* changing response from missing client token to permission denied

* removing todo comment

* fix tests

* adding changelog

* fixing changelog

In the Counter-mode KBKDF implementation, due to the nature of the PRF
(being implemented as a function rather than a hash.Hash instance), we
need to allocate a buffer capable of storing the entire input to the
PRF. This consists of the user-supplied context with 8 additional bytes
(4 before and 4 after) of encoded integers.

If the user supplies a maximally-sized context, the internally allocated
buffer's size computation will overflow, resulting in a runtime panic.
Guard against this condition.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add a new parameter "allowed_managed_keys" to mount config

* Adjust formatting in mount.go

* Add changelog entry

* README.md of website/ with WARNING on rebuilding

* Update README.md

* incorporated feedback

* fixed link

* fixed link again

* found another error

* add kubenetes issuer config deprecation

* changelog++

* add Vault specific PR in deprecation section

* ordering

* version bumps

* updated chart options

* change default vaule for disable_iss_validation to be true

* mark as deprecated | remove issuer from sample

* deprecation section

* additional informaiton about when fields will be removed

* additional deprecation note under csi provider

* punctuation

* make the deprecation note more noticable

* missing issuer sentence | remove whitespace

* Update website/content/docs/platform/k8s/csi/index.mdx
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* cleanup

* additional deprecation comments

* fix discovery link

* highlight

* no need to configure the issuer
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* OIDC: add note on PKCE support for code flow

* add changelog

* remove changelong

Moved from one of the first items in the navbar down to one of the last. They are not high priority information and should be grouped with upgrade and release notes.

* adds date time helper to generated creds

* makes revocation time human-readable

* Add sb extract to enable Storybook composition

Ref: hashicorp/cloud-ui#1457 and https://github.com/hashicorp/design-system-website/blob/main/taskbox/.storybook/main.js

* Add metadata to enable SB extract

* Change dir location

* Change location of stories

* Move cp stories.json to build:storybook step

* post 1-9 doc changes

* fixed endpoint sample

* Update website/content/docs/release-notes/1.9.0.mdx
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* Some prep work for docs cutover

* Rerun Vercel

* fixes issue restoring raft snapshot

* adds changelog entry

* fixes issue with ttl picker not initially enabling in form field component

* adds changelog entry

* updates test

* updates initial ttl toggle state for default 0s value

Return a UserError is aead.Open() fails and assume by that stage there is a problem with the user input for said decryption

* don't log token error on DR Secondary

* stop gauge collector expiration errors on dr secondary

* don't check dr secondary for token create

* see if CI hits panic

* Revert "don't check dr secondary for token create"

This reverts commit c036a1a544d3a20d29d046f1ee239ab1563ce4d9.

* don't check dr secondary for token create

* Revert "see if CI hits panic"

This reverts commit 1e15aa535cac6e4d1684aaf47c8746c094068eb8.

* remove condition on log

* updates generator to glimmer

* adds changelog

* accounts for addon vs reg components

* moves imports to the top of components

* Add AllowMissing to local_bucket_key schema, preventing startup failures in post-unseal when aliases from an older version exist.

* Hide verify-connection attribute on connection config show page

* Add changelog

* Remove old guides folder and its contents

* Remove the guide-nav file

* Remove the guides page

* new document for feature deprecation notice

* fixed errors

* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Meggie <meggie@hashicorp.com>

* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update website/content/docs/feature-deprecation-notice.mdx
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

* Update feature-deprecation-notice.mdx

* added new faq page

* added content for faq

* updated faq page based on aarti's feedback

* added client count faq

* fixed a broken link

* added links

* fixed spacing issue

* added new release notes page

* edited the client count faq

* edited the feature deprecation faq

* edited the featue deprecation notice and plans

* edited the release notes

* added new oidc provider doc

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* incorporated feedback

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>

* changed mnt_acc to mount_accessor

* rewritting content

* added doc link

* fixed link error

* fixed spacing error

* incorporate additional feedback

* more feedback

* incorporated more feedback

* fixed headings

* fixed a heading

* incorproate changes

* incorporate feedback

* modified RN based on feedback

* Update website/content/docs/concepts/oidc-provider.mdx
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>

* updated final release notes

* updated image

* fixed link

* added a new hyperlink to the etcd document

* add and modify notes; update scope template

* break identity docs into separate pages

* fix nav for identity token

* fix nav links; add links on overview

* use real example IDs

* fix typos

* incorporated additional feedback
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com>
Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>

* Return HTTP 400s on transit decrypt requests where decryption fails. (#10842)

* Don't abort transit batch encryption when a single batch item fails.

* Add unit tests for updated transit batch decryption behavior.

* Add changelog entry for transit encrypt/decrypt batch abort fix.

* Simplify transit batch error message generation when ciphertext is empty.

* Return error HTTP status codes in transit on partial batch decrypt failure.

* Return error HTTP status codes in transit on partial batch encrypt failure.

* Properly account for non-batch transit decryption failure return. Simplify transit batch decryption test data. Ensure HTTP status codes are expected values on batch transit batch decryption partial failure.

* Properly account for non-batch transit encryption failure return. Actually return error HTTP status code on transit batch encryption failure (partial or full).