feat: azure key vault (#14406)

* feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2025-09-10 03:39:59 +00:00 · 2024-11-11 19:41:47 +08:00
parent b660bfb7ff
commit e1b501c7d4
20 changed files with 1280 additions and 837 deletions
--- a/apps/settings/api/vault.py
+++ b/apps/settings/api/vault.py
@@ -6,18 +6,25 @@ from rest_framework.views import Response, APIView

 from accounts.backends import get_vault_client
 from accounts.tasks.vault import sync_secret_to_vault
+from common.exceptions import JMSException
 from settings.models import Setting
 from .. import serializers


 class VaultTestingAPI(GenericAPIView):
-    serializer_class = serializers.VaultSettingSerializer
+    backends_serializer = {
+        'azure': serializers.AzureKVSerializer,
+        'hcp': serializers.HashicorpKVSerializer
+    }
    rbac_perms = {
        'POST': 'settings.change_vault'
    }

-    def get_config(self, request):
-        serializer = self.serializer_class(data=request.data)
+    def get_config(self, request, backend):
+        serializer_class = self.backends_serializer.get(backend)
+        if serializer_class is None:
+            raise JMSException()
+        serializer = serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)
        data = serializer.validated_data
        for k, v in data.items():
@@ -27,9 +34,10 @@ class VaultTestingAPI(GenericAPIView):
            data[k] = getattr(settings, k, None)
        return data

-    def post(self, request):
-        config = self.get_config(request)
+    def post(self, request, backend):
+        config = self.get_config(request, backend)
        config['VAULT_ENABLED'] = settings.VAULT_ENABLED
+        config['VAULT_BACKEND'] = backend
        try:
            client = get_vault_client(raise_exception=True, **config)
            ok, error = client.is_active()
@@ -58,4 +66,3 @@ class VaultSyncDataAPI(APIView):
    def _run_task():
        task = sync_secret_to_vault.delay()
        return task
-