Initialization
Confirm Endpoint
When confirming the Endpoint configured when you use SDK, you can first read the Developer's Guide about RDS Access Domain to understand the concepts related to Endpoint. At present, Baidu Cloud has opened multi-regional support, which can be found in Description of Region Selection.
Get the Key
To use Baidu cloud RDS, you need to have a valid AK(Access Key ID) and SK(Secret Access Key) for signature authentication. AK/SK are strings assigned to users by the system for user identification and signature verification when accessing RDS.
You can obtain and understand your AK/SK information by following steps:
Register a Baidu Cloud Account
Create RDS Client
RDS Client is the client of RDS service, which provides a series of methods for developers to interact with RDS service.
Use AK/SK to Create RDS Client
To access RDS by AK/SK mode, users can create a new RDS Client with reference to the following codes:
import (
"github.com/baidubce/bce-sdk-go/services/rds"
)
func main() {
// users' Access Key ID and Secret Access Key
ACCESS_KEY_ID, SECRET_ACCESS_KEY := <your-access-key-id>, <your-secret-access-key>
// Endpoint specified by users
ENDPOINT := <domain-name>
// initialize an RDSClient
rdsClient, err := rds.NewClient(AK, SK, ENDPOINT)
}
In the above codes,ACCESS_KEY_ID
corresponds to the “Access Key ID” in the console, and the SECRET_ACCESS_KEY
corresponds to the “Access Key Secret” in the console, about how to obtain AKSK, please refer to Operation Guide How to Obtain AKSK. The third parameterENDPOINT
supports users to specify the domain name by themselves, if they set it as an empty string, the default domain name will be used as the service address of RDS.
Note:
ENDPOINT
parameter should be defined with the domain name of specified zone, for example, if the service zone is Beijing, it is rds.bj.baidubce.com `.
Use STS to Create RDS Client
Apply for STS token
RDS can realize the temporary authorized access by a third party through STS mechanism. STS(Security Token Service)is a temporary authorization service provided by Baidu Cloud, through which, you can issue an access certificate that the validity and privilege can be defined by users themselves to third-party users. With the certificate, third-party users can directly call Baidu Cloud API or SDK to access Baidu Cloud resources.
To access RDS through STS, users need to apply for an authentication string through STS client first. The application steps can be found in Baidu Cloud STS Usage Introduction.
Use STS token to Create RDS Client
After STS is obtained, configure STS Token into RDS Client, so as to create RDS Client through STS Token.
Code instance
GO SDK realizes the interface of STS service, users can refer to the following complete codes to apply for STS Token and create RDS Client object:
import (
"fmt"
"github.com/baidubce/bce-sdk-go/auth" //load authentication module
"github.com/baidubce/bce-sdk-go/services/rds" //load RDS service module
"github.com/baidubce/bce-sdk-go/services/sts" //load STS service module
)
func main() {
// create the Client object of STS service, Engpoint takes the default value
AK, SK := <your-access-key-id>, <your-secret-access-key>
stsClient, err := sts.NewClient(AK, SK)
if err != nil {
fmt.Println("create sts client object :", err)
return
}
// obtain temporary authentication token, valid for 60 seconds, ACL is empty
stsObj, err := stsClient.GetSessionToken(60, "")
if err != nil {
fmt.Println("get session token failed:", err)
return
}
fmt.Println("GetSessionToken result:")
fmt.Println(" accessKeyId:", stsObj.AccessKeyId)
fmt.Println(" secretAccessKey:", stsObj.SecretAccessKey)
fmt.Println(" sessionToken:", stsObj.SessionToken)
fmt.Println(" createTime:", stsObj.CreateTime)
fmt.Println(" expiration:", stsObj.Expiration)
fmt.Println(" userId:", stsObj.UserId)
// create Client object of RDS service using temporary STS applied for, Endpoint takes the default value
rdsClient, err := rds.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "")
if err != nil {
fmt.Println("create rds client failed:", err)
return
}
stsCredential, err := auth.NewSessionBceCredentials(
stsObj.AccessKeyId,
stsObj.SecretAccessKey,
stsObj.SessionToken)
if err != nil {
fmt.Println("create sts credential object failed:", err)
return
}
rdsClient.Config.Credentials = stsCredential
}
Note: 目At present, when configuring RDS Client with STS, no matter where the Endpoint of corresponding RDS service is, the Endpoint of STS should be configured as http://sts.bj.baidubce.com. This default value is used when creating STS objects in the above codes.
Configure HTTPS protocol to access RDS
RDS supports HTTPS transmission protocol, you can access the RDS service by using HTTPS in RDS GO SDK by specifying the HTTPS in the Endpoint specified when creating the RDS Client object:
// import "github.com/baidubce/bce-sdk-go/services/rds"
ENDPOINT := "https://rds.bj.baidubce.com" //specify the use of HTTPS protocol
AK, SK := <your-access-key-id>, <your-secret-access-key>
rdsClient, _ := rds.NewClient(AK, SK, ENDPOINT)
Configure RDS Client
If users need to configure some detailed parameters of RDS Client, they can use the export field Config
of RDS Client object to customize the configuration after creating the RDSClient object, and can configure parameters such as proxy and maximum number of connections for the client.
Use Proxy
The following codes can be used for accessing RDS service at client end by using proxy:
// import "github.com/baidubce/bce-sdk-go/services/rds"
//Create RDS Client object
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "rds.bj.baidubce.com"
client, _ := rds.NewClient(AK, SK, ENDPOINT)
//the proxy uses the local 8080 port
client.Config.ProxyUrl = "127.0.0.1:8080"
Setting Network Parameters
Users can set network parameters through the following codes:
// import "github.com/baidubce/bce-sdk-go/services/rds"
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "rds.bj.baidubce.com"
client, _ := rds.NewClient(AK, SK, ENDPOINT)
// configuration does not support rtry, Back Off retry by default
client.Config.Retry = bce.NewNoRetryPolicy()
// time-out period of configuration connection is 30s
client.Config.ConnectionTimeoutInMillis = 30 * 1000
Configure and Generate Signature String Option
// import "github.com/baidubce/bce-sdk-go/services/rds"
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "rds.bj.baidubce.com"
client, _ := rds.NewClient(AK, SK, ENDPOINT)
// the request header of HTTP used in configuration signature is `Host`
headersToSign := map[string]struct{}{"Host": struct{}{}}
client.Config.SignOption.HeadersToSign = HeadersToSign
// the validity of configuration signature is 30s
client.Config.SignOption.ExpireSeconds = 30
Parameter Description
When a user accesses RDS using GO SDK, all parameters supported by Config field of RDS Client object are shown in the following table:
Configuration item name | Type | Meaning |
---|---|---|
Endpoint | string | domain name of the requested service |
ProxyUrl | string | proxy address requested at client end |
Region | string | zone where the resource is requested |
UserAgent | string | user name, User-Agent header of HTTP request |
Credentials | *auth.BceCredentials | requested authentication object, divided into common AK/SK and STS |
SignOption | *auth.SignOptions | authentication string signature options |
Retry | RetryPolicy | connection retry policy |
ConnectionTimeoutInMillis | int | connection timeout, in milliseconds, 20 minutes by default |
Description:
1. the `credentials' field is created with the functions `auth.newbcauthentications' and auth.NewSessionBceCredentials'. the former is used by default, while the latter is used when STS is used for authentication. See the subsection "creating RDS Client with STS" for details.
2. 2. the ``SignOption` field is an option when a signature string is generated, detailed in the following table:
Name | Type | Meaning |
---|---|---|
HeadersToSign | map[string]struct{} | HTTP header used when generating signature string |
Timestamp | int64 | timestamp used in the signature string generated, value when the request was sent is used by default |
ExpireSeconds | int | validity period of signature string |
In which, HeadersToSign defaults to `Host`,`Content-Type`,`Content-Length`,`Content-MD5`;TimeStamp is 0 generally, representing the timestamp when the authentication string generated is called and used, and the value of the field is not clearly specified by user generally; ExpireSeconds defaults to be 1800 seconds, that is, 30min.
3. The retry policy is specified in `retry' field, which currently supports two types: `NoRetryPolicy`和`BackOffRetryPolicy`。The latter is used by default. The retry policy is to specify the maximum number of retries, the longest retry time and the retry base, and to retry according to the exponential growth of the retry base multiplied by 2 until the maximum retry test or the longest retry time is reached.