Graph database search query construction in VMware Tanzu Platform hub
You can create search queries of the graph database in Tanzu Platform hub to locate particular resources you can work with in Tanzu Platform hub.
Select one or more resource types by provider
Supported providers include:
- AWS
- Azure
- Kubernetes
Property conditions
Your resource configurations are stored as properties and values of the resource object. For example, running EC2 instances have a property StateName with value running.
To locate resources with specific configurations, you can use the following property conditions.
| Condition | Syntax | Description |
|---|---|---|
| property with a value | pname = pvalue | Property with name pname has value equal to pvalue. |
| property different than a value | pname != pvalue | Property with name pname has value different than pvalue. |
| property exists | pn(pname) or propertyName(pname) | There is a property with name pname. |
| property value exists | pv(pvalue) or propertyValue(pvalue) | There is a property with value pvalue. |
To apply the property conditions in your searches, use the following operators.
The operators are case-insensitive. The operator HAS and has might both be used.
| Operator | Usage |
|---|---|
| HAS | Apply one or more conditions to a resource type. |
| AND | Group conditions when all of them must be satisfied. |
| OR | Group conditions when at least one of them must be satisfied. |
| NOT | Reverse a condition. |
| () | Specify the order in which conditions are evaluated. |
| Query | Description |
|---|---|
| Azure.Compute.VirtualMachine has PowerState = PowerState/running | Running Azure VMs. |
| AWS.EC2.Instance has region = us-east-2 and pn(PublicIpAddress) | EC2 Instances from region us-east-2 with Public IP address set. |
| region = us-east-2 | Any resources from region us-east-2. |
| AWS.EC2.Instance has (region = us-east-2 or region = us-east-1) | EC2 Instances from region us-east-1 or us-east-2. Without parenthesis retrieve all resources from us-east-2. |
Tag condition
The tags you configure in your cloud provider can be accessed with the tag prefix. For example, use tag.createdBy to access the tag with name createdBy.
To locate resources by tag, you specify the following tag conditions.
| Condition | Syntax | Description |
|---|---|---|
| tag with a value | tag.tagname = tagvalue | Tag with name tagname has value equal to tagvalue. |
| tag different than a value | tag.tagname != tagvalue | Tag with name tagname has value different than tagvalue. |
| tag exists | tag.tagname | There is a tag with name tagname. |
| tag value exists | tag = tagvalue | There is a tag with value tagvalue. |
Tag conditions are applied using the same operators as property conditions and can be mixed and matched with property conditions.
| Tag| Description| |–|–| |Azure.Compute.VirtualMachine has PowerState = PowerState/running and tag.createdBy = Engineering|Running Azure VMs created by engineering.| |AWS.EC2.Instance has region = us-east-2 and not tag.Owner|EC2 Instances from region us-east-2 without an owner tag.|
Comparison operators with date and time functions
Comparison operators (<=, <, >, =>) are available for integer and datetime properties. In addition, some special date and time functions are available to construct dates easily.
| Syntax | Description |
|---|---|
| hoursAgo(n) | Returns the time n hours earlier than now. |
| daysAgo(n) | Returns the time n days earlier than now. |
| monthsAgo(n) | Returns the time n months earlier than now. |
| yearsAgo(n) | Returns the time n years earlier than now. |
| Query | Description |
|---|---|
| AWS.EC2.Instance has CpuCoreCount >= 4 | EC2 Instances with 4 CPU cores or more. |
| AWS.IAM.AccessKey HAS AccessKeyLastUsedDate < 2021-01-01 | Access keys last used earlier than Jan 1st 2021. |
| AWS.IAM.AccessKey HAS AccessKeyLastUsedDate < monthsAgo(6) | Access keys last used earlier than six months ago. |
Wildcards
To find resource matching a pattern, use the wildcard operator * (asterisk) in your query to match any string. You can use the operator in property names, property values, tag names, and tag values.
If you must search for the asterisk symbol as a value in a query, surround the string in double quotes to avoid the symbol having any special meaning. If the string itself contains double quotes, escape them with a backslash.
| Statement type | Syntax | Description |
|---|---|---|
| begins with | abc* | Begins with “abc” |
| ends with | *abc | Ends with “abc” |
| begins and ends | abc*xyz | Begins with “abc” and ends with “xyz” |
| Query | Description |
|---|---|
| AWS.EC2.Instance has PrivateIpAddress = 10.0.1.* | EC2 Instances from the 10.0.1.x subnet. |
| AWS.IAM.PolicyStatement HAS Principal = {“Federated”:*} | PolicyStatement with principal property starting with {“Federated”: |
| Query | Description |
|---|---|
| AWS.IAM.PolicyStatement HAS Action = “*” | Policy statement valid for all actions. |
| AWS.IAM.PolicyStatement HAS Principal = “{"AWS":"*"}” | Policy statement with Principal equal to {“AWS”:“*”}. |
Search for related resources
To find related resources use the relationship operator -> to search for relationships between two sets of resources. To locate resources that are not related, use the inverted relationship operator !->.
| Query | Description |
|---|---|
| AWS.EC2.Instance has region=us-east-1 -> AWS.EC2.Volume HAS Encrypted = false | EC2 Instances with unencrypted Volumes. |
| AWS.EC2.Volume !-> AWS.EC2.Instance | Volumes that are not attached to an EC2 instance. |
Count search results
To count the results of a search, add count(pname) at the end of the search query. This type of aggregation is supported for queries that don’t include the relationship operator.
| Query | Description |
|---|---|
| AWS.EC2.Instance HAS StateName=Running and pn(PublicIpAddress) count(region) | Running EC2 Instances with a public IP address by region. |
| Azure.Compute.VirtualMachine has PowerState = PowerState/running count(ResourceGroup) | Running Azure VMs counted by resource group. |
| GCP.Compute.Instance HAS pn(ExternalIPAddresses) count(region) | GCP Compute instances with external IP by region. |
Double quotes syntax rules
The usage of double quotes around strings is optional in most cases. However, you must enter double quotes if the string contains special characters that might cause ambiguity during parsing.
| Query | Description |
|---|---|
| tag.Project = Stardeck | Equivalent to tag.Project = “Stardeck”. Double quotes are not required. |
| tag.Project = “Stardeck(1)” | Double quotes are required because of the brackets. Otherwise the query is invalid. |
| tag.Description = “This is a description with spaces” | Double quotes are required because of the spaces. |
| tag.Description = “This is a description with spaces and special characters !@#$%^&*()_+[]” | Double quotes are required so that each of the special characters is interpreted literally. |
| tag.Description = “This is a description with spaces and "quotes"” | Double quotes are required and the quotes must be escaped with a backslash. |
Parent topic:Locating particular resources in VMware Tanzu Platform hub
