introduce the change the Gitaly client
- Enabled feature flag for the failing tests