Get TAS Settings
GET/api/v32.07/settings/tas
x-prisma-cloud-target-env: {"permission":"policyContainers"}
Retrieves Tanzu Application Service (TAS) settings.
cURL Request
Refer to the following example cURL command that retrieves all TAS settings:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/settings/tas"
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
Cap indicates only the last k images should be fetched.
CloudControllerAddress is the address of the local cloud controller in TAS env.
Hostname is the hostname of the defender that is used as the blobstore scanner.
Name is the droplet name.
Remote indicates whether the blobstore is remote or local.
remoteConfig object
TASRemoteBlobstoreConfig contains remote blobstore details
BlobstoreAddress is the address of the remote cloud controller.
CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.
credential object
Credential specifies the authentication data of an external provider
Specifies the unique ID for credential.
Specifies the unique ID for an IBM Cloud account.
Specifies the account identifier. Example: a username, access key, account GUID, and so on.
Specifies the name of the cloud account.
apiToken object
Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database
Specifies an encrypted value of the secret.
Specifies the plain text value of the secret.
azureSPInfo object
AzureSPInfo contains the Azure credentials needed for certificate based authentications
ClientID is the client identifier.
Possible values: [user-assigned,system-assigned
]
SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.
TenantID is the ID of the AAD directory in which the application was created.
Specifies the CA certificate for a certificate-based authentication.
Specifies the cloud provider account ID.
Specifies the time when the credential was created (or, when the account ID was changed for AWS).
Specifies the description for a credential.
Indicates whether the credential was onboarded from the Prisma platform.
Indicates whether the credential scope is global. Available values are: true: Global false: Not Global Note: For GCP, the credential scope is the organization.
Specifies the time when the credential was last modified.
ociCred object
OCICred are additional parameters required for OCI credentials
Fingerprint is the public key signature.
TenancyID is the OCID of the tenancy.
Specifies the user who created or modified the credential.
Specifies the time when the account was last modified by Prisma Cloud Compute.
Specifies the Amazon Resource Name (ARN) of the role to be assumed.
secret object
Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database
Specifies an encrypted value of the secret.
Specifies the plain text value of the secret.
Indicates whether to skip the certificate verification in TLS communication.
Specifies a list of specific endpoints for use in STS sessions in various regions.
tokens object
TemporaryToken is a temporary session token for cloud provider APIs AWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html GCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials Azure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on
Specifies a temporary access key.
awsSecretAccessKey object
Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database
Specifies an encrypted value of the secret.
Specifies the plain text value of the secret.
Specifies a duration for the token.
Specifies an expiration time for the token.
token object
Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database
Specifies an encrypted value of the secret.
Specifies the plain text value of the secret.
Possible values: [aws,azure,gcp,ibmCloud,oci,apiToken,basic,dtr,kubeconfig,certificate,gitlabToken
]
Type specifies the credential type
Specifies the base server URL.
Indicates whether to authenticate using the IAM Role attached to the instance. Available values are: true: Authenticate with the attached credentials false: Don’t authenticate with the attached credentials.
Indicates whether to use the regional STS endpoint for an STS session. Available values are: true: Use the regional STS false: Don’t use the regional STS.
CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.
Foundation is the name of TAS foundation.
[
{
"cap": 0,
"cloudControllerAddress": "string",
"hostname": "string",
"pattern": "string",
"remote": true,
"remoteConfig": {
"blobstoreAddress": "string",
"cACert": "string",
"credential": {
"_id": "string",
"accountGUID": "string",
"accountID": "string",
"accountName": "string",
"apiToken": {
"encrypted": "string",
"plain": "string"
},
"azureSPInfo": {
"clientId": "string",
"miType": [
"user-assigned",
"system-assigned"
],
"subscriptionId": "string",
"tenantId": "string"
},
"caCert": "string",
"cloudProviderAccountID": "string",
"created": "2024-07-29T15:51:28.071Z",
"description": "string",
"external": true,
"global": true,
"lastModified": "2024-07-29T15:51:28.071Z",
"ociCred": {
"fingerprint": "string",
"tenancyId": "string"
},
"owner": "string",
"prismaLastModified": 0,
"roleArn": "string",
"secret": {
"encrypted": "string",
"plain": "string"
},
"skipVerify": true,
"stsEndpoints": [
"string"
],
"tokens": {
"awsAccessKeyId": "string",
"awsSecretAccessKey": {
"encrypted": "string",
"plain": "string"
},
"duration": 0,
"expirationTime": "2024-07-29T15:51:28.071Z",
"token": {
"encrypted": "string",
"plain": "string"
}
},
"type": [
"aws",
"azure",
"gcp",
"ibmCloud",
"oci",
"apiToken",
"basic",
"dtr",
"kubeconfig",
"certificate",
"gitlabToken"
],
"url": "string",
"useAWSRole": true,
"useSTSRegionalEndpoint": true
},
"credentialID": "string",
"foundation": "string"
}
}
]