Mixed-mode authorization metadata manager for cloud computing environments

摘要

Methods and apparatus for a mixed-mode authorization metadata manager for cloud computing environments are disclosed. A system includes a plurality of service managers coordinating respective distributed multitenant services, and a metadata manager. In response to a metadata request for an authorization entity, the metadata manager identifies a first and a second service manager coordinating services in use by a client account with which the authorization entity is affiliated. The first and second service managers implement respective authorization APIs. The metadata manager provides composite authorization metadata of the authorization entity based at least in part on (a) service authorization metadata provided by each of the first and second service managers and (b) identity authorization metadata provided by an identity manager.

主权项

1. A system, comprising a plurality of computing devices configured to implement:
a plurality of service managers, wherein each service manager of the plurality of service managers is operable to coordinate a respective service of a plurality of distributed multitenant services implemented at least in part using a plurality of resources of a provider network; and a metadata manager; wherein the metadata manager is operable to:
in response to a metadata request identifying a particular authorization entity affiliated with a client account of a client of the provider network,
identify a first service manager and a second service manager of the plurality of service managers, respectively coordinating a first service and a second service of the plurality of distributed multitenant services to which the client account has access, wherein the first service manager is configured to support a first authorization application programming interface (API) for the first service and the second service manager is configured to support a second authorization API for the second service; andprovide composite authorization metadata of the particular authorization entity based at least in part on (a) service authorization metadata provided by the first service manager and service authorization metadata provided by the second service manager and (b) identity authorization metadata provided by an identity manager of the provider network.