* Add support for Managed Identity auth for physical/Azure

Obtain OAuth token from IMDS to allow for access to Azure Blob with
short-lived dynamic credentials

Fix #7322

* add tests & update docs/dependencies

* Add Learn More Here link to vault learn pricing metrics tutorial

* Fix spacing
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

Wrap the dev logs in a sync.Once and deregister first, to eliminate the possibility of emitting the dev output twice in a race. (#10258)

* first commit

* update

* removed some ent features from backport

* final refactor

* backport patch
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MBP.hitronhub.home>

* OCI: Don't store region in the backend struct

* Update physical/oci/oci.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Add ability to specify region for OCI Storage Backend

* Fix capitalization in Vault documentation
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* UI/OIDC: allow passing namespace in state

Suppport in the UI OIDC callback flow to parse namespace out of the
state parameter instead of a separate query parameter in the
redirect_uri. Includes docs for the option that enables this behavior
in the JWT plugin.

* 1.6 wordsmithing

* pass_namespace_in_state -> namespace_in_state

* re-wording

* use strict equals
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* Consolidate locking for sys/health

This avoids a second state lock read-lock on every sys/health hit

* Address review feedback
Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* auth: store period value on tokens created via login

* test: reduce potentially flaskiness due to ttl check

* test: govet on package declaration

* changelog++

* Temporarily remove CL entry

* Add back the CL entry
Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>

* Add test for 400 status on missing token

* Return logical.StatusBadRequest on missing token

* remove commented out code
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

Also expanded support for all DBs for root credential rotation & static credential rotation

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.

Default objects should return a function to avoid breaking ember's idea of what a default value should look like (#10218)

* Refactoring and test improvements.

* Support migrating from a given type of autoseal to that same type but with different parameters.

Update language on primary to reflect how many known secondaries there are, and update CTA for viewing all (#10217)

Updated the `Serve` function so these can be added back into Vault

This also temporarily disables couchbase, elasticsearch, and
mongodbatlas because the `Serve` function needs to change signatures
and those plugins are vendored in from external repos, causing problems
when building.

Fixes oidc config UI, and adds EdDSA (ed25519) to supported algorithms

* Improve errors for aws login with an unbound ARN

* Factor hasWildcardBind into its own function
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update HanaDb to v5 dbplugin
* Add ability to update passwords for HANA db

* Update language to reflect that current namespace includes all children as well

* Update metrics config value to correct ones

* Handle 204 no data from activity endpoint

* Wrap metrics date inputs in form so it handles keyboard events like Enter

* Pass default span and retention months from config

* remove stray space