feat: azure key vault (#14406)

* feat: azure key vault

* perf: add azure-keyvault-secrets

* perf：azure kv api

* perf: Translate

* perf: Update Dockerfile with new base image tag

* perf: Error when secret is empty

* perf: Translate

---------

Co-authored-by: halo <wuyihuangw@gmail.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

apps/accounts/backends/azure/service.py

@@ -0,0 +1,68 @@
+# -*- coding: utf-8 -*-
+#
+from azure.core.exceptions import ResourceNotFoundError, ClientAuthenticationError
+from azure.identity import ClientSecretCredential
+from azure.keyvault.secrets import SecretClient
+
+from common.utils import get_logger
+
+logger = get_logger(__name__)
+
+__all__ = ['AZUREVaultClient']
+
+
+class AZUREVaultClient(object):
+
+    def __init__(self, vault_url, tenant_id, client_id, client_secret):
+        authentication_endpoint = 'https://login.microsoftonline.com/' \
+            if ('azure.net' in vault_url) else 'https://login.chinacloudapi.cn/'
+
+        credentials = ClientSecretCredential(
+            client_id=client_id, client_secret=client_secret, tenant_id=tenant_id, authority=authentication_endpoint
+        )
+        self.client = SecretClient(vault_url=vault_url, credential=credentials)
+
+    def is_active(self):
+        try:
+            self.client.set_secret('jumpserver', '666')
+        except (ResourceNotFoundError, ClientAuthenticationError) as e:
+            logger.error(str(e))
+            return False, f'Vault is not reachable: {e}'
+        else:
+            return True, ''
+
+    def get(self, name, version=None):
+        try:
+            secret = self.client.get_secret(name, version)
+            return secret.value
+        except (ResourceNotFoundError, ClientAuthenticationError) as e:
+            logger.error(f'get: {name} {str(e)}')
+            return ''
+
+    def create(self, name, secret):
+        try:
+            if not secret:
+                secret = ''
+            self.client.set_secret(name, secret)
+        except (ResourceNotFoundError, ClientAuthenticationError) as e:
+            logger.error(f'create: {name} {str(e)}')
+
+    def update(self, name, secret):
+        try:
+            if not secret:
+                secret = ''
+            self.client.set_secret(name, secret)
+        except (ResourceNotFoundError, ClientAuthenticationError) as e:
+            logger.error(f'update: {name} {str(e)}')
+
+    def delete(self, name):
+        try:
+            self.client.begin_delete_secret(name)
+        except (ResourceNotFoundError, ClientAuthenticationError) as e:
+            logger.error(f'delete: {name} {str(e)}')
+
+    def update_metadata(self, name, metadata: dict):
+        try:
+            self.client.update_secret_properties(name, tags=metadata)
+        except (ResourceNotFoundError, ClientAuthenticationError) as e:
+            logger.error(f'update_metadata: {name} {str(e)}')