* backport PR

* backport PR

* Backport some OSS changes

* go mod vendor

added test for concurrency call of remount handler and proposed fix for logic to avoid duplication of mount names (#10264)
Co-authored-by: bruj0 <ramakandra@gmail.com>

Vault uses http.ServeMux which issues an HTTP 301 redirect if the
request path contains a double slash (`//`). Additionally, vault
handles all paths to ensure that the path only contains printable
characters. Therefore use the same validation on the to/from parameters
for remounting.

Not doing this can result in a Vault mount that was originally mounted
at `pki/foo` to being remounted at `pki/foo//bar` resulting in mounts
that cannot be accessed.
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* change active node metric name

* comment to see if commit is fine
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>

* Add support for Managed Identity auth for physical/Azure

Obtain OAuth token from IMDS to allow for access to Azure Blob with
short-lived dynamic credentials

Fix #7322

* add tests & update docs/dependencies

* Add Learn More Here link to vault learn pricing metrics tutorial

* Fix spacing
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

Wrap the dev logs in a sync.Once and deregister first, to eliminate the possibility of emitting the dev output twice in a race. (#10258)

* first commit

* update

* removed some ent features from backport

* final refactor

* backport patch
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: Hridoy Roy <hridoyroy@Hridoys-MBP.hitronhub.home>

* OCI: Don't store region in the backend struct

* Update physical/oci/oci.go
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Add ability to specify region for OCI Storage Backend

* Fix capitalization in Vault documentation
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* UI/OIDC: allow passing namespace in state

Suppport in the UI OIDC callback flow to parse namespace out of the
state parameter instead of a separate query parameter in the
redirect_uri. Includes docs for the option that enables this behavior
in the JWT plugin.

* 1.6 wordsmithing

* pass_namespace_in_state -> namespace_in_state

* re-wording

* use strict equals
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* Consolidate locking for sys/health

This avoids a second state lock read-lock on every sys/health hit

* Address review feedback
Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

* auth: store period value on tokens created via login

* test: reduce potentially flaskiness due to ttl check

* test: govet on package declaration

* changelog++

* Temporarily remove CL entry

* Add back the CL entry
Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>

* Add test for 400 status on missing token

* Return logical.StatusBadRequest on missing token

* remove commented out code
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

Also expanded support for all DBs for root credential rotation & static credential rotation

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.

Default objects should return a function to avoid breaking ember's idea of what a default value should look like (#10218)