CN115801286A - Calling method, device, equipment and storage medium of microservice - Google Patents

Abstract

The invention discloses a calling method, a calling device, equipment and a storage medium of micro-services. The method comprises the following steps: obtaining a first timestamp when a consumer initiates a service discovery request; encrypting the first timestamp and the micro-service identifier of the consumer based on a plurality of keys to obtain identity authentication information; sending the identity authentication information and the service discovery request to a registration center so that the registration center verifies the identity authentication information, and if the identity authentication information passes the verification, returning a service discovery response result to the consumer; receiving a service discovery response result returned by the registration center, and calling a micro-service instance of a provider according to the service discovery response result; wherein the service discovery response result includes a provider address. By the technical scheme of the invention, the safety of micro-service calling can be improved.

Description

Microservice calling method, device, equipment and storage medium

technical field

Embodiments of the present invention relate to the technical field of microservices, and in particular, to a method, device, device, and storage medium for invoking microservices.

Background technique

Microservice peer-to-peer communication refers to direct information exchange between two microservices, and application requests or responses do not need to go through gateways or other middle-end systems. The microservice provider will register in the registration center, and the access consumer system regularly visits the registration center for service discovery to update the local provider address and directly connects to the corresponding provider according to the service discovery result to achieve point-to-point communication.

In the existing way, the identity verification method of the registration center for the consumer's service discovery request is simple, which is easy to cause data leakage, and the security is not high.

Contents of the invention

Embodiments of the present invention provide a microservice invocation method, device, device, and storage medium, which can improve the security of microservice invocation.

According to one aspect of the present invention, a microservice calling method is provided, including:

Obtain the first timestamp when the consumer initiates the service discovery request;

Encrypting the first timestamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information;

Sending the identity authentication information and the service discovery request to a registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return a service discovery response result to the consumer;

Receive the service discovery response result returned by the registration center, and invoke the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address.

Optionally, the multiple secret keys include three secret keys, which are a first secret key, a second secret key, and a third secret key; Encrypt the microservice ID to obtain identity authentication information, including:

Decoding the ciphertext of the first secret key to obtain the plaintext of the first secret key;

Obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key;

combining the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer to obtain combination information;

The combination information is encrypted based on the plaintext of the third secret key to obtain identity authentication information.

Optionally, obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key includes:

Decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key;

Decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key.

Optionally, the verification method of the registration center for the identity authentication information is:

Decrypt the identity authentication information according to the plaintext of the third secret key, and obtain the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer;

Obtain the second timestamp when decrypting;

Verifying the legitimacy of the plaintext of the second secret key and the microservice identifier of the consumer;

Perform timeliness verification according to the second timestamp and the first timestamp.

Optionally, the service discovery response result also includes the provider interface and the status of the access permission switch; calling the provider’s microservice instance according to the service discovery response result includes:

If the state of the access right switch is on, then obtain the interface with the access right;

A connection is established with the provider according to the address of the provider, and a microservice instance of the provider is invoked through an interface with access authority.

Optionally, the service discovery response result also includes the grayscale controller address and the grayscale switch state, and the microservice instance of the provider is invoked according to the service discovery response result, including:

If the state of the grayscale switch is on, then obtain the grayscale version information from the grayscale controller according to the address of the grayscale controller;

Invoking the microservice instance corresponding to the grayscale version information according to the service discovery response result.

Optionally, invoking the microservice instance of the provider according to the service discovery response result includes:

If the state of the grayscale switch is off, and the microservice instance of the calling provider contains two or more versions, call two or more versions of the provider based on the principle of load balancing microservice instance.

According to another aspect of the present invention, a microservice invocation device is provided, including:

A first timestamp acquisition module, configured to acquire the first timestamp when the consumer initiates a service discovery request;

An identity authentication information acquisition module, configured to encrypt the first timestamp and the microservice identifier of the consumer based on a plurality of secret keys to obtain identity authentication information;

An information verification module, configured to send the identity authentication information and the service discovery request to the registration center, so that the registration center can verify the identity authentication information, and return the service to the consumer if the verification is passed. Find the response result;

The microservice instance calling module is configured to receive the service discovery response result returned by the registration center, and call the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address.

According to another aspect of the present invention, an electronic device is provided, and the electronic device includes:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,

The memory stores a computer program that can be executed by the at least one processor, and the computer program is executed by the at least one processor, so that the at least one processor can execute the method described in any embodiment of the present invention. The calling method of the microservice.

According to another aspect of the present invention, a computer-readable storage medium is provided, the computer-readable storage medium stores computer instructions, and the computer instructions are used to enable a processor to implement any of the embodiments of the present invention when executed. The calling method of the microservice.

The present invention obtains the first time stamp when the consumer initiates a service discovery request; encrypts the first time stamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information; The authentication information and the service discovery request are sent to the registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return the service discovery response result to the consumer; receive the registration center return The service discovery response result, and invoke the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address. Through the technical scheme of the invention, the security of microservice invocation can be improved.

Description of drawings

In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of the present invention, and thus It should be regarded as a limitation on the scope, and those skilled in the art can also obtain other related drawings based on these drawings without creative work.

FIG. 1 is a flow chart of a microservice calling method provided according to Embodiment 1 of the present invention;

FIG. 2 is an example diagram of a microservice instance invocation process provided according to Embodiment 1 of the present invention;

FIG. 3 is a flow chart of a microservice calling method provided according to Embodiment 2 of the present invention;

FIG. 4 is a schematic structural diagram of a microservice calling device provided according to Embodiment 3 of the present invention;

FIG. 5 is a schematic structural diagram of an electronic device according to Embodiment 4 of the present invention.

Detailed ways

In order to enable those skilled in the art to better understand the solutions of the present invention, the following will clearly and completely describe the technical solutions in the embodiments of the present invention in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only It is an embodiment of a part of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

It should be noted that the terms "first" and "second" in the description and claims of the present invention and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the invention described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having", as well as any variations thereof, are intended to cover a non-exclusive inclusion, for example, a process, method, system, product or device comprising a sequence of steps or elements is not necessarily limited to the expressly listed instead, may include other steps or elements not explicitly listed or inherent to the process, method, product or apparatus.

Embodiment one

Fig. 1 is a flow chart of a method for invoking a microservice according to Embodiment 1 of the present invention. This embodiment is applicable to the case of invoking a microservice instance, and the method can be transferred from a microservice invocation device, specifically including the following steps:

Step 110, acquiring the first time stamp when the consumer initiates the service discovery request.

Among them, the consumer can be understood as the party that needs to call the microservice instance. Consumers can initiate service discovery requests. A service discovery request can be understood as a request to invoke a microservice instance. The first timestamp can be understood as the time when the consumer initiates the service discovery request. In this embodiment, the time information when the consumer initiates the service discovery request can be obtained.

Step 120: Encrypt the first timestamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information.

Wherein, the plurality of secret keys may include three secret keys, which are respectively a first secret key, a second secret key and a third secret key. The microservice identifier may be identification information of the microservice, for example, the microservice identifier may be microservice ID information, or other identification information. It can be understood that, in this embodiment, when the user registers and applies for the microservice platform, he can apply for information such as the microservice identifier and provider interface authority. Encryption can be encrypted by means of encryption algorithm, etc., and can also be encrypted by other means. The identity authentication information may be information for authenticating the identity of the consumer, and may be used to authenticate the identity of the consumer. The identity authentication information may be obtained by encrypting the first timestamp and the consumer's microservice identifier with multiple secret keys. In this embodiment, the first time stamp and the consumer's microservice token may be encrypted based on multiple secret keys to obtain identity authentication information.

In this embodiment, optionally, the multiple secret keys include three secret keys, which are respectively the first secret key, the second secret key and the third secret key; stamp and the microservice ID of the consumer to obtain identity authentication information, including: decoding the ciphertext of the first secret key to obtain the plaintext of the first secret key; based on the plaintext of the first secret key Obtain the plaintext of the second secret key and the plaintext of the third secret key; combine the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer to obtain combined information ; Encrypting the combined information based on the plaintext of the third secret key to obtain identity authentication information.

Wherein, the multiple secret keys include three secret keys, which are respectively a first secret key, a second secret key and a third secret key. Exemplarily, the first key may be GK; the second key may be PK; and the third key may be WK. Each key in this embodiment includes plaintext and ciphertext. Wherein, the plaintext of the secret key may be obtained by decoding the ciphertext of the secret key. The plaintext of the first secret key can be obtained by decoding the ciphertext of the first secret key. In this embodiment, the plaintext of the second key and the plaintext of the third key can be obtained based on the plaintext of the first key. The combination information can be obtained by combining the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer. In this embodiment, the identity authentication information obtained by encrypting the combination information based on the plaintext of the third key may be used.

Further, an example diagram of the microservice instance invocation process in this embodiment is shown in Figure 2. In this embodiment, when a user accesses the microservice platform for the first time, he needs to apply for the corresponding consumer on the service management platform, provide The party microservice ID is used as the unique identifier of the application, and then the corresponding access environment is selected according to the application attributes. In this embodiment, after the user determines the access environment in this embodiment, the user needs to log in to the portal to apply for multiple keys such as GK, PK, and WK for each microservice application, and the GK user saves and configures it in the configuration file of the application or environment variables, the key PK and key WK will be issued by the portal to the corresponding registration center and configuration center. Among them, the portal can be understood as a certain page information or server of the system. In this embodiment, the three-layer key symmetric encryption and decryption algorithm for generating request identity information is relatively complicated, and the PK and WK in the three-layer key encryption mode are maintained by the platform, and the user has no sense of PK and WK, and only needs to save the GK key , greatly reducing the risk of key leakage, and the security of identity verification is more reliable.

In this embodiment, the ciphertext of the first secret key can be decoded to obtain the plaintext of the first secret key, and the plaintext of the second secret key and the plaintext of the third secret key can be obtained based on the plaintext of the first secret key; Combine the plaintext of the secret key, the first timestamp and the microservice identifier of the consumer to obtain combined information; encrypt the combined information based on the plaintext of the third secret key to obtain identity authentication information. Through such setting in this embodiment, the identity authentication information obtained by symmetrically encrypting the three-layer key system can further improve the security of the identity authentication information.

In this embodiment, optionally, obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key includes: pairing the plaintext of the first key to Decoding the ciphertext of the second secret key to obtain the plaintext of the second secret key; decoding the ciphertext of the third secret key according to the plaintext of the second secret key to obtain the plaintext of the third secret key.

Wherein, the plaintext of the second key may be obtained by decoding the ciphertext of the second key according to the plaintext of the first key. The plaintext of the third key may be obtained by decoding the ciphertext of the third key according to the plaintext of the second key. Exemplarily, in this embodiment, the ciphertext of the key PK can be decoded according to the plaintext of the key GK to obtain the plaintext of the key PK; the ciphertext of the key WK can be decoded according to the plaintext of the key PK, thereby Obtain the plaintext of the secret key WK.

In this embodiment, the ciphertext of the second key can be decoded according to the plaintext of the first key to obtain the plaintext of the second key; and then the ciphertext of the third key can be decoded according to the plaintext of the second key , to obtain the plaintext of the third key. With such a setting in this embodiment, the plaintext of the secret key can be obtained by decoding the ciphertext of the three-layer secret key, so as to obtain the identity authentication information, which facilitates subsequent verification of the identity authentication information.

In this embodiment, optionally, the registration center verifies the identity authentication information by: decrypting the identity authentication information according to the plaintext of the third secret key to obtain the second secret key the plaintext of the first timestamp and the microservice ID of the consumer; obtain the second timestamp when decrypted; check the legitimacy of the plaintext of the second secret key and the microservice ID of the consumer Verifying: performing timeliness verification according to the second timestamp and the first timestamp.

Wherein, the decryption may be performed through a decryption algorithm, or may be performed through other methods. In this embodiment, the identity authentication information may be decrypted according to the plaintext of the third key to obtain the plaintext of the second key, the first timestamp, and the microservice identifier of the consumer. The second timestamp can be understood as specific time information. In this embodiment, the time information at the time of decryption can be obtained. Verifying legality can be understood as comparing and verifying whether the object to be verified is legal. In this embodiment, the legitimacy of the plaintext of the second secret key and the microservice ID of the consumer can be verified. The registration center can determine whether it is legal by comparing the plaintext of the second secret key with the secret key information in the cache. If the comparison result of the plaintext of the second secret key is consistent with the secret key information in the cache, it is determined to be legal; if the comparison result is inconsistent, it is determined not to be legal. And the registration center determines whether it is legal by comparing the consumer's microservice identifier with the identifier information in the cache; if the comparison result of the consumer's microservice identifier and the identifier information in the cache is consistent, it is determined to be legal If the comparison results are not consistent, it is determined that they do not have legality.

Timeliness verification can be understood as whether the obtained duration exceeds the preset threshold, so as to judge whether it is timeliness. Wherein, the preset threshold may be preset, and may be set according to actual requirements. Specifically, in this embodiment, the timeliness verification based on the second timestamp and the first timestamp may be obtained by subtracting the second timestamp from the first timestamp, comparing the duration with a preset threshold, and judging whether Exceeding the preset threshold, if the duration exceeds the preset duration, it is not time-sensitive; if the duration does not exceed the preset duration, it is time-sensitive.

In this embodiment, the identity authentication information can be decrypted according to the plaintext of the third secret key to obtain the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer, and by obtaining the second timestamp at the time of decryption , verify the legitimacy of the plaintext of the second secret key and the microservice identifier of the consumer, and perform timeliness verification according to the second timestamp and the first timestamp, thereby completing the verification of the identity authentication information. In this embodiment, through legality verification and timeliness verification, the verification of identity authentication information is finally completed, which further improves the security of microservice calls.

Step 130: Send the identity authentication information and the service discovery request to the registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return the service discovery response result to the consumer .

Wherein, the registration center can verify the identity authentication information. The service discovery response result may be the result information returned after verifying the identity authentication information. In this embodiment, the identity authentication information and service discovery request can be sent to the registration center, so that the registration center can verify the identity authentication information, and return the service discovery response result to the consumer if the verification is passed.

Step 140: Receive the service discovery response result returned by the registration center, and invoke the microservice instance of the provider according to the service discovery response result.

Wherein, the service discovery response result includes a provider address. A microservice instance may have application version information. For example, each microservice instance may include multiple version information, such as version 1, version 2, and version 3. In this embodiment, the provider's microservice instance can be called according to the provider's address. In this embodiment, the consumer can receive the service discovery response result returned by the registration center, and call the provider's microservice instance according to the provider address of the service discovery response result.

The present invention obtains the first time stamp when the consumer initiates a service discovery request; encrypts the first time stamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information; The authentication information and the service discovery request are sent to the registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return the service discovery response result to the consumer; receive the registration center return The service discovery response result, and invoke the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address. Through the technical scheme of the invention, the security of microservice invocation can be improved.

Embodiment two

FIG. 3 is a flow chart of a method for invoking a microservice according to Embodiment 2 of the present invention. This embodiment is optimized on the basis of the foregoing embodiments. The specific optimization is: the service discovery response result also includes the provider interface and the status of the access right switch; calling the provider’s microservice instance according to the service discovery response result includes: if the status of the access right switch is on, then Obtain an interface with access authority; establish a connection with the provider according to the address of the provider, and call the microservice instance of the provider through the interface with access authority. As shown in Figure 3, the method of this embodiment specifically includes the following steps:

Step 310, acquiring the first time stamp when the consumer initiates the service discovery request.

Step 320: Encrypt the first timestamp and the consumer's microservice identifier based on multiple secret keys to obtain identity authentication information.

Step 330: Send the identity authentication information and the service discovery request to the registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return the service discovery response result to the consumer .

Step 340, receiving the service discovery response result returned by the registration center.

Wherein, the service discovery response result includes a provider address. The service discovery response result also includes the provider interface and access permission switch status. Provider interfaces may include concrete callable interfaces. Exemplarily, if the returned service discovery response result includes provider interface A and interface B, that is to say, the provider's microservice instance can only be invoked through interface A and interface B with access rights. The access permission switch state may include an open state and a closed state.

Step 350, if the state of the access right switch is on, acquire an interface with access right.

In this embodiment, if the state of the access right switch is on, the provider interface with the access right can be obtained. In this embodiment, if the state of the access right switch is off, it indicates that the user has applied for the access right to all provider interfaces and can access all provider interfaces.

Specifically, before the application of the consumer in this embodiment goes online, it needs to apply for the corresponding provider's interface calling authority on the service management platform. Get the provider interface and access permission switch status in . When the access permission switch status is on, the consumer can only call the provider interface with the configured call permission, otherwise the call interface can be unlimited.

Step 360, establish a connection with the provider according to the address of the provider, and call the microservice instance of the provider through an interface with access authority.

In this embodiment, a connection can be established with the provider according to the provider address in the returned service discovery response result, and the provider's microservice instance can be invoked through an interface with access rights.

Exemplarily, if the only interfaces with access rights are interface A and interface B, a connection can be established with the provider according to the address of the provider, and the microservice instance of the provider can be invoked through interface A and interface B. In this embodiment, the call permission configuration of the interface call level is supported, so that the provider's interface can be selectively exposed to the consumer, and the privacy and flexibility of the interface are improved.

In this embodiment, optionally, the service discovery response result further includes the grayscale controller address and the grayscale switch state, and calling the microservice instance of the provider according to the service discovery response result includes: if the grayscale If the state of the grayscale switch is on, the grayscale version information is obtained from the grayscale controller according to the grayscale controller address; and the microservice instance corresponding to the grayscale version information is invoked according to the service discovery response result.

Wherein, the service discovery response result in this embodiment may also include the address of the grayscale controller and the state of the grayscale switch. In this embodiment, the grayscale controller can be accessed according to the address of the grayscale controller. The gray switch state may include an on state and an off state. The microservice instance version with higher priority can be stored in the grayscale controller. The grayscale controller in this embodiment may be pre-configured by the user. The grayscale version information can be understood as the version information of the microservice instance. In this embodiment, the corresponding microservice instance can be determined according to the grayscale version information. Exemplarily, as shown in Figure 2, if there are two or more versions of the provider's application instance in this embodiment, the version number information should be configured in the grayscale controller in advance, and the instance configuration file or environment variable In this way, the provider will carry the grayscale version information when registering, and the consumer can obtain the grayscale version information when doing service discovery, and can determine the grayscale version information in the grayscale controller according to the acquired grayscale release information. The microservice instance of the corresponding version. In this embodiment, the grayscale controller is registered as the provider in the registration center and the consumer service is discovered. The grayscale version information configured by the user in the grayscale controller is updated in real time, and the traffic distribution is more flexible and sensitive.

In this embodiment, if the status of the grayscale switch is on, it indicates that the version with a higher priority is called first, and then the grayscale version information is obtained from the grayscale controller according to the address of the grayscale controller, and then the response can be found according to the service As a result, the microservice instance corresponding to the grayscale version information is invoked; if the grayscale switch status is off, the microservice instance can be directly called according to the load balance without the selection based on the grayscale version information.

Specifically, the grayscale controller is registered in the registration center as a public provider, and all consumers can obtain the grayscale controller address and grayscale switch status from the service discovery response results. When the grayscale switch status is on, the consumer If the party accesses the grayscale controller to obtain the grayscale version information, it can obtain the provider's version number and then perform load balancing to the provider instance with the specified version number, so as to realize the grayscale release of traffic; otherwise, load the provider's full version instance balanced.

In this embodiment, through such settings, grayscale version information, that is, microservice instances with priority calls can be called preferentially for load balancing, so as to achieve grayscale publishing of traffic, which is more convenient.

In this embodiment, optionally, invoking the microservice instance of the provider according to the service discovery response result includes: if the state of the grayscale switch is off, and the microservice instance of the invoking provider includes two If there are two or more versions, the microservice instances of two or more versions of the provider are invoked based on the principle of load balancing.

Among them, the principle of load balancing can be understood as balancing calls based on the resource status of each microservice instance. In this embodiment, if the status of the grayscale switch is off, and the calling provider’s microservice instance contains two or more versions, then the two or more versions of the provider’s microservice instances will be called based on the principle of load balancing. service instance. Through such settings in this embodiment, when the gray switch state is off and there are two or more versions of the microservice instance, the load balancing principle can be used to call the microservice instance, which is more convenient to realize the load balance, so as to realize the grayscale release of traffic.

The present invention obtains the first time stamp when the consumer initiates a service discovery request; encrypts the first time stamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information; The authentication information and the service discovery request are sent to the registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return the service discovery response result to the consumer; receive the registration center return The service discovery response result of the service, if the state of the access right switch is on, obtain the interface with the access right; establish a connection with the provider according to the address of the provider, and call the provider through the interface with the access right Party's microservice instance. Wherein, the service discovery response result also includes the provider interface and the status of the access right switch. Through the technical scheme of the invention, the security of microservice invocation can be improved.

Embodiment Three

Fig. 4 is a schematic structural diagram of a microservice invocation device according to Embodiment 3 of the present invention. The device can execute the microservice invocation method provided in any embodiment of the present invention, and has corresponding functional modules and beneficial effects for executing the method . As shown in Figure 4, the device includes:

The first timestamp acquisition module 410 is configured to acquire the first timestamp when the consumer initiates a service discovery request;

An identity authentication information acquisition module 420, configured to encrypt the first timestamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information;

An information verification module 430, configured to send the identity authentication information and the service discovery request to the registration center, so that the registration center can verify the identity authentication information, and return the information to the consumer if the verification is successful. Service discovery response result;

The microservice instance calling module 440 is configured to receive the service discovery response result returned by the registration center, and call the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address.

Optionally, the multiple secret keys include three secret keys, which are respectively the first secret key, the second secret key and the third secret key; the identity authentication information acquisition module 420 includes:

a first plaintext acquisition unit, configured to decode the ciphertext of the first secret key to obtain the plaintext of the first secret key;

a second plaintext acquiring unit, configured to acquire the plaintext of the second secret key and the plaintext of the third secret key based on the plaintext of the first secret key;

a combined information acquiring unit, configured to combine the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer to obtain combined information;

The identity authentication information obtaining unit is configured to encrypt the combined information based on the plaintext of the third key to obtain identity authentication information.

Optionally, the second plaintext acquisition unit is specifically used for:

Decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key;

Decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key.

Optionally, the verification method of the registration center for the identity authentication information is:

Decrypt the identity authentication information according to the plaintext of the third secret key, and obtain the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer;

Obtain the second timestamp when decrypting;

Verifying the legitimacy of the plaintext of the second secret key and the microservice identifier of the consumer;

Perform timeliness verification according to the second timestamp and the first timestamp.

Optionally, the service discovery response result also includes the provider interface and the status of the access right switch; the microservice instance invokes the module 440, specifically for:

If the state of the access right switch is on, then obtain the interface with the access right;

A connection is established with the provider according to the address of the provider, and a microservice instance of the provider is invoked through an interface with access authority.

Optionally, the service discovery response result also includes the address of the grayscale controller and the state of the grayscale switch, and the microservice instance invokes the module 440, which is specifically used for:

If the state of the grayscale switch is on, then obtain the grayscale version information from the grayscale controller according to the address of the grayscale controller;

Invoking the microservice instance corresponding to the grayscale version information according to the service discovery response result.

Optionally, the microservice instance invokes module 440, which is specifically used for:

If the state of the grayscale switch is off, and the microservice instance of the calling provider contains two or more versions, call two or more versions of the provider based on the principle of load balancing microservice instance.

The above-mentioned device can execute the methods provided by all the foregoing embodiments of the present invention, and has corresponding functional modules and advantageous effects for executing the above-mentioned methods. For technical details not described in detail in this embodiment, reference may be made to the methods provided in all the foregoing embodiments of the present invention.

Embodiment Four

FIG. 5 is a schematic structural diagram of an electronic device according to Embodiment 4 of the present invention. Electronic device 10 is intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other suitable computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices (eg, helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are by way of example only, and are not intended to limit implementations of the inventions described and/or claimed herein.

As shown in FIG. 5 , the electronic device 10 includes at least one processor 11, and a memory connected in communication with the at least one processor 11, such as a read-only memory (ROM) 12, a random access memory (RAM) 13, etc., wherein the memory stores There is a computer program executable by at least one processor, and the processor 11 can operate according to a computer program stored in a read-only memory (ROM) 12 or loaded from a storage unit 18 into a random access memory (RAM) 13. Various appropriate actions and processes are performed. In the RAM 13, various programs and data necessary for the operation of the electronic device 10 are also stored. The processor 11 , ROM 12 , and RAM 13 are connected to each other through a bus 14 . An input/output (I/O) interface 15 is also connected to the bus 14 .

Multiple components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16, such as a keyboard, a mouse, etc.; an output unit 17, such as various types of displays, speakers, etc.; a storage unit 18, such as a magnetic disk, an optical disk etc.; and a communication unit 19, such as a network card, a modem, a wireless communication transceiver, and the like. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices through a computer network such as the Internet and/or various telecommunication networks.

Processor 11 may be various general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, central processing units (CPUs), graphics processing units (GPUs), various dedicated artificial intelligence (AI) computing chips, various processors that run machine learning model algorithms, digital signal processing processor (DSP), and any suitable processor, controller, microcontroller, etc. The processor 11 executes various methods and processes described above, such as calling methods of microservices.

In some embodiments, the calling method of the microservice can be implemented as a computer program, which is tangibly contained in a computer-readable storage medium, such as the storage unit 18 . In some embodiments, part or all of the computer program may be loaded and/or installed on the electronic device 10 via the ROM 12 and/or the communication unit 19 . When the computer program is loaded into the RAM 13 and executed by the processor 11, one or more steps of the microservice invocation method described above may be executed. Alternatively, in other embodiments, the processor 11 may be configured in any other appropriate way (for example, by means of firmware) to execute the calling method of the microservice.

Various implementations of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), application specific standard products (ASSPs), systems on chips Implemented in a system of systems (SOC), load programmable logic device (CPLD), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer programs executable and/or interpreted on a programmable system including at least one programmable processor, the programmable processor Can be special-purpose or general-purpose programmable processor, can receive data and instruction from storage system, at least one input device, and at least one output device, and transmit data and instruction to this storage system, this at least one input device, and this at least one output device an output device.

Computer programs for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs can be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus, so that the computer program causes the functions/operations specified in the flowcharts and/or block diagrams to be implemented when executed by the processor. A computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of the present invention, a computer readable storage medium may be a tangible medium which may contain or store a computer program for use by or in conjunction with an instruction execution system, apparatus or device. A computer readable storage medium may include, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. Alternatively, a computer readable storage medium may be a machine readable signal medium. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, portable computer disks, hard disks, Random Access Memory (RAM), Read Only Memory (ROM), Erasable Programmable Read Only Memory (EPROM or flash memory), optical fiber, compact disk read only memory (CD-ROM), optical storage, magnetic storage, or any suitable combination of the foregoing.

In order to provide interaction with the user, the systems and techniques described herein can be implemented on an electronic device having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display)) for displaying information to the user. monitor); and a keyboard and pointing device (eg, a mouse or a trackball) through which the user can provide input to the electronic device. Other kinds of devices can also be used to provide interaction with the user; for example, the feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and can be in any form (including Acoustic input, speech input or, tactile input) to receive input from the user.

The systems and techniques described herein can be implemented in a computing system that includes back-end components (e.g., as a data server), or a computing system that includes middleware components (e.g., an application server), or a computing system that includes front-end components (e.g., as a a user computer having a graphical user interface or web browser through which a user can interact with embodiments of the systems and techniques described herein), or including such backend components, middleware components, Or any combination of front-end components in a computing system. The components of the system can be interconnected by any form or medium of digital data communication, eg, a communication network. Examples of communication networks include: local area networks (LANs), wide area networks (WANs), blockchain networks, and the Internet.

A computing system can include clients and servers. Clients and servers are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also known as a cloud computing server or a cloud host. It is a host product in the cloud computing service system to solve the problems of difficult management and weak business expansion in traditional physical hosts and VPS services. defect.

It should be understood that steps may be reordered, added or deleted using the various forms of flow shown above. For example, each step described in the present invention may be executed in parallel, sequentially, or in a different order, as long as the desired result of the technical solution of the present invention can be achieved, there is no limitation herein.

The above specific implementation methods do not constitute a limitation to the protection scope of the present invention. It should be apparent to those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made depending on design requirements and other factors. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1. A method for invoking a microservice, comprising: Obtain the first timestamp when the consumer initiates the service discovery request; Encrypting the first timestamp and the microservice identifier of the consumer based on multiple secret keys to obtain identity authentication information; Sending the identity authentication information and the service discovery request to a registration center, so that the registration center can verify the identity authentication information, and if the verification is passed, return a service discovery response result to the consumer; Receive the service discovery response result returned by the registration center, and invoke the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address. 2. The method according to claim 1, wherein the multiple secret keys include three secret keys, which are respectively a first secret key, a second secret key and a third secret key; based on a plurality of secret key pairs The first timestamp and the consumer's microservice identifier are encrypted to obtain identity authentication information, including: Decoding the ciphertext of the first secret key to obtain the plaintext of the first secret key; Obtaining the plaintext of the second key and the plaintext of the third key based on the plaintext of the first key; combining the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer to obtain combination information; The combination information is encrypted based on the plaintext of the third secret key to obtain identity authentication information. 3. The method according to claim 2, wherein obtaining the plaintext of the second secret key and the plaintext of the third secret key based on the plaintext of the first secret key comprises: Decoding the ciphertext of the second secret key according to the plaintext of the first secret key to obtain the plaintext of the second secret key; Decoding the ciphertext of the third key according to the plaintext of the second key to obtain the plaintext of the third key. 4. The method according to claim 2, characterized in that, the verification method of the registration center for the identity authentication information is: Decrypt the identity authentication information according to the plaintext of the third secret key, and obtain the plaintext of the second secret key, the first timestamp and the microservice identifier of the consumer; Obtain the second timestamp when decrypting; Verifying the legitimacy of the plaintext of the second secret key and the microservice identifier of the consumer; Perform timeliness verification according to the second timestamp and the first timestamp. 5. The method according to claim 1, wherein the service discovery response result further includes the provider interface and the status of the access authority switch; invoking the provider's microservice instance according to the service discovery response result includes: If the state of the access right switch is on, then obtain the interface with the access right; A connection is established with the provider according to the address of the provider, and a microservice instance of the provider is invoked through an interface with access authority. 6. The method according to claim 1 or 5, wherein the service discovery response result also includes the grayscale controller address and the grayscale switch state, and the microservice instance of the provider is invoked according to the service discovery response result ,include: If the state of the grayscale switch is on, then obtain the grayscale version information from the grayscale controller according to the address of the grayscale controller; Invoking the microservice instance corresponding to the grayscale version information according to the service discovery response result. 7. The method according to claim 6, wherein invoking the microservice instance of the provider according to the service discovery response result comprises: If the state of the grayscale switch is off, and the microservice instance of the calling provider contains two or more versions, call two or more versions of the provider based on the principle of load balancing microservice instance. 8. A device for invoking microservices, comprising: A first timestamp acquisition module, configured to acquire the first timestamp when the consumer initiates a service discovery request; An identity authentication information acquisition module, configured to encrypt the first timestamp and the microservice identifier of the consumer based on a plurality of secret keys to obtain identity authentication information; An information verification module, configured to send the identity authentication information and the service discovery request to the registration center, so that the registration center can verify the identity authentication information, and return the service to the consumer if the verification is passed. find response results; The microservice instance calling module is configured to receive the service discovery response result returned by the registration center, and call the microservice instance of the provider according to the service discovery response result; wherein, the service discovery response result includes the provider address. 9. An electronic device, characterized in that the electronic device comprises: at least one processor; and a memory communicatively coupled to the at least one processor; wherein, The memory stores a computer program executable by the at least one processor, the computer program is executed by the at least one processor, so that the at least one processor can perform any one of claims 1-7 The calling method of the microservice. 10. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, and the computer instructions are used to enable a processor to implement the method described in any one of claims 1-7 when executed. The calling method of the microservice.

Images