1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Microsegmentation Administrator's Guide
    5. apoctl
    6. Concepts

    Concepts

    apoctl provides the following main commands:
    • api to interact with the Microsegmentation Console API
    • appcred to manage app credentials
    • auth to deal with authentication tokens
    • configure for quick set up
    • enforcer to obtain enforcer debugging information
    • oam to debug connectivity issues
    • profiles to manage multiple profiles
    • protect to deploy enforcers to hosts
    • reports to generate compliance reports
    • stats to retrieve statistical data
    • unprotect to uninstall enforcers from hosts
    Here are the main global flags you can set:
    • --api or -A: defines the URL of the Microsegmentation Console API
    • --namespace or -n: defines the namespace you want to target
    • --token or -t: defines the token to use to authenticate
    • --config: defines the path to a configuration profile to use
    • --log-level: defines the level of logging
    In general, every flag can be also set from an environment variable. You can easily guess the environment variable by
    • upper casing the flag name
    • replace all - by _
    • prefixing it by APOCTL
    For instance, the variable used to set the above flags are:
    APOCTL_API
APOCTL_NAMESPACE
APOCTL_TOKEN
APOCTL_LOG_LEVEL
APOCTL_CONFIG
    The resolution order is as follows from low to high priority:
    1. built-in default value
    2. value set in a configuration profile
    3. value set the environment variables
    4. value set using the flags.

    Autocompletion

    apoctl supports autocompletion on bash and zsh. It will autocomplete commands, API resources, attributes, and more.
    To take advantages of this feature, you must add a command in your shell configuration.
    For Bash:
    echo "source <(apoctl completion bash)" >> ~/.bashrc
    For ZSH:
    echo "source <(apoctl completion zsh)" >> ~/.zshrc
    On CentOS, you may need to install the bash-completion package which is not installed by default.
    sudo yum install bash-completion -y
    On macOS, you may need to install the bash-completion package which is not installed by default.
    • If running Bash 3.2 included with macOS:
      brew install bash-completion
    • If running Bash 4.1+:
      brew install bash-completion@2

    Profiles

    apoctl supports multiple configuration profiles that can be placed in ~/.apoctl.
    A profile is a simple YAML file setting default values for any flags of apoctl. The most useful one is to set up your default namespace as well as an app credential to use.
    All values defined in the profile, can be overridden by an environment variable or by setting the flag when you call apoctl.
    The default profile is ~/.apoctl/default.yaml. If it doesn’t exists, apoctl will use its built-in default values.
    To select a profile, use the flag --config, set the environment variable $APOCTL_CONFIG_NAME, or use apoctl profiles command.
    For instance, you can create ~/.apoctl/my-profile.yaml and tell apoctl to use it by running:
    export APOCTL_CONFIG_NAME=my-profile
    Or
    apoctl profile use my-profile
    In any case, to verify which profile is used, you can run apoctl profiles.
    Note that the value of the variable must omit the extension.
    Profile example:
    $ cat ~/.apoctl/default.yaml
api: https://microsegmentation.acme.com
namespace: /acme
creds: ~/.apoctl/default.creds
output: yaml

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo