Skip to main content

Querying Use Cases

The Configuration Query Language (CQL) in Mantis provides powerful capabilities for analyzing and managing your infrastructure configurations. Here are key use cases where CQL proves invaluable:

Resource Management

Resource Consumption Analysis

Track high-resource consumers across your infrastructure:

from: "service[string]"
select: ["resources", "namespace"]
where: {
"namespace": "production"
"resources.requests.memory": "^[1-9][0-9]*Gi$" // High memory requests
}

Resource Misconfiguration Detection

Identify potential resource misconfigurations:

from: "service[string]"
select: ["resources"]
where: {
"resources.requests.cpu": "^[0-9]*m$" // CPU in millicores
"resources.limits.cpu": "^[1-9][0-9]*$" // High CPU limit
}

High Availability Verification

Ensure proper replica placement and redundancy:

from: "service[string]"
select: ["topology"]
where: {
"node": ".*-zone-a" // Check zone placement
"replicas": "^[1-9][0-9]*$" // Multiple replicas
}

Change Impact Analysis

Dependency Tracking

Find resources depending on specific components:

from: "resource[string]"
select: ["*"]
where: {
"depends_on": ".*redis-cache.*" // Find Redis dependencies
}

Configuration Drift Detection

Compare configurations across environments:

from: "service[string]"
select: [
"name",
"replicas",
"env"
]
where: {
"replicas": "3" // Expected replica count
}

Resource Ownership and Management

Track resources by team or application:

from: "service[string]"
select: ["metadata"]
where: {
"metadata.labels.app": "frontend"
"metadata.labels.team": "platform"
}

Security Remediation

Immediate Threat Assessment

Problem: When security threats are detected, engineers need to quickly assess infrastructure for misconfigurations or vulnerable resources.

Solution: CQL enables rapid querying of security-related configurations:

from: "service[string]"
select: ["name", "securityGroup", "publicAccess"]
where: {
"publicAccess": "true"
}

This query identifies all services with public access enabled, providing immediate visibility into potential exposure points.

Misconfiguration Detection and Validation

Problem: Security vulnerabilities often stem from misconfigurations like overly permissive IAM roles.

Solution: Use CQL to validate configurations against security policies:

from: "iamRole[string]"
select: ["name", "permissions"]
where: {
"permissions": ".*admin.*"
}

Key Benefits

  1. Enhanced Security: Quickly identify potential security risks and vulnerabilities
  2. Resource Optimization: Track and optimize resource usage across your infrastructure
  3. Change Management: Assess the impact of changes before implementation
  4. Compliance: Ensure configurations meet organizational standards
  5. Operational Efficiency: Streamline infrastructure management tasks

Best Practices

  1. Use consistent naming patterns for resources
  2. Include comprehensive metadata in resource definitions
  3. Document dependencies explicitly
  4. Tag resources with ownership and criticality information
  5. Regularly audit configurations using CQL queries