Merge branch 'ag-allow-admins-to-update-settings' into 'master'

Allow admins to update settings in maintenance mode

See merge request gitlab-org/gitlab!49765

ee/lib/ee/gitlab/middleware/read_only/controller.rb

@@ -33,7 +33,7 @@ module EE
           # secondary either
           override :allowlisted_routes
           def allowlisted_routes
-            allowed = super || geo_node_update_route? || geo_api_route?
+            allowed = super || geo_node_update_route? || geo_api_route? || admin_settings_update?
 
             return true if allowed
             return false if ::Gitlab.maintenance_mode?
@@ -46,6 +46,10 @@ module EE
             geo_proxy_git_ssh_route? || geo_proxy_git_http_route? || lfs_locks_route?
           end
 
+          def admin_settings_update?
+            request.path.start_with?('/api/v4/application/settings')
+          end
+
           def geo_node_update_route?
             # Calling route_hash may be expensive. Only do it if we think there's a possible match
             return false unless request.path.start_with?('/admin/geo/')

ee/spec/support/shared_examples/lib/gitlab/middleware/maintenance_mode_gitlab_ee_instance_shared_examples.rb

@@ -15,6 +15,13 @@ RSpec.shared_examples 'write access for a read-only GitLab (EE) instance in main
 
     it_behaves_like 'allowlisted /admin/geo requests'
 
+    it "expects a PUT request to /admin/application_settings/general to be allowed" do
+      response = request.send(:put, "/api/v4/application/settings")
+
+      expect(response).not_to be_redirect
+      expect(subject).not_to disallow_request
+    end
+
     context 'on Geo secondary' do
       before do
         allow(::Gitlab::Geo).to receive(:secondary?).and_return(true)