refactor: split upsert store method

Clarified CODEOWNERS comments and updated owner assignments.

.github/CODEOWNERS

@@ -1,8 +1,6 @@
 # CODEOWNERS info: https://help.github.com/en/articles/about-code-owners
 
-# Owners are automatically requested for review for PRs that changes code
-
-# that they own.
+# Owners are automatically requested for review for PRs that changes code that they own.
 
 /frontend/ @SigNoz/frontend-maintainers
 
@@ -11,8 +9,10 @@
 /frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.json @makeavish
 /frontend/src/container/OnboardingV2Container/AddDataSource/AddDataSource.tsx @makeavish
 
-/deploy/ @SigNoz/devops
-.github @SigNoz/devops
+# CI
+/deploy/ @therealpandey
+.github @therealpandey
+go.mod @therealpandey
 
 # Scaffold Owners
 

.github/workflows/mergequeueci.yaml

@@ -8,6 +8,7 @@ on:
 jobs:
   notify:
     runs-on: ubuntu-latest
+    if: github.event.pull_request.merged == false
     steps:
       - name: alert
         uses: slackapi/slack-github-action@v2.1.1

docs/api/openapi.yml

@@ -2101,6 +2101,17 @@ components:
         role:
           type: string
       type: object
+    TypesPostableAcceptInvite:
+      properties:
+        displayName:
+          type: string
+        password:
+          type: string
+        sourceUrl:
+          type: string
+        token:
+          type: string
+      type: object
     TypesPostableBulkInviteRequest:
       properties:
         invites:
@@ -3279,6 +3290,53 @@ paths:
       tags:
       - global
   /api/v1/invite:
+    get:
+      deprecated: false
+      description: This endpoint lists all invites
+      operationId: ListInvite
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    items:
+                      $ref: '#/components/schemas/TypesInvite'
+                    type: array
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: List invites
+      tags:
+      - users
     post:
       deprecated: false
       description: This endpoint creates an invite for a user
@@ -3341,6 +3399,151 @@ paths:
       summary: Create invite
       tags:
       - users
+  /api/v1/invite/{id}:
+    delete:
+      deprecated: false
+      description: This endpoint deletes an invite by id
+      operationId: DeleteInvite
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Delete invite
+      tags:
+      - users
+  /api/v1/invite/{token}:
+    get:
+      deprecated: false
+      description: This endpoint gets an invite by token
+      operationId: GetInvite
+      parameters:
+      - in: path
+        name: token
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/TypesInvite'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      summary: Get invite
+      tags:
+      - users
+  /api/v1/invite/accept:
+    post:
+      deprecated: false
+      description: This endpoint accepts an invite by token
+      operationId: AcceptInvite
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TypesPostableAcceptInvite'
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/TypesUser'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: Created
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      summary: Accept invite
+      tags:
+      - users
   /api/v1/invite/bulk:
     post:
       deprecated: false

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2511,6 +2511,25 @@ export interface TypesPostableAPIKeyDTO {
 	role?: string;
 }
 
+export interface TypesPostableAcceptInviteDTO {
+	/**
+	 * @type string
+	 */
+	displayName?: string;
+	/**
+	 * @type string
+	 */
+	password?: string;
+	/**
+	 * @type string
+	 */
+	sourceUrl?: string;
+	/**
+	 * @type string
+	 */
+	token?: string;
+}
+
 export interface TypesPostableBulkInviteRequestDTO {
 	/**
 	 * @type array
@@ -3014,6 +3033,17 @@ export type GetGlobalConfig200 = {
 	status: string;
 };
 
+export type ListInvite200 = {
+	/**
+	 * @type array
+	 */
+	data: TypesInviteDTO[];
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type CreateInvite201 = {
 	data: TypesInviteDTO;
 	/**
@@ -3022,6 +3052,28 @@ export type CreateInvite201 = {
 	status: string;
 };
 
+export type DeleteInvitePathParameters = {
+	id: string;
+};
+export type GetInvitePathParameters = {
+	token: string;
+};
+export type GetInvite200 = {
+	data: TypesInviteDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
+export type AcceptInvite201 = {
+	data: TypesUserDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type ListPromotedAndIndexedPaths200 = {
 	/**
 	 * @type array

frontend/src/api/generated/services/users/index.ts

@@ -20,20 +20,26 @@ import { useMutation, useQuery } from 'react-query';
 import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
+	AcceptInvite201,
 	ChangePasswordPathParameters,
 	CreateAPIKey201,
 	CreateInvite201,
+	DeleteInvitePathParameters,
 	DeleteUserPathParameters,
+	GetInvite200,
+	GetInvitePathParameters,
 	GetMyUser200,
 	GetResetPasswordToken200,
 	GetResetPasswordTokenPathParameters,
 	GetUser200,
 	GetUserPathParameters,
 	ListAPIKeys200,
+	ListInvite200,
 	ListUsers200,
 	RenderErrorResponseDTO,
 	RevokeAPIKeyPathParameters,
 	TypesChangePasswordRequestDTO,
+	TypesPostableAcceptInviteDTO,
 	TypesPostableAPIKeyDTO,
 	TypesPostableBulkInviteRequestDTO,
 	TypesPostableForgotPasswordDTO,
@@ -249,6 +255,84 @@ export const invalidateGetResetPasswordToken = async (
 	return queryClient;
 };
 
+/**
+ * This endpoint lists all invites
+ * @summary List invites
+ */
+export const listInvite = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<ListInvite200>({
+		url: `/api/v1/invite`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getListInviteQueryKey = () => {
+	return [`/api/v1/invite`] as const;
+};
+
+export const getListInviteQueryOptions = <
+	TData = Awaited<ReturnType<typeof listInvite>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof listInvite>>, TError, TData>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getListInviteQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof listInvite>>> = ({
+		signal,
+	}) => listInvite(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof listInvite>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type ListInviteQueryResult = NonNullable<
+	Awaited<ReturnType<typeof listInvite>>
+>;
+export type ListInviteQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List invites
+ */
+
+export function useListInvite<
+	TData = Awaited<ReturnType<typeof listInvite>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof listInvite>>, TError, TData>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getListInviteQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary List invites
+ */
+export const invalidateListInvite = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getListInviteQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
 /**
  * This endpoint creates an invite for a user
  * @summary Create invite
@@ -332,6 +416,257 @@ export const useCreateInvite = <
 
 	return useMutation(mutationOptions);
 };
+/**
+ * This endpoint deletes an invite by id
+ * @summary Delete invite
+ */
+export const deleteInvite = ({ id }: DeleteInvitePathParameters) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/invite/${id}`,
+		method: 'DELETE',
+	});
+};
+
+export const getDeleteInviteMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteInvite>>,
+		TError,
+		{ pathParams: DeleteInvitePathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteInvite>>,
+	TError,
+	{ pathParams: DeleteInvitePathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteInvite'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteInvite>>,
+		{ pathParams: DeleteInvitePathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteInvite(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteInviteMutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteInvite>>
+>;
+
+export type DeleteInviteMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete invite
+ */
+export const useDeleteInvite = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteInvite>>,
+		TError,
+		{ pathParams: DeleteInvitePathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteInvite>>,
+	TError,
+	{ pathParams: DeleteInvitePathParameters },
+	TContext
+> => {
+	const mutationOptions = getDeleteInviteMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint gets an invite by token
+ * @summary Get invite
+ */
+export const getInvite = (
+	{ token }: GetInvitePathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetInvite200>({
+		url: `/api/v1/invite/${token}`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetInviteQueryKey = ({ token }: GetInvitePathParameters) => {
+	return [`/api/v1/invite/${token}`] as const;
+};
+
+export const getGetInviteQueryOptions = <
+	TData = Awaited<ReturnType<typeof getInvite>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ token }: GetInvitePathParameters,
+	options?: {
+		query?: UseQueryOptions<Awaited<ReturnType<typeof getInvite>>, TError, TData>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetInviteQueryKey({ token });
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof getInvite>>> = ({
+		signal,
+	}) => getInvite({ token }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!token,
+		...queryOptions,
+	} as UseQueryOptions<Awaited<ReturnType<typeof getInvite>>, TError, TData> & {
+		queryKey: QueryKey;
+	};
+};
+
+export type GetInviteQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getInvite>>
+>;
+export type GetInviteQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get invite
+ */
+
+export function useGetInvite<
+	TData = Awaited<ReturnType<typeof getInvite>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ token }: GetInvitePathParameters,
+	options?: {
+		query?: UseQueryOptions<Awaited<ReturnType<typeof getInvite>>, TError, TData>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetInviteQueryOptions({ token }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get invite
+ */
+export const invalidateGetInvite = async (
+	queryClient: QueryClient,
+	{ token }: GetInvitePathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetInviteQueryKey({ token }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint accepts an invite by token
+ * @summary Accept invite
+ */
+export const acceptInvite = (
+	typesPostableAcceptInviteDTO: BodyType<TypesPostableAcceptInviteDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<AcceptInvite201>({
+		url: `/api/v1/invite/accept`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: typesPostableAcceptInviteDTO,
+		signal,
+	});
+};
+
+export const getAcceptInviteMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof acceptInvite>>,
+		TError,
+		{ data: BodyType<TypesPostableAcceptInviteDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof acceptInvite>>,
+	TError,
+	{ data: BodyType<TypesPostableAcceptInviteDTO> },
+	TContext
+> => {
+	const mutationKey = ['acceptInvite'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof acceptInvite>>,
+		{ data: BodyType<TypesPostableAcceptInviteDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return acceptInvite(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type AcceptInviteMutationResult = NonNullable<
+	Awaited<ReturnType<typeof acceptInvite>>
+>;
+export type AcceptInviteMutationBody = BodyType<TypesPostableAcceptInviteDTO>;
+export type AcceptInviteMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Accept invite
+ */
+export const useAcceptInvite = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof acceptInvite>>,
+		TError,
+		{ data: BodyType<TypesPostableAcceptInviteDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof acceptInvite>>,
+	TError,
+	{ data: BodyType<TypesPostableAcceptInviteDTO> },
+	TContext
+> => {
+	const mutationOptions = getAcceptInviteMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
 /**
  * This endpoint creates a bulk invite for a user
  * @summary Create bulk invite

pkg/apiserver/signozapiserver/user.go

@@ -43,6 +43,74 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v1/invite/{token}", handler.New(provider.authZ.OpenAccess(provider.userHandler.GetInvite), handler.OpenAPIDef{
+		ID:                  "GetInvite",
+		Tags:                []string{"users"},
+		Summary:             "Get invite",
+		Description:         "This endpoint gets an invite by token",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(types.Invite),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{},
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/invite/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.DeleteInvite), handler.OpenAPIDef{
+		ID:                  "DeleteInvite",
+		Tags:                []string{"users"},
+		Summary:             "Delete invite",
+		Description:         "This endpoint deletes an invite by id",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/invite", handler.New(provider.authZ.AdminAccess(provider.userHandler.ListInvite), handler.OpenAPIDef{
+		ID:                  "ListInvite",
+		Tags:                []string{"users"},
+		Summary:             "List invites",
+		Description:         "This endpoint lists all invites",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            make([]*types.Invite, 0),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/invite/accept", handler.New(provider.authZ.OpenAccess(provider.userHandler.AcceptInvite), handler.OpenAPIDef{
+		ID:                  "AcceptInvite",
+		Tags:                []string{"users"},
+		Summary:             "Accept invite",
+		Description:         "This endpoint accepts an invite by token",
+		Request:             new(types.PostableAcceptInvite),
+		RequestContentType:  "application/json",
+		Response:            new(types.User),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{},
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/pats", handler.New(provider.authZ.AdminAccess(provider.userHandler.CreateAPIKey), handler.OpenAPIDef{
 		ID:                  "CreateAPIKey",
 		Tags:                []string{"users"},

pkg/modules/cloudintegration/cloudintegration.go

@@ -0,0 +1,82 @@
+package cloudintegration
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Module interface {
+	// CreateConnectionArtifact generates cloud provider specific connection information,
+	// client side handles how this information is shown
+	CreateConnectionArtifact(
+		ctx context.Context,
+		orgID valuer.UUID,
+		provider cloudintegrationtypes.CloudProviderType,
+		request *cloudintegrationtypes.ConnectionArtifactRequest,
+	) (*cloudintegrationtypes.ConnectionArtifact, error)
+
+	// GetAccountStatus returns agent connection status for a cloud integration account
+	GetAccountStatus(ctx context.Context, orgID, accountID valuer.UUID) (*cloudintegrationtypes.AccountStatus, error)
+
+	// ListConnectedAccounts lists accounts where agent is connected
+	ListConnectedAccounts(ctx context.Context, orgID valuer.UUID) (*cloudintegrationtypes.ConnectedAccounts, error)
+
+	// DisconnectAccount soft deletes/removes a cloud integration account.
+	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID) error
+
+	// UpdateAccountConfig updates the configuration of an existing cloud account for a specific organization.
+	UpdateAccountConfig(
+		ctx context.Context,
+		orgID,
+		accountID valuer.UUID,
+		config *cloudintegrationtypes.UpdateAccountConfigRequest,
+	) (*cloudintegrationtypes.Account, error)
+
+	// ListServicesMetadata returns list of services metadata for a cloud provider attached with the integrationID.
+	// This just returns a summary of the service and not the whole service definition
+	ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) (*cloudintegrationtypes.ServicesMetadata, error)
+
+	// GetService returns service definition details for a serviceID. This returns config and
+	// other details required to show in service details page on web client.
+	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*cloudintegrationtypes.Service, error)
+
+	// UpdateServiceConfig updates cloud integration service config
+	UpdateServiceConfig(
+		ctx context.Context,
+		orgID valuer.UUID,
+		serviceID string,
+		config *cloudintegrationtypes.UpdateServiceConfigRequest,
+	) (*cloudintegrationtypes.UpdateServiceConfigResponse, error)
+
+	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
+	AgentCheckIn(
+		ctx context.Context,
+		orgID valuer.UUID,
+		req *cloudintegrationtypes.AgentCheckInRequest,
+	) (*cloudintegrationtypes.AgentCheckInResponse, error)
+
+	// GetDashboardByID returns dashboard JSON for a given dashboard id.
+	// this only returns the dashboard when the service (embedded in dashboard id) is enabled
+	// in the org for any cloud integration account
+	GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error)
+
+	// GetAllDashboards returns list of dashboards across all connected cloud integration accounts
+	// for enabled services in the org. This list gets added to dashboard list page
+	GetAllDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
+}
+
+type Handler interface {
+	AgentCheckIn(http.ResponseWriter, *http.Request)
+	GenerateConnectionArtifact(http.ResponseWriter, *http.Request)
+	ListConnectedAccounts(http.ResponseWriter, *http.Request)
+	GetAccountStatus(http.ResponseWriter, *http.Request)
+	ListServices(http.ResponseWriter, *http.Request)
+	GetServiceDetails(http.ResponseWriter, *http.Request)
+	UpdateAccountConfig(http.ResponseWriter, *http.Request)
+	UpdateServiceConfig(http.ResponseWriter, *http.Request)
+	DisconnectAccount(http.ResponseWriter, *http.Request)
+}

pkg/modules/cloudintegration/implcloudintegration/store.go

@@ -0,0 +1,152 @@
+package implcloudintegration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type store struct {
+	store sqlstore.SQLStore
+}
+
+func NewStore(sqlStore sqlstore.SQLStore) cloudintegrationtypes.Store {
+	return &store{store: sqlStore}
+}
+
+func (s *store) GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := s.store.BunDB().NewSelect().Model(account).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration account with id %s not found", id)
+	}
+	return account, nil
+}
+
+func (s *store) CreateAccount(ctx context.Context, orgID valuer.UUID, account *cloudintegrationtypes.StorableCloudIntegration) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	now := time.Now()
+	if account.ID.IsZero() {
+		account.ID = valuer.GenerateUUID()
+	}
+	account.OrgID = orgID
+	account.CreatedAt = now
+	account.UpdatedAt = now
+
+	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(account).Exec(ctx)
+	if err != nil {
+		return nil, s.store.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "cloud integration account with id %s already exists", account.ID)
+	}
+
+	return account, nil
+}
+
+func (s *store) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.StorableCloudIntegration) error {
+	account.UpdatedAt = time.Now()
+	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model(account).
+		Where("id = ?", account.ID).
+		Where("org_id = ?", account.OrgID).
+		Where("provider = ?", account.Provider).
+		Exec(ctx)
+	return err
+}
+
+func (s *store) RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
+	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model((*cloudintegrationtypes.StorableCloudIntegration)(nil)).
+		Set("removed_at = ?", time.Now()).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Exec(ctx)
+	return err
+}
+
+func (s *store) GetConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.StorableCloudIntegration, error) {
+	var accounts []*cloudintegrationtypes.StorableCloudIntegration
+	err := s.store.BunDB().NewSelect().Model(&accounts).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("removed_at IS NULL").
+		Where("account_id IS NOT NULL").
+		Where("last_agent_report IS NOT NULL").
+		Order("created_at ASC").
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return accounts, nil
+}
+
+func (s *store) GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, providerAccountID string) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := s.store.BunDB().NewSelect().Model(account).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("account_id = ?", providerAccountID).
+		Where("last_agent_report IS NOT NULL").
+		Where("removed_at IS NULL").
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "connected account with provider account id %s not found", providerAccountID)
+	}
+	return account, nil
+}
+
+func (s *store) GetServiceByType(ctx context.Context, cloudIntegrationID valuer.UUID, serviceType string) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	service := new(cloudintegrationtypes.StorableCloudIntegrationService)
+	err := s.store.BunDB().NewSelect().Model(service).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Where("type = ?", serviceType).
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration service with type %s not found", serviceType)
+	}
+	return service, nil
+}
+
+func (s *store) CreateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *cloudintegrationtypes.StorableCloudIntegrationService) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	now := time.Now()
+	if service.ID.IsZero() {
+		service.ID = valuer.GenerateUUID()
+	}
+	service.CloudIntegrationID = cloudIntegrationID
+	if service.CreatedAt.IsZero() {
+		service.CreatedAt = now
+	}
+	service.UpdatedAt = now
+
+	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(service).Exec(ctx)
+	if err != nil {
+		return nil, s.store.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "cloud integration service with type %s already exists", service.Type)
+	}
+
+	return service, nil
+}
+
+func (s *store) UpdateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *cloudintegrationtypes.StorableCloudIntegrationService) error {
+	service.CloudIntegrationID = cloudIntegrationID
+	service.UpdatedAt = time.Now()
+	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model(service).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Where("type = ?", service.Type).
+		Exec(ctx)
+	return err
+}
+
+func (s *store) GetServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	var services []*cloudintegrationtypes.StorableCloudIntegrationService
+	err := s.store.BunDB().NewSelect().Model(&services).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return services, nil
+}

pkg/modules/user/impluser/handler.go

@@ -27,6 +27,25 @@ func NewHandler(module root.Module, getter root.Getter) root.Handler {
 	return &handler{module: module, getter: getter}
 }
 
+func (h *handler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	req := new(types.PostableAcceptInvite)
+	if err := binding.JSON.BindBody(r.Body, req); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	user, err := h.module.AcceptInvite(ctx, req.InviteToken, req.Password)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusCreated, user)
+}
+
 func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -85,6 +104,59 @@ func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, nil)
 }
 
+func (h *handler) GetInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	token := mux.Vars(r)["token"]
+	invite, err := h.module.GetInviteByToken(ctx, token)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, invite)
+}
+
+func (h *handler) ListInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	invites, err := h.module.ListInvite(ctx, claims.OrgID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, invites)
+}
+
+func (h *handler) DeleteInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	id := mux.Vars(r)["id"]
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if err := h.module.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.UserID); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusNoContent, nil)
+}
+
 func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -141,6 +213,9 @@ func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// temp code - show only active users
+	users = slices.DeleteFunc(users, func(user *types.User) bool { return user.Status != types.UserStatusActive })
+
 	render.Success(w, http.StatusOK, users)
 }
 

pkg/modules/user/impluser/module.go

@@ -50,6 +50,54 @@ func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing em
 	}
 }
 
+func (m *Module) AcceptInvite(ctx context.Context, token string, password string) (*types.User, error) {
+	// get the user by reset password token
+	user, err := m.store.GetUserByResetPasswordToken(ctx, token)
+	if err != nil {
+		return nil, err
+	}
+
+	// update the password and delete the token
+	err = m.UpdatePasswordByResetPasswordToken(ctx, token, password)
+	if err != nil {
+		return nil, err
+	}
+
+	// query the user again
+	user, err = m.store.GetByOrgIDAndID(ctx, user.OrgID, user.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}
+
+func (m *Module) GetInviteByToken(ctx context.Context, token string) (*types.Invite, error) {
+	// get the user
+	user, err := m.store.GetUserByResetPasswordToken(ctx, token)
+	if err != nil {
+		return nil, err
+	}
+
+	// create a dummy invite obj for backward compatibility
+	invite := &types.Invite{
+		Identifiable: types.Identifiable{
+			ID: user.ID,
+		},
+		Name:  user.DisplayName,
+		Email: user.Email,
+		Token: token,
+		Role:  user.Role,
+		OrgID: user.OrgID,
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: user.CreatedAt,
+			UpdatedAt: user.UpdatedAt,
+		},
+	}
+
+	return invite, nil
+}
+
 // CreateBulk implements invite.Module.
 func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *types.PostableBulkInviteRequest) ([]*types.Invite, error) {
 	creator, err := m.store.GetUser(ctx, userID)
@@ -171,6 +219,46 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 	return invites, nil
 }
 
+func (m *Module) ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error) {
+	// find all the users with pending_invite status
+	users, err := m.store.ListUsersByOrgID(ctx, valuer.MustNewUUID(orgID))
+	if err != nil {
+		return nil, err
+	}
+
+	pendingUsers := slices.DeleteFunc(users, func(user *types.User) bool { return user.Status != types.UserStatusPendingInvite })
+
+	var invites []*types.Invite
+
+	for _, pUser := range pendingUsers {
+		// get the reset password token
+		resetPasswordToken, err := m.GetOrCreateResetPasswordToken(ctx, pUser.ID)
+		if err != nil {
+			return nil, err
+		}
+
+		// create a dummy invite obj for backward compatibility
+		invite := &types.Invite{
+			Identifiable: types.Identifiable{
+				ID: pUser.ID,
+			},
+			Name:  pUser.DisplayName,
+			Email: pUser.Email,
+			Token: resetPasswordToken.Token,
+			Role:  pUser.Role,
+			OrgID: pUser.OrgID,
+			TimeAuditable: types.TimeAuditable{
+				CreatedAt: pUser.CreatedAt,
+				UpdatedAt: pUser.UpdatedAt, // dummy
+			},
+		}
+
+		invites = append(invites, invite)
+	}
+
+	return invites, nil
+}
+
 func (module *Module) CreateUser(ctx context.Context, input *types.User, opts ...root.CreateUserOption) error {
 	createUserOpts := root.NewCreateUserOptions(opts...)
 

pkg/modules/user/user.go

@@ -41,6 +41,9 @@ type Module interface {
 
 	// invite
 	CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *types.PostableBulkInviteRequest) ([]*types.Invite, error)
+	ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error)
+	AcceptInvite(ctx context.Context, token string, password string) (*types.User, error)
+	GetInviteByToken(ctx context.Context, token string) (*types.Invite, error)
 
 	// API KEY
 	CreateAPIKey(ctx context.Context, apiKey *types.StorableAPIKey) error
@@ -86,6 +89,10 @@ type Getter interface {
 type Handler interface {
 	// invite
 	CreateInvite(http.ResponseWriter, *http.Request)
+	AcceptInvite(http.ResponseWriter, *http.Request)
+	GetInvite(http.ResponseWriter, *http.Request) // public function
+	ListInvite(http.ResponseWriter, *http.Request)
+	DeleteInvite(http.ResponseWriter, *http.Request)
 	CreateBulkInvite(http.ResponseWriter, *http.Request)
 
 	ListUsers(http.ResponseWriter, *http.Request)

pkg/query-service/constants/constants.go

@@ -28,6 +28,9 @@ const SpanSearchScopeRoot = "isroot"
 const SpanSearchScopeEntryPoint = "isentrypoint"
 const OrderBySpanCount = "span_count"
 
+// Deprecated: Use the new emailing service instead
+var InviteEmailTemplate = GetOrDefaultEnv("INVITE_EMAIL_TEMPLATE", "/root/templates/invitation_email.gotmpl")
+
 var MetricsExplorerClickhouseThreads = GetOrDefaultEnvInt("METRICS_EXPLORER_CLICKHOUSE_THREADS", 8)
 var UpdatedMetricsMetadataCachePrefix = GetOrDefaultEnv("METRICS_UPDATED_METADATA_CACHE_KEY", "UPDATED_METRICS_METADATA")
 

pkg/types/cloudintegrationtypes/account.go

@@ -0,0 +1,49 @@
+package cloudintegrationtypes
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type (
+	ConnectedAccounts struct {
+		Accounts []*Account `json:"accounts"`
+	}
+
+	GettableConnectedAccounts = ConnectedAccounts
+
+	UpdateAccountConfigRequest struct {
+		AWS *AWSAccountConfig `json:"aws"`
+	}
+
+	UpdatableAccountConfig = UpdateAccountConfigRequest
+)
+
+type (
+	Account struct {
+		Id                string            `json:"id"`
+		ProviderAccountId *string           `json:"providerAccountID,omitempty"`
+		Provider          CloudProviderType `json:"provider"`
+		RemovedAt         *time.Time        `json:"removedAt,omitempty"`
+		AgentReport       *AgentReport      `json:"agentReport,omitempty"`
+		OrgID             valuer.UUID       `json:"orgID"`
+		Config            *AccountConfig    `json:"accountConfig,omitempty"`
+	}
+
+	GettableAccount = Account
+)
+
+// AgentReport represents heartbeats sent by the agent.
+type AgentReport struct {
+	TimestampMillis int64          `json:"timestampMillis"`
+	Data            map[string]any `json:"data"`
+}
+
+type AccountConfig struct {
+	AWS *AWSAccountConfig `json:"aws,omitempty"`
+}
+
+type AWSAccountConfig struct {
+	Regions []string `json:"regions"`
+}

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -0,0 +1,82 @@
+package cloudintegrationtypes
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/uptrace/bun"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+var (
+	ErrCodeCloudIntegrationNotFound = errors.MustNewCode("cloud_integration_not_found")
+)
+
+// StorableCloudIntegration represents a cloud integration stored in the database.
+// This is also referred as "Account" in the context of cloud integrations.
+type StorableCloudIntegration struct {
+	bun.BaseModel `bun:"table:cloud_integration"`
+
+	types.Identifiable
+	types.TimeAuditable
+	Provider CloudProviderType `json:"provider" bun:"provider,type:text"`
+	// Config is provider specific data in JSON string format
+	Config          string               `json:"config" bun:"config,type:text"`
+	AccountID       *string              `json:"account_id" bun:"account_id,type:text"`
+	LastAgentReport *StorableAgentReport `json:"last_agent_report" bun:"last_agent_report,type:text"`
+	RemovedAt       *time.Time           `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
+	OrgID           valuer.UUID          `bun:"org_id,type:text"`
+}
+
+// StorableAgentReport represents the last heartbeat and arbitrary data sent by the agent
+// as of now there is no use case for Data field, but keeping it for backwards compatibility with older structure.
+type StorableAgentReport struct {
+	TimestampMillis int64          `json:"timestamp_millis"`
+	Data            map[string]any `json:"data"`
+}
+
+// StorableCloudIntegrationService is to store service config for a cloud integration, which is a cloud provider specific configuration.
+type StorableCloudIntegrationService struct {
+	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
+
+	types.Identifiable
+	types.TimeAuditable
+	Type valuer.String `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
+	// Config is cloud provider's service specific data in JSON string format
+	Config             string      `bun:"config,type:text"`
+	CloudIntegrationID valuer.UUID `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integration(id),on_delete:cascade"`
+}
+
+// Scan scans value from DB.
+func (r *StorableAgentReport) Scan(src any) error {
+	var data []byte
+	switch v := src.(type) {
+	case []byte:
+		data = v
+	case string:
+		data = []byte(v)
+	default:
+		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
+	}
+	return json.Unmarshal(data, r)
+}
+
+// Value creates value to be stored in DB.
+func (r *StorableAgentReport) Value() (driver.Value, error) {
+	if r == nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
+	}
+
+	serialized, err := json.Marshal(r)
+	if err != nil {
+		return nil, errors.WrapInternalf(
+			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
+		)
+	}
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytes
+	return string(serialized), nil
+}

pkg/types/cloudintegrationtypes/cloudprovider.go

@@ -0,0 +1,41 @@
+package cloudintegrationtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// CloudProviderType type alias.
+type CloudProviderType struct{ valuer.String }
+
+var (
+	// cloud providers.
+	CloudProviderTypeAWS   = CloudProviderType{valuer.NewString("aws")}
+	CloudProviderTypeAzure = CloudProviderType{valuer.NewString("azure")}
+
+	// errors.
+	ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
+
+	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
+	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
+)
+
+// CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
+// This is used for validation and restrictions in different contexts, across codebase.
+var CloudIntegrationUserEmails = []valuer.Email{
+	AWSIntegrationUserEmail,
+	AzureIntegrationUserEmail,
+}
+
+// NewCloudProvider returns a new CloudProviderType from a string.
+// It validates the input and returns an error if the input is not valid cloud provider.
+func NewCloudProvider(provider string) (CloudProviderType, error) {
+	switch provider {
+	case CloudProviderTypeAWS.StringValue():
+		return CloudProviderTypeAWS, nil
+	case CloudProviderTypeAzure.StringValue():
+		return CloudProviderTypeAzure, nil
+	default:
+		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
+	}
+}

pkg/types/cloudintegrationtypes/connection.go

@@ -0,0 +1,96 @@
+package cloudintegrationtypes
+
+import "github.com/SigNoz/signoz/pkg/types/integrationtypes"
+
+// request for creating connection artifact.
+type (
+	PostableConnectionArtifact = ConnectionArtifactRequest
+
+	ConnectionArtifactRequest struct {
+		Aws *AWSConnectionArtifactRequest `json:"aws"`
+	}
+
+	AWSConnectionArtifactRequest struct {
+		DeploymentRegion string   `json:"deploymentRegion"`
+		Regions          []string `json:"regions"`
+	}
+)
+
+type (
+	ConnectionArtifact struct {
+		Aws *AWSConnectionArtifact `json:"aws"`
+	}
+
+	AWSConnectionArtifact struct {
+		ConnectionUrl string `json:"connectionURL"`
+	}
+
+	GettableConnectionArtifact = ConnectionArtifact
+)
+
+type (
+	AccountStatus struct {
+		Id                string                         `json:"id"`
+		ProviderAccountId *string                        `json:"providerAccountID,omitempty"`
+		Status            integrationtypes.AccountStatus `json:"status"`
+	}
+
+	GettableAccountStatus = AccountStatus
+)
+
+type (
+	AgentCheckInRequest struct {
+		// older backward compatible fields are mapped to new fields
+		// CloudIntegrationId string `json:"cloudIntegrationId"`
+		// AccountId          string `json:"accountId"`
+
+		// New fields
+		ProviderAccountId string `json:"providerAccountId"`
+		CloudAccountId    string `json:"cloudAccountId"`
+
+		Data map[string]any `json:"data,omitempty"`
+	}
+
+	PostableAgentCheckInRequest struct {
+		AgentCheckInRequest
+		// following are backward compatible fields for older running agents
+		// which gets mapped to new fields in AgentCheckInRequest
+		CloudIntegrationId string `json:"cloud_integration_id"`
+		CloudAccountId     string `json:"cloud_account_id"`
+	}
+
+	GettableAgentCheckInResponse struct {
+		AgentCheckInResponse
+
+		CloudIntegrationId string `json:"cloud_integration_id"`
+		AccountId          string `json:"account_id"`
+	}
+
+	AgentCheckInResponse struct {
+		// Older fields for backward compatibility are mapped to new fields below
+		// CloudIntegrationId string `json:"cloud_integration_id"`
+		// AccountId          string `json:"account_id"`
+
+		// New fields
+		ProviderAccountId string `json:"providerAccountId"`
+		CloudAccountId    string `json:"cloudAccountId"`
+
+		// IntegrationConfig populates data related to integration that is required for an agent
+		// to start collecting telemetry data
+		// keeping JSON key snake_case for backward compatibility
+		IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty"`
+	}
+
+	IntegrationConfig struct {
+		EnabledRegions []string               `json:"enabledRegions"`      // backward compatible
+		Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"` // backward compatible
+
+		// new fields
+		AWS *AWSIntegrationConfig `json:"aws,omitempty"`
+	}
+
+	AWSIntegrationConfig struct {
+		EnabledRegions []string               `json:"enabledRegions"`
+		Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"`
+	}
+)

pkg/types/cloudintegrationtypes/regions.go

@@ -0,0 +1,103 @@
+package cloudintegrationtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+)
+
+var (
+	CodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
+	CodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
+)
+
+// List of all valid cloud regions on Amazon Web Services.
+var ValidAWSRegions = map[string]struct{}{
+	"af-south-1":     {}, // Africa (Cape Town).
+	"ap-east-1":      {}, // Asia Pacific (Hong Kong).
+	"ap-northeast-1": {}, // Asia Pacific (Tokyo).
+	"ap-northeast-2": {}, // Asia Pacific (Seoul).
+	"ap-northeast-3": {}, // Asia Pacific (Osaka).
+	"ap-south-1":     {}, // Asia Pacific (Mumbai).
+	"ap-south-2":     {}, // Asia Pacific (Hyderabad).
+	"ap-southeast-1": {}, // Asia Pacific (Singapore).
+	"ap-southeast-2": {}, // Asia Pacific (Sydney).
+	"ap-southeast-3": {}, // Asia Pacific (Jakarta).
+	"ap-southeast-4": {}, // Asia Pacific (Melbourne).
+	"ca-central-1":   {}, // Canada (Central).
+	"ca-west-1":      {}, // Canada West (Calgary).
+	"eu-central-1":   {}, // Europe (Frankfurt).
+	"eu-central-2":   {}, // Europe (Zurich).
+	"eu-north-1":     {}, // Europe (Stockholm).
+	"eu-south-1":     {}, // Europe (Milan).
+	"eu-south-2":     {}, // Europe (Spain).
+	"eu-west-1":      {}, // Europe (Ireland).
+	"eu-west-2":      {}, // Europe (London).
+	"eu-west-3":      {}, // Europe (Paris).
+	"il-central-1":   {}, // Israel (Tel Aviv).
+	"me-central-1":   {}, // Middle East (UAE).
+	"me-south-1":     {}, // Middle East (Bahrain).
+	"sa-east-1":      {}, // South America (Sao Paulo).
+	"us-east-1":      {}, // US East (N. Virginia).
+	"us-east-2":      {}, // US East (Ohio).
+	"us-west-1":      {}, // US West (N. California).
+	"us-west-2":      {}, // US West (Oregon).
+}
+
+// List of all valid cloud regions for Microsoft Azure.
+var ValidAzureRegions = map[string]struct{}{
+	"australiacentral":   {}, // Australia Central
+	"australiacentral2":  {}, // Australia Central 2
+	"australiaeast":      {}, // Australia East
+	"australiasoutheast": {}, // Australia Southeast
+	"austriaeast":        {}, // Austria East
+	"belgiumcentral":     {}, // Belgium Central
+	"brazilsouth":        {}, // Brazil South
+	"brazilsoutheast":    {}, // Brazil Southeast
+	"canadacentral":      {}, // Canada Central
+	"canadaeast":         {}, // Canada East
+	"centralindia":       {}, // Central India
+	"centralus":          {}, // Central US
+	"chilecentral":       {}, // Chile Central
+	"denmarkeast":        {}, // Denmark East
+	"eastasia":           {}, // East Asia
+	"eastus":             {}, // East US
+	"eastus2":            {}, // East US 2
+	"francecentral":      {}, // France Central
+	"francesouth":        {}, // France South
+	"germanynorth":       {}, // Germany North
+	"germanywestcentral": {}, // Germany West Central
+	"indonesiacentral":   {}, // Indonesia Central
+	"israelcentral":      {}, // Israel Central
+	"italynorth":         {}, // Italy North
+	"japaneast":          {}, // Japan East
+	"japanwest":          {}, // Japan West
+	"koreacentral":       {}, // Korea Central
+	"koreasouth":         {}, // Korea South
+	"malaysiawest":       {}, // Malaysia West
+	"mexicocentral":      {}, // Mexico Central
+	"newzealandnorth":    {}, // New Zealand North
+	"northcentralus":     {}, // North Central US
+	"northeurope":        {}, // North Europe
+	"norwayeast":         {}, // Norway East
+	"norwaywest":         {}, // Norway West
+	"polandcentral":      {}, // Poland Central
+	"qatarcentral":       {}, // Qatar Central
+	"southafricanorth":   {}, // South Africa North
+	"southafricawest":    {}, // South Africa West
+	"southcentralus":     {}, // South Central US
+	"southindia":         {}, // South India
+	"southeastasia":      {}, // Southeast Asia
+	"spaincentral":       {}, // Spain Central
+	"swedencentral":      {}, // Sweden Central
+	"switzerlandnorth":   {}, // Switzerland North
+	"switzerlandwest":    {}, // Switzerland West
+	"uaecentral":         {}, // UAE Central
+	"uaenorth":           {}, // UAE North
+	"uksouth":            {}, // UK South
+	"ukwest":             {}, // UK West
+	"westcentralus":      {}, // West Central US
+	"westeurope":         {}, // West Europe
+	"westindia":          {}, // West India
+	"westus":             {}, // West US
+	"westus2":            {}, // West US 2
+	"westus3":            {}, // West US 3
+}

pkg/types/cloudintegrationtypes/service.go

@@ -0,0 +1,211 @@
+package cloudintegrationtypes
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+var S3Sync = valuer.NewString("s3sync")
+
+type (
+	ServicesMetadata struct {
+		Services []*ServiceMetadata `json:"services"`
+	}
+
+	// ServiceMetadata helps to quickly list available services and whether it is enabled or not.
+	// As getting complete service definition is a heavy operation and the response is also large,
+	// initial integration page load can be very slow.
+	ServiceMetadata struct {
+		ServiceDefinitionMetadata
+		// if the service is enabled for the account
+		Enabled bool `json:"enabled"`
+	}
+
+	GettableServicesMetadata = ServicesMetadata
+
+	Service struct {
+		ServiceDefinition
+		ServiceConfig *ServiceConfig `json:"serviceConfig"`
+	}
+
+	GettableService = Service
+
+	UpdateServiceConfigRequest struct {
+		CloudIntegrationId valuer.UUID    `json:"cloudIntegrationId"`
+		ServiceConfig      *ServiceConfig `json:"serviceConfig"`
+	}
+
+	UpdateServiceConfigResponse struct {
+		Id                 string         `json:"id"` // service id
+		CloudIntegrationId valuer.UUID    `json:"cloudIntegrationId"`
+		ServiceConfig      *ServiceConfig `json:"serviceConfig"`
+	}
+)
+
+type ServiceConfig struct {
+	AWS *AWSServiceConfig `json:"aws,omitempty"`
+}
+
+type AWSServiceConfig struct {
+	Logs    *AWSServiceLogsConfig    `json:"logs"`
+	Metrics *AWSServiceMetricsConfig `json:"metrics"`
+}
+
+// AWSServiceLogsConfig is AWS specific logs config for a service
+// NOTE: the JSON keys are snake case for backward compatibility with existing agents.
+type AWSServiceLogsConfig struct {
+	Enabled   bool                `json:"enabled"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
+}
+
+type AWSServiceMetricsConfig struct {
+	Enabled bool `json:"enabled"`
+}
+
+// DefinitionMetadata represents service definition metadata. This is useful for showing service overview.
+type ServiceDefinitionMetadata struct {
+	Id    string `json:"id"`
+	Title string `json:"title"`
+	Icon  string `json:"icon"`
+}
+
+type ServiceDefinition struct {
+	ServiceDefinitionMetadata
+	Overview         string              `json:"overview"` // markdown
+	Assets           Assets              `json:"assets"`
+	SupportedSignals SupportedSignals    `json:"supported_signals"`
+	DataCollected    DataCollected       `json:"dataCollected"`
+	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy"`
+}
+
+// CollectionStrategy is cloud provider specific configuration for signal collection,
+// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
+type CollectionStrategy struct {
+	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
+}
+
+// Assets represents the collection of dashboards.
+type Assets struct {
+	Dashboards []Dashboard `json:"dashboards"`
+}
+
+// SupportedSignals for cloud provider's service.
+type SupportedSignals struct {
+	Logs    bool `json:"logs"`
+	Metrics bool `json:"metrics"`
+}
+
+// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
+type DataCollected struct {
+	Logs    []CollectedLogAttribute `json:"logs"`
+	Metrics []CollectedMetric       `json:"metrics"`
+}
+
+// CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
+// this is shown as part of service overview.
+type CollectedLogAttribute struct {
+	Name string `json:"name"`
+	Path string `json:"path"`
+	Type string `json:"type"`
+}
+
+// CollectedMetric represents a metric that is collected for a service, this is shown as part of service overview.
+type CollectedMetric struct {
+	Name        string `json:"name"`
+	Type        string `json:"type"`
+	Unit        string `json:"unit"`
+	Description string `json:"description"`
+}
+
+// AWSCollectionStrategy represents signal collection strategy for AWS services.
+// this is AWS specific.
+// NOTE: this structure is still using snake case, for backward compatibility,
+// with existing agents.
+type AWSCollectionStrategy struct {
+	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
+	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
+}
+
+// AWSMetricsStrategy represents metrics collection strategy for AWS services.
+// this is AWS specific.
+// NOTE: this structure is still using snake case, for backward compatibility,
+// with existing agents.
+type AWSMetricsStrategy struct {
+	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
+	StreamFilters []struct {
+		// json tags here are in the shape expected by AWS API as detailed at
+		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
+		Namespace   string   `json:"Namespace"`
+		MetricNames []string `json:"MetricNames,omitempty"`
+	} `json:"cloudwatch_metric_stream_filters"`
+}
+
+// AWSLogsStrategy represents logs collection strategy for AWS services.
+// this is AWS specific.
+// NOTE: this structure is still using snake case, for backward compatibility,
+// with existing agents.
+type AWSLogsStrategy struct {
+	Subscriptions []struct {
+		// subscribe to all logs groups with specified prefix.
+		// eg: `/aws/rds/`
+		LogGroupNamePrefix string `json:"log_group_name_prefix"`
+
+		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
+		// "" implies no filtering is required.
+		FilterPattern string `json:"filter_pattern"`
+	} `json:"cloudwatch_logs_subscriptions"`
+}
+
+// Dashboard represents a dashboard definition for cloud integration.
+// This is used to show available pre-made dashboards for a service,
+// hence has additional fields like id, title and description
+type Dashboard struct {
+	Id          string                               `json:"id"`
+	Title       string                               `json:"title"`
+	Description string                               `json:"description"`
+	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
+}
+
+// UTILS
+
+// GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
+// This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
+func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcId, dashboardId string) string {
+	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
+}
+
+// GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition.
+func GetDashboardsFromAssets(
+	svcId string,
+	orgID valuer.UUID,
+	cloudProvider CloudProviderType,
+	createdAt time.Time,
+	assets Assets,
+) []*dashboardtypes.Dashboard {
+	dashboards := make([]*dashboardtypes.Dashboard, 0)
+
+	for _, d := range assets.Dashboards {
+		author := fmt.Sprintf("%s-integration", cloudProvider)
+		dashboards = append(dashboards, &dashboardtypes.Dashboard{
+			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
+			Locked: true,
+			OrgID:  orgID,
+			Data:   d.Definition,
+			TimeAuditable: types.TimeAuditable{
+				CreatedAt: createdAt,
+				UpdatedAt: createdAt,
+			},
+			UserAuditable: types.UserAuditable{
+				CreatedBy: author,
+				UpdatedBy: author,
+			},
+		})
+	}
+
+	return dashboards
+}

pkg/types/cloudintegrationtypes/store.go

@@ -0,0 +1,41 @@
+package cloudintegrationtypes
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Store interface {
+	// GetAccountByID returns a cloud integration account by id
+	GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) (*StorableCloudIntegration, error)
+
+	// CreateAccount creates a new cloud integration account
+	CreateAccount(ctx context.Context, orgID valuer.UUID, account *StorableCloudIntegration) (*StorableCloudIntegration, error)
+
+	// UpdateAccount updates an existing cloud integration account
+	UpdateAccount(ctx context.Context, account *StorableCloudIntegration) error
+
+	// RemoveAccount marks a cloud integration account as removed by setting the RemovedAt field
+	RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) error
+
+	// GetConnectedAccounts returns all the cloud integration accounts for the org and cloud provider
+	GetConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider CloudProviderType) ([]*StorableCloudIntegration, error)
+
+	// GetConnectedAccount for given provider
+	GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider CloudProviderType, providerAccountID string) (*StorableCloudIntegration, error)
+
+	// cloud_integration_service related methods
+
+	// GetServiceByType returns the cloud integration service for the given cloud integration id and service type
+	GetServiceByType(ctx context.Context, cloudIntegrationID valuer.UUID, serviceType string) (*StorableCloudIntegrationService, error)
+
+	// CreateService creates a new cloud integration service for the given cloud integration id and service type
+	CreateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *StorableCloudIntegrationService) (*StorableCloudIntegrationService, error)
+
+	// UpdateService updates an existing cloud integration service for the given cloud integration id and service type
+	UpdateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *StorableCloudIntegrationService) error
+
+	// GetServices returns all the cloud integration services for the given cloud integration id
+	GetServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*StorableCloudIntegrationService, error)
+}

pkg/types/invite.go

@@ -30,6 +30,22 @@ type Invite struct {
 	InviteLink string `bun:"-" json:"inviteLink"`
 }
 
+type InviteEmailData struct {
+	CustomerName string
+	InviterName  string
+	InviterEmail string
+	Link         string
+}
+
+type PostableAcceptInvite struct {
+	DisplayName string `json:"displayName"`
+	InviteToken string `json:"token"`
+	Password    string `json:"password"`
+
+	// reference URL to track where the register request is coming from
+	SourceURL string `json:"sourceUrl"`
+}
+
 type PostableInvite struct {
 	Name            string       `json:"name"`
 	Email           valuer.Email `json:"email"`
@@ -63,6 +79,10 @@ func (request *PostableBulkInviteRequest) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+type GettableCreateInviteResponse struct {
+	InviteToken string `json:"token"`
+}
+
 func NewInvite(name string, role Role, orgID valuer.UUID, email valuer.Email) (*Invite, error) {
 	invite := &Invite{
 		Identifiable: Identifiable{
@@ -81,3 +101,23 @@ func NewInvite(name string, role Role, orgID valuer.UUID, email valuer.Email) (*
 
 	return invite, nil
 }
+
+func (request *PostableAcceptInvite) UnmarshalJSON(data []byte) error {
+	type Alias PostableAcceptInvite
+
+	var temp Alias
+	if err := json.Unmarshal(data, &temp); err != nil {
+		return err
+	}
+
+	if temp.InviteToken == "" {
+		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "invite token is required")
+	}
+
+	if !IsPasswordValid(temp.Password) {
+		return ErrInvalidPassword
+	}
+
+	*request = PostableAcceptInvite(temp)
+	return nil
+}

tests/integration/src/passwordauthn/01_register.py

@@ -121,23 +121,6 @@ def test_invite_and_register(
     assert invited_user["email"] == "editor@integration.test"
     assert invited_user["role"] == "EDITOR"
 
-    # Verify the user user appears in the users list but as pending_invite status
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/user"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {admin_token}"},
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    user_response = response.json()["data"]
-    found_user = next(
-        (user for user in user_response if user["email"] == "editor@integration.test"),
-        None,
-    )
-    assert found_user is not None
-    assert found_user["status"] == "pending_invite"
-    assert found_user["role"] == "EDITOR"
-
     reset_token = invited_user["token"]
 
     # Reset the password to complete the invite flow (activates the user and also grants authz)
@@ -248,3 +231,85 @@ def test_self_access(
 
     assert response.status_code == HTTPStatus.OK
     assert response.json()["data"]["role"] == "EDITOR"
+
+
+def test_old_invite_flow(signoz: types.SigNoz, get_token: Callable[[str, str], str]):
+    admin_token = get_token("admin@integration.test", "password123Z$")
+
+    # invite a new user
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": "oldinviteflow@integration.test", "role": "VIEWER", "name": "old invite flow"},
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # get the invite token using get api
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {admin_token}"
+        },
+    )
+
+    invite_response = response.json()["data"]
+    found_invite = next(
+        (
+            invite
+            for invite in invite_response
+            if invite["email"] == "oldinviteflow@integration.test"
+        ),
+        None,
+    )
+
+    # accept the invite
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
+        json={
+            "password": "password123Z$",
+            "displayName": "old invite flow",
+            "token": f"{found_invite['token']}",
+        },
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # verify the invite token has been deleted
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(f"/api/v1/invite/{found_invite['token']}"),
+        timeout=2,
+    )
+    assert response.status_code in (HTTPStatus.NOT_FOUND, HTTPStatus.BAD_REQUEST)
+
+    # verify that admin endpoints cannot be called
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {get_token("oldinviteflow@integration.test", "password123Z$")}"
+        },
+    )
+    assert response.status_code == HTTPStatus.FORBIDDEN
+
+    # verify the user has been created
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {admin_token}"
+        },
+    )
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "oldinviteflow@integration.test"),
+        None,
+    )
+
+    assert found_user is not None
+    assert found_user["role"] == "VIEWER"
+    assert found_user["displayName"] == "old invite flow"
+    assert found_user["email"] == "oldinviteflow@integration.test"