CN117632363A - Authentication method, equipment and computer readable medium of Yun Yuansheng super fusion platform - Google Patents
Authentication method, equipment and computer readable medium of Yun Yuansheng super fusion platform Download PDFInfo
- Publication number
- CN117632363A CN117632363A CN202311588597.1A CN202311588597A CN117632363A CN 117632363 A CN117632363 A CN 117632363A CN 202311588597 A CN202311588597 A CN 202311588597A CN 117632363 A CN117632363 A CN 117632363A
- Authority
- CN
- China
- Prior art keywords
- platform
- resource
- user
- project
- yuansheng
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000004927 fusion Effects 0.000 title claims description 41
- 230000000977 initiatory effect Effects 0.000 claims abstract description 14
- 238000004590 computer program Methods 0.000 claims description 18
- 238000010586 diagram Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000000644 propagated effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides an authentication method, equipment and a computer readable medium of a cloud native super-fusion platform, wherein the scheme can load users for items, configure access rights for the users under the items, associate the items with resources of the Yun Yuansheng super-fusion platform or other platforms, and configure rights information of the resources in the items in the corresponding platforms according to the access rights; and receiving a resource operation request of a user, authenticating the resource operation request according to the authority information, and judging whether the user initiating the resource operation request has operation authority. According to the scheme, a mode of associating the project with the user is adopted, the user rights of the Yun Yuansheng super-fusion platform and other platform resources such as the virtual machine and the container are integrated, the user rights are managed by taking the project as a basic unit, and unified authentication processing is realized by taking the Yun Yuansheng super-fusion platform as an entrance, so that more convenient rights management is realized under the condition of ensuring data security.
Description
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to an authentication method, an authentication device, and a computer readable medium for a cloud native super fusion platform.
Background
With the rapid development of virtualization technology, virtual machines and containers are becoming the main stream of virtualization directions. However, containers have gradually overtaken virtual machines due to their lightweight, high performance, and excellent resource control capabilities, and have prompted more businesses to containerize legacy applications. However, during the rebuilding process, some old projects may happen due to the inability to immediately rebuild or in transition, resulting in a coexistence of the virtual machine and the container. In order to solve the coexistence requirement of the virtual machine and the container, the authority of the user needs to be isolated, so that unified management is realized. However, current solutions, such as Kubernetes' own Dashboard and other third party cloud native platforms, do not support rights management well when containers and virtual machines coexist.
Disclosure of Invention
An object of the present application is to provide an authentication method, an authentication device and a computer readable medium for a cloud native super fusion platform.
In order to achieve the above objective, the present application provides an authentication method of a cloud native super fusion platform, where the method is applied to a Yun Yuansheng super fusion platform, and includes:
loading users for items, constructing association relations between the items and the users, and configuring access rights for the users under the items;
associating the item with a resource of a Yun Yuansheng super fusion platform or other platform;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project;
receiving a resource operation request of a user, wherein the resource operation request at least comprises resource information needing to be operated, project information to which the resource belongs and operation information needing to be executed;
and authenticating the resource operation request according to the authority information, and judging whether a user initiating the resource operation request has operation authority.
Further, associating the item with a resource of a Yun Yuansheng super fusion platform or other platform, comprising:
selecting a project and creating resources of a cloud native super fusion platform under the project;
and storing the association relation between the items and the resources of the Yun Yuansheng super fusion platform.
Further, associating the item with a resource of a Yun Yuansheng super fusion platform or other platform, comprising:
associating the item with a namespace of a container management cluster;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project, wherein the method comprises the following steps:
and configuring RBAC authority information of the namespaces associated with the items in the container management cluster according to the access authorities of the users in the items.
Further, associating the item with a resource of a Yun Yuansheng super fusion platform or other platform, comprising:
associating the item with a warehouse in a container mirror warehouse;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project, wherein the method comprises the following steps:
and configuring access authority information of the warehouse associated with the item in the container mirror image warehouse according to the access authority of the user in the item.
Further, associating the item with a resource of a Yun Yuansheng super fusion platform or other platform, comprising:
associating the item with a virtual machine resource in a virtual machine platform;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project, wherein the method comprises the following steps:
and when the virtual machine resource is created, generating a user tag of the virtual machine resource associated with the project according to the access authority of the user in the project.
Further, authenticating the resource operation request according to the authority information, and judging whether the user initiating the resource operation request has operation authority, including:
acquiring current authority information from the buffer, the database or the user tag;
and authenticating the resource operation request according to the authority information, and judging whether a user initiating the resource operation request has operation authority.
Further, the method further comprises:
and when the judgment result is that the operation right exists, releasing the resource operation request.
Further, the method further comprises:
when the judgment result is that the operation right is not available, intercepting the resource operation request, and returning prompt information without the operation right to the user.
Based on another aspect of the present application, there is also provided a computing device comprising a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the authentication method of the Yun Yuansheng super fusion platform.
Embodiments of the present application also provide a computer readable medium having stored thereon computer program instructions executable by a processor to implement the authentication method of the Yun Yuansheng super fusion platform.
Compared with the prior art, the authentication scheme of the cloud native super-fusion platform is provided, and can load users for items, construct association relations between the items and the users, configure access rights for the users under the items, and associate the items with resources of the Yun Yuansheng super-fusion platform or other platforms; configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project; receiving a resource operation request of a user, wherein the resource operation request at least comprises resource information needing to be operated, project information to which the resource belongs and operation information needing to be executed; and authenticating the resource operation request according to the authority information, and judging whether a user initiating the resource operation request has operation authority. Therefore, the scheme integrates the user rights of the Yun Yuansheng super-fusion platform and other platform resources such as virtual machines and containers in a manner of associating the items with the users, manages the user rights by taking the items as basic units, and realizes unified authentication processing by taking the Yun Yuansheng super-fusion platform as an entrance, thereby realizing more convenient rights management under the condition of ensuring data security.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings, in which:
fig. 1 is a process flow diagram of an authentication method of a cloud native super fusion platform provided in an embodiment of the present application;
FIG. 2 is a schematic diagram of a cloud native super-fusion platform in the embodiment of the present application when performing unified authentication management on its own resources;
fig. 3 is a schematic diagram of a cloud native super-fusion platform in an embodiment of the present application when performing unified authentication management on a Kubernetes container management cluster;
fig. 4 is a schematic diagram of a cloud native super-fusion platform in an embodiment of the present application when performing unified authentication management on a Harbor container image warehouse;
FIG. 5 is a schematic diagram of a Cloud native super-fusion platform in an embodiment of the present application when performing unified authentication management on a Cloud virtual machine platform;
FIG. 6 is a schematic diagram of a configuration for implementing a master management platform and three other platforms to implement unified authentication management using the solution of the embodiment of the present application;
the same or similar reference numbers in the drawings refer to the same or similar parts.
Detailed Description
The present application is described in further detail below with reference to the accompanying drawings.
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
In a typical configuration of the present application, the terminals, the devices of the services network each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer-readable media include both permanent and non-permanent, removable and non-removable media, and information storage may be implemented by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information that can be accessed by a computing device.
The embodiment of the application provides an authentication method of a cloud native super-fusion platform, which integrates Yun Yuansheng user rights of the super-fusion platform and other platform resources such as virtual machines and containers in a manner of associating items with users, manages the user rights by taking the items as basic units, and takes the Yun Yuansheng super-fusion platform as an entrance to realize unified authentication processing, so that more convenient rights management is realized under the condition of ensuring data security.
In a practical scenario, the main body for executing the method may include a network device, or a device formed by integrating a user device and the network device through a network, or may be an application program running on the device. The user equipment comprises, but is not limited to, various terminal equipment such as computers, mobile phones, tablet computers and the like; the network device includes, but is not limited to, a network host, a single network server, a server in a plurality of network servers or a server in a distributed cloud network, etc. The distributed Cloud network described herein is made up of a large number of hosts or web servers based on Cloud Computing (Cloud Computing).
Fig. 1 shows a process flow of an authentication method of a cloud native super fusion platform according to an embodiment of the present application, where the method at least includes the following steps:
step S101, loading users for items, constructing association relations between the items and the users, and configuring access rights for the users under the items.
Step S102, associating the item with the resources of the Yun Yuansheng super fusion platform or other platforms.
Step S103, configuring authority information of the resources in the project in the corresponding platform according to the access authority of the user in the project.
Step S104, receiving a resource operation request of a user, wherein the resource operation request at least comprises resource information needing to be operated, item information to which the resource belongs and operation information needing to be executed.
Step S105, the resource operation request is authenticated according to the authority information, and whether the user initiating the resource operation request has operation authority is judged.
In some embodiments of the present application, other platforms may include a container management cluster, a container mirror warehouse, a virtual machine platform, and the like, where the Yun Yuansheng super-fusion platform refers to a cloud native platform that is used to uniformly manage resource rights of itself and other platforms and provide a uniform authentication portal. The resources in the container management cluster are divided into granularity by using a namespace (namespace), the resources of the container mirror warehouse are divided into granularity by using a warehouse, and the resources of the virtual machine platform are divided into granularity by using a user tag. Thus, when associating the item with a resource of the Yun Yuansheng superset platform or other platform, a namespace, repository, or user tag is associated with the item, i.e., an item is associated with one or more namespaces, repositories, or user tags, etc. In an actual scenario, when a user creates a resource on a corresponding platform, the user can select a corresponding item, so that the created resource is attributed to the item. For example, when creating namespace1, the corresponding item project1 is selected, thus representing that the created namespace1 belongs to the item project1.
The user refers to a user represented by an account created on the Yun Yuansheng super fusion platform, for example, a user a creates an account with a user1 on the Yun Yuansheng super fusion platform, and the user1 represents the identity of the user a on the Yun Yuansheng super fusion platform. Taking an item project1 as an example, loading a user1 for the item is to construct an association relationship between the item project1 and the user1. After the access right is configured for the user1 under the project1, the access right of the resource (such as the nano space 1) associated with the project1 can be granted to the user1.
In an actual scenario, the user a may have a corresponding account created in other platforms, for example, the user's account on the Yun Yuansheng super-converged platform is user1, and the account on the virtual machine platform is user2, where the two actually represent the same user a, and binding may be performed after creation. Based on the binding association relationship, the authority information of the resources in the project in the corresponding platform can be configured according to the access authority of the users in the project, and the access authority of the resources is refined to each platform.
Therefore, when the project is used as basic granularity in the project management, after one project is associated with the resources in different platforms, the project can represent different resources in different platforms, and meanwhile, the access authority is configured for the user under the project by constructing the association relationship between the project and the user. Because the user is bound with other platform accounts, the access rights of the resources can be thinned to other platforms, so that the cloud native super-fusion platform can serve as a rights management platform, a unified portal is provided for authentication and rights management.
In an actual scenario, the Yun Yuansheng super-fusion platform can manage the resources (such as an alarm, a YAML template warehouse, a message log and the like) of the Yun Yuansheng super-fusion platform besides managing the resources of other platforms such as a container management cluster, a container mirror warehouse, a virtual machine platform and the like. Therefore, when managing the resources of the Yun Yuansheng super fusion platform, an item can be selected, the resources of the cloud native super fusion platform can be created under the item, and the association relationship between the item and the resources of the Yun Yuansheng super fusion platform can be saved.
Fig. 2 is a schematic diagram of the Yun Yuansheng super-fusion platform when performing unified authentication management on its own resources, which may include the following steps:
and S1, after a user logs in, initiating a resource operation request to access the relevant resources of the Yun Yuansheng super fusion platform. The resource operation request at least comprises resource information needing to be operated, item information to which the resource belongs and operation information needing to be executed, for example, the resource operation request can comprise an item ID, a resource ID, operation content and the like, so that the cloud native super fusion platform can determine which operation is to be executed on which resource under which item by which user wants based on the resource operation request.
And S2, inquiring current authority information from the database by the authenticator, checking, and judging whether the user initiating the request has the authority to execute the operation on the resource under the project.
And step S3, a user is created and then added with the project, the association relationship between the project and the user is constructed, and the access right is configured for the user.
And S4, selecting an item, creating resources of the cloud native super fusion platform, and associating the item with the resources of the Yun Yuansheng super fusion platform.
And S5, storing the association relation between the resources and the items in a database.
When the Yun Yuansheng super-fusion platform manages the resources of the container management cluster, the items can be associated with the namespaces of the container management cluster, and RBAC (Role-Based Access Control based access control) authority information of the namespaces associated with the items in the container management cluster is configured according to the access authorities of users in the items. Fig. 3 is a schematic diagram of a Yun Yuansheng super-fusion platform for unified authentication management of Kubernetes container management clusters, which may include the following steps:
step S1: after the user logs in, a resource operation request is initiated to access related resources of the Kubernetes. The resource operation request may be accompanied by a namespace, item ID, operation content, etc., and entered into the authenticator, which makes the rights decision.
Step S2: the authenticator can query authority information in the buffer according to the name space and the item ID and judge whether the user initiating the request has the authority to execute the corresponding operation.
Step S3: the project loads the user, builds the association relation between the project and the user, and configures the access right for the user.
Step S4: and associating the items with the namespaces.
Step S5: RBAC rights information, namely Rolebinding, is configured for users under the item in the associated namespace according to the configured access rights.
Step S6: yun Yuansheng the super-fusion platform starts a thread as a controller for monitoring the change of the namespaces and RBAC authority information of the Kubernetes and processing the change data.
And S7, writing the processed data into a buffer for query by an authenticator.
When the Yun Yuansheng super-fusion platform manages the resources of the container mirror warehouse, the items can be associated with the warehouses in the container mirror warehouse, and the access authority information of the warehouses associated with the items in the container mirror warehouse is configured according to the access authorities of users in the items. Fig. 4 is a schematic diagram of the Yun Yuansheng super fusion platform for unified authentication management of a Harbor container mirror warehouse, which may include the following steps:
step S1: after the user logs in, a resource operation request is initiated to access the related resources of the Harbor. The resource operation request can enter an authenticator through warehouse ID, project ID, operation content and the like, and the authenticator judges the authority.
Step S2: the authenticator inquires authority information from the database and judges whether the user initiating the request has the authority to execute the corresponding operation.
Step S3: the API gateway is accessed using a Harbor account number associated with the user.
Step S4: and creating a user, synchronously creating an account number of the Harbor, and binding.
Step S5: the project loads the user, builds the association relation between the project and the user, and configures the access right for the user.
Step S6: and adding the items into a warehouse, and associating the items with the warehouse.
Step S7: and according to the configured access rights, granting rights corresponding to the Harbor for the cloud primary user under the project.
The Yun Yuansheng super fusion platform can associate the project with the virtual machine resources in the virtual machine platform when managing the resources of the virtual machine platform, and generate the user label of the virtual machine resources associated with the project according to the access rights of users in the project when creating the virtual machine resources. FIG. 5 is a schematic diagram of the Yun Yuansheng super fusion platform for unified authentication management of the Cloud virtual machine platform, which may include the following steps:
step S1: after the user logs in, a resource operation request is initiated to access the related resources of the virtual machine platform. The resource operation request may be accompanied by a resource ID, an item ID, an operation content, etc., and enter the authenticator, and the authenticator makes a permission determination.
Step S2: the authenticator judges whether the user initiating the request has the authority to execute the corresponding operation according to the item ID and the resource ID.
Step S3: the project loads the user, builds the association relation between the project and the user, and configures the access right for the user.
Step S4: when the virtual machine resource is created, writing information related to the project into a user tag corresponding to the resource, so that corresponding authority information is configured for the virtual machine resource related to the project.
In some embodiments of the present application, the authentication processing performed on the resource operation request may be performed by an authenticator, and the Yun Yuansheng super-fusion platform may transmit the resource operation request to the authenticator after receiving the resource operation request, and the authenticator performs authentication on the resource operation request according to the authority information, so as to determine whether the user initiating the resource operation request has an operation authority.
And if the judgment result is that the operation right exists, releasing the resource operation request, so that the corresponding platform can finish the operation on the resource according to the resource operation request, for example, writing an image into a container image warehouse, reading data from a cloud disk and the like. If the judgment result is that the resource operation request does not have the authority, the resource operation request cannot be executed at the moment, and meanwhile, prompt information without the operation authority can be returned to the user, so that the user can know the result of the resource operation request.
Fig. 6 shows a schematic structural diagram of implementing a main management platform (Yun Yuansheng super-fusion platform) and three other platforms (Kubernetes container management cluster, harbor container mirror warehouse, cloud virtual machine platform) to implement unified authentication management by adopting the scheme of the embodiment of the application. The entrance of authentication management is realized by a Yun Yuansheng super fusion platform, and all resource operation requests are uniformly received by the Yun Yuansheng super fusion platform for authentication and forwarded to other platforms. The specific manner of the Yun Yuansheng super-fusion platform for the authority management of the self-resources and the authority management of the other three platforms can be respectively shown in the flow charts of fig. 2-5. In this way, coexistence of the container and the virtual machine can be well supported, so that unified authority management of the virtual machine and the container is realized in one platform.
Based on the same inventive concept, a computing device is also provided in the embodiments of the present application, where the corresponding method is the authentication method of the Yun Yuansheng super fusion platform in the foregoing embodiments, and the principle of solving the problem is similar to that of the method. The cloud platform capable of realizing secure processing provided by the embodiment of the application comprises a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein when the computer program instructions are executed by the processor, the device is triggered to realize the method and/or the technical scheme of the embodiments of the application
The specific implementation of the computing device may include a network device, or a device formed by integrating a user device with the network device through a network, or may be an application program running on the device. The user equipment comprises, but is not limited to, various terminal equipment such as computers, mobile phones, tablet computers and the like; the network device includes, but is not limited to, a network host, a single network server, a server in a plurality of network servers or a server in a distributed cloud network, etc. The distributed Cloud network described herein is made up of a large number of hosts or web servers based on Cloud Computing (Cloud Computing).
In particular, the methods and/or embodiments of the present application may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. The above-described functions defined in the method of the present application are performed when the computer program is executed by a processing unit.
It should be noted that, the computer readable medium described in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present application may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowchart or block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of devices, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As another aspect, the present application also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more computer program instructions executable by a processor to implement the methods and/or aspects of the various embodiments of the present application described above.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, for example, using Application Specific Integrated Circuits (ASIC), a general purpose computer or any other similar hardware device. In some embodiments, the software programs of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs of the present application (including associated data structures) may be stored on a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. In addition, some steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the apparatus claims can also be implemented by means of one unit or means in software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order. The numerical sequence of the sequence numbers corresponding to the steps does not represent any specific execution sequence, and each step can be executed in any sequence combination on the premise of conforming to the execution logic.
Claims (10)
1. The authentication method of the cloud native super-fusion platform is characterized by being applied to a Yun Yuansheng super-fusion platform and comprising the following steps of:
loading users for items, constructing association relations between the items and the users, and configuring access rights for the users under the items;
associating the item with a resource of a Yun Yuansheng super fusion platform or other platform;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project;
receiving a resource operation request of a user, wherein the resource operation request at least comprises resource information needing to be operated, project information to which the resource belongs and operation information needing to be executed;
and authenticating the resource operation request according to the authority information, and judging whether a user initiating the resource operation request has operation authority.
2. The method of claim 1, wherein associating the item with a resource of a Yun Yuansheng super fusion platform or other platform comprises:
selecting a project and creating resources of a cloud native super fusion platform under the project;
and storing the association relation between the items and the resources of the Yun Yuansheng super fusion platform.
3. The method of claim 1, wherein associating the item with a resource of a Yun Yuansheng super fusion platform or other platform comprises:
associating the item with a namespace of a container management cluster;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project, wherein the method comprises the following steps:
and configuring RBAC authority information of the namespaces associated with the items in the container management cluster according to the access authorities of the users in the items.
4. The method of claim 1, wherein associating the item with a resource of a Yun Yuansheng super fusion platform or other platform comprises:
associating the item with a warehouse in a container mirror warehouse;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project, wherein the method comprises the following steps:
and configuring access authority information of the warehouse associated with the item in the container mirror image warehouse according to the access authority of the user in the item.
5. The method of claim 1, wherein associating the item with a resource of a Yun Yuansheng super fusion platform or other platform comprises:
associating the item with a virtual machine resource in a virtual machine platform;
configuring authority information of resources in the project in a corresponding platform according to the access authority of the user in the project, wherein the method comprises the following steps:
and when the virtual machine resource is created, generating a user tag of the virtual machine resource associated with the project according to the access authority of the user in the project.
6. The method according to any one of claims 2 to 5, wherein authenticating the resource operation request according to the authority information, determining whether a user who initiated the resource operation request has an operation authority, comprises:
and transmitting the resource operation request into an authenticator, and authenticating the resource operation request by the authenticator according to the authority information to judge whether a user initiating the resource operation request has operation authority.
7. The method according to claim 1, wherein the method further comprises:
and when the judgment result is that the operation right exists, releasing the resource operation request.
8. The method according to claim 1, wherein the method further comprises:
when the judgment result is that the operation right is not available, intercepting the resource operation request, and returning prompt information without the operation right to the user.
9. A computing device comprising a memory for storing computer program instructions and a processor for executing the computer program instructions, wherein the computer program instructions, when executed by the processor, trigger the device to perform the method of any one of claims 1 to 8.
10. A computer readable medium having stored thereon computer program instructions executable by a processor to implement the method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311588597.1A CN117632363A (en) | 2023-11-24 | 2023-11-24 | Authentication method, equipment and computer readable medium of Yun Yuansheng super fusion platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311588597.1A CN117632363A (en) | 2023-11-24 | 2023-11-24 | Authentication method, equipment and computer readable medium of Yun Yuansheng super fusion platform |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117632363A true CN117632363A (en) | 2024-03-01 |
Family
ID=90024645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311588597.1A Pending CN117632363A (en) | 2023-11-24 | 2023-11-24 | Authentication method, equipment and computer readable medium of Yun Yuansheng super fusion platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117632363A (en) |
-
2023
- 2023-11-24 CN CN202311588597.1A patent/CN117632363A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810006B (en) | Resource access method, device, equipment and storage medium | |
| US10721293B2 (en) | Hybrid cloud applications | |
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| US8839399B2 (en) | Tenant driven security in a storage cloud | |
| US9189643B2 (en) | Client based resource isolation with domains | |
| US10162952B2 (en) | Security model for network information service | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| US20200322324A1 (en) | Authenticating API Service Invocations | |
| US10891569B1 (en) | Dynamic task discovery for workflow tasks | |
| US9692858B2 (en) | Security model for a memory of a network information system | |
| US20200076806A1 (en) | Methods and systems for managing access to computing system resources | |
| US10594703B2 (en) | Taint mechanism for messaging system | |
| US11477187B2 (en) | API key access authorization | |
| CN108289080B (en) | Method, device and system for accessing file system | |
| US20160234310A1 (en) | Assigning a data item to a storage location in a computing environment | |
| US20150178492A1 (en) | Secure information flow | |
| WO2021140397A1 (en) | Safely processing integrated flows of messages in a multi-tenant container | |
| US20220385596A1 (en) | Protecting integration between resources of different services using service-generated dependency tags | |
| CN112734349A (en) | Interface generation method, data calling method, device and electronic equipment | |
| US11989282B2 (en) | Open-source container data management | |
| CN117632363A (en) | Authentication method, equipment and computer readable medium of Yun Yuansheng super fusion platform | |
| US11422791B2 (en) | Upgrading a sequence of microservices in a cloud computing environment | |
| US11321106B2 (en) | Using binaries of container images as operating system commands | |
| US9038169B2 (en) | Method and system for managing and controlling direct access of an administrator to a computer system | |
| US11520769B1 (en) | Block level lock on data table |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |