WO2021051878A1 - Procédé et appareil d'acquisition de ressources en nuage sur la base d'une permission d'un utilisateur et dispositif informatique - Google Patents

Procédé et appareil d'acquisition de ressources en nuage sur la base d'une permission d'un utilisateur et dispositif informatique Download PDF

Info

Publication number
WO2021051878A1
WO2021051878A1 PCT/CN2020/093599 CN2020093599W WO2021051878A1 WO 2021051878 A1 WO2021051878 A1 WO 2021051878A1 CN 2020093599 W CN2020093599 W CN 2020093599W WO 2021051878 A1 WO2021051878 A1 WO 2021051878A1
Authority
WO
WIPO (PCT)
Prior art keywords
container
user
application
container application
list
Prior art date
Application number
PCT/CN2020/093599
Other languages
English (en)
Chinese (zh)
Inventor
黄桂钦
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2021051878A1 publication Critical patent/WO2021051878A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • This application relates to the technical field of Paas architecture, and in particular to a method, device and computer equipment for obtaining cloud resources based on user permissions.
  • PaaS platform (Platform-as-a-Service, stands for platform-as-a-service), which refers to a set of cloud-based services that can help business users and developers with Create applications at a speed that local deployment solutions cannot match.
  • cloud platforms generally only distinguish between administrators and ordinary users when configuring user permissions for a certain application.
  • an ordinary user logs in to the cloud platform
  • he needs to filter out the corresponding container applications he created and the cloud platform pushes the data of the corresponding container application to the ordinary user's terminal.
  • an administrator user logs in to the cloud platform
  • the cloud platform pushes the corresponding container application data to the terminal of the administrator user, but in the operation and maintenance process of the container application
  • the inventor realizes that if the cloud platform frequently obtains all the container applications created in the cloud platform, the data filtering efficiency in the cloud platform will be inefficient, and the system resources of the cloud platform will be greatly wasted.
  • the embodiments of the application provide a method, device, computer equipment, and storage medium for obtaining cloud resources based on user permissions, which are intended to solve the problem of frequently obtaining all creations in the cloud platform during the operation and maintenance process of the container application of the cloud platform in the prior art.
  • the container application of the cloud platform leads to inefficient data filtering in the cloud platform, and greatly wastes the system resources of the cloud platform.
  • an embodiment of the present application provides a method for obtaining cloud resources based on user permissions, which includes:
  • the authority level in turn includes administrator authority level, privileged user authority level, and ordinary user Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;
  • the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;
  • the operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group;
  • the operation instruction is a read-only group configuration instruction
  • obtain the corresponding read-only user list according to the read-only group configuration instruction and add the read-only user list to the corresponding read-only user group.
  • an embodiment of the present application provides a cloud resource acquisition device based on user permissions, which includes:
  • the account authority level obtaining unit is configured to receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein the authority level in turn includes the administrator authority level , Privileged user authority level, ordinary user authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the authority level of the ordinary user The number of permission items;
  • the first list pushing unit is configured to, if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the list of container applications in real time Operating instructions;
  • the first instruction execution unit is configured to, if an operation instruction to the container application list is detected and the operation instruction is a newly added container application instruction, correspondingly create a container application according to the newly added container application instruction;
  • the second instruction execution unit is configured to, if an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list To the corresponding application user group;
  • the third instruction execution unit is configured to, if an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and set the read-only user The list is added to the corresponding read-only user group.
  • an embodiment of the present application provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the computer The following steps are implemented during the program:
  • the authority level in turn includes administrator authority level, privileged user authority level, and ordinary user Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;
  • the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;
  • the operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group;
  • the operation instruction is a read-only group configuration instruction
  • obtain the corresponding read-only user list according to the read-only group configuration instruction and add the read-only user list to the corresponding read-only user group.
  • the embodiments of the present application also provide a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps :
  • the authority level in turn includes administrator authority level, privileged user authority level, and ordinary user Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;
  • the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;
  • the operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group;
  • the operation instruction is a read-only group configuration instruction
  • obtain the corresponding read-only user list according to the read-only group configuration instruction and add the read-only user list to the corresponding read-only user group.
  • the embodiment of the application divides the authority level of user account information in a more detailed manner, so that the server can push corresponding data according to the authority corresponding to the user account information for the creation or maintenance of container applications, avoiding frequent acquisition of cloud platforms by cloud platforms All the container applications created in the cloud platform improve the efficiency of data filtering in the cloud platform and save the system resources of the cloud platform.
  • FIG. 1 is a schematic diagram of an application scenario of a method for obtaining cloud resources based on user permissions provided by an embodiment of the application;
  • FIG. 2 is a schematic flowchart of a method for obtaining cloud resources based on user permissions provided by an embodiment of the application
  • FIG. 3 is a schematic diagram of a sub-flow of a method for obtaining cloud resources based on user permissions provided by an embodiment of the application;
  • FIG. 4 is a schematic block diagram of a cloud resource acquisition device based on user permissions provided by an embodiment of the application
  • FIG. 5 is a schematic block diagram of subunits of a device for obtaining cloud resources based on user permissions according to an embodiment of the application;
  • Fig. 6 is a schematic block diagram of a computer device provided by an embodiment of the application.
  • the technical solution of this application can be applied to the field of big data technology.
  • the technical solution of this application can be implemented by a data platform such as a cloud computing platform.
  • Figure 1 is a schematic diagram of an application scenario of a method for obtaining cloud resources based on user permissions provided by an embodiment of this application
  • Figure 2 is a schematic flowchart of a method for obtaining cloud resources based on user permissions provided by an embodiment of this application
  • the method for obtaining cloud resources based on user permissions is applied to a server, and the method is executed by application software installed in the server.
  • the method includes steps S110 to S150.
  • the authority level includes administrator authority level, privileged user authority level, and Ordinary user authority level
  • the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level
  • the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level.
  • the server specifically the Paas platform (Platform-as-a-Service, Platform-as-a-Service, which refers to a set of cloud-based services that can help business users and developers create applications at a speed that cannot be achieved by local deployment solutions. ).
  • the server is used to provide a user-oriented interactive interface, so that the user can perform operations such as creation or maintenance of a container application after logging in to the server after entering account information.
  • the second is the user side, which logs in through the interactive interface provided by the server to log in to the Paas platform corresponding to the server, so as to perform operations such as creation or maintenance of container applications.
  • the most common operation in PaaS platform is to create container applications, which are based on Docker containers (Docker is a lightweight virtualized container technology that provides isolation functions similar to virtual machines, and uses a layered joint
  • Docker containers Docker is a lightweight virtualized container technology that provides isolation functions similar to virtual machines, and uses a layered joint
  • the file system technology manages the mirror image, which can greatly simplify the application created by the environment operation and maintenance process.
  • the PaaS platform of a certain company can be open to R&D personnel, so that R&D personnel can easily create container applications.
  • each user account information needs to be classified into authority levels. Specifically, the authority levels corresponding to the user account information are divided into administrator authority levels, privileged user authority levels, and ordinary user authority levels. If the user account information corresponding to the login designation is received and the user account information is judged to correspond to the administrator authority level, the corresponding display page after entering the PaaS platform can display all the container applications saved in the PaaS platform, and can target each container The application performs operations such as viewing and editing.
  • a user authority configuration table is stored in the PaaS platform, and the user authority configuration table is divided into three sub-tables, namely the first user account list of the administrator authority level, the second user account list of the privileged user authority level, The third user account list of the normal user authority level.
  • the user account corresponding to the user account information needs to be compared with each account in the first user account list to the third user account list to determine the user account information corresponding to the login instruction Which one of the above three user account lists belongs to, once the determination is completed, the authority level corresponding to the user account information corresponding to the login instruction can be correspondingly learned.
  • the privileged user has the authority of the administrator, but there are some special functions, such as the report modification function of the platform, the background management system, etc. And only the administrator can operate, so some users need administrator rights, and some users who can't let go, the platform is set as privileged users.
  • the corresponding display page after entering the PaaS platform can display the container applications created by the PaaS platform, and can also see the container applications authorized by others to view.
  • the reason for setting a privileged user authority level between the administrator authority level and the ordinary user authority level is because the administrator can configure some privileged users who can assist them in the operation and maintenance of the container application.
  • 100 container applications are created on the server.
  • the server detects that an account with an administrator authority level is logged in, it will filter out these 100 container applications, and a list of container applications will be formed by the names of 100 container applications and pushed to the login administrator.
  • the administrator can choose to group the above 100 container applications into 5 large groups, each of which includes 20 container applications, and configure a privileged user for each large group, for example, the first group corresponds to All 20 container applications are configured with privileged user A.
  • the server When the server detects that the account of privileged user A is logged in, it can correspondingly filter out the 20 container applications of the first group, and push the names of the 20 container applications of the first group into a container application list to the login privileged user rights The terminal of the account of the level. After that, the operation instruction for the container application list transmitted by the terminal used by the privileged user A is detected in real time. For example, the privileged user A can perform operation and maintenance operations such as maintenance of the background code for each container application in the container application list.
  • privileged user A Since privileged user A only receives a container application list composed of 20 container applications, this is compared with the container application list composed of 100 container applications received when the administrator logs in.
  • the data processing volume of the server in the former is significantly lower than that in the latter. This is extremely beneficial to reduce the data processing volume of the server.
  • a privileged user level user logs in to the server and receives the container application list
  • the following three operations can be performed: one is to add a new container application (that is, to create a container application), and the other is to select a container application and configure its application Group, the third is to select the container application and configure its read-only group.
  • the method before step S120, the method further includes:
  • the resource pool information is the IP network segment assigned to create the container application.
  • the server will identify the account information of the privileged user, determine the group information to which it belongs (group information can be generally understood as which subsidiary of the group company this user belongs to), and obtain the corresponding information in the server according to the group information to which it belongs
  • group information can be generally understood as which subsidiary of the group company this user belongs to
  • the resource pool information is pushed to the terminal corresponding to the privileged user's account information to help them set the IP network segment based on the configuration of the container application, instead of randomly setting the IP network segment. That is, when a user adds a new container application, the server will automatically identify the grouping of his account and push the corresponding resource pool information to the user.
  • a user with privileged user authority logs in to the PaaS platform, he can view that he is authorized to view the PaaS platform or create a container application by himself, or he can create a new container application.
  • the features and specific steps involved in creating a new container application are as follows:
  • the information of the container application includes the application environment of the container application, the area of the container application, the number of container instances, the image information of the container application, and the resource group of the container application.
  • the information of the container application also includes whether to synchronize to the opcm, whether to enable monitoring, deployment mode, application administrator (the person who creates the container application can manage the created container application), etc.
  • the application environment of the container application includes a production environment, a test environment, a development environment, and so on.
  • the production environment means that the container application is successfully created to connect to the external environment, or for external users to access;
  • the test environment means that the container application is successfully created for testing;
  • the development environment means that the container application is successfully created for development and use .
  • the container application area refers to the location of the computer room where the container application is created, and consists of two parts: "area” + “safe area” in Figure 2. Among them, the safe area is a sub-area under the area. It can be understood that the container application is created in the computer room of the "xxx security zone" under the "xx zone". However, to determine in which specific computer room the container application is created, it needs to be determined jointly according to the application environment of the container application and the area of the container application. It can be understood as creating the container application in the computer room corresponding to the area of the container application in a certain application environment. . It can be understood that the computer rooms corresponding to different application environments in the same area are different.
  • the number of container instances of a container application refers to the number of containers of the container application, and there is no upper limit on the number of containers of a container application. Among them, the number of container instances can be determined according to the access volume of the container application.
  • the container instance image information includes the image version, image type, and image name. Among them, the image version includes official (version), etc.; the image type refers to which image is used by the container instance, such as nginx, tomcat, weblogic, springboot, etc.; the image name refers to the specific image name.
  • the mirror image information can be obtained from the corresponding mirror warehouse for users to choose, where the corresponding mirror warehouse refers to the mirror warehouse under the computer room that is jointly determined by the application environment of the container application and the region of the container application.
  • the resource group of the container application includes a resource account, which is used for the cost of creating the container application.
  • Whether to synchronize to opcm refers to whether to synchronize the information of the created container application to the internal information platform opcm of the enterprise for users who can use the opcm information platform to view. In other embodiments, it can also be understood as synchronizing the information of the created container application to a third-party platform.
  • Whether to enable monitoring refers to whether you choose to monitor the container instance of the container application, such as monitoring the CPU/memory/IO usage of the container instance.
  • the deployment method is connected to the deployment platform within the enterprise and used to determine the subsequent version release mode of the container application.
  • the container application information also includes a beneficiary resource pool.
  • the beneficiary resource pool refers to the subsidiary/department that created the container application, which determines the IP network segment allocated by the created container and the host resources of the container. Different resource pools use different IP network segments and host resources. If the information of the container application also includes the beneficiary resource pool, the beneficiary resource pool, the application environment of the container application, and the region of the container application together determine the IP network segment allocated by the created container instance and the host resources of the container instance. Different resources The pool uses different IP network segments and host resources.
  • the different information of multiple container applications may refer to different regions of the container application, different image information of the container application (including different image types or different image names), etc. It should be noted that if there is a difference in the region, image type, and image name of the container application, it is considered that the information of the container application is different. At the same time, it should be noted that there can be many differences in the information of different container applications, such as different areas of container applications, different image types, and different image names. The number of container instances and the usage time of the container instances in the information of each different container application can also be different.
  • step S130 includes:
  • S131 Determine the IP of the container instance of the container application according to the application environment of the container application, the area of the container application, and the number of container instances;
  • S132 Determine a mirror repository for storing the image of the container application according to the application environment of the container application and the area of the container application;
  • S133 Determine, according to the container application image information, the resources required to create the container instance
  • S134 Extract a specific image that needs to be used to create a container instance of the container application from the determined image warehouse according to the container application image information;
  • S135 Determine a host for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources to be occupied for creating the container instance;
  • the location where the container application is created can be determined according to the application environment of the container application and the area of the container application, that is, in which computer room the container application is created.
  • the container application is created in the computer room where the SF (a smaller area identifier below Baoxin) sub-region under the Baoxin (place name) area in the test environment is located.
  • the location where the container application is created can be determined, that is, in which computer room the container application is created.
  • each area in each application environment corresponds to a mirror warehouse that stores mirror resources. All the mirror resources needed to be used in the area under the application environment are stored in the mirror warehouse.
  • the mirror warehouse and the host that creates the container instance are best in a local area network, which can improve the creation Speed also improves the safety of creation.
  • the creation speed will inevitably be reduced, and security cannot be guaranteed.
  • Creating a container instance requires certain resources to be occupied on the host. Therefore, it is necessary to determine the resources required to create the container instance first to determine whether the host has enough resources to create the container instance.
  • the location where the container application is created can be determined, that is, in which computer room the container application is created.
  • step S134 includes:
  • the specific image that needs to be used to create the container instance of the container application is extracted from the image warehouse determined by the image type, image version, and image name in the container application image information.
  • the container application when obtaining the specific image that needs to be used to build the container instance of the container application, first obtain the image type, image version, and image name in the container application image information, and then use the image type and image name in the container application image information.
  • the version and image name correspond to the specific image extracted.
  • step S136 includes:
  • the container instance of the container application is created, connect the created container instance through the operation and maintenance tool, and bind the created container instance with the determined IP of the container instance.
  • the container orchestration tool may be a Marathon tool, or other container orchestration tools.
  • the Marathon tool is equivalent to a transfer station, which sends the determined specific image to the container orchestration tool, and then the container orchestration tool distributes the specific image to the determined host to create a container instance.
  • operation and maintenance tools such as ansible, an automated operation and maintenance tool.
  • the PaaS platform After a user with privileged user rights logs in to the PaaS platform, if one or more users receive application group user application information for the container application created by the user with the privileged user rights, obtain the above-mentioned application group The target user account information corresponding to the user application information, and the target user account information corresponding to the application group user application information is added to the application user group corresponding to the container application.
  • the PaaS platform detects that the user account information in the application group is logged in, it displays the container application corresponding to the display interface of the terminal used by the corresponding user account information, and the user account information corresponding to the container application Part of the permissions of the creator (for example, modify the background code of the container application, etc.).
  • the target user account information is filtered out in the user list corresponding to the container application and added to The read-only group corresponding to the container application.
  • the PaaS platform detects that the user account information in the read-only group is logged in, it displays the container application corresponding to the display interface of the terminal used by the corresponding user account information, and the user corresponding to the user account information cannot modify the container Application information, you can only view the information of container applications.
  • step S150 the method further includes:
  • the container application list is displayed, and the first current operation instruction to the container application list is detected in real time.
  • the process of creating a container application can refer to step S130; the process of configuring a read-only group can refer to step S140, and the process of applying a group can refer to step S150.
  • the container application is created corresponding to the newly added container application instruction; if the first current operation instruction is a read-only group configuration instruction, the corresponding command is obtained according to the read-only group configuration instruction Add the read-only user list to the corresponding read-only user group.
  • step S150 the method further includes:
  • the container application list is displayed, and the second current operation instruction to the container application list is detected in real time.
  • step S130 when an ordinary user logs in to the PaaS platform, he can view the container applications created by the user in the PaaS platform, or create a new container application.
  • the process of creating a container application can refer to step S130; the process of configuring a read-only group can refer to step S140, and the process of applying a group can refer to step S150.
  • the container application is created correspondingly according to the newly added container application instruction; if the second current operation instruction is a read-only group configuration instruction, the corresponding command is obtained according to the read-only group configuration instruction Add the read-only user list to the corresponding read-only user group.
  • the container application can only be created in the beneficiary resource pool corresponding to the subsidiary to which the user belongs.
  • the container application can only be created in the beneficiary resource pool corresponding to the subsidiary to which the user belongs.
  • This method divides the authority levels of the user account information in a more detailed manner, so that the server can push the corresponding data according to the authority corresponding to the user account information for the creation or maintenance of the container application, and avoids the cloud platform from frequently acquiring all the information in the cloud platform.
  • the created container application improves the efficiency of data filtering in the cloud platform and saves the system resources of the cloud platform.
  • the embodiment of the present application also provides a cloud resource acquisition device based on user authority, and the cloud resource acquisition device based on user authority is used to execute any embodiment of the foregoing cloud resource acquisition method based on user authority.
  • FIG. 4 is a schematic block diagram of an apparatus for obtaining cloud resources based on user permissions according to an embodiment of the present application.
  • the device 100 for acquiring cloud resources based on user permissions may be configured in a server.
  • the cloud resource acquisition device 100 based on user permissions includes an account permission level acquisition unit 110, a first list pushing unit 120, a first instruction execution unit 130, a second instruction execution unit 140, and a third instruction execution unit 150 .
  • the video splitting unit 110 is configured to receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level in turn includes the administrator authority level , Privileged user authority level, ordinary user authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the authority level of the ordinary user The number of permission items.
  • the most common operation in PaaS platform is to create container applications, which are based on Docker containers (Docker is a lightweight virtualized container technology that provides isolation functions similar to virtual machines, and uses a layered joint
  • Docker containers Docker is a lightweight virtualized container technology that provides isolation functions similar to virtual machines, and uses a layered joint
  • the file system technology manages the mirror image, which can greatly simplify the application created by the environment operation and maintenance process.
  • the PaaS platform of a certain company can be open to R&D personnel, so that R&D personnel can easily create container applications.
  • each user account information needs to be classified into authority levels. Specifically, the authority levels corresponding to the user account information are divided into administrator authority levels, privileged user authority levels, and ordinary user authority levels. If the user account information corresponding to the login designation is received and the user account information is judged to correspond to the administrator authority level, the corresponding display page after entering the PaaS platform can display all the container applications saved in the PaaS platform, and can target each container The application performs operations such as viewing and editing.
  • a user authority configuration table is stored in the PaaS platform, and the user authority configuration table is divided into three sub-tables, namely the first user account list of the administrator authority level, the second user account list of the privileged user authority level, The third user account list of the normal user authority level.
  • the user account corresponding to the user account information needs to be compared with each account in the first user account list to the third user account list to determine the user account information corresponding to the login instruction Which one of the above three user account lists belongs to, once the determination is completed, the authority level corresponding to the user account information corresponding to the login instruction can be correspondingly learned.
  • the privileged user has the authority of the administrator, but there are some special functions, such as the report modification function of the platform, the background management system, etc. And only the administrator can operate, so some users need administrator rights, and some users who can't let go, the platform is set as privileged users.
  • the corresponding display page after entering the PaaS platform can display the container applications created by the PaaS platform, and can also see the container applications authorized by others to view.
  • the first list pushing unit 120 is configured to, if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect in real time that the container application Operation instructions for the list.
  • the reason for setting a privileged user authority level between the administrator authority level and the ordinary user authority level is because the administrator can configure some privileged users who can assist them in the operation and maintenance of the container application.
  • 100 container applications are created on the server.
  • the server detects that an account with an administrator authority level is logged in, it will filter out these 100 container applications, and a list of container applications will be formed by the names of 100 container applications and pushed to the login administrator.
  • the administrator can choose to group the above 100 container applications into 5 large groups, each of which includes 20 container applications, and configure a privileged user for each large group, for example, the first group corresponds to All 20 container applications are configured with privileged user A.
  • the server When the server detects that the account of privileged user A is logged in, it can correspondingly filter out the 20 container applications of the first group, and push the names of the 20 container applications of the first group into a container application list to the login privileged user rights The terminal of the account of the level. After that, the operation instruction for the container application list transmitted by the terminal used by the privileged user A is detected in real time. For example, the privileged user A can perform operation and maintenance operations such as maintenance of the background code for each container application in the container application list.
  • privileged user A Since privileged user A only receives a container application list composed of 20 container applications, this is compared with the container application list composed of 100 container applications received when the administrator logs in.
  • the data processing volume of the server in the former is significantly lower than that in the latter. This is extremely beneficial to reduce the data processing volume of the server.
  • a privileged user level user logs in to the server and receives the container application list
  • the following three operations can be performed: one is to add a new container application (that is, to create a container application), and the other is to select a container application and configure its application Group, the third is to select the container application and configure its read-only group.
  • implementing the device 100 for acquiring cloud resources based on user permissions further includes:
  • the resource pool information obtaining unit is configured to obtain grouping information corresponding to the user account information, obtain corresponding resource pool information according to the grouping information, and send the resource pool information corresponding to the grouping information acquisition to the user corresponding to the user account information End; wherein, the resource pool information is an IP network segment allocated to create a container application.
  • the server will identify the account information of the privileged user, determine the group information to which it belongs (group information can be generally understood as which subsidiary of the group company this user belongs to), and obtain the corresponding information in the server according to the group information to which it belongs
  • group information can be generally understood as which subsidiary of the group company this user belongs to
  • the resource pool information is pushed to the terminal corresponding to the privileged user's account information to help them set the IP network segment based on the configuration of the container application, instead of randomly setting the IP network segment. That is, when a user adds a new container application, the server will automatically identify the grouping of his account and push the corresponding resource pool information to the user.
  • the first instruction execution unit 130 is configured to, if an operation instruction to the container application list is detected and the operation instruction is a newly added container application instruction, correspondingly create a container application according to the newly added container application instruction.
  • a user with privileged user authority logs in to the PaaS platform, he can view that he is authorized to view the PaaS platform or create a container application by himself, or he can create a new container application.
  • the feature introduction and specific steps involved in creating a new container application are as follows:
  • the information of the container application includes the application environment of the container application, the area of the container application, the number of container instances, the image information of the container application, and the resource group of the container application.
  • the information of the container application also includes whether to synchronize to the opcm, whether to enable monitoring, deployment mode, application administrator (the person who creates the container application can manage the created container application), etc.
  • the application environment of the container application includes a production environment, a test environment, a development environment, and so on.
  • the production environment means that the container application is successfully created to connect to the external environment, or for external users to access;
  • the test environment means that the container application is successfully created for testing;
  • the development environment means that the container application is successfully created for development and use .
  • the container application area refers to the location of the computer room where the container application is created, and consists of two parts: "area” + “safe area” in Figure 2. Among them, the safe area is a sub-area under the area. It can be understood that the container application is created in the computer room of the "xxx security zone" under the "xx zone". However, to determine in which specific computer room the container application is created, it needs to be determined jointly according to the application environment of the container application and the area of the container application. It can be understood as creating the container application in the computer room corresponding to the area of the container application in a certain application environment. . It can be understood that the computer rooms corresponding to different application environments in the same area are different.
  • the number of container instances of a container application refers to the number of containers of the container application, and there is no upper limit on the number of containers of a container application. Among them, the number of container instances can be determined according to the access volume of the container application.
  • the container instance image information includes the image version, image type, and image name. Among them, the image version includes official (version), etc.; the image type refers to which image is used by the container instance, such as nginx, tomcat, weblogic, springboot, etc.; the image name refers to the specific image name.
  • the mirror image information can be obtained from the corresponding mirror warehouse for users to choose, where the corresponding mirror warehouse refers to the mirror warehouse under the computer room that is jointly determined by the application environment of the container application and the region of the container application.
  • the resource group of the container application includes a resource account, which is used for the cost of creating the container application.
  • Whether to synchronize to opcm refers to whether to synchronize the information of the created container application to the internal information platform opcm of the enterprise for users who can use the opcm information platform to view. In other embodiments, it can also be understood as synchronizing the information of the created container application to a third-party platform.
  • the container application information also includes a beneficiary resource pool, which refers to the subsidiary/department that creates the container application, determines the IP network segment assigned to the created container and the host resources of the container. Different resource pools use different IP network segments and host resources. If the information of the container application also includes the beneficiary resource pool, then the beneficiary resource pool, the application environment of the container application, and the region of the container application together determine the IP network segment allocated by the created container instance and the host resources of the container instance. Different resources The pool uses different IP network segments and host resources.
  • the different information of multiple container applications may refer to different regions of the container application, different image information of the container application (including different image types or different image names), etc. It should be noted that if there is a difference in the region, image type, and image name of the container application, it is considered that the information of the container application is different. At the same time, it should be noted that there can be many differences in the information of different container applications, such as different areas of container applications, different image types, and different image names. The number of container instances and the usage time of the container instances in the information of each different container application can also be different.
  • the first instruction execution unit 130 includes:
  • the container instance IP obtaining unit 131 is configured to determine the IP of the container instance of the container application according to the application environment of the container application, the region of the container application, and the number of container instances;
  • the image repository obtaining unit 132 is configured to determine the image repository for storing the container application image according to the application environment of the container application and the area of the container application;
  • the container resource acquiring unit 133 is configured to determine the resources required to create a container instance according to the container application image information
  • the specific image obtaining unit 134 is configured to extract the specific image that needs to be used to create the container instance of the container application from the determined image warehouse according to the container application image information;
  • the host acquisition unit 135 is configured to determine the host for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources that need to be occupied to create the container instance;
  • the IP binding unit 136 is configured to create a container instance of the container application on the determined host machine according to the determined specific image, and bind the created container instance with the determined IP of the container instance.
  • the location where the container application is created can be determined according to the application environment of the container application and the area of the container application, that is, in which computer room the container application is created.
  • the container application is created in the computer room where the SF (a smaller area identifier below Baoxin) sub-region under the Baoxin (place name) area in the test environment is located.
  • the location where the container application is created can be determined, that is, in which computer room the container application is created.
  • each area in each application environment corresponds to a mirror warehouse that stores mirror resources. All the mirror resources needed to be used in the area under the application environment are stored in the mirror warehouse.
  • the mirror warehouse and the host that creates the container instance are best in a local area network, which can improve the creation Speed also improves the safety of creation.
  • the creation speed will inevitably be reduced, and security cannot be guaranteed.
  • Creating a container instance requires certain resources to be occupied on the host. Therefore, it is necessary to determine the resources required to create the container instance first to determine whether the host has enough resources to create the container instance.
  • the location where the container application is created can be determined, that is, in which computer room the container application is created.
  • the specific image obtaining unit 134 is further configured to:
  • the specific image that needs to be used to create the container instance of the container application is extracted from the image warehouse determined by the image type, image version, and image name in the container application image information.
  • the container application when obtaining the specific image that needs to be used to build the container instance of the container application, first obtain the image type, image version, and image name in the container application image information, and then use the image type and image name in the container application image information.
  • the version and image name correspond to the specific image extracted.
  • the IP binding unit 136 includes:
  • the specific image pushing unit is configured to push the determined specific image to the determined host machine through the container orchestration tool, so as to create a container instance of the container application on the host machine;
  • the container IP binding unit is used for, if the container instance of the container application is created, connect the created container instance through the operation and maintenance tool, and bind the created container instance with the determined IP of the container instance.
  • the container orchestration tool may be a Marathon tool, or other container orchestration tools.
  • the Marathon tool is equivalent to a transfer station, which sends the determined specific image to the container orchestration tool, and then the container orchestration tool distributes the specific image to the determined host to create a container instance.
  • operation and maintenance tools such as ansible, an automated operation and maintenance tool.
  • the second instruction execution unit 140 is configured to, if an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and set the application group user list Add to the corresponding application user group.
  • the PaaS platform After a user with privileged user rights logs in to the PaaS platform, if one or more users receive application group user application information for the container application created by the user with the privileged user rights, obtain the above-mentioned application group The target user account information corresponding to the user application information, and the target user account information corresponding to the application group user application information is added to the application user group corresponding to the container application.
  • the PaaS platform detects that the user account information in the application group is logged in, it displays the container application corresponding to the display interface of the terminal used by the corresponding user account information, and the user account information corresponding to the container application Part of the permissions of the creator (for example, modify the background code of the container application, etc.).
  • the third instruction execution unit 150 is configured to: if an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and set the read-only The user list is added to the corresponding read-only user group.
  • the target user account information is filtered out in the user list corresponding to the container application and added to The read-only group corresponding to the container application.
  • the PaaS platform detects that the user account information in the read-only group is logged in, it displays the container application corresponding to the display interface of the terminal used by the corresponding user account information, and the user corresponding to the user account information cannot modify the container Application information, you can only view the information of container applications.
  • the device 100 for acquiring cloud resources based on user permissions further includes:
  • the second list pushing unit is configured to display the container application list if the authority level corresponding to the user account information is the administrator authority level, and detect the first current operation instruction on the container application list in real time.
  • the process of creating a container application can refer to the first instruction execution unit 130; the process of configuring a read-only group can refer to the second instruction execution unit 140, and the process of the application group can refer to the third The instruction execution unit 150.
  • the container application is created corresponding to the newly added container application instruction; if the first current operation instruction is a read-only group configuration instruction, the corresponding command is obtained according to the read-only group configuration instruction Add the read-only user list to the corresponding read-only user group.
  • the device 100 for acquiring cloud resources based on user permissions further includes:
  • the third list pushing unit is configured to display the container application list if the authority level corresponding to the user account information is a normal user authority level, and detect the second current operation instruction on the container application list in real time.
  • the container applications created by the user in the PaaS platform when an ordinary user logs in to the PaaS platform, he can view the container applications created by the user in the PaaS platform, or create a new container application.
  • the first instruction execution unit 130 for the process of creating a container application refer to the second instruction execution unit 140 for the process of configuring the read-only group, and refer to the third instruction execution unit 150 for the process of the application group.
  • the container application is created correspondingly according to the newly added container application instruction; if the second current operation instruction is a read-only group configuration instruction, the corresponding command is obtained according to the read-only group configuration instruction Add the read-only user list to the corresponding read-only user group.
  • the container application can only be created in the beneficiary resource pool corresponding to the subsidiary to which the user belongs.
  • the container application can only be created in the beneficiary resource pool corresponding to the subsidiary to which the user belongs.
  • the device divides the authority level of user account information in a more detailed manner, so that the server can push the corresponding data according to the authority corresponding to the user account information for the creation or maintenance of container applications, and avoids the frequent acquisition of all information in the cloud platform by the cloud platform.
  • the created container application improves the efficiency of data filtering in the cloud platform and saves the system resources of the cloud platform.
  • the foregoing apparatus for obtaining cloud resources based on user rights may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in FIG. 6.
  • FIG. 6 is a schematic block diagram of a computer device according to an embodiment of the present application.
  • the computer device 500 is a server, and the server may be an independent server or a server cluster composed of multiple servers.
  • the computer device 500 includes a processor 502, a memory, and a network interface 505 connected through a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
  • the non-volatile storage medium 503 can store an operating system 5031 and a computer program 5032.
  • the processor 502 can execute a cloud resource acquisition method based on user permissions.
  • the processor 502 is used to provide computing and control capabilities, and support the operation of the entire computer device 500.
  • the internal memory 504 provides an environment for the running of the computer program 5032 in the non-volatile storage medium 503.
  • the processor 502 can make the processor 502 execute a cloud resource acquisition method based on user permissions.
  • the network interface 505 is used for network communication, such as providing data information transmission.
  • the structure shown in FIG. 6 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device 500 to which the solution of the present application is applied.
  • the specific computer device 500 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.
  • the processor 502 is configured to run a computer program 5032 stored in a memory to implement the cloud resource acquisition method based on user permissions in the embodiment of the present application.
  • the embodiment of the computer device shown in FIG. 6 does not constitute a limitation on the specific configuration of the computer device.
  • the computer device may include more or less components than those shown in the figure. Or some parts are combined, or different parts are arranged.
  • the computer device may only include a memory and a processor. In such an embodiment, the structures and functions of the memory and the processor are consistent with the embodiment shown in FIG. 6 and will not be repeated here.
  • the processor 502 may be a central processing unit (Central Processing Unit, CPU), and the processor 502 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor.
  • a computer-readable storage medium may be a non-volatile computer-readable storage medium, or may be a volatile computer-readable storage medium.
  • the computer-readable storage medium stores a computer program, where the computer program is executed by a processor to implement the cloud resource acquisition method based on user permissions in the embodiments of the present application.
  • the disclosed equipment, device, and method may be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods, or the units with the same function may be combined into one. Units, for example, multiple units or components can be combined or integrated into another system, or some features can be omitted or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments of the present application.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a storage medium.
  • the technical solution of this application is essentially or the part that contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium. It includes several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), magnetic disk or optical disk and other media that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un appareil d'acquisition de ressources en nuage sur la base d'une permission d'un utilisateur, ainsi qu'un dispositif informatique et un support de stockage. Le procédé comprend les étapes consistant à : recevoir des informations sur un compte d'utilisateur correspondant à une instruction d'identification et, si les informations sur le compte d'utilisateur sont vérifiées avec succès, acquérir un niveau de permission correspondant aux informations sur le compte d'utilisateur ; si le niveau de permission correspondant aux informations sur le compte d'utilisateur est un niveau de permission d'utilisateur privilégié, diffuser sélectivement une liste d'applications conteneurs correspondante à un terminal correspondant aux informations sur le compte d'utilisateur à des fins d'affichage, puis détecter en temps réel une instruction d'opération relative à la liste d'applications conteneurs ; et, si une instruction d'opération relative à la liste d'applications conteneurs est détectée et si l'instruction d'opération est une instruction d'addition d'une application conteneur, créer en correspondance une application conteneur en fonction de l'instruction d'addition de l'application conteneur. D'après le procédé, les niveaux de permission des informations sur le compte d'utilisateur sont divisés plus finement, de sorte qu'un serveur diffuse sélectivement des données correspondantes en fonction de la permission correspondant aux informations sur le compte d'utilisateur en vue de la création ou de la gestion d'une application conteneur, ce qui accroît l'efficacité de filtrage de données provenant d'une plate-forme en nuage et économise les ressources du système de la plate-forme en nuage.
PCT/CN2020/093599 2019-09-18 2020-05-30 Procédé et appareil d'acquisition de ressources en nuage sur la base d'une permission d'un utilisateur et dispositif informatique WO2021051878A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910881333.2 2019-09-18
CN201910881333.2A CN110784446B (zh) 2019-09-18 2019-09-18 基于用户权限的云资源获取方法、装置及计算机设备

Publications (1)

Publication Number Publication Date
WO2021051878A1 true WO2021051878A1 (fr) 2021-03-25

Family

ID=69384227

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093599 WO2021051878A1 (fr) 2019-09-18 2020-05-30 Procédé et appareil d'acquisition de ressources en nuage sur la base d'une permission d'un utilisateur et dispositif informatique

Country Status (2)

Country Link
CN (1) CN110784446B (fr)
WO (1) WO2021051878A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113111327A (zh) * 2021-04-27 2021-07-13 北京赛博云睿智能科技有限公司 基于PaaS的服务门户管理系统的资源管理方法及装置
CN113434257A (zh) * 2021-07-07 2021-09-24 曙光信息产业(北京)有限公司 一种Docker的操作方法、装置、服务器和存储介质
CN113727070A (zh) * 2021-08-27 2021-11-30 杭州海康威视系统技术有限公司 一种设备资源管理方法、装置、电子设备及存储介质
CN114389868A (zh) * 2021-12-30 2022-04-22 天翼物联科技有限公司 一种云资源的分配方法、系统、装置及存储介质
CN115442153A (zh) * 2022-10-25 2022-12-06 北京云成金融信息服务有限公司 一种用于供应链的数据管理方法及系统

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784446B (zh) * 2019-09-18 2022-03-08 平安科技(深圳)有限公司 基于用户权限的云资源获取方法、装置及计算机设备
CN111585967A (zh) * 2020-04-08 2020-08-25 上海蓝云网络科技有限公司 一种云服务认证连接方法、系统、计算机和存储介质
CN111510444A (zh) * 2020-04-09 2020-08-07 上海云励科技有限公司 容器的远程访问方法、系统、服务端和访问辅助组件
CN111966374A (zh) * 2020-08-11 2020-11-20 南京新联电子股份有限公司 一种基于容器的能源控制器终端软件部署及管理方法
CN112804237A (zh) * 2021-01-18 2021-05-14 统信软件技术有限公司 一种用户身份认证装置、计算设备及系统
CN113221103B (zh) * 2021-05-08 2022-09-20 山东英信计算机技术有限公司 一种容器安全防护方法、系统及介质
CN114466217A (zh) * 2022-02-16 2022-05-10 上海哔哩哔哩科技有限公司 用于直播间的信息显示方法及装置
CN115688067A (zh) * 2022-09-30 2023-02-03 金航数码科技有限责任公司 一种基于容器的数据存储及访问控制方法

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739708A (zh) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 一种基于云平台访问第三方应用的系统及方法
KR101692339B1 (ko) * 2016-06-08 2017-01-03 (주)세이퍼존 클라우드 기반의 엔드 포인트 보안용 보안키 및 이를 이용한 보안 시스템
CN106682028A (zh) * 2015-11-10 2017-05-17 阿里巴巴集团控股有限公司 获取网页应用的方法、装置及系统
CN106845183A (zh) * 2017-01-24 2017-06-13 郑州云海信息技术有限公司 一种应用容器引擎管理方法及系统
WO2019162730A1 (fr) * 2018-02-26 2019-08-29 Pratik Sharma Gestionnaire de compte client pour nuage
CN110784446A (zh) * 2019-09-18 2020-02-11 平安科技(深圳)有限公司 基于用户权限的云资源获取方法、装置及计算机设备

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10235222B2 (en) * 2017-01-05 2019-03-19 Portworx, Inc. Containerized application system graph driver
CN109962805A (zh) * 2017-12-26 2019-07-02 中移(杭州)信息技术有限公司 一种基于分权分域的多平台接入方法及设备
CN108377227A (zh) * 2018-01-11 2018-08-07 北京潘达互娱科技有限公司 服务器账号管理系统、账号登录方法、更新方法及设备
CN109543372A (zh) * 2018-10-26 2019-03-29 深圳壹账通智能科技有限公司 业务权限数据处理方法、装置、计算机设备及存储介质
CN109743199A (zh) * 2018-12-25 2019-05-10 中国联合网络通信集团有限公司 基于微服务的容器化管理系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102739708A (zh) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 一种基于云平台访问第三方应用的系统及方法
CN106682028A (zh) * 2015-11-10 2017-05-17 阿里巴巴集团控股有限公司 获取网页应用的方法、装置及系统
KR101692339B1 (ko) * 2016-06-08 2017-01-03 (주)세이퍼존 클라우드 기반의 엔드 포인트 보안용 보안키 및 이를 이용한 보안 시스템
CN106845183A (zh) * 2017-01-24 2017-06-13 郑州云海信息技术有限公司 一种应用容器引擎管理方法及系统
WO2019162730A1 (fr) * 2018-02-26 2019-08-29 Pratik Sharma Gestionnaire de compte client pour nuage
CN110784446A (zh) * 2019-09-18 2020-02-11 平安科技(深圳)有限公司 基于用户权限的云资源获取方法、装置及计算机设备

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113111327A (zh) * 2021-04-27 2021-07-13 北京赛博云睿智能科技有限公司 基于PaaS的服务门户管理系统的资源管理方法及装置
CN113111327B (zh) * 2021-04-27 2024-02-13 北京赛博云睿智能科技有限公司 基于PaaS的服务门户管理系统的资源管理方法及装置
CN113434257A (zh) * 2021-07-07 2021-09-24 曙光信息产业(北京)有限公司 一种Docker的操作方法、装置、服务器和存储介质
CN113727070A (zh) * 2021-08-27 2021-11-30 杭州海康威视系统技术有限公司 一种设备资源管理方法、装置、电子设备及存储介质
CN113727070B (zh) * 2021-08-27 2022-12-02 杭州海康威视系统技术有限公司 一种设备资源管理方法、装置、电子设备及存储介质
CN114389868A (zh) * 2021-12-30 2022-04-22 天翼物联科技有限公司 一种云资源的分配方法、系统、装置及存储介质
CN114389868B (zh) * 2021-12-30 2024-01-30 天翼物联科技有限公司 一种云资源的分配方法、系统、装置及存储介质
CN115442153A (zh) * 2022-10-25 2022-12-06 北京云成金融信息服务有限公司 一种用于供应链的数据管理方法及系统
CN115442153B (zh) * 2022-10-25 2023-03-31 北京云成金融信息服务有限公司 一种用于供应链的数据管理方法及系统

Also Published As

Publication number Publication date
CN110784446B (zh) 2022-03-08
CN110784446A (zh) 2020-02-11

Similar Documents

Publication Publication Date Title
WO2021051878A1 (fr) Procédé et appareil d'acquisition de ressources en nuage sur la base d'une permission d'un utilisateur et dispositif informatique
US9825956B2 (en) Systems and methods for access permission revocation and reinstatement
CN109067877B (zh) 一种云计算平台部署的控制方法、服务器及存储介质
EP2871553B1 (fr) Systèmes et procédés pour protéger des biens virtualisés
US9813423B2 (en) Trust-based computing resource authorization in a networked computing environment
US9928080B2 (en) Hardware security module access management in a cloud computing environment
US9432358B2 (en) System and method of authenticating user account login request messages
US20190386956A1 (en) Dynamically opening ports for trusted application processes hosted in containers
US10447703B2 (en) VNF package operation method and apparatus
US11695776B2 (en) Techniques for automatically configuring minimal cloud service access rights for container applications
US10447924B2 (en) Camera usage notification
EP3637252A1 (fr) Procédé de déploiement de machine virtuelle et machine virtuelle omm
US9313208B1 (en) Managing restricted access resources
US9774600B1 (en) Methods, systems, and computer readable mediums for managing infrastructure elements in a network system
US10333939B2 (en) System and method for authentication
US20220138220A1 (en) Dedicated replication channels for replicating records between regions
CN113839931A (zh) 登录方法、计算机装置和存储介质
WO2015062266A1 (fr) Système et procédé d'authentification de messages de requête d'ouverture de session de compte d'utilisateur
CN115665265A (zh) 请求处理方法、装置、设备、存储介质及系统
US10664364B2 (en) Transferring a server configuration parameter along with a workload
CN114124524A (zh) 一种云平台权限设置方法、装置、终端设备及存储介质
US11487570B1 (en) Efficient creation of endpoints for accessing services directly within a cloud-based system
US9178867B1 (en) Interacting with restricted environments
CN114070856A (zh) 数据处理方法、装置、系统、运维审计设备和存储介质
US11972300B2 (en) Techniques for managing edge device provisioning

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20866594

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20866594

Country of ref document: EP

Kind code of ref document: A1