feat: add sandbox env injection case via cloud control

[KKould]

I hereby agree to the terms of the CLA available at: https://docs.databend.com/dev/policies/cla/

Summary

The previous Resource interface in this PR was relatively simple and limited. It has since been expanded into separate Create / List / Alter / Delete interfaces and renamed to Worker. The syntax design also takes inspiration from CREATE WAREHOUSE (https://docs.databend.com/sql/sql-commands/ddl/warehouse/create-warehouse
), which is conceptually similar to our warehouse abstraction.

As with the earlier Resource design, each Worker corresponds to a single UDF, and the cloud starts the corresponding worker based on the function name.

Originally, ENV was intended to be passed via tags, similar to CREATE WAREHOUSE. However, due to the security risks of transmitting environment variables in plaintext, ENV configuration is now managed by the cloud instead.

example:

CREATE WORKER read_env;
CREATE WORKER IF NOT EXISTS read_env;
CREATE WORKER read_env WITH size='small', auto_suspend='300', auto_resume='true', max_cluster_count='3', min_cluster_count='1';

ALTER WORKER read_env SET size='medium', auto_suspend='600';
ALTER WORKER read_env UNSET size, auto_suspend;
ALTER WORKER read_env SET TAG purpose='sandbox', owner='ci';
ALTER WORKER read_env UNSET TAG purpose, owner;

SHOW WORKERS;

ALTER WORKER read_env SUSPEND;
ALTER WORKER read_env RESUME;

DROP WORKER read_env;
DROP WORKER IF EXISTS read_env;

Tips:
At the moment, the experience of using environment variables in Sandbox UDFs may feel somewhat fragmented. After creating a UDF, users still need to manually configure the environment variables in the cloud, which is an area that could be improved.

Tests

• Unit Test
• Logic Test
• Benchmark Test
• No Test - Explain why

Type of change

• Bug Fix (non-breaking change which fixes an issue)
• New Feature (non-breaking change which adds functionality)
• Breaking Change (fix or feature that could cause existing functionality not to work as expected)
• Documentation Update
• Refactoring
• Performance Improvement
• Other (please describe):

---

This change is 

[KKould]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2b8e258c54

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[github-actions]

🤖 CI Job Analysis (Retry 1)

Workflow: 21890792207

📊 Summary

• Total Jobs: 85
• Failed Jobs: 6
• Retryable: 0
• Code Issues: 6

❌ NO RETRY NEEDED

All failures appear to be code/test issues requiring manual fixes.

🔍 Job Details

• 🚫 linux / sqllogic / stage (s3, http, full_path, small): Cancelled by user
• 🚫 linux / sqllogic / stage (fs, http, full_path, large): Cancelled by user
• 🚫 linux / sqllogic / stage (fs, hybrid, full_path, large): Cancelled by user
• 🚫 linux / sqllogic / stage (s3, hybrid, full_path, large): Cancelled by user
• 🚫 linux / sqllogic / stage (s3, http, sub_path, small): Cancelled by user
• 🚫 linux / sqllogic / stage (s3, hybrid, sub_path, large): Cancelled by user

---

🤖 About

Automated analysis using job annotations to distinguish infrastructure issues (auto-retried) from code/test issues (manual fixes needed).