feat(cmdb-api): CI password data store (#242)

* add secrets,for test

* feat: vault SDK (#238)

* feat: vault SDK

* docs: i18n

* perf(vault): format code

* feat(secrets): support vault

* feat: add inner password storage

* feat: secrets

* feat: add inner password storage

* feat: add secrets feature

* perf(secrets): review

---------

Co-authored-by: fxiang21 <fxiang21@126.com>
Co-authored-by: Mimo <osatmnzn@gmail.com>

cmdb-api/api/views/cmdb/ci.py

@@ -84,11 +84,10 @@ class CIView(APIView):
         ci_dict = self._wrap_ci_dict()
 
         manager = CIManager()
-        current_app.logger.debug(ci_dict)
         ci_id = manager.add(ci_type,
                             exist_policy=exist_policy or ExistPolicy.REJECT,
                             _no_attribute_policy=_no_attribute_policy,
-                            _is_admin=request.values.pop('__is_admin', False),
+                            _is_admin=request.values.pop('__is_admin', None) or False,
                             **ci_dict)
 
         return self.jsonify(ci_id=ci_id)
@@ -96,7 +95,6 @@ class CIView(APIView):
     @has_perm_for_ci("ci_id", ResourceTypeEnum.CI, PermEnum.UPDATE, CIManager.get_type)
     def put(self, ci_id=None):
         args = request.values
-        current_app.logger.info(args)
         ci_type = args.get("ci_type")
         _no_attribute_policy = args.get("no_attribute_policy", ExistPolicy.IGNORE)
 
@@ -104,14 +102,14 @@ class CIView(APIView):
         manager = CIManager()
         if ci_id is not None:
             manager.update(ci_id,
-                           _is_admin=request.values.pop('__is_admin', False),
+                           _is_admin=request.values.pop('__is_admin', None) or False,
                            **ci_dict)
         else:
             request.values.pop('exist_policy', None)
             ci_id = manager.add(ci_type,
                                 exist_policy=ExistPolicy.REPLACE,
                                 _no_attribute_policy=_no_attribute_policy,
-                                _is_admin=request.values.pop('__is_admin', False),
+                                _is_admin=request.values.pop('__is_admin', None) or False,
                                 **ci_dict)
 
         return self.jsonify(ci_id=ci_id)
@@ -242,3 +240,13 @@ class CIAutoDiscoveryStatisticsView(APIView):
 
     def get(self):
         return self.jsonify(CIManager.get_ad_statistics())
+
+
+class CIPasswordView(APIView):
+    url_prefix = "/ci/<int:ci_id>/attributes/<int:attr_id>/password"
+
+    def get(self, ci_id, attr_id):
+        return self.jsonify(ci_id=ci_id, attr_id=attr_id, value=CIManager.load_password(ci_id, attr_id))
+
+    def post(self, ci_id, attr_id):
+        return self.get(ci_id, attr_id)

cmdb-api/api/views/cmdb/inner_secrets.py

@@ -0,0 +1,38 @@
+from api.resource import APIView
+from api.lib.secrets.inner import KeyManage
+from api.lib.secrets.secrets import InnerKVManger
+
+from flask import request, abort
+
+
+class InnerSecretUnSealView(APIView):
+    url_prefix = "/secrets/unseal"
+
+    def post(self):
+        unseal_key = request.headers.get("Unseal-Token")
+        res = KeyManage(backend=InnerKVManger()).unseal(unseal_key)
+        # if res.get("status") == "failed":
+        #     return abort(400, res.get("message"))
+        return self.jsonify(**res)
+
+
+class InnerSecretSealView(APIView):
+    url_prefix = "/secrets/seal"
+
+    def post(self):
+        unseal_key = request.headers.get("Inner-Token")
+        res = KeyManage(backend=InnerKVManger()).seal(unseal_key)
+        # if res.get("status") == "failed":
+        #     return abort(400, res.get("message"))
+        return self.jsonify(**res)
+
+
+class InnerSecretAutoSealView(APIView):
+    url_prefix = "/secrets/auto_seal"
+
+    def post(self):
+        unseal_key = request.headers.get("Inner-Token")
+        res = KeyManage(backend=InnerKVManger()).seal(unseal_key)
+        # if res.get("status") == "failed":
+        #     return abort(400, res.get("message"))
+        return self.jsonify(**res)