Gitaly tokens with a '#$' character sequence are incorrectly escaped into config.toml
Since !6621 (merged) replaced a manually curated Gitaly config.toml template with Tomlib.dump
, when a gitaly (and praefect?) auth token contains the literal character sequence #$
, those chars are rendered into the toml file as \#$
inside a double quoted string, e.g.:
[auth]
token = "Aa\#$298gXsqK9876"
which is invalid TOML because # is not a valid escaped character per https://toml.io/en/v0.3.0#string. Gitaly then fails to start with:
load config: config_path \"/var/opt/gitlab/gitaly/config.toml\": load toml: toml: invalid escaped character U+0023 '#'""
This is because Tomlib uses value.inspect
to emit string literals, which escapes per Ruby rules, where #$<variablename>
is short hand for #{$<variablename>}
to expand a global variable, and so the #
needs to be escaped so that if the string were fed back into Ruby it wouldn't be interpolated incorrectly.
I think there's a reasonable argument for this being a bug in Tomlib, but the impact is specifically local and related to a change in behavior in Omnibus, so I'm raising it here first for discussion; if nothing else, we'll need a fixed tomlib gem in this project if/when a fix is created (I'll go create a bug report there shortly).
Internal issue for reference: https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/2056#note_1373491865