Querying Use Cases

The Configuration Query Language (CQL) in Mantis provides powerful capabilities for analyzing and managing your infrastructure configurations. Here are key use cases where CQL proves invaluable:

Resource Management

Resource Consumption Analysis

Track high-resource consumers across your infrastructure:

from: "service[string]"
select: ["resources", "namespace"]
where: {
    "namespace": "production"
    "resources.requests.memory": "^[1-9][0-9]*Gi$"  // High memory requests
}

Resource Misconfiguration Detection

Identify potential resource misconfigurations:

from: "service[string]"
select: ["resources"]
where: {
    "resources.requests.cpu": "^[0-9]*m$"      // CPU in millicores
    "resources.limits.cpu": "^[1-9][0-9]*$"    // High CPU limit
}

High Availability Verification

Ensure proper replica placement and redundancy:

from: "service[string]"
select: ["topology"]
where: {
    "node": ".*-zone-a"              // Check zone placement
    "replicas": "^[1-9][0-9]*$"      // Multiple replicas
}

Change Impact Analysis

Dependency Tracking

Find resources depending on specific components:

from: "resource[string]"
select: ["*"]
where: {
    "depends_on": ".*redis-cache.*"  // Find Redis dependencies
}

Configuration Drift Detection

Compare configurations across environments:

from: "service[string]"
select: [
    "name",
    "replicas",
    "env"
]
where: {
    "replicas": "3"   // Expected replica count
}

Resource Ownership and Management

Track resources by team or application:

from: "service[string]"
select: ["metadata"]
where: {
    "metadata.labels.app": "frontend"
    "metadata.labels.team": "platform"
}

Security Remediation

Immediate Threat Assessment

Problem: When security threats are detected, engineers need to quickly assess infrastructure for misconfigurations or vulnerable resources.

Solution: CQL enables rapid querying of security-related configurations:

from: "service[string]"
select: ["name", "securityGroup", "publicAccess"]
where: {
    "publicAccess": "true"
}

This query identifies all services with public access enabled, providing immediate visibility into potential exposure points.

Misconfiguration Detection and Validation

Problem: Security vulnerabilities often stem from misconfigurations like overly permissive IAM roles.

Solution: Use CQL to validate configurations against security policies:

from: "iamRole[string]"
select: ["name", "permissions"]
where: {
    "permissions": ".*admin.*"
}

Key Benefits

Enhanced Security: Quickly identify potential security risks and vulnerabilities
Resource Optimization: Track and optimize resource usage across your infrastructure
Change Management: Assess the impact of changes before implementation
Compliance: Ensure configurations meet organizational standards
Operational Efficiency: Streamline infrastructure management tasks

Best Practices

Use consistent naming patterns for resources
Include comprehensive metadata in resource definitions
Document dependencies explicitly
Tag resources with ownership and criticality information
Regularly audit configurations using CQL queries

Resource Management​

Resource Consumption Analysis​

Resource Misconfiguration Detection​

High Availability Verification​

Change Impact Analysis​

Dependency Tracking​

Configuration Drift Detection​

Resource Ownership and Management​

Security Remediation​

Immediate Threat Assessment​

Misconfiguration Detection and Validation​

Key Benefits​

Best Practices​