Apono Query Langauge

Use the Apono Query Language (AQL) to create Access Flows with a simple and intuitive syntax for querying resources, integrations, permissions, and more.

Customer Documentation: Apono Query Language

Welcome to the Apono Query Language (AQL) documentation! This guide explains how to use the query language to filter, search, and manage resources effectively within the Apono platform.

Overview

The Apono Query Language (AQL) provides a simple and intuitive syntax for querying resources, integrations, permissions, and more. It supports various operators and field types to allow precise and flexible querying capabilities.

Syntax Basics

A query consists of a field, an operator, and a value. For example:

resource_tag["env"] = "prd"

  • Field: Specifies the attribute or tag to query (e.g., resource_tag["env"]).

  • Operator: Defines the condition (e.g., = for equality).

  • Value: The expected value for the field (e.g., "prd").

Supported Fields

ID Fields

These fields represent core resource attributes:

  • resource_type

  • integration

  • resource

  • resource_status

  • resource_risk_level

  • permission

  • permission_risk_level

Name Fields

These fields support detailed matching based on names and tags:

  • integration_name

  • resource_name

  • permission_name

  • resource_tag["<key>"]

  • resource_context["<key>"]

  • permission_tag["<key>"]

  • permission_context["<key>"]

Operators

Equality Operators

  • =: Equals

  • !=: Not Equals

Substring Operators

  • contains: Field contains the specified value.

  • not_contains: Field does not contain the specified value.

  • starts_with: Field starts with the specified value.

  • ends_with: Field ends with the specified value.

Set Operators

  • in: Field matches any value in a list.

  • not_in: Field does not match any value in a list.

Logical Operators

  • and / AND: Combine multiple conditions (all must be true).

  • or / OR: Combine multiple conditions (any can be true).

  • not / NOT: Negate a condition.

Examples

Basic Queries

  1. Filter resources tagged with env as prd:

    resource_tag["env"] = "prd"

  2. Find resources with the type database:

    resource_type = "database"

  3. Exclude resources tagged as test:

    resource_tag["env"] != "test"

Complex Queries

  1. Resources with env as prd and type database:

    resource_tag["env"] = "prd" and resource_type = "database"

  2. Permissions containing admin in their name or tagged with critical:

    permission_name contains "admin" or permission_tag["level"] = "critical"

  3. Negating conditions:

    not resource_tag["env"] = "prd"

  4. Using a list of values:

    resource_tag["env"] in ("dev", "staging", "prd")

Parentheses for Grouping

Parentheses can be used to group conditions and define precedence:

(resource_tag["env"] = "prd" and resource_type = "database") or (resource_tag["env"] = "staging")

Best Practices

  1. Be Specific: Use precise fields and values to narrow down your results.

  2. Combine Conditions: Leverage and, or, and parentheses for complex queries.

  3. Use Tags Effectively: Tags like resource_tag and permission_tag are powerful for categorizing and filtering.

  4. Test Incrementally: Start with simple queries and build complexity as needed.

Troubleshooting

  1. Invalid Syntax: Ensure your query follows the grammar rules, including proper use of quotes and parentheses.

  2. No Results: Verify the field names and values are correct.

  3. Unexpected Results: Check operator precedence and use parentheses to clarify.

Last updated

Was this helpful?