Updating a KACLS Endpoint
Use the PATCH /v1/cckm/GoogleWorkspaceCSE/endpoints/{id} API to update details of a KACLS endpoint. The name of an existing endpoint cannot be modified.
Syntax
curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "issuer": "<issuer-id>", "authenticationAud": "<authentication-aud>", "authorizationAud": "<authorization-aud>", "endpoint_url_hostname": "<endpoint_url_hostname>" \n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
| AUTHTOKEN | string | Authorization token. Parameters listed below can be updated. |
| authenticationAud | array of strings | List of supported audience for authentication JWT. This is the ID of the third-party identity provider. For example, for Auth0, it is represented by the Client ID. |
| authorizationAud | array of strings | List of supported audience for authorization JWT. |
| endpoint_url_hostname | string | Hostname and port (<hostname>:<port>) of the endpoint URL. Enter the fully qualified domain name (FQDN) of the CCKM/CipherTrust Manager. If the port is not specified, 443 is the default port. |
| cors | array of strings | List of Cross-Origin Resource Sharing (CORS) to support. |
| issuer | array of strings | List of trusted issuer IDs to use with this endpoint. This issuer is managed through the /GoogleWorkspaceCSE/issuers URL.You can change the issuer when updating an endpoint. |
| allow_privileged_unwrap (optional) | boolean | Whether to enable privileged-unwrap configuration for this endpoint. Set to true to enable. Default is false. |
| allow_rewrap (optional) | boolean | Whether to enable rewrap configuration for this endpoint. Set to true to enable. Default is false. |
| enable_success_audit_event (optional) | boolean | Enable or disable audit recording of successful operations within a GWS CSE endpoint. The default value is false. It is recommended to set it to false if facing performance issues w.r.t. the data-plane APIs. |
| allow_guest_access (optional) | boolean | Whether to enable guest access for this KACLS endpoint. Set true to enable. Default is false. |
Note
To perform the key migration, the value of allow_privileged_unwrap parameter should be true for the endpoint and the privilegeunwrap configuration must be set. Refer to Updating a Privileged Unwrap Configuration.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "issuer": [\n "39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",\n "39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"\n ]\n}' --compressed
Example Response
{
"issuer": [
"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
"39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"
],
"id": "39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
"uri": "kylo:kylo:cckm:auth:39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2019-12-24T08:06:28.7135Z",
"name": "endpoint_1",
"updatedAt": "2019-12-24T08:06:28.692717Z",
"cors": [
"https://foo.example",
"https://bar.example"
],
"authorizationAud": null,
"authenticationAud": [
"122334a33qr31038dekfhfl"
],
"endpoint_url_hostname": "<KS IP>",
"endpoint_url": "https://<KS IP>/cckm/GoogleWorkspaceCSE/39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
"kekName": "GoogleWorkspaceCSE_endpoint_1_39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
"kekID": "39a9e91b7a954fbfbf7930930eeb1d2c39a9e91b7a954fbfbf7930930eeb1d2c",
"kekVersion": "0",
"meta": null,
"status": "active",
"allow_privileged_unwrap": false,
"allow_rewrap": true,
"allow_guest_access": false
}
The output shows updated details of the endpoint.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
Refer to HTTP status codes for details.
