Add latest changes from gitlab-org/gitlab@master

doc/administration/auth/ldap/ldap_synchronization.md

@@ -182,16 +182,18 @@ group, GitLab revokes their `admin` role when syncing.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1793) in GitLab 12.0.
 
-"Lock memberships to LDAP synchronization" setting allows instance administrators
+GitLab administrators can prevent group members from inviting new members to subgroups that have their membership synchronized with LDAP.
-to lock down user abilities to invite new members to a group.
 
-When enabled, the following applies:
+Global group membership lock only applies to subgroups of the top-level group where LDAP synchronization is configured. No user can modify the
+membership of a top-level group configured for LDAP synchronization.
+
+When global group memberships lock is enabled:
 
 - Only an administrator can manage memberships of any group including access levels.
 - Users are not allowed to share a project with other groups or invite members to
   a project created in a group.
 
-To enable it, you must:
+To enable global group memberships lock:
 
 1. [Configure LDAP](index.md#configure-ldap).
 1. On the top bar, select **Main menu > Admin**.

doc/integration/saml.md

@@ -660,7 +660,7 @@ balancer and include sensitive details in assertions that you do not want appear
 in logs. Most organizations should not need additional encryption at this layer.
 
 The SAML integration supports EncryptedAssertion. You should define the private
-key and the public certificate of your GitLab instance in the SAML settings:
+key and the public certificate of your GitLab instance in the SAML settings. When you define the key and certificate, replace all line feeds in the key file with `\n`. This makes the key file one long string with no line feeds.
 
 ```yaml
 args: {
@@ -669,12 +669,8 @@ args: {
   idp_sso_target_url: 'https://login.example.com/idp',
   issuer: 'https://gitlab.example.com',
   name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-  certificate: '-----BEGIN CERTIFICATE-----
+  certificate: '-----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE-----',
-    <redacted>
+  private_key: '-----BEGIN PRIVATE KEY-----\n<redacted>\n-----END PRIVATE KEY-----'
-    -----END CERTIFICATE-----',
-  private_key: '-----BEGIN PRIVATE KEY-----
-    <redacted>
-    -----END PRIVATE KEY-----'
 }
 ```
 
@@ -703,12 +699,8 @@ args: {
   idp_sso_target_url: 'https://login.example.com/idp',
   issuer: 'https://gitlab.example.com',
   name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
-  certificate: '-----BEGIN CERTIFICATE-----
+  certificate: '-----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE-----',
-    <redacted>
+  private_key: '-----BEGIN PRIVATE KEY-----\n<redacted>\n-----END PRIVATE KEY-----',
-    -----END CERTIFICATE-----',
-  private_key: '-----BEGIN PRIVATE KEY-----
-    <redacted>
-    -----END PRIVATE KEY-----',
   security: {
     authn_requests_signed: true,  # enable signature on AuthNRequest
     want_assertions_signed: true,  # enable the requirement of signed assertion

qa/qa/specs/features/browser_ui/3_create/snippet/copy_snippet_file_contents_spec.rb

@@ -1,7 +1,11 @@
 # frozen_string_literal: true
 
 module QA
-  RSpec.describe 'Create', :reliable, product_group: :editor do
+  RSpec.describe 'Create', :reliable, product_group: :editor, quarantine: {
+    only: { subdomain: 'pre' },
+    type: :investigating,
+    issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/378697'
+  } do
     describe 'Multiple file snippet' do
       let(:first_file_content) { 'First file content' }
       let(:second_file_content) { 'Second file content' }