Updating a KACLS Endpoint Perimeter
KACLS endpoint perimeters are the policies that allow or disallow the wrap, unwrap, and takeout_unwrap operations. Refer to Access Policies for details.
Updating a perimeter requires understanding of Open Policy Agent.
Use the PATCH /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/perimeters API to update KACLS endpoint perimeters.
Syntax
curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}/perimeters' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200/perimeters' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' --compressed
package example
default allow = false
allow {
input.authorization.email == "abc@foo.com"
input.authentication.email == "abc@foo.com"
input.authentication.ExtraClaims.location == "Noida"
input.perimeter_id == "takeout"
}
Example Response
"package example default allow = false allow { input.authorization.email == \"abc@foo.com\" input.authentication.email == \"abc@foo.com\" input.authentication.ExtraClaims.location == \"Noida\" input.perimeter_id == \"takeout\" }"
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
Refer to HTTP status codes for details.
