CN116149555A - Object information management method and device, electronic equipment and storage medium - Google Patents

Object information management method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116149555A
CN116149555A CN202310093166.1A CN202310093166A CN116149555A CN 116149555 A CN116149555 A CN 116149555A CN 202310093166 A CN202310093166 A CN 202310093166A CN 116149555 A CN116149555 A CN 116149555A
Authority
CN
China
Prior art keywords
user
account number
management
account
object information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310093166.1A
Other languages
Chinese (zh)
Inventor
胡权
赵国庆
曾琳铖曦
蒋宁
吴海英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mashang Xiaofei Finance Co Ltd
Original Assignee
Mashang Xiaofei Finance Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mashang Xiaofei Finance Co Ltd filed Critical Mashang Xiaofei Finance Co Ltd
Priority to CN202310093166.1A priority Critical patent/CN116149555A/en
Publication of CN116149555A publication Critical patent/CN116149555A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The disclosure provides a management method, a device, electronic equipment and a storage medium of object information, which are used for realizing object management operation among cross systems. The method comprises the following steps: acquiring a user platform account number and object information; under the condition that the user platform account number is determined to have the authority for managing the object information, determining a user system account number corresponding to the user platform account number according to a preset account number mapping relation; the user system account number refers to identification information of a user in a plurality of object storage systems; combining the user system account number and the object information into instruction parameters, and generating an object management instruction containing the instruction parameters; screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending an object management instruction to the target storage systems; the target storage system is used for performing management operation of object information; the user system account has authority to manage the storage objects in the plurality of object storage systems.

Description

Object information management method and device, electronic equipment and storage medium
Technical Field
The disclosure relates to the technical field of data processing, and in particular relates to a method and a device for managing object information, electronic equipment and a storage medium.
Background
With the rapid development of internet applications, PB-level and even EB-level mass data storage becomes particularly important. The object storage system is used as a novel distributed storage system, and provides convenience for storing mass data. Where an object is a basic entity in an object storage system, any type of data may be stored by providing an object-based access interface, such as: pictures, video, audio, text, etc. The object storage system effectively solves the problems of limited storage sharing capacity, poor expansibility and the like of the traditional storage.
In the related art, in order to manage an object in an object storage system, an authentication operation needs to be performed inside the object storage system first, and a management operation may be performed after passing through the authentication. The authentication operation is realized inside the object storage system, so that the identity information required by the authentication can be identified only inside the object storage system. It can be seen that this approach can only manage objects in a single object storage system, and cannot implement inter-system object management operations. However, with the increasing number and variety of object storage systems, there is a need for a management method that can be used universally for various types of object storage systems.
Disclosure of Invention
The disclosure provides a management method, a device, electronic equipment and a storage medium of object information, which are used for realizing object management operation among cross systems.
In a first aspect, the present disclosure provides a method for managing object information, including the steps of:
acquiring a user platform account number and object information; the user platform account number refers to identification information of a user in the cloud platform;
under the condition that the user platform account number is determined to have the authority for managing the object information, determining a user system account number corresponding to the user platform account number according to a preset account number mapping relation; the user system account number refers to identification information of a user in a plurality of object storage systems; the user system account has the authority of managing the storage objects in the object storage systems;
combining the user system account number and the object information into instruction parameters, and generating an object management instruction containing the instruction parameters;
screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending the object management instruction to the target storage systems; and the target storage system is used for carrying out management operation of the object information according to the object management instruction after the user system account is successfully authenticated.
In a second aspect, the present disclosure provides a management apparatus of object information, including:
the acquisition module is suitable for acquiring the user platform account number and the object information; the user platform account number refers to identification information of a user in the cloud platform;
the mapping module is suitable for determining a user system account corresponding to the user platform account according to a preset account mapping relation under the condition that the user platform account is determined to have the authority for managing the object information; the user system account number refers to identification information of a user in a plurality of object storage systems; the user system account has the authority of managing the storage objects in the object storage systems;
the generation module is suitable for combining the user system account number and the object information into instruction parameters and generating an object management instruction containing the instruction parameters;
the sending module is suitable for screening target storage systems corresponding to the object information from a plurality of object storage systems and sending the object management instructions to the target storage systems; and the target storage system is used for carrying out management operation of the object information according to the object management instruction after the user system account is successfully authenticated.
In a third aspect, the present disclosure provides an electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores one or more computer programs executable by the at least one processor, one or more of the computer programs being executable by the at least one processor to enable the at least one processor to perform the above-described method.
In a fourth aspect, the present disclosure provides a computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor/processing core implements the above-described method.
According to the embodiment provided by the disclosure, firstly, a user platform account and object information are obtained, authentication operation is performed according to the user platform account and the object information, and if an authentication result indicates that the user platform account has the right matched with the object information, a user system account corresponding to the user platform account is determined according to a preset account mapping relation; and then, generating an object management instruction according to the user system account number and the object information, screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending the object management instruction to the target storage systems. Because the user system account in the embodiment has the authority of managing the storage objects in the plurality of object storage systems, the user in the cloud platform can perform the object management operation across the storage systems by converting the user platform account into the user system account, thereby providing convenience for managing the plurality of object storage systems.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The accompanying drawings are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure, without limitation to the disclosure. The above and other features and advantages will become more readily apparent to those skilled in the art by describing in detail exemplary embodiments with reference to the attached drawings, in which:
FIG. 1 is a flow chart of a method for managing object information according to one embodiment of the present disclosure;
FIG. 2 shows an implementation of a related art object information management method;
FIG. 3 shows a schematic structural view of a specific example of the present application;
fig. 4 is a block diagram of an object information management apparatus according to an embodiment of the present disclosure;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
For a better understanding of the technical solutions of the present disclosure, exemplary embodiments of the present disclosure will be described below with reference to the accompanying drawings, in which various details of the embodiments of the present disclosure are included to facilitate understanding, and they should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Embodiments of the disclosure and features of embodiments may be combined with each other without conflict.
As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present disclosure, and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The method for managing object information according to the embodiments of the present disclosure may be performed by an electronic device such as a terminal device or a server, where the terminal device may be a vehicle-mounted device, a User Equipment (UE), a mobile device, a User terminal, a cellular phone, a cordless phone, a personal digital assistant (Personal Digital Assistant, PDA), a handheld device, a computing device, a vehicle-mounted device, a wearable device, or the like; the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud computing service. The method may in particular be implemented by means of a processor calling a computer program stored in a memory.
In the related art, in order to manage an object in an object storage system, an authentication operation needs to be performed inside the object storage system first, and a management operation may be performed after passing through the authentication. The authentication operation is realized inside the object storage system, so that the identity information required by the authentication can be identified only inside the object storage system. It can be seen that this approach can only manage objects in a single object storage system, and cannot implement inter-system object management operations. However, with the increasing number and variety of object storage systems, there is a need for a management method that can be used universally for various types of object storage systems. In order to solve the above problems, the present application provides a method for managing object information, in which, by converting a user platform account into a user system account, a user in a cloud platform can perform an object management operation across storage systems, thereby providing convenience for managing multiple object storage systems.
Fig. 1 is a flowchart of a method for managing object information according to an embodiment of the present disclosure. Referring to fig. 1, the method includes:
step S110: acquiring a user platform account number and object information; the user platform account number refers to identification information of a user in the cloud platform.
The user platform account number refers to: the identification information of the user in the cloud platform, in particular to an account number distributed by the cloud platform for the user, wherein the account number is used for carrying out authentication and identification operation inside the cloud platform. The object information includes at least: the information of the type of the business object to be managed, the storage position of the object and the like can be used as the object information.
The user platform account number and the object information may be obtained in various manners, for example, may be obtained through an object management request input by a user, or may be obtained through other various types of requests or messages. Wherein the object management request is for managing objects in the object storage system. The object storage system comprises various distributed storage systems, and the objects in the object storage system comprise: bucket, file, directory, etc.
In order to implement the object management operation, authentication is required for the object management request to confirm whether the user who sends the request has the corresponding management authority. Correspondingly, the object management request at least comprises the user platform account number and the object information.
The execution subject of this step and the subsequent steps may be an object management device, and the object management device may include an electronic apparatus, or the object management device may be disposed in the electronic apparatus. In an alternative implementation, in order to avoid the problems of huge bandwidth consumption and long processing delay caused by processing all object management requests by the same network node, the object management device is further divided into a first object management module and a second object management module. The first object management module and the second object management module may be implemented through different servers or communication interfaces, respectively.
Accordingly, in order to implement the offloading operation of the object management request, before obtaining the user platform account number and the object information included in the received object management request, the following operations are further performed: and receiving the object management request through the front-end server, and determining the request type of the object management request. The front-end server is a user-oriented server. If the request type belongs to the first type, the front-end server forwards the object management request to a first object management module, and the first object management module executes the steps of acquiring the user platform account number and the object information contained in the received object management request and the subsequent steps; if the request type belongs to the second type, the front-end server forwards the object management request to a second object management module, and the second object management module executes the steps of acquiring the user platform account number and the object information contained in the received object management request and the subsequent steps.
Wherein the bandwidth resources required by the object management requests of the first type are greater than the bandwidth resources required by the object management requests of the second type. For example, the first type includes: uploading type and downloading type; the second type includes: query type, modification type. It follows that in this manner, object management requests for uploading files or downloading files are split to a first object management module for processing, and object management requests of query or modification type are split to a second object management module for processing. Because the uploading or downloading of the files occupies more bandwidth and has larger influence on system resources, the management operation is executed through a separate network module, and the delay of the inquiry or modification operation can be avoided. In other words, the real-time requirements of the first type of object management request are lower, and the real-time requirements of the second type of object management request are higher. Namely: the real-time nature of the object management requests of the first type is lower than the real-time nature of the object management requests of the second type.
Step S120: under the condition that the user platform account number is determined to have the authority for managing the object information, determining a user system account number corresponding to the user platform account number according to a preset account number mapping relation, wherein the user system account number refers to identification information of a user in a plurality of object storage systems.
In this step, authentication is required according to the user platform account to determine whether the user platform account has the right matched with the object information. In an alternative implementation, the authentication operation is implemented by means of an authentication management system. Accordingly, in this step, first, the object information is parsed, and the object identifier and the management behavior identifier included in the object information are acquired. The object identifier is used for uniquely identifying a business object to be managed, and can be specifically various information such as the name, ID, storage position and the like of the object; the management behavior identification is used to uniquely identify a specific behavior type of management operation, and may include, for example: query class behavior identification, modify class behavior identification, upload class behavior identification, download class behavior identification, etc. And then, the user platform account number, the object identifier and the management behavior identifier are sent to an authentication management system, and whether the user platform account number has the right matched with the object information or not is judged according to the authentication result returned by the authentication management system. The authentication management system is used for authenticating according to the authority corresponding relation between the prestored user platform account and the object information. Specifically, the authority corresponding relation between the user platform account and the object information can be preconfigured by the user, and can be directly stored in the authentication management system or can be stored in a database accessible by the authentication management system. In short, authentication of the user identity can be realized through the preset authority corresponding relation, so that the subsequent operation is executed only when the user platform account has the management authority for the object information.
And then, under the condition that the user platform account number is determined to have the right matched with the object information, determining the user system account number corresponding to the user platform account number according to a preset account number mapping relation. The account mapping relation is used for storing the corresponding relation between the user platform account and the user system account of the same user; the user platform account number of the same user comprises: at least one primary platform account number and a plurality of sub-platform account numbers; and, at least one main platform account number of the same user and user system account numbers corresponding to the plurality of sub-platform account numbers are the same. As described above, the user platform account is assigned to the user by the cloud platform and is used to identify the user identity inside the cloud platform. Unlike the user platform account, the user system account is assigned to the user by the object storage system and is used to identify the user identity within the object storage system. In this embodiment, the same user only allocates one user system account, and the main platform account and the plurality of sub-platform accounts of the user correspond to the user system account. Therefore, in this embodiment, the primary account number and the sub account number of the user need to be distinguished in the cloud platform, however, in the multiple object storage systems, the primary account number and the sub account number of the user need not be distinguished, and both the primary account number and the sub account number directly correspond to the user system account number.
Through the step, the user platform account is converted into the user system account, so that the subsequent management of the object storage system can be realized.
Step S130: and combining the user system account number and the object information into instruction parameters to generate an object management instruction containing the instruction parameters.
Specifically, the user system account and the object information may be combined to obtain a combined instruction parameter, so as to generate an object management instruction including the combined instruction parameter. Unlike cloud platform-oriented object management requests, object management instructions are for the underlying object storage system and thus should carry user system accounts, rather than user platform accounts.
In addition, in order to improve security, encryption processing can be performed on the instruction parameters through a preset platform key to obtain encrypted instruction parameters, so that an object management instruction containing the encrypted instruction parameters is generated. By executing the encryption and decryption operations, the network security can be improved, and malicious attacks can be avoided.
Step S140: screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending an object management instruction to the target storage systems; the target storage system is used for managing object information after the user system account is successfully authenticated; the user system account has authority to manage the storage objects in the plurality of object storage systems.
Wherein the object storage system comprises: a distributed storage system of a plurality of different storage architectures. Since the number of object storage systems is plural, it is necessary to screen out the target storage system corresponding to the object management instruction. In an alternative implementation, a target storage system corresponding to the object information is screened from a plurality of storage systems according to the object attribute of the object information; wherein the object attributes include: object storage format, and/or object storage location. It can be seen that the object storage system where the object is located can be determined by the object attribute, so that the object management instruction is sent to the corresponding object storage system (i.e., the target storage system).
Correspondingly, the target storage system firstly authenticates the user system account, and after the authentication is successful, the management operation of the object information is carried out. Because the user system account has the authority to manage the storage objects in the object storage systems, the result of the authentication of the user system account by the target storage system is necessarily successful.
By the mode, the cross-system management function of the storage system for a plurality of objects can be realized.
In an alternative implementation, the user needs to register the account first, and after the registration is successful, the above-mentioned object management operation can be executed. Correspondingly, before acquiring the user platform account number and the object information contained in the received object management request, the following account number registration operation is further executed:
First, in response to a received account registration request, a user identifier included in the account registration request is obtained. Then, whether a main platform account corresponding to the user identification is stored in the account management system is queried. The account management system is used for storing account data of each user. If not, indicating that the user identifier is not registered, correspondingly, distributing a main platform account number and a user system account number aiming at the user identifier, and storing the mapping relation among the user identifier, the main platform account number and the user system account number to an account number management system; if yes, the user identification is registered, a sub-platform account is allocated for the user identification, and the mapping relation between the user identification and the sub-platform account is stored in an account management system; the sub-platform account number and the main platform account number correspond to the same user system account number. Therefore, the sub-platform account number and the main platform account number both belong to the user platform account number of the user, and the sub-platform account number and the main platform account number correspond to the same user system account number.
The object information in this embodiment includes: various objects such as a data bucket, a file object, a directory object and the like.
It can be seen that in this manner, firstly, a user platform account number and object information contained in a received object management request are obtained, authentication operation is performed according to the user platform account number and the object information, and if it is determined that the user platform account number has authority matched with the object information according to an authentication result, a user system account number corresponding to the user platform account number is determined according to a preset account number mapping relationship; and then, generating an object management instruction according to the user system account number and the object information, screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending the object management instruction to the target storage systems. Because the user system account number in the embodiment has the management authority of a plurality of object storage systems, the user in the cloud platform can perform the object management operation across the storage systems by converting the user platform account number into the user system account number, thereby providing convenience for the management of the plurality of object storage systems.
For easy understanding, the following details of implementation of the management method of object information in the present application will be described in detail by taking a specific example as an example:
Fig. 2 shows an implementation of a related art object information management method. The method is used for realizing the management operation of the read-only, read-write and private authority of the main account number, the sub account number and the anonymous user on various objects. In the mode, the object storage system is a ceph system, and accordingly, uploading and downloading of the object are authenticated by relying on a ceph account. The barrel is used as the resource, and operations such as creation, deletion, inquiry, file details and the like of the barrel depend on authentication of the resource access control management device, and the authentication process depends on an account number and the resource. When registering user platform accounts (including primary accounts and sub-accounts), a user invokes an account management interface of a ceph system through a ceph access tool (such as ceph-go), and maps a ceph account for each primary account and each sub-account respectively, so that authority management is performed by using the ceph account in the later period. It can be seen that, in the manner shown in fig. 2, assuming that the user platform account of the same user includes one primary account and N sub-accounts, n+1 ceph accounts need to be created by calling the account management interface of the ceph system. Namely: each primary or secondary account number corresponds to a unique ceph account number, respectively.
In this manner, the management of the lifecycle of the bucket by the first access tool (e.g., aws-sdk-go) is performed when creating, updating, and deleting the bucket, and the reporting and deletion of resources by the bucket is also required. In addition, whether the sub account has the authority of creating, updating, deleting and the like of the barrel is subjected to authentication control by the resource access control management device. The resource access control management device takes the roles of users (main account number and sub account number), resources, resource access behaviors and the like as authentication basic data. The owner of the bucket and the primary account number may grant other accounts a "class of access or denial of" certain resources. The resource access control management device can be realized by cloud platform resource access control management (Resource Access Manage, RAM).
In addition, the uploading and downloading of the file are both carried out with authority management through the ceph account. When the object downloading link is generated, the ceph account information is encrypted and signed into the linked query character string. And uploading the file or downloading the file, and judging the authority of the file through a ceph account corresponding to the user platform account.
As shown in fig. 2, in the account registration process, a cloud platform receives an account registration request triggered by a user, and accordingly, the cloud platform stores event information for creating an account of the user platform in a message queue. Event information stored in the message queue for creating the user platform account is then consumed by the front-end access layer. Next, the following operations are performed by the resource orchestration layer: calling a ceph access tool to create a ceph account, and storing the created ceph account into a storage service, so that an account creation flow is realized. It can be seen that in the account registration flow of fig. 2, not only the user platform account is generated, but also a ceph account of the user is further generated, and the ceph account is used for authentication in the storage service. Wherein the storage service may be a ceph object storage system.
In addition, when executing operations such as creating, deleting, querying or authorizing resources such as buckets, objects, directories, etc., the resource access control management device needs to be accessed through a user platform account (such as a main account or a sub account), and the resource access control management device further invokes the front-end access layer and the resource arrangement layer to execute the following operations: on the other hand, an object download link is generated and stored, basic information of resources such as buckets and objects is stored, and the object download link and the basic information of the resources such as buckets and objects are stored in a database (for example, a mysql database). And on the other hand, calling the first access tool to realize the management operation of the barrel, the object and the catalog, thereby carrying an account information calling interface and storing the management result into the storage service.
Further, the user can also use the download link to call the API interface through the user platform account (including the main account, the sub account, the anonymous user, etc.) to access the business service interface layer, wherein the download link carries the encrypted ceph account information. Correspondingly, the business service interface layer calls the second access tool to access the service to obtain the downloading object. In order to simplify the service flow and improve the service safety, the service interface layer can also acquire the uploading object in a cookie mode, so that the uploading or downloading function is realized.
It can be seen that, in the manner shown in fig. 2, each primary account and each sub account in the user platform account respectively correspond to a different ceph account, and authentication needs to be performed in the ceph system through the ceph account, so that the manner is only applicable to a single object storage system, namely the ceph system, and when the cloud platform does not use the ceph system as the object storage system any more, the authentication manner is invalid. In addition, under the condition that the cloud platform supports multiple object storage systems at the same time, other object storage systems cannot use the ceph account number as an authentication condition, so that the authentication mode is not universal among all the object storage systems.
In order to solve the above-described problem, fig. 3 shows a schematic structural view of one specific example of the present application.
In this example, an account corresponding to "storage system" is created for the user of the cloud platform. The primary account number and the sub account number (both user platform account numbers) under the same user share one storage system account number (namely user system account number), wherein a storage system supported by the cloud platform comprises: ceph, hdfs, fastHdfs, etc. Different users have their own independent storage system account numbers. In this embodiment, the bucket, file, and directory are also regarded as resources, and the resource management system manages the lifecycle of the resources.
When the front-end access layer performs operations of creating, updating and deleting the barrel, the front-end access layer firstly performs authentication of resource access control through the RAM. And after the authentication is passed, calling a resource arrangement layer to integrate resources. The resource arrangement layer performs parameter assembly on the resources and the account numbers of the storage systems, and sends request parameters to the corresponding storage systems. Because the storage system account number has the management rights of buckets and files in all storage systems, the rights verification result of the storage system account number in the storage system must pass. Thus, a user can manage resources (i.e., objects) in each storage system by means of the storage system account numbers. Correspondingly, after the resource arrangement layer receives the returned result of the storage system, analysis and storage of returned data are carried out.
In addition, in this example, the uploading and downloading of the file class object is further implemented through an application program interface module. Correspondingly, the front-end user invokes the application program interface module to upload and download the file, and the invoking request carries information such as a user platform account number (a main account number or a sub account number of the cloud platform), resources, operation behaviors and the like. The application program interface module calls the RAM service to verify the authority. And when the authority verification is passed, the application program interface module integrates the file and stores the system account information. Because the storage system account has rights to buckets and files in all object storage systems, the rights verification of the storage system account must be passed. And after receiving the returned result of the storage system, the application program interface module analyzes and stores the returned data.
In this example, the application program interface module corresponds to the first object management module mentioned above, and the front-end access layer and the resource orchestration layer together correspond to the second object management module mentioned above. In addition, the front-end servers mentioned above are omitted in this example. In the case of omitting the front-end server, the user directly calls different modules for processing according to different types of object management requests. Because the bandwidth occupied by the file uploading and downloading requests is large, the file is not processed by the gateway of the cloud platform, but an application program interface module is provided for the user to call. In summary, the example provides an access control management method independent of a storage system, which can be used for various object storage systems and provides convenience for cross-system object management operations.
It will be appreciated that the above-mentioned method embodiments of the present disclosure may be combined with each other to form a combined embodiment without departing from the principle logic, and are limited to the description of the present disclosure. It will be appreciated by those skilled in the art that in the above-described methods of the embodiments, the particular order of execution of the steps should be determined by their function and possible inherent logic.
In addition, the disclosure further provides a management device, an electronic device, and a computer readable storage medium for object information, where the foregoing may be used to implement any one of the methods for managing object information provided by the disclosure, and corresponding technical schemes and descriptions and corresponding descriptions referring to method parts are not repeated.
Fig. 4 is a block diagram of an object information management apparatus according to an embodiment of the present disclosure.
Referring to fig. 4, the embodiment of the present disclosure provides a management apparatus 40 of object information, the management apparatus 40 of object information including:
the acquisition module 41 is adapted to acquire a user platform account and object information; the user platform account number refers to identification information of a user in the cloud platform;
the mapping module 42 is adapted to determine a user system account corresponding to the user platform account according to a preset account mapping relationship under the condition that the user platform account is determined to have the authority to manage the object information; the user system account number refers to identification information of a user in a plurality of object storage systems; the user system account has the authority of managing the storage objects in the object storage systems;
a generating module 43, adapted to combine the user system account and the object information into instruction parameters, and generate an object management instruction containing the instruction parameters;
A transmitting module 44 adapted to screen a target storage system corresponding to the object information from a plurality of object storage systems and transmit the object management instruction to the target storage system; and the target storage system is used for carrying out management operation of the object information according to the object management instruction after the user system account is successfully authenticated.
In an optional implementation manner, the account mapping relationship is used for storing a corresponding relationship between a user platform account and a user system account of the same user;
the user platform account number of the same user comprises: at least one primary platform account number and a plurality of sub-platform account numbers; and, at least one main platform account number of the same user and user system account numbers corresponding to the plurality of sub-platform account numbers are the same.
In an alternative implementation, the plurality of object storage systems includes: a distributed storage system of a plurality of different storage architectures; the object information includes object attributes; the object attributes include: object storage format, and/or object storage location;
and, the sending module 44 is specifically adapted to:
and screening target storage systems corresponding to the object attributes from a plurality of object storage systems according to the object attributes in the object information.
In an alternative implementation, the front-end server receives the object management request and determines the request type of the object management request; if the request type belongs to a first type, the front-end server forwards the object management request to a first object management module, and the first object management module executes the steps of acquiring the user platform account number and the object information contained in the received object management request and the subsequent steps; if the request type belongs to a second type, the front-end server forwards the object management request to a second object management module, and the second object management module executes the steps of acquiring the user platform account number and the object information contained in the received object management request and the subsequent steps; wherein the bandwidth resources required by the first type of object management request are greater than the bandwidth resources required by the second type of object management request; wherein the first type comprises: uploading type and downloading type; the second type includes: query type, modification type.
In an alternative implementation, the mapping module 42 is specifically adapted to:
Analyzing the object information to obtain an object identifier and a management behavior identifier contained in the object information;
transmitting the user platform account number, the object identifier and the management behavior identifier to an authentication management system;
and judging whether the user platform account has the authority for managing the object information according to an authentication result returned by the authentication management system.
In an alternative implementation, the obtaining module 41 is further configured to: responding to a received account registration request, and acquiring a user identifier contained in the account registration request; inquiring whether a main platform account corresponding to the user identifier is stored in an account management system or not; if not, distributing a main platform account number and a user system account number aiming at the user identifier, and storing the mapping relation among the user identifier, the main platform account number and the user system account number to the account number management system; if yes, sub-platform accounts are allocated to the user identifications, and the mapping relation between the user identifications and the sub-platform accounts is stored in the account management system; the sub-platform account number and the main platform account number both belong to the user platform account number of the user, and correspond to the same user system account number.
In this embodiment, firstly, a user platform account and object information are obtained, authentication operation is performed according to the user platform account and the object information, and if the user platform account is determined to have authority matched with the object information according to an authentication result, a user system account corresponding to the user platform account is determined according to a preset account mapping relation; and then, generating an object management instruction according to the user system account number and the object information, screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending the object management instruction to the target storage systems. Because the user system account number in the embodiment has the management authority of a plurality of object storage systems, the user in the cloud platform can perform the object management operation across the storage systems by converting the user platform account number into the user system account number, thereby providing convenience for the management of the plurality of object storage systems.
Fig. 5 is a block diagram of an electronic device according to an embodiment of the present disclosure.
An embodiment of the present disclosure provides an electronic device with reference to fig. 5, including: at least one processor 501; at least one memory 502, and one or more I/O interfaces 503, coupled between the processor 501 and the memory 502; wherein the memory 502 stores one or more computer programs executable by the at least one processor 501, the one or more computer programs being executed by the at least one processor 501 to perform the above-described object information management method.
The disclosed embodiments also provide a computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor/processing core, implements the above-described object information management method. The computer readable storage medium may be a volatile or nonvolatile computer readable storage medium.
Embodiments of the present disclosure also provide a computer program product comprising computer readable code, or a non-transitory computer readable storage medium carrying computer readable code, which when executed in a processor of an electronic device, performs the above-described method of managing object information.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, functional modules/units in the apparatus, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between the functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed cooperatively by several physical components. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer-readable storage media, which may include computer storage media (or non-transitory media) and communication media (or transitory media).
The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable program instructions, data structures, program modules or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, random Access Memory (RAM), read Only Memory (ROM), erasable Programmable Read Only Memory (EPROM), static Random Access Memory (SRAM), flash memory or other memory technology, portable compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical disc storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable program instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and may include any information delivery media.
The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network interface card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in the respective computing/processing device.
Computer program instructions for performing the operations of the present disclosure can be assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, c++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may be executed entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present disclosure are implemented by personalizing electronic circuitry, such as programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), with state information of computer readable program instructions, which can execute the computer readable program instructions.
The computer program product described herein may be embodied in hardware, software, or a combination thereof. In an alternative embodiment, the computer program product is embodied as a computer storage medium, and in another alternative embodiment, the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Example embodiments have been disclosed herein, and although specific terms are employed, they are used and should be interpreted in a generic and descriptive sense only and not for purpose of limitation. In some instances, it will be apparent to one skilled in the art that features, characteristics, and/or elements described in connection with a particular embodiment may be used alone or in combination with other embodiments unless explicitly stated otherwise. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the disclosure as set forth in the appended claims.

Claims (10)

1. A method of managing object information, comprising:
acquiring a user platform account number and object information; the user platform account number refers to identification information of a user in the cloud platform;
under the condition that the user platform account number is determined to have the authority for managing the object information, determining a user system account number corresponding to the user platform account number according to a preset account number mapping relation; the user system account number refers to identification information of a user in a plurality of object storage systems; the user system account has the authority of managing the storage objects in the object storage systems;
Combining the user system account number and the object information into instruction parameters, and generating an object management instruction containing the instruction parameters;
screening target storage systems corresponding to the object information from a plurality of object storage systems, and sending the object management instruction to the target storage systems; and the target storage system is used for carrying out management operation of the object information according to the object management instruction after the user system account is successfully authenticated.
2. The method of claim 1, wherein the account mapping relationship is used for storing a correspondence between a user platform account and a user system account of the same user;
the user platform account number of the same user comprises: at least one primary platform account number and a plurality of sub-platform account numbers; and, at least one main platform account number of the same user and user system account numbers corresponding to the plurality of sub-platform account numbers are the same.
3. The method of claim 1, wherein the plurality of object storage systems comprises: a distributed storage system of a plurality of different storage architectures; the object information includes object attributes; the object attributes include: object storage format, and/or object storage location;
And, the screening the target storage system corresponding to the object information from the plurality of object storage systems includes:
and screening target storage systems corresponding to the object attributes from a plurality of object storage systems according to the object attributes in the object information.
4. The method of claim 1, wherein prior to obtaining the user platform account and the object information, further comprising:
receiving the object management request through a front-end server, and determining the request type of the object management request;
if the request type belongs to a first type, the front-end server forwards the object management request to a first object management module, and the first object management module executes the steps of acquiring the user platform account number and the object information contained in the received object management request and the subsequent steps;
if the request type belongs to a second type, the front-end server forwards the object management request to a second object management module, and the second object management module executes the steps of acquiring the user platform account number and the object information contained in the received object management request and the subsequent steps;
Wherein the bandwidth resources required by the first type of object management request are greater than the bandwidth resources required by the second type of object management request; wherein the first type comprises: uploading type and downloading type; the second type includes: query type, modification type.
5. The method of claim 1, wherein the determining that the user platform account has rights to manage the object information comprises:
analyzing the object information to obtain an object identifier and a management behavior identifier contained in the object information;
transmitting the user platform account number, the object identifier and the management behavior identifier to an authentication management system;
and judging whether the user platform account has the authority for managing the object information according to an authentication result returned by the authentication management system.
6. The method of claim 1, wherein prior to obtaining the user platform account and the object information, further comprising:
responding to a received account registration request, and acquiring a user identifier contained in the account registration request;
inquiring whether a main platform account corresponding to the user identifier is stored in an account management system or not;
If not, distributing a main platform account number and a user system account number aiming at the user identifier, and storing the mapping relation among the user identifier, the main platform account number and the user system account number to the account number management system;
if yes, sub-platform accounts are allocated to the user identifications, and the mapping relation between the user identifications and the sub-platform accounts is stored in the account management system; the sub-platform account number and the main platform account number both belong to the user platform account number of the user, and correspond to the same user system account number.
7. The method according to any one of claims 1-6, wherein the object information comprises: data buckets, file objects, directory objects.
8. An object information management apparatus, comprising:
the acquisition module is suitable for acquiring the user platform account number and the object information; the user platform account number refers to identification information of a user in the cloud platform;
the mapping module is suitable for determining a user system account corresponding to the user platform account according to a preset account mapping relation under the condition that the user platform account is determined to have the authority for managing the object information; the user system account number refers to identification information of a user in a plurality of object storage systems; the user system account has the authority of managing the storage objects in the object storage systems;
The generation module is suitable for combining the user system account number and the object information into instruction parameters and generating an object management instruction containing the instruction parameters;
the sending module is suitable for screening target storage systems corresponding to the object information from a plurality of object storage systems and sending the object management instructions to the target storage systems; and the target storage system is used for carrying out management operation of the object information according to the object management instruction after the user system account is successfully authenticated.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores one or more computer programs executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A computer readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the method according to any of claims 1-7.
CN202310093166.1A 2023-02-09 2023-02-09 Object information management method and device, electronic equipment and storage medium Pending CN116149555A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310093166.1A CN116149555A (en) 2023-02-09 2023-02-09 Object information management method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310093166.1A CN116149555A (en) 2023-02-09 2023-02-09 Object information management method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116149555A true CN116149555A (en) 2023-05-23

Family

ID=86359657

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310093166.1A Pending CN116149555A (en) 2023-02-09 2023-02-09 Object information management method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116149555A (en)

Similar Documents

Publication Publication Date Title
US11308132B2 (en) Reference attributes for related stored objects in a multi-tenant cloud service
CN108923908B (en) Authorization processing method, device, equipment and storage medium
US20190102162A1 (en) Application Templates and Upgrade Framework for a Multi-Tenant Identity Cloud Service
US20180205706A1 (en) Method and apparatus for accessing third-party resources
US11423111B2 (en) Client API for rest based endpoints for a multi-tenant identify cloud service
US9325699B2 (en) Method for apparatus for routing application programming interface (API) calls
CN109168156B (en) Method, system, medium, computer program product and server for implementing virtual SIM card
US10762193B2 (en) Dynamically generating and injecting trusted root certificates
US10555147B2 (en) Systems and methods for facilitating service provision between applications
US11190522B2 (en) Access delegation using offline token
US20140228001A1 (en) Controlling Application Access to Mobile Device Functions
US20170371625A1 (en) Content delivery method
US9672382B2 (en) Managing access of user information by third party applications
CN113271311B (en) Digital identity management method and system in cross-link network
US11063922B2 (en) Virtual content repository
US20060161616A1 (en) Provision of services over a common delivery platform such as a mobile telephony network
CN112702336A (en) Security control method and device for government affair service, security gateway and storage medium
CN115130075A (en) Digital signature method and device, electronic equipment and storage medium
WO2023098433A1 (en) Secure policy distribution in a cloud environment
CN116743785A (en) Cloud network data storage method, device, equipment and medium based on fog calculation
CN113497762A (en) Data message transmission method and device
CN116149555A (en) Object information management method and device, electronic equipment and storage medium
JP2022058265A (en) Computer implementation method, computer system, and computer program (provision of isolation container for user request processing)
EP3070906A1 (en) Multifaceted assertion directory system
CN113761553A (en) Menu batch authorization method and device, electronic equipment and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination