CN117792632A - Object storage service platform, management method, configuration method, medium and device - Google Patents
Object storage service platform, management method, configuration method, medium and device Download PDFInfo
- Publication number
- CN117792632A CN117792632A CN202311825455.2A CN202311825455A CN117792632A CN 117792632 A CN117792632 A CN 117792632A CN 202311825455 A CN202311825455 A CN 202311825455A CN 117792632 A CN117792632 A CN 117792632A
- Authority
- CN
- China
- Prior art keywords
- object storage
- key
- service
- distributed configuration
- new key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 31
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000013507 mapping Methods 0.000 claims abstract description 45
- 238000012544 monitoring process Methods 0.000 claims description 19
- 238000012550 audit Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 230000001010 compromised effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000003032 molecular docking Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Embodiments of the present application provide an object storage service platform, an object management method, a configuration method, a computer-readable storage medium, and a computing device. The object storage service platform comprises a plurality of service systems, an object storage system and a distributed configuration system; the object storage system comprises a plurality of object storage buckets; each object storage bucket is bound with a plurality of service systems and is used for storing a plurality of objects of the bound service systems, and each object is bound with a corresponding secret key; the service system is used for creating a mapping relation between the service system and the object storage bucket and sending the mapping relation to the distributed configuration system; storing the object to an object storage bucket based on the mapping relation; updating an object bound with the new key after receiving the new key sent by the distributed configuration system; the distributed configuration system is used for storing the mapping relation between each service system and the object storage bucket and the secret key; when the key is updated, the new key is sent to the service system.
Description
Technical Field
Embodiments of the present application relate to the field of storage service technologies, and more particularly, to an object storage service platform, an object management method, a configuration method, a computer-readable storage medium, and a computing device.
Background
To facilitate collaborative and remote work, many developers choose to store code on a third party platform. However, the safety performance of these platforms is unstable, with potential safety hazards. Once the platform is attacked or code leakage occurs, the key may be revealed with other code, thereby posing a threat to data security in the storage server.
Disclosure of Invention
In this context, embodiments of the present application desire to provide an object storage service platform, an object management method, a configuration method, a computer-readable storage medium, and a computing device.
In a first aspect of embodiments of the present application, an object storage service platform is provided, including a plurality of business systems, an object storage system, and a distributed configuration system; the distributed configuration system and the service system are positioned in the same local area network; the object storage system comprises a plurality of object storage buckets; each object storage bucket is bound with a plurality of service systems and is used for storing a plurality of objects of the bound service systems, and each object is bound with a corresponding secret key; the service system is used for creating a mapping relation between the service system and the object storage bucket and sending the mapping relation to the distributed configuration system; storing the object to an object storage bucket based on the mapping relation; updating an object bound with the new key after receiving the new key sent by the distributed configuration system; the distributed configuration system is used for storing the mapping relation between each service system and the object storage bucket and the secret key; when the key is updated, the new key is sent to the service system.
In one embodiment of the present application, the business system further comprises an SDK client and a management and control device.
In another embodiment of the present application, the service system further comprises a listening module.
In yet another embodiment of the present application, the new key is randomly generated by the distributed configuration system.
In yet another embodiment of the present application, the distributed configuration system is further configured to communicate with one or more security monitoring platforms.
In yet another embodiment of the present application, the new key is a preset redundant key.
In yet another embodiment of the present application, the distributed configuration system is further configured to communicate with an audit platform.
In a second aspect of the embodiments of the present application, there is provided an object management method, which is applicable to the object storage service platform provided in the first aspect of the present application, and the following steps are performed by a service system: creating a mapping relation between a service system and an object storage bucket, and sending the mapping relation to a distributed configuration system; storing the object to an object storage bucket based on the mapping relation; and updating the object bound with the new key after receiving the new key sent by the distributed configuration system.
In a third aspect of the embodiments of the present application, there is further provided a configuration method, adapted to the object storage service platform provided in the first aspect of the present application, where the following steps are performed by a distributed configuration system: storing the mapping relation between each service system and the object storage bucket and the secret key; when the key is updated, the new key is sent to the service system, so that the service system updates the object bound with the new key.
In a fourth aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the object management method provided in the second aspect of the present application.
In a fifth aspect of embodiments of the present application, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the configuration method provided by the third aspect of the present application.
In a sixth aspect of embodiments of the present application, there is provided a computing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the object management method provided in the second aspect of the present application when the program is executed by the processor.
In a seventh aspect of embodiments of the present application, there is provided a computing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the configuration method provided in the third aspect of the present application when the program is executed by the processor.
Since the keys are stored in a distributed configuration system, the system only allows access within the local area network, thereby ensuring that the keys are difficult to reveal. Meanwhile, because sensitive data such as a secret key and the like cannot appear in the code, the security problem caused by the disclosure of the code on a third party code hosting platform is avoided.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present application will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present application are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings, in which:
FIG. 1 schematically illustrates an object storage service platform of an embodiment of the present application;
FIG. 2 schematically illustrates an object storage services platform in communication with a security monitoring platform according to another embodiment of the present application;
FIG. 3 schematically illustrates an object store service platform in communication with an audit platform according to yet another embodiment of the present application;
FIG. 4 schematically illustrates a comprehensive object storage service platform according to yet another embodiment of the present application;
FIG. 5 schematically illustrates a flow chart of an object management method of an embodiment of the present application;
FIG. 6 schematically illustrates a flow chart of a configuration method of an embodiment of the present application;
FIG. 7 schematically illustrates a schematic diagram of a computer-readable storage medium of an embodiment of the present application;
FIG. 8 schematically illustrates a schematic diagram of yet another computer-readable storage medium of an embodiment of the present application;
FIG. 9 schematically illustrates a schematic diagram of a computing device of an embodiment of the present application;
FIG. 10 schematically illustrates a schematic diagram of yet another computing device of an embodiment of the present application;
FIG. 11 schematically illustrates an interaction diagram of an object store service platform according to an embodiment of the present application;
in the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present application will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are presented merely to enable one skilled in the art to better understand and practice the present application and are not intended to limit the scope of the present application in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Those skilled in the art will appreciate that embodiments of the present application may be implemented as a system, apparatus, device, method, or computer program product. Thus, the present application may be embodied in the form of: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to embodiments of the present application, an object storage service platform, an object management method, a configuration method, a computer-readable storage medium, and a computing device are provided.
Any number of elements in the figures herein are for illustration and not limitation, and any naming is used for distinction only and not for any limiting sense.
The principles and spirit of the present application are explained in detail below with reference to several representative embodiments thereof.
Summary of The Invention
In a common object store application, a service provider typically provides a convenient Software Development Kit (SDK). The developer can use the tool package to integrate the tool package into the project system and write necessary codes. Notably, most of the object store services today require the developer to be responsible for managing the access keys themselves. To facilitate invoking code instrumentation classes stored by objects, many developers may choose to write keys directly in the code in plain text.
The applicant finds that, due to convenience requirements of collaborative office and foreign office, many developers can host codes on a third party platform, and because the third party platform has a plurality of uncertain security problems, when the platform is attacked or other codes are leaked, the secret key is easily leaked along with other codes, so that the security of data in a storage server is affected.
Having described the basic background of the present application, various non-limiting embodiments of the present application are specifically described below.
Exemplary platform
Based on this, referring to fig. 1, the present application proposes an object storage service platform 10, including several business systems 101, an object storage system 102, and a distributed configuration system 103; the distributed configuration system 103 is in the same local area network as the business system 101;
the object storage system 102 includes a number of object storage buckets; each object storage bucket is bound with a plurality of service systems 101 and is used for storing a plurality of objects of the bound service systems 101, and each object is bound with a corresponding secret key;
the service system 101 is used for creating a mapping relation between the service system 101 and the object storage bucket and sending the mapping relation to the distributed configuration system 103; storing the object to an object storage bucket based on the mapping relation; updating an object bound to the new key after receiving the new key sent by the distributed configuration system 103;
a distributed configuration system 103, configured to store a mapping relationship between each service system 101 and an object storage bucket, and a key; when a key update occurs, the new key is sent to the business system 101.
Through the above scheme of the present application, the distributed configuration system 103 connected to the service system 101 is located in a local area network environment, where the distributed configuration system 103 is used to store a secret key, and when the secret key needs to be updated, a new secret key is transferred to the service system 101 through the distributed configuration center. The service system 101 determines whether the current visitor has access rights to the object storage bucket corresponding to a certain service system 101 according to the key and the mapping relationship provided by the distributed configuration system 103.
Because the secret key is stored in the distributed configuration system 103, the distributed configuration system 103 only supports the intranet access of the machine room, the security of data is ensured, and because sensitive information cannot appear in codes, secret key information leakage caused by the codes stored in the third party code hosting platform is avoided.
Meanwhile, since the distributed configuration system 103 centrally manages a plurality of keys, when a plurality of keys are compromised, a batch of key updates can also be performed by the distributed configuration system 103. The distributed configuration system 103 also has a hot release characteristic, supports real-time change of sensitive information such as a key, and does not need to modify complicated processes such as codes, recompilation, system engineering deployment and the like to realize the key change.
It will be appreciated that the object store service platform 10 may include 1 at least one business system 101, and that the business system 101 may correspond to one or more object stores, and that an object store may contain a plurality of objects. Different objects in the same object store can belong to different business systems 101.
An object bucket (Object Storage Bucket), simply bucket, is a distributed service for storage and management. Wherein the data is divided into a plurality of cells, each cell being called an Object (Object). The object store bucket provides a container for users to store, retrieve, and manage objects. A user may create multiple buckets as desired, each of which may store a large number of objects. Naming rules and attributes of the buckets can be flexibly configured to meet different business requirements.
In the present application, different objects in the same object bucket may belong to different service systems, i.e. one object bucket may correspond to one or more service systems.
In an embodiment of the present application, the service system 101 may further include an SDK client and a management and control device;
the management and control device is used for creating a mapping relation between the service system 101 and the object storage bucket, sending the mapping relation to the distributed configuration system 103, and updating an object bound with the new key after receiving the new key sent by the distributed configuration system 103;
the SDK client is used for storing the object into the object storage bucket based on the mapping relation.
The above embodiments are merely exemplary, SDK
When a key is modified, one or more business systems 101 may be involved. If key leakage occurs, in the conventional scheme, an administrator or a responsible person of each service system 101 needs to be contacted to determine the influence range of the key leakage of the object storage bucket, and after determining which service systems 101 in which object storage buckets need to update the key, the service systems 101 are suspended in a hard-coded mode and the key is updated.
In this regard, in an embodiment of the present application, the service system 101 may further include a monitoring module, configured to send the new key to the management and control device when the new key sent by the distributed configuration system 103 is monitored.
By adding the monitoring module, each business system can automatically identify the message from the distributed configuration system 103 to trigger the flow of inquiring the mapping relation, and can know whether the object storage bucket related to the current new key is related to the current business system 101 or not through inquiring the mapping relation, without manual intervention to determine, the business system 101 can respond to the message of the distributed configuration system 103 to execute the flow of inquiring the mapping relation and updating the key.
In this application, the key and the mapping relationship may be maintained by the same configuration file, and an exemplary configuration file is as follows:
{
"bucket-A"
"osDomain":"xxxxx.com"
"cdnDomain":"xxxxx.com"
"publicBucket":true,
"osCredentialInfoList":[
{
"serviceCode":"service-A",
"accessKey":"1235234",
"secretKey":"45677"
}
{
"serviceCode":"service-B",
"accessKey":"1235234123124",
"secretKey":"4523124677"
}
]
},
"bucket-B":
"osDomain":"xxxxx.com",
"cdnDomain:"xxxxx.com",
"publicBucket":true,
"osCredentialInfoList":[
{
"serviceCode":"service-c",
"accessKey":"1235234123124",
"secretKey":"1235234123124"
}
{
"serviceCode":"service-D",
"accesskey":"1235234",
"secretKey":"45677"
}
]
}
}
the configuration file contains several fields, such as osDomain (object storage service domain name), cdnDomain (object storage service cdn domain name), publicBucket (whether an object storage bucket is open or not), osCredentialInfoList (docking system and sensitive information), which are defined in the application. Wherein the oscredenalinfolist (docking system and sensitive information) contains a serviceCode (docking system identification) and corresponding two forms of keys (accesskey, secretKey). Such as an object bucket identified as bucket-a, maps with two business systems 101, service-a and service-B, that are protected with different keys.
In an embodiment of the present application, the new key may be randomly generated by distributed configuration system 103.
The randomly generated secret key can avoid the problems of repeated secret key and the like caused by subjective behaviors when the secret key is updated. The random generation of the key does not need manual input of information, so that the process of updating the key is quickened, the key randomly generated by the distributed configuration system 103 completely accords with the format requirement of the distributed configuration system 103, and the key strength is stronger than that of manual input.
After the key is randomly generated, the randomly generated key is used as a new key to participate in the process of updating the key, and meanwhile, in order to enable related personnel such as a responsible person of the related business system 101 to timely learn the new key so as to enable normal management and access, the distributed configuration system 103 can send the randomly generated key to the related personnel of the related business system 101 through means such as internal mail and an intranet OA system.
Based on this, the security monitoring platform may also be docked to implement the linkage between leakage monitoring and key management, and in an embodiment, referring to fig. 2, the distributed configuration system 103 is further configured to communicate with one or more security monitoring platforms 11, and generate a new key when it is determined that the stored key leaks based on the notification of the security monitoring platforms 11.
The security monitoring platform 11 monitors the currently used key, if it is monitored that the current key is in a network environment outside the intranet, it is determined that the key is leaked, at this time, a notification is sent to the distributed configuration system 103, and the distributed configuration system 103 can randomly generate a new key after receiving the notification. The time from manual reporting of the key leakage to manual key changing is saved, the security can be further improved by quickly changing the key, and the security problem caused by the key leakage is reduced.
The above is merely exemplary, and in the present application, the determination of whether the key has been compromised may also be based on other forms of conditions, such as an external attack on the system containing the key, a jump of the original business system 101 responsible person, or other determination conditions.
In an embodiment, the step of randomly generating the secret key may be further performed by the distributed configuration system 103 at regular time, and when a preset time interval elapses, a new secret key is randomly generated to enhance the security of the object storage service platform 10, and when the information monitored by the security monitoring platform 11 is inaccurate or not timely, the security of the object storage service platform 10 can be still periodically consolidated.
In yet another embodiment, a redundant key may also be set in the distributed configuration system 103, where the redundant key is different from the current key, and the distributed configuration system 103 uses the redundant key as a new key after receiving the notification from the security monitoring platform 11. The effect of rapid key updating can also be realized by adopting a redundant key mode.
On the basis of this embodiment, when the redundant key is a preset key, since the content of the key is already known by the related personnel of the service system 101 at the time of preset, when the redundant key is adopted as a new key for updating the key, the related personnel can be only notified that the updated key is the redundant key, without carrying the specific content of the key in the notification, so that the security of the key is further enhanced.
In yet another embodiment, when the redundant key is a number of preset keys, the associated person may save the redundant key as a list in the distributed configuration server. After receiving the notification from the security monitoring platform 11, the distributed configuration system 103 randomly selects one redundant key in the list as a new key, and at this time, in addition to notifying the relevant personnel that the updated key is the redundant key, the relevant personnel who receive the notification from the distributed configuration system 103 can learn the content of the new key by attaching the label, the position, etc. of the adopted redundant key in the list.
The list composed of a plurality of redundant keys can be maintained and written by related personnel on line, and can also be written by related personnel through an intranet, and the mode depends on the security requirement of the system.
In practical applications, the updating of the key may need to be checked layer by layer, and the applicant can maintain the new key in the distributed configuration system 103 after the checking is passed, which causes delay of the updating of the key.
Thus, in yet another embodiment, referring to fig. 3, the distributed configuration system 103 may also be configured to communicate with the auditing platform 12, where the auditing platform 12 is configured to receive and audit an auditing request including a secret key, and where after receiving a notification that the auditing request of the auditing platform 12 passes, the distributed configuration system 103 is further configured to receive, as a new secret key, a secret key included in the auditing request.
By adopting the scheme of the embodiment, after the distributed configuration system 103 is in communication connection with the auditing platform 12, the auditing platform 12 transmits the key contained in the auditing request to the distributed configuration system 103 after the auditing is passed, so that the distributed configuration system 103 can receive the key contained in the auditing request and take the key as a new key, the time for manually maintaining the key from auditing is saved, and the audited key is consistent with the key transmitted to the distributed configuration system 103 due to the fact that the key is transmitted through communication, and errors cannot be generated.
It will be appreciated that the keys sent by the auditing platform 12 to the distributed configuration system 103 may be in plain text form or encrypted according to a pre-set protocol.
In addition, in addition to the secret key, in an embodiment, the mapping relationship that is audited by the auditing platform 12 may be transmitted as a new mapping relationship to the distributed configuration system 103, so as to update the mapping relationship maintained in the distributed configuration system 103.
It will be appreciated that any of the above embodiments may be used in combination, and are not intended to be limiting in any way.
An exemplary combination may be seen in fig. 4, where the object storage service platform 10 is comprised of a number of business systems 101, an object storage system 102, and a distributed configuration system 103; the object storage system 102 includes a plurality of object storage buckets 1021, and each object storage bucket 1021 includes at least one object 10211; the business system 101 may include an SDK client 1011 and a management and control apparatus 1012; the distributed configuration system 103 communicates with the security monitoring platform 11 and auditing platform 12 that are external to the object storage services platform 10. The parts work together to achieve timely updating of the key.
Exemplary method
Having described the object storage service platform 10 according to the exemplary embodiment of the present application, next, referring to fig. 5, the object management method according to the exemplary embodiment of the present application is applicable to the object storage service platform 10 in any of the foregoing embodiments, and the following steps may be performed by the service system 101:
s501, creating a mapping relation between a service system and an object storage bucket, and sending the mapping relation to a distributed configuration system;
s502, storing the object into an object storage bucket based on the mapping relation;
s503, updating the object bound with the new key after receiving the new key sent by the distributed configuration system.
The above object management method is combined with the application scenario of any one of fig. 1 to 4. It should be noted that the above application scenario is only shown for the convenience of understanding the spirit and principles of the present application, and embodiments of the present application are not limited in any way in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.
The service system 101 adopting the above object management method can update the bound object at any time according to the new key sent by the distributed configuration system 103, and realize the object management related to the new key.
Based on this, in an embodiment, the service system may include an SDK client; the operation of storing the objects to the object store bucket based on the mapping relationship is performed by the SDK client, and the operation includes uploading or downloading a number of objects.
In yet another embodiment, the service system 101 further includes a listening module; the following steps are also performed by the business system 101:
when the monitoring module monitors the new key sent by the distributed configuration system 103, the new key is sent to the management and control device.
In another embodiment, the new key may be randomly generated by distributed configuration system 103.
In addition to the business system 101, the distributed configuration system 103 in the present application performs some steps correspondingly, referring to fig. 6, so the present application also provides a configuration method, which is applicable to the object storage service platform 10 in any embodiment, and through the distributed configuration system 103, the following steps may be performed:
s601, storing the mapping relation between each service system and the object storage bucket and the secret key;
and S602, when the key is updated, the new key is sent to the service system, so that the service system updates the object bound with the new key.
In yet another embodiment, the configuration method may further include:
communicate with one or more security monitoring platforms 11;
when it is determined that the current key is leaked based on the notification of the security monitoring platform 11, a new key is generated.
In another embodiment, the configuration method may further include: communicate with the auditing platform 12; the auditing platform 12 is used for receiving and auditing requests containing keys;
and after receiving the notification that the audit platform 12 audits the audit request, taking the secret key contained in the audit request as a new secret key.
The beneficial effects and embodiments of the above-described exemplary object management method and configuration method may refer to the content described in the foregoing object storage service platform 10, and will not be described herein.
By way of example, one way of interaction may be with reference to FIG. 11, wherein an object storage system, business system, distributed configuration center form a major part of an object storage services platform; the method comprises the following steps: s1101, sending a key update notification; s1102, monitoring that the key related configuration changes; s1103, inquiring the mapping relation between the service system and the object storage bucket; s1104, returning the mapping relation; s1105, reinitializing the SDK client; s1106, an operation object (upload/download object).
It will be appreciated that in a one-time configuration, not all steps need to be performed, so that the business system is queried independent of this key update, then there is no need to perform S1105, reinitialize the SDK client and S1106, manipulate objects (upload/download objects).
Exemplary Medium
Having described the method of the exemplary embodiments of the present application, next, with reference to fig. 7, the present application further provides a computer-readable storage medium of the exemplary embodiments, having stored thereon a computer program that, when executed by a processor, implements the steps of the object management method of any of the embodiments.
Accordingly, with reference to fig. 8, the present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the configuration method of any of the embodiments.
Exemplary computing device
Having described the platform, method, and medium of the exemplary embodiments of the present application, and referring next to fig. 9, the present application further provides a computing device 90 including a memory 901, a processor 902, and a computer program stored on the memory 901 and executable on the processor 902, the processor 902 implementing the steps of the object management method in either embodiment when the program is executed.
Accordingly, with reference to fig. 10, there is also provided a computing device 100 comprising a memory 1001, a processor 1002 and a computer program stored on the memory 1001 and executable on the processor 1002, the processor 1002 implementing the steps of the configuration method in any of the embodiments when executing the program.
It should be noted that although several devices or modules are mentioned in the above detailed description, this partitioning is merely exemplary and not mandatory. Indeed, the features and functions of two or more devices or modules described above may be embodied in one device/module in accordance with embodiments of the present application. Conversely, the features and functions of one device/module described above may be further divided into a plurality of devices/modules to be embodied.
Furthermore, although the operations of the methods of the present application are depicted in the drawings in a particular order, this is not required to or suggested that these operations must be performed in this particular order or that all of the illustrated operations must be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
While the spirit and principles of this application have been described with reference to several particular embodiments, it is to be understood that this application is not limited to the disclosed particular embodiments nor does it imply that features in the various aspects are not useful in combination, nor are they intended to be in any way useful for the convenience of the description. The application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. The object storage service platform is characterized by comprising a plurality of service systems, an object storage system and a distributed configuration system; the distributed configuration system and the service system are in the same local area network;
the object storage system comprises a plurality of object storage buckets; each object storage bucket is bound with a plurality of service systems and is used for storing a plurality of objects of the bound service systems, and each object is bound with a corresponding secret key;
the service system is used for creating a mapping relation between the service system and the object storage bucket and sending the mapping relation to the distributed configuration system; storing the object to the object storage bucket based on the mapping relationship; updating an object bound with the new key after receiving the new key sent by the distributed configuration system;
the distributed configuration system is used for storing the mapping relation between each service system and the object storage bucket and the secret key; and when the key is updated, transmitting a new key to the service system.
2. The object storage service platform of claim 1, wherein the business system comprises an SDK client and a management and control device;
the management and control device is used for creating a mapping relation between the service system and the object storage bucket, sending the mapping relation to the distributed configuration system, and updating an object bound with the new key after receiving the new key sent by the distributed configuration system;
the SDK client is used for storing the object to the object storage bucket based on the mapping relation.
3. The object storage service platform of claim 1, wherein the business system further comprises a listening module for sending a new key to the management and control device when listening to the new key sent by the distributed configuration system.
4. The object storage services platform of claim 1, wherein the new key is randomly generated by the distributed configuration system.
5. The object storage services platform of claim 4, wherein the distributed configuration system is further configured to communicate with one or more security monitoring platforms, the new key being generated upon determining that the stored key is compromised based on notification by the security monitoring platforms.
6. The object storage service platform of claim 1, wherein the distributed configuration system is further configured to communicate with an audit platform, the audit platform being configured to receive and audit an audit request including a key, the distributed configuration system being further configured to receive, as the new key, the key included in the audit request after receiving a notification by the audit platform that the audit request is audited.
7. An object management method, adapted to an object storage service platform according to any one of claims 1 to 6, characterized in that the following steps are performed by the service system:
creating a mapping relation between the service system and the object storage bucket, and sending the mapping relation to the distributed configuration system;
storing the object to the object storage bucket based on the mapping relationship;
and updating the object bound with the new key after receiving the new key sent by the distributed configuration system.
8. A configuration method, suitable for an object storage service platform according to any one of claims 1-6, characterized in that the following steps are performed by the distributed configuration system:
storing the mapping relation between each service system and the object storage bucket and the secret key; and when the key is updated, transmitting a new key to the service system so that the service system updates an object bound with the new key.
9. A computing device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the object management method of claim 7 when the program is executed by the processor.
10. A computing device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the configuration method of claim 8 when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311825455.2A CN117792632A (en) | 2023-12-27 | 2023-12-27 | Object storage service platform, management method, configuration method, medium and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311825455.2A CN117792632A (en) | 2023-12-27 | 2023-12-27 | Object storage service platform, management method, configuration method, medium and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117792632A true CN117792632A (en) | 2024-03-29 |
Family
ID=90383100
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311825455.2A Pending CN117792632A (en) | 2023-12-27 | 2023-12-27 | Object storage service platform, management method, configuration method, medium and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117792632A (en) |
-
2023
- 2023-12-27 CN CN202311825455.2A patent/CN117792632A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1267518B1 (en) | Multiple device management method and system | |
| US6996500B2 (en) | Method for communicating diagnostic data | |
| US8775577B1 (en) | System and method for configuration management service | |
| US7870564B2 (en) | Object-based computer system management | |
| US10243919B1 (en) | Rule-based automation of DNS service discovery | |
| MXPA04002918A (en) | Architecture and system for location awareness. | |
| US8799355B2 (en) | Client server application manager | |
| US11635752B2 (en) | Detection and correction of robotic process automation failures | |
| US9374417B1 (en) | Dynamic specification auditing for a distributed system | |
| US20120110058A1 (en) | Management system and information processing method for computer system | |
| US11362912B2 (en) | Support ticket platform for improving network infrastructures | |
| CN109729189B (en) | Method and device for configuring domain name | |
| US10078655B2 (en) | Reconciling sensor data in a database | |
| GB2529377A (en) | Communication between frames of a web browser | |
| US20090319576A1 (en) | Extensible task execution techniques for network management | |
| CN110324209B (en) | Micro-service system monitoring method and device, electronic equipment and computer readable medium | |
| US20220357940A1 (en) | Proactive Notifications for Robotic Process Automation | |
| US8200823B1 (en) | Technique for deployment and management of network system management services | |
| CN114978669B (en) | Method, device, equipment and medium for communication between internal and external networks | |
| CN117792632A (en) | Object storage service platform, management method, configuration method, medium and device | |
| US20110289154A1 (en) | Online chatting system and method for user connected to website | |
| CN116016209A (en) | Network automation method and device | |
| CN116132421A (en) | Remote desktop connection method, system, device, computer equipment and storage medium | |
| CN112583891B (en) | Interface document acquisition method and device and server | |
| CN108566432A (en) | Application dispositions method, device, server and the storage medium of PaaS platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |