Allow edits to applciation settings in maintenance mode

fcd27f33 · Aakriti Gupta · 6bd1be63 · fcd27f33 · fcd27f33
Commit fcd27f33 authored Jan 08, 2021 by Aakriti Gupta
2 changed files
--- a/ee/lib/ee/gitlab/middleware/read_only/controller.rb
+++ b/ee/lib/ee/gitlab/middleware/read_only/controller.rb
@@ -51,7 +51,10 @@ module EE
          end

          def admin_settings_update?
-            request.path.start_with?('/api/v4/application/settings')
+            return false if ::Gitlab::Geo.secondary?
+
+            request.path.start_with?('/api/v4/application/settings',
+                                     '/admin/application_settings/general')
          end

          def geo_node_update_route?

--- a/ee/spec/support/shared_examples/lib/gitlab/middleware/maintenance_mode_gitlab_ee_instance_shared_examples.rb
+++ b/ee/spec/support/shared_examples/lib/gitlab/middleware/maintenance_mode_gitlab_ee_instance_shared_examples.rb
@@ -15,13 +15,20 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main

    it_behaves_like 'allowlisted /admin/geo requests'

-    it "expects a PUT request to /admin/application_settings/general to be allowed" do
+    it "expects a PUT request to /api/v4/application/settings to be allowed" do
      response = request.send(:put, "/api/v4/application/settings")

      expect(response).not_to be_redirect
      expect(subject).not_to disallow_request
    end

+    it "expects a POST request to /admin/application_settings/general to be allowed" do
+      response = request.send(:post, "/admin/application_settings/general")
+
+      expect(response).not_to be_redirect
+      expect(subject).not_to disallow_request
+    end
+
    context 'on Geo secondary' do
      before do
        allow(::Gitlab::Geo).to receive(:secondary?).and_return(true)
@@ -46,6 +53,7 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
        'LFS request to locks create' | '/root/rouge.git/info/lfs/locks'
        'LFS request to locks unlock' | '/root/rouge.git/info/lfs/locks/1/unlock'
        'git-receive-pack'            | '/root/rouge.git/git-receive-pack'
+        'application settings'        | '/admin/application_settings/general'
      end

      with_them do
@@ -56,6 +64,13 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
          expect(subject).to disallow_request
        end
      end
+
+      it "expects a PUT request to /api/v4/application/settings to not be allowed" do
+        response = request.send(:put, "/api/v4/application/settings")
+
+        expect(response).to be_redirect
+        expect(subject).to disallow_request
+      end
    end

    context 'when not on Geo secondary' do