Add latest changes from gitlab-org/gitlab@13-2-stable-ee

18 files changed, 166 insertions, 49 deletions

diff --git a/doc/user/admin_area/activating_deactivating_users.md b/doc/user/admin_area/activating_deactivating_users.md
index 06a26737495..448c65038c2 100644
--- a/doc/user/admin_area/activating_deactivating_users.md
+++ b/doc/user/admin_area/activating_deactivating_users.md
@@ -39,7 +39,7 @@ A user can be deactivated from the Admin Area. To do this:
 Please note that for the deactivation option to be visible to an admin, the user:
 
 - Must be currently active.
-- Must not have any signins or activity in the last 180 days.
+- Must not have signed in, or have any activity, in the last 180 days.
 
 Users can also be deactivated using the [GitLab API](../../api/users.md#deactivate-user).
 
diff --git a/doc/user/admin_area/credentials_inventory.md b/doc/user/admin_area/credentials_inventory.md
index 5eecfbb73c6..9259c93cfa3 100644
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -18,9 +18,11 @@ Using Credentials inventory, GitLab administrators can see all the personal acce
 - Who they belong to.
 - Their access scope.
 - Their usage pattern.
+- When they expire. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214809) in GitLab 13.2.
+- When they were revoked. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214809) in GitLab 13.2.
 
 To access the Credentials inventory, navigate to **Admin Area > Credentials**.
 
 The following is an example of the Credentials inventory page:
 
-![Credentials inventory page](img/credentials_inventory_v12_6.png)
+![Credentials inventory page](img/credentials_inventory_v13_2.png)
diff --git a/doc/user/admin_area/img/credentials_inventory_v12_6.png b/doc/user/admin_area/img/credentials_inventory_v12_6.png
deleted file mode 100644
index 5c16781cb2d..00000000000
--- a/doc/user/admin_area/img/credentials_inventory_v12_6.png
+++ /dev/null
diff --git a/doc/user/admin_area/img/credentials_inventory_v13_2.png b/doc/user/admin_area/img/credentials_inventory_v13_2.png
new file mode 100644
index 00000000000..5b56422a0a3
--- /dev/null
+++ b/doc/user/admin_area/img/credentials_inventory_v13_2.png
diff --git a/doc/user/admin_area/img/mr_approval_settings_compliance_project_v13_1.png b/doc/user/admin_area/img/mr_approval_settings_compliance_project_v13_1.png
new file mode 100644
index 00000000000..04d01f2662f
--- /dev/null
+++ b/doc/user/admin_area/img/mr_approval_settings_compliance_project_v13_1.png
diff --git a/doc/user/admin_area/img/scope_mr_approval_settings_v13_1.png b/doc/user/admin_area/img/scope_mr_approval_settings_v13_1.png
new file mode 100644
index 00000000000..c6ca2bac83c
--- /dev/null
+++ b/doc/user/admin_area/img/scope_mr_approval_settings_v13_1.png
diff --git a/doc/user/admin_area/license.md b/doc/user/admin_area/license.md
index 1ffaf4e0678..c5e29612596 100644
--- a/doc/user/admin_area/license.md
+++ b/doc/user/admin_area/license.md
@@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: howto
 ---
 
-# Activate all GitLab Enterprise Edition functionality with a license **(STARTER ONLY)**
+# Activate GitLab EE with a license **(STARTER ONLY)**
 
 To activate all GitLab Enterprise Edition (EE) functionality, you need to upload
 a license. Once you've received your license from GitLab Inc., you can upload it
@@ -107,14 +107,23 @@ expired license(s).
 It's possible to upload and view more than one license,
 but only the latest license will be used as the active license.
 
-<!-- ## Troubleshooting
+## Troubleshooting
 
-Include any troubleshooting steps that you can foresee. If you know beforehand what issues
-one might have when setting this up, or when something is changed, or on upgrading, it's
-important to describe those, too. Think of things that may go wrong and include them here.
-This is important to minimize requests for support, and to avoid doc comments with
-questions that you know someone might ask.
+### There is no License tab in the Admin Area
 
-Each scenario can be a third-level heading, e.g. `### Getting error message X`.
-If you have none to add when creating a doc, leave this section in place
-but commented out to help encourage others to add to it in the future. -->
+If you originally installed Community Edition rather than Enterprise Edition you will need to
+[upgrade to Enterprise Edition](../../update/README.md#community-to-enterprise-edition)
+before uploading your license.
+
+GitLab.com users cannot upload and use a self-managed license. If you
+wish to use paid features on GitLab.com, a separate subscription may be
+[purchased](../../subscriptions/index.md#subscribe-to-gitlabcom).
+
+### Users exceed license limit upon renewal
+
+If you've added new users to your GitLab instance prior to renewal you may need to
+purchase additional seats to cover those users. If this is the case and a license
+without enough users is uploaded a message is displayed prompting you to purchase
+additional users. More information on how to determine the required number of users
+and how to add additional seats can be found in the
+[licensing FAQ](https://about.gitlab.com/pricing/licensing-faq/).
diff --git a/doc/user/admin_area/merge_requests_approvals.md b/doc/user/admin_area/merge_requests_approvals.md
index 153ccfc128a..6d9d634ce14 100644
--- a/doc/user/admin_area/merge_requests_approvals.md
+++ b/doc/user/admin_area/merge_requests_approvals.md
@@ -34,3 +34,22 @@ Merge request approval rules that can be set at an instance level are:
 - **Prevent users from modifying merge request approvers list**. Prevents project
   maintainers from allowing users to modify the approvers list in project settings
   or in individual merge requests.
+
+## Scope rules to compliance-labeled projects
+
+> Introduced in [GitLab Premium](https://gitlab.com/groups/gitlab-org/-/epics/3432) 13.2.
+
+Merge request approval rules can be further scoped to specific compliance frameworks.
+
+When the compliance framework label is selected and the project is assigned the compliance
+label, the instance-level MR approval settings will take effect and the
+[project-level settings](../project/merge_requests/merge_request_approvals.md#adding--editing-a-default-approval-rule)
+is locked for modification.
+
+When the compliance framework label is not selected or the project is not assigned the
+compliance label, the project-level MR approval settings will take effect and the users with
+Maintainer role and above can modify these.
+
+| Instance-level | Project-level |
+| -------------- | ------------- |
+| ![Scope MR approval settings to compliance frameworks](img/scope_mr_approval_settings_v13_1.png) | ![MR approval settings on compliance projects](img/mr_approval_settings_compliance_project_v13_1.png) |
diff --git a/doc/user/admin_area/monitoring/health_check.md b/doc/user/admin_area/monitoring/health_check.md
index 91e29118e3e..329b6ff5bb0 100644
--- a/doc/user/admin_area/monitoring/health_check.md
+++ b/doc/user/admin_area/monitoring/health_check.md
@@ -137,8 +137,8 @@ This check is being exempt from Rack Attack.
 
 ## Access token (Deprecated)
 
-> NOTE: **Note:**
-> Access token has been deprecated in GitLab 9.4 in favor of [IP whitelist](#ip-whitelist).
+NOTE: **Note:**
+Access token has been deprecated in GitLab 9.4 in favor of [IP whitelist](#ip-whitelist).
 
 An access token needs to be provided while accessing the probe endpoints. The current
 accepted token can be found under the **Admin Area > Monitoring > Health check**
@@ -152,6 +152,10 @@ The access token can be passed as a URL parameter:
 https://gitlab.example.com/-/readiness?token=ACCESS_TOKEN
 ```
 
+NOTE: **Note:**
+In case the database or Redis service are unaccessible, the probe endpoints response is not guaranteed to be correct.
+You should switch to [IP whitelist](#ip-whitelist) from deprecated access token to avoid it.
+
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md
index b4fb7a524da..167016f1cb5 100644
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -30,11 +30,12 @@ details.
 
 This sets a maximum size limit on each namespace. The following are included in the namespace size:
 
-- repository
-- wiki
+- Repository
+- Wiki
 - LFS objects
-- build artifacts
-- packages
+- Build artifacts
+- Packages
+- Snippets
 
 NOTE: **Note:**
 This limit is not currently enforced but will be in a future release.
@@ -140,6 +141,39 @@ Once a lifetime for personal access tokens is set, GitLab will:
   allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
   or remove it, before revocation takes place.
 
+## Optional enforcement of Personal Access Token expiry **(ULTIMATE ONLY)**
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
+> - It is deployed behind a feature flag, disabled by default.
+> - It is disabled on GitLab.com.
+> - It is not recommended for production use.
+> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-optional-enforcement-of-personal-access-token-expiry-feature-core-only). **(CORE ONLY)**
+
+GitLab administrators can choose to prevent personal access tokens from expiring automatically. The tokens will be usable after the expiry date, unless they are revoked explicitly.
+
+To do this:
+
+1. Navigate to **Admin Area > Settings > General**.
+1. Expand the **Account and limit** section.
+1. Uncheck the **Enforce personal access token expiration** checkbox.
+
+### Enable or disable optional enforcement of Personal Access Token expiry Feature **(CORE ONLY)**
+
+Optional Enforcement of Personal Access Token Expiry is under development and not ready for production use. It is deployed behind a feature flag that is **disabled by default**.
+[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) can enable it for your instance from the [rails console](../../../administration/feature_flags.md#start-the-gitlab-rails-console).
+
+To enable it:
+
+```ruby
+Feature.enable(:enforce_personal_access_token_expiration)
+```
+
+To disable it:
+
+```ruby
+Feature.disable(:enforce_personal_access_token_expiration)
+```
+
 ## Disabling user profile name changes **(PREMIUM ONLY)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/24605) in GitLab 12.7.
diff --git a/doc/user/admin_area/settings/continuous_integration.md b/doc/user/admin_area/settings/continuous_integration.md
index 3a287f29a0a..0479da7fb52 100644
--- a/doc/user/admin_area/settings/continuous_integration.md
+++ b/doc/user/admin_area/settings/continuous_integration.md
@@ -17,8 +17,8 @@ You can find it in the **Admin Area > Settings > CI/CD**.
 To enable (or disable) [Auto DevOps](../../../topics/autodevops/index.md)
 for all projects:
 
-1. Go to **Admin Area > Settings > CI/CD**
-1. Check (or uncheck to disable) the box that says "Default to Auto DevOps pipeline for all projects"
+1. Go to **Admin Area > Settings > CI/CD**.
+1. Check (or uncheck to disable) the box that says **Default to Auto DevOps pipeline for all projects**.
 1. Optionally, set up the [Auto DevOps base domain](../../../topics/autodevops/index.md#auto-devops-base-domain)
    which is going to be used for Auto Deploy and Auto Review Apps.
 1. Hit **Save changes** for the changes to take effect.
@@ -48,21 +48,21 @@ To change it at the:
 
    1. Go to **Admin Area > Settings > CI/CD**.
    1. Change the value of maximum artifacts size (in MB).
-   1. Hit **Save changes** for the changes to take effect.
+   1. Click **Save changes** for the changes to take effect.
 
 - [Group level](../../group/index.md#group-settings) (this will override the instance setting):
 
   1. Go to the group's **Settings > CI / CD > General Pipelines**.
   1. Change the value of **maximum artifacts size (in MB)**.
-  1. Press **Save changes** for the changes to take effect.
+  1. Click **Save changes** for the changes to take effect.
 
 - [Project level](../../../ci/pipelines/settings.md) (this will override the instance and group settings):
 
   1. Go to the project's **Settings > CI / CD > General Pipelines**.
   1. Change the value of **maximum artifacts size (in MB)**.
-  1. Press **Save changes** for the changes to take effect.
+  1. Click **Save changes** for the changes to take effect.
 
-NOTE: **Note**
+NOTE: **Note:**
 The setting at all levels is only available to GitLab administrators.
 
 ## Default artifacts expiration **(CORE ONLY)**
@@ -70,18 +70,17 @@ The setting at all levels is only available to GitLab administrators.
 The default expiration time of the [job artifacts](../../../administration/job_artifacts.md)
 can be set in the Admin Area of your GitLab instance. The syntax of duration is
 described in [`artifacts:expire_in`](../../../ci/yaml/README.md#artifactsexpire_in)
-and the default value is `30 days`. On GitLab.com they
-[never expire](../../gitlab_com/index.md#gitlab-cicd).
+and the default value is `30 days`.
 
 1. Go to **Admin Area > Settings > CI/CD**.
 1. Change the value of default expiration time.
-1. Hit **Save changes** for the changes to take effect.
+1. Click **Save changes** for the changes to take effect.
 
 This setting is set per job and can be overridden in
 [`.gitlab-ci.yml`](../../../ci/yaml/README.md#artifactsexpire_in).
 To disable the expiration, set it to `0`. The default unit is in seconds.
 
-NOTE: **Note**
+NOTE: **Note:**
 Any changes to this setting will apply to new artifacts only. The expiration time will not
 be updated for artifacts created before this setting was changed.
 The administrator may need to manually search for and expire previously-created
@@ -101,9 +100,10 @@ On GitLab.com, the quota is calculated based on your
 
 To change the pipelines minutes quota:
 
-1. Go to **Admin Area > Settings > CI/CD**
-1. Set the pipeline minutes quota limit.
-1. Hit **Save changes** for the changes to take effect
+1. Go to **Admin Area > Settings > CI/CD**.
+1. Expand **Continuous Integration and Deployment**.
+1. In the **Pipeline minutes quota** box, enter the maximum number of minutes.
+1. Click **Save changes** for the changes to take effect.
 
 ---
 
@@ -112,8 +112,8 @@ also change each group's pipeline minutes quota to override the global value.
 
 1. Navigate to the **Admin Area > Overview > Groups** and hit the **Edit**
    button for the group you wish to change the pipeline minutes quota.
-1. Set the pipeline minutes quota to the desired value
-1. Hit **Save changes** for the changes to take effect.
+1. In the **Pipeline Minutes Quota** box, enter the maximum number of minutes.
+1. Click **Save changes** for the changes to take effect.
 
 Once saved, you can see the build quota in the group admin view.
 The quota can also be viewed in the project admin view if shared Runners
@@ -143,6 +143,8 @@ Once that time passes, the jobs will be archived and no longer able to be
 retried. Make it empty to never expire jobs. It has to be no less than 1 day,
 for example: <code>15 days</code>, <code>1 month</code>, <code>2 years</code>.
 
+As of June 22, 2020 the [value is set](../../gitlab_com/index.md#gitlab-cicd) to 3 months on GitLab.com. Jobs created before that date will be archived after September 22, 2020.
+
 ## Default CI configuration path
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/18073) in GitLab 12.5.
diff --git a/doc/user/admin_area/settings/img/email_notification_for_unknown_sign_ins_v13_2.png b/doc/user/admin_area/settings/img/email_notification_for_unknown_sign_ins_v13_2.png
new file mode 100644
index 00000000000..fdcc542c4d7
--- /dev/null
+++ b/doc/user/admin_area/settings/img/email_notification_for_unknown_sign_ins_v13_2.png
diff --git a/doc/user/admin_area/settings/img/import_export_rate_limits_v13_2.png b/doc/user/admin_area/settings/img/import_export_rate_limits_v13_2.png
new file mode 100644
index 00000000000..78c94b3803c
--- /dev/null
+++ b/doc/user/admin_area/settings/img/import_export_rate_limits_v13_2.png
diff --git a/doc/user/admin_area/settings/import_export_rate_limits.md b/doc/user/admin_area/settings/import_export_rate_limits.md
new file mode 100644
index 00000000000..92cb2a1a109
--- /dev/null
+++ b/doc/user/admin_area/settings/import_export_rate_limits.md
@@ -0,0 +1,32 @@
+---
+type: reference
+stage: Manage
+group: Import
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+---
+
+# Project/Group Import/Export rate limits
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/35728) in GitLab 13.2.
+
+The following table includes configurable rate limits. The following table includes limits on a
+per minute per user basis:
+
+| Limit                    | Default (per minute per user) |
+|--------------------------|-------------------------------|
+| Project Import           | 6                             |
+| Project Export           | 6                             |
+| Project Export Download  | 1                             |
+| Group Import             | 6                             |
+| Group Export             | 6                             |
+| Group Export Download    | 1                             |
+
+All rate limits are:
+
+- Configurable at **(admin)** **Admin Area > Settings > Network > Import/Export Rate Limits**
+- Applied per minute per user
+- Not applied per IP address
+- Active by default. To disable, set the option to `0`
+- Logged to `auth.log` file if exceed rate limit
+
+![Import/Export rate limits](img/import_export_rate_limits_v13_2.png)
diff --git a/doc/user/admin_area/settings/index.md b/doc/user/admin_area/settings/index.md
index df087722fcf..8c1e82f838b 100644
--- a/doc/user/admin_area/settings/index.md
+++ b/doc/user/admin_area/settings/index.md
@@ -43,6 +43,7 @@ Access the default page for admin area settings by navigating to
 
 | Option | Description |
 | ------ | ----------- |
+| [Repository's custom initial branch name](../../project/repository/branches/index.md#custom-initial-branch-name-core-only) | Set a custom branch name rather than master for all the new repositories created within your instance. |
 | [Repository mirror](visibility_and_access_controls.md#allow-mirrors-to-be-set-up-for-projects) | Configure repository mirroring. |
 | [Repository storage](../../../administration/repository_storage_types.md) | Configure storage path settings. |
 | Repository maintenance | ([Repository checks](../../../administration/repository_checks.md) and [Housekeeping](../../../administration/housekeeping.md)). Configure automatic Git checks and housekeeping on repositories. |
diff --git a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
index bae60aba15f..3f8ef7c9d01 100644
--- a/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
+++ b/doc/user/admin_area/settings/rate_limit_on_issues_creation.md
@@ -10,10 +10,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28129) in GitLab 12.10.
 
 This setting allows you to rate limit the requests to the issue creation endpoint.
-It defaults to 300 requests per minute.
-You can change it in **Admin Area > Settings > Network > Performance Optimization**.
+You can change its value in **Admin Area > Settings > Network > Issues Rate Limits**.
 
-For example, requests using the
+For example, if you set a limit of 300, requests using the
 [Projects::IssuesController#create](https://gitlab.com/gitlab-org/gitlab/raw/master/app/controllers/projects/issues_controller.rb)
 action exceeding a rate of 300 per minute are blocked. Access to the endpoint is allowed after one minute.
 
@@ -23,6 +22,6 @@ This limit is:
 
 - Applied independently per project and per user.
 - Not applied per IP address.
-- Active by default. To disable it, set the option to `0`.
+- Disabled by default. To enable it, set the option to any value other than `0`.
 
 Requests over the rate limit are logged into the `auth.log` file.
diff --git a/doc/user/admin_area/settings/sign_in_restrictions.md b/doc/user/admin_area/settings/sign_in_restrictions.md
index 1da93c7005f..311b79af7e3 100644
--- a/doc/user/admin_area/settings/sign_in_restrictions.md
+++ b/doc/user/admin_area/settings/sign_in_restrictions.md
@@ -4,9 +4,14 @@ type: reference
 
 # Sign-in restrictions **(CORE ONLY)**
 
-You can use sign-in restrictions to limit the authentication with password
-for web interface and Git over HTTP(S), two-factor authentication enforcing, as well as
-as configuring the home page URL and after sign-out path.
+You can use **Sign-in restrictions** to customize authentication restrictions for web interfaces as well as Git over HTTP(S).
+
+## Settings
+
+To access sign-in restriction settings:
+
+1. Navigate to the **Admin Area > Settings > General**.
+1. Expand the **Sign-in restrictions** section.
 
 ## Password authentication enabled
 
@@ -25,6 +30,15 @@ period in hours.
 
 ![Two-factor grace period](img/two_factor_grace_period.png)
 
+## Email notification for unknown sign-ins
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218457) in GitLab 13.2.
+
+When enabled, GitLab notifies users of sign-ins from unknown IP addresses or devices. For more information,
+see [Email notification for unknown sign-ins](../../profile/unknown_sign_in_notification.md).
+
+![Email notification for unknown sign-ins](img/email_notification_for_unknown_sign_ins_v13_2.png)
+
 ## Sign-in information
 
 All users that are not logged-in will be redirected to the page represented by the configured
@@ -36,13 +50,6 @@ after sign out if value is not empty.
 If a "Sign in text" in Markdown format is provided, then every user will be presented with
 this message after logging-in.
 
-## Settings
-
-To access this feature:
-
-1. Navigate to the **Admin Area > Settings > General**.
-1. Expand the **Sign-in restrictions** section.
-
 <!-- ## Troubleshooting
 
 Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/admin_area/settings/visibility_and_access_controls.md b/doc/user/admin_area/settings/visibility_and_access_controls.md
index d9ca4a0881a..92eeb6a04b7 100644
--- a/doc/user/admin_area/settings/visibility_and_access_controls.md
+++ b/doc/user/admin_area/settings/visibility_and_access_controls.md
@@ -68,8 +68,16 @@ To ensure only admin users can delete projects:
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/32935) in GitLab 12.6.
 
-By default, a project or group marked for removal will be permanently removed after 7 days.
-This period may be changed, and setting this period to 0 will enable immediate removal
+By default, a project marked for deletion will be permanently removed with immediate effect.
+By default, a group marked for deletion will be permanently removed after 7 days.
+
+CAUTION: **Warning:**
+The default behavior of [Delayed Project deletion](https://gitlab.com/gitlab-org/gitlab/-/issues/32935) in GitLab 12.6 was changed to
+[Immediate deletion](https://gitlab.com/gitlab-org/gitlab/-/issues/220382) in GitLab 13.2.
+
+Projects within a group can be deleted after a delayed period, by [configuring in Group Settings](../../group/index.md#enabling-delayed-project-removal-premium).
+
+The default period is 7 days, and can be changed. Setting this period to 0 will enable immediate removal
 of projects or groups.
 
 To change this period: