* Remove unnecessary branch filters; we rely instead on exiting the jobs on inappropriate branches, since otherwise GH's required checks won't be satisfied.

Co-authored-by: Joshua Gilman <joshuagilman@gmail.com>

Co-authored-by: Austin Gebauer <agebauer@hashicorp.com>

Co-authored-by: Meggie Ladlow <meggie@hashicorp.com>

Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>

Backport of docs/k8s: Updates for vault-k8s 0.14.2 and vault-helm 0.19.0 into release/1.9.x (#13789)

* backport of commit a46bc95dd006da219f911eb16630e398f69a627a

* backport of commit b2ff79e997687d1ff76ad3a9321ff2931d3f150b

* backport of commit 270eb41001099e29bf42fef360a9b7d95bd7a573
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Signed-off-by: circa10a <caleblemoine@gmail.com>

* Update release/1.9.x docs to match stable-website

* Add the rest of `website`

Co-authored-by: mickael e <mickael@hashicorp.com>

* Raft peer removal bug (#13098)

* fixes issue removing raft peer via cli not reflected in UI until refresh

* adds changelog entry

* removes faker

* attempts to fix global error in circle ci run

Co-authored-by: Morgan Drake <12264057+modrake@users.noreply.github.com>

* backport of commit f0fc03ebb786982f5f877d7958fa2241a8f8fc4f

* backport of commit 9a9eba6ee4911aff51cbb4329cd6570641274a07

* backport of commit 7fc38ac71ca846c74943ad2989853b9f431b2397

* backport of commit eaf572e7df18e51a355097580b9f49f0a208cfea
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>

* cherry-pick changes from main

* changing maxint

* fixing compare

* fixing consts

* fixing consts
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
Co-authored-by: akshya96 <araghavan@hashicorp.com>

Co-authored-by: Matthew Irish <39469+meirish@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Backport of auth/kubernetes: support for dynamically reloading short-lived tokens into release/1.9.x (#13698)

* auth/kubernetes: support for dynamically reloading short-lived tokens (#13595)

* auth/kubernetes: support for short-lived tokens

* Uplift new version of Kubernetes auth plugin that does not store the
  service account token persistently to Vault storage.

* Update the documentation to recommend local token again when running
  Vault inside cluster.
Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* Added changelog entry
Signed-off-by: Tero Saarni <tero.saarni@est.tech>

* clarification to changelog entry, executed go mod tidy

* clarifications and added targeted release version

* update available version to 1.9.3+ and changelog

renamed changelog file to the backport pr number.

* update go.mod to k8s-auth@v0.11.4
Co-authored-by: Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

Co-authored-by: taoism4504 <loann@hashicorp.com>

* Rework 1.21 content into one heading and add note at top
* Add notes about extended k8s token duration
* Add example of ClusterRoleBinding for using client JWTs
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* backport of commit f7a98ce27a5a8160e2502c3449346d64cfa0a428

* backport of commit fb844b0f3f750aa4752971c30bf8efbc39db3b3a

* backport of commit 90e942c100251d69ee0e45a09170845eeec03ce7

* backport of commit 80f2fe7984606e0b62852dbb63fbd908ebf462f4

* backport of commit 94c5cae44d01d079346286d2c8f22432d29a2138

* backport of commit a9b5b4f207d8ac3d56cc778df9718339e7de1ff5

* backport of commit c82e850a20f5405ce8d65ce4a8fe9b8a22e94fc8

* backport of commit f506f512bc4f5ef8e40d8baa76b25709562323d3

* Update website/content/docs/platform/k8s/csi/index.mdx
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

* cleanup

* additional deprecation comments

* fix discovery link

* highlight

* Backport of commit 1ff8749d6787d06464c84d71eaa54e9b93ba7c6c

Couldn't find the commit locally to cherry-pick
Co-authored-by: Gary Frederick <imthaghost@protonmail.com>
Co-authored-by: Gary Frederick <hello@garyf.dev>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>

* no-op commit due to failed cherry-picking

* [VAULT-3252] Add entity-alias behavior change to docs (#13370)

* Add entity-alias behavior change to docs

* Add upgrade note about entity-alias mapping change

* Rename 1.7-9 upgrade pages, shuffle upgrade note position

* Update website/content/partials/entity-alias-mapping.mdx
Co-authored-by: Meggie <meggie@hashicorp.com>

* Add incorrect policy issue to the docs

* Add example about entity-alias restriction
Co-authored-by: Meggie <meggie@hashicorp.com>

* Update http requests API link to versioned docs (#13692)

* docs: add known issues section to 1.9.x upgrade guide (#13662)

* docs: add known issues section to 1.9.x upgrade guide

* minor rephrasing on oidc known issue

* use relative references for URLs

* Update website/content/docs/upgrading/upgrade-to-1.9.x.mdx
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* update known issues section for id token
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
Co-authored-by: Meggie <meggie@hashicorp.com>
Co-authored-by: Tony Pulickal <ttp@hashicorp.com>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* backport of commit 5dc6e43303dff074ecc3a9c5949ae64b597bff0f

* backport of commit 002ed5fe4630b587d04dc79da7a0bf953b826682

* backport of commit 77e4dfeb07d43e4698458665a9b239b329934db4

* backport of commit 65141513a89d8513f41cb16fb04331f05dcd39a9

* backport of commit eb7cee2ceeaa9ae39298a4eb967b333c58e5d4b2

* backport of commit 7dc5acc806a6fda64cfddb3b0e79430a596a8f68

* backport of commit 9ae01d77ccff5390320a562eebbaf48834213fa2
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

In doing some testing I found that the listener clusteraddr isn't really used, or at least isn't as important as the top-level clusteraddr setting.  As such, go-sockaddr templating needs to be implemented for the top-level `cluster_addr` setting or it's unusable for HA.

Also fix a nil pointer panic I discovered at the same time.

* backport of commit 5bb6996b

* backport of commit 04d87300

Co-authored-by: Ben Ash <bash@hashicorp.com>

* backport of commit 43760fe9538f9b4dd6e72d024a06394aedc49925

* backport of commit 76bc89361f40561c4f05863150eb48014e9a67cf

* backport of commit 6d2e589f69ce7b500fde232b21d0f4c22d9597db
Co-authored-by: Ben Ash <bash@hashicorp.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>

Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: mickael e <mickael@hashicorp.com>
Co-authored-by: mickael-hc <86245626+mickael-hc@users.noreply.github.com>

Co-authored-by: James Bayer <1139532+jbayer@users.noreply.github.com>

* backport of commit 2b127670

* backport of commit 69440d00

* backport of commit 1b9013e5

Co-authored-by: akshya96 <araghavan@hashicorp.com>
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>

* backport of commit 474d5f95b1122fb1ffb1ff2096fff360a94af721

* backport of commit 3ae90003d4605ff0bb2d14f304bd6530f2152486

* backport of commit 19e9c02c240b08481fc57838306d226e498f6856

* backport of commit 276918f669affc9db7b143d380e74667f602fa02
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

* Use MAP_POPULATE for our bbolt mmaps, assuming the files fit in memory.  This should improve startup times when freelist sync is disabled.

* For 1.8-1.9, MAP_POPULATE will be opt-in, requiring env var VAULT_RAFT_ENABLE_MAP_POPULATE.

If we get a 405 doing an HTTP PATCH, assume the server is pre-1.9 and fall back to old readThenWrite approach (#13615) (#13629)

Co-authored-by: Austin Gebauer <agebauer@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>