Merge branch 'ag-allow-admin-settings-change' into 'master'

Allow edits to application settings in maintenance mode See merge request gitlab-org/gitlab!51228

Merge branch 'ag-allow-admin-settings-change' into 'master'
Allow edits to application settings in maintenance mode See merge request gitlab-org/gitlab!51228
8b958468 · Michael Kozono · fb207682 · fcd27f33 · 8b958468 · 8b958468
Commit 8b958468 authored Jan 11, 2021 by Michael Kozono
2 changed files
--- a/ee/lib/ee/gitlab/middleware/read_only/controller.rb
+++ b/ee/lib/ee/gitlab/middleware/read_only/controller.rb
@@ -51,7 +51,10 @@ module EE
          end
          def admin_settings_update?
-            request.path.start_with?('/api/v4/application/settings')
+            return false if ::Gitlab::Geo.secondary?
+            request.path.start_with?('/api/v4/application/settings',
+                                     '/admin/application_settings/general')
          end
          def geo_node_update_route?

--- a/ee/spec/support/shared_examples/lib/gitlab/middleware/maintenance_mode_gitlab_ee_instance_shared_examples.rb
+++ b/ee/spec/support/shared_examples/lib/gitlab/middleware/maintenance_mode_gitlab_ee_instance_shared_examples.rb
@@ -15,13 +15,20 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
    it_behaves_like 'allowlisted /admin/geo requests'
-    it "expects a PUT request to /admin/application_settings/general to be allowed" do
+    it "expects a PUT request to /api/v4/application/settings to be allowed" do
      response = request.send(:put, "/api/v4/application/settings")
      expect(response).not_to be_redirect
      expect(subject).not_to disallow_request
    end
+    it "expects a POST request to /admin/application_settings/general to be allowed" do
+      response = request.send(:post, "/admin/application_settings/general")
+      expect(response).not_to be_redirect
+      expect(subject).not_to disallow_request
+    end
    context 'on Geo secondary' do
      before do
        allow(::Gitlab::Geo).to receive(:secondary?).and_return(true)
@@ -46,6 +53,7 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
        'LFS request to locks create' | '/root/rouge.git/info/lfs/locks'
        'LFS request to locks unlock' | '/root/rouge.git/info/lfs/locks/1/unlock'
        'git-receive-pack'            | '/root/rouge.git/git-receive-pack'
+        'application settings'        | '/admin/application_settings/general'
      end
      with_them do
@@ -56,6 +64,13 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
          expect(subject).to disallow_request
        end
      end
+      it "expects a PUT request to /api/v4/application/settings to not be allowed" do
+        response = request.send(:put, "/api/v4/application/settings")
+        expect(response).to be_redirect
+        expect(subject).to disallow_request
+      end
    end
    context 'when not on Geo secondary' do