From 0834f497fca2c01e31873d18aadf5143b761f62d Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 24 Oct 2022 03:10:46 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .../auth/ldap/ldap_synchronization.md          | 10 ++++++----
 doc/integration/saml.md                        | 18 +++++-------------
 .../snippet/copy_snippet_file_contents_spec.rb |  6 +++++-
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/doc/administration/auth/ldap/ldap_synchronization.md b/doc/administration/auth/ldap/ldap_synchronization.md
index af2b1400670..02b04861844 100644
--- a/doc/administration/auth/ldap/ldap_synchronization.md
+++ b/doc/administration/auth/ldap/ldap_synchronization.md
@@ -182,16 +182,18 @@ group, GitLab revokes their `admin` role when syncing.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1793) in GitLab 12.0.
 
-"Lock memberships to LDAP synchronization" setting allows instance administrators
-to lock down user abilities to invite new members to a group.
+GitLab administrators can prevent group members from inviting new members to subgroups that have their membership synchronized with LDAP.
 
-When enabled, the following applies:
+Global group membership lock only applies to subgroups of the top-level group where LDAP synchronization is configured. No user can modify the
+membership of a top-level group configured for LDAP synchronization.
+
+When global group memberships lock is enabled:
 
 - Only an administrator can manage memberships of any group including access levels.
 - Users are not allowed to share a project with other groups or invite members to
   a project created in a group.
 
-To enable it, you must:
+To enable global group memberships lock:
 
 1. [Configure LDAP](index.md#configure-ldap).
 1. On the top bar, select **Main menu > Admin**.
diff --git a/doc/integration/saml.md b/doc/integration/saml.md
index 0f7f3e336ef..fd01e9e0e56 100644
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -660,7 +660,7 @@ balancer and include sensitive details in assertions that you do not want appear
 in logs. Most organizations should not need additional encryption at this layer.
 
 The SAML integration supports EncryptedAssertion. You should define the private
-key and the public certificate of your GitLab instance in the SAML settings:
+key and the public certificate of your GitLab instance in the SAML settings. When you define the key and certificate, replace all line feeds in the key file with `\n`. This makes the key file one long string with no line feeds.
 
 ```yaml
 args: {
@@ -669,12 +669,8 @@ args: {
   idp_sso_target_url: 'https://login.example.com/idp',
   issuer: 'https://gitlab.example.com',
   name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-  certificate: '-----BEGIN CERTIFICATE-----
-    <redacted>
-    -----END CERTIFICATE-----',
-  private_key: '-----BEGIN PRIVATE KEY-----
-    <redacted>
-    -----END PRIVATE KEY-----'
+  certificate: '-----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE-----',
+  private_key: '-----BEGIN PRIVATE KEY-----\n<redacted>\n-----END PRIVATE KEY-----'
 }
 ```
 
@@ -703,12 +699,8 @@ args: {
   idp_sso_target_url: 'https://login.example.com/idp',
   issuer: 'https://gitlab.example.com',
   name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-  certificate: '-----BEGIN CERTIFICATE-----
-    <redacted>
-    -----END CERTIFICATE-----',
-  private_key: '-----BEGIN PRIVATE KEY-----
-    <redacted>
-    -----END PRIVATE KEY-----',
+  certificate: '-----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE-----',
+  private_key: '-----BEGIN PRIVATE KEY-----\n<redacted>\n-----END PRIVATE KEY-----',
   security: {
     authn_requests_signed: true,  # enable signature on AuthNRequest
     want_assertions_signed: true,  # enable the requirement of signed assertion
diff --git a/qa/qa/specs/features/browser_ui/3_create/snippet/copy_snippet_file_contents_spec.rb b/qa/qa/specs/features/browser_ui/3_create/snippet/copy_snippet_file_contents_spec.rb
index a92eac2d50e..ee249b6271e 100644
--- a/qa/qa/specs/features/browser_ui/3_create/snippet/copy_snippet_file_contents_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/snippet/copy_snippet_file_contents_spec.rb
@@ -1,7 +1,11 @@
 # frozen_string_literal: true
 
 module QA
-  RSpec.describe 'Create', :reliable, product_group: :editor do
+  RSpec.describe 'Create', :reliable, product_group: :editor, quarantine: {
+    only: { subdomain: 'pre' },
+    type: :investigating,
+    issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/378697'
+  } do
     describe 'Multiple file snippet' do
       let(:first_file_content) { 'First file content' }
       let(:second_file_content) { 'Second file content' }