Operations

Welcome to the heart of the Compliance Engine—its operations. Operations are the declarative building blocks you will use in logic.yaml files to define how the engine evaluates your cloud resources. They are designed to be expressive, readable, and powerful, enabling you to translate complex compliance requirements into clear, maintainable logic.

This documentation is structured to help you quickly find the information you need. Below, you will find a categorized list of all available operations. Each operation links to a dedicated page with detailed syntax, examples, and direct links to its unit tests.

Foundational Concepts

Before diving into specific operations, it is highly recommended to understand the two core concepts that underpin all policy logic:

• The Type System: The Compliance Engine uses a specialized set of data types (Text, Bytes, Number, Set, etc.). Understanding their unique behaviors—especially how they handle comparisons, case sensitivity, and empty values—is essential for writing accurate policies.
• Object Relationships: Policies often need to evaluate data from related resources (e.g., checking the rules of a security group attached to an instance). This guide explains how to navigate these connections using lookup fields and related lists.

Operations Quick Reference

Operations are grouped by their primary function to help you find the right tool for the job.

Operation Name	Return Type(s)	Description
Data Access
FIELD	Text, Bytes, Number, DateTime	Accesses a raw field value from a CMDB object. Best used during development or within extracts.
EXTRACT	Any	Retrieves a pre-defined, safe-to-use value via a reusable extract. Recommended for production logic.
Lookup Validation
IS_EMPTY_LOOKUP	Boolean	Checks if a lookup relationship path is broken or incomplete.
NOT_EMPTY_LOOKUP	Boolean	Ensures a lookup relationship path is fully resolved.
Constants
TEXT	Text	Creates a case-insensitive, whitespace-normalized text constant.
BYTES	Bytes	Creates a case-sensitive, whitespace-preserving text constant.
BOOLEAN	Boolean	Creates a true or false constant.
NUMBER	Number	Creates a numeric constant (integer or decimal).
DATE_TIME	DateTime	Creates a specific date-time constant.
LIST	List	Creates an ordered collection that allows duplicates.
SET	Set	Creates an unordered collection of unique items.
JSON	Json	Creates a JSON object constant from YAML.
Type Conversions
BOOLEAN_FROM	Boolean	Converts a string (e.g., "true", "yes", "enabled") into a boolean.
DATE_TIME_FROM	DateTime	Parses a string into a DateTime object.
DURATION_FROM	Duration	Parses a string into a Duration object.
LIST_FROM	List	Splits a string into an ordered List.
SET_FROM	Set	Splits a string into an unordered Set of unique items.
JSON_FROM	Json	Parses a JSON-formatted string into a queryable Json object.
Simple Comparison
IS_EMPTY	Boolean	Checks if a value is empty, null, or whitespace-only.
NOT_EMPTY	Boolean	Checks if a value is not empty.
IS_EQUAL	Boolean	Performs a deep equality check between two values of the same type.
NOT_EQUAL	Boolean	Checks if two values are not equal.
Logical Operators
AND	Boolean	Returns true if all arguments are true.
OR	Boolean	Returns true if at least one argument is true.
NOT	Boolean	Inverts a boolean value.
Search & Substring
CONTAINS	Boolean	Checks if a string contains a substring or a collection contains an element.
CONTAINS_ALL	Boolean	Checks if a target contains all items from a given collection.
CONTAINS_ANY	Boolean	Checks if a target contains at least one item from a given collection.
STARTS_WITH	Boolean	Checks if a string or list starts with a specific value.
ENDS_WITH	Boolean	Checks if a string or list ends with a specific value.
Numerical Comparison
GREATER_THAN	Boolean	left > right
GREATER_THAN_EQUAL	Boolean	left >= right
LESS_THAN	Boolean	left < right
LESS_THAN_EQUAL	Boolean	left <= right
Date & Time
IS_BEFORE_TODAY	Boolean	Checks if a date is in the past.
IS_AFTER_TODAY	Boolean	Checks if a date is in the future.
IS_BEYOND_LAST_DAYS	Boolean	Checks if a date is older than N days ago.
IS_BEYOND_NEXT_DAYS	Boolean	Checks if a date is further out than N days from now.
IS_WITHIN_LAST_DAYS	Boolean	Checks if a date falls within the last N days.
IS_WITHIN_NEXT_DAYS	Boolean	Checks if a date falls within the next N days.
Collection Operations
SIZE	Number	Returns the number of items in a List or Set.
JSON Operations
JSON_QUERY_TEXT	Text	Extracts a Text value from a Json object using a JMESPath query.
JSON_QUERY_BYTES	Bytes	Extracts a Bytes value from a Json object.
JSON_QUERY_BOOLEAN	Boolean	Extracts a Boolean value from a Json object.
JSON_QUERY_NUMBER	Number	Extracts a Number value from a Json object.
Tag Operations
TAG_EXISTS	Boolean	Checks if a tag with a specific name exists.
TAG_VALUE_TEXT	Text	Retrieves a tag's value as a case-insensitive Text.
TAG_VALUE_BYTES	Bytes	Retrieves a tag's value as a case-sensitive Bytes.
Related List Aggregates
RELATED_LIST_HAS	Boolean	Checks if a related list has at least one item with a specific status.
RELATED_LIST_HAS_NO	Boolean	Checks if a related list has no items with a specific status.
RELATED_LIST_COUNT	Number	Counts the number of related items with a specific status.
Provider-Specific
AWS_POLICY_ALLOWS	Boolean	Checks if an AWS IAM policy allows a set of actions at a given access level.
GCP_LOGGING_QUERY_MATCH	Boolean	Checks if a GCP Logging query matches another.
Special & Development
IS_DISAPPEARED	Boolean	Checks if an object has been marked as disappeared from the source.
DEBUG	Any	Prints the value of an operation during execution for debugging.
UNIT_TEST	Boolean	Defines a unit test case within a logic file.
UNIT_TEST_NULL	Any	Generates a null value of a specific type for testing.
UNIT_TEST_RUNTIME_ERROR	Any	Simulates a runtime error for testing failure scenarios.