Enforce namespace storage limit via app setting

Instead of gating namespace storage limit check via GL.com check, it
can be gated based on a new ApplicationSetting.

- Add column, enforce_namespace_storage_limit, to application_settings
  table.
- Allow setting to be listed and updated via application settings API.

changelogs/unreleased/231177-enforce-storage-limit-app-setting.yml

+---
+title: Enforce namespace storage limit via app setting
+merge_request: 38094
+author:
+type: changed

db/migrate/20200728175710_add_enforce_namespace_storage_limit_to_application_settings.rb

+# frozen_string_literal: true
+
+class AddEnforceNamespaceStorageLimitToApplicationSettings < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :enforce_namespace_storage_limit, :boolean, default: false, null: false
+  end
+end

db/schema_migrations/20200728175710

+a3a6d4e488c9979efd61890a15fdfe4ccea044a0b030b392ad39885cc807f22d
\ No newline at end of file

db/structure.sql

@@ -9248,6 +9248,7 @@ CREATE TABLE public.application_settings (
     maintenance_mode_message text,
     wiki_page_max_content_bytes bigint DEFAULT 52428800 NOT NULL,
     elasticsearch_indexed_file_size_limit_kb integer DEFAULT 1024 NOT NULL,
+    enforce_namespace_storage_limit boolean DEFAULT false NOT NULL,
     CONSTRAINT check_51700b31b5 CHECK ((char_length(default_branch_name) <= 255)),
     CONSTRAINT check_9c6c447a13 CHECK ((char_length(maintenance_mode_message) <= 255)),
     CONSTRAINT check_d03919528d CHECK ((char_length(container_registry_vendor) <= 255)),

doc/api/settings.md

@@ -251,6 +251,7 @@ are listed in the descriptions of the relevant settings.
 | `email_additional_text`                  | string           | no                                   | **(PREMIUM)** Additional text added to the bottom of every email for legal/auditing/compliance reasons |
 | `email_author_in_body`                   | boolean          | no                                   | Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead. |
 | `enabled_git_access_protocol`            | string           | no                                   | Enabled protocols for Git access. Allowed values are: `ssh`, `http`, and `nil` to allow both protocols. |
+| `enforce_namespace_storage_limit`        | boolean          | no                                   | Enabling this permits enforcement of namespace storage limits. |
 | `enforce_terms`                          | boolean          | no                                   | (**If enabled, requires:** `terms`) Enforce application ToS to all users. |
 | `external_auth_client_cert`              | string           | no                                   | (**If enabled, requires:** `external_auth_client_key`) The certificate to use to authenticate with the external authorization service |
 | `external_auth_client_key_pass`          | string           | no                                   | Passphrase to use for the private key when authenticating with the external service this is encrypted when stored |

ee/app/helpers/ee/application_settings_helper.rb

@@ -38,6 +38,7 @@ module EE
         :elasticsearch_limit_indexing,
         :elasticsearch_namespace_ids,
         :elasticsearch_project_ids,
+        :enforce_namespace_storage_limit,
         :geo_status_timeout,
         :geo_node_allowed_ips,
         :help_text,

ee/app/models/ee/application_setting.rb

@@ -112,6 +112,7 @@ module EE
           elasticsearch_max_bulk_concurrency: 10,
           elasticsearch_url: ENV['ELASTIC_URL'] || 'http://localhost:9200',
           email_additional_text: nil,
+          enforce_namespace_storage_limit: false,
           lock_memberships_to_ldap: false,
           max_personal_access_token_lifetime: nil,
           enforce_pat_expiration: true,