- URL:
- https://<root>/security/ingress/update
- Methods:
POST- Version Introduced:
- 10.9
Access requirements
Required privileges
The Enterprise Administrator API requires privilege-based access. An administrator must be assigned a specific user privilege, or role, to access any given endpoint. Listed below are the user privileges or roles an administrator can be assigned that provides access to this endpoint. If multiple privileges are listed, only one needs to be assigned to gain access.
Tokens
This API requires token-based authentication. A token is automatically generated for administrators who sign in to the Enterprise Administrator API directory's HTML interface. Tokens generated in this way are stored for the entirety of the session.
Those accessing the API directory outside of the HTML interface will need to acquire a session token from the generate operation in the Enterprise Directory API. For security reasons, all POST requests made to the Enterprise Administrator API must include a token in the request body.
Description
The update operation modifies the security configuration implemented by the Ingress controller. The update operation can also be used to specify a wildcard certificate for the Ingress controller.
Request parameters
| Parameter | Details |
|---|---|
| The JSON object representing the Ingress security configuration. |
| The response format. The default format is Values: |
Ingress security configuration properties
| Property | Details |
|---|---|
| The cipher suites, in OpenSSL format, used by the Ingress controller. The cipher suites listed below, in both OpenSSL and Internet Assigned Numbers Authority (IANA) format, are configured by default and work for TLSv1.2 and TLSv1.3. If the TLS protocols TLSv1 or TLSv1.1 are specified in the
|
| A comma-separated list that specifies the TLS protocols the Ingress controller will support. |
| The name of a user-defined TLS secret that exists in the same namespace as ArcGIS Enterprise on Kubernetes, which contains the wildcard certificate that will be used by the Ingress controller. This property must be specified if |
| Specifies the identity wildcard certificate that will be used by the Ingress controller. The certificate must have already been imported and given an alias. The alias of the imported certificate will be passed as the value for this property. This property must be set if |
| A Boolean that indicates whether HTTP Strict Transport Security (HSTS) is enabled by the Ingress controller. Values: |
| Specifies where the identity certificate used by the Ingress controller is stored. If Values: |
Example usage
The following is a sample POST request for the update operation that demonstrates modifying the identity property with the name of an imported certificate that will be used by the Ingress controller:
POST /<context>/admin/security/ingress/update HTTP/1.1
Host: organization.example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []
ingressSecurityConfig={
"cipherSuites": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305",
"httpsProtocols": "TLSv1.2 TLSv1.3",
"tlsSecretName": "",
"identityCertificateName": "orgCert",
"hstsEnabled": true,
"isTlsSecretSystemManaged": true
}&f=pjson&token=bnwCK0Wlwj9fIJrwWq5o8LgV__ibaG6Lw_idwH8HA2c3pnYoTB1_odgA0MIC7p8oKQr8sYVFTMbpEerYQf4pIx34a7QGyBTUPtx5VYpzI_xyi68qGVUOmO8ouQqWGQEDWW6Jc0dJrIOVZBJ4x3aHyaBgPnuUWZitcGssH6QYH47Nuk_b6NRChHBi_EglJutuOPbCKc96TmbfKkH7atbfCSecvv3nnVHYvC1s1j02ZZWqt6Q_idRuVhQVcfBbFkFwJSON Response example
{"statu": "success"}