* add mock monthly data to mirage handler

* add months to serializer for activity response

* change selectors
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* clean up serializer

* please stop being flakey <3
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* [VAULT-1618] Agent error log level is mismatched

`logLevelToStringPtr` translates `go-hclog`'s `ERROR` to `"ERROR"` for
Consul Template's runner, but that expects `ERR` and is quite strict
about it.

This will address https://github.com/hashicorp/vault-k8s/issues/223


after it is set as the default image in `vault-k8s`.

I didn't find a simple way to test this other than starting up a full
server and agent and letting them run, which is unfortunately fairly
slow.

I confirmed that this addresses the original issue by modifying the helm
chart with the values in this commit and patching the log level to `err`.

* VAULT-1618 Add changelog/14424.txt

* VAULT-1618 Update changelog/14424.txt based on @kalafut suggestion
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

* VAULT-1618 Move cancel and server stop into defer in tests

* VAULT-1618 Triggering CircleCI tests

* VAULT-1618 Replace ioutil with os functions for agent template tests
Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

* inital glimmerize

* wip

* wip

* wip

* fix maybeQueryRecord

* fix

* fix

* fix test

* cleanup

* add changelog

* clean up

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* Update developer-qs.mdx

docs: added link to Java / Spring Boot sample app repo in developer quick start.

* removed space.

* trigger ci
Co-authored-by: taoism4504 <loann@hashicorp.com>

* Add explanation to help text and flag usage text

* KV get with new mount flag

* Clearer naming

* KV Put, Patch, Metadata Get + corresponding tests

* KV Delete, Destroy, Rollback, Undelete, MetadataDelete, MetadataPatch, MetadataPut

* Update KV-v2 docs to use mount flag syntax

* Add changelog

* Run make fmt

* Clarify deprecation message in help string

* Address style comments

* Add PKI test for delete role

 - Create a role, validate that defaults are what we expect
   and delete the role, verifying it is gone on subsequent read
   attempts.

* Add PKI test for crl/rotate command

 - Missing a unit test that validates the crl/rotate command works. The test validates the rotate command was successful
   by checking if we have a different/new update time on the CRL.

* Rework PKI TestBackend_PathFetchValidRaw test to not write directly to storage

 - Rework the existing test to not write directly to storage as we might change that in the future.
 - Add tests that validate the ca_chain behaviour of not returning the root authority cert

* PR Feedback

* Additional PR feedback

* fix usages of img tag and integrate dev-portal workflows

* Adjust Makefile

* Add more color around managed keys in their concepts page, and create additional links between
the various docs pages related to them.

* Typos

* Update CC docs

* Add sample response

* Address review feedback

* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/internal-counters.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update website/content/api-docs/system/internal-counters.mdx

Co-authore...

* docs: fix formatting on plugin upgrade page

* fix more formatting issues

* Subtle docs change for allow_store_key

* errant space

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* updating changes from ent PR

* adding changelog

* fixing err

* fixing semgrep error

* adding debug changes from ent

* adding changelog

* only show value in edit form if has read capabilities

* revert messing with form

* delete secret data from secret

* add check for selected version

* remove added line

* add changelog

* changed learn to tutorial references

* changed learn to tutorial

* Update website/content/docs/plugins/plugin-portal.mdx
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Update website/content/docs/platform/aws/run.mdx
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Fixing excessive unix file permissions

* CL

* reduce the permission from 750 to 700

* docs: add plugin definitions to the glossary

* clarify multiplexed plugin glossary

* Update website/content/docs/glossary.mdx
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Vault-4279 reporting redundant/unused keys in config

* missing validate step

* CL

* Change the log level

* VAULT-4240 time.After() in a select statement can lead to memory leak

* CL