Skip to main content

6 posts tagged with "provider"

View All Tags

Cloudflare Provider - May 2026

· 2 min read
Jeffrey Aven
Technologist and Cloud Consultant

We've released the latest version of the StackQL Cloudflare provider, including the full Cloudflare V4 API surface under SQL with 108 services, 1259 resources, and 2840 operations.

Service highlights

Key services in this release include:

ServiceResourcesOperationsWhat it covers
zero_trust155427Access apps, gateway, tunnels, identity providers, device posture
radar266273Internet measurement: BGP, traffic, attacks, AS info, quality
cloudforce_one56130Threat intel: requests, priorities, scans, threat events
ai114116Workers AI inference across 100+ models
workers39107Scripts, deployments, KV, Durable Objects, queues, cron triggers
magic_transit2190Magic WAN: sites, connectors, GRE/IPsec tunnels, routes
zones2664Zone lifecycle, settings, SSL/TLS, page rules, custom hostnames
realtime_kit2763RealtimeKit meetings, sessions, recordings, presets
dns1958DNS records, zone transfers, firewall, analytics
load_balancers1254Pools, monitors, regions, search
aisearch2048AI Search indexes, ingest jobs, models
email_security1547Area 1: alerts, allow/block policies, investigation
firewall1047WAF rules, packages, lockdowns, access rules, UA rules
streams1347Stream video uploads, live inputs, signed URLs, captions
api_gateway1743API discovery, schemas, operations, settings
r21742Buckets, lifecycle, CORS, custom domains, event notifications

Authentication

Authenticate with a Cloudflare API token via the CLOUDFLARE_API_TOKEN environment variable:

export CLOUDFLARE_API_TOKEN=...

Example queries

List your zones:

SELECT id, name, status, plan
FROM cloudflare.zones.zones
WHERE account_id = '<account_id>';

Inspect Workers scripts in an account:

SELECT id, modified_on, usage_model
FROM cloudflare.workers.scripts
WHERE account_id = '<account_id>';

List DNS records for a zone:

SELECT name, type, content, ttl, proxied
FROM cloudflare.dns.records
WHERE zone_id = '<zone_id>';

Pull a Radar BGP summary:

SELECT *
FROM cloudflare.radar.bgp_routes_stats;

Binary and non-JSON responses

A number of Cloudflare endpoints return binary or plain-text payloads - PDF LOAs, PNG screenshots, raw script source, CSV exports. The provider wraps these as a one-row table with a contents column so they're still SELECT-able:

SELECT contents
FROM cloudflare.browser_rendering.screenshot
WHERE account_id = '<account_id>' AND data__url = 'https://example.com';

Get started

Pull the provider from the public registry:

registry pull cloudflare

Then start querying. Let us know what you build. Star us on GitHub.

Confluent Provider Update - May 2026

· 2 min read
Jeffrey Aven
Technologist and Cloud Consultant

We've released an update to the StackQL Confluent provider adding eight new services and 40 additional resources across existing services.

New Services

The eight new services added in this update are:

ServiceDescription
cclCustom Code Logging - manage log topics that capture stdout/stderr and worker process logs from custom connectors running in Confluent Cloud
ccpmCustom Connect Plugin Management - upload, version, and manage custom connector plugins at the environment level, including plugin version resources for JAR/ZIP artifacts
endpointsManage PrivateLink access points and private network endpoints used to reach Confluent Cloud clusters and serverless products over private networking
pipelinesManage Stream Designer pipelines - the visual SQL/ksqlDB pipeline builder for connecting sources, transforms, and sinks across Kafka topics
share_groupManage Kafka share groups (KIP-932 / Queues for Kafka), which provide queue-like consumption semantics with per-message acknowledgement and consumer parallelism beyond partition count
streams_groupManage Kafka Streams groups - the broker-side coordination resource for Kafka Streams applications introduced alongside the next-generation consumer rebalance protocol
tableflowMaterialize Kafka topics as Apache Iceberg or Delta Lake tables, including catalog integrations, storage configuration, and table maintenance settings
usmUnified Stream Manager - register and govern self-managed Confluent Platform clusters from Confluent Cloud, including agent deployment and hybrid cluster monitoring

Updates

This release also adds 40 additional resources across existing services, expanding coverage for:

  • kafka - additional cluster configuration and topic-level resources
  • connect - new connector status, offset, and task management resources
  • flink - expanded coverage for Flink statements, compute pools, and artifacts
  • iam - new resources for service accounts, identity providers, and role bindings
  • networking - additional resources for transit gateways, peerings, and DNS forwarders
  • schema_registry - new resources for schema exporters, modes, and compatibility
  • billing - new cost and usage resources
  • metrics - additional query and descriptor resources

Get Started

Pull the latest Confluent provider:

stackql registry pull confluent

Visit us on GitHub and let us know how you're using it.

GitHub Provider Update - April 2026

· 3 min read
Jeffrey Aven
Technologist and Cloud Consultant

We've released an update to the StackQL GitHub provider adding new services and expanding coverage across several existing ones.

New Services

Some of the newly added services of note include:

agent_tasks

The agent_tasks service exposes GitHub's AI agent task API, allowing you to query and manage agent task runs within a repository. Resources include:

ResourceDescription
agent_tasksList, get, and manage agent task runs scoped to a repository
agent_task_stepsRetrieve individual step-level detail for an agent task run
agent_task_labelsManage labels assigned to agent tasks

This covers the audit and observability side of AI agent operations in GitHub - useful for tracking what agent tasks have run, their status, and step-level output.

campaigns

The campaigns service covers GitHub's security campaign management, part of GitHub Advanced Security. Resources include:

ResourceDescription
campaignsCreate, list, get, update, and close security campaigns scoped to an organization
campaign_repositoriesList repositories participating in a campaign

Security campaigns let you coordinate remediation of code scanning or secret scanning alerts across an org. This service lets you query campaign state and participation programmatically.

classroom

The classroom service brings GitHub Classroom into StackQL. Resources include:

ResourceDescription
classroomsList and get classrooms accessible to the authenticated user
assignmentsList and get assignments within a classroom
accepted_assignmentsQuery student-accepted assignment repositories
assignment_gradesRetrieve grade data for accepted assignments

This is useful for institutions managing GitHub Classroom at scale - querying assignment completion or generating reports across multiple classrooms.

hosted_compute

The hosted_compute service covers GitHub's hosted compute networking resources, relevant to organizations using GitHub-hosted runners with custom network configurations. Resources include:

ResourceDescription
hosted_compute_networksManage hosted compute network configurations at the org level
hosted_compute_network_settingsQuery and update settings for a hosted compute network

This is relevant if you're using GitHub's hosted compute with Azure private networking or similar integrations.

private_registries

The private_registries service exposes org-level private registry configurations - credentials and settings stored in GitHub for use by Actions workflows. Resources include:

ResourceDescription
org_private_registriesList, get, create, update, and delete private registry configurations for an organization

This allows you to audit which private registries (npm, Docker Hub, Maven, etc.) are configured at the org level without going through the GitHub UI.

enterprise_teams

The enterprise_teams service provides enterprise-scoped team management, distinct from org-level teams. Resources include:

ResourceDescription
enterprise_teamsList and get teams at the enterprise level
enterprise_team_membersQuery membership for enterprise teams

This is useful for enterprises managing teams that span multiple organizations.

Updates

Notable updates to existing services include:

actions

New resources added to the actions service:

  • hosted_runners - query and manage GitHub-hosted runner configurations at the org or repo level
  • runner_group_network_configurations - network config details for runner groups

orgs

  • New org_roles and org_role_assignments resources for querying custom org role definitions and their assignments

repos

  • New repo_rules_suites resource for querying rule suite evaluation history (useful for auditing branch protection rule evaluations)

Get Started

Pull the latest GitHub provider:

stackql registry pull github

Visit us on GitHub and let us know how you're using it.

New Databricks Providers for StackQL Released

· 2 min read
Jeffrey Aven
Technologist and Cloud Consultant

Updated StackQL providers for Databricks are now available: databricks_account and databricks_workspace, giving you SQL access to the full Databricks control plane across account-level and workspace-level operations.

Provider Structure

The following updated providers are available:

ProviderScopeServices
databricks_accountAccount8
databricks_workspaceWorkspace26

Coverage

There are over 30 services, 300+ resources, and 983 operations spanning IAM, compute, catalog, billing, jobs, ML, serving, sharing, vector search, and more.

Example Queries

List workspaces in an account

SELECT
  workspace_id,
  workspace_name,
  workspace_status,
  aws_region,
  compute_mode,
  deployment_name,
  datetime(creation_time/1000, 'unixepoch') as creation_date_time
FROM databricks_account.provisioning.workspaces
WHERE account_id = 'ebfcc5a9-9d49-4c93-b651-b3ee6cf1c9ce';

Query account users and roles

SELECT
  id as user_id,
  displayName as display_name,
  userName as user_name,
  active,
  IIF(JSON_EXTRACT(roles,'$[0].value') = 'account_admin', 'true', 'false') as is_account_admin
FROM databricks_account.iam.account_users
WHERE account_id = 'ebfcc5a9-9d49-4c93-b651-b3ee6cf1c9ce';

List catalogs in a workspace

SELECT
  full_name,
  catalog_type,
  comment,
  datetime(created_at/1000, 'unixepoch') as created_at,
  created_by,
  datetime(updated_at/1000, 'unixepoch') as updated_at,
  updated_by,
  enable_predictive_optimization
FROM databricks_workspace.catalog.catalogs
WHERE deployment_name = 'dbc-36ff48e3-4a69';

Download billable usage to CSV

This one is worth calling out. You can pull billable usage data for a given period and write it straight to a CSV file:

./stackql exec \
  -o text \
  --hideheaders \
  -f billable_usage.csv \
  "SELECT contents
  FROM databricks_account.billing.billable_usage
  WHERE start_month = '2025-12'
  AND end_month = '2026-01'
  AND account_id = 'your-account-id'"

Authentication

Both providers authenticate using OAuth2 with a Databricks service principal. Set the following environment variables:

export DATABRICKS_ACCOUNT_ID="your-account-id"
export DATABRICKS_CLIENT_ID="your-client-id"
export DATABRICKS_CLIENT_SECRET="your-client-secret"

These are the same variables used by Terraform, the Databricks SDKs, and the Databricks CLI.

Get Started

Pull the providers:

registry pull databricks_account;
registry pull databricks_workspace;

Start querying via the shell or exec:

SELECT * FROM databricks_account.iam.account_groups WHERE account_id = 'your-account-id';

Full documentation is available at databricks-account-provider.stackql.io and databricks-workspace-provider.stackql.io. Let us know what you think on GitHub.

New Dedicated AWS Cloud Control Provider Released

· 2 min read
Jeffrey Aven
Technologist and Cloud Consultant

We've released a new dedicated StackQL AWS Cloud Control provider, providing full CRUDL operations across AWS services via the Cloud Control API including purpose-built resource definitions leveraging Cloud Control's consistent schema.

Resource Naming Convention

Resources follow a clear pattern to differentiate operations:

Resource PatternOperationsUse Case
{resource} (e.g., s3.buckets)SELECT, INSERT, UPDATE, DELETEFull CRUD with complete resource properties
{resource}_list_only (e.g., s3.buckets_list_only)SELECTFast enumeration of resource identifiers

This separation means listing thousands of resources won't trigger rate limits from individual GET calls:

-- Fast enumeration (list operation only)
SELECT bucket_name 
FROM awscc.s3.buckets_list_only 
WHERE region = 'us-east-1';

-- Full resource details (get operation)
SELECT * 
FROM awscc.s3.buckets 
WHERE region = 'us-east-1' 
AND data__Identifier = 'my-bucket';

Provider Coverage

The awscc provider includes:

  • 237 services and 2371 resources covering the breadth of AWS
  • Full CRUDL support for all Cloud Control compatible resources
  • Consistent schema derived from AWS CloudFormation resource specifications

Example Operations

Create an S3 Bucket

INSERT INTO awscc.s3.buckets (
  BucketName,
  region
)
SELECT 
  'my-new-bucket',
  'us-east-1';

Query EC2 Instances

SELECT 
  instance_id,
  instance_type,
  tags
FROM awscc.ec2.instances
WHERE region = 'ap-southeast-2'
AND data__Identifier = 'i-1234567890abcdef0';

Delete a Resource

DELETE FROM awscc.lambda.functions
WHERE data__Identifier = 'my-function'
AND region = 'us-east-1';

Enhanced Documentation

The provider documentation at awscc.stackql.io now features:

  • Interactive schema explorer with expandable nested property trees
  • Complete field documentation including complex object structures
  • Ready-to-use SQL examples for SELECT, INSERT, and DELETE operations
  • IAM permissions reference for each resource operation

Get Started

Pull the new provider:

stackql registry pull awscc

Query your AWS resources:

stackql shell
>> SELECT region, bucket_name FROM awscc.s3.buckets_list_only WHERE region = 'us-east-1';

Let us know your thoughts! Visit us and give us a star on GitHub.