Skip to content

Add cloud service query for HTTP SQL execution (stacked on #120)#121

Closed
sdairs wants to merge 1 commit into
issue-48-debug-auth-sourcefrom
issue-115-cloud-service-query
Closed

Add cloud service query for HTTP SQL execution (stacked on #120)#121
sdairs wants to merge 1 commit into
issue-48-debug-auth-sourcefrom
issue-115-cloud-service-query

Conversation

@sdairs
Copy link
Copy Markdown
Collaborator

@sdairs sdairs commented Apr 16, 2026

Summary

Closes #115. Stacked on #120 (issue-48-debug-auth-source) — rebase/merge that first.

New clickhousectl cloud service query subcommand that executes SQL against a cloud service over HTTP via queries.clickhouse.cloud, reusing whatever credentials are already configured. No local clickhouse binary and no service password required.

  • --query / --queries-file / stdin for SQL input
  • --database selects the target database
  • --format overrides output format (defaults to PrettyCompact on a TTY, TabSeparated when piped)
  • Response body is streamed straight to stdout

OAuth JWT works here the same as an API key (matches the sample curl in the issue), so the command is classified read-only for the OAuth write-gate — the SQL's own semantics are enforced on the ClickHouse side.

Library change

Adds Client::authenticated_request in clickhouse-cloud-api so CloudClient can reuse the same auth/http for adjacent hosts. No generated-code changes.

Not in this PR

Leaving cloud service client in place for now — issue 115 calls this out as a "much better approach" that eventually replaces it, but removal is a follow-up.

Test plan

  • cargo test --workspace passes (209 tests, +2 new for RunQueryRequest serialization)
  • cargo build clean, cargo clippy clean on changed crates
  • cloud service query --help renders and matches the feedback_agent_context_help memory (CONTEXT FOR AGENTS adds non-obvious context only)
  • Manual: cloud service query --name <svc> --query "SELECT 1" hits queries.clickhouse.cloud with OAuth JWT
  • Manual: same command with API key auth works
  • Manual: piping SQL on stdin works; redirecting stdout picks TabSeparated

🤖 Generated with Claude Code

@sdairs @claude
Add cloud service query for HTTP SQL execution
d05fed1 
New subcommand that runs SQL against a cloud service via the
queries.clickhouse.cloud endpoint, reusing whatever credentials are
already configured (API key or OAuth JWT). Unlike `cloud service
client` this needs no local clickhouse binary and no password — the
query endpoint authorizes via the cloud credential directly.

Adds `authenticated_request` to the library client so the extra-host
call can share auth with the main API without duplicating the creds.

Refs #115

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@sdairs sdairs requested a review from iskakaushik as a code owner April 16, 2026 17:41
@sdairs sdairs temporarily deployed to cloud-integration April 16, 2026 17:41 — with GitHub Actions Inactive
@sdairs
Copy link
Copy Markdown
Collaborator Author

sdairs commented Apr 16, 2026

Closing to restart the implementation cleanly \u2014 will reopen once rewritten.

@sdairs sdairs closed this Apr 16, 2026
@sdairs sdairs deleted the issue-115-cloud-service-query branch April 16, 2026 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iskakaushik iskakaushik Awaiting requested review from iskakaushik iskakaushik is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sdairs