Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-15 06:11:01 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-09-15 06:11:01 +0300
commit: 26c3184b621c4349997b1fade462c3fb480ad976 (patch)
tree: 4b8fe8ff0143ecab6c20179531332048abd1adc3 /doc
parent: b754c00a217814cdf3fdaaa51e695a44095c0197 (diff)
6 files changed, 68 insertions, 57 deletions
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index dec18495f1c..797e1bfdf79 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -449,6 +449,8 @@ To monitor [strong consistency](#strong-consistency), you can use the following
 - `gitaly_hook_transaction_voting_delay_seconds`, the client-side delay introduced by waiting for
   the transaction to be committed.
 
+You can also monitor the [Praefect logs](../logs.md#praefect-logs).
+
 ## Do not bypass Gitaly
 
 GitLab doesn't advise directly accessing Gitaly repositories stored on disk with a Git client,
diff --git a/doc/administration/logs.md b/doc/administration/logs.md
index 058437c168a..990287e3907 100644
--- a/doc/administration/logs.md
+++ b/doc/administration/logs.md
@@ -50,6 +50,7 @@ except those captured by `runit`.
 | [Mailroom](#mail_room_jsonlog-default)          | **{check-circle}** Yes | **{check-circle}** Yes  |
 | [NGINX](#nginx-logs)                            | **{check-circle}** Yes | **{check-circle}** Yes  |
 | [PostgreSQL Logs](#postgresql-logs)             | **{dotted-circle}** No | **{check-circle}** Yes  |
+| [Praefect Logs](#praefect-logs)                 | **{dotted-circle}** Yes| **{check-circle}** Yes  |
 | [Prometheus Logs](#prometheus-logs)             | **{dotted-circle}** No | **{check-circle}** Yes  |
 | [Puma](#puma-logs)                              | **{check-circle}** Yes | **{check-circle}** Yes  |
 | [Redis Logs](#redis-logs)                       | **{dotted-circle}** No | **{check-circle}** Yes  |
@@ -1062,6 +1063,12 @@ For Omnibus GitLab installations, GitLab Exporter logs are in `/var/log/gitlab/g
 For Omnibus GitLab installations, GitLab Kubernetes Agent Server logs are
 in `/var/log/gitlab/gitlab-kas/`.
 
+## Praefect Logs
+
+For Omnibus GitLab installations, Praefect logs are in `/var/log/gitlab/praefect/`.
+
+GitLab also tracks [Prometheus metrics for Praefect](gitaly/#monitor-gitaly-cluster).
+
 ## Performance bar stats
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48149) in GitLab 13.7.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index dedb2ec4c0e..6a24eae6c35 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -15700,12 +15700,12 @@ State of a GitLab iteration.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="iterationstateall"></a>`all` |  |
-| <a id="iterationstateclosed"></a>`closed` |  |
-| <a id="iterationstatecurrent"></a>`current` |  |
-| <a id="iterationstateopened"></a>`opened` |  |
+| <a id="iterationstateall"></a>`all` | Any iteration. |
+| <a id="iterationstateclosed"></a>`closed` | Closed iteration. |
+| <a id="iterationstatecurrent"></a>`current` | Current iteration. |
+| <a id="iterationstateopened"></a>`opened` | Open iteration. |
 | <a id="iterationstatestarted"></a>`started` **{warning-solid}** | **Deprecated** in 14.1. Use current instead. |
-| <a id="iterationstateupcoming"></a>`upcoming` |  |
+| <a id="iterationstateupcoming"></a>`upcoming` | Upcoming iteration. |
 
 ### `IterationWildcardId`
 
@@ -16101,8 +16101,8 @@ State of a requirement.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="requirementstatearchived"></a>`ARCHIVED` |  |
-| <a id="requirementstateopened"></a>`OPENED` |  |
+| <a id="requirementstatearchived"></a>`ARCHIVED` | Archived requirement. |
+| <a id="requirementstateopened"></a>`OPENED` | Open requirement. |
 
 ### `RequirementStatusFilter`
 
@@ -16110,9 +16110,9 @@ Status of a requirement based on last test report.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="requirementstatusfilterfailed"></a>`FAILED` |  |
+| <a id="requirementstatusfilterfailed"></a>`FAILED` | Failed test report. |
 | <a id="requirementstatusfiltermissing"></a>`MISSING` | Requirements without any test report. |
-| <a id="requirementstatusfilterpassed"></a>`PASSED` |  |
+| <a id="requirementstatusfilterpassed"></a>`PASSED` | Passed test report. |
 
 ### `RunnerMembershipFilter`
 
@@ -16152,14 +16152,14 @@ The type of the security scanner.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` |  |
-| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` |  |
-| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` |  |
-| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` |  |
-| <a id="securityscannertypedast"></a>`DAST` |  |
-| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` |  |
-| <a id="securityscannertypesast"></a>`SAST` |  |
-| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` |  |
+| <a id="securityscannertypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing scanner. |
+| <a id="securityscannertypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning scanner. |
+| <a id="securityscannertypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning scanner. |
+| <a id="securityscannertypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing scanner. |
+| <a id="securityscannertypedast"></a>`DAST` | DAST scanner. |
+| <a id="securityscannertypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning scanner. |
+| <a id="securityscannertypesast"></a>`SAST` | SAST scanner. |
+| <a id="securityscannertypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection scanner. |
 
 ### `SentryErrorStatus`
 
@@ -16261,8 +16261,8 @@ State of a test report.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="testreportstatefailed"></a>`FAILED` |  |
-| <a id="testreportstatepassed"></a>`PASSED` |  |
+| <a id="testreportstatefailed"></a>`FAILED` | Failed test report. |
+| <a id="testreportstatepassed"></a>`PASSED` | Passed test report. |
 
 ### `TodoActionEnum`
 
@@ -16375,13 +16375,13 @@ Confidence that a given vulnerability is present in the codebase.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` |  |
-| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` |  |
-| <a id="vulnerabilityconfidencehigh"></a>`HIGH` |  |
-| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` |  |
-| <a id="vulnerabilityconfidencelow"></a>`LOW` |  |
-| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` |  |
-| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` |  |
+| <a id="vulnerabilityconfidenceconfirmed"></a>`CONFIRMED` | Confirmed confidence. |
+| <a id="vulnerabilityconfidenceexperimental"></a>`EXPERIMENTAL` | Experimental confidence. |
+| <a id="vulnerabilityconfidencehigh"></a>`HIGH` | High confidence. |
+| <a id="vulnerabilityconfidenceignore"></a>`IGNORE` | Ignore confidence. |
+| <a id="vulnerabilityconfidencelow"></a>`LOW` | Low confidence. |
+| <a id="vulnerabilityconfidencemedium"></a>`MEDIUM` | Medium confidence. |
+| <a id="vulnerabilityconfidenceunknown"></a>`UNKNOWN` | Unknown confidence. |
 
 ### `VulnerabilityDismissalReason`
 
@@ -16417,11 +16417,11 @@ The grade of the vulnerable project.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilitygradea"></a>`A` |  |
-| <a id="vulnerabilitygradeb"></a>`B` |  |
-| <a id="vulnerabilitygradec"></a>`C` |  |
-| <a id="vulnerabilitygraded"></a>`D` |  |
-| <a id="vulnerabilitygradef"></a>`F` |  |
+| <a id="vulnerabilitygradea"></a>`A` | A grade. |
+| <a id="vulnerabilitygradeb"></a>`B` | B grade. |
+| <a id="vulnerabilitygradec"></a>`C` | C grade. |
+| <a id="vulnerabilitygraded"></a>`D` | D grade. |
+| <a id="vulnerabilitygradef"></a>`F` | F grade. |
 
 ### `VulnerabilityIssueLinkType`
 
@@ -16429,8 +16429,8 @@ The type of the issue link related to a vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` |  |
-| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` |  |
+| <a id="vulnerabilityissuelinktypecreated"></a>`CREATED` | Issue is created for the vulnerability. |
+| <a id="vulnerabilityissuelinktyperelated"></a>`RELATED` | Has a related issue. |
 
 ### `VulnerabilityReportType`
 
@@ -16438,15 +16438,15 @@ The type of the security scan that found the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` |  |
-| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` |  |
-| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` |  |
-| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` |  |
-| <a id="vulnerabilityreporttypedast"></a>`DAST` |  |
-| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` |  |
-| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` |  |
-| <a id="vulnerabilityreporttypesast"></a>`SAST` |  |
-| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` |  |
+| <a id="vulnerabilityreporttypeapi_fuzzing"></a>`API_FUZZING` | API Fuzzing report. |
+| <a id="vulnerabilityreporttypecluster_image_scanning"></a>`CLUSTER_IMAGE_SCANNING` | Cluster Image Scanning report. |
+| <a id="vulnerabilityreporttypecontainer_scanning"></a>`CONTAINER_SCANNING` | Container Scanning report. |
+| <a id="vulnerabilityreporttypecoverage_fuzzing"></a>`COVERAGE_FUZZING` | Coverage Fuzzing report. |
+| <a id="vulnerabilityreporttypedast"></a>`DAST` | DAST report. |
+| <a id="vulnerabilityreporttypedependency_scanning"></a>`DEPENDENCY_SCANNING` | Dependency Scanning report. |
+| <a id="vulnerabilityreporttypegeneric"></a>`GENERIC` | Generic report. |
+| <a id="vulnerabilityreporttypesast"></a>`SAST` | SAST report. |
+| <a id="vulnerabilityreporttypesecret_detection"></a>`SECRET_DETECTION` | Secret Detection report. |
 
 ### `VulnerabilitySeverity`
 
@@ -16454,12 +16454,12 @@ The severity of the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` |  |
-| <a id="vulnerabilityseverityhigh"></a>`HIGH` |  |
-| <a id="vulnerabilityseverityinfo"></a>`INFO` |  |
-| <a id="vulnerabilityseveritylow"></a>`LOW` |  |
-| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` |  |
-| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` |  |
+| <a id="vulnerabilityseveritycritical"></a>`CRITICAL` | Critical severity. |
+| <a id="vulnerabilityseverityhigh"></a>`HIGH` | High severity. |
+| <a id="vulnerabilityseverityinfo"></a>`INFO` | Info severity. |
+| <a id="vulnerabilityseveritylow"></a>`LOW` | Low severity. |
+| <a id="vulnerabilityseveritymedium"></a>`MEDIUM` | Medium severity. |
+| <a id="vulnerabilityseverityunknown"></a>`UNKNOWN` | Unknown severity. |
 
 ### `VulnerabilitySort`
 
@@ -16484,10 +16484,10 @@ The state of the vulnerability.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` |  |
-| <a id="vulnerabilitystatedetected"></a>`DETECTED` |  |
-| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` |  |
-| <a id="vulnerabilitystateresolved"></a>`RESOLVED` |  |
+| <a id="vulnerabilitystateconfirmed"></a>`CONFIRMED` | Confirmed vulnerability. |
+| <a id="vulnerabilitystatedetected"></a>`DETECTED` | Detected vulnerability. |
+| <a id="vulnerabilitystatedismissed"></a>`DISMISSED` | Dismissed vulnerability. |
+| <a id="vulnerabilitystateresolved"></a>`RESOLVED` | Resolved vulnerability. |
 
 ### `WeightWildcardId`
 
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 37a19ec77a4..15cd6e4a75f 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -1094,7 +1094,7 @@ To edit an existing site profile:
 1. Edit the fields then select **Save profile**.
 
 If a site profile is linked to a security policy, a user cannot edit the profile from this page. See
-[Scan Policies](../policies/index.md)
+[Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 #### Delete a site profile
@@ -1108,7 +1108,7 @@ To delete an existing site profile:
 1. Select **Delete** to confirm the deletion.
 
 If a site profile is linked to a security policy, a user cannot delete the profile from this page.
-See [Scan Policies](../policies/index.md)
+See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 #### Validate a site profile
@@ -1238,7 +1238,7 @@ To edit a scanner profile:
 1. Select **Save profile**.
 
 If a scanner profile is linked to a security policy, a user cannot edit the profile from this page.
-See [Scan Policies](../policies/index.md)
+See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 #### Delete a scanner profile
@@ -1252,7 +1252,7 @@ To delete a scanner profile:
 1. Select **Delete**.
 
 If a scanner profile is linked to a security policy, a user cannot delete the profile from this
-page. See [Scan Policies](../policies/index.md)
+page. See [Scan Execution Policies](../policies/index.md#scan-execution-policy-editor)
 for more information.
 
 ### Auditing
diff --git a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png
index 3efa344eb59..b21d0330b2f 100644
--- a/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png
+++ b/doc/user/application_security/policies/img/container_policy_rule_mode_v14_3.png
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index 6865378f333..b7b31e89f3b 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -57,6 +57,7 @@ Once users have signed into GitLab using the SSO SAML setup, changing the `NameI
 #### NameID Format
 
 We recommend setting the NameID format to `Persistent` unless using a field (such as email) that requires a different format.
+Most NameID formats can be used, except `Transient` due to the temporary nature of this format.
 
 ### Assertions
 
@@ -489,12 +490,13 @@ If you do not wish to use that GitLab user with the SAML login, you can [unlink
 
 ### Message: "SAML authentication failed: User has already been taken"
 
-The user that you're signed in with already has SAML linked to a different identity.
+The user that you're signed in with already has SAML linked to a different identity, or the NameID value has changed.
 Here are possible causes and solutions:
 
 | Cause                                                                                          | Solution                                                                                                                                                                   |
 | ---------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | You've tried to link multiple SAML identities to the same user, for a given identity provider. | Change the identity that you sign in with. To do so, [unlink the previous SAML identity](#unlinking-accounts) from this GitLab account before attempting to sign in again. |
+| The NameID changes everytime the user requests SSO identification | Check the NameID is not set with `Transient` format, or the NameID is not changing on subsequent requests.|
 
 ### Message: "SAML authentication failed: Email has already been taken"
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-15 06:11:01 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-09-15 06:11:01 +0300
commit	26c3184b621c4349997b1fade462c3fb480ad976 (patch)
tree	4b8fe8ff0143ecab6c20179531332048abd1adc3 /doc
parent	b754c00a217814cdf3fdaaa51e695a44095c0197 (diff)