From fb01914fa56fe12de72861e5f54aef4db6988fc9 Mon Sep 17 00:00:00 2001
From: Luke Duncalfe <lduncalfe@eml.cc>
Date: Tue, 9 Apr 2024 15:23:49 +1200
Subject: [PATCH] Add silent_admin_exports_enabled setting

https://gitlab.com/gitlab-org/gitlab/-/issues/294168

Changelog: added
---
 app/helpers/application_settings_helper.rb    |  1 +
 app/models/application_setting.rb             |  5 +++++
 .../application_setting_implementation.rb     |  1 +
 .../application_setting_importers.json        | 11 ++++++++++
 ...9_add_importers_to_application_settings.rb | 10 ++++++++++
 ...hash_constraint_to_application_settings.rb | 20 +++++++++++++++++++
 db/schema_migrations/20240409013009           |  1 +
 db/schema_migrations/20240409014016           |  1 +
 db/structure.sql                              |  2 ++
 doc/api/settings.md                           |  8 ++++++--
 spec/models/application_setting_spec.rb       |  3 +++
 11 files changed, 61 insertions(+), 2 deletions(-)
 create mode 100644 app/validators/json_schemas/application_setting_importers.json
 create mode 100644 db/migrate/20240409013009_add_importers_to_application_settings.rb
 create mode 100644 db/migrate/20240409014016_add_importers_hash_constraint_to_application_settings.rb
 create mode 100644 db/schema_migrations/20240409013009
 create mode 100644 db/schema_migrations/20240409014016

diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index cbae992b03c367..9b44152a47d340 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -499,6 +499,7 @@ def visible_attributes
       :bulk_import_concurrent_pipeline_batch_limit,
       :bulk_import_enabled,
       :bulk_import_max_download_file_size,
+      :silent_admin_exports_enabled,
       :allow_runner_registration_token,
       :user_defaults_to_private_profile,
       :deactivation_email_additional_text,
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index e26ae717278a42..7f58bf62f90730 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -621,8 +621,13 @@ def self.kroki_formats_attributes
     throttle_unauthenticated_git_http_requests_per_period: [:integer, { default: 3600 }],
     throttle_unauthenticated_git_http_period_in_seconds: [:integer, { default: 3600 }]
 
+  jsonb_accessor :importers,
+    silent_admin_exports_enabled: [:boolean, { default: false }]
+
   validates :rate_limits, json_schema: { filename: "application_setting_rate_limits" }
 
+  validates :importers, json_schema: { filename: "application_setting_importers" }
+
   jsonb_accessor :package_registry, nuget_skip_metadata_url_validation: [:boolean, { default: false }]
 
   validates :package_registry, json_schema: { filename: 'application_setting_package_registry' }
diff --git a/app/models/application_setting_implementation.rb b/app/models/application_setting_implementation.rb
index e331b5f1b88d7f..bcfda3bc92d470 100644
--- a/app/models/application_setting_implementation.rb
+++ b/app/models/application_setting_implementation.rb
@@ -269,6 +269,7 @@ def defaults # rubocop:disable Metrics/AbcSize
         can_create_organization: true,
         bulk_import_enabled: false,
         bulk_import_max_download_file_size: 5120,
+        silent_admin_exports_enabled: false,
         allow_runner_registration_token: true,
         user_defaults_to_private_profile: false,
         projects_api_rate_limit_unauthenticated: 400,
diff --git a/app/validators/json_schemas/application_setting_importers.json b/app/validators/json_schemas/application_setting_importers.json
new file mode 100644
index 00000000000000..c69507456b8c36
--- /dev/null
+++ b/app/validators/json_schemas/application_setting_importers.json
@@ -0,0 +1,11 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Application settings for importers and exporters",
+  "type": "object",
+  "properties": {
+    "silent_admin_exports_enabled": {
+      "type": "boolean"
+    }
+  },
+  "additionalProperties": false
+}
diff --git a/db/migrate/20240409013009_add_importers_to_application_settings.rb b/db/migrate/20240409013009_add_importers_to_application_settings.rb
new file mode 100644
index 00000000000000..30c8c2ad7e7261
--- /dev/null
+++ b/db/migrate/20240409013009_add_importers_to_application_settings.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+class AddImportersToApplicationSettings < Gitlab::Database::Migration[2.2]
+  milestone '17.0'
+  enable_lock_retries!
+
+  def change
+    add_column :application_settings, :importers, :jsonb, default: {}, null: false
+  end
+end
diff --git a/db/migrate/20240409014016_add_importers_hash_constraint_to_application_settings.rb b/db/migrate/20240409014016_add_importers_hash_constraint_to_application_settings.rb
new file mode 100644
index 00000000000000..8d4502f12a8e88
--- /dev/null
+++ b/db/migrate/20240409014016_add_importers_hash_constraint_to_application_settings.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class AddImportersHashConstraintToApplicationSettings < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '17.0'
+
+  CONSTRAINT_NAME = 'check_application_settings_importers_is_hash'
+
+  def up
+    add_check_constraint(
+      :application_settings,
+      "(jsonb_typeof(importers) = 'object')",
+      CONSTRAINT_NAME
+    )
+  end
+
+  def down
+    remove_check_constraint :application_settings, CONSTRAINT_NAME
+  end
+end
diff --git a/db/schema_migrations/20240409013009 b/db/schema_migrations/20240409013009
new file mode 100644
index 00000000000000..850bd9667a430d
--- /dev/null
+++ b/db/schema_migrations/20240409013009
@@ -0,0 +1 @@
+5d583eb5c1f9312a488de07a4cdad58ec22e378830ac0731945344c471065bf6
\ No newline at end of file
diff --git a/db/schema_migrations/20240409014016 b/db/schema_migrations/20240409014016
new file mode 100644
index 00000000000000..4fa3fab3e7bfb4
--- /dev/null
+++ b/db/schema_migrations/20240409014016
@@ -0,0 +1 @@
+58294e001551f2b64859b5e8f16fcbdebac32b2696479120240ae8979122c428
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 7768e03aedf805..64f611b5e29928 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -4449,6 +4449,7 @@ CREATE TABLE application_settings (
     service_ping_settings jsonb DEFAULT '{}'::jsonb NOT NULL,
     package_registry jsonb DEFAULT '{}'::jsonb NOT NULL,
     rate_limits_unauthenticated_git_http jsonb DEFAULT '{}'::jsonb NOT NULL,
+    importers jsonb DEFAULT '{}'::jsonb NOT NULL,
     CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
     CONSTRAINT app_settings_container_registry_pre_import_tags_rate_positive CHECK ((container_registry_pre_import_tags_rate >= (0)::numeric)),
     CONSTRAINT app_settings_dep_proxy_ttl_policies_worker_capacity_positive CHECK ((dependency_proxy_ttl_group_policy_worker_capacity >= 0)),
@@ -4500,6 +4501,7 @@ CREATE TABLE application_settings (
     CONSTRAINT check_app_settings_namespace_storage_forks_cost_factor_range CHECK (((namespace_storage_forks_cost_factor >= (0)::double precision) AND (namespace_storage_forks_cost_factor <= (1)::double precision))),
     CONSTRAINT check_app_settings_sentry_clientside_traces_sample_rate_range CHECK (((sentry_clientside_traces_sample_rate >= (0)::double precision) AND (sentry_clientside_traces_sample_rate <= (1)::double precision))),
     CONSTRAINT check_application_settings_clickhouse_is_hash CHECK ((jsonb_typeof(clickhouse) = 'object'::text)),
+    CONSTRAINT check_application_settings_importers_is_hash CHECK ((jsonb_typeof(importers) = 'object'::text)),
     CONSTRAINT check_application_settings_package_registry_is_hash CHECK ((jsonb_typeof(package_registry) = 'object'::text)),
     CONSTRAINT check_application_settings_rate_limits_is_hash CHECK ((jsonb_typeof(rate_limits) = 'object'::text)),
     CONSTRAINT check_application_settings_rate_limits_unauth_git_http_is_hash CHECK ((jsonb_typeof(rate_limits_unauthenticated_git_http) = 'object'::text)),
diff --git a/doc/api/settings.md b/doc/api/settings.md
index fa741a81333e43..5cf87a2ebbba4c 100644
--- a/doc/api/settings.md
+++ b/doc/api/settings.md
@@ -135,7 +135,8 @@ Example response:
   "bulk_import_concurrent_pipeline_batch_limit": 25,
   "concurrent_github_import_jobs_limit": 1000,
   "concurrent_bitbucket_import_jobs_limit": 100,
-  "concurrent_bitbucket_server_import_jobs_limit": 100
+  "concurrent_bitbucket_server_import_jobs_limit": 100,
+  "silent_admin_exports_enabled": false
 }
 ```
 
@@ -294,7 +295,8 @@ Example response:
   "downstream_pipeline_trigger_limit_per_project_user_sha": 0,
   "concurrent_github_import_jobs_limit": 1000,
   "concurrent_bitbucket_import_jobs_limit": 100,
-  "concurrent_bitbucket_server_import_jobs_limit": 100
+  "concurrent_bitbucket_server_import_jobs_limit": 100,
+  "silent_admin_exports_enabled": false
 }
 ```
 
@@ -329,6 +331,7 @@ Example responses:
 
 > - Fields `housekeeping_full_repack_period`, `housekeeping_gc_period`, and `housekeeping_incremental_repack_period` [deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/106963) in GitLab 15.8. Use `housekeeping_optimize_repository_period` instead.
 > - Parameter `allow_account_deletion` [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/412411) in GitLab 16.1.
+> - Parameter `silent_admin_exports_enabled` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/148918) in GitLab 17.0.
 
 In general, all settings are optional. Certain settings though, if enabled,
 require other settings to be set to function properly. These requirements are
@@ -594,6 +597,7 @@ listed in the descriptions of the relevant settings.
 | `sidekiq_job_limiter_limit_bytes`                 | integer | no                                   | The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn't reject any job). |
 | `signin_enabled`                         | string           | no                                   | (Deprecated: Use `password_authentication_enabled_for_web` instead) Flag indicating if password authentication is enabled for the web interface. |
 | `signup_enabled`                         | boolean          | no                                   | Enable registration. Default is `true`. |
+| `silent_admin_exports_enabled`           | boolean          | no                                   | Enable silent exports for administrators. Default is `false`. |
 | `silent_mode_enabled`                    | boolean          | no                                   | Enable [Silent mode](../administration/silent_mode/index.md). Default is `false`. |
 | `slack_app_enabled`                      | boolean          | no                                   | (**If enabled, requires:** `slack_app_id`, `slack_app_secret`, `slack_app_signing_secret`, and `slack_app_verification_token`) Enable the GitLab for Slack app. |
 | `slack_app_id`                           | string           | required by: `slack_app_enabled`     | The client ID of the GitLab for Slack app. |
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index fe79b36e9c987d..4254530a3fe960 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -35,6 +35,7 @@
     it { expect(setting.concurrent_bitbucket_import_jobs_limit).to eq(100) }
     it { expect(setting.concurrent_bitbucket_server_import_jobs_limit).to eq(100) }
     it { expect(setting.nuget_skip_metadata_url_validation).to eq(false) }
+    it { expect(setting.silent_admin_exports_enabled).to eq(false) }
   end
 
   describe 'validations' do
@@ -201,6 +202,8 @@ def many_usernames(num = 100)
 
     it { is_expected.to validate_inclusion_of(:bulk_import_enabled).in_array([true, false]) }
 
+    it { is_expected.to validate_inclusion_of(:silent_admin_exports_enabled).in_array([true, false]) }
+
     it { is_expected.to validate_inclusion_of(:allow_runner_registration_token).in_array([true, false]) }
 
     it { is_expected.to validate_inclusion_of(:gitlab_dedicated_instance).in_array([true, false]) }
-- 
GitLab