feat: azure key vault (#14406)

* feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2025-09-05 09:21:02 +00:00 · 2024-11-11 19:41:47 +08:00
parent b660bfb7ff
commit e1b501c7d4
20 changed files with 1280 additions and 837 deletions
--- a/apps/settings/serializers/feature.py
+++ b/apps/settings/serializers/feature.py
@@ -3,13 +3,14 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers

+from accounts.const import VaultTypeChoices
 from assets.const import Protocol
 from common.serializers.fields import EncryptedField
 from common.utils import date_expired_default

 __all__ = [
-    'AnnouncementSettingSerializer', 'OpsSettingSerializer',
-    'VaultSettingSerializer', 'TicketSettingSerializer',
+    'AnnouncementSettingSerializer', 'OpsSettingSerializer', 'VaultSettingSerializer',
+    'HashicorpKVSerializer', 'AzureKVSerializer', 'TicketSettingSerializer',
    'ChatAISettingSerializer', 'VirtualAppSerializer',
 ]

@@ -43,20 +44,13 @@ class AnnouncementSettingSerializer(serializers.Serializer):


 class VaultSettingSerializer(serializers.Serializer):
-    PREFIX_TITLE = _('HCP Vault')
+    PREFIX_TITLE = _('Vault')

    VAULT_ENABLED = serializers.BooleanField(
        required=False, label=_('Vault'), read_only=True
    )
-    VAULT_HCP_HOST = serializers.CharField(
-        max_length=256, allow_blank=True, required=False, label=_('Host')
-    )
-    VAULT_HCP_TOKEN = EncryptedField(
-        max_length=256, allow_blank=True, required=False, label=_('Token'), default=''
-    )
-    VAULT_HCP_MOUNT_POINT = serializers.CharField(
-        max_length=256, allow_blank=True, required=False, label=_('Mount Point'),
-        default='jumpserver'
+    VAULT_BACKEND = serializers.ChoiceField(
+        choices=VaultTypeChoices.choices, default=VaultTypeChoices.local, label=_('Vault provider')
    )

    HISTORY_ACCOUNT_CLEAN_LIMIT = serializers.IntegerField(
@@ -72,6 +66,35 @@ class VaultSettingSerializer(serializers.Serializer):
    )


+class HashicorpKVSerializer(serializers.Serializer):
+    PREFIX_TITLE = _('HCP Vault')
+    VAULT_HCP_HOST = serializers.CharField(
+        max_length=256, allow_blank=True, required=False, label=_('Host')
+    )
+    VAULT_HCP_TOKEN = EncryptedField(
+        max_length=256, allow_blank=True, required=False, label=_('Token'), default=''
+    )
+    VAULT_HCP_MOUNT_POINT = serializers.CharField(
+        max_length=256, allow_blank=True, required=False, label=_('Mount Point')
+    )
+
+
+class AzureKVSerializer(serializers.Serializer):
+    PREFIX_TITLE = _('Azure Key Vault')
+    VAULT_AZURE_HOST = serializers.CharField(
+        max_length=256, allow_blank=True, required=False, label=_('Host')
+    )
+    VAULT_AZURE_CLIENT_ID = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Client ID')
+    )
+    VAULT_AZURE_CLIENT_SECRET = EncryptedField(
+        max_length=4096, allow_blank=True, required=False, label=_('Client Secret'), default=''
+    )
+    VAULT_AZURE_TENANT_ID = serializers.CharField(
+        max_length=128, allow_blank=True, required=False, label=_('Tenant ID')
+    )
+
+
 class ChatAISettingSerializer(serializers.Serializer):
    PREFIX_TITLE = _('Chat AI')
    API_MODEL = Protocol.gpt_protocols()[Protocol.chatgpt]['setting']['api_mode']