Creating DKE Authorized Tenants
Use the post /v1/cckm/microsoft/dke/auth-tenants API to create a DKE authorized tenant for the Microsoft Double Key Encryption service.
Specify a unique name for the authorized tenant
Syntax
curl -k '<CCKM IP address>/api/v1/cckm/microsoft/dke/auth-tenants' -X POST -H 'Authorization: Bearer AUTHTOKEN' -H 'accept: application/json' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| authorization_type | string | Authorization type for DKE key: email and role. |
| issuer | string | A valid issuer for the DKE endpoint. Currently, only one issuer is supported. For example, https://sts.windows.net/azure tenant ID/. This issuer must match the issuer within the JWT that the CCKM receives. |
| name | string | Unique name for the authorized tenant. |
| tenant_id | string | tenant_id for the authorized tenant. |
| authorized_email_addresses (optional) | string | Allowed email addresses. Required field, if authorization_type is email. |
| authorized_roles (optional) | string | Allowed roles in active directory. Required field, if authorization_type is set to role. |
| connection (optional) | string | ID of the Azure connection. Mandatory for role-based authorization. |
| description (optional) | string | Description for the authorized tenant. |
Note
The use of wildcards '*' and '?' are supported for email addresses. The following are examples of supported wildcard formats:
abc*@gmail.com: supports any email that starts with abc and ends with "@gmail.com".
abc@?.com: supports any email that starts with abc, contains "@" followed by at least one character and ends with ".com".
abc@?.?*: supports any email that starts with abc, contains "@" followed by at least one character, followed by the dot character (.), and ends with at least one character.
?*@gmail.com: supports any email that starts with at least one character and ends with "@gmail.com".
Example Request
curl -k 'https://54.173.227.108/api/v1/cckm/microsoft/dke/auth-tenants' -X POST -H 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiI1OGE3OTZlNi0wMjY0LTRjNjgtOWVlOS0xNTEzODFmYWYxZWIiLCJzdWIiOiJsb2NhbHwxYWIwNGY0ZC01MDQ5LTQ0M2ItOWQ0OC02MzVlYjVjNDRmYzciLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJjbGllbnRfaWQiOiI4MzdjODQwZC03NWRkLTRiNGYtYTMxOC03OWNiMTZjYTI0OGQiLCJjbGllbnRfbmFtZSI6ImFwaS1wbGF5Z3JvdW5kIiwiY2xpZW50X3R5cGUiOiJwdWJsaWMiLCJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiODM3Yzg0MGQtNzVkZC00YjRmLWEzMTgtNzljYjE2Y2EyNDhkIiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6ImQyYTJlZjcwLWI0MjItNDI0ZS04YjRmLTMwMjEzNjg0MzFkNiIsImlhdCI6MTcwODQ5NzczMywiZXhwIjoxNzA4NDk4MDMzfQ.p2-CcT6nk-ErTpNmIBkrDPdORm1A9dZoGvjpGixTL4L0so-FS9I4umbSFiDaCoJSBt5RmjjuFLfsS0pBMQM62g' -H 'accept: application/json' --compressed
Example Response
{
"id": "c575e91f-411d-4042-b526-b6f7e3f50f1b",
"uri": "kylo:kylo:cckm:dke-auth-tenant:c575e91f-411d-4042-b526-b6f7e3f50f1b",
"account": "kylo:kylo:admin:accounts:kylo",
"createdAt": "2023-12-28T04:57:52.719716Z",
"updatedAt": "2023-12-28T04:57:52.719244Z",
"name": "Authorized tenent 001",
"tenant_id": "d27d849e-e487-4b0e-a54c-a71e67687d10",
"authorization_type": "email",
"issuer": "https://sts.windows.net/d27d849e-e487-4b0e-a54c-a71e67687d10/",
"authorized_email_addresses": [
"ali@example.com"
]
}
The sample output shows that the DKE authorized tenant with the name of Authorized tenent 001 and an ID of c575e91f-411d-4042-b526-b6f7e3f50f1b along with other specified parameters is created.
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
