Add latest changes from gitlab-org/gitlab@13-2-stable-ee

9 files changed, 118 insertions, 35 deletions

diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md
index b4fb7a524da..167016f1cb5 100644
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -30,11 +30,12 @@ details.
 
 This sets a maximum size limit on each namespace. The following are included in the namespace size:
 
-- repository
-- wiki
+- Repository
+- Wiki
 - LFS objects
-- build artifacts
-- packages
+- Build artifacts
+- Packages
+- Snippets
 
 NOTE: **Note:**
 This limit is not currently enforced but will be in a future release.
@@ -140,6 +141,39 @@ Once a lifetime for personal access tokens is set, GitLab will:
   allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
   or remove it, before revocation takes place.
 
+## Optional enforcement of Personal Access Token expiry **(ULTIMATE ONLY)**
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
+> - It is deployed behind a feature flag, disabled by default.
+> - It is disabled on GitLab.com.
+> - It is not recommended for production use.
+> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-optional-enforcement-of-personal-access-token-expiry-feature-core-only). **(CORE ONLY)**
+
+GitLab administrators can choose to prevent personal access tokens from expiring automatically. The tokens will be usable after the expiry date, unless they are revoked explicitly.
+
+To do this:
+
+1. Navigate to **Admin Area > Settings > General**.
+1. Expand the **Account and limit** section.
+1. Uncheck the **Enforce personal access token expiration** checkbox.
+
+### Enable or disable optional enforcement of Personal Access Token expiry Feature **(CORE ONLY)**
+
+Optional Enforcement of Personal Access Token Expiry is under development and not ready for production use. It is deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it for your instance from the [rails console](../../../administration/feature_flags.md#start-the-gitlab-rails-console).
+
+To enable it:
+
+```ruby
+Feature.enable(:enforce_personal_access_token_expiration)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:enforce_personal_access_token_expiration)
+```
+
 ## Disabling user profile name changes **(PREMIUM ONLY)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/24605) in GitLab 12.7.
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index 3a287f29a0a..0479da7fb52 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -17,8 +17,8 @@ You can find it in the **Admin Area > Settings > CI/CD**.
 To enable (or disable) [Auto DevOps](../../../topics/autodevops/index.md)
 for all projects:
 
-1. Go to **Admin Area > Settings > CI/CD**
-1. Check (or uncheck to disable) the box that says "Default to Auto DevOps pipeline for all projects"
+1. Go to **Admin Area > Settings > CI/CD**.
+1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**.
 1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/index.md#auto-devops-base-domain)
    which is going to be used for Auto Deploy and Auto Review Apps.
 1. Hit **Save changes** for the changes to take effect.
@@ -48,21 +48,21 @@ To change it at the:
 
    1. Go to **Admin Area > Settings > CI/CD**.
    1. Change the value of maximum artifacts size (in MB).
-   1. Hit **Save changes** for the changes to take effect.
+   1. Click **Save changes** for the changes to take effect.
 
 - [Group level](../../group/index.md#group-settings) (this will override the instance setting):
 
   1. Go to the group's **Settings > CI / CD > General Pipelines**.
   1. Change the value of **maximum artifacts size (in MB)**.
-  1. Press **Save changes** for the changes to take effect.
+  1. Click **Save changes** for the changes to take effect.
 
 - [Project level](../../../ci/pipelines/settings.md) (this will override the instance and group settings):
 
   1. Go to the project's **Settings > CI / CD > General Pipelines**.
   1. Change the value of **maximum artifacts size (in MB)**.
-  1. Press **Save changes** for the changes to take effect.
+  1. Click **Save changes** for the changes to take effect.
 
-NOTE: **Note**
+NOTE: **Note:**
 The setting at all levels is only available to GitLab administrators.
 
 ## Default artifacts expiration **(CORE ONLY)**
@@ -70,18 +70,17 @@ The setting at all levels is only available to GitLab administrators.
 The default expiration time of the [job artifacts](../../../administration/job_artifacts.md)
 can be set in the Admin Area of your GitLab instance. The syntax of duration is
 described in [`artifacts:expire_in`](../../../ci/yaml/README.md#artifactsexpire_in)
-and the default value is `30 days`. On GitLab.com they
-[never expire](../../gitlab_com/index.md#gitlab-cicd).
+and the default value is `30 days`.
 
 1. Go to **Admin Area > Settings > CI/CD**.
 1. Change the value of default expiration time.
-1. Hit **Save changes** for the changes to take effect.
+1. Click **Save changes** for the changes to take effect.
 
 This setting is set per job and can be overridden in
 [`.gitlab-ci.yml`](../../../ci/yaml/README.md#artifactsexpire_in).
 To disable the expiration, set it to `0`. The default unit is in seconds.
 
-NOTE: **Note**
+NOTE: **Note:**
 Any changes to this setting will apply to new artifacts only. The expiration time will not
 be updated for artifacts created before this setting was changed.
 The administrator may need to manually search for and expire previously-created
@@ -101,9 +100,10 @@ On GitLab.com, the quota is calculated based on your
 
 To change the pipelines minutes quota:
 
-1. Go to **Admin Area > Settings > CI/CD**
-1. Set the pipeline minutes quota limit.
-1. Hit **Save changes** for the changes to take effect
+1. Go to **Admin Area > Settings > CI/CD**.
+1. Expand **Continuous Integration and Deployment**.
+1. In the **Pipeline minutes quota** box, enter the maximum number of minutes.
+1. Click **Save changes** for the changes to take effect.
 
 ---
 
@@ -112,8 +112,8 @@ also change each group's pipeline minutes quota to override the global value.
 
 1. Navigate to the **Admin Area > Overview > Groups** and hit the **Edit**
    button for the group you wish to change the pipeline minutes quota.
-1. Set the pipeline minutes quota to the desired value
-1. Hit **Save changes** for the changes to take effect.
+1. In the **Pipeline Minutes Quota** box, enter the maximum number of minutes.
+1. Click **Save changes** for the changes to take effect.
 
 Once saved, you can see the build quota in the group admin view.
 The quota can also be viewed in the project admin view if shared Runners
@@ -143,6 +143,8 @@ Once that time passes, the jobs will be archived and no longer able to be
 retried. Make it empty to never expire jobs. It has to be no less than 1 day,
 for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>.
 
+As of June 22, 2020 the [value is set](../../gitlab_com/index.md#gitlab-cicd) to 3 months on GitLab.com. Jobs created before that date will be archived after September 22, 2020.
+
 ## Default CI configuration path
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18073) in GitLab 12.5.
diff --git a/doc/user/admin_area/settings/img/email_notification_for_unknown_sign_ins_v13_2.png b/doc/user/admin_area/settings/img/email_notification_for_unknown_sign_ins_v13_2.png
new file mode 100644
index 00000000000..fdcc542c4d7
--- /dev/null
+++ b/doc/user/admin_area/settings/img/email_notification_for_unknown_sign_ins_v13_2.png
diff --git a/doc/user/admin_area/settings/img/import_export_rate_limits_v13_2.png b/doc/user/admin_area/settings/img/import_export_rate_limits_v13_2.png
new file mode 100644
index 00000000000..78c94b3803c
--- /dev/null
+++ b/doc/user/admin_area/settings/img/import_export_rate_limits_v13_2.png
diff --git a/doc/user/admin_area/settings/import_export_rate_limits.md b/doc/user/admin_area/settings/import_export_rate_limits.md
new file mode 100644
index 00000000000..92cb2a1a109
--- /dev/null
+++ b/doc/user/admin_area/settings/import_export_rate_limits.md
@@ -0,0 +1,32 @@
+---
+type: reference
+stage: Manage
+group: Import
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
+# Project/Group Import/Export rate limits
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35728) in GitLab 13.2.
+
+The following table includes configurable rate limits. The following table includes limits on a
+per minute per user basis:
+
+| Limit                    | Default (per minute per user) |
+|--------------------------|-------------------------------|
+| Project Import           | 6                             |
+| Project Export           | 6                             |
+| Project Export Download  | 1                             |
+| Group Import             | 6                             |
+| Group Export             | 6                             |
+| Group Export Download    | 1                             |
+
+All rate limits are:
+
+- Configurable at **(admin)** **Admin Area > Settings > Network > Import/Export Rate Limits**
+- Applied per minute per user
+- Not applied per IP address
+- Active by default. To disable, set the option to `0`
+- Logged to `auth.log` file if exceed rate limit
+
+![Import/Export rate limits](img/import_export_rate_limits_v13_2.png)
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index df087722fcf..8c1e82f838b 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -43,6 +43,7 @@ Access the default page for admin area settings by navigating to
 
 | Option | Description |
 | ------ | ----------- |
+| [Repository's custom initial branch name](../../project/repository/branches/index.md#custom-initial-branch-name-core-only) | Set a custom branch name rather than master for all the new repositories created within your instance. |
 | [Repository mirror](visibility_and_access_controls.md#allow-mirrors-to-be-set-up-for-projects) | Configure repository mirroring. |
 | [Repository storage](../../../administration/repository_storage_types.md) | Configure storage path settings. |
 | Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
diff --git a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
index bae60aba15f..3f8ef7c9d01 100644
--- a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
+++ b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
@@ -10,10 +10,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28129) in GitLab 12.10.
 
 This setting allows you to rate limit the requests to the issue creation endpoint.
-It defaults to 300 requests per minute.
-You can change it in **Admin Area > Settings > Network > Performance Optimization**.
+You can change its value in **Admin Area > Settings > Network > Issues Rate Limits**.
 
-For example, requests using the
+For example, if you set a limit of 300, requests using the
 [Projects::IssuesController#create](https://gitlab.com/gitlab-org/gitlab/raw/master/app/controllers/projects/issues_controller.rb)
 action exceeding a rate of 300 per minute are blocked. Access to the endpoint is allowed after one minute.
 
@@ -23,6 +22,6 @@ This limit is:
 
 - Applied independently per project and per user.
 - Not applied per IP address.
-- Active by default. To disable it, set the option to `0`.
+- Disabled by default. To enable it, set the option to any value other than `0`.
 
 Requests over the rate limit are logged into the `auth.log` file.
diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md
index 1da93c7005f..311b79af7e3 100644
--- a/doc/user/admin_area/settings/sign_in_restrictions.md
+++ b/doc/user/admin_area/settings/sign_in_restrictions.md
@@ -4,9 +4,14 @@ type: reference
 
 # Sign-in restrictions **(CORE ONLY)**
 
-You can use sign-in restrictions to limit the authentication with password
-for web interface and Git over HTTP(S), two-factor authentication enforcing, as well as
-as configuring the home page URL and after sign-out path.
+You can use **Sign-in restrictions** to customize authentication restrictions for web interfaces as well as Git over HTTP(S).
+
+## Settings
+
+To access sign-in restriction settings:
+
+1. Navigate to the **Admin Area > Settings > General**.
+1. Expand the **Sign-in restrictions** section.
 
 ## Password authentication enabled
 
@@ -25,6 +30,15 @@ period in hours.
 
 ![Two-factor grace period](img/two_factor_grace_period.png)
 
+## Email notification for unknown sign-ins
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218457) in GitLab 13.2.
+
+When enabled, GitLab notifies users of sign-ins from unknown IP addresses or devices. For more information,
+see [Email notification for unknown sign-ins](../../profile/unknown_sign_in_notification.md).
+
+![Email notification for unknown sign-ins](img/email_notification_for_unknown_sign_ins_v13_2.png)
+
 ## Sign-in information
 
 All users that are not logged-in will be redirected to the page represented by the configured
@@ -36,13 +50,6 @@ after sign out if value is not empty.
 If a "Sign in text" in Markdown format is provided, then every user will be presented with
 this message after logging-in.
 
-## Settings
-
-To access this feature:
-
-1. Navigate to the **Admin Area > Settings > General**.
-1. Expand the **Sign-in restrictions** section.
-
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md
index d9ca4a0881a..92eeb6a04b7 100644
--- a/doc/user/admin_area/settings/visibility_and_access_controls.md
+++ b/doc/user/admin_area/settings/visibility_and_access_controls.md
@@ -68,8 +68,16 @@ To ensure only admin users can delete projects:
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32935) in GitLab 12.6.
 
-By default, a project or group marked for removal will be permanently removed after 7 days.
-This period may be changed, and setting this period to 0 will enable immediate removal
+By default, a project marked for deletion will be permanently removed with immediate effect.
+By default, a group marked for deletion will be permanently removed after 7 days.
+
+CAUTION: **Warning:**
+The default behavior of [Delayed Project deletion](https://gitlab.com/gitlab-org/gitlab/-/issues/32935) in GitLab 12.6 was changed to
+[Immediate deletion](https://gitlab.com/gitlab-org/gitlab/-/issues/220382) in GitLab 13.2.
+
+Projects within a group can be deleted after a delayed period, by [configuring in Group Settings](../../group/index.md#enabling-delayed-project-removal-premium).
+
+The default period is 7 days, and can be changed. Setting this period to 0 will enable immediate removal
 of projects or groups.
 
 To change this period: