WO2021051878A1

WO2021051878A1 - Cloud resource acquisition method and apparatus based on user permission, and computer device

Info

Publication number: WO2021051878A1
Application number: PCT/CN2020/093599
Authority: WO
Inventors: 黄桂钦
Original assignee: 平安科技（深圳）有限公司
Priority date: 2019-09-18
Filing date: 2020-05-30
Publication date: 2021-03-25
Also published as: CN110784446A; CN110784446B

Abstract

Disclosed are a cloud resource acquisition method and apparatus based on user permission, and a computer device and a storage medium. The method comprises: receiving user account information corresponding to a login instruction, and if the user account information passes verification, acquiring a permission level corresponding to the user account information; if the permission level corresponding to the user account information is a privileged user permission level, pushing a corresponding container application list to a terminal corresponding to the user account information for display, and detecting, in real time, an operation instruction for the container application list; and if an operation instruction for the container application list is detected and the operation instruction is a container application addition instruction, correspondingly creating a container application according to the container application addition instruction. According to the method, permission levels of user account information are divided in a finer manner, such that a server pushes corresponding data according to the permission corresponding to the user account information for the creation or maintenance of a container application, thus improving the efficiency of screening of data from a cloud platform, and saving system resources of the cloud platform.

Description

基于用户权限的云资源获取方法、装置及计算机设备Cloud resource acquisition method, device and computer equipment based on user authority

本申请要求于2019年9月18日提交中国专利局、申请号为201910881333.2，发明名称为“基于用户权限的云资源获取方法、装置及计算机设备”的中国专利申请的优先权，其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on September 18, 2019, the application number is 201910881333.2, and the invention title is "user rights-based cloud resource acquisition methods, devices, and computer equipment". The entire content of the patent application is approved The reference is incorporated in this application.

技术领域Technical field

本申请涉及Paas架构技术领域，尤其涉及一种基于用户权限的云资源获取方法、装置及计算机设备。This application relates to the technical field of Paas architecture, and in particular to a method, device and computer equipment for obtaining cloud resources based on user permissions.

背景技术Background technique

目前，基于云平台的应用创建技术得到了广泛应用，例如PaaS平台(Platform-as-a-Service，表示平台即服务)，其是指一组基于云的服务，可帮助企业用户和开发人员以本地部署解决方案无法企及的速度创建应用程序。At present, application creation technologies based on cloud platforms have been widely used. For example, PaaS platform (Platform-as-a-Service, stands for platform-as-a-service), which refers to a set of cloud-based services that can help business users and developers with Create applications at a speed that local deployment solutions cannot match.

目前，多数云平台中在针对某一应用程序而进行用户权限配置时，一般只区分管理员和普通用户。其中，普通用户在登录云平台时，需要筛选出其对应创建的容器应用，并由云平台推送相应的容器应用的数据至普通用户的终端。而管理员权限用户在登录云平台时，需要筛选出云平台中所有创建的容器应用，并由云平台推送相应的容器应用的数据至管理员权限用户的终端，但在容器应用的运维过程中无需将在云平台中所有创建的容器应用筛选并推送相应的容器应用的数据至终端。发明人意识到，若云平台频繁的获取云平台中所有创建的容器应用，会导致云平台中的数据筛选效率低下，而且极大浪费云平台的***资源。At present, most cloud platforms generally only distinguish between administrators and ordinary users when configuring user permissions for a certain application. Among them, when an ordinary user logs in to the cloud platform, he needs to filter out the corresponding container applications he created, and the cloud platform pushes the data of the corresponding container application to the ordinary user's terminal. When an administrator user logs in to the cloud platform, he needs to filter out all the container applications created in the cloud platform, and the cloud platform pushes the corresponding container application data to the terminal of the administrator user, but in the operation and maintenance process of the container application There is no need to filter all container applications created in the cloud platform and push the data of the corresponding container applications to the terminal. The inventor realizes that if the cloud platform frequently obtains all the container applications created in the cloud platform, the data filtering efficiency in the cloud platform will be inefficient, and the system resources of the cloud platform will be greatly wasted.

发明内容Summary of the invention

本申请实施例提供了一种基于用户权限的云资源获取方法、装置、计算机设备及存储介质，旨在解决现有技术中云平台的容器应用的运维过程中频繁的获取云平台中所有创建的容器应用，导致云平台中的数据筛选效率低下，而且极大浪费云平台的***资源的问题。The embodiments of the application provide a method, device, computer equipment, and storage medium for obtaining cloud resources based on user permissions, which are intended to solve the problem of frequently obtaining all creations in the cloud platform during the operation and maintenance process of the container application of the cloud platform in the prior art. The container application of the cloud platform leads to inefficient data filtering in the cloud platform, and greatly wastes the system resources of the cloud platform.

第一方面，本申请实施例提供了一种基于用户权限的云资源获取方法，其包括：In the first aspect, an embodiment of the present application provides a method for obtaining cloud resources based on user permissions, which includes:

接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数；Receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level in turn includes administrator authority level, privileged user authority level, and ordinary user Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;

若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令；If the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;

若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；If an operation instruction to the container application list is detected and the operation instruction is a new container application instruction, correspondingly create a container application according to the new container application instruction;

若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组；以及If an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group; and

若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。If an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and add the read-only user list to the corresponding read-only user group.

第二方面，本申请实施例提供了一种基于用户权限的云资源获取装置，其包括：In the second aspect, an embodiment of the present application provides a cloud resource acquisition device based on user permissions, which includes:

账号权限等级获取单元，用于接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数；The account authority level obtaining unit is configured to receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein the authority level in turn includes the administrator authority level , Privileged user authority level, ordinary user authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the authority level of the ordinary user The number of permission items;

第一列表推送单元，用于若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令；The first list pushing unit is configured to, if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the list of container applications in real time Operating instructions;

第一指令执行单元，用于若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；The first instruction execution unit is configured to, if an operation instruction to the container application list is detected and the operation instruction is a newly added container application instruction, correspondingly create a container application according to the newly added container application instruction;

第二指令执行单元，用于若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组；以及The second instruction execution unit is configured to, if an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list To the corresponding application user group; and

第三指令执行单元，用于若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。The third instruction execution unit is configured to, if an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and set the read-only user The list is added to the corresponding read-only user group.

第三方面，本申请实施例又提供了一种计算机设备，其包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序，所述处理器执行所述计算机程序时实现以下步骤：In a third aspect, an embodiment of the present application provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and running on the processor, and the processor executes the computer The following steps are implemented during the program:

第四方面，本申请实施例还提供了一种计算机可读存储介质，其中所述计算机可读存储介质存储有计算机程序，所述计算机程序当被处理器执行时使所述处理器执行以下步骤：In a fourth aspect, the embodiments of the present application also provide a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps :

本申请实施例通过对用户账号信息的权限等级进行更加细化的划分，便于服务器根据用户账号信息对应的权限推送对应的数据以进行容器应用的创建或维护，避免了云平台频繁的获取云平台中所有创建的容器应用，提高云平台中的数据筛选效率，节约云平台的系统资源。The embodiment of the application divides the authority level of user account information in a more detailed manner, so that the server can push corresponding data according to the authority corresponding to the user account information for the creation or maintenance of container applications, avoiding frequent acquisition of cloud platforms by cloud platforms All the container applications created in the cloud platform improve the efficiency of data filtering in the cloud platform and save the system resources of the cloud platform.

附图说明Description of the drawings

图1为本申请实施例提供的基于用户权限的云资源获取方法的应用场景示意图；FIG. 1 is a schematic diagram of an application scenario of a method for obtaining cloud resources based on user permissions provided by an embodiment of the application;

图2为本申请实施例提供的基于用户权限的云资源获取方法的流程示意图；2 is a schematic flowchart of a method for obtaining cloud resources based on user permissions provided by an embodiment of the application;

图3为本申请实施例提供的基于用户权限的云资源获取方法的子流程示意图；3 is a schematic diagram of a sub-flow of a method for obtaining cloud resources based on user permissions provided by an embodiment of the application;

图4为本申请实施例提供的基于用户权限的云资源获取装置的示意性框图；FIG. 4 is a schematic block diagram of a cloud resource acquisition device based on user permissions provided by an embodiment of the application;

图5为本申请实施例提供的基于用户权限的云资源获取装置的子单元示意性框图；FIG. 5 is a schematic block diagram of subunits of a device for obtaining cloud resources based on user permissions according to an embodiment of the application; FIG.

图6为本申请实施例提供的计算机设备的示意性框图。Fig. 6 is a schematic block diagram of a computer device provided by an embodiment of the application.

具体实施方式detailed description

下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行描述。The technical solutions in the embodiments of the present application will be described below in conjunction with the drawings in the embodiments of the present application.

应当理解，在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合，并且包括这些组合。It should be understood that the term "and/or" used in the specification of this application and the appended claims refers to any combination of one or more of the associated listed items and all possible combinations, and includes these combinations.

本申请的技术方案可应用于大数据技术领域，例如本申请的技术方案可通过数据平台如云计算平台实现。The technical solution of this application can be applied to the field of big data technology. For example, the technical solution of this application can be implemented by a data platform such as a cloud computing platform.

请参阅图1和图2，图1为本申请实施例提供的基于用户权限的云资源获取方法的应用场景示意图；图2为本申请实施例提供的基于用户权限的云资源获取方法的流程示意图，该基于用户权限的云资源获取方法应用于服务器中，该方法通过安装于服务器中的应用软件进行执行。Please refer to Figures 1 and 2. Figure 1 is a schematic diagram of an application scenario of a method for obtaining cloud resources based on user permissions provided by an embodiment of this application; Figure 2 is a schematic flowchart of a method for obtaining cloud resources based on user permissions provided by an embodiment of this application The method for obtaining cloud resources based on user permissions is applied to a server, and the method is executed by application software installed in the server.

如图2所示，该方法包括步骤S110～S150。As shown in Figure 2, the method includes steps S110 to S150.

S110、接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数。S110. Receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level includes administrator authority level, privileged user authority level, and Ordinary user authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level.

在本实施例中，为了更清楚的理解技术方案的使用场景，下面对所涉及到的终端进行介绍。其中，在本申请中，是站在服务器的角度来描述技术方案。In this embodiment, in order to more clearly understand the usage scenario of the technical solution, the terminals involved are introduced below. Among them, in this application, the technical solution is described from the perspective of the server.

一是服务器，具体为Paas平台(Platform-as-a-Service，平台即服务，它是指一组基于云的服务，可帮助企业用户和开发人员以本地部署解决方案无法企及的速度创建应用程序)。服务器用于提供面向用户的交互界面，使得用户输入账号信息在登录服务器后即可进行容器应用的创建或维护等操作。One is the server, specifically the Paas platform (Platform-as-a-Service, Platform-as-a-Service, which refers to a set of cloud-based services that can help business users and developers create applications at a speed that cannot be achieved by local deployment solutions. ). The server is used to provide a user-oriented interactive interface, so that the user can perform operations such as creation or maintenance of a container application after logging in to the server after entering account information.

二是用户端，其通过服务器提供的交互界面登录以登录服务器对应的Paas平台，从而进行容器应用的创建或维护等操作。The second is the user side, which logs in through the interactive interface provided by the server to log in to the Paas platform corresponding to the server, so as to perform operations such as creation or maintenance of container applications.

在PaaS平台较为常见操作的是创建容器应用，其中容器应用即为基于Docker容器(Docker是一种轻量虚拟化的容器技术，提供类似虚拟机的隔离功能，并使用了一种分层的联合文件***技术管理镜像，能极大简化环境运维过程)创建的应用。The most common operation in PaaS platform is to create container applications, which are based on Docker containers (Docker is a lightweight virtualized container technology that provides isolation functions similar to virtual machines, and uses a layered joint The file system technology manages the mirror image, which can greatly simplify the application created by the environment operation and maintenance process.

例如某一企业的PaaS平台可以对研发人员开放，使得研发人员能够方便的创建容器应用。但为了更好的管理该PaaS平台的多个用户账号信息，需要将个用户账号信息进行权限等级的分级。具体的，将户账号信息对应的权限等级划分为管理员权限等级、特权用户权限等级、普通用户权限等级。若接收与登录指定对应的用户账号信息，判断该用户账号信息对应管理员权限等级，则在进入PaaS平台后对应展示页面中，可以显示该PaaS平台中所有保存的容器应用，并可针对各容器应用进行查看、编辑等操作。例如，在PaaS平台中存储有用户权限配置表，该用户权限配置表中又划分为3个子表，分别为管理员权限等级的第一用户账号列表、特权用户权限等级的第二用户账号列表、普通用户权限等级的第三用户账号列表。当接收与登录指令对应的用户账号信息，需将该用户账号信息对应的用户账号与第一用户账号列表至第三用户账号列表中每一账号进行比对，判断与登录指令对应的用户账号信息是属于上述3个用户账号列表中的哪一列表，一旦完成判定，即可对应获知与登录指令对应的用户账号信息对应的权限等级。For example, the PaaS platform of a certain company can be open to R&D personnel, so that R&D personnel can easily create container applications. However, in order to better manage multiple user account information of the PaaS platform, each user account information needs to be classified into authority levels. Specifically, the authority levels corresponding to the user account information are divided into administrator authority levels, privileged user authority levels, and ordinary user authority levels. If the user account information corresponding to the login designation is received and the user account information is judged to correspond to the administrator authority level, the corresponding display page after entering the PaaS platform can display all the container applications saved in the PaaS platform, and can target each container The application performs operations such as viewing and editing. For example, a user authority configuration table is stored in the PaaS platform, and the user authority configuration table is divided into three sub-tables, namely the first user account list of the administrator authority level, the second user account list of the privileged user authority level, The third user account list of the normal user authority level. When receiving the user account information corresponding to the login instruction, the user account corresponding to the user account information needs to be compared with each account in the first user account list to the third user account list to determine the user account information corresponding to the login instruction Which one of the above three user account lists belongs to, once the determination is completed, the authority level corresponding to the user account information corresponding to the login instruction can be correspondingly learned.

若判断该用户账号信息对应特权用户权限等级，可以显示该PaaS平台中所有保存的容器应用，特权用户具备管理员的权限，但是有些特殊功能，比如平台的报表修改功能，后台管理***等，有且只有管理员可以操作，所以有些需要管理员权限，又有些不能全放开的用户，平台设置为特权用户。If it is judged that the user account information corresponds to the privilege level of the privileged user, all the container applications saved in the PaaS platform can be displayed. The privileged user has the authority of the administrator, but there are some special functions, such as the report modification function of the platform, the background management system, etc. And only the administrator can operate, so some users need administrator rights, and some users who can't let go, the platform is set as privileged users.

若判断该用户账号信息对应普通用户权限等级，则在进入PaaS平台后对应展示页面中，可以显示该PaaS平台中自己创建的容器应用，也可以看到别人授权可以看的容器应用。If it is judged that the user account information corresponds to the authority level of a normal user, the corresponding display page after entering the PaaS platform can display the container applications created by the PaaS platform, and can also see the container applications authorized by others to view.

S120、若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令。S120: If the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time.

在本实施例中，之所以设置处于管理员权限等级和普通用户权限等级之间的特权用户权限等级，是因为可以由管理员来配置一些可以辅助其进行容器应用的运维工作的特权用户。In this embodiment, the reason for setting a privileged user authority level between the administrator authority level and the ordinary user authority level is because the administrator can configure some privileged users who can assist them in the operation and maintenance of the container application.

例如，服务器上创建了100个容器应用，当服务器检测到管理员权限等级的账号登录时，会筛选出这100个容器应用，由100个容器应用的名称组成一个容器应用列表推送至登录管理员权限等级的账号的终端。此时，管理员可选择将上述100个容器应用分组为5个大组，每一大组中都包括20个容器应用，针对每一大组都配置一个特权用户，例如第一大组对应的20个容器应用均配置了特权用户A。For example, 100 container applications are created on the server. When the server detects that an account with an administrator authority level is logged in, it will filter out these 100 container applications, and a list of container applications will be formed by the names of 100 container applications and pushed to the login administrator. The terminal of the account of the authority level. At this point, the administrator can choose to group the above 100 container applications into 5 large groups, each of which includes 20 container applications, and configure a privileged user for each large group, for example, the first group corresponds to All 20 container applications are configured with privileged user A.

当服务器检测特权用户A的账户登录时，则可对应筛选出第一大组的20个容器应用，并将第一大组的20个容器应用的名称组成一个容器应用列表推送至登录特权用户权限等级的账号的终端。之后，就实时检测特权用户A所使用终端传输的针对所述容器应用列表的操作指令。例如，特权用户A可以针对所述容器应用列表中每一容器应用进行后台代码的维护等运维操作。When the server detects that the account of privileged user A is logged in, it can correspondingly filter out the 20 container applications of the first group, and push the names of the 20 container applications of the first group into a container application list to the login privileged user rights The terminal of the account of the level. After that, the operation instruction for the container application list transmitted by the terminal used by the privileged user A is detected in real time. For example, the privileged user A can perform operation and maintenance operations such as maintenance of the background code for each container application in the container application list.

由于特权用户A只是接收了20个容器应用组成的容器应用列表，这与管理员登录时接收由100个容器应用组成的容器应用列表相比，前者中服务器的数据处理量明显低于后者，这对降低服务器的数据处理量是极其有利的。Since privileged user A only receives a container application list composed of 20 container applications, this is compared with the container application list composed of 100 container applications received when the administrator logs in. The data processing volume of the server in the former is significantly lower than that in the latter. This is extremely beneficial to reduce the data processing volume of the server.

在特权用户权限等级的用户登录服务器并接收到容器应用列表后，主要是可以进行以下三项操作：一是新增容器应用(也即创建容器应用)，二是选定容器应用并配置其应用组，三是选定容器应用并配置其只读组。After a privileged user level user logs in to the server and receives the container application list, the following three operations can be performed: one is to add a new container application (that is, to create a container application), and the other is to select a container application and configure its application Group, the third is to select the container application and configure its read-only group.

在一实施例中，步骤S120之前还包括：In an embodiment, before step S120, the method further includes:

获取所述用户账号信息对应的分组信息，根据所述分组信息获取对应的资源池信息，将分组信息获取对应的资源池信息发送至所述用户账号信息对应的用户端；其中，所述资源池信息为创建容器应用所分配的IP网段。Obtain the grouping information corresponding to the user account information, obtain the corresponding resource pool information according to the grouping information, and send the resource pool information corresponding to the grouping information acquisition to the user terminal corresponding to the user account information; wherein, the resource pool The information is the IP network segment assigned to create the container application.

即服务器会对特权用户的账号信息进行识别，判断其所属的分组信息(分组信息通俗可以理解为这个用户是属于集团公司的哪一子公司)，根据其所属的分组信息获取在服务器中对应的资源池信息，以推送至特权用户的账号信息对应的终端，以帮助其在配置容器应用时有根据的设置IP网段，而不是随意设置IP网段。也就是用户在新增容器应用时，服务器会自动识别其账号所述分组后，推送对应的资源池信息至用户端。That is, the server will identify the account information of the privileged user, determine the group information to which it belongs (group information can be generally understood as which subsidiary of the group company this user belongs to), and obtain the corresponding information in the server according to the group information to which it belongs The resource pool information is pushed to the terminal corresponding to the privileged user's account information to help them set the IP network segment based on the configuration of the container application, instead of randomly setting the IP network segment. That is, when a user adds a new container application, the server will automatically identify the grouping of his account and push the corresponding resource pool information to the user.

S130、若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用。S130: If an operation instruction to the container application list is detected and the operation instruction is a newly added container application instruction, correspondingly create a container application according to the newly added container application instruction.

在本实施例中，具有特权用户权限的用户登录PaaS平台后，可以查看PaaS平台中其被授权查看或自身创建容器应用，也可以创建新的容器应用。在创建新的容器应用时所涉及的特征介绍及具体步骤如下：In this embodiment, after a user with privileged user authority logs in to the PaaS platform, he can view that he is authorized to view the PaaS platform or create a container application by himself, or he can create a new container application. The features and specific steps involved in creating a new container application are as follows:

容器应用的信息包括容器应用的应用环境、容器应用的区域，容器实例数量、容器应用镜像信息、容器应用的资源组等。容器应用的信息还包括是否同步到opcm、是否启用监控、部署方式、应用管理员(创建容器应用的人，可以对创建的容器应用进行管理)等。其中，容器应用的应用环境包括生产环境、测试环境、开发环境等。其中，生产环境意味着该容器应用创建成功后对接外部环境，或者供外部用户进行访问；测试环境意味着该容器应用创建成功后供测试使用；开发环境意味着该容器应用创建成功后供开发使用。容器应用的区域指的是创建容器应用的机房位置，由两部分组成：如图2中的“区域”+“安全区域”。其中，安全区域为区域下的子区域。可以理解为，将容器应用创建在“xx区域”下的“xxx安全区域”的机房中。然而，确定容器应用创建在哪个具体地机房中，需要根据容器应用的应用环境和容器应用的区域共同决定，可以理解为将容器应用创建在某个应用环境下容器应用的区域所对应的机房中。可以理解为，同一个区域不同应用环境所对应的机房是不同的。容器应用的容器实例数量指的是该容器应用的容器数量，一个容器应用的容器数量是没有上限的。其中，容器实例数量可根据该容器应用的访问量确定。容器实例镜像信息包括镜像版本、镜像类型和镜像名称。其中，镜像版本包括官方(版本)等；镜像类型指的是该容器实例使用哪种镜像，如nginx、tomcat、weblogic、springboot等；镜像名称指的是具体的镜像名称。其中，镜像信息可以从对应的镜像仓库中获取以供用户选择，其中，对应的镜像仓库指的是该容器应用的应用环境和容器应用的区域共同确定的该机房下的镜像仓库。创建容器应用是需要收费的，容器应用的资源组下包括有资源账户，用于容器应用创建所使用的费用。是否同步到opcm指的是是否同步所创建的容器应用的信息到企业内部的信息平台opcm上，供可以使用opcm信息平台的用户查看。在其他实施例中，也可以理解为同步所创建的容器应用的信息到第三方平台上。是否启用监控指的是是否选择对容器应用的容器实例进行监控，比如监控容器实例的CPU/内存/IO等资源的使用情况。部署方式，对接企业内部的部署平台，用于决定该容器应用的后续版本发布模式。在一些实施例中，容器应用的信息还包括受益人资源池，受益人资源池指的是创建容器应用的子公司/部门，决定所创建的容器分配的IP网段以及容器的宿主机资源，不同资源池，使用的是不同的IP网段以及宿主机资源。若容器应用的信息还包括受益人资源池，那么受益人资源池与容器应用的应用环境、容器应用的区域一起决定所创建的容器实例分配的IP网段以及容器实例的宿主机资源，不同资源池，使用的是不同的IP网段以及宿主机资源。The information of the container application includes the application environment of the container application, the area of the container application, the number of container instances, the image information of the container application, and the resource group of the container application. The information of the container application also includes whether to synchronize to the opcm, whether to enable monitoring, deployment mode, application administrator (the person who creates the container application can manage the created container application), etc. Among them, the application environment of the container application includes a production environment, a test environment, a development environment, and so on. Among them, the production environment means that the container application is successfully created to connect to the external environment, or for external users to access; the test environment means that the container application is successfully created for testing; the development environment means that the container application is successfully created for development and use . The container application area refers to the location of the computer room where the container application is created, and consists of two parts: "area" + "safe area" in Figure 2. Among them, the safe area is a sub-area under the area. It can be understood that the container application is created in the computer room of the "xxx security zone" under the "xx zone". However, to determine in which specific computer room the container application is created, it needs to be determined jointly according to the application environment of the container application and the area of the container application. It can be understood as creating the container application in the computer room corresponding to the area of the container application in a certain application environment. . It can be understood that the computer rooms corresponding to different application environments in the same area are different. The number of container instances of a container application refers to the number of containers of the container application, and there is no upper limit on the number of containers of a container application. Among them, the number of container instances can be determined according to the access volume of the container application. The container instance image information includes the image version, image type, and image name. Among them, the image version includes official (version), etc.; the image type refers to which image is used by the container instance, such as nginx, tomcat, weblogic, springboot, etc.; the image name refers to the specific image name. Among them, the mirror image information can be obtained from the corresponding mirror warehouse for users to choose, where the corresponding mirror warehouse refers to the mirror warehouse under the computer room that is jointly determined by the application environment of the container application and the region of the container application. There is a charge for creating a container application. The resource group of the container application includes a resource account, which is used for the cost of creating the container application. Whether to synchronize to opcm refers to whether to synchronize the information of the created container application to the internal information platform opcm of the enterprise for users who can use the opcm information platform to view. In other embodiments, it can also be understood as synchronizing the information of the created container application to a third-party platform. Whether to enable monitoring refers to whether you choose to monitor the container instance of the container application, such as monitoring the CPU/memory/IO usage of the container instance. The deployment method is connected to the deployment platform within the enterprise and used to determine the subsequent version release mode of the container application. In some embodiments, the container application information also includes a beneficiary resource pool. The beneficiary resource pool refers to the subsidiary/department that created the container application, which determines the IP network segment allocated by the created container and the host resources of the container. Different resource pools use different IP network segments and host resources. If the information of the container application also includes the beneficiary resource pool, the beneficiary resource pool, the application environment of the container application, and the region of the container application together determine the IP network segment allocated by the created container instance and the host resources of the container instance. Different resources The pool uses different IP network segments and host resources.

多个容器应用的信息不同，可以指容器应用的区域不同、容器应用镜像信息不同(包括镜像类型不同或者镜像名称不同)等。需要注意的是，容器应用的区域、镜像类型、镜像名称中有一个不同，则认为容器应用的信息不同。同时需要注意的是，不同容器应用的信息中可以有多个不同之处，如容器应用的区域不同、镜像类型不同、镜像名称不同等。每个不同容器应用的信息中的容器实例数量、容器实例的使用时间也可以不同。The different information of multiple container applications may refer to different regions of the container application, different image information of the container application (including different image types or different image names), etc. It should be noted that if there is a difference in the region, image type, and image name of the container application, it is considered that the information of the container application is different. At the same time, it should be noted that there can be many differences in the information of different container applications, such as different areas of container applications, different image types, and different image names. The number of container instances and the usage time of the container instances in the information of each different container application can also be different.

在一实施例中，如图3所示，步骤S130包括：In an embodiment, as shown in FIG. 3, step S130 includes:

S131、根据容器应用的应用环境、容器应用的区域、容器实例数量确定容器应用的容器实例的IP；S131: Determine the IP of the container instance of the container application according to the application environment of the container application, the area of the container application, and the number of container instances;

S132、根据所述容器应用的应用环境、所述容器应用的区域确定保存该容器应用镜像的镜像仓库；S132: Determine a mirror repository for storing the image of the container application according to the application environment of the container application and the area of the container application;

S133、根据所述容器应用镜像信息确定创建容器实例需占用的资源；S133: Determine, according to the container application image information, the resources required to create the container instance;

S134、根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像；S134: Extract a specific image that needs to be used to create a container instance of the container application from the determined image warehouse according to the container application image information;

S135、根据所述容器应用的应用环境、所述容器应用的区域、所确定的创建容器实例需占用的资源确定创建容器实例的宿主机；S135: Determine a host for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources to be occupied for creating the container instance;

S136、根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定。S136. Create a container instance of the container application on the determined host machine according to the determined specific image, and bind the created container instance with the determined IP of the container instance.

在本实施例中，根据该容器应用的应用环境、该容器应用的区域可确定容器应用创建的位置，即将容器应用创建在具体哪个机房中。如将容器应用创建在测试环境下宝信(地名)区域下的SF(宝信下面的一个更小的区域标识)子区域所在的机房中。获取数据库中对应位置(该机房下)预先分配的用于创建容器实例的IP地址池；从容器实例的IP地址池中获取与该容器实例数量相同数量的IP地址，将该IP确定为该容器应用的容器实例的IP。In this embodiment, the location where the container application is created can be determined according to the application environment of the container application and the area of the container application, that is, in which computer room the container application is created. For example, the container application is created in the computer room where the SF (a smaller area identifier below Baoxin) sub-region under the Baoxin (place name) area in the test environment is located. Obtain the pre-allocated IP address pool used to create the container instance in the corresponding location in the database (under the computer room); obtain the same number of IP addresses as the container instance from the IP address pool of the container instance, and determine the IP as the container The IP of the container instance of the application.

根据该容器应用的应用环境、该容器应用的区域可确定容器应用创建的位置，即将容器应用创建在具体哪个机房中。需要注意的是，每个应用环境下每个区域中的都对应有保存镜像资源的镜像仓库。在该镜像仓库中保存有该应用环境下该区域所需要使用的所有的镜像资源。通过后面的内容可知，创建容器应用的容器实例时需要将应用镜像推送到创建容器实例的宿主机上，如此，镜像仓库和创建容器实例的宿主机最好在一个局域网内，如此可提高创建的速度，也提高了创建的安全性。若要从一个区域的镜像仓库中得到应用镜像，并推送到另一个区域的容器实例的宿主机，必然会降低创建的速度，同时安全性也得不到保证。According to the application environment of the container application and the area of the container application, the location where the container application is created can be determined, that is, in which computer room the container application is created. It should be noted that each area in each application environment corresponds to a mirror warehouse that stores mirror resources. All the mirror resources needed to be used in the area under the application environment are stored in the mirror warehouse. As you can see from the following content, when creating a container instance of a container application, you need to push the application image to the host that creates the container instance. In this way, the mirror warehouse and the host that creates the container instance are best in a local area network, which can improve the creation Speed also improves the safety of creation. To obtain an application image from a mirror warehouse in one region and push it to the host of a container instance in another region, the creation speed will inevitably be reduced, and security cannot be guaranteed.

根据该容器应用镜像信息中的镜像类型、镜像版本确定创建容器实例需占用的资源。创建容器实例是需要在宿主机上占用一定的资源的，因此需要先确定创建容器实例需占用的资源，以判断宿主机是否有足够的资源来创建该容器实例。Determine the resources required to create a container instance according to the image type and image version in the image information of the container application. Creating a container instance requires certain resources to be occupied on the host. Therefore, it is necessary to determine the resources required to create the container instance first to determine whether the host has enough resources to create the container instance.

根据该容器应用的应用环境、容器应用的区域可确定容器应用创建的位置，即将容器应用创建在具体哪个机房中。获取数据库中对应位置(该机房下)预先分配的用于创建容器实例的宿主机的IP地址池；根据创建容器实例需占用的资源从宿主机的IP地址池中确定创建容器实例的宿主机IP；根据宿主机IP即可确定对应的宿主机。According to the application environment of the container application and the region of the container application, the location where the container application is created can be determined, that is, in which computer room the container application is created. Obtain the pre-allocated IP address pool of the host used to create the container instance in the corresponding location in the database (under the computer room); determine the host IP to create the container instance from the IP address pool of the host according to the resources required to create the container instance ; According to the host IP, the corresponding host can be determined.

需要注意的是，以上确定容器应用的容器实例的IP、确定具体镜像、确定创建容器实例的宿主机的这几个对应步骤并没有严格限定顺序，在其他实施例中，也可以是其他顺序，如先确定具体镜像，再确定创建容器实例的宿主机，最后再确定容器应用的容器实例的IP等。It should be noted that the above corresponding steps of determining the IP of the container instance of the container application, determining the specific image, and determining the host machine of the container instance are not strictly limited in order. In other embodiments, other orders may also be used. For example, first determine the specific image, then determine the host machine to create the container instance, and finally determine the IP of the container instance of the container application.

在一实施例中，步骤S134包括：In an embodiment, step S134 includes:

根据所述容器应用镜像信息中的镜像类型、镜像版本、镜像名称所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像。The specific image that needs to be used to create the container instance of the container application is extracted from the image warehouse determined by the image type, image version, and image name in the container application image information.

即在获取建该容器应用的容器实例需使用的具体镜像时，先要获取所述容器应用镜像信息中的镜像类型、镜像版本、镜像名称，由所述容器应用镜像信息中的镜像类型、镜像版本、镜像名称来对应提取具体镜像。That is, when obtaining the specific image that needs to be used to build the container instance of the container application, first obtain the image type, image version, and image name in the container application image information, and then use the image type and image name in the container application image information. The version and image name correspond to the specific image extracted.

在一实施例中，步骤S136包括：In an embodiment, step S136 includes:

通过容器编排工具将所确定的具体镜像推送到所确定的宿主机上，以在所述宿主机上创建该容器应用的容器实例；Push the determined specific image to the determined host machine through the container orchestration tool, so as to create a container instance of the container application on the host machine;

若该容器应用的容器实例创建完成，通过运维工具连接所创建的容器实例，将所创建的容器实例与所确定的容器实例的IP进行绑定。If the container instance of the container application is created, connect the created container instance through the operation and maintenance tool, and bind the created container instance with the determined IP of the container instance.

在本实施例中，容器编排工具可以为Marathon工具，还可以为其他的容器编排工具。Marathon工具相当于一个中转站，将所确定的具体镜像发送到该容器编排工具，然后由容器编排工具将具体镜像分配下发到所确定的宿主机上，以进行容器实例的创建。其中，运维工具如自动化运维工具ansible。In this embodiment, the container orchestration tool may be a Marathon tool, or other container orchestration tools. The Marathon tool is equivalent to a transfer station, which sends the determined specific image to the container orchestration tool, and then the container orchestration tool distributes the specific image to the determined host to create a container instance. Among them, operation and maintenance tools such as ansible, an automated operation and maintenance tool.

S140、若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组。S140. If an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain a corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group .

在本实施例中，具有特权用户权限的用户登录PaaS平台后，若接收到了某一个或多个用户针对该特权用户权限的用户自己所创建的容器应用的应用组用户申请信息，获取上述应用组用户申请信息对应的目标用户账号信息，将应用组用户申请信息对应的目标用户账号信息加入至该容器应用对应的应用用户组。PaaS平台在检测到该应用组中的用户账号信息进行登录时，将该容器应用对应展示给对应的用户账号信息所使用的终端的显示界面，且该的用户账号信息对应的可以具有容器应用的创建者的部分权限(例如修改该容器应用的后台代码等)。In this embodiment, after a user with privileged user rights logs in to the PaaS platform, if one or more users receive application group user application information for the container application created by the user with the privileged user rights, obtain the above-mentioned application group The target user account information corresponding to the user application information, and the target user account information corresponding to the application group user application information is added to the application user group corresponding to the container application. When the PaaS platform detects that the user account information in the application group is logged in, it displays the container application corresponding to the display interface of the terminal used by the corresponding user account information, and the user account information corresponding to the container application Part of the permissions of the creator (for example, modify the background code of the container application, etc.).

S150、若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。S150. If an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and add the read-only user list to the corresponding only Read user group.

在本实施例中，具有特权用户权限的用户登录PaaS平台后，在容器应用列表中选中对某一容器应用时，并在该容器应用对应的用户清单中对应筛选出目标用户账号信息并加入至该容器应用对应的只读组。PaaS平台在检测到该只读组中的用户账号信息进行登录时，将该容器应用对应展示给对应的用户账号信息所使用的终端的显示界面，且该的用户账号信息对应的用户不能修改容器应用的信息，只能查看容器应用的信息。In this embodiment, after a user with privileged user rights logs in to the PaaS platform, when a container application is selected in the container application list, the target user account information is filtered out in the user list corresponding to the container application and added to The read-only group corresponding to the container application. When the PaaS platform detects that the user account information in the read-only group is logged in, it displays the container application corresponding to the display interface of the terminal used by the corresponding user account information, and the user corresponding to the user account information cannot modify the container Application information, you can only view the information of container applications.

在一实施例中，步骤S150之后还包括：In an embodiment, after step S150, the method further includes:

若所述用户账号信息对应的权限等级为管理员权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第一当前操作指令。If the authority level corresponding to the user account information is the administrator authority level, the container application list is displayed, and the first current operation instruction to the container application list is detected in real time.

在本实施例中，管理员登录所述PaaS平台时，创建容器应用的过程可参考步骤S130；配置只读组的过程参考步骤S140，应用组的过程参考步骤S150。In this embodiment, when the administrator logs into the PaaS platform, the process of creating a container application can refer to step S130; the process of configuring a read-only group can refer to step S140, and the process of applying a group can refer to step S150.

即若第一当前操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；若第一当前操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。That is, if the first current operation instruction is a newly added container application instruction, the container application is created corresponding to the newly added container application instruction; if the first current operation instruction is a read-only group configuration instruction, the corresponding command is obtained according to the read-only group configuration instruction Add the read-only user list to the corresponding read-only user group.

若所述用户账号信息对应的权限等级为普通用户权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第二当前操作指令。If the authority level corresponding to the user account information is a normal user authority level, the container application list is displayed, and the second current operation instruction to the container application list is detected in real time.

在本实施例中，当普通用户登录所述PaaS平台时，可以查看PaaS平台中由该用户创建的容器应用，也可以创建新的容器应用。创建容器应用的过程可参考步骤S130；配置只读组的过程参考步骤S140，应用组的过程参考步骤S150。In this embodiment, when an ordinary user logs in to the PaaS platform, he can view the container applications created by the user in the PaaS platform, or create a new container application. The process of creating a container application can refer to step S130; the process of configuring a read-only group can refer to step S140, and the process of applying a group can refer to step S150.

即若第二当前操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；若第二当前操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。That is, if the second current operation instruction is a newly added container application instruction, the container application is created correspondingly according to the newly added container application instruction; if the second current operation instruction is a read-only group configuration instruction, the corresponding command is obtained according to the read-only group configuration instruction Add the read-only user list to the corresponding read-only user group.

普通用户权限等级的用户在创建容器应用时，只能在该用户所属子公司对应的受益人资源池中进行容器应用的创建。而特权用户权限等级或管理员权限等级的用户在创建容器应用时，只能在该用户所属子公司对应的受益人资源池中进行容器应用的创建。When creating a container application for a user with an ordinary user level, the container application can only be created in the beneficiary resource pool corresponding to the subsidiary to which the user belongs. When a user with a privileged user authority level or an administrator authority level creates a container application, the container application can only be created in the beneficiary resource pool corresponding to the subsidiary to which the user belongs.

该方法通过对用户账号信息的权限等级进行更加细化的划分，便于服务器根据用户账号信息对应的权限推送对应的数据以进行容器应用的创建或维护，避免了云平台频繁的获取云平台中所有创建的容器应用，提高云平台中的数据筛选效率，节约云平台的***资源。This method divides the authority levels of the user account information in a more detailed manner, so that the server can push the corresponding data according to the authority corresponding to the user account information for the creation or maintenance of the container application, and avoids the cloud platform from frequently acquiring all the information in the cloud platform. The created container application improves the efficiency of data filtering in the cloud platform and saves the system resources of the cloud platform.

本申请实施例还提供一种基于用户权限的云资源获取装置，该基于用户权限的云资源获取装置用于执行前述基于用户权限的云资源获取方法的任一实施例。具体地，请参阅图4，图4是本申请实施例提供的基于用户权限的云资源获取装置的示意性框图。该基于用户权限的云资源获取装置100可以配置于服务器中。The embodiment of the present application also provides a cloud resource acquisition device based on user authority, and the cloud resource acquisition device based on user authority is used to execute any embodiment of the foregoing cloud resource acquisition method based on user authority. Specifically, please refer to FIG. 4, which is a schematic block diagram of an apparatus for obtaining cloud resources based on user permissions according to an embodiment of the present application. The device 100 for acquiring cloud resources based on user permissions may be configured in a server.

如图4所示，基于用户权限的云资源获取装置100包括账号权限等级获取单元110、第一列表推送单元120、第一指令执行单元130、第二指令执行单元140、第三指令执行单元150。As shown in FIG. 4, the cloud resource acquisition device 100 based on user permissions includes an account permission level acquisition unit 110, a first list pushing unit 120, a first instruction execution unit 130, a second instruction execution unit 140, and a third instruction execution unit 150 .

视频拆分单元110，用于接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数。The video splitting unit 110 is configured to receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level in turn includes the administrator authority level , Privileged user authority level, ordinary user authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the authority level of the ordinary user The number of permission items.

第一列表推送单元120，用于若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令。The first list pushing unit 120 is configured to, if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect in real time that the container application Operation instructions for the list.

在一实施例中，实施基于用户权限的云资源获取装置100还包括：In an embodiment, implementing the device 100 for acquiring cloud resources based on user permissions further includes:

资源池信息获取单元，用于获取所述用户账号信息对应的分组信息，根据所述分组信息获取对应的资源池信息，将分组信息获取对应的资源池信息发送至所述用户账号信息对应的用户端；其中，所述资源池信息为创建容器应用所分配的IP网段。The resource pool information obtaining unit is configured to obtain grouping information corresponding to the user account information, obtain corresponding resource pool information according to the grouping information, and send the resource pool information corresponding to the grouping information acquisition to the user corresponding to the user account information End; wherein, the resource pool information is an IP network segment allocated to create a container application.

第一指令执行单元130，用于若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用。The first instruction execution unit 130 is configured to, if an operation instruction to the container application list is detected and the operation instruction is a newly added container application instruction, correspondingly create a container application according to the newly added container application instruction.

在本实施例中，具有特权用户权限的用户登录PaaS平台后，可以查看PaaS平台中其被授权查看或自身创建容器应用，也可以创建新的容器应用。在创建新的容器应用时所涉及的特征介绍及具体步骤如下：In this embodiment, after a user with privileged user authority logs in to the PaaS platform, he can view that he is authorized to view the PaaS platform or create a container application by himself, or he can create a new container application. The feature introduction and specific steps involved in creating a new container application are as follows:

容器应用的信息包括容器应用的应用环境、容器应用的区域，容器实例数量、容器应用镜像信息、容器应用的资源组等。容器应用的信息还包括是否同步到opcm、是否启用监控、部署方式、应用管理员(创建容器应用的人，可以对创建的容器应用进行管理)等。其中，容器应用的应用环境包括生产环境、测试环境、开发环境等。其中，生产环境意味着该容器应用创建成功后对接外部环境，或者供外部用户进行访问；测试环境意味着该容器应用创建成功后供测试使用；开发环境意味着该容器应用创建成功后供开发使用。容器应用的区域指的是创建容器应用的机房位置，由两部分组成：如图2中的“区域”+“安全区域”。其中，安全区域为区域下的子区域。可以理解为，将容器应用创建在“xx区域”下的“xxx安全区域”的机房中。然而，确定容器应用创建在哪个具体地机房中，需要根据容器应用的应用环境和容器应用的区域共同决定，可以理解为将容器应用创建在某个应用环境下容器应用的区域所对应的机房中。可以理解为，同一个区域不同应用环境所对应的机房是不同的。容器应用的容器实例数量指的是该容器应用的容器数量，一个容器应用的容器数量是没有上限的。其中，容器实例数量可根据该容器应用的访问量确定。容器实例镜像信息包括镜像版本、镜像类型和镜像名称。其中，镜像版本包括官方(版本)等；镜像类型指的是该容器实例使用哪种镜像，如nginx、tomcat、weblogic、springboot等；镜像名称指的是具体的镜像名称。其中，镜像信息可以从对应的镜像仓库中获取以供用户选择，其中，对应的镜像仓库指的是该容器应用的应用环境和容器应用的区域共同确定的该机房下的镜像仓库。创建容器应用是需要收费的，容器应用的资源组下包括有资源账户，用于容器应用创建所使用的费用。是否同步到opcm指的是是否同步所创建的容器应用的信息到企业内部的信息平台opcm上，供可以使用opcm信息平台的用户查看。在其他实施例中，也可以理解为同步所创建的容器应用的信息到第三方平台上。是否启用监控指的是是否选择对容器应用的容器实例进行监控，比如监控容器实例的CPU/内存/IO等资源的使用情况。部署方式，对接企业内部的部署平台，用于决定该容器应用的后续版本发布模式。在一些实施例中，容器应用的信息还包括受益人资源池，受益人资源池指的是创建容器应用的子公司/部门，决定所创建的容器分配的IP网段以及容器的宿主机资源，不同资源池，使用的是不同的IP网段以及宿主机资源。若容器应用的信息还包括受益人资源池，那么受益人资源池与容器应用的应用环境、容器应用的区域一起决定所创建的容器实例分配的IP网段以及容器实例的宿主机资源，不同资源池，使用的是不同的IP网段以及宿主机资源。The information of the container application includes the application environment of the container application, the area of the container application, the number of container instances, the image information of the container application, and the resource group of the container application. The information of the container application also includes whether to synchronize to the opcm, whether to enable monitoring, deployment mode, application administrator (the person who creates the container application can manage the created container application), etc. Among them, the application environment of the container application includes a production environment, a test environment, a development environment, and so on. Among them, the production environment means that the container application is successfully created to connect to the external environment, or for external users to access; the test environment means that the container application is successfully created for testing; the development environment means that the container application is successfully created for development and use . The container application area refers to the location of the computer room where the container application is created, and consists of two parts: "area" + "safe area" in Figure 2. Among them, the safe area is a sub-area under the area. It can be understood that the container application is created in the computer room of the "xxx security zone" under the "xx zone". However, to determine in which specific computer room the container application is created, it needs to be determined jointly according to the application environment of the container application and the area of the container application. It can be understood as creating the container application in the computer room corresponding to the area of the container application in a certain application environment. . It can be understood that the computer rooms corresponding to different application environments in the same area are different. The number of container instances of a container application refers to the number of containers of the container application, and there is no upper limit on the number of containers of a container application. Among them, the number of container instances can be determined according to the access volume of the container application. The container instance image information includes the image version, image type, and image name. Among them, the image version includes official (version), etc.; the image type refers to which image is used by the container instance, such as nginx, tomcat, weblogic, springboot, etc.; the image name refers to the specific image name. Among them, the mirror image information can be obtained from the corresponding mirror warehouse for users to choose, where the corresponding mirror warehouse refers to the mirror warehouse under the computer room that is jointly determined by the application environment of the container application and the region of the container application. There is a charge for creating a container application. The resource group of the container application includes a resource account, which is used for the cost of creating the container application. Whether to synchronize to opcm refers to whether to synchronize the information of the created container application to the internal information platform opcm of the enterprise for users who can use the opcm information platform to view. In other embodiments, it can also be understood as synchronizing the information of the created container application to a third-party platform. Whether to enable monitoring refers to whether you choose to monitor the container instance of the container application, such as monitoring the CPU/memory/IO usage of the container instance. The deployment method is connected to the deployment platform within the enterprise and used to determine the subsequent version release mode of the container application. In some embodiments, the container application information also includes a beneficiary resource pool, which refers to the subsidiary/department that creates the container application, determines the IP network segment assigned to the created container and the host resources of the container. Different resource pools use different IP network segments and host resources. If the information of the container application also includes the beneficiary resource pool, then the beneficiary resource pool, the application environment of the container application, and the region of the container application together determine the IP network segment allocated by the created container instance and the host resources of the container instance. Different resources The pool uses different IP network segments and host resources.

在一实施例中，如图5所示，第一指令执行单元130包括：In an embodiment, as shown in FIG. 5, the first instruction execution unit 130 includes:

容器实例IP获取单元131，用于根据容器应用的应用环境、容器应用的区域、容器实例数量确定容器应用的容器实例的IP；The container instance IP obtaining unit 131 is configured to determine the IP of the container instance of the container application according to the application environment of the container application, the region of the container application, and the number of container instances;

镜像仓库获取单元132，用于根据所述容器应用的应用环境、所述容器应用的区域确定保存该容器应用镜像的镜像仓库；The image repository obtaining unit 132 is configured to determine the image repository for storing the container application image according to the application environment of the container application and the area of the container application;

容器资源获取单元133，用于根据所述容器应用镜像信息确定创建容器实例需占用的资源；The container resource acquiring unit 133 is configured to determine the resources required to create a container instance according to the container application image information;

具体镜像获取单元134，用于根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像；The specific image obtaining unit 134 is configured to extract the specific image that needs to be used to create the container instance of the container application from the determined image warehouse according to the container application image information;

宿主机获取单元135，用于根据所述容器应用的应用环境、所述容器应用的区域、所确定的创建容器实例需占用的资源确定创建容器实例的宿主机；The host acquisition unit 135 is configured to determine the host for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources that need to be occupied to create the container instance;

IP绑定单元136，用于根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定。The IP binding unit 136 is configured to create a container instance of the container application on the determined host machine according to the determined specific image, and bind the created container instance with the determined IP of the container instance.

在一实施例中，具体镜像获取单元134还用于：In an embodiment, the specific image obtaining unit 134 is further configured to:

在一实施例中，IP绑定单元136包括：In an embodiment, the IP binding unit 136 includes:

具体镜像推送单元，用于通过容器编排工具将所确定的具体镜像推送到所确定的宿主机上，以在所述宿主机上创建该容器应用的容器实例；The specific image pushing unit is configured to push the determined specific image to the determined host machine through the container orchestration tool, so as to create a container instance of the container application on the host machine;

容器IP绑定单元，用于若该容器应用的容器实例创建完成，通过运维工具连接所创建的容器实例，将所创建的容器实例与所确定的容器实例的IP进行绑定。The container IP binding unit is used for, if the container instance of the container application is created, connect the created container instance through the operation and maintenance tool, and bind the created container instance with the determined IP of the container instance.

第二指令执行单元140，用于若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组。The second instruction execution unit 140 is configured to, if an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and set the application group user list Add to the corresponding application user group.

第三指令执行单元150，用于若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。The third instruction execution unit 150 is configured to: if an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and set the read-only The user list is added to the corresponding read-only user group.

在一实施例中，所述基于用户权限的云资源获取装置100还包括：In an embodiment, the device 100 for acquiring cloud resources based on user permissions further includes:

第二列表推送单元，用于若所述用户账号信息对应的权限等级为管理员权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第一当前操作指令。The second list pushing unit is configured to display the container application list if the authority level corresponding to the user account information is the administrator authority level, and detect the first current operation instruction on the container application list in real time.

在本实施例中，管理员登录所述PaaS平台时，创建容器应用的过程可参考第一指令执行单元130；配置只读组的过程参考第二指令执行单元140，应用组的过程参考第三指令执行单元150。In this embodiment, when the administrator logs in to the PaaS platform, the process of creating a container application can refer to the first instruction execution unit 130; the process of configuring a read-only group can refer to the second instruction execution unit 140, and the process of the application group can refer to the third The instruction execution unit 150.

第三列表推送单元，用于若所述用户账号信息对应的权限等级为普通用户权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第二当前操作指令。The third list pushing unit is configured to display the container application list if the authority level corresponding to the user account information is a normal user authority level, and detect the second current operation instruction on the container application list in real time.

在本实施例中，当普通用户登录所述PaaS平台时，可以查看PaaS平台中由该用户创建的容器应用，也可以创建新的容器应用。创建容器应用的过程可参考第一指令执行单元130；配置只读组的过程参考第二指令执行单元140，应用组的过程参考第三指令执行单元150。In this embodiment, when an ordinary user logs in to the PaaS platform, he can view the container applications created by the user in the PaaS platform, or create a new container application. Refer to the first instruction execution unit 130 for the process of creating a container application; refer to the second instruction execution unit 140 for the process of configuring the read-only group, and refer to the third instruction execution unit 150 for the process of the application group.

该装置通过对用户账号信息的权限等级进行更加细化的划分，便于服务器根据用户账号信息对应的权限推送对应的数据以进行容器应用的创建或维护，避免了云平台频繁的获取云平台中所有创建的容器应用，提高云平台中的数据筛选效率，节约云平台的***资源。The device divides the authority level of user account information in a more detailed manner, so that the server can push the corresponding data according to the authority corresponding to the user account information for the creation or maintenance of container applications, and avoids the frequent acquisition of all information in the cloud platform by the cloud platform. The created container application improves the efficiency of data filtering in the cloud platform and saves the system resources of the cloud platform.

上述基于用户权限的云资源获取装置可以实现为计算机程序的形式，该计算机程序可以在如图6所示的计算机设备上运行。The foregoing apparatus for obtaining cloud resources based on user rights may be implemented in the form of a computer program, and the computer program may be run on a computer device as shown in FIG. 6.

请参阅图6，图6是本申请实施例提供的计算机设备的示意性框图。该计算机设备500是服务器，服务器可以是独立的服务器，也可以是多个服务器组成的服务器集群。Please refer to FIG. 6, which is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 is a server, and the server may be an independent server or a server cluster composed of multiple servers.

参阅图6，该计算机设备500包括通过***总线501连接的处理器502、存储器和网络接口505，其中，存储器可以包括非易失性存储介质503和内存储器504。Referring to FIG. 6, the computer device 500 includes a processor 502, a memory, and a network interface 505 connected through a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.

该非易失性存储介质503可存储操作***5031和计算机程序5032。该计算机程序5032被执行时，可使得处理器502执行基于用户权限的云资源获取方法。The non-volatile storage medium 503 can store an operating system 5031 and a computer program 5032. When the computer program 5032 is executed, the processor 502 can execute a cloud resource acquisition method based on user permissions.

该处理器502用于提供计算和控制能力，支撑整个计算机设备500的运行。The processor 502 is used to provide computing and control capabilities, and support the operation of the entire computer device 500.

该内存储器504为非易失性存储介质503中的计算机程序5032的运行提供环境，该计算机程序5032被处理器502执行时，可使得处理器502执行基于用户权限的云资源获取方法。The internal memory 504 provides an environment for the running of the computer program 5032 in the non-volatile storage medium 503. When the computer program 5032 is executed by the processor 502, the processor 502 can make the processor 502 execute a cloud resource acquisition method based on user permissions.

该网络接口505用于进行网络通信，如提供数据信息的传输等。本领域技术人员可以理解，图6中示出的结构，仅仅是与本申请方案相关的部分结构的框图，并不构成对本申请方案所应用于其上的计算机设备500的限定，具体的计算机设备500可以包括比图中所示更多或更少的部件，或者组合某些部件，或者具有不同的部件布置。The network interface 505 is used for network communication, such as providing data information transmission. Those skilled in the art can understand that the structure shown in FIG. 6 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device 500 to which the solution of the present application is applied. The specific computer device 500 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.

其中，所述处理器502用于运行存储在存储器中的计算机程序5032，以实现本申请实施例中的基于用户权限的云资源获取方法。Wherein, the processor 502 is configured to run a computer program 5032 stored in a memory to implement the cloud resource acquisition method based on user permissions in the embodiment of the present application.

本领域技术人员可以理解，图6中示出的计算机设备的实施例并不构成对计算机设备具体构成的限定，在其他实施例中，计算机设备可以包括比图示更多或更少的部件，或者组合某些部件，或者不同的部件布置。例如，在一些实施例中，计算机设备可以仅包括存储器及处理器，在这样的实施例中，存储器及处理器的结构及功能与图6所示实施例一致，在此不再赘述。Those skilled in the art can understand that the embodiment of the computer device shown in FIG. 6 does not constitute a limitation on the specific configuration of the computer device. In other embodiments, the computer device may include more or less components than those shown in the figure. Or some parts are combined, or different parts are arranged. For example, in some embodiments, the computer device may only include a memory and a processor. In such an embodiment, the structures and functions of the memory and the processor are consistent with the embodiment shown in FIG. 6 and will not be repeated here.

应当理解，在本申请实施例中，处理器502可以是中央处理单元(Central Processing Unit，CPU)，该处理器502还可以是其他通用处理器、数字信号处理器(Digital Signal Processor，DSP)、专用集成电路(Application Specific Integrated Circuit，ASIC)、现成可编程门阵列(Field-Programmable Gate Array，FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。其中，通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that in this embodiment of the application, the processor 502 may be a central processing unit (Central Processing Unit, CPU), and the processor 502 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, etc. Among them, the general-purpose processor may be a microprocessor or the processor may also be any conventional processor.

在本申请的另一实施例中提供计算机可读存储介质。该计算机可读存储介质可以为非易失性的计算机可读存储介质，也可以为易失性的计算机可读存储介质。。该计算机可读存储介质存储有计算机程序，其中计算机程序被处理器执行时实现本申请实施例中的基于用户权限的云资源获取方法。In another embodiment of the present application, a computer-readable storage medium is provided. The computer-readable storage medium may be a non-volatile computer-readable storage medium, or may be a volatile computer-readable storage medium. . The computer-readable storage medium stores a computer program, where the computer program is executed by a processor to implement the cloud resource acquisition method based on user permissions in the embodiments of the present application.

所属领域的技术人员可以清楚地了解到，为了描述的方便和简洁，上述描述的设备、装置和单元的具体工作过程，可以参考前述方法实施例中的对应过程，在此不再赘述。本领域普通技术人员可以意识到，结合本文中所公开的实施例描述的各示例的单元及算法步骤，能够以电子硬件、计算机软件或者二者的结合来实现，为了清楚地说明硬件和软件的可互换性，在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本申请的范围。Those skilled in the art can clearly understand that, for the convenience and conciseness of description, the specific working process of the above-described equipment, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here. A person of ordinary skill in the art may be aware that the units and algorithm steps of the examples described in the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of both, in order to clearly illustrate the hardware and software Interchangeability, in the above description, the composition and steps of each example have been generally described in accordance with the function. Whether these functions are executed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.

在本申请所提供的几个实施例中，应该理解到，所揭露的设备、装置和方法，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，所述单元的划分，仅仅为逻辑功能划分，实际实现时可以有另外的划分方式，也可以将具有相同功能的单元集合成一个单元，例如多个单元或组件可以结合或者可以集成到另一个***，或一些特征可以忽略，或不执行。另外，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接，也可以是电的，机械的或其它的形式连接。In the several embodiments provided in this application, it should be understood that the disclosed equipment, device, and method may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods, or the units with the same function may be combined into one. Units, for example, multiple units or components can be combined or integrated into another system, or some features can be omitted or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本申请实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments of the present application.

另外，在本申请各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现，也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个存储介质中。基于这样的理解，本申请的技术方案本质上或者说对现有技术做出贡献的部分，或者该技术方案的全部或部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质中，包括若干指令用以使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括：U盘、移动硬盘、只读存储器(ROM，Read-Only Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a storage medium. Based on this understanding, the technical solution of this application is essentially or the part that contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium. It includes several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), magnetic disk or optical disk and other media that can store program codes.

以上所述，仅为本申请的具体实施方式，但本申请的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到各种等效的修改或替换，这些修改或替换都应涵盖在本申请的保护范围之内。因此，本申请的保护范围应以权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Anyone familiar with the technical field can easily think of various equivalents within the technical scope disclosed in this application. Modifications or replacements, these modifications or replacements shall be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims

一种基于用户权限的云资源获取方法，其中，包括：A method for obtaining cloud resources based on user permissions, which includes:

接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数；Receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level in turn includes administrator authority level, privileged user authority level, and ordinary user Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;

若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令；If the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;

若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；If an operation instruction to the container application list is detected and the operation instruction is a new container application instruction, correspondingly create a container application according to the new container application instruction;

若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组；以及If an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group; and

若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。If an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and add the read-only user list to the corresponding read-only user group.
根据权利要求1所述的基于用户权限的云资源获取方法，其中，所述将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之前，还包括：The method for acquiring cloud resources based on user permissions according to claim 1, wherein the corresponding container application list is pushed to the terminal corresponding to the user account information for display, and real-time detection before the operation instruction on the container application list ,Also includes:

获取所述用户账号信息对应的分组信息，根据所述分组信息获取对应的资源池信息，将分组信息获取对应的资源池信息发送至所述用户账号信息对应的用户端；其中，所述资源池信息为创建容器应用所分配的IP网段。Obtain the grouping information corresponding to the user account information, obtain the corresponding resource pool information according to the grouping information, and send the resource pool information corresponding to the grouping information acquisition to the user terminal corresponding to the user account information; wherein, the resource pool The information is the IP network segment assigned to create the container application.
根据权利要求1所述的基于用户权限的云资源获取方法，其中，所述根据所述新增容器应用指令对应创建容器应用，包括：The method for acquiring cloud resources based on user permissions according to claim 1, wherein the corresponding creation of a container application according to the newly added container application instruction comprises:

根据容器应用的应用环境、容器应用的区域、容器实例数量确定容器应用的容器实例的IP；Determine the IP of the container instance of the container application according to the application environment of the container application, the area of the container application, and the number of container instances;

根据所述容器应用的应用环境、所述容器应用的区域确定保存该容器应用镜像的镜像仓库；Determining a mirror repository for storing the image of the container application according to the application environment of the container application and the area of the container application;

根据所述容器应用镜像信息确定创建容器实例需占用的资源；Determine the resources required to create the container instance according to the container application image information;

根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像；According to the container application image information, extract the specific image that needs to be used to create the container instance of the container application from the determined image warehouse;

根据所述容器应用的应用环境、所述容器应用的区域、所确定的创建容器实例需占用的资源确定创建容器实例的宿主机；Determine the host machine for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources to be occupied for creating the container instance;

根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定。Create a container instance of the container application on the determined host machine according to the determined specific image, and bind the created container instance with the determined IP of the container instance.
根据权利要求3所述的基于用户权限的云资源获取方法，其中，所述根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像，包括：The method for obtaining cloud resources based on user rights according to claim 3, wherein said extracting from the determined image warehouse according to said container application image information the specific image that needs to be used to create the container instance of the container application comprises :

根据所述容器应用镜像信息中的镜像类型、镜像版本、镜像名称所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像。The specific image that needs to be used to create the container instance of the container application is extracted from the image warehouse determined by the image type, image version, and image name in the container application image information.
根据权利要求3所述的基于用户权限的云资源获取方法，其中，所述根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定，包括：The method for obtaining cloud resources based on user rights according to claim 3, wherein the container instance of the container application is created on the determined host machine according to the determined specific image, and the created container instance is compared with all Bind the IP of the determined container instance, including:

通过容器编排工具将所确定的具体镜像推送到所确定的宿主机上，以在所述宿主机上创建该容器应用的容器实例；Push the determined specific image to the determined host machine through the container orchestration tool, so as to create a container instance of the container application on the host machine;

若该容器应用的容器实例创建完成，通过运维工具连接所创建的容器实例，将所创建的容器实例与所确定的容器实例的IP进行绑定。If the container instance of the container application is created, connect the created container instance through the operation and maintenance tool, and bind the created container instance with the determined IP of the container instance.
根据权利要求1所述的基于用户权限的云资源获取方法，其中，所述若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之后，还包括：The method for obtaining cloud resources based on user permissions according to claim 1, wherein if the permission level corresponding to the user account information is a privileged user permission level, the corresponding container application list is pushed to the terminal corresponding to the user account information After displaying and detecting the operation instruction on the container application list in real time, it also includes:

若所述用户账号信息对应的权限等级为管理员权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第一当前操作指令。If the authority level corresponding to the user account information is the administrator authority level, the container application list is displayed, and the first current operation instruction to the container application list is detected in real time.
根据权利要求1所述的基于用户权限的云资源获取方法，其中，所述若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之后，还包括：The method for obtaining cloud resources based on user permissions according to claim 1, wherein if the permission level corresponding to the user account information is a privileged user permission level, the corresponding container application list is pushed to the terminal corresponding to the user account information After displaying and detecting the operation instruction on the container application list in real time, it also includes:

若所述用户账号信息对应的权限等级为普通用户权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第二当前操作指令。If the authority level corresponding to the user account information is a normal user authority level, the container application list is displayed, and the second current operation instruction to the container application list is detected in real time.
一种基于用户权限的云资源获取装置，其中，包括：A cloud resource acquisition device based on user permissions, which includes:

账号权限等级获取单元，用于接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数；The account authority level obtaining unit is configured to receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein the authority level in turn includes the administrator authority level , Privileged user authority level, ordinary user authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the authority level of the ordinary user The number of permission items;

第一列表推送单元，用于若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令；The first list pushing unit is configured to, if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the list of container applications in real time Operating instructions;

第一指令执行单元，用于若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；The first instruction execution unit is configured to, if an operation instruction to the container application list is detected and the operation instruction is a newly added container application instruction, correspondingly create a container application according to the newly added container application instruction;

第二指令执行单元，用于若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组；以及The second instruction execution unit is configured to, if an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list To the corresponding application user group; and

第三指令执行单元，用于若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。The third instruction execution unit is configured to, if an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and set the read-only user The list is added to the corresponding read-only user group.
一种计算机设备，包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序，其中，所述处理器执行所述计算机程序时实现以下步骤：A computer device includes a memory, a processor, and a computer program that is stored on the memory and can run on the processor, wherein the processor implements the following steps when the processor executes the computer program:

接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数；Receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level in turn includes administrator authority level, privileged user authority level, and ordinary user Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;

若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令；If the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;

若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；If an operation instruction to the container application list is detected and the operation instruction is a new container application instruction, correspondingly create a container application according to the new container application instruction;

若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组；以及If an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group; and

若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。If an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and add the read-only user list to the corresponding read-only user group.
根据权利要求9所述的计算机设备，其中，所述处理器执行所述将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之前，还执行以下步骤：The computer device according to claim 9, wherein, before the processor executes the push of the corresponding container application list to the terminal corresponding to the user account information for display, and detects in real time the operation instruction to the container application list, Also perform the following steps:

获取所述用户账号信息对应的分组信息，根据所述分组信息获取对应的资源池信息，将分组信息获取对应的资源池信息发送至所述用户账号信息对应的用户端；其中，所述资源池信息为创建容器应用所分配的IP网段。Obtain the grouping information corresponding to the user account information, obtain the corresponding resource pool information according to the grouping information, and send the resource pool information corresponding to the grouping information acquisition to the user terminal corresponding to the user account information; wherein, the resource pool The information is the IP network segment assigned to create the container application.
根据权利要求9所述的计算机设备，其中，所述处理器执行所述根据所述新增容器应用指令对应创建容器应用时，具体执行以下步骤：The computer device according to claim 9, wherein when the processor executes the corresponding creation of a container application according to the newly added container application instruction, the following steps are specifically executed:

根据容器应用的应用环境、容器应用的区域、容器实例数量确定容器应用的容器实例的IP；Determine the IP of the container instance of the container application according to the application environment of the container application, the area of the container application, and the number of container instances;

根据所述容器应用的应用环境、所述容器应用的区域确定保存该容器应用镜像的镜像仓库；Determining a mirror repository for storing the image of the container application according to the application environment of the container application and the area of the container application;

根据所述容器应用镜像信息确定创建容器实例需占用的资源；Determine the resources required to create the container instance according to the container application image information;

根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像；According to the container application image information, extract the specific image that needs to be used to create the container instance of the container application from the determined image warehouse;

根据所述容器应用的应用环境、所述容器应用的区域、所确定的创建容器实例需占用的资源确定创建容器实例的宿主机；Determine the host machine for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources to be occupied for creating the container instance;

根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定。Create a container instance of the container application on the determined host machine according to the determined specific image, and bind the created container instance with the determined IP of the container instance.
根据权利要求11所述的计算机设备，其中，所述处理器执行所述根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像时，具体执行以下步骤：The computer device according to claim 11, wherein when the processor executes the specific image that needs to be used to create the container instance of the container application from the determined image repository according to the image information of the container application, the specific image Perform the following steps:

根据所述容器应用镜像信息中的镜像类型、镜像版本、镜像名称所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像。The specific image that needs to be used to create the container instance of the container application is extracted from the image warehouse determined by the image type, image version, and image name in the container application image information.
根据权利要求11所述的计算机设备，其中，所述处理器执行所述根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定时，具体执行以下步骤：The computer device according to claim 11, wherein the processor executes the creation of the container instance of the container application on the determined host machine according to the determined specific image, and compares the created container instance with the determined When binding the IP of the container instance, perform the following steps:

通过容器编排工具将所确定的具体镜像推送到所确定的宿主机上，以在所述宿主机上创建该容器应用的容器实例；Push the determined specific image to the determined host machine through the container orchestration tool, so as to create a container instance of the container application on the host machine;

若该容器应用的容器实例创建完成，通过运维工具连接所创建的容器实例，将所创建的容器实例与所确定的容器实例的IP进行绑定。If the container instance of the container application is created, connect the created container instance through the operation and maintenance tool, and bind the created container instance with the determined IP of the container instance.
根据权利要求9所述的计算机设备，其中，所述处理器执行所述若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之后，还执行以下步骤：The computer device according to claim 9, wherein the processor executes said if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information. After displaying and detecting the operation instructions on the container application list in real time, the following steps are also performed:

若所述用户账号信息对应的权限等级为管理员权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第一当前操作指令。If the authority level corresponding to the user account information is the administrator authority level, the container application list is displayed, and the first current operation instruction to the container application list is detected in real time.
根据权利要求9所述的计算机设备，其中，所述处理器执行所述若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之后，还执行以下步骤：The computer device according to claim 9, wherein the processor executes said if the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information. After displaying and detecting the operating instructions on the container application list in real time, the following steps are also performed:

若所述用户账号信息对应的权限等级为普通用户权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第二当前操作指令。If the authority level corresponding to the user account information is a normal user authority level, the container application list is displayed, and the second current operation instruction to the container application list is detected in real time.
一种计算机可读存储介质，其中，所述计算机可读存储介质存储有计算机程序，所述计算机程序当被处理器执行时使所述处理器执行以下步骤：A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the processor executes the following steps:

接收与登录指令对应的用户账号信息，若所述用户账号信息通过验证，获取所述用户账号信息对应的权限等级；其中，所述权限等级依次包括管理员权限等级、特权用户权限等级、普通用户权限等级，所述管理员权限等级的权限项数大于所述特权用户权限等级的权限项数，所述特权用户权限等级的权限项数大于所述普通用户权限等级的权限项数；Receive user account information corresponding to the login instruction, and if the user account information is verified, obtain the authority level corresponding to the user account information; wherein, the authority level includes administrator authority level, privileged user authority level, and ordinary user in turn Authority level, the number of authority items of the administrator authority level is greater than the number of authority items of the privileged user authority level, and the number of authority items of the privileged user authority level is greater than the number of authority items of the ordinary user authority level;

若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令；If the authority level corresponding to the user account information is a privileged user authority level, push the corresponding container application list to the terminal corresponding to the user account information for display, and detect the operation instruction on the container application list in real time;

若检测到对所述容器应用列表的操作指令且操作指令为新增容器应用指令，根据所述新增容器应用指令对应创建容器应用；If an operation instruction to the container application list is detected and the operation instruction is a new container application instruction, correspondingly create a container application according to the new container application instruction;

若检测到对所述容器应用列表的操作指令且操作指令为应用组配置指令，根据所述应用组配置指令获取对应的应用组用户清单，将应用组用户清单添加至对应的应用用户组；以及If an operation instruction on the container application list is detected and the operation instruction is an application group configuration instruction, obtain the corresponding application group user list according to the application group configuration instruction, and add the application group user list to the corresponding application user group; and

若检测到对所述容器应用列表的操作指令且操作指令为只读组配置指令，根据所述只读组配置指令获取对应的只读用户清单，将只读用户清单添加至对应的只读用户组。If an operation instruction to the container application list is detected and the operation instruction is a read-only group configuration instruction, obtain the corresponding read-only user list according to the read-only group configuration instruction, and add the read-only user list to the corresponding read-only user group.
根据权利要求16所述的计算机可读存储介质，其中，所述将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之前，所述计算机程序还用于被处理器执行使所述处理器执行以下步骤：The computer-readable storage medium according to claim 16, wherein, before the corresponding container application list is pushed to the terminal corresponding to the user account information for display, and the operation instruction to the container application list is detected in real time, the The computer program is also used to be executed by the processor to cause the processor to perform the following steps:

获取所述用户账号信息对应的分组信息，根据所述分组信息获取对应的资源池信息，将分组信息获取对应的资源池信息发送至所述用户账号信息对应的用户端；其中，所述资源池信息为创建容器应用所分配的IP网段。Obtain the grouping information corresponding to the user account information, obtain the corresponding resource pool information according to the grouping information, and send the resource pool information corresponding to the grouping information acquisition to the user terminal corresponding to the user account information; wherein, the resource pool The information is the IP network segment assigned to create the container application.
根据权利要求16所述的计算机可读存储介质，其中，所述根据所述新增容器应用指令对应创建容器应用时，所述计算机程序被处理器执行使所述处理器具体执行以下步骤：The computer-readable storage medium according to claim 16, wherein when the container application is created correspondingly according to the newly added container application instruction, the computer program is executed by the processor to cause the processor to specifically perform the following steps:

根据容器应用的应用环境、容器应用的区域、容器实例数量确定容器应用的容器实例的IP；Determine the IP of the container instance of the container application according to the application environment of the container application, the area of the container application, and the number of container instances;

根据所述容器应用的应用环境、所述容器应用的区域确定保存该容器应用镜像的镜像仓库；Determining a mirror repository for storing the image of the container application according to the application environment of the container application and the area of the container application;

根据所述容器应用镜像信息确定创建容器实例需占用的资源；Determine the resources required to create the container instance according to the container application image information;

根据所述容器应用镜像信息从所确定的镜像仓库中提取出创建该容器应用的容器实例需使用的具体镜像；According to the container application image information, extract the specific image that needs to be used to create the container instance of the container application from the determined image warehouse;

根据所述容器应用的应用环境、所述容器应用的区域、所确定的创建容器实例需占用的资源确定创建容器实例的宿主机；Determining the host machine for creating the container instance according to the application environment of the container application, the area of the container application, and the determined resources that need to be occupied to create the container instance;

根据所确定的具体镜像在所确定的宿主机上创建该容器应用的容器实例，并将所创建的容器实例与所确定的容器实例的IP进行绑定。Create a container instance of the container application on the determined host machine according to the determined specific image, and bind the created container instance with the determined IP of the container instance.
根据权利要求16所述的计算机可读存储介质，其中，所述若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之后，所述计算机程序还用于被处理器执行使所述处理器执行以下步骤：The computer-readable storage medium according to claim 16, wherein if the authority level corresponding to the user account information is a privileged user authority level, pushing the corresponding container application list to the terminal corresponding to the user account information for display, And after real-time detection of the operating instructions on the container application list, the computer program is also used to be executed by the processor to cause the processor to perform the following steps:

若所述用户账号信息对应的权限等级为管理员权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第一当前操作指令。If the authority level corresponding to the user account information is the administrator authority level, the container application list is displayed, and the first current operation instruction to the container application list is detected in real time.
根据权利要求16所述的计算机可读存储介质，其中，所述若所述用户账号信息对应的权限等级为特权用户权限等级，将对应的容器应用列表推送至用户账号信息对应的终端进行显示，并实时检测对所述容器应用列表的操作指令之后，所述计算机程序还用于被处理器执行使所述处理器执行以下步骤：The computer-readable storage medium according to claim 16, wherein if the authority level corresponding to the user account information is a privileged user authority level, pushing the corresponding container application list to the terminal corresponding to the user account information for display, And after real-time detection of the operating instructions on the container application list, the computer program is also used to be executed by the processor to cause the processor to perform the following steps:

若所述用户账号信息对应的权限等级为普通用户权限等级，将容器应用列表进行显示，并实时检测对所述容器应用列表的第二当前操作指令。If the authority level corresponding to the user account information is a normal user authority level, the container application list is displayed, and the second current operation instruction to the container application list is detected in real time.