Resolve "Primary geo node can't be removed from non-secondary machines"

ee/app/helpers/ee/geo_helper.rb

@@ -13,7 +13,7 @@ module EE
       {
         primary_version: version.to_s,
         primary_revision: revision.to_s,
-        node_actions_allowed: ::Gitlab::Database.read_write?.to_s,
+        node_actions_allowed: ::Gitlab::Database.db_read_write?.to_s,
         node_edit_allowed: ::Gitlab::Geo.license_allows?.to_s
       }
     end

ee/changelogs/unreleased/6265-primary-geo-node-can-t-be-removed-from-non-secondary-machines.yml

+---
+title: Allow Geo node to be edited once the database is failed over
+merge_request: 6248
+author:
+type: fixed

ee/lib/ee/gitlab/middleware/read_only/controller.rb

+module EE
+  module Gitlab
+    module Middleware
+      module ReadOnly
+        module Controller
+          extend ::Gitlab::Utils::Override
+
+          WHITELISTED_GEO_ROUTES = {
+            'admin/geo_nodes' => %w{update}
+          }.freeze
+
+          private
+
+          override :whitelisted_routes
+          def whitelisted_routes
+            super || geo_node_update_route
+          end
+
+          def geo_node_update_route
+            # Calling route_hash may be expensive. Only do it if we think there's a possible match
+            return false unless request.path =~ %r{/admin/geo_nodes}
+
+            ::Gitlab::Database.db_read_write? &&
+              WHITELISTED_GEO_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+          end
+        end
+      end
+    end
+  end
+end

ee/lib/gitlab/geo/health_check.rb

@@ -68,9 +68,7 @@ module Gitlab
       end
 
       def self.database_secondary?
-        ActiveRecord::Base.connection.execute('SELECT pg_is_in_recovery()')
-          .first
-          .fetch('pg_is_in_recovery') == 't'
+        Gitlab::Database.db_read_only?
       end
 
       def self.db_replication_lag_seconds

ee/lib/system_check/geo/database_replication_check.rb

@@ -9,7 +9,7 @@ module SystemCheck
       end
 
       def check?
-        ActiveRecord::Base.connection.execute('SELECT pg_is_in_recovery()').first.fetch('pg_is_in_recovery') == 't'
+        Gitlab::Database.db_read_only?
       end
 
       def show_error

ee/spec/lib/ee/gitlab/middleware/read_only_spec.rb

+require 'spec_helper'
+
+describe Gitlab::Middleware::ReadOnly do
+  include Rack::Test::Methods
+  using RSpec::Parameterized::TableSyntax
+
+  let(:rack_stack) do
+    rack = Rack::Builder.new do
+      use ActionDispatch::Session::CacheStore
+      use ActionDispatch::Flash
+      use ActionDispatch::ParamsParser
+    end
+
+    rack.run(subject)
+    rack.to_app
+  end
+
+  let(:observe_env) do
+    Module.new do
+      attr_reader :env
+
+      def call(env)
+        @env = env
+        super
+      end
+    end
+  end
+
+  let(:request) { Rack::MockRequest.new(rack_stack) }
+
+  subject do
+    described_class.new(fake_app).tap do |app|
+      app.extend(observe_env)
+    end
+  end
+
+  context 'normal requests to a read-only Gitlab instance' do
+    let(:fake_app) { lambda { |env| [200, { 'Content-Type' => 'text/plain' }, ['OK']] } }
+
+    before do
+      allow(Gitlab::Database).to receive(:read_only?) { true }
+    end
+
+    context 'whitelisted requests' do
+      it 'expects a PATCH request to geo_nodes update URL to be allowed' do
+        expect(Rails.application.routes).to receive(:recognize_path).and_call_original
+        response = request.patch('/admin/geo_nodes/1')
+
+        expect(response).not_to be_redirect
+        expect(subject).not_to disallow_request
+      end
+    end
+  end
+end

lib/gitlab/middleware/read_only/controller.rb

@@ -2,6 +2,8 @@ module Gitlab
   module Middleware
     class ReadOnly
       class Controller
+        prepend EE::Gitlab::Middleware::ReadOnly::Controller
+
         DISALLOWED_METHODS = %w(POST PATCH PUT DELETE).freeze
         APPLICATION_JSON = 'application/json'.freeze
         APPLICATION_JSON_TYPES = %W{#{APPLICATION_JSON} application/vnd.git-lfs+json}.freeze