diff options
| author | Ahmad Sherif <me@ahmadsherif.com> | 2019-07-22 17:56:40 +0300 |
|---|---|---|
| committer | Ahmad Sherif <me@ahmadsherif.com> | 2019-09-10 14:43:11 +0300 |
| commit | 3c2b4a1cede956d5160ccf08d0a561bf31248161 (patch) | |
| tree | 9462f59d477ffe7ac1eee0fe56cf9f343b568d1f /app/models | |
| parent | f7e7ee713aa21874bf6810d01976c2b5342c0995 (diff) | |
Enable serving static objects from an external storage
It consists of two parts:
1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
on behalf of the user by means of specific tokens
Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/application_setting.rb | 8 | ||||
| -rw-r--r-- | app/models/application_setting_implementation.rb | 4 | ||||
| -rw-r--r-- | app/models/user.rb | 8 |
3 files changed, 20 insertions, 0 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index e39d655325f..3409411c3b1 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -8,6 +8,7 @@ class ApplicationSetting < ApplicationRecord add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption, default_enabled: true) ? :optional : :required } add_authentication_token_field :health_check_access_token + add_authentication_token_field :static_objects_external_storage_auth_token belongs_to :instance_administration_project, class_name: "Project" @@ -211,6 +212,13 @@ class ApplicationSetting < ApplicationRecord allow_blank: false, if: :asset_proxy_enabled? + validates :static_objects_external_storage_url, + addressable_url: true, allow_blank: true + + validates :static_objects_external_storage_auth_token, + presence: true, + if: :static_objects_external_storage_url? + SUPPORTED_KEY_TYPES.each do |type| validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type } end diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb index f402c0e2775..8d9597aa5a4 100644 --- a/app/models/application_setting_implementation.rb +++ b/app/models/application_setting_implementation.rb @@ -306,6 +306,10 @@ module ApplicationSettingImplementation archive_builds_in_seconds.seconds.ago if archive_builds_in_seconds end + def static_objects_external_storage_enabled? + static_objects_external_storage_url.present? + end + private def array_to_string(arr) diff --git a/app/models/user.rb b/app/models/user.rb index 67d730e2fa3..75532aeebb3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -31,6 +31,7 @@ class User < ApplicationRecord add_authentication_token_field :incoming_email_token, token_generator: -> { SecureRandom.hex.to_i(16).to_s(36) } add_authentication_token_field :feed_token + add_authentication_token_field :static_object_token default_value_for :admin, false default_value_for(:external) { Gitlab::CurrentSettings.user_default_external } @@ -1437,6 +1438,13 @@ class User < ApplicationRecord ensure_feed_token! end + # Each existing user needs to have a `static_object_token`. + # We do this on read since migrating all existing users is not a feasible + # solution. + def static_object_token + ensure_static_object_token! + end + def sync_attribute?(attribute) return true if ldap_user? && attribute == :email |