CN113132114B - Method, device, medium and equipment for realizing multi-cloud-pipe unified interface gateway - Google Patents
Method, device, medium and equipment for realizing multi-cloud-pipe unified interface gateway Download PDFInfo
- Publication number
- CN113132114B CN113132114B CN202110434878.6A CN202110434878A CN113132114B CN 113132114 B CN113132114 B CN 113132114B CN 202110434878 A CN202110434878 A CN 202110434878A CN 113132114 B CN113132114 B CN 113132114B
- Authority
- CN
- China
- Prior art keywords
- cloud
- function
- unified interface
- request
- interface gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/565—Conversion or adaptation of application format or content
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method, a device, a medium and equipment for realizing a multi-cloud-pipe unified interface gateway, wherein the method comprises the following steps: when a unified interface gateway request is obtained, a security control cloud function is called to check the legality of the unified interface gateway request; after the verification is passed, judging whether the unified interface gateway requests to use the cache or not, if so, calling a cache cloud function; if not, calling and solving a target function cloud function, and solving to obtain a processing cloud function of the request; calling the matched cloud function to call an actual cloud interface; and packaging the interface into a uniform format. According to the invention, the cloud native function service and the interface gateway are used as basic operation components, the environment deployment and operation and maintenance of service operation are not needed, the development efficiency is improved, and the resource waste is reduced.
Description
Technical Field
The invention belongs to the technical field of cloud computing, and particularly relates to a method, a device, a medium and equipment for realizing a multi-cloud-pipe unified interface gateway.
Background
With the popularization of cloud computing, more and more customers can use products and services of multiple cloud manufacturers at the same time, but products of different cloud manufacturers have different differences, so that the demand of uniformly managing multiple cloud environments is generated. For specific cloud operation, two general docking ways are provided, one is to call a rest API of a cloud platform; and the other method is to directly use the SDK provided by the cloud platform to call, and the method is troublesome when a plurality of cloud platforms are docked because the interface standards of different cloud manufacturers are not consistent. To realize the management of the multi-cloud resources, the operating interfaces of various cloud resources and cloud services must be abstracted in a consistent manner to form a uniform interface standard, and then coding adaptation is performed on api of different cloud manufacturers to form a multi-cloud docking adapter. Specific applications refer to the adapter in engineering code for multi-cloud operation, and common adapters generally have an open source class library (such as libcloud) or are self-developed, and are essentially a code level implementation manner. The implementation at the code level has the following disadvantages: 1. depending on specific development languages, the adapters need to be integrally issued, and the expansibility is poor; 2. the adapter is quoted by a large number of applications, and cannot be managed, maintained and upgraded uniformly; 3. a uniform scheduling layer is lacked, the access of a cloud interface cannot be integrally controlled, auditing cannot be performed, and measurement cannot be performed; 4. the operation and maintenance are difficult, the transverse expansion is difficult to carry out, and the performance problem can only be solved by increasing the machine configuration; 5. the code is difficult to release, only can be integrally released, and the iteration efficiency of the product is slowed down.
Disclosure of Invention
In order to overcome the technical defects, the invention provides a method for realizing a multi-cloud-pipe unified interface gateway, which comprises the following steps:
when a unified interface gateway request is obtained, a security control cloud function is called to check the legality of the unified interface gateway request;
after the verification is passed, judging whether the unified interface gateway requests to use the cache or not, if so, calling a cache cloud function; if not, calling a solving target function cloud function, and solving to obtain a processing cloud function of the request;
calling the matched processing cloud function to call an actual cloud interface;
and packaging the interface into a uniform format.
As a further improvement of the present invention, in the step of encapsulating the interface into a unified format, the method includes the following steps:
if the interface specifies storage is enabled, a cache cloud function is called.
As a further improvement of the invention, the external application requests the unified interface gateway through the interface address registered on the API gateway.
As a further improvement of the invention, the authentication mode of the interface adopts a signature algorithm based on a key pair.
As a further improvement of the present invention, the step of calling the security control cloud function to verify the validity of the request of the unified interface gateway includes the following steps:
carrying out signature verification on the uniform interface gateway request;
performing authority verification on the unified interface gateway request;
and performing request frequency control verification on the unified interface gateway request.
As a further improvement of the present invention, in the step of calling and solving the cloud function of the objective function, and solving to obtain the processing cloud function of the request, the method includes the following steps:
inquiring all registered cloud functions on the cloud platform;
and matching the inquired function names in sequence according to the current unified interface gateway request, wherein the matched cloud function is the actual processing cloud function of the request.
The invention also provides a device for realizing the multi-cloud-pipe unified interface gateway, which comprises the following steps:
the unified interface function module is used for acquiring a unified interface gateway request sent by an external application;
the system function module is connected with the unified interface function module and used for matching the actual processing cloud function requested by the unified interface gateway;
and the cloud interface adaptation function module is connected with the unified interface function module and is used for carrying out function adaptation on the cloud interface.
The present invention further provides a computer-readable storage medium, where at least one instruction, at least one program, a code set, or a set of instructions is stored in the computer-readable storage medium, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by a processor to implement the method for implementing the cloud management unified interface gateway.
The invention further provides a computer device, which includes a processor and a memory, where the memory stores at least one instruction, at least one program, code set, or instruction set, and the at least one instruction, at least one program, code set, or instruction set is loaded and executed by the processor to implement the implementation method of the multi-cloud-pipe unified interface gateway.
Compared with the prior art, the invention has the following beneficial effects: by using the cloud native function service and the interface gateway as basic operation components, the environment deployment and operation and maintenance of service operation are not needed, the elastic expansion and load balancing capabilities are naturally obtained, and the cloud function deployment tool provided by each platform can be combined to conveniently realize the quick iteration and gray release of the cloud function, so that the development efficiency is improved, and the resource waste is reduced. Meanwhile, the method for realizing the gateway in the specific field based on the cloud function can be effectively popularized.
Drawings
Embodiments of the invention are described in further detail below with reference to the attached drawing figures, wherein:
FIG. 1 is a flow chart of a method of implementation described in example 1;
FIG. 2 is another flow chart of the implementation described in example 1;
fig. 3 is a schematic structural diagram of an implementation apparatus described in embodiment 2.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it should be understood that they are presented herein only to illustrate and explain the present invention and not to limit the present invention.
Example 1
The embodiment provides an implementation method of a multi-cloud-pipe unified interface gateway, as shown in fig. 1 and fig. 2, including the steps of:
s1, an external application requests a unified interface gateway through an interface address registered on the API gateway, the authentication mode of an interface adopts a signature algorithm based on a key pair, the authentication mode of the interface adopts a signature algorithm based on the key pair, a standard request structure is shown in a table 1, and when the request of the unified interface gateway is obtained, a security control cloud function is called to check the legality of the request of the unified interface gateway.
TABLE 1 Standard request Structure
Specifically, the validity check includes: signature verification, authority verification and request frequency verification, wherein the signature verification calculates a signature by inquiring a SecurityKey corresponding to the accessKey according to the same signature algorithm and compares the signature with the signature in the request; the permission verification inquires the permission setting condition through the accessKey and intercepts an unauthorized calling interface; and intercepting the malicious request according to a system configuration strategy by request frequency control verification.
S2, after the verification is passed, judging whether the unified interface gateway requests to use the cache or not, and if so, calling a cache cloud function; if not, calling and solving the target function cloud function, and solving to obtain the processing cloud function of the request.
The solving process for solving the objective function cloud function comprises the following steps: inquiring all registered cloud functions on the cloud platform; and sequentially matching the inquired function names according to the cloudType and the action requested by the current unified interface gateway, wherein the preferred rule is { cloudType } _ { action }, and then { cloudType }, and the matched cloud function is the actual processing cloud function of the request.
And S3, calling the matched processing cloud function to call an actual cloud interface.
And S4, packaging the interface into a uniform format for returning, and if the interface is appointed to start storage, calling a cache cloud function to cache and return a result.
The embodiment is based on cloud functions and cloud gateway services of cloud primitive, and a set of multi-cloud management unified interface gateway is realized. The downstream application can call the gateway interface through the consistent request parameters to operate the resources on different cloud platforms. The cloud unified interface gateway of the multi-cloud management is an independent cloud function, and has the main function that a set of gateway logic suitable for a cloud function system is solidified, and the functions in the gateway are realized by a group of function functions. The interface adaptation of different cloud platforms is also realized through a cloud function, and the granularity of the cloud interface adaptation function can be in a unit of cloud or in a unit of specific operation interface. The naming of the cloud interface adaptation function needs to follow a certain specification, which is the basis for interface routing. According to the rules of each cloud platform, the cloud function needs to set the trigger type of the cloud function as the cloud API Gateway, that is, the cloud function is bound to the cloud Gateway.
Example 2
The embodiment provides an implementation apparatus for a multi-cloud-pipe unified interface gateway, as shown in fig. 3, including: the system comprises a unified interface function module, a system function module and a cloud interface adaptation function module, wherein the unified interface function module is an inlet of a multi-cloud-gateway unified interface gateway, defines the core logic of the gateway and is used for acquiring a unified interface gateway request sent by an external application;
the system function module is connected with the unified interface function module and used for matching the actual processing cloud function requested by the unified interface gateway, and the functions of the system function module further comprise: the function set supporting the gateway core function comprises security control, function routing, caching and audit logs; the system function module comprises: the system comprises a safety control cloud function, a function routing cloud function, a cache cloud function and a log cloud function, wherein the safety control cloud function is responsible for verifying the correctness of a request signature and controlling the access authority of an interface, the function routing cloud function is responsible for inquiring a corresponding processing function according to a specified cloud type and the interface, the cache cloud function is used for accessing return data of the cloud interface, and the log cloud function is used for auditing the interface; and the cloud interface adaptation function module is connected with the unified interface function module and is responsible for operating specific cloud resources aiming at the interface adaptation function of the specific cloud.
Example 3
The present embodiment provides a computer-readable storage medium, where at least one instruction, at least one program, a code set, or a set of instructions is stored in the computer-readable storage medium, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by a processor to implement the implementation method of the cloud management unified interface gateway in embodiment 1.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods, systems, functional modules/units in the devices disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable storage media, which may include computer-readable storage media (or non-transitory media) and communication media (or transitory media).
The term computer readable storage medium includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those skilled in the art. Computer-readable storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as is well known to those skilled in the art.
Example 4
The embodiment provides a computer device, where the computer device includes a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or a set of instructions, and the at least one instruction, the at least one program, the code set, or the set of instructions is loaded and executed by the processor to implement the implementation method of the multiple cloud pipe unified interface gateway in embodiment 1.
It should be understood that the Processor may be a Central Processing Unit (CPU), and the Processor may be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. Wherein a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, so that any modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention are within the scope of the technical solution of the present invention.
Claims (9)
1. The method for realizing the multi-cloud-pipe unified interface gateway is characterized by comprising the following steps of:
when a unified interface gateway request is obtained, a security control cloud function is called to check the legality of the unified interface gateway request;
after the verification is passed, judging whether the unified interface gateway requests to use the cache or not, if so, calling a cache cloud function; if not, calling and solving a target function cloud function, and solving to obtain a processing cloud function of the request;
calling the matched processing cloud function to call an actual cloud interface;
and packaging the interface into a uniform format.
2. The method according to claim 1, wherein the step of encapsulating the interface into a uniform format comprises the steps of:
and if the interface specifies that the storage is enabled, calling a cache cloud function.
3. The method of claim 1, wherein the external application requests the unified interface gateway through an interface address registered on the API gateway.
4. The method of claim 3, wherein the interface is authenticated using a signature algorithm based on a key pair.
5. The implementation method of claim 1, wherein the step of invoking the security control cloud function to check the validity of the unified interface gateway request comprises the steps of:
performing signature verification on the uniform interface gateway request;
performing authority verification on the unified interface gateway request;
and performing request frequency control verification on the unified interface gateway request.
6. The implementation method of claim 1, wherein the step of calling a cloud function for solving the objective function and solving the cloud function to obtain the processing cloud function of the request includes the following steps:
inquiring all registered cloud functions on the cloud platform;
and matching the inquired function names in sequence according to the current unified interface gateway request, wherein the matched cloud function is the actual processing cloud function of the request.
7. The device for implementing the multi-cloud-pipe unified interface gateway is applied to the implementation method of any one of claims 1 to 6, and comprises the following steps:
the unified interface function module is used for acquiring a unified interface gateway request sent by an external application;
the system function module is connected with the unified interface function module and used for matching the actual processing cloud function requested by the unified interface gateway;
and the cloud interface adaptation function module is connected with the unified interface function module and is used for carrying out function adaptation on the cloud interface.
8. Computer readable storage medium, wherein at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the readable storage medium, and the at least one instruction, at least one program, a set of codes, or a set of instructions is loaded and executed by a processor to implement the method for implementing the unified interface gateway for multiple cloud pipes according to any one of claims 1 to 6.
9. Computer device, characterized in that it comprises a processor and a memory, in which at least one instruction, at least one program, a set of codes or a set of instructions is stored, which is loaded and executed by the processor to implement the method for implementing a multi-cloud pipe unified interface gateway according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434878.6A CN113132114B (en) | 2021-04-22 | 2021-04-22 | Method, device, medium and equipment for realizing multi-cloud-pipe unified interface gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434878.6A CN113132114B (en) | 2021-04-22 | 2021-04-22 | Method, device, medium and equipment for realizing multi-cloud-pipe unified interface gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113132114A CN113132114A (en) | 2021-07-16 |
| CN113132114B true CN113132114B (en) | 2023-03-10 |
Family
ID=76779044
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110434878.6A Active CN113132114B (en) | 2021-04-22 | 2021-04-22 | Method, device, medium and equipment for realizing multi-cloud-pipe unified interface gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113132114B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114615332B (en) * | 2022-02-24 | 2024-06-18 | 阿里巴巴(中国)有限公司 | Cloud product access method, device and system, storage medium and computer terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022431A (en) * | 2007-03-09 | 2007-08-22 | 中国移动通信集团福建有限公司 | Interface gateway and interface gateway data processing method |
| CN109597609A (en) * | 2018-12-03 | 2019-04-09 | 广东鸭梨科技集团股份有限公司 | A kind of software combination system |
| CN111049695A (en) * | 2020-01-09 | 2020-04-21 | 深圳壹账通智能科技有限公司 | Cloud gateway configuration method and system |
| CN111600909A (en) * | 2020-06-24 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Data processing method, device, protocol conversion equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101969475A (en) * | 2010-11-15 | 2011-02-09 | 张军 | Business data controllable distribution and fusion application system based on cloud computing |
| CN104202339B (en) * | 2014-09-24 | 2018-01-05 | 广西大学 | A kind of across cloud authentication service method based on user behavior |
| CN110049048B (en) * | 2019-04-22 | 2021-07-20 | 易联众民生(厦门)科技有限公司 | Data access method, equipment and readable medium for government affair public service |
| US11902382B2 (en) * | 2019-05-31 | 2024-02-13 | Hewlett Packard Enterprise Development Lp | Cloud migration between cloud management platforms |
-
2021
- 2021-04-22 CN CN202110434878.6A patent/CN113132114B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101022431A (en) * | 2007-03-09 | 2007-08-22 | 中国移动通信集团福建有限公司 | Interface gateway and interface gateway data processing method |
| CN109597609A (en) * | 2018-12-03 | 2019-04-09 | 广东鸭梨科技集团股份有限公司 | A kind of software combination system |
| CN111049695A (en) * | 2020-01-09 | 2020-04-21 | 深圳壹账通智能科技有限公司 | Cloud gateway configuration method and system |
| CN111600909A (en) * | 2020-06-24 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Data processing method, device, protocol conversion equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113132114A (en) | 2021-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10148731B2 (en) | Methods, systems, and computer readable media for on-boarding virtualized network function (VNF) packages in a network functions virtualization (NFV) system | |
| US11204983B2 (en) | Scoring cloud packages for risk assessment automation | |
| US20170006056A1 (en) | Image vulnerability repair in a networked computing environment | |
| US9148426B2 (en) | Securely identifying host systems | |
| AU2021293965A1 (en) | Preventing unauthorized package deployment in clusters | |
| CN110673933A (en) | ZooKeeper-based distributed asynchronous queue implementation method, device, equipment and medium | |
| CN110677453A (en) | ZooKeeper-based distributed lock service implementation method, device, equipment and storage medium | |
| CN113132114B (en) | Method, device, medium and equipment for realizing multi-cloud-pipe unified interface gateway | |
| CN115934202A (en) | Data management method, system, data service gateway and storage medium | |
| CN111475758A (en) | Application store scheduling method and system for new generation power grid scheduling control system | |
| CN113076248B (en) | Application processing method, device and equipment and readable storage medium | |
| CN113282589A (en) | Data acquisition method and device | |
| CN113742235A (en) | Method and device for checking codes | |
| CN112738181A (en) | Method, device and server for cluster external IP access | |
| CN113779004A (en) | Data verification method and device | |
| CN110807195A (en) | Intelligent contract issuing method, issuing platform device and issuing system | |
| CN114462016A (en) | Resource request method, device and system | |
| CN110929269B (en) | System authority management method, device, medium and electronic equipment | |
| CN106845926A (en) | A kind of Third-party payment supervisory systems distributed data method for stream processing and system | |
| CN117272278B (en) | Decentralization management method and device for digital asset platform | |
| US11954007B2 (en) | Tracking usage of common libraries by means of digitally signed digests thereof | |
| CN113794770B (en) | Data service publishing system and method | |
| CN109918895B (en) | Method, electronic device, and computer-readable medium for outputting data | |
| CN108063679A (en) | A kind of upgrade method and device of cloud management platform | |
| CN118535561A (en) | Nuclear power base data verification method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |