Initialization

CFS

  • Updates and Announcements
    • Function Release Records
    • Product Announcement
      • Announcement on CFS Metric Adjustments
  • Product Description
    • Product Introduction
    • Basic concepts
    • Product features
    • Product specifications
    • Usage Limits and Recommendations
    • Selection Guide
      • How to Choose Between CFS and PFS
      • How to Choose Between CFS, BOS and CDS
    • Application scenarios
  • Product pricing
    • Pay-as-you-go
    • Storage package billing
    • Insufficient balance reminders and debt handling
    • Billing Cases
  • Quick Start
    • Getting Started Overview
    • Quick start (Linux)
    • Quick start (Windows)
  • Operation guide
    • Activate Service
    • Manage File System
      • Create file system
      • Delete a file system
      • View file system details
      • Set File System Capacity Upper Limit
    • Mount and Access
      • Add mount target
      • Mount and Unmount CFS on BCC
        • Mount and Unmount on Linux System
          • Mount and Unmount SMB Protocol CFS on Single BCC
          • Batch mounting and unmounting NFS CFS on multiple BCC
          • Mounting and unmounting NFS CFS on a single BCC
        • Mount and Unmount SMB Protocol CFS on Windows System
        • Mount CFS File System When Purchasing New BCC
      • Using CFS in CCE
    • Permission Group Management
    • Identity and access management
    • Data encryption
    • Management Tags
    • Backup
    • Monitor and Alarm
      • View monitoring
      • Alarm management
      • Metric definition
    • Cloud Audit
  • Typical Practices
    • Set Different User Permissions for Different Directories
    • Using File Systems Across Regions Or Accounts
    • Use SFTP to Upload and Download CFS File System Data
    • Use Rsync to Sync From Old File System to CFS File System
    • Best Practices for Managing CFS with Terraform
    • Performance Testing Methods
      • Linux System Performance Testing Methods
      • Windows System Performance Testing Methods
  • API Reference
    • API Function Update Records
    • API Overview
    • Interface Overview
    • General Description
    • Service domain
    • Error code
    • File System Related Interfaces
      • Create file system
      • Update file system
      • Query file system
      • Query mount client
      • Drop file system
      • Update file system tags
    • mount target Related Interfaces
      • Create mount target
      • Query mount targets
      • Delete mount target
    • Permission Group-related APIs
      • Create Permission Group
      • Update permission group
      • Query Permission Groups
      • Delete permission group
      • Create permission group rules
      • Update permission group rules
      • Query permission group rules
      • Delete permission group rule
    • Data type
  • Go-SDK
    • Overview
    • Initialization
    • File system
    • Mount target
    • Error handling
  • FAQs
    • Common Questions Overview
    • General Problems
    • Billing Problems
    • NFS protocol questions
    • SMB Protocol Issues
  • Service Level Agreement (SLA)
    • CFS Service Level Agreement (SLA)
All documents
menu
No results found, please re-enter

CFS

  • Updates and Announcements
    • Function Release Records
    • Product Announcement
      • Announcement on CFS Metric Adjustments
  • Product Description
    • Product Introduction
    • Basic concepts
    • Product features
    • Product specifications
    • Usage Limits and Recommendations
    • Selection Guide
      • How to Choose Between CFS and PFS
      • How to Choose Between CFS, BOS and CDS
    • Application scenarios
  • Product pricing
    • Pay-as-you-go
    • Storage package billing
    • Insufficient balance reminders and debt handling
    • Billing Cases
  • Quick Start
    • Getting Started Overview
    • Quick start (Linux)
    • Quick start (Windows)
  • Operation guide
    • Activate Service
    • Manage File System
      • Create file system
      • Delete a file system
      • View file system details
      • Set File System Capacity Upper Limit
    • Mount and Access
      • Add mount target
      • Mount and Unmount CFS on BCC
        • Mount and Unmount on Linux System
          • Mount and Unmount SMB Protocol CFS on Single BCC
          • Batch mounting and unmounting NFS CFS on multiple BCC
          • Mounting and unmounting NFS CFS on a single BCC
        • Mount and Unmount SMB Protocol CFS on Windows System
        • Mount CFS File System When Purchasing New BCC
      • Using CFS in CCE
    • Permission Group Management
    • Identity and access management
    • Data encryption
    • Management Tags
    • Backup
    • Monitor and Alarm
      • View monitoring
      • Alarm management
      • Metric definition
    • Cloud Audit
  • Typical Practices
    • Set Different User Permissions for Different Directories
    • Using File Systems Across Regions Or Accounts
    • Use SFTP to Upload and Download CFS File System Data
    • Use Rsync to Sync From Old File System to CFS File System
    • Best Practices for Managing CFS with Terraform
    • Performance Testing Methods
      • Linux System Performance Testing Methods
      • Windows System Performance Testing Methods
  • API Reference
    • API Function Update Records
    • API Overview
    • Interface Overview
    • General Description
    • Service domain
    • Error code
    • File System Related Interfaces
      • Create file system
      • Update file system
      • Query file system
      • Query mount client
      • Drop file system
      • Update file system tags
    • mount target Related Interfaces
      • Create mount target
      • Query mount targets
      • Delete mount target
    • Permission Group-related APIs
      • Create Permission Group
      • Update permission group
      • Query Permission Groups
      • Delete permission group
      • Create permission group rules
      • Update permission group rules
      • Query permission group rules
      • Delete permission group rule
    • Data type
  • Go-SDK
    • Overview
    • Initialization
    • File system
    • Mount target
    • Error handling
  • FAQs
    • Common Questions Overview
    • General Problems
    • Billing Problems
    • NFS protocol questions
    • SMB Protocol Issues
  • Service Level Agreement (SLA)
    • CFS Service Level Agreement (SLA)
  • Document center
  • arrow
  • CFS
  • arrow
  • Go-SDK
  • arrow
  • Initialization
Table of contents on this page
  • Confirm Endpoint
  • Retrieve access key
  • Create a new CFS client
  • Create a new CFS client with AK/SK
  • Create a CFS client with STS
  • Configure HTTPS access to CFS
  • Configure the CFS client
  • Use a proxy
  • Set network parameters
  • Configure options for generating signature strings

Initialization

Updated at:2025-11-11

Confirm Endpoint

Before configuring the Endpoint for SDK usage, please refer to the developer guide section on CFS Access Domain Name to understand Endpoint-related concepts. Baidu AI Cloud currently supports multiple regions. Please refer to Region Selection Guide.

Retrieve access key

To utilize CFS, you must have a valid AK (Access Key ID) and SK (Secret Access Key) for signature verification. The AK/SK are system-generated strings used to identify users and perform authentication for CFS.

Your AK/SK information can be obtained and understood through the following steps:

  • Register a Baidu AI Cloud account
  • Create AK/SK

Create a new CFS client

The CFS client acts as the interface for CFS control plane services, offering developers various methods to interact with these services.

Create a new CFS client with AK/SK

Users can refer to the following code to create a new CFS Client to access CFS with AK/SK:

Plain Text 
1import (
2    "github.com/baidubce/bce-sdk-go/services/cfs"
3)
4func main() {
5 // User’s Access Key ID and Secret Access Key
6    ACCESS_KEY_ID, SECRET_ACCESS_KEY:= <your-access-key-id>, <your-secret-access-key>
7 // User-specified Endpoint
8    ENDPOINT := <domain-name>
9 // Initialize a CFSClient
10    cfsClient, err := cfs.NewClient(ACCESS_KEY_ID, SECRET_ACCESS_KEY, ENDPOINT)
11}

In the code above, ACCESS_KEY_ID corresponds to “Access Key ID” in the console. SECRET_ACCESS_KEY corresponds to “Access Key Secret” in the console. Refer to the How to Retrieve AKSK. The third parameter ENDPOINT is a user-specified domain name. If left empty, the default domain name will be used as the CFS control plane service address.

Note: The endpoint parameter must be defined with the domain name of the specified region. For example, if the service is located in Beijing, the endpoint will be cfs.bj.baidubce.com.

Create a CFS client with STS

Request STS Token

CFS allows temporary third-party access authorization via the STS mechanism. STS (Security Token Service) is a temporary authorization feature provided by Baidu AI Cloud. Using STS, you can generate access credentials with customized validity periods and permissions for third-party users. These credentials allow third-party users to directly call Baidu AI Cloud APIs or SDKs to access cloud resources.

To access CFS via STS, users must first request a certification string through the STS client. For instructions on obtaining STS credentials, refer to Baidu AI Cloud STS Usage Guide.

Create CFS Client with STS Token

Once you have obtained the STS token, integrate it into the CFS Client to enable CFS client creation based on STS.

Code example

The GO SDK implements the STS service API. Below is a complete example for requesting an STS Token and creating an CFS Client object:

Plain Text 
1import (
2    "fmt"
3 "github.com/baidubce/bce-sdk-go/auth"                    //Import the authentication module
4 "github.com/baidubce/bce-sdk-go/services/ cfs" //Import CFS service module
5 "github.com/baidubce/bce-sdk-go/services/sts"            //Import the Baige service module
6)
7func main() {
8 //Create a Client object for the STS service, using the default Endpoint
9    AK, SK := <your-access-key-id>, <your-secret-access-key>
10    stsClient, err := sts.NewClient(AK, SK)
11    EndPoint := "cfs.bj.baidubce.com"
12    if err != nil {
13        fmt.Println("create sts client object :", err)
14        return
15    }
16 //Obtain a temporary authentication token with a validity period of 60 seconds and an empty ACL
17    stsObj, err := stsClient.GetSessionToken(60, "")
18    if err != nil {
19        fmt.Println("get session token failed:", err)
20        return
21    }
22    fmt.Println("GetSessionToken result:")
23    fmt.Println("  accessKeyId:", stsObj.AccessKeyId)
24    fmt.Println("  secretAccessKey:", stsObj.SecretAccessKey)
25    fmt.Println("  sessionToken:", stsObj.SessionToken)
26    fmt.Println("  createTime:", stsObj.CreateTime)
27    fmt.Println("  expiration:", stsObj.Expiration)
28    fmt.Println("  userId:", stsObj.UserId)
29 //Create a client object for CFS control plane services using the requested temporary STS, with the default endpoint
30    cfsClient, err := cfs.NewClient(stsObj.AccessKeyId, stsObj.SecretAccessKey, EndPoint)
31    if err != nil {
32        fmt.Println("create cfs client failed:", err)
33        return
34    }
35    stsCredential, err := auth.NewSessionBceCredentials(
36        stsObj.AccessKeyId,
37        stsObj.SecretAccessKey,
38        stsObj.SessionToken)
39    if err != nil {
40        fmt.Println("create sts credential object failed:", err)
41        return
42    }
43    cfsClient.Config.Credentials=stsCredential
44}

Note: When configuring a CFS client with STS, regardless of the location of the CFS service endpoint, the STS endpoint must always be set to http//sts.bj.baidubce.com. This is the default configuration when creating an STS object in the code above.

Configure HTTPS access to CFS

CFS supports the HTTPS transport protocol. To use HTTPS to access CFS services with the CFS Go SDK, specify HTTPS in the endpoint when creating the CFS client object.

Plain Text 
1import "github.com/baidubce/bce-sdk-go/services/cfs"
2 ENDPOINT := "https://cfs.bj.baidubce.com" //Specify the use of HTTPS protocol
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4cfsClient, _ := cfs.NewClient(AK, SK, ENDPOINT)

Configure the CFS client

If users need to configure specific parameters for the CFS Client, they can customize the configuration using the exported Config field of the CFS Client object after its creation. This allows for configuring parameters such as proxy and maximum number of connections for the client.

Use a proxy

The following code snippet enables the client to access CFS service using a proxy:

Plain Text 
1import "github.com/baidubce/bce-sdk-go/services/cfs"
2 // Create an CFS Client object
3AK, SK := <your-access-key-id>, <your-secret-access-key>
4ENDPOINT := "cfs.bj.baidubce.com"
5client, _ := cfs.NewClient(AK, SK, ENDPOINT)
6 // Use the local port 8080 for the proxy
7client.Config.ProxyUrl = "127.0.0.1:8080"

Set network parameters

Users can configure network parameters using the following example code:

Plain Text 
1import "github.com/baidubce/bce-sdk-go/services/cfs"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "cfs.bj.baidubce.com"
4client, _ := cfs.NewClient(AK, SK, ENDPOINT)
5 // Configure to not retry, default: Back Off retry
6client.Config.Retry=bce.NewNoRetryPolicy()
7 // Configure connection timeout to 30 seconds
8client.Config.ConnectionTimeoutInMillis=30*1000

Configure options for generating signature strings

Plain Text 
1import "github.com/baidubce/bce-sdk-go/services/cfs"
2AK, SK := <your-access-key-id>, <your-secret-access-key>
3ENDPOINT := "cfs.bj.baidubce.com"
4client, _ := cfs.NewClient(AK, SK, ENDPOINT)
5 // Configure the HTTP request header Host for signing
6headersToSign := map[string]struct{}{"Host": struct{}{}}
7client.Config.SignOption.HeadersToSign = HeadersToSign
8 // Configure the validity period of the signature to 30 seconds
9client.Config.SignOption.ExpireSeconds=30

Parameter description When using the GO SDK to access CFS, the Config field of the created CFS Client object supports the following parameters, as shown in the table below:

ConfigMap name Types Meaning
Endpoint string Domain name for service requests
ProxyUrl string The proxy address for client requests
Region string Region for resource requests
UserAgent string User name, HTTP request’s User-Agent header
Credentials *auth.BceCredentials Authentication object for requests, divided into regular AK/SK and STS
SignOption *auth.SignOptions Options for authentication string signing
Retry RetryPolicy Retry policy for connections
ConnectionTimeoutInMillis int Connection timeout, in milliseconds, defaulting to 20 minutes

Description:

  1. The Credentials is created using the auth.NewBceCredentials and auth.NewSessionBceCredentials functions. The former is used by default, while the latter is used for STS certification. See "Create a CFS client with STS" for details.
  2. The SignOption field represents options when generating a signature string, as detailed in the table below:
Name Types Meaning
HeadersToSign map[string]struct{} HTTP headers used when generating the signature string
Timestamp int64 Timestamp used in the generated signature string, defaulting to the value at the time of sending request

Among them, HeadersToSign defaults to Host, Content-Type, Content-Length and Content-MD5. TimeStamp is generally set to zero, indicating that the timestamp when generating the authentication string is used. Users should not explicitly specify this field’s value. ExpireSeconds defaults to 1,800 seconds (30 minutes).

  1. The Retry field specifies the retry policy, currently supporting two types: NoRetryPolicy and BackOffRetryPolicy. By default, the latter is used. This retry policy specifies the maximum number of retries, the maximum retry duration, and the retry base. Retries increase exponentially based on the retry base multiplied by 2 until the maximum number of retries or the maximum retry duration is reached.

Previous
Overview
Next
File system