jumpserver/apps/settings/api/vault.py

from django.conf import settings
from django.utils.translation import gettext_lazy as _
from rest_framework import status
from rest_framework.generics import GenericAPIView
from rest_framework.views import Response, APIView

from accounts.backends import get_vault_client
from accounts.tasks.vault import sync_secret_to_vault
from common.exceptions import JMSException
from settings.models import Setting
from .. import serializers


class VaultTestingAPI(GenericAPIView):
    backends_serializer = {
        'azure': serializers.AzureKVSerializer,
        'hcp': serializers.HashicorpKVSerializer
    }
    rbac_perms = {
        'POST': 'settings.change_vault'
    }

    def get_config(self, request, backend):
        serializer_class = self.backends_serializer.get(backend)
        if serializer_class is None:
            raise JMSException()
        serializer = serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)
        data = serializer.validated_data
        for k, v in data.items():
            if v:
                continue
            # 页面没有传递值, 从 settings 中获取
            data[k] = getattr(settings, k, None)
        return data

    def post(self, request, backend):
        config = self.get_config(request, backend)
        config['VAULT_ENABLED'] = settings.VAULT_ENABLED
        config['VAULT_BACKEND'] = backend
        try:
            client = get_vault_client(raise_exception=True, **config)
            ok, error = client.is_active()
        except Exception as e:
            ok, error = False, str(e)

        if ok:
            _status, msg = status.HTTP_200_OK, _('Test success')
        else:
            _status, msg = status.HTTP_400_BAD_REQUEST, error

        return Response(status=_status, data={'msg': msg})


class VaultSyncDataAPI(APIView):
    perm_model = Setting
    rbac_perms = {
        'POST': 'settings.change_vault'
    }

    def post(self, request, *args, **kwargs):
        task = self._run_task()
        return Response({'task': task.id}, status=status.HTTP_201_CREATED)

    @staticmethod
    def _run_task():
        task = sync_secret_to_vault.delay()
        return task
feat: 账号密钥用vault储存 (#10830) * feat: 账号密钥用vault储存 * perf: 优化 Vault * perf: 重构 Vault Backend 设计架构 (未完成) * perf: 重构 Vault Backend 设计架构 (未完成2) * perf: 重构 Vault Backend 设计架构 (未完成3) * perf: 重构 Vault Backend 设计架构 (未完成4) * perf: 重构 Vault Backend 设计架构 (未完成5) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 小优化 * perf: 优化 --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> 1 year ago			`from django.conf import settings`
perf: 优化vault 配置 (#11254) Co-authored-by: feng <1304903146@qq.com> 1 year ago			`from django.utils.translation import gettext_lazy as _`
feat: 账号密钥用vault储存 (#10830) * feat: 账号密钥用vault储存 * perf: 优化 Vault * perf: 重构 Vault Backend 设计架构 (未完成) * perf: 重构 Vault Backend 设计架构 (未完成2) * perf: 重构 Vault Backend 设计架构 (未完成3) * perf: 重构 Vault Backend 设计架构 (未完成4) * perf: 重构 Vault Backend 设计架构 (未完成5) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 小优化 * perf: 优化 --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> 1 year ago			`from rest_framework import status`
			`from rest_framework.generics import GenericAPIView`
			`from rest_framework.views import Response, APIView`

			`from accounts.backends import get_vault_client`
perf: 优化vault 配置 (#11254) Co-authored-by: feng <1304903146@qq.com> 1 year ago			`from accounts.tasks.vault import sync_secret_to_vault`
feat: azure key vault (#14406) * feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2 weeks ago			`from common.exceptions import JMSException`
feat: 账号密钥用vault储存 (#10830) * feat: 账号密钥用vault储存 * perf: 优化 Vault * perf: 重构 Vault Backend 设计架构 (未完成) * perf: 重构 Vault Backend 设计架构 (未完成2) * perf: 重构 Vault Backend 设计架构 (未完成3) * perf: 重构 Vault Backend 设计架构 (未完成4) * perf: 重构 Vault Backend 设计架构 (未完成5) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 小优化 * perf: 优化 --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> 1 year ago			`from settings.models import Setting`
			`from .. import serializers`


			`class VaultTestingAPI(GenericAPIView):`
feat: azure key vault (#14406) * feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2 weeks ago			`backends_serializer = {`
			`'azure': serializers.AzureKVSerializer,`
			`'hcp': serializers.HashicorpKVSerializer`
			`}`
feat: 账号密钥用vault储存 (#10830) * feat: 账号密钥用vault储存 * perf: 优化 Vault * perf: 重构 Vault Backend 设计架构 (未完成) * perf: 重构 Vault Backend 设计架构 (未完成2) * perf: 重构 Vault Backend 设计架构 (未完成3) * perf: 重构 Vault Backend 设计架构 (未完成4) * perf: 重构 Vault Backend 设计架构 (未完成5) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 小优化 * perf: 优化 --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> 1 year ago			`rbac_perms = {`
			`'POST': 'settings.change_vault'`
			`}`

feat: azure key vault (#14406) * feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2 weeks ago			`def get_config(self, request, backend):`
			`serializer_class = self.backends_serializer.get(backend)`
			`if serializer_class is None:`
			`raise JMSException()`
			`serializer = serializer_class(data=request.data)`
feat: 账号密钥用vault储存 (#10830) * feat: 账号密钥用vault储存 * perf: 优化 Vault * perf: 重构 Vault Backend 设计架构 (未完成) * perf: 重构 Vault Backend 设计架构 (未完成2) * perf: 重构 Vault Backend 设计架构 (未完成3) * perf: 重构 Vault Backend 设计架构 (未完成4) * perf: 重构 Vault Backend 设计架构 (未完成5) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 小优化 * perf: 优化 --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> 1 year ago			`serializer.is_valid(raise_exception=True)`
			`data = serializer.validated_data`
			`for k, v in data.items():`
			`if v:`
			`continue`
			`# 页面没有传递值, 从 settings 中获取`
			`data[k] = getattr(settings, k, None)`
			`return data`

feat: azure key vault (#14406) * feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2 weeks ago			`def post(self, request, backend):`
			`config = self.get_config(request, backend)`
perf: 优化 vault 配置 (#11313) Co-authored-by: feng <1304903146@qq.com> 1 year ago			`config['VAULT_ENABLED'] = settings.VAULT_ENABLED`
feat: azure key vault (#14406) * feat: azure key vault * perf: add azure-keyvault-secrets * perf：azure kv api * perf: Translate * perf: Update Dockerfile with new base image tag * perf: Error when secret is empty * perf: Translate --------- Co-authored-by: halo <wuyihuangw@gmail.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2 weeks ago			`config['VAULT_BACKEND'] = backend`
feat: 账号密钥用vault储存 (#10830) * feat: 账号密钥用vault储存 * perf: 优化 Vault * perf: 重构 Vault Backend 设计架构 (未完成) * perf: 重构 Vault Backend 设计架构 (未完成2) * perf: 重构 Vault Backend 设计架构 (未完成3) * perf: 重构 Vault Backend 设计架构 (未完成4) * perf: 重构 Vault Backend 设计架构 (未完成5) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 重构 Vault Backend 设计架构 (已完成) * perf: 小优化 * perf: 优化 --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Bai <baijiangjie@gmail.com> Co-authored-by: feng626 <57284900+feng626@users.noreply.github.com> 1 year ago			`try:`
			`client = get_vault_client(raise_exception=True, **config)`
			`ok, error = client.is_active()`
			`except Exception as e:`
			`ok, error = False, str(e)`

			`if ok:`
			`_status, msg = status.HTTP_200_OK, _('Test success')`
			`else:`
			`_status, msg = status.HTTP_400_BAD_REQUEST, error`

			`return Response(status=_status, data={'msg': msg})`


			`class VaultSyncDataAPI(APIView):`
			`perm_model = Setting`
			`rbac_perms = {`
			`'POST': 'settings.change_vault'`
			`}`

			`def post(self, request, args, *kwargs):`
			`task = self._run_task()`
			`return Response({'task': task.id}, status=status.HTTP_201_CREATED)`

			`@staticmethod`
			`def _run_task():`
			`task = sync_secret_to_vault.delay()`
			`return task`