Updating a DKE Endpoint
Use the patch /v1/cckm/microsoft/dke/endpoints/{id} API to update the attributes of a Microsoft DKE endpoint.
Syntax
curl -k '<CCKM IP address>/api/v1/cckm/microsoft/dke/endpoints/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name": "<unique_name_dke_endpoint",\n "description": "dke_endpoint_description",\n "key_uri_hostname": "base_url_hostname_for_key_uri",\n "algorithm": "<dke_key_algorithm>",\n "enable_success_audit_event": <true|false>,\n "meta": {\n "color": "small",\n "size": "red"\n },\n "authorization_params": {\n "valid_issuers": [\n "<valid_issuer_for_dke_endpts>/"\n ],\n "authorization_type": "email",\n "email_authz_params": {\n "authorized_email_addresses": [\n "<authorized_email_address_1>",\n "<authorized_email_address_2>"\n ]\n }\n }\n}' --compressed
Here, {id} is the ID of the DKE endpoint.
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| auth_tenants (optional) | string | List of IDs of authorized tenants for the DKE endpoint. |
| description (optional) | string | Description for the endpoint. |
| enable_success_audit_event (optional) | boolean | Enable or disable audit recording of successful operations. Default value is true. |
| key_uri_hostname (optional) | string | Base url hostname for KeyURI. |
| meta (optional) | JSON | Additional information associated with this endpoint. |
| name (optional) | string | Unique name for the endpoint. |
DKE Authorization Parameters
| Parameter | Type | Description |
|---|---|---|
| authorization_type | string | Authorization type for DKE key: email and role. |
| email_authz_params | string | Parameters for email-based authorization. Required field, if authorization_type is email. |
| authorized_email_addresses | string | Allowed email addresses. Required field, if authorization_type is email. |
| role_authz_params | string | Parameters for role-based authorization. Required field, if authorization_type is set to role. Also, specify connection. Refer to Request Parameters. |
| authorized_roles | string | Allowed roles in active directory. Required field, if authorization_type is set to role. |
| valid_issuers | string | A valid issuer for the DKE endpoint. For example, https://sts.windows.net/azure tenant ID/. This issuer must match the issuer within the JWT that the CCKM receives. |
Note
The use of wildcards '*' and '?' are supported for email addresses. The following are examples of supported wildcard formats:
abc*@gmail.com: supports any email that starts with abc and ends with "@gmail.com".
abc@?.com: supports any email that starts with abc, contains "@" followed by at least one character and ends with ".com".
abc@?.?*: supports any email that starts with abc, contains "@" followed by at least one character, followed by the dot character (.), and ends with at least one character.
?*@gmail.com: supports any email that starts with at least one character and ends with "@gmail.com".
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/microsoft/dke/endpoints/f222ffdf-80e1-4fd5-8f17-1b60a26dba5d' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1ZTc3Y2Q3NC0wMmVhLTRhNzYtODIzMi1hNDY4YTg1MGQwM2UiLCJzdWIiOiJsb2NhbHw0ODMyZDM4ZS04YzdhLTRiMjYtYTc5Ni1kNjk3NWQyOTg2ZGIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJjbGllbnRfdHlwZSI6InVucmVnaXN0ZXJlZCIsImRvbWFpbl9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCIsImdyb3VwcyI6WyJhZG1pbiJdLCJzaWQiOiIzMGJiZTYxNS1hNWQzLTQwNzAtYTNjYi01NDA0Y2YzMmE5OTYiLCJ6b25lX2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwIn0sImp3dGlkIjoiZDY2OGQ4ZWYtNTFkNS00N2Y0LWIzMTUtNDZjNmU1ZDA0ZDM5IiwiaWF0IjoxNjkyOTI1NjYxLCJleHAiOjE2OTI5MjU5NjF9.7-XtqNCuErnxpGbz5IkT6Il3gF7Xzk8ic0Sgch5CHXs' -H 'Content-Type: application/json' -H 'accept: application/json' --data-binary $'{\n "name": "updated_ep_name",\n "description": "updated demo dke endpoint 7",\n "key_uri_hostname": "test.com",\n "algorithm": "RSA_DECRYPT_OAEP_2048_SHA256",\n "meta": {\n "color": "small",\n "size": "blue"\n },\n "authorization_params": {\n "valid_issuers": [\n "https://sts.windows.net/9c99431e-b513-44be-a7d9-e7b500002dbc"\n ],\n "authorization_type": "email",\n "email_authz_params": {\n "authorized_email_addresses": [\n "maria_updated@test.com",\n "mark_updated@test.com"\n ]\n }\n }\n}' --compressed
This example request shows the attributes of the DKE endpoint with the ID of f222ffdf-80e1-4fd5-8f17-1b60a26dba5d is updated to now use maria_updated@test.com and mark_updated@test.com as the authorized email addresses and updated demo dke endpoint 7 as the revised description for the endpoint. Also, the valid issuer is now revised to https://sts.windows.net/9c99431e-b513-44be-a7d9-e7b500002dbc/.
Example Response
{
"id": "2f63df7e-4229-4bee-aeba-ec8c408fb8fb",
"uri": "kylo:kylo:cckm:dke-endpoint:2f63df7e-4229-4bee-aeba-ec8c408fb8fb",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-06-23T03:23:59.468599Z",
"updatedAt": "2023-06-23T06:46:32.035941Z",
"name": "updated_ep_name",
"description": "updated demo dke endpoint 1",
"key_uri_hostname": "test.com",
"key_uri": "https://test.com/api/v1/cckm/microsoft/dke-data-plane/endpoints/2f63df7e-4229-4bee-aeba-ec8c408fb8fb/keys/ks-e998720b0e8e4ccc9ecf6a6e125ccce16356ba90b31540478a4d23fed4216203",
"kek_name": "ks-e998720b0e8e4ccc9ecf6a6e125ccce16356ba90b31540478a4d23fed4216203",
"kek_id": "e998720b0e8e4ccc9ecf6a6e125ccce16356ba90b31540478a4d23fed4216203",
"kek_uuid": "da9cebd9-7b04-4412-b73f-d9193838f4ad",
"meta": {
"color": "small",
"size": "red"
},
"kek_version": "0",
"key_type": "asymmetric",
"algorithm": "RSA_DECRYPT_OAEP_2048_SHA256",
"enable_success_audit_event": true,
"auth_tenants": [
"95180635-b494-4f57-b9ba-a250aeac741f"
],
"auto_rotate": false,
"status": "Enabled"
}
This sample output shows the attributes of the DKE endpoint with the ID of f222ffdf-80e1-4fd5-8f17-1b60a26dba5d' is updated to now use maria_updated@test.com and mark_updated@test.com as the authorized email addresses and updated demo dke endpoint 7 as the revised description for the endpoint. Also, the valid issuer is now revised to https://sts.windows.net/9c99431e-b513-44be-a7d9-e7b500002dbc/.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
