Apono Query Langauge

Customer Documentation: Apono Query Language

Welcome to the Apono Query Language (AQL) documentation! This guide explains how to use the query language to filter, search, and manage resources effectively within the Apono platform.

Overview

The Apono Query Language (AQL) provides a simple and intuitive syntax for querying resources, integrations, permissions, and more. It supports various operators and field types to allow precise and flexible querying capabilities.

Syntax Basics

A query consists of a field, an operator, and a value. For example:

resource_tag["env"] = "prd"

• Field: Specifies the attribute or tag to query (e.g., resource_tag["env"]).

• Operator: Defines the condition (e.g., = for equality).

• Value: The expected value for the field (e.g., "prd").

Supported Fields

ID Fields

These fields represent core resource attributes:

• resource_type

• integration

• resource

• resource_status

• resource_risk_level

• permission

• permission_risk_level

Name Fields

These fields support detailed matching based on names and tags:

• integration_name

• resource_name

• permission_name

• resource_tag["<key>"]

• resource_context["<key>"]

• permission_tag["<key>"]

• permission_context["<key>"]

Operators

Equality Operators

• =: Equals

• !=: Not Equals

Substring Operators

• contains: Field contains the specified value.

• not_contains: Field does not contain the specified value.

• starts_with: Field starts with the specified value.

• ends_with: Field ends with the specified value.

Set Operators

• in: Field matches any value in a list.

• not_in: Field does not match any value in a list.

Logical Operators

• and / AND: Combine multiple conditions (all must be true).

• or / OR: Combine multiple conditions (any can be true).

• not / NOT: Negate a condition.

Examples

Basic Queries

1. Filter resources tagged with env as prd:

   Copy

   resource_tag["env"] = "prd"

2. Find resources with the type database:

   Copy

   resource_type = "database"

3. Exclude resources tagged as test:

   Copy

   resource_tag["env"] != "test"

Complex Queries

1. Resources with env as prd and type database:

   Copy

   resource_tag["env"] = "prd" and resource_type = "database"

2. Permissions containing admin in their name or tagged with critical:

   Copy

   permission_name contains "admin" or permission_tag["level"] = "critical"

3. Negating conditions:

   Copy

   not resource_tag["env"] = "prd"

4. Using a list of values:

   Copy

   resource_tag["env"] in ("dev", "staging", "prd")

Parentheses for Grouping

Parentheses can be used to group conditions and define precedence:

(resource_tag["env"] = "prd" and resource_type = "database") or (resource_tag["env"] = "staging")

Best Practices

1. Be Specific: Use precise fields and values to narrow down your results.

2. Combine Conditions: Leverage and, or, and parentheses for complex queries.

3. Use Tags Effectively: Tags like resource_tag and permission_tag are powerful for categorizing and filtering.

4. Test Incrementally: Start with simple queries and build complexity as needed.

Troubleshooting

1. Invalid Syntax: Ensure your query follows the grammar rules, including proper use of quotes and parentheses.

2. No Results: Verify the field names and values are correct.

3. Unexpected Results: Check operator precedence and use parentheses to clarify.