Port the idea of a read-only database into CE
EE diverges from CE in a number of places to deal with the Geo secondary's "run against a read-only database" use case. Because this code is EE-only, it's difficult to maintain.
Worse, cases where we write to the database in unexpected contexts (e.g., non-GET HTTP requests) keep being introduced, per https://gitlab.com/gitlab-org/gitlab-ee/issues/1744
As we did with the auditor
user and full_private_access?
, I think we need to move much of the existing code handling this case into CE, and abstract it away from Geo.
We can add, perhaps, Gitlab::Database.readonly?
which is always false
in CE but depends on Gitlab::Geo.secondary?
in EE.
We can also port the readonly middleware, etc, over to CE and document the requirements for when you need to have additional checks (writing to the DB in a non-GET request, etc) in doc/development/verifying_database_capabilities.md
CE could make use of this code for its own ends - for instance, it would be nice to be able to enable a read-only mode while some relatively short-lived data migrations are running, to prevent new bad entries from being added in a low-overhead way.