CN120455177B - Intelligent verification method and system for cloud service orchestration legality based on knowledge base enhancement - Google Patents
Intelligent verification method and system for cloud service orchestration legality based on knowledge base enhancementInfo
- Publication number
- CN120455177B CN120455177B CN202510960368.0A CN202510960368A CN120455177B CN 120455177 B CN120455177 B CN 120455177B CN 202510960368 A CN202510960368 A CN 202510960368A CN 120455177 B CN120455177 B CN 120455177B
- Authority
- CN
- China
- Prior art keywords
- resource
- list
- cloud
- dependency
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a cloud service orchestration validity intelligent verification method and system based on knowledge base enhancement, and the method comprises the steps of constructing a structured dependent knowledge base based on data issued by cloud service providers, taking cloud service provider identifiers as top-level namespaces, storing dependency relations and necessary filling parameters by taking resource types as key names under the namespaces of all cloud service providers, analyzing orchestration files to be verified, extracting resource types, global resource lists and configuration parameter lists, verifying resource by adopting a step reasoning mechanism, calling the dependent knowledge base based on the resource types and the cloud service provider types, checking the dependent integrity of the global resource lists and the parameter completeness of the configuration parameter lists, and generating a verification result report. The method and the device can automatically identify deep dependency loss and configuration parameter loss among cloud resources, improve verification accuracy and reduce deployment failure risk.
Description
Technical Field
The invention relates to the technical field of cloud computing and artificial intelligence, in particular to an intelligent verification method and system for cloud service orchestration legitimacy based on knowledge base enhancement.
Background
With the rapid development of cloud computing technology, enterprises increasingly employ infrastructure, i.e., code (Infrastructure as Code, iaC), tools (e.g., terraform, pulumi, etc.) to enable automated deployment and management of cloud resources. The mode can obviously improve the operation and maintenance efficiency and reduce the manual operation errors through the code definition infrastructure. However, in the actual deployment process, verification of validity of cloud service orchestration becomes a key challenge.
At present, the mainstream verification method is mainly divided into two types, namely a static grammar checking tool (such as a YAML/JSON verifier), wherein the grammar correctness of a deployment file can be only verified, and the deep dependency relationship among resources can not be detected. For example, an elastic computing service (Elastic Compute Service, ECS) instance may need to rely on a virtual private cloud (Virtual Private Cloud, VPC) and security groups, but the static tools cannot determine whether these dependencies are properly configured in the file. And secondly, checking (such as Open Policy Agent) based on a rule engine, wherein although part of business rules can be checked, the rules need to be manually written, and complex cloud service dependency scenes are difficult to cover. For example, the resource dependency of different cloud service providers varies greatly, and rule engines are difficult to dynamically adapt.
It can be seen that the prior art verification technique has the following drawbacks:
deep dependencies cannot be effectively identified, and complex dependency chains (such as ECS- & gt VPC- & gt subnetwork- & gt routing table) often exist between cloud resources, so that only explicit parameters can be checked, and implicit dependencies cannot be inferred.
Depending on manual experience, the rule engine needs an expert to write the rules manually, and is difficult to adapt to the rapid updating iteration of the cloud service.
The lack of dynamic reasoning capability is mostly one-time verification, and the root cause of the dependency deficiency cannot be analyzed step by step like human expert.
The above-mentioned drawbacks result in the enterprise often failing to deploy due to depending on the missing or configuration error when using IaC tools, which not only affects the efficiency, but may also raise security risks.
Disclosure of Invention
In view of the above, the embodiment of the invention provides an intelligent verification method and system for cloud service orchestration legitimacy based on knowledge base enhancement, which are used for eliminating or improving one or more defects existing in the prior art, and solving the problems that deep dependence cannot be effectively identified, manual experience is relied on and dynamic reasoning capability is lacking in the prior verification technology.
In one aspect, the invention provides a knowledge base enhanced cloud service orchestration validity intelligent verification method, which comprises the following steps:
Analyzing cloud service arrangement files to be verified, and extracting a global resource list and resource definitions of each cloud resource, wherein the resource definitions comprise resource types and configuration parameter lists;
The method comprises the steps of sequentially executing the verification steps of acquiring a corresponding dependency relationship list and a necessary filling parameter list from a pre-constructed dependency knowledge base according to the resource type of a current cloud resource and the type of a cloud service provider, checking whether all resources in the dependency relationship list are contained in a global resource list, checking whether all parameters in the necessary filling parameter list are contained in a configuration parameter list, wherein the construction step of the dependency knowledge base comprises the steps of extracting a cloud resource list from data issued by each cloud service provider, extracting dependency relationship and necessary filling parameters of each cloud resource to other resources in deployment from the cloud resource list, generating the dependency relationship list and the necessary filling parameter list, and storing the corresponding dependency relationship list and the necessary filling parameter list by taking a cloud service provider identifier as a top-level naming space under each cloud service provider naming space by taking the resource type as a key name, so as to obtain the dependency knowledge base;
And summarizing the dependency relationship and the necessary filling parameter of each cloud resource deficiency, and generating a verification result report.
In some embodiments of the present invention, extracting a cloud resource list from data published by each cloud service provider includes:
acquiring document data in an HTML format issued by each cloud service provider through a preset automatic crawler program;
Analyzing a structured mark in the document data, and extracting a cloud resource name and a resource type thereof, wherein the structured mark comprises an HTML element containing the cloud resource name and a resource type identification element associated with the cloud resource name;
And summarizing the extracted cloud resource names and the resource types thereof, and carrying out standardized processing according to a preset naming specification to generate a machine-readable cloud resource list.
In some embodiments of the present invention, extracting, from the cloud resource list, a dependency relationship and a fill-in parameter of each cloud resource on other resources when deployed, and generating a dependency relationship list and a fill-in parameter list, including:
Adopting a rule driving method, positioning a special section in the cloud resource list based on a preset document structure rule, extracting initial dependency relationship description and a parameter list in the special section through pattern matching;
and analyzing the initial dependency relation description and the parameter list through a natural language processing model by adopting a semantic identification method, identifying a forced dependency relation and a necessary filling parameter, and generating the dependency relation list and the necessary filling parameter list.
In some embodiments of the invention, the method further comprises building the dependent knowledge base, the building the dependent knowledge base further comprising:
combining each resource type with a preset query template to generate a structured query instruction;
Inputting the structured query instruction into a large language model for processing, and obtaining the dependency relationship and the filling-necessary parameter of the resource type;
consistency checking is carried out on the dependency relationship and the filling-necessary parameter obtained by the large language model and the dependency relationship and the filling-necessary parameter extracted from the cloud resource list;
and when the verification is consistent, supplementing the dependency relationship and the necessary filling parameter acquired by the large language model to the dependency knowledge base.
In some embodiments of the present invention, the verification step is performed using a ReAct step reasoning mechanism driven based on a preset template.
In some embodiments of the invention, the preset template is constructed based on the following steps:
setting the role of a verification execution subject as a cloud resource dependency analysis expert;
the dual verification tasks of the integrity of the configuration dependency and the integrity of the parameters;
Embedding a typical cloud resource verification case, wherein the typical cloud resource verification case comprises a resource type identifier, a complete dependency relationship, a necessary filling parameter and a verification structure report;
the verification rule comprises that cloud resources with dependency relationships must appear in the global resource list, and necessary filling parameters must appear in the configuration parameter list;
A structured output format is specified.
In some embodiments of the present invention, after summarizing the dependency relationship and the mandatory parameters of each cloud resource deficiency and generating the verification result report, the method further includes:
Grading according to the influence degree of the verification result, wherein the grading comprises a first-stage severity grade, a second-stage severity grade and a third-stage severity grade, the first-stage severity grade represents the lack of a core dependency relationship and a key safety parameter, the second-stage severity grade represents the lack of an auxiliary function dependency relationship and a non-key parameter, and the third-stage severity grade represents the non-optimal condition of cloud resource allocation;
Generating an immediate termination deployment notification if the first-level severity level is the first-level severity level, generating a forced repair warning if the second-level severity level is the second-level severity level, and generating an optimization suggestion notification if the third-level severity level is the third-level severity level.
In another aspect, the present invention also provides a knowledge base enhanced cloud service orchestration validity intelligent verification system, comprising a processor, a memory and computer programs/instructions stored on the memory, the processor being adapted to execute the computer programs/instructions, the system implementing the steps of the method as described in any one of the preceding claims when the computer programs/instructions are executed.
In another aspect, the invention also provides a computer-readable storage medium having stored thereon a computer program/instruction which, when executed by a processor, implements the steps of the method as set forth in any one of the preceding claims.
In a further aspect, the invention also provides a computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the method as claimed in any one of the preceding claims.
The invention provides a cloud service orchestration validity intelligent verification method and system based on knowledge base enhancement, and the method comprises the steps of constructing a structured dependent knowledge base based on data issued by cloud service providers, taking cloud service provider identifiers as top-level namespaces, storing dependency relations and necessary filling parameters by taking resource types as key names under the namespaces of all cloud service providers, analyzing orchestration files to be verified, extracting resource types, global resource lists and configuration parameter lists, verifying resource by adopting a step reasoning mechanism, calling the dependent knowledge base based on the resource types and the cloud service provider types, checking the dependent integrity of the global resource lists and the parameter completeness of the configuration parameter lists, and generating a verification result report. The method and the device can automatically identify deep dependency deficiency and configuration parameter deficiency among cloud resources, solve the problem that the traditional tool cannot detect implicit dependency through intelligent reasoning enhanced by a knowledge base, improve verification accuracy and remarkably reduce deployment failure risk. Meanwhile, the system supports the adaptation of a multi-cloud platform, and automatic validity check before IaC deployment is realized.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and drawings.
It will be appreciated by those skilled in the art that the objects and advantages that can be achieved with the present invention are not limited to the above-described specific ones, and that the above and other objects that can be achieved with the present invention will be more clearly understood from the following detailed description.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate and together with the description serve to explain the application. In the drawings:
Fig. 1 is a schematic diagram of steps of a method for intelligent verification of validity of cloud service orchestration based on knowledge base enhancement according to an embodiment of the present invention.
FIG. 2 is a flow chart of knowledge base dependent construction in an embodiment of the invention.
FIG. 3 is a flow chart of verification of a mental chain framework in an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following embodiments and the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent. The exemplary embodiments of the present invention and the descriptions thereof are used herein to explain the present invention, but are not intended to limit the invention.
It should be noted here that, in order to avoid obscuring the present invention due to unnecessary details, only structures and/or processing steps closely related to the solution according to the present invention are shown in the drawings, while other details not greatly related to the present invention are omitted.
It should be emphasized that the term "comprises/comprising" when used herein is taken to specify the presence of stated features, elements, steps or components, but does not preclude the presence or addition of one or more other features, elements, steps or components.
It is also noted herein that the term "coupled" may refer to not only a direct connection, but also an indirect connection in which an intermediate is present, unless otherwise specified.
Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings. In the drawings, the same reference numerals represent the same or similar components, or the same or similar steps.
It should be emphasized that the references to steps below are not intended to limit the order of the steps, but rather should be understood to mean that the steps may be performed in a different order than in the embodiments, or that several steps may be performed simultaneously.
In order to solve the problems that the prior verification technology cannot effectively identify deep dependence, relies on manual experience and lacks dynamic reasoning capability, the invention provides a cloud service orchestration validity intelligent verification method based on knowledge base enhancement, as shown in fig. 1, the method comprises the following steps S101-S103:
And step S101, analyzing cloud service arrangement files to be verified, and extracting a global resource list and resource definitions of each cloud resource. Wherein the resource definition includes a list of resource types and configuration parameters.
Step S102, each cloud resource in the cloud service orchestration file to be verified sequentially executes the verification steps of acquiring a corresponding dependency relationship list and a necessary filling parameter list from a pre-constructed dependency knowledge base according to the resource type of the current cloud resource and the type of the cloud service provider, checking whether the global resource list contains all resources in the dependency relationship list, and checking whether the configuration parameter list contains all parameters in the necessary filling parameter list. The construction method of the dependency knowledge base comprises the steps of extracting a cloud resource list from data issued by cloud service providers, extracting the dependency relationship and the necessary filling parameter of other resources when each cloud resource is deployed from the cloud resource list, generating the dependency relationship list and the necessary filling parameter list, using a cloud service provider identifier as a top-level naming space, using a resource type as a key name under each cloud service provider naming space, and storing the corresponding dependency relationship list and the necessary filling parameter list to obtain the dependency knowledge base.
And step 103, summarizing the dependency relationship and the necessary filling parameter of each cloud resource deficiency, and generating a verification result report.
In step S101, a cloud service orchestration file to be verified is parsed, and a global resource list and a resource definition of each cloud resource are extracted. Wherein the resource definition includes a list of resource types and configuration parameters.
The cloud service orchestration file to be verified is a declarative configuration file in a preset YAML or JSON format, and accords with the mainstream IaC tool specification (such as Pulumi, terraform).
In some embodiments, a YAML deployment file sample is defined based on Pulumi specifications, which defines the deployment of various cloud resources including VPCs, VSwitches, security groups, ECS instances, and elastic container instance groups. Each resource contains critical configuration parameters that it must fill, e.g., VPC needs to specify segments (cidrBlock), VSwitch needs to associate VPC and specify sub-network segments and available areas, ECS instance must configure instance type, mirror ID and security group, and elastic container instance group needs to set CPU, memory and container mirror, etc. The YAML deployment file completely describes the deployment requirements and interdependencies of each resource through the mandatory parameters as shown in the following code:
name:problem-demo
description normal deployment configuration
resources:
vpc-demo:
type: alicloud:vpc:Network
properties:
cidrBlock:10.0.0.0/16
vswitch-demo:
type: alicloud:vpc:Switch
properties:
vpcId: ${vpc-demo.id}
cidrBlock:10.0.1.0/24
zoneId:cn-hangzhou-g
sg-demo:
type: alicloud:ecs:securityGroup
properties:
vpcId:${vpc-demo.id}
rules:
ipProtocol: tcp
portRange:22/22
cidrIp:0.0.0.0/0
ecstest:
type: alicloud:ecs:Instance
properties:
instanceType:ecs.c6.large
imageId:centos_7_9_x64_20G_alibase_20230718.vhd
instanceName:my-ecs-instance
vswitchId:${vswitch-demo.id}
securityGroupIds:[${sg-demo.id}]
systemDisk:
category: cloud_essd
size:40
eci-test:
type: alicloud:eci:containerGroup
properties:
containerGroupName:my-eci
vSwitchId:Sivswitch-demo.id}
securityGroupId: ${sg-demo.id}
cpu:2
memory:4
containers:
name: nginximage: nginx:latestports:
port:80
protocol:TCP
In some embodiments, parsing the cloud service orchestration file to be validated, extracting a global resource list and resource definitions for each cloud resource, includes converting the cloud service orchestration file to an Abstract Syntax Tree (AST) using a YAML/JSON parser (e.g., pyYAML), validating the underlying syntax correctness (e.g., indentation, bracket matching). Identifying resources top level nodes in the document (alias processing of different tools: e.g., terraform resources) collects key names (i.e., resource logical names) of all child nodes, and obtains a global resource list and a resource definition of each cloud resource.
In step S102, in the process of deploying cloud resources, if knowledge storage of the underlying large language model is only relied on, there may be cognitive deviation due to time effectiveness and generalization capability limitation, and the problem can be partially alleviated by obtaining information through networking, but new uncertainty is introduced due to uncontrollable information sources and high processing cost. Therefore, in order to improve the accuracy and stability of cloud resource dependency judgment, the invention constructs a structured, authoritative and extensible dependency knowledge base, and provides knowledge support for the follow-up thinking chain frame reasoning.
In some embodiments, as shown in fig. 2, a construction flow chart of the dependent knowledge base is provided, which includes two parts of obtaining a cloud resource list and constructing the dependent knowledge base.
Specifically, in the cloud resource list acquisition part, official document data issued by each cloud service provider is acquired, a cloud resource name and a resource type are extracted from the official document data, and a cloud resource list is generated.
In some embodiments, the official document data in HTML format issued by each cloud service provider is obtained by a preset automated crawler. And analyzing the structured mark in the official document data, and extracting the cloud resource name and the resource type thereof, wherein the structured mark comprises an HTML element containing the cloud resource name and a resource type identification element associated with the cloud resource name. And summarizing the extracted cloud resource names and the resource types thereof, and carrying out standardized processing according to a preset naming specification to generate a machine-readable cloud resource list. The preset naming specification is, for example, "cloud service provider identification: service category: resource type".
After the dependency knowledge base part is constructed to obtain the cloud resource list, information extraction operation is sequentially carried out on each cloud resource in the cloud resource list, and the focus is on two dimensions, namely, an explicit or implicit dependency relationship (such as a network, a security group, a VPC and the like) of the cloud resource on other resources during deployment, and a critical necessary filling parameter field (such as vpcId, instanceType, zoneId and the like) required by the cloud resource in a deployment template. Illustratively, the extracted dependency relationship and the filling-necessary parameter are used for constructing metadata in the form of 'cloud resource → dependency relationship + filling-necessary parameter', so as to construct a dependency knowledge base.
In some embodiments, a rule driven method is used to locate special chapters in an official document in a corresponding HTML format, such as chapters that rely on item descriptions, preconditions, parameter descriptions, etc., based on preset document structure rules, where the document structure rules may be defined by Xpath expressions or CSS selectors. And extracting the initial dependency description and the parameter list in the special section through pattern matching.
The method comprises the steps of adopting a semantic recognition method, analyzing an initial dependency relationship description and a parameter list through a natural language processing model, and recognizing a forced dependency relationship and necessary parameters, wherein the forced dependency relationship is used for relying on network environment resources such as a VPC and a security group by an ECS instance, and the necessary parameters are used for filling such parameters as an instance specification, a mirror image ID and the like. And after unified naming standards, format standardization and redundant information filtering are carried out on the data obtained by screening, a dependency relationship list and a necessary parameter list are generated by summarizing.
And constructing a dependency knowledge base based on the generated dependency relationship list and the necessary filling parameter list.
In some embodiments, the dependency knowledge base is constructed based on the design principles of hierarchical organization, clear structure and strong expandability, specifically, the dependency knowledge base adopts a hierarchical storage architecture, a cloud service provider identifier is used as a top-level naming space, and under each cloud service provider naming space, a resource type is used as a key name, and a corresponding dependency relationship list and a necessary-filling parameter list are stored.
In some embodiments, based on the above knowledge base-dependent structural design, it can be described as:
cloudProviders:
- providerName: provider_1
resources:
- resourceName: resource_1
dependenciesList: [dependency_1, dependency_2, ...]
requiredFieldsList: [field_1, field_2, field_3, ...]
......
- providerName: provider_2
resources:
- resourceName: resource_2
dependenciesList: [dependency_1, dependency_2, ...]
requiredFieldsList: [field_1, field_2, field_3, ...]
......
......
In some embodiments, polling type knowledge extraction is performed on a cloud resource list by adopting a large language model to assist in constructing a dependent knowledge base, and the method comprises the steps of combining each resource type with a preset query template to generate a structured query instruction. And inputting the structured query instruction into a large language model for processing, and obtaining the dependency relationship and the necessary filling parameter of the resource type. And carrying out consistency check on the dependency relationship and the filling-necessary parameter obtained by the large language model and the dependency relationship and the filling-necessary parameter extracted from the cloud resource list. And when the verification is consistent, supplementing the dependency relationship and the necessary filling parameter acquired by the large language model to a dependency knowledge base. Illustratively, the query templates are:
"please list the pre-resource dependency and the mandatory configuration parameters that must be satisfied when deploying the resource type on the cloud facilitator, only return the format of dependent resource |resource 1, resource 2,., mandatory parameters |parameter 1, parameter 2,".
In the step S102 of the process of the present invention,
And sequentially verifying each cloud resource in the cloud service arrangement file to be verified by adopting a preset step-by-step reasoning mechanism. The step-by-step reasoning mechanism is realized based on a thinking Chain framework (Chain-of-Thought, coT) which simulates the logical reasoning path of human expert through a cyclic iteration process of disassembling a complex task into 'observation-thinking-action-feedback'. Illustratively, reAct thought chain frames are employed.
In some embodiments, a ReAct thought chain framework driven based on a preset template (Prompt).
In some embodiments, to assist in thinking chain framework explicit tasks, it is desirable to design a clearly structured, target-explicit promt. In this embodiment, the promt design principle includes:
And (3) definitely verifying the role of an execution subject, namely setting the verification execution subject (such as a model) as a role of 'cloud resource dependency analysis expert', and helping the verification execution subject focus on related professional domain knowledge.
And (3) determining a verification task, namely configuring a dual verification task of dependency integrity and parameter integrity for a verification execution subject, namely judging whether the dependency of cloud resources in a cloud service orchestration file (deployment file) to be verified is missing or not, and whether parameters are missing or not.
Typical cases are embedded, namely, a plurality of typical cloud resource verification cases (such as ECS dependent VPCs) are input for a verification execution body, and how to judge the dependency relationship and the missing of necessary parameters is demonstrated, so that the verification execution body is guided to form reasoning logic. The typical cloud resource verification case comprises information such as resource type identification, complete dependency relationship, necessary filling parameters, verification structure report and the like.
The fine-grained rule is predefined, cloud resources with dependency must appear in the global resource list, and the necessary parameters must appear in the configuration parameter list.
And defining an output format, namely outputting the cloud resource which is lack of dependence and the corresponding dependence relation in a structuring way, and generating a verification result report by the lack of necessary filling parameters.
To facilitate understanding, an example of the parts of Prompt is given:
For the explicit verification of the execution subject role part, the cloud service and the expert in the cloud resource field can be designed.
For the explicit verification task section, it can be designed to "determine whether cloud resource dependencies may be missing and whether the property filled in the resource fields in YAML lacks necessary entries" for one YAML deployment file.
For the embedded exemplary case section, it can be designed that "there is one ECS in the resource field in the YAML file, the ECS will typically depend on one VPC, but no VPC exists in the resource field of the YAML, so this ECS instance is a missing relationship dependency with respect to this YAML, and may not be a normally deployed resource. In addition, the ECS may have some padding fields, but the ECS may be considered to be missing padding parameters if there is no corresponding padding field in the parameter configuration of the ECS.
For the prescribed output format portion, the language type, data format can be designed. Such as a structured verification result report output in chinese.
Based on the Prompt design, the thinking chain framework can form a standardized judging flow, analyze actual deployment files one by one, and improve the accuracy and the robustness of detection.
As shown in FIG. 3, a flow chart for verification of a mental chain framework is illustrated, as an example of a ReAct mental chain framework.
ReAct the thinking chain framework receives and analyzes the pre-designed promtt, and through role setting and verification task definition in the promtt, it is clear that the task aims at verifying the deployment file in two aspects, namely whether the dependency relationship of cloud resources is lost or not, and whether the necessary filling parameters are lost or not.
ReAct the mind chain framework automatically identifies the deployment file fragments attached to the Prompt, extracts the resource entries (usually under the resources node) therein, and carries out structural analysis on the resource entries to obtain the type (such as ECS, VPC, RDS) of each resource, the configuration parameters and the context positions of the configuration parameters.
ReAct the mind chain framework enters the reasoning phase of the "observe-think-action-feedback" loop drive. Unlike conventional one-time rule matching, the ReAct thought chain framework in this embodiment accomplishes step-by-step deduction verification by using deduction paths and invoking knowledge bases as needed.
Specifically, in the process of verifying that an execution body (model) generates an inference path for a certain resource (for example, whether the ECS is completely configured is judged, the corresponding inference path is "whether to have necessary parameters- & gt whether to have dependent resources", and finally an answer is obtained), each time an external rule is required to support, the model queries related dependency relationships and parameters from a dependency knowledge base.
In some embodiments, invoking the dependency knowledge base on demand includes the steps of:
And extracting the resource type based on the cloud service orchestration file (deployment file) to be verified, and acquiring a general dependency relationship list and a necessary parameter list of the resource type from a dependency knowledge base.
Considering that different cloud service providers have different configuration standards, the verification execution body can infer the type of the cloud service provider adopted by the current deployment according to the resource identification and the context clues.
And after the cloud service provider type is defined, acquiring a dependency relationship list and a necessary parameter list under the cloud service provider name space from a dependency knowledge base. And checking whether the configuration parameter list of the cloud service orchestration file to be verified contains all parameters in the necessary filling parameter list of the cloud service provider type. In the checking process, when the dependency relationship and/or the necessary filling parameter are missing, recording is needed.
In step S103, the dependency relationship and the necessary filling parameter of each cloud resource deletion in the cloud service orchestration file to be verified are summarized, and a verification result report is generated. If no missing problem is found, a conclusion of "no problem" is output.
In some embodiments, the extent of impact of analyzing the validation result is reported based on the validation result. And grading according to the influence degree of the verification result, wherein the grading comprises a first-stage severity level, a second-stage severity level and a third-stage severity level. The first-level severity level indicates that a core dependency relationship and key safety parameters are absent, the second-level severity level indicates that an auxiliary function dependency relationship and non-key parameters are absent, and the third-level severity level indicates that cloud resource allocation is non-optimal.
In some embodiments, differentiation is performed on the verification results for different degrees of influence. Specifically, an immediate termination deployment notification is generated if the first level of severity is present, a forced repair alert is generated if the second level of severity is present, and an optimization suggestion notification is generated if the third level of severity is present.
Correspondingly, the invention also provides an intelligent verification system for the cloud service orchestration legitimacy based on the knowledge base enhancement, which comprises a processor, a memory and computer programs/instructions stored on the memory, wherein the processor is used for executing the computer programs/instructions, and the intelligent verification system realizes the intelligent verification method for the cloud service orchestration legitimacy based on the knowledge base enhancement when the computer programs/instructions are executed. Accordingly, the present invention also provides an electronic device comprising a computer apparatus including a processor and a memory, the memory having stored therein computer instructions for executing the computer instructions stored in the memory, the electronic device implementing the steps of the method as described above when the computer instructions are executed by the processor.
The embodiments of the present invention also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the aforementioned method. The computer readable storage medium may be a tangible storage medium such as Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, floppy disks, hard disk, a removable memory disk, a CD-ROM, or any other form of storage medium known in the art.
Those of ordinary skill in the art will appreciate that the various illustrative components, systems, and methods described in connection with the embodiments disclosed herein can be implemented as hardware, software, or a combination of both. The particular implementation is hardware or software dependent on the specific application of the solution and the design constraints. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine readable medium or transmitted over transmission media or communication links by a data signal carried in a carrier wave.
It should be understood that the invention is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. The method processes of the present invention are not limited to the specific steps described and shown, but various changes, modifications and additions, or the order between steps may be made by those skilled in the art after appreciating the spirit of the present invention.
In this disclosure, features that are described and/or illustrated with respect to one embodiment may be used in the same way or in a similar way in one or more other embodiments and/or in combination with or instead of the features of the other embodiments.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, and various modifications and variations can be made to the embodiments of the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. The intelligent verification method for the cloud service orchestration legality based on knowledge base enhancement is characterized by comprising the following steps of:
Analyzing cloud service arrangement files to be verified, and extracting a global resource list and resource definitions of each cloud resource, wherein the resource definitions comprise resource types and configuration parameter lists;
The method comprises the steps of sequentially executing the verification steps of acquiring a corresponding dependency relationship list and a necessary filling parameter list from a pre-constructed dependency knowledge base according to the resource type of a current cloud resource and the type of a cloud service provider, checking whether all resources in the dependency relationship list are contained in a global resource list, checking whether all parameters in the necessary filling parameter list are contained in a configuration parameter list, wherein the construction step of the dependency knowledge base comprises the steps of extracting a cloud resource list from data issued by each cloud service provider, extracting dependency relationship and necessary filling parameters of each cloud resource to other resources in deployment from the cloud resource list, generating the dependency relationship list and the necessary filling parameter list, and storing the corresponding dependency relationship list and the necessary filling parameter list by taking a cloud service provider identifier as a top-level naming space under each cloud service provider naming space by taking the resource type as a key name, so as to obtain the dependency knowledge base;
And summarizing the dependency relationship and the necessary filling parameter of each cloud resource deficiency, and generating a verification result report.
2. The method of claim 1, wherein extracting the cloud resource list from the data published by each cloud facilitator comprises:
acquiring document data in an HTML format issued by each cloud service provider through a preset automatic crawler program;
Analyzing a structured mark in the document data, and extracting a cloud resource name and a resource type thereof, wherein the structured mark comprises an HTML element containing the cloud resource name and a resource type identification element associated with the cloud resource name;
And summarizing the extracted cloud resource names and the resource types thereof, and carrying out standardized processing according to a preset naming specification to generate a machine-readable cloud resource list.
3. The method of claim 1, wherein extracting the dependency relationship and the padding parameter of each cloud resource on other resources when deployed from the cloud resource list, and generating the dependency relationship list and the padding parameter list, comprises:
Adopting a rule driving method, positioning a special section in the cloud resource list based on a preset document structure rule, extracting initial dependency relationship description and a parameter list in the special section through pattern matching;
and analyzing the initial dependency relation description and the parameter list through a natural language processing model by adopting a semantic identification method, identifying a forced dependency relation and a necessary filling parameter, and generating the dependency relation list and the necessary filling parameter list.
4. The method of claim 1, further comprising building the dependent knowledge base, the building the dependent knowledge base further comprising:
combining each resource type with a preset query template to generate a structured query instruction;
Inputting the structured query instruction into a large language model for processing, and obtaining the dependency relationship and the filling-necessary parameter of the resource type;
consistency checking is carried out on the dependency relationship and the filling-necessary parameter obtained by the large language model and the dependency relationship and the filling-necessary parameter extracted from the cloud resource list;
and when the verification is consistent, supplementing the dependency relationship and the necessary filling parameter acquired by the large language model to the dependency knowledge base.
5. The method of claim 1, wherein the verifying step is performed using a ReAct step reasoning mechanism driven based on a preset template.
6. The method of claim 5, wherein the pre-set template is constructed based on the steps of:
setting the role of a verification execution subject as a cloud resource dependency analysis expert;
the dual verification tasks of the integrity of the configuration dependency and the integrity of the parameters;
Embedding a typical cloud resource verification case, wherein the typical cloud resource verification case comprises a resource type identifier, a complete dependency relationship, a necessary filling parameter and a verification structure report;
the verification rule comprises that cloud resources with dependency relationships must appear in the global resource list, and necessary filling parameters must appear in the configuration parameter list;
A structured output format is specified.
7. The method of claim 1, wherein the dependency and the fill-in parameter of each cloud resource deficiency are summarized, and wherein after generating the verification result report, the method further comprises:
Grading according to the influence degree of the verification result, wherein the grading comprises a first-stage severity grade, a second-stage severity grade and a third-stage severity grade, the first-stage severity grade represents the lack of a core dependency relationship and a key safety parameter, the second-stage severity grade represents the lack of an auxiliary function dependency relationship and a non-key parameter, and the third-stage severity grade represents the non-optimal condition of cloud resource allocation;
Generating an immediate termination deployment notification for the first level of severity, generating a forced repair alert for the second level of severity, and generating an optimization suggestion notification for the third level of severity.
8. A knowledge base enhanced cloud service orchestration legitimacy intelligent verification system comprising a processor, a memory and computer programs/instructions stored on the memory, wherein the processor is configured to execute the computer programs/instructions, which when executed, implement the steps of the method according to any one of claims 1 to 7.
9. A computer readable storage medium having stored thereon a computer program/instruction which when executed by a processor performs the steps of the method according to any of claims 1 to 7.
10. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510960368.0A CN120455177B (en) | 2025-07-11 | Intelligent verification method and system for cloud service orchestration legality based on knowledge base enhancement |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202510960368.0A CN120455177B (en) | 2025-07-11 | Intelligent verification method and system for cloud service orchestration legality based on knowledge base enhancement |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN120455177A CN120455177A (en) | 2025-08-08 |
| CN120455177B true CN120455177B (en) | 2025-10-10 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112579399A (en) * | 2020-12-28 | 2021-03-30 | 上海蓝云网络科技有限公司 | Cloud service testing method and device, electronic equipment and computer storage medium |
| CN114489781A (en) * | 2022-02-16 | 2022-05-13 | 华云数据控股集团有限公司 | Method, device, device and storage medium for editing layout template in cloud platform |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112579399A (en) * | 2020-12-28 | 2021-03-30 | 上海蓝云网络科技有限公司 | Cloud service testing method and device, electronic equipment and computer storage medium |
| CN114489781A (en) * | 2022-02-16 | 2022-05-13 | 华云数据控股集团有限公司 | Method, device, device and storage medium for editing layout template in cloud platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Horton et al. | Dockerizeme: Automatic inference of environment dependencies for python code snippets | |
| US20200264870A1 (en) | Automating Generation of Library Suggestion Engine Models | |
| US11720334B2 (en) | Inductive equivalence in machine-based instruction editing | |
| US10877748B2 (en) | Machine-based instruction editing | |
| US9772830B2 (en) | System and method for modeling cloud rules for migration to the cloud | |
| US20100180256A1 (en) | Method and system for generating functional test cases | |
| CN120021429A (en) | Techniques for identifying and validating security control steps in software development pipelines | |
| CN104899037A (en) | Intrusive type grey box assembly validation method based on model | |
| CN115687138A (en) | Code checking method and device and server | |
| CN119668576B (en) | Low-code software development system | |
| CN103186463A (en) | Method and system for determining testing range of software | |
| WO2011041246A1 (en) | Systems and methods for analyzing and transforming an application from a source installation to a target installation | |
| CN120455177B (en) | Intelligent verification method and system for cloud service orchestration legality based on knowledge base enhancement | |
| CN113672233B (en) | Server out-of-band management method, device and equipment based on Redfish | |
| Nooraei Abadeh et al. | Delta‐based regression testing: a formal framework towards model‐driven regression testing | |
| US8819645B2 (en) | Application analysis device | |
| CN120455177A (en) | Intelligent verification method and system for cloud service orchestration legitimacy based on knowledge base enhancement | |
| CN114385388B (en) | Algorithm processing method and device, electronic equipment and storage medium | |
| CN120045171B (en) | Code generation method and device | |
| Shah et al. | CloudScent: a model for code smell analysis in open-source cloud | |
| Franchini | Verification and synthesis of Infrastructure-as-Code through satisfiability modulo theories | |
| CN120723296A (en) | Code reconstruction method, system, equipment and medium based on function identification | |
| Ahlstrom | Dependency Analysis for Software Licensing and Security | |
| Froborg et al. | Vulnerability detection in an isolated network environment using the language server protocol | |
| CN119760711A (en) | PLC source code vulnerability detection method and device based on rule engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |