Add latest changes from gitlab-org/gitlab@master

8 files changed, 81 insertions, 183 deletions

diff --git a/doc/administration/integration/terminal.md b/doc/administration/integration/terminal.md
index 1ab45d6ce99..add036ea5ec 100644
--- a/doc/administration/integration/terminal.md
+++ b/doc/administration/integration/terminal.md
@@ -114,5 +114,5 @@ lifetime in your GitLab instance:
 
 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**).
 1. Select **Admin Area**.
-1. Select [**Settings > Web terminal**](../../administration/settings/index.md#general).
+1. Select **Settings > Web terminal**.
 1. Set a `max session time`.
diff --git a/doc/administration/settings/index.md b/doc/administration/settings/index.md
index 067add353eb..a5746ad26e4 100644
--- a/doc/administration/settings/index.md
+++ b/doc/administration/settings/index.md
@@ -21,180 +21,8 @@ To access the **Admin Area**:
 1. Sign in to your GitLab instance as an administrator.
 1. On the left sidebar, expand the top-most chevron (**{chevron-down}**).
 1. Select **Admin Area**.
-1. Select **Settings**, and the group of settings to view:
-   - [General](#general)
-   - [Geo](#geo)
-   - [CI/CD](#cicd)
-   - [Integrations](#integrations)
-   - [Metrics and profiling](#metrics-and-profiling)
-   - [Network](#network)
-   - [Preferences](#preferences)
-   - [Reporting](#reporting)
-   - [Repository](#repository)
-   - [Templates](#templates)
 
-### General
-
-The **General** settings contain:
-
-- [Visibility and access controls](../settings/visibility_and_access_controls.md) - Set default and
- restrict visibility levels. Configure import sources and Git access protocol.
-- [Account and limit](../settings/account_and_limit_settings.md) - Set projects and maximum size limits,
- session duration, user options, and check feature availability for namespace plan.
-- [Diff limits](../diff_limits.md) - Diff content limits.
-- [Sign-up restrictions](../settings/sign_up_restrictions.md) - Configure the way a user creates a new account.
-- [Sign in restrictions](../settings/sign_in_restrictions.md) - Set requirements for a user to sign in.
- Enable mandatory two-factor authentication.
-- [Terms of Service and Privacy Policy](../settings/terms.md) - Include a Terms of Service agreement
- and Privacy Policy that all users must accept.
-- [External Authentication](../../administration/settings/external_authorization.md#configuration) - External Classification Policy Authorization.
-- [Web terminal](../integration/terminal.md#limiting-websocket-connection-time) -
- Set max session time for web terminal.
-- [FLoC](floc.md) - Enable or disable
- [Federated Learning of Cohorts (FLoC)](https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts) tracking.
-- [GitLab for Slack app](slack_app.md) - Enable and configure the GitLab for Slack app.
-
-### CI/CD
-
-The **CI/CD** settings contain:
-
-- [Continuous Integration and Deployment](../../administration/settings/continuous_integration.md) -
-  Auto DevOps, runners and job artifacts.
-- [Required pipeline configuration](../../administration/settings/continuous_integration.md#required-pipeline-configuration) -
-  Set an instance-wide auto included [pipeline configuration](../../ci/yaml/index.md).
-  This pipeline configuration is run after the project's own configuration.
-- [Package Registry](../../administration/settings/continuous_integration.md#package-registry-configuration) -
-  Settings related to the use and experience of using the GitLab Package Registry. Some
-  [risks are involved](../../user/packages/container_registry/reduce_container_registry_storage.md#use-with-external-container-registries)
-  in enabling some of these settings.
-
-## Security and Compliance settings
-
-- [License compliance settings](security_and_compliance.md#choose-package-registry-metadata-to-sync): Enable or disable synchronization of package metadata by a registry type.
-
-### Geo **(PREMIUM SELF)**
-
-The **Geo** setting contains:
-
-- [Geo](../geo/index.md) - Replicate your GitLab instance to other
-  geographical locations. Redirects to **Admin Area > Geo > Settings** are no
-  longer available at **Admin Area > Settings > Geo** in [GitLab 13.0](https://gitlab.com/gitlab-org/gitlab/-/issues/36896).
-
-### Integrations
-
-The **Integrations** settings contain:
-
-- [Elasticsearch](../../integration/advanced_search/elasticsearch.md#enable-advanced-search) -
-  Elasticsearch integration. Elasticsearch AWS IAM.
-- [Kroki](../integration/kroki.md#enable-kroki-in-gitlab) -
-  Allow rendering of diagrams in AsciiDoc and Markdown documents using [kroki.io](https://kroki.io).
-- [Mailgun](../integration/mailgun.md) - Enable your GitLab instance
-  to receive invite email bounce events from Mailgun, if it is your email provider.
-- [PlantUML](../integration/plantuml.md) - Allow rendering of PlantUML
-  diagrams in documents.
-- [Customer experience improvement and third-party offers](../settings/third_party_offers.md) -
-  Control the display of customer experience improvement content and third-party offers.
-- [Snowplow](../../development/internal_analytics/snowplow/index.md) - Configure the Snowplow integration.
-- [Google GKE](../../user/project/clusters/add_gke_clusters.md) - Google GKE integration enables
-  you to provision GKE clusters from GitLab.
-- [Amazon EKS](../../user/project/clusters/add_eks_clusters.md) - Amazon EKS integration enables
-  you to provision EKS clusters from GitLab.
-
-### Metrics and profiling
-
-The **Metrics and profiling** settings contain:
-
-- [Metrics - Prometheus](../monitoring/prometheus/gitlab_metrics.md) -
-  Enable and configure Prometheus metrics.
-- [Metrics - Grafana](../monitoring/performance/grafana_configuration.md#integrate-with-gitlab-ui) -
-  Enable and configure Grafana.
-- [Profiling - Performance bar](../monitoring/performance/performance_bar.md#enable-the-performance-bar-for-non-administrators) -
-  Enable access to the Performance Bar for non-administrator users in a given group.
-- [Usage statistics](../settings/usage_statistics.md) - Enable or disable version check and Service Ping.
-
-### Network
-
-The **Network** settings contain:
-
-- Performance optimization - Various settings that affect GitLab performance, including:
-  - [Write to `authorized_keys` file](../operations/fast_ssh_key_lookup.md#set-up-fast-lookup).
-  - [Push event activities limit and bulk push events](../settings/push_event_activities_limit.md).
-- [User and IP rate limits](../settings/user_and_ip_rate_limits.md) - Configure limits for web and API requests.
-  These rate limits can be overridden:
-  - [Package Registry Rate Limits](../settings/package_registry_rate_limits.md) - Configure specific
-    limits for Packages API requests that supersede the user and IP rate limits.
-  - [Git LFS Rate Limits](../settings/git_lfs_rate_limits.md) - Configure specific limits for
-    Git LFS requests that supersede the user and IP rate limits.
-  - [Files API Rate Limits](../settings/files_api_rate_limits.md) - Configure specific limits for
-    Files API requests that supersede the user and IP rate limits.
-  - [Search rate limits](../instance_limits.md#search-rate-limit) - Configure global search request rate limits for authenticated and unauthenticated users.
-  - [Deprecated API Rate Limits](../settings/deprecated_api_rate_limits.md) - Configure specific limits
-    for deprecated API requests that supersede the user and IP rate limits.
-- [Outbound requests](../../security/webhooks.md) - Allow requests to the local network from webhooks and integrations, or deny all outbound requests.
-- [Protected Paths](../settings/protected_paths.md) - Configure paths to be protected by Rack Attack.
-- [Incident Management Limits](../../operations/incident_management/index.md) - Limit the
-  number of inbound alerts that can be sent to a project.
-- [Notes creation limit](../settings/rate_limit_on_notes_creation.md) - Set a rate limit on the note creation requests.
-- [Get single user limit](../settings/rate_limit_on_users_api.md) - Set a rate limit on users API endpoint to get a user by ID.
-- [Projects API rate limits for unauthenticated requests](../settings/rate_limit_on_projects_api.md) - Set a rate limit on Projects list API endpoint for unauthenticated requests.
-
-### Preferences
-
-The **Preferences** settings contain:
-
-- [Email](../settings/email.md) - Various email settings.
-- [What's new](../whats-new.md) - Configure **What's new** drawer and content.
-- [Help page](help_page.md) - Help page text and support page URL.
-- [Pages](../pages/index.md#custom-domain-verification) -
-  Size and domain settings for static websites.
-- [Polling interval multiplier](../polling.md) -
-  Configure how frequently the GitLab UI polls for updates.
-- [Gitaly timeouts](gitaly_timeouts.md) - Configure Gitaly timeouts.
-- Localization:
-  - [Default first day of the week](../../user/profile/preferences.md).
-  - [Time tracking](../../user/project/time_tracking.md#limit-displayed-units-to-hours).
-- [Sidekiq Job Limits](../settings/sidekiq_job_limits.md) - Limit the size of Sidekiq jobs stored in Redis.
-
-### Reporting
-
-The **Reporting** settings contain:
-
-- Spam and Anti-bot protection:
-  - Anti-spam services, such as [reCAPTCHA](../../integration/recaptcha.md),
-    [Akismet](../../integration/akismet.md), or [Spamcheck](../reporting/spamcheck.md).
-  - [IP address restrictions](../reporting/ip_addr_restrictions.md).
-- [Abuse reports](../review_abuse_reports.md) - Set notification email for abuse reports.
-- [Git abuse rate limit](../reporting/git_abuse_rate_limit.md) - Configure Git abuse rate limit settings. **(ULTIMATE SELF)**
-
-### Repository
-
-The **Repository** settings contain:
-
-- [Repository's custom initial branch name](../../user/project/repository/branches/default.md#instance-level-custom-initial-branch-name) -
-  Set a custom branch name for new repositories created in your instance.
-- [Repository's initial default branch protection](../../user/project/repository/branches/default.md#instance-level-default-branch-protection) -
-  Configure the branch protections to apply to every repository's default branch.
-- [Repository mirror](visibility_and_access_controls.md#enable-project-mirroring) -
-  Configure repository mirroring.
-- [Repository storage](../repository_storage_types.md) - Configure storage path settings.
-- Repository maintenance:
-  - [Repository checks](../repository_checks.md) - Configure
-    automatic Git checks on repositories.
-  - [Housekeeping](../housekeeping.md). Configure automatic
-    Git housekeeping on repositories.
-  - [Inactive project deletion](../inactive_project_deletion.md). Configure inactive
-    project deletion.
-- [Repository static objects](../static_objects_external_storage.md) -
-  Serve repository static objects (for example, archives and blobs) from an external storage (for example, a CDN).
-
-### Templates **(PREMIUM SELF)**
-
-The **Templates** settings contain:
-
-- [Templates](instance_template_repository.md#configuration) - Set instance-wide template repository.
-- [Custom project templates](../custom_project_templates.md) - Select the custom project template source group.
-
-## Default first day of the week
+## Change the default first day of the week
 
 You can change the [Default first day of the week](../../user/profile/preferences.md)
 for the entire GitLab instance:
@@ -204,7 +32,7 @@ for the entire GitLab instance:
 1. Select **Settings > Preferences**.
 1. Scroll to the **Localization** section, and select your desired first day of the week.
 
-## Default language
+## Change the default language
 
 You can change the [Default language](../../user/profile/preferences.md)
 for the entire GitLab instance:
diff --git a/doc/development/code_review.md b/doc/development/code_review.md
index 6aedb18c15d..f3c3062e217 100644
--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@@ -201,7 +201,8 @@ by a reviewer before passing it to a maintainer as described in the
    on the line of code in question with the SQL queries so they can give their advice.
 1. User-facing changes include both visual changes (regardless of how minor),
    and changes to the rendered DOM which impact how a screen reader may announce
-   the content.
+   the content. Groups that do not have dedicated Product
+   Designers do not require a Product Designer to approve feature changes, unless the changes are community contributions.
 1. End-to-end changes include all files in the `qa` directory.
 
 #### Acceptance checklist
diff --git a/doc/development/integrations/index.md b/doc/development/integrations/index.md
index a01e35349cb..9c0a64c68b5 100644
--- a/doc/development/integrations/index.md
+++ b/doc/development/integrations/index.md
@@ -123,6 +123,23 @@ module Integrations
 end
 ```
 
+### Security enhancement features
+
+#### Masking channel values
+
+Integrations that [inherit from `Integrations::BaseChatNotification`](#define-the-integration) can hide the
+values of their channel input fields. Integrations should hide these values whenever the
+fields contain sensitive information such as auth tokens.
+
+By default, `#mask_configurable_channels?` returns `false`. To mask the channel values, override the `#mask_configurable_channels?` method in the integration to return `true`:
+
+```ruby
+override :mask_configurable_channels?
+def mask_configurable_channels?
+  true
+end
+```
+
 ## Define configuration test
 
 Optionally, you can define a configuration test of an integration's settings. The test is executed from the integration form's **Test** button, and results are returned to the user.
diff --git a/doc/development/sql.md b/doc/development/sql.md
index 1e3e5c7d0f6..101ccc239e7 100644
--- a/doc/development/sql.md
+++ b/doc/development/sql.md
@@ -315,6 +315,30 @@ union = Gitlab::SQL::Union.new([projects, more_projects, ...])
 Project.from("(#{union.to_sql}) projects")
 ```
 
+The `FromUnion` model concern provides a more convenient method to produce the same result as above:
+
+```ruby
+class Project
+  include FromUnion
+  ...
+end
+
+Project.from_union(projects, more_projects, ...)
+```
+
+`UNION` is common through the codebase, but it's also possible to use the other SQL set operators of `EXCEPT` and `INTERSECT`:
+
+```ruby
+class Project
+  include FromIntersect
+  include FromExcept
+  ...
+end
+
+intersected = Project.from_intersect(all_projects, project_set_1, project_set_2)
+excepted = Project.from_except(all_projects, project_set_1, project_set_2)
+```
+
 ### Uneven columns in the `UNION` sub-queries
 
 When the `UNION` query has uneven columns in the `SELECT` clauses, the database returns an error.
@@ -479,8 +503,8 @@ Simple usage of the `.upsert` method:
 BuildTrace.upsert(
   {
     build_id: build_id,
-    title: title 
-  }, 
+    title: title
+  },
   unique_by: :build_id
 )
 ```
diff --git a/doc/development/testing_guide/frontend_testing.md b/doc/development/testing_guide/frontend_testing.md
index 1b50bd410c2..825a5e9f49b 100644
--- a/doc/development/testing_guide/frontend_testing.md
+++ b/doc/development/testing_guide/frontend_testing.md
@@ -228,16 +228,13 @@ it('exists', () => {
   // Bad
   wrapper.find('.js-foo');
   wrapper.find('.btn-primary');
-  wrapper.find('.qa-foo-component');
 });
 ```
 
-It is recommended to use `kebab-case` for `data-testid` attribute.
+You should use `kebab-case` for `data-testid` attribute.
 
 It is not recommended that you add `.js-*` classes just for testing purposes. Only do this if there are no other feasible options available.
 
-Do not use `.qa-*` class attributes for any tests other than QA end-to-end testing.
-
 ### Querying for child components
 
 When testing Vue components with `@vue/test-utils` another possible approach is querying for child
diff --git a/doc/integration/azure.md b/doc/integration/azure.md
index ffd6ccc4888..4ef47a0ac51 100644
--- a/doc/integration/azure.md
+++ b/doc/integration/azure.md
@@ -326,3 +326,33 @@ Alternatively, add the `User.Read.All` application permission.
 
 Read [Enable OmniAuth for an existing user](omniauth.md#enable-omniauth-for-an-existing-user)
 for information on how existing GitLab users can connect to their new Azure AD accounts.
+
+## Troubleshooting
+
+### User sign in banner message: Extern UID has already been taken
+
+When signing in, you might get an error that states `Extern UID has already been taken`.
+
+To resolve this, use the [Rails console](../administration/operations/rails_console.md#starting-a-rails-console-session) to check if there is an existing user tied to the account:
+
+1. Find the `extern_uid`:
+
+   ```ruby
+   id = Identity.where(extern_uid: '<extern_uid>')
+   ```
+
+1. Print the content to find the username attached to that `extern_uid`:
+
+   ```ruby
+   pp id
+   ```
+
+If the `extern_uid` is attached to an account, you can use the username to sign in.
+
+If the `extern_uid` is not attached to any username, this might be because of a deletion error resulting in a ghost record.
+
+Run the following command to delete the identity to release the `extern uid`:
+
+```ruby
+ Identity.find('<id>').delete
+```
diff --git a/doc/user/profile/preferences.md b/doc/user/profile/preferences.md
index 17dea99e5ef..166833cc84f 100644
--- a/doc/user/profile/preferences.md
+++ b/doc/user/profile/preferences.md
@@ -157,7 +157,8 @@ You can choose one of the following options as the first day of the week:
 - Sunday
 - Monday
 
-If you select **System Default**, the [instance default](../../administration/settings/index.md#default-first-day-of-the-week) setting is used.
+If you select **System Default**, the first day of the week is set to the
+[instance default](../../administration/settings/index.md#change-the-default-first-day-of-the-week).
 
 ## Time preferences