JQ is a lightweight, flexible command-line JSON processor. We leverage JQ within CQL to enable users to perform complex queries. JQ also works with queries on yaml files. For instance:
jq(custom("foo"), ".property | length")
The above query would cycle through the foo object and retrieve the length of all .property components. This type of query is often used on Kubernetes resources.
If you wanted to write a CQL rule that states, "all Kubernetes deployments must have a desired replica count > 0 except 'dev-cluster,'" you would write:
jq(k8s.spec, "jq script to filter out dev cluster and assert something on the rest")
JQ and datatypes
JQ can provide additional flexibility around datatypes. For instance, if you had a string which was associated with a numerical value in your Custom Data.
If you wanted to query on the
line value as a number rather than string, the following JQ functionality could be used within CQL.
jq(custom("my-key"), ".line | tonumber") > 99
This would result in the respective service passing this CQL check.