Method for Processing Cloud Service in Cloud System and Related Apparatus

What is claimed is: 1 . A method implemented by a second alliance management apparatus on a second cloud platform, wherein the method comprises: receiving, from a second operation apparatus on the second cloud platform, a local identity credential obtaining request, wherein the local identity credential obtaining request comprises a first identity credential of a first user on a first cloud platform and requests to obtain a second identity credential of the first user on the second cloud platform, and wherein the first cloud platform and the second cloud platform are allied clouds of each other; obtaining, from a first alliance management apparatus on the first cloud platform, a federal identity credential of the first user based on the first identity credential; converting the first federal identity credential into the second identity credential; sending, to the second operation apparatus, the second identity credential to enable a first client of the first user to obtain the second identity credential; and generating, based on the second identity credential, an application programming interface (API) invocation request to invoke a first cloud service shared by the second cloud platform. 2 . The method of claim 1 , further comprising: receiving, from the first alliance management apparatus, a first shared service catalog comprising information about a second cloud service shared by the first cloud platform; receiving, from the second operation apparatus, a shared service catalog query request; and sending, to the second operation apparatus and in response to the shared service catalog query request, the first shared service catalog to enable a second user to select and access a service from the first shared service catalog. 3 . The method of claim 2 , wherein the first shared service catalog comprises one or more of a provisioning range of the second cloud service, a maximum sharing usage of the second cloud service, or a feature limitation of the second cloud service. 4 . The method of claim 1 , further comprising: receiving an identity mapping set by an administrator of the second cloud platform, wherein the identity mapping comprises a mapping relationship between a third identity credential of a tenant on the second cloud platform and a second federal identity credential of the tenant; and further converting, based on the identity mapping, the first federal identity credential into the second identity credential, wherein the first user is in the tenant. 5 . The method of claim 1 , further comprising: sending, to the first alliance management apparatus, a federal identity credential obtaining request comprising the first identity credential; and receiving, from the first alliance management apparatus, the first federal identity credential based on an identity mapping, wherein the identity mapping comprises a mapping relationship between a third identity credential of a tenant on the first cloud platform and a second federal identity credential of the tenant, and wherein the first user is in the tenant. 6 . The method of claim 1 , further comprising receiving a second cloud federation relationship set by a second administrator of the second cloud platform, wherein the second cloud federation relationship is between the first cloud platform and the second cloud platform. 7 . The method of claim 6 , further comprising: receiving, from the first alliance management apparatus, a first cloud federation relationship configured by a first administrator of the first cloud platform; and verifying the first cloud federation relationship and the second cloud federation relationship. 8 . The method of claim 1 , further comprising: receiving, from the second operation apparatus, a coordination processing request is based on the API invocation request; sending, to the first alliance management apparatus, the coordination processing request; receiving, from the first alliance management apparatus, a coordination processing result of a first operation apparatus on the first cloud platform; and sending, to the second operation apparatus, the coordination processing result to enable the second operation apparatus to generate an API invocation request processing result based on the coordination processing result. 9 . The method of claim 1 , wherein the first cloud platform and the second cloud platform are of different cloud service providers or different cloud platforms of a same cloud service provider. 10 . The method of claim 1 , wherein the first cloud platform is a first public cloud, a first private cloud, or a first hybrid cloud, and wherein the second cloud platform is a second public cloud, a second private cloud, or a second hybrid cloud. 11 . A second alliance management apparatus on a second cloud platform in a cloud system, wherein the second alliance management apparatus comprises: a memory configured to store instructions; and one or more processors coupled to the memory and configured to execute the instructions to cause the second alliance management apparatus to: receive, from a second operation apparatus on the second cloud platform, a local identity credential obtaining request, wherein the local identity credential obtaining request comprises a first identity credential of a first user on a first cloud platform and requests to obtain a second identity credential of the first user on the second cloud platform, and wherein the first cloud platform and the second cloud platform are allied clouds of each other; obtain, from a first alliance management apparatus on the first cloud platform, a first federal identity credential of the first user based on the second identity credential; convert the first federal identity credential into the second identity credential; send, to the second operation apparatus, the second identity credential to enable a first client of the first user to obtain the second identity credential; and generate, based on the second identity credential, an application programming interface (API) invocation request to invoke a first cloud service shared by the second cloud platform. 12 . The second alliance management apparatus of claim 11 , wherein the one or more processors are further configured to execute the instructions to cause the second alliance management apparatus to: receive, from the first alliance management apparatus, a first shared service catalog comprising information about a second cloud service shared by the first cloud platform; receive, from the second operation apparatus, a shared service catalog query request; and send, to the second operation apparatus and in response to the shared service catalog query request, the first shared service catalog to enable a second user to select and access a service from the first shared service catalog. 13 . The second alliance management apparatus of claim 12 , wherein the first shared service catalog comprises one or more of a provisioning range of the second cloud service, a maximum sharing usage of the second cloud service, or a feature limitation of the second cloud service. 14 . The second alliance management apparatus of claim 11 , wherein the one or more processors are further configured to execute the instructions to cause the second alliance management apparatus to: receive an identity mapping from an administrator of the second cloud platform, wherein the identity mapping comprises a mapping relationship between a third identity credential of a tenant on the second cloud platform and a second federal identity credential of the tenant; and further convert, based on the identity mapping,