百度智能云
All Product Document

          Relational Database Service

          • Relational Database Service
          • >
          • SDK
          • >
          • GO-SDK
          • >
          • Initialization

          Initialization

          Last Updated2021-04-13

          Confirm Endpoint

          When confirming the Endpoint configured when you use SDK, you can first read the Developer's Guide about RDS Access Domain to understand the concepts related to Endpoint. At present, Baidu Cloud has opened multi-regional support, which can be found in Description of Region Selection.

          Get the Key

          To use Baidu cloud RDS, you need to have a valid AK(Access Key ID) and SK(Secret Access Key) for signature authentication. AK/SK are strings assigned to users by the system for user identification and signature verification when accessing RDS.

          You can obtain and understand your AK/SK information by following steps:

          Register a Baidu Cloud Account

          Create AK/SK

          Create RDS Client

          RDS Client is the client of RDS service, which provides a series of methods for developers to interact with RDS service.

          Use AK/SK to Create RDS Client

          To access RDS by AK/SK mode, users can create a new RDS Client with reference to the following codes:

          import (
	"github.com/baidubce/bce-sdk-go/services/rds"
)

func main() {
	// users' Access Key ID and Secret Access Key
	ACCESS_KEY_ID, SECRET_ACCESS_KEY := <your-access-key-id>, <your-secret-access-key>

	// Endpoint specified by users
	ENDPOINT := <domain-name>

	// initialize an RDSClient
	rdsClient, err := rds.NewClient(AK, SK, ENDPOINT)
}

          In the above codes,ACCESS_KEY_IDcorresponds to the “Access Key ID” in the console, and the SECRET_ACCESS_KEY corresponds to the “Access Key Secret” in the console, about how to obtain AKSK, please refer to Operation Guide How to Obtain AKSK. The third parameterENDPOINT supports users to specify the domain name by themselves, if they set it as an empty string, the default domain name will be used as the service address of RDS.

          Note:ENDPOINTparameter should be defined with the domain name of specified zone, for example, if the service zone is Beijing, it is rds.bj.baidubce.com `.

          Use STS to Create RDS Client

          Apply for STS token

          RDS can realize the temporary authorized access by a third party through STS mechanism. STS(Security Token Service)is a temporary authorization service provided by Baidu Cloud, through which, you can issue an access certificate that the validity and privilege can be defined by users themselves to third-party users. With the certificate, third-party users can directly call Baidu Cloud API or SDK to access Baidu Cloud resources.

          To access RDS through STS, users need to apply for an authentication string through STS client first. The application steps can be found in Baidu Cloud STS Usage Introduction.

          Use STS token to Create RDS Client

          After STS is obtained, configure STS Token into RDS Client, so as to create RDS Client through STS Token.

          Code instance

          GO SDK realizes the interface of STS service, users can refer to the following complete codes to apply for STS Token and create RDS Client object:

          import (
	"fmt"

	"github.com/baidubce/bce-sdk-go/auth"         //load authentication module
	"github.com/baidubce/bce-sdk-go/services/rds" //load RDS service module
	"github.com/baidubce/bce-sdk-go/services/sts" //load STS service module
)

func main() {
	// create the Client object of STS service, Engpoint takes the default value
	AK, SK := <your-access-key-id>, <your-secret-access-key>
	stsClient, err := sts.NewClient(AK, SK)
	if err != nil {
		fmt.Println("create sts client object :", err)
		return
	}

	// obtain temporary authentication token, valid for 60 seconds, ACL is empty
	stsObj, err := stsClient.GetSessionToken(60, "")
	if err != nil {
		fmt.Println("get session token failed:", err)
		return
    }
	fmt.Println("GetSessionToken result:")
	fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
	fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
	fmt.Println("  sessionToken:", stsObj.SessionToken)
	fmt.Println("  createTime:", stsObj.CreateTime)
	fmt.Println("  expiration:", stsObj.Expiration)
	fmt.Println("  userId:", stsObj.UserId)

	// create Client object of RDS service using temporary STS applied for, Endpoint takes the default value
	rdsClient, err := rds.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, "")
	if err != nil {
		fmt.Println("create rds client failed:", err)
		return
	}
	stsCredential, err := auth.NewSessionBceCredentials(
		stsObj.AccessKeyId,
		stsObj.SecretAccessKey,
		stsObj.SessionToken)
	if err != nil {
		fmt.Println("create sts credential object failed:", err)
		return
	}
	rdsClient.Config.Credentials = stsCredential
}

          Note: 目At present, when configuring RDS Client with STS, no matter where the Endpoint of corresponding RDS service is, the Endpoint of STS should be configured as http://sts.bj.baidubce.com. This default value is used when creating STS objects in the above codes.

          Configure HTTPS protocol to access RDS

          RDS supports HTTPS transmission protocol, you can access the RDS service by using HTTPS in RDS GO SDK by specifying the HTTPS in the Endpoint specified when creating the RDS Client object:

          // import "github.com/baidubce/bce-sdk-go/services/rds"

ENDPOINT := "https://rds.bj.baidubce.com" //specify the use of HTTPS protocol
AK, SK := <your-access-key-id>, <your-secret-access-key>
rdsClient, _ := rds.NewClient(AK, SK, ENDPOINT)

          Configure RDS Client

          If users need to configure some detailed parameters of RDS Client, they can use the export field Config of RDS Client object to customize the configuration after creating the RDSClient object, and can configure parameters such as proxy and maximum number of connections for the client.

          Use Proxy

          The following codes can be used for accessing RDS service at client end by using proxy:

          // import "github.com/baidubce/bce-sdk-go/services/rds"

//Create RDS Client object
AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "rds.bj.baidubce.com"
client, _ := rds.NewClient(AK, SK, ENDPOINT)

//the proxy uses the local 8080 port
client.Config.ProxyUrl = "127.0.0.1:8080"

          Setting Network Parameters

          Users can set network parameters through the following codes:

          // import "github.com/baidubce/bce-sdk-go/services/rds"

AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "rds.bj.baidubce.com"
client, _ := rds.NewClient(AK, SK, ENDPOINT)

// configuration does not support rtry, Back Off retry by default
client.Config.Retry = bce.NewNoRetryPolicy()

// time-out period of configuration connection is 30s
client.Config.ConnectionTimeoutInMillis = 30 * 1000

          Configure and Generate Signature String Option

          // import "github.com/baidubce/bce-sdk-go/services/rds"

AK, SK := <your-access-key-id>, <your-secret-access-key>
ENDPOINT := "rds.bj.baidubce.com"
client, _ := rds.NewClient(AK, SK, ENDPOINT)

// the request header of HTTP used in configuration signature is `Host`
headersToSign := map[string]struct{}{"Host": struct{}{}}
client.Config.SignOption.HeadersToSign = HeadersToSign

// the validity of configuration signature is 30s
client.Config.SignOption.ExpireSeconds = 30

          Parameter Description

          When a user accesses RDS using GO SDK, all parameters supported by Config field of RDS Client object are shown in the following table:

          Configuration item name Type Meaning
          Endpoint string domain name of the requested service
          ProxyUrl string proxy address requested at client end
          Region string zone where the resource is requested
          UserAgent string user name, User-Agent header of HTTP request
          Credentials *auth.BceCredentials requested authentication object, divided into common AK/SK and STS
          SignOption *auth.SignOptions authentication string signature options
          Retry RetryPolicy connection retry policy
          ConnectionTimeoutInMillis int connection timeout, in milliseconds, 20 minutes by default

          Description: 

          1. the `credentials' field is created with the functions `auth.newbcauthentications' and auth.NewSessionBceCredentials'. the former is used by default, while the latter is used when STS is used for authentication. See the subsection "creating RDS Client with STS" for details.
2. 2. the ``SignOption` field is an option when a signature string is generated, detailed in the following table:
          Name Type Meaning
          HeadersToSign map[string]struct{} HTTP header used when generating signature string
          Timestamp int64 timestamp used in the signature string generated, value when the request was sent is used by default
          ExpireSeconds int validity period of signature string 
           In which, HeadersToSign defaults to `Host`,`Content-Type`,`Content-Length`,`Content-MD5`;TimeStamp is 0 generally, representing the timestamp when the authentication string generated is called and used, and the value of the field is not clearly specified by user generally; ExpireSeconds defaults to be 1800 seconds, that is, 30min. 

3. The retry policy is specified in `retry' field, which currently supports two types: `NoRetryPolicy`和`BackOffRetryPolicy`。The latter is used by default. The retry policy is to specify the maximum number of retries, the longest retry time and the retry base, and to retry according to the exponential growth of the retry base multiplied by 2 until the maximum retry test or the longest retry time is reached.
          Previous
          Install SDK Toolkit
          Next
          Instance Management