Enable serving static objects from an external storage

It consists of two parts:

1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
   on behalf of the user by means of specific tokens

Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829

1 files changed, 8 insertions, 0 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index e39d655325f..3409411c3b1 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -8,6 +8,7 @@ class ApplicationSetting < ApplicationRecord
 
   add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption, default_enabled: true) ? :optional : :required }
   add_authentication_token_field :health_check_access_token
+  add_authentication_token_field :static_objects_external_storage_auth_token
 
   belongs_to :instance_administration_project, class_name: "Project"
 
@@ -211,6 +212,13 @@ class ApplicationSetting < ApplicationRecord
             allow_blank: false,
             if: :asset_proxy_enabled?
 
+  validates :static_objects_external_storage_url,
+            addressable_url: true, allow_blank: true
+
+  validates :static_objects_external_storage_auth_token,
+            presence: true,
+            if: :static_objects_external_storage_url?
+
   SUPPORTED_KEY_TYPES.each do |type|
     validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }
   end