* backport of commit eda2fd830f46a0ea44ce363b5e8daebbed8bf289

* backport of commit 2962018ed532a7c58949910cb7148580bafcb6b7

* backport of commit bc084cf23e539794cbd75877a516608c91aa8dd3

* backport of commit 7e3408c1ebce9030e584f6b215ec9373cd9e17cb

* backport of commit 3d4ef0d89f791e9aeb2aab10c360b60545c1b945

* backport of commit 8c5cf17931b3d842fb72bf827a58f9491b59251b
Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Backport of [VAULT-5887] TypeInt64 support added to OpenApi Spec generation into release/1.10.x (#15146)

* backport of commit 133c827b96b10ff089f18d1db5a0348b01ad13e1

* backport of commit 6b3c59432169a41eaaaa18d65ba71fbb9b940def
Co-authored-by: Annalise Diroff <adiroff@hashicorp.com>

Co-authored-by: Claire Labry <claire@hashicorp.com>

* backport of commit ff8e9037678985f7be29173294587c04e6466959

* backport of commit f76656e9efff7e75d8b94ab404a3c43c2f1bae01

* backport of commit e26fafa115b3f1aa9c9871186c61d98eff86a910

* backport of commit 6181ef3cd68048c565bbee1d2e04fe9af9d13807

* backport of commit 496d327056053cc4348104f3cf05f8dd38238743

* backport of commit 65ec6a8a6aa5225144fe4e11c2cd6c3747d24c1e

* backport of commit 83e3d3cdc648214c936a030efe36c17f750515d8

* backport of commit 7f010be1892569c3dabd085da2371b5669538527
Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com>

* backport of commit dc342c6641aaf6a0dc72107ba3dbd2b95ab2d4a7

* backport of commit 7f9da9fd01818ef934475f0cd14803a96b253418

* backport of commit 03640b9992ad4bc4230da5d6dbe1e3e7f27561c8
Co-authored-by: Jason O'Donnell <2160810+jasonodonnell@users.noreply.github.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: hashicorp-peter <peter.wilson@hashicorp.com>

* backport of commit b68f807c85cc9e0e29d98597766c84c37a10e0b7

* backport of commit 5072f1a8f2ef0564866415784d55cc0f5530fee3

* backport of commit 863971f6486afd7af7a9c3a59047c2d0c1a0143f

* backport of commit f44030a0448ef7292bde4d7173410265df72de31

* backport of commit 7b0704b65bc10357b24441fcdbf7b3cdc4d43819
Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>

* backport of commit df9416d64cf103a3da4e484cac2ce428a1c82a95

* backport of commit 8edb1c24505584230c71708f31be7cd7f392142d
Co-authored-by: Chris Capurso <1036769+ccapurso@users.noreply.github.com>

Co-authored-by: Conrad Kleinespel <conrad.kleinespel@memo.bank>

* backport of commit 8fb2fca4

* backport of commit ee412d52

Co-authored-by: Arnav Palnitkar <arnav@hashicorp.com>

Backport of Custom tooltip for Generated Token Policies form field on auth methods into release/1.10.x (#15053)

* backport of commit f83a08bde037c92c54e0256cb4a3a892d7c6adde

* backport of commit bc28a168a3ffea3c80c411176127e41de31fecd3

* backport of commit 612c6389f752003267a68c23e844fe02116660e3

* backport of commit ccd137d83d50cfc5fc37cf92bebc85adc78fe942

* backport of commit 3fdce8e03823fb12594544187ccb4262a22a2a3e

* Update generated-item.js
Co-authored-by: Angel Garbarino <argarbarino@gmail.com>
Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com>

Backport of Respect increment value in grace period calculations (api/LifetimeWatcher) into release/1.10.x (#14940)

Co-authored-by: hashishaw <cshaw@hashicorp.com>

* UI: Masked inputs always look the same when value is hidden (#15025)

* Masked inputs always look the same when value is hidden

* Add changelog

* Fix failing test

* Fix linting

* please unflake

* VAULT-5422: Add rate limit for TOTP passcode attempts (#14864)

* VAULT-5422: Add rate limit for TOTP passcode attempts

* fixing the docs

* CL

* feedback

* Additional info in doc

* rate limit is done per entity per methodID

* refactoring a test

* rate limit OSS work for policy MFA

* adding max_validation_attempts to TOTP config

* feedback

* checking for non-nil reference

* remove WithContext functions from a test

* adding changes from main

* removing env changes

Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* backport of commit e4fe735fb3debdf2a3a052a3fad03cb741c91cfb

* backport of commit 7ea8dac318aa02f17dacdcf2375c85b4878d9376
Co-authored-by: kitography <khaines@mit.edu>

Co-authored-by: Calvin Wu <calvin620707@msn.com>

Co-authored-by: Jim Kalafut <jkalafut@hashicorp.com>

* forwarding requests subjected to Login MFA to the active node

* CL, and making fmt happy

When adding SignatureBits control logic, we incorrectly allowed
specification of SignatureBits in the case of an ECDSA issuer. As noted
in the original request, NIST and Mozilla (and others) are fairly
prescriptive in the choice of signatures (matching the size of the
NIST P-curve), and we shouldn't usually use a smaller (or worse, larger
and truncate!) hash.

Ignore the configuration of signature bits and always use autodetection
for ECDSA like ed25519.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* backport of commit 9671150c25ee7b887dedbada2f5d949890a6cb2d

* backport of commit d2d1cfe7f8113694ef04cf30c53a7ede1e4f0873
Co-authored-by: Josh Black <raskchanky@gmail.com>

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>

* OIDC Login Bug (#14916)

* fixes issue logging in with oidc from listed auth path tab

* adds changelog entry

* adds more tests for oidc auth workflow

* updates oidc auth method test to use non-standard path

* removes logout-auth-method test which was renamed to oidc-auth-method

Fix handling of default zero SignatureBits value with Any key type in PKI Secrets Engine (#14875) (#14893)

* Correctly handle minimums, default SignatureBits

When using KeyType = "any" on a role (whether explicitly or implicitly
via a sign-verbatim like operation), we need to update the value of
SignatureBits from its new value 0 to a per-key-type default value. This
will allow sign operations on these paths to function correctly, having
the correctly inferred default signature bit length.

Additionally, this allows the computed default value for key type to be
used for minimum size validation in the RSA/ECDSA paths. We additionally
enforce the 2048-minimum in this case as well.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Fix defaults and validation of "any" KeyType

When certutil is given the placeholder any keytype, it attempts to
validate and update the default zero value. However, in lacking a
default value for SignatureBits, it cannot update the value from the
zero value, thus causing validation to fail.

Add more awareness to the placeholder "any" value to certutil.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add role-based regression tests for key bits

This adds regression tests for Key Type, Key Bits, and Signature Bits
parameters on the role. We test several values, including the "any"
value to ensure it correctly restricts key sizes.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add sign-verbatim test for key type

This ensures that we test sign-verbatim against a variety of key types.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Add changelog entry
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* backport of commit 6642d073ed6bf9d1035c2f771f2cf00b772b94b7

* backport of commit 8500bd1ddcf24405462d5039c5a6df8edaab6b58

* backport of commit 6362c6882a6114ac34fad042c42e334f4ae0b3be

* backport of commit b13ad32b0e10069423c1111a97e54cbb97119cc6

* backport of commit 52a577b23ca9474156d80dbf3b7517823cded2d8

* backport of commit c4c9ea74167233bb679fdd635ab73455fb36eab3
Co-authored-by: Christopher Swenson <christopher.swenson@hashicorp.com>
Co-authored-by: Christopher Swenson <swenson@swenson.io>

* resolve path_config_rotate_root_test - ent uses newer version so update and fix

* clean up operator_diagnose import to match ent

* add mount_accessor to SentinelKeys to match ent

* mysql.go remove trailing space to match ent

* update protobuf version to match ent

* update vault/cluster.go log message to match ent

* update ha from ent - the dr stuff is probably fine?

* remove newline to match ent in vault/login_mfa.go

* add vaultKubernetesMountPath to doc to match ent

* backport of commit 0c7e4752a9a011c1d12b34441a2aa5712e07ee85

* backport of commit 97de992b6ddebc9b8cb047bcd4a83388f3158bbb

* backport of commit 124227121c5daeb27acf6093954195fa0e51e06c

* backport of commit fa816ef7d343c93031b0b01fb5d90d3466e9f93c

* backport of commit 6b55f0653db9dcc7bf3bb97deec4d4e2952eaefa

* backport of commit 886256f5f99dca505270bdeacc07a87ef6e3fcf7

* backport of commit 4a514a3e24127d2a573d6237be6b2f7e92de8ad0

* backport of commit 12d97fb79fbf4f82656078bdd72c64ca4a78b4fd

* backport of commit f4073b5b362062979a1dcb4e584c1cde5d3e8968

* backport of commit d7de4d9197a30e834836491575ce2b185618a19c

* backport of commit f9ea2c861ad445f65e7ff5ed2d4e69f0bd27737c

* backport of commit ae5d63ac06a07c671260a17743d8701a91dc9731

* backport of commit f826c61cd405357bc4b593fc355725152929cec5

* backport of commit e69942b5e421b4447f297f1950c4cbbc56d53737

* backport of commit d341f48ddebe30b226ec2c71cf8536d3953f5703

* backport of commit 1230398b0f31467eef40f72d55690c3b37752b4c

* backport of commit a47e23aa23a0a0f5fc7180d6360398d44ecb4339

* backport of commit 6ddceab1b7c914ab3ab3a394aa5fa1b3fd1f26ba

* backport of commit 98c4b6b735315f544038e37620b823cbb2a52056

* backport of commit 1f6786a60bd9e30c75e4f3b16a9849278f9e354c

* backport of commit d1a3b7dd29a82259ee0607cd2133a967b743d586

* backport of commit c4b22670b54bacafa203135f1cd5cc954c77d392
Co-authored-by: Vishal Nayak <vishalnayakv@gmail.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>

Revert "Backport of Vault 3992 ToB Config and Plugins Permissions  into release/1.10.x (#14881)" (#14915)

This reverts commit a43b8ee1.

* backport of commit 81b3f4f0096aa5a11f30fadd3b041d27c1c98d40

* backport of commit 952c9baca9fb383c390687d31b80eb99ad47b4f6
Co-authored-by: Scott G. Miller <smiller@hashicorp.com>

* backport of commit c77210f60ab3bd38d6f16b28215c84f4a6d1150c

* backport of commit 2f6641a15964066754ce678eafc2ade941a74f38
Co-authored-by: JM Faircloth <jmfaircloth@hashicorp.com>

* backport of commit 24cab674e0b48613e3ebc9076db21c39bd17c07b

* backport of commit 1160bea10a81b6f2bdde03b87acc6fc510f621de
Co-authored-by: Scott G. Miller <smiller@hashicorp.com>

* backport of commit 903a4f32

* backport of commit 81df08b2

* backport of commit 5632e2d3

* backport of commit 4a7a911f

Co-authored-by: akshya96 <araghavan@hashicorp.com>
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>