feat: Auto-inject platform destination on sync via cqpd_ session mint#22945
Draft
disq wants to merge 11 commits into
Draft
feat: Auto-inject platform destination on sync via cqpd_ session mint#22945disq wants to merge 11 commits into
disq wants to merge 11 commits into
Conversation
erezrokah
approved these changes
Jun 12, 2026
…on cloud runs The injected destination sets SyncSummary, but destsWantSummary/needSummary and the otel receiver were decided before injection ran — when platform was the only summary-wanting destination, the receiver never started and DurationsPerTableMs arrived empty. Hoist auth + injection above that block. Also skip injection under env.IsCloud(): cloud-run syncs compose their spec server-side.
disq
force-pushed
the
claude/platform-dest-cli-session-mint
branch
from
674ed39 to
96d3f6f
Compare
Source-only specs were rejected with "at least one destination is required" before auto-injection could add the platform destination, because NewSpecReader validated up front. Defer destination validation (NewSpecReaderWithoutValidation + SetDestinationsAndValidate) so it runs after injection. Also: - resolve credentials best-effort inside MaybeInjectDestination so injection works for specs that pull no cloudquery-registry plugin - accept `created` tenants in addition to `active` - use the generated cloudquery-api-go client instead of a hand-rolled HTTP client for tenant discovery and session minting
The injected destination sets sync_group_id, but write_mode defaulted to overwrite-delete-stale (the WriteMode zero value), which the validator rejects. Set write_mode: append explicitly.
The minted session returns the bare tenant host, but the destination's /external-syncs/* endpoints are served under /api. Append /api to the api_url passed to the plugin.
Auto-injection no longer overwrites a user-defined `platform` destination; it now errors so the reserved name collision is surfaced instead of silently replacing the user's block. Also strip verbose comments.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
On
cloudquery sync, discover the team's active platform tenant via cloud, mint a tenant-scopedcqpd_token throughPOST /platform-destination/session, and inject aplatformdestination wired to every source — the cloud credential never reaches the plugin, and any failure falls through to a normal sync. Pairs with cloudquery/platform#2727 and cloudquery/cloud#8571.