Add latest changes from gitlab-org/gitlab@master

6 files changed, 220 insertions, 11 deletions

diff --git a/doc/administration/operations/extra_sidekiq_processes.md b/doc/administration/operations/extra_sidekiq_processes.md
index acb57debe26..8ab75da3501 100644
--- a/doc/administration/operations/extra_sidekiq_processes.md
+++ b/doc/administration/operations/extra_sidekiq_processes.md
@@ -124,9 +124,18 @@ number of threads that equals the number of queues, plus one spare thread.
 For example, a process that handles the `process_commit` and `post_receive`
 queues will use three threads in total.
 
-## Limiting concurrency
+## Managing concurrency
 
-To limit the concurrency of the Sidekiq process:
+When setting the maximum concurrency, keep in mind this normally should
+not exceed the number of CPU cores available. The values in the examples
+below are arbitrary and not particular recommendations.
+
+Each thread requires a Redis connection, so adding threads may increase Redis
+latency and potentially cause client timeouts. See the [Sidekiq documentation
+about Redis](https://github.com/mperham/sidekiq/wiki/Using-Redis) for more
+details.
+
+### When running a single Sidekiq process (default)
 
 1. Edit `/etc/gitlab/gitlab.rb` and add:
 
@@ -140,11 +149,14 @@ To limit the concurrency of the Sidekiq process:
    sudo gitlab-ctl reconfigure
    ```
 
-To limit the max concurrency of the Sidekiq cluster processes:
+This will set the concurrency (number of threads) for the Sidekiq process.
+
+### When running Sidekiq cluster
 
 1. Edit `/etc/gitlab/gitlab.rb` and add:
 
    ```ruby
+   sidekiq_cluster['min_concurrency'] = 15
    sidekiq_cluster['max_concurrency'] = 25
    ```
 
@@ -154,14 +166,21 @@ To limit the max concurrency of the Sidekiq cluster processes:
    sudo gitlab-ctl reconfigure
    ```
 
-For each queue group, the concurrency factor will be set to `min(number of queues, N)`.
-Setting the value to 0 will disable the limit. Keep in mind this normally would
-not exceed the number of CPU cores available.
+`min_concurrency` and `max_concurrency` are independent; one can be set without
+the other. Setting `min_concurrency` to 0 will disable the limit.
+
+For each queue group, let N be one more than the number of queues. The
+concurrency factor will be set to:
+
+1. `N`, if it's between `min_concurrency` and `max_concurrency`.
+1. `max_concurrency`, if `N` exceeds this value.
+1. `min_concurrency`, if `N` is less than this value.
+
+If `min_concurrency` is equal to `max_concurrency`, then this value will be used
+regardless of the number of queues.
 
-Each thread requires a Redis connection, so adding threads may
-increase Redis latency and potentially cause client timeouts. See the [Sidekiq
-documentation about Redis](https://github.com/mperham/sidekiq/wiki/Using-Redis)
-for more details.
+When `min_concurrency` is greater than `max_concurrency`, it is treated as
+being equal to `max_concurrency`.
 
 ## Modifying the check interval
 
diff --git a/doc/api/access_requests.md b/doc/api/access_requests.md
index 584a4ecb89c..a9ebffbc606 100644
--- a/doc/api/access_requests.md
+++ b/doc/api/access_requests.md
@@ -2,7 +2,7 @@
 
  >**Note:** This feature was introduced in GitLab 8.11
 
- **Valid access levels**
+## Valid access levels
 
  The access levels are defined in the `Gitlab::Access` module. Currently, these levels are recognized:
 
diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql
index f3bf45b0b3d..7d18a0abfe5 100644
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -2435,6 +2435,11 @@ type GrafanaIntegration {
 
 type Group {
   """
+  Indicates whether Auto DevOps is enabled for all projects within this group
+  """
+  autoDevopsEnabled: Boolean
+
+  """
   Avatar URL of the group
   """
   avatarUrl: String
@@ -2450,6 +2455,11 @@ type Group {
   descriptionHtml: String
 
   """
+  Indicates if a group has email notifications disabled
+  """
+  emailsDisabled: Boolean
+
+  """
   Find a single epic
   """
   epic(
@@ -2624,6 +2634,11 @@ type Group {
   path: String!
 
   """
+  The permission level required to create projects in the group
+  """
+  projectCreationLevel: String
+
+  """
   Projects within this namespace
   """
   projects(
@@ -2659,11 +2674,26 @@ type Group {
   requestAccessEnabled: Boolean
 
   """
+  Indicates if all users in this group are required to set up two-factor authentication
+  """
+  requireTwoFactorAuthentication: Boolean
+
+  """
   Aggregated storage statistics of the namespace. Only available for root namespaces
   """
   rootStorageStatistics: RootStorageStatistics
 
   """
+  Indicates if sharing a project with another group within this group is prevented
+  """
+  shareWithGroupLock: Boolean
+
+  """
+  The permission level required to create subgroups within the group
+  """
+  subgroupCreationLevel: String
+
+  """
   Time logged in issues by group members
   """
   timelogs(
@@ -2699,6 +2729,11 @@ type Group {
   ): TimelogConnection!
 
   """
+  Time before two-factor authentication is enforced
+  """
+  twoFactorGracePeriod: Int
+
+  """
   Permissions for the current user on the resource
   """
   userPermissions: GroupPermissions!
diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json
index 645df8c0184..9f888eb89c4 100644
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -3045,6 +3045,20 @@
           "description": null,
           "fields": [
             {
+              "name": "autoDevopsEnabled",
+              "description": "Indicates whether Auto DevOps is enabled for all projects within this group",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
               "name": "avatarUrl",
               "description": "Avatar URL of the group",
               "args": [
@@ -3087,6 +3101,20 @@
               "deprecationReason": null
             },
             {
+              "name": "emailsDisabled",
+              "description": "Indicates if a group has email notifications disabled",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
               "name": "epic",
               "description": "Find a single epic",
               "args": [
@@ -3525,6 +3553,20 @@
               "deprecationReason": null
             },
             {
+              "name": "projectCreationLevel",
+              "description": "The permission level required to create projects in the group",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
               "name": "projects",
               "description": "Projects within this namespace",
               "args": [
@@ -3606,6 +3648,20 @@
               "deprecationReason": null
             },
             {
+              "name": "requireTwoFactorAuthentication",
+              "description": "Indicates if all users in this group are required to set up two-factor authentication",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
               "name": "rootStorageStatistics",
               "description": "Aggregated storage statistics of the namespace. Only available for root namespaces",
               "args": [
@@ -3620,6 +3676,34 @@
               "deprecationReason": null
             },
             {
+              "name": "shareWithGroupLock",
+              "description": "Indicates if sharing a project with another group within this group is prevented",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Boolean",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
+              "name": "subgroupCreationLevel",
+              "description": "The permission level required to create subgroups within the group",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "String",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
               "name": "timelogs",
               "description": "Time logged in issues by group members",
               "args": [
@@ -3705,6 +3789,20 @@
               "deprecationReason": null
             },
             {
+              "name": "twoFactorGracePeriod",
+              "description": "Time before two-factor authentication is enforced",
+              "args": [
+
+              ],
+              "type": {
+                "kind": "SCALAR",
+                "name": "Int",
+                "ofType": null
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
+            {
               "name": "userPermissions",
               "description": "Permissions for the current user on the resource",
               "args": [
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 6696863faff..1177ffff36c 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -393,6 +393,13 @@ Autogenerated return type of EpicTreeReorder
 | `userPermissions` | GroupPermissions! | Permissions for the current user on the resource |
 | `webUrl` | String! | Web URL of the group |
 | `avatarUrl` | String | Avatar URL of the group |
+| `shareWithGroupLock` | Boolean | Indicates if sharing a project with another group within this group is prevented |
+| `projectCreationLevel` | String | The permission level required to create projects in the group |
+| `subgroupCreationLevel` | String | The permission level required to create subgroups within the group |
+| `requireTwoFactorAuthentication` | Boolean | Indicates if all users in this group are required to set up two-factor authentication |
+| `twoFactorGracePeriod` | Int | Time before two-factor authentication is enforced |
+| `autoDevopsEnabled` | Boolean | Indicates whether Auto DevOps is enabled for all projects within this group |
+| `emailsDisabled` | Boolean | Indicates if a group has email notifications disabled |
 | `mentionsDisabled` | Boolean | Indicates if a group is disabled from getting mentioned |
 | `parent` | Group | Parent group |
 | `epicsEnabled` | Boolean | Indicates if Epics are enabled for namespace |
diff --git a/doc/api/users.md b/doc/api/users.md
index 4ba524d6d1d..7694345d08b 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -1405,3 +1405,53 @@ Example response:
 ```
 
 Please note that `last_activity_at` is deprecated, please use `last_activity_on`.
+
+## User memberships (admin only)
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/merge_requests/22518) in GitLab 12.8.
+
+Lists all projects and groups a user is a member of. This endpoint is available for admins only.
+It returns the `source_id`, `source_name`, `source_type` and `access_level` of a membership.
+Source can be of type `Namespace` (representing a group) or `Project`. The response represents only direct memberships. Inherited memberships, for example in subgroups, will not be included.
+Access levels will be represented by an integer value. Read more about the meaning of access level values [here](access_requests.md#valid-access-levels).
+
+```
+GET /users/:id/memberships
+```
+
+Parameters:
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer | yes | The ID of a specified user |
+| `type` | string | no | Filter memberships by type. Can be either `Project` or `Namespace` |
+
+Returns:
+
+- `200 OK` on success.
+- `404 User Not Found` if user cannot be found.
+- `403 Forbidden` when not requested by an admin.
+- `400 Bad Request` when requested type is not supported.
+
+```bash
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/users/<user_id>/memberships
+```
+
+Example response:
+
+```json
+[
+  {
+    "source_id": 1,
+    "source_name": "Project one",
+    "source_type": "Project",
+    "access_level": "20"
+  },
+  {
+    "source_id": 3,
+    "source_name": "Group three",
+    "source_type": "Namespace",
+    "access_level": "20"
+  },
+]
+```