Merge branch 'refactor/cloud-integration-impl-store' into refactor/cloud-integration-handlers

docs/api/openapi.yml

@@ -342,6 +342,397 @@ components:
         config:
           $ref: '#/components/schemas/AuthtypesAuthDomainConfig'
       type: object
+    CloudintegrationtypesAWSAccountConfig:
+      properties:
+        regions:
+          items:
+            type: string
+          type: array
+      required:
+      - regions
+      type: object
+    CloudintegrationtypesAWSCollectionStrategy:
+      properties:
+        aws_logs:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSLogsStrategy'
+        aws_metrics:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSMetricsStrategy'
+        s3_buckets:
+          additionalProperties:
+            items:
+              type: string
+            type: array
+          type: object
+      type: object
+    CloudintegrationtypesAWSConnectionArtifact:
+      properties:
+        connectionURL:
+          type: string
+      required:
+      - connectionURL
+      type: object
+    CloudintegrationtypesAWSConnectionArtifactRequest:
+      properties:
+        deploymentRegion:
+          type: string
+        regions:
+          items:
+            type: string
+          type: array
+      required:
+      - deploymentRegion
+      - regions
+      type: object
+    CloudintegrationtypesAWSIntegrationConfig:
+      properties:
+        enabledRegions:
+          items:
+            type: string
+          type: array
+        telemetry:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSCollectionStrategy'
+      required:
+      - enabledRegions
+      - telemetry
+      type: object
+    CloudintegrationtypesAWSLogsStrategy:
+      properties:
+        cloudwatch_logs_subscriptions:
+          items:
+            properties:
+              filter_pattern:
+                type: string
+              log_group_name_prefix:
+                type: string
+            type: object
+          nullable: true
+          type: array
+      type: object
+    CloudintegrationtypesAWSMetricsStrategy:
+      properties:
+        cloudwatch_metric_stream_filters:
+          items:
+            properties:
+              MetricNames:
+                items:
+                  type: string
+                type: array
+              Namespace:
+                type: string
+            type: object
+          nullable: true
+          type: array
+      type: object
+    CloudintegrationtypesAWSServiceConfig:
+      properties:
+        logs:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSServiceLogsConfig'
+        metrics:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSServiceMetricsConfig'
+      type: object
+    CloudintegrationtypesAWSServiceLogsConfig:
+      properties:
+        enabled:
+          type: boolean
+        s3_buckets:
+          additionalProperties:
+            items:
+              type: string
+            type: array
+          type: object
+      type: object
+    CloudintegrationtypesAWSServiceMetricsConfig:
+      properties:
+        enabled:
+          type: boolean
+      type: object
+    CloudintegrationtypesAccount:
+      properties:
+        agentReport:
+          $ref: '#/components/schemas/CloudintegrationtypesAgentReport'
+        config:
+          $ref: '#/components/schemas/CloudintegrationtypesAccountConfig'
+        createdAt:
+          format: date-time
+          type: string
+        id:
+          type: string
+        orgId:
+          type: string
+        provider:
+          type: string
+        providerAccountId:
+          nullable: true
+          type: string
+        removedAt:
+          format: date-time
+          nullable: true
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      - providerAccountId
+      - provider
+      - removedAt
+      - agentReport
+      - orgId
+      - config
+      type: object
+    CloudintegrationtypesAccountConfig:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSAccountConfig'
+      required:
+      - aws
+      type: object
+    CloudintegrationtypesAgentReport:
+      nullable: true
+      properties:
+        data:
+          additionalProperties: {}
+          nullable: true
+          type: object
+        timestampMillis:
+          format: int64
+          type: integer
+      required:
+      - timestampMillis
+      - data
+      type: object
+    CloudintegrationtypesAssets:
+      properties:
+        dashboards:
+          items:
+            $ref: '#/components/schemas/CloudintegrationtypesDashboard'
+          nullable: true
+          type: array
+      type: object
+    CloudintegrationtypesCollectedLogAttribute:
+      properties:
+        name:
+          type: string
+        path:
+          type: string
+        type:
+          type: string
+      type: object
+    CloudintegrationtypesCollectedMetric:
+      properties:
+        description:
+          type: string
+        name:
+          type: string
+        type:
+          type: string
+        unit:
+          type: string
+      type: object
+    CloudintegrationtypesCollectionStrategy:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSCollectionStrategy'
+      type: object
+    CloudintegrationtypesConnectionArtifact:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSConnectionArtifact'
+      required:
+      - aws
+      type: object
+    CloudintegrationtypesConnectionArtifactRequest:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSConnectionArtifactRequest'
+      required:
+      - aws
+      type: object
+    CloudintegrationtypesDashboard:
+      properties:
+        definition:
+          $ref: '#/components/schemas/DashboardtypesStorableDashboardData'
+        description:
+          type: string
+        id:
+          type: string
+        title:
+          type: string
+      type: object
+    CloudintegrationtypesDataCollected:
+      properties:
+        logs:
+          items:
+            $ref: '#/components/schemas/CloudintegrationtypesCollectedLogAttribute'
+          nullable: true
+          type: array
+        metrics:
+          items:
+            $ref: '#/components/schemas/CloudintegrationtypesCollectedMetric'
+          nullable: true
+          type: array
+      type: object
+    CloudintegrationtypesGettableAccounts:
+      properties:
+        accounts:
+          items:
+            $ref: '#/components/schemas/CloudintegrationtypesAccount'
+          type: array
+      required:
+      - accounts
+      type: object
+    CloudintegrationtypesGettableAgentCheckInResponse:
+      properties:
+        account_id:
+          type: string
+        cloud_account_id:
+          type: string
+        cloudIntegrationId:
+          type: string
+        integration_config:
+          $ref: '#/components/schemas/CloudintegrationtypesIntegrationConfig'
+        integrationConfig:
+          $ref: '#/components/schemas/CloudintegrationtypesProviderIntegrationConfig'
+        providerAccountId:
+          type: string
+        removed_at:
+          format: date-time
+          nullable: true
+          type: string
+        removedAt:
+          format: date-time
+          nullable: true
+          type: string
+      required:
+      - account_id
+      - cloud_account_id
+      - integration_config
+      - removed_at
+      - cloudIntegrationId
+      - providerAccountId
+      - integrationConfig
+      - removedAt
+      type: object
+    CloudintegrationtypesGettableServicesMetadata:
+      properties:
+        services:
+          items:
+            $ref: '#/components/schemas/CloudintegrationtypesServiceMetadata'
+          type: array
+      required:
+      - services
+      type: object
+    CloudintegrationtypesIntegrationConfig:
+      nullable: true
+      properties:
+        enabledRegions:
+          items:
+            type: string
+          type: array
+        telemetry:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSCollectionStrategy'
+      required:
+      - enabledRegions
+      - telemetry
+      type: object
+    CloudintegrationtypesPostableAgentCheckInRequest:
+      properties:
+        account_id:
+          type: string
+        cloud_account_id:
+          type: string
+        cloudIntegrationId:
+          type: string
+        data:
+          additionalProperties: {}
+          nullable: true
+          type: object
+        providerAccountId:
+          type: string
+      required:
+      - data
+      type: object
+    CloudintegrationtypesProviderIntegrationConfig:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSIntegrationConfig'
+      required:
+      - aws
+      type: object
+    CloudintegrationtypesService:
+      properties:
+        assets:
+          $ref: '#/components/schemas/CloudintegrationtypesAssets'
+        dataCollected:
+          $ref: '#/components/schemas/CloudintegrationtypesDataCollected'
+        icon:
+          type: string
+        id:
+          type: string
+        overview:
+          type: string
+        serviceConfig:
+          $ref: '#/components/schemas/CloudintegrationtypesServiceConfig'
+        supported_signals:
+          $ref: '#/components/schemas/CloudintegrationtypesSupportedSignals'
+        telemetryCollectionStrategy:
+          $ref: '#/components/schemas/CloudintegrationtypesCollectionStrategy'
+        title:
+          type: string
+      required:
+      - id
+      - title
+      - icon
+      - overview
+      - assets
+      - supported_signals
+      - dataCollected
+      - telemetryCollectionStrategy
+      type: object
+    CloudintegrationtypesServiceConfig:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSServiceConfig'
+      required:
+      - aws
+      type: object
+    CloudintegrationtypesServiceMetadata:
+      properties:
+        enabled:
+          type: boolean
+        icon:
+          type: string
+        id:
+          type: string
+        title:
+          type: string
+      required:
+      - id
+      - title
+      - icon
+      - enabled
+      type: object
+    CloudintegrationtypesSupportedSignals:
+      properties:
+        logs:
+          type: boolean
+        metrics:
+          type: boolean
+      type: object
+    CloudintegrationtypesUpdatableAccount:
+      properties:
+        config:
+          $ref: '#/components/schemas/CloudintegrationtypesAccountConfig'
+      required:
+      - config
+      type: object
+    CloudintegrationtypesUpdatableService:
+      properties:
+        config:
+          $ref: '#/components/schemas/CloudintegrationtypesServiceConfig'
+      required:
+      - config
+      type: object
     DashboardtypesDashboard:
       properties:
         createdAt:
@@ -2449,6 +2840,552 @@ paths:
       summary: Change password
       tags:
       - users
+  /api/v1/cloud-integrations/{cloud_provider}/agent-check-in:
+    post:
+      deprecated: true
+      description: '[Deprecated] This endpoint is called by the deployed agent to
+        check in'
+      operationId: AgentCheckInDeprecated
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudintegrationtypesPostableAgentCheckInRequest'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesGettableAgentCheckInResponse'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Agent check-in
+      tags:
+      - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/accounts:
+    get:
+      deprecated: false
+      description: This endpoint lists the accounts for the specified cloud provider
+      operationId: ListAccounts
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesGettableAccounts'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: List accounts
+      tags:
+      - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/accounts/{id}:
+    delete:
+      deprecated: false
+      description: This endpoint disconnects an account for the specified cloud provider
+      operationId: DisconnectAccount
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Disconnect account
+      tags:
+      - cloudintegration
+    get:
+      deprecated: false
+      description: This endpoint gets an account for the specified cloud provider
+      operationId: GetAccount
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesAccount'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Get account
+      tags:
+      - cloudintegration
+    put:
+      deprecated: false
+      description: This endpoint updates an account for the specified cloud provider
+      operationId: UpdateAccount
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudintegrationtypesUpdatableAccount'
+      responses:
+        "204":
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Update account
+      tags:
+      - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/accounts/check_in:
+    post:
+      deprecated: false
+      description: This endpoint is called by the deployed agent to check in
+      operationId: AgentCheckIn
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudintegrationtypesPostableAgentCheckInRequest'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesGettableAgentCheckInResponse'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Agent check-in
+      tags:
+      - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/accounts/connection_artifact:
+    post:
+      deprecated: false
+      description: This endpoint returns a connection artifact for the specified cloud
+        provider and creates new cloud integration account
+      operationId: GetConnectionArtifact
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudintegrationtypesConnectionArtifactRequest'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesConnectionArtifact'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Get connection artifact
+      tags:
+      - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/services:
+    get:
+      deprecated: false
+      description: This endpoint lists the services metadata for the specified cloud
+        provider
+      operationId: ListServicesMetadata
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesGettableServicesMetadata'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: List services metadata
+      tags:
+      - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/services/{service_id}:
+    get:
+      deprecated: false
+      description: This endpoint gets a service for the specified cloud provider
+      operationId: GetService
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: service_id
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesService'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Get service
+      tags:
+      - cloudintegration
+    put:
+      deprecated: false
+      description: This endpoint updates a service for the specified cloud provider
+      operationId: UpdateService
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: service_id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudintegrationtypesUpdatableService'
+      responses:
+        "204":
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Update service
+      tags:
+      - cloudintegration
   /api/v1/complete/google:
     get:
       deprecated: false

pkg/apiserver/signozapiserver/cloudintegration.go

@@ -0,0 +1,216 @@
+package signozapiserver
+
+import (
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/http/handler"
+	"github.com/SigNoz/signoz/pkg/types"
+	citypes "github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/gorilla/mux"
+)
+
+func (provider *provider) addCloudIntegrationRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/connection_artifact", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetConnectionArtifact),
+		handler.OpenAPIDef{
+			ID:                  "GetConnectionArtifact",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get connection artifact",
+			Description:         "This endpoint returns a connection artifact for the specified cloud provider and creates new cloud integration account",
+			Request:             new(citypes.PostableConnectionArtifact),
+			RequestContentType:  "application/json",
+			Response:            new(citypes.GettableConnectionArtifact),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.ListAccounts),
+		handler.OpenAPIDef{
+			ID:                  "ListAccounts",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "List accounts",
+			Description:         "This endpoint lists the accounts for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableAccounts),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetAccount),
+		handler.OpenAPIDef{
+			ID:                  "GetAccount",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get account",
+			Description:         "This endpoint gets an account for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableAccount),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.UpdateAccount),
+		handler.OpenAPIDef{
+			ID:                  "UpdateAccount",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Update account",
+			Description:         "This endpoint updates an account for the specified cloud provider",
+			Request:             new(citypes.UpdatableAccount),
+			RequestContentType:  "application/json",
+			Response:            nil,
+			ResponseContentType: "",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.DisconnectAccount),
+		handler.OpenAPIDef{
+			ID:                  "DisconnectAccount",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Disconnect account",
+			Description:         "This endpoint disconnects an account for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            nil,
+			ResponseContentType: "",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.ListServicesMetadata),
+		handler.OpenAPIDef{
+			ID:                  "ListServicesMetadata",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "List services metadata",
+			Description:         "This endpoint lists the services metadata for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableServicesMetadata),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services/{service_id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetService),
+		handler.OpenAPIDef{
+			ID:                  "GetService",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get service",
+			Description:         "This endpoint gets a service for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableService),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services/{service_id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.UpdateService),
+		handler.OpenAPIDef{
+			ID:                  "UpdateService",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Update service",
+			Description:         "This endpoint updates a service for the specified cloud provider",
+			Request:             new(citypes.UpdatableService),
+			RequestContentType:  "application/json",
+			Response:            nil,
+			ResponseContentType: "",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	// Agent check-in endpoint is kept same as older one to maintain backward compatibility with already deployed agents.
+	// In the future, this endpoint will be deprecated and a new endpoint will be introduced for consistency with above endpoints.
+	if err := router.Handle("/api/v1/cloud-integrations/{cloud_provider}/agent-check-in", handler.New(
+		provider.authZ.ViewAccess(provider.cloudIntegrationHandler.AgentCheckIn),
+		handler.OpenAPIDef{
+			ID:                  "AgentCheckInDeprecated",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Agent check-in",
+			Description:         "[Deprecated] This endpoint is called by the deployed agent to check in",
+			Request:             new(citypes.PostableAgentCheckInRequest),
+			RequestContentType:  "application/json",
+			Response:            new(citypes.GettableAgentCheckInResponse),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          true,                                 // this endpoint will be deprecated in future
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer), // agent role is viewer
+		},
+	)).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/check_in", handler.New(
+		provider.authZ.ViewAccess(provider.cloudIntegrationHandler.AgentCheckIn),
+		handler.OpenAPIDef{
+			ID:                  "AgentCheckIn",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Agent check-in",
+			Description:         "This endpoint is called by the deployed agent to check in",
+			Request:             new(citypes.PostableAgentCheckInRequest),
+			RequestContentType:  "application/json",
+			Response:            new(citypes.GettableAgentCheckInResponse),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer), // agent role is viewer
+		},
+	)).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/apiserver/signozapiserver/provider.go

@@ -12,6 +12,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/fields"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
@@ -50,6 +51,8 @@ type provider struct {
 	zeusHandler            zeus.Handler
 	querierHandler         querier.Handler
 	serviceAccountHandler  serviceaccount.Handler
+	// TODO: wire up later
+	cloudIntegrationHandler cloudintegration.Handler //nolint:unused
 }
 
 func NewFactory(
@@ -72,6 +75,7 @@ func NewFactory(
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
 	serviceAccountHandler serviceaccount.Handler,
+	cloudIntegrationHandler cloudintegration.Handler,
 ) factory.ProviderFactory[apiserver.APIServer, apiserver.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("signoz"), func(ctx context.Context, providerSettings factory.ProviderSettings, config apiserver.Config) (apiserver.APIServer, error) {
 		return newProvider(
@@ -97,6 +101,7 @@ func NewFactory(
 			zeusHandler,
 			querierHandler,
 			serviceAccountHandler,
+			cloudIntegrationHandler,
 		)
 	})
 }
@@ -124,31 +129,33 @@ func newProvider(
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
 	serviceAccountHandler serviceaccount.Handler,
+	cloudIntegrationHandler cloudintegration.Handler,
 ) (apiserver.APIServer, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/apiserver/signozapiserver")
 	router := mux.NewRouter().UseEncodedPath()
 
 	provider := &provider{
-		config:                 config,
-		settings:               settings,
-		router:                 router,
-		orgHandler:             orgHandler,
-		userHandler:            userHandler,
-		sessionHandler:         sessionHandler,
-		authDomainHandler:      authDomainHandler,
-		preferenceHandler:      preferenceHandler,
-		globalHandler:          globalHandler,
-		promoteHandler:         promoteHandler,
-		flaggerHandler:         flaggerHandler,
-		dashboardModule:        dashboardModule,
-		dashboardHandler:       dashboardHandler,
-		metricsExplorerHandler: metricsExplorerHandler,
-		gatewayHandler:         gatewayHandler,
-		fieldsHandler:          fieldsHandler,
-		authzHandler:           authzHandler,
-		zeusHandler:            zeusHandler,
-		querierHandler:         querierHandler,
-		serviceAccountHandler:  serviceAccountHandler,
+		config:                  config,
+		settings:                settings,
+		router:                  router,
+		orgHandler:              orgHandler,
+		userHandler:             userHandler,
+		sessionHandler:          sessionHandler,
+		authDomainHandler:       authDomainHandler,
+		preferenceHandler:       preferenceHandler,
+		globalHandler:           globalHandler,
+		promoteHandler:          promoteHandler,
+		flaggerHandler:          flaggerHandler,
+		dashboardModule:         dashboardModule,
+		dashboardHandler:        dashboardHandler,
+		metricsExplorerHandler:  metricsExplorerHandler,
+		gatewayHandler:          gatewayHandler,
+		fieldsHandler:           fieldsHandler,
+		authzHandler:            authzHandler,
+		zeusHandler:             zeusHandler,
+		querierHandler:          querierHandler,
+		serviceAccountHandler:   serviceAccountHandler,
+		cloudIntegrationHandler: cloudIntegrationHandler,
 	}
 
 	provider.authZ = middleware.NewAuthZ(settings.Logger(), orgGetter, authz)
@@ -233,6 +240,10 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 		return err
 	}
 
+	if err := provider.addCloudIntegrationRoutes(router); err != nil {
+		return err
+	}
+
 	return nil
 }
 

pkg/instrumentation/logger.go

@@ -13,7 +13,13 @@ type zapToSlogConverter struct{}
 func NewLogger(config Config) *slog.Logger {
 	logger := slog.New(
 		loghandler.New(
-			slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{Level: config.Logs.Level, ReplaceAttr: func(groups []string, a slog.Attr) slog.Attr {
+			slog.NewJSONHandler(os.Stderr, &slog.HandlerOptions{Level: config.Logs.Level, AddSource: true, ReplaceAttr: func(groups []string, a slog.Attr) slog.Attr {
+				// This is more in line with OpenTelemetry semantic conventions
+				if a.Key == slog.SourceKey {
+					a.Key = "code"
+					return a
+				}
+
 				if a.Key == slog.TimeKey {
 					a.Key = "timestamp"
 					return a
@@ -21,7 +27,6 @@ func NewLogger(config Config) *slog.Logger {
 
 				return a
 			}}),
-			loghandler.NewSource(),
 			loghandler.NewCorrelation(),
 			loghandler.NewFiltering(),
 			loghandler.NewException(),

pkg/instrumentation/loghandler/source.go

@@ -1,28 +0,0 @@
-package loghandler
-
-import (
-	"context"
-	"log/slog"
-	"runtime"
-)
-
-type source struct{}
-
-func NewSource() *source {
-	return &source{}
-}
-
-func (h *source) Wrap(next LogHandler) LogHandler {
-	return LogHandlerFunc(func(ctx context.Context, record slog.Record) error {
-		if record.PC != 0 {
-			frame, _ := runtime.CallersFrames([]uintptr{record.PC}).Next()
-			record.AddAttrs(
-				slog.String("code.filepath", frame.File),
-				slog.String("code.function", frame.Function),
-				slog.Int("code.lineno", frame.Line),
-			)
-		}
-
-		return next.Handle(ctx, record)
-	})
-}

pkg/instrumentation/loghandler/source_test.go

@@ -1,37 +0,0 @@
-package loghandler
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"log/slog"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestSource(t *testing.T) {
-	src := NewSource()
-
-	buf := bytes.NewBuffer(nil)
-	logger := slog.New(&handler{base: slog.NewJSONHandler(buf, &slog.HandlerOptions{Level: slog.LevelDebug}), wrappers: []Wrapper{src}})
-
-	logger.InfoContext(context.Background(), "test")
-
-	m := make(map[string]any)
-	err := json.Unmarshal(buf.Bytes(), &m)
-	require.NoError(t, err)
-
-	assert.Contains(t, m, "code.filepath")
-	assert.Contains(t, m, "code.function")
-	assert.Contains(t, m, "code.lineno")
-
-	assert.Contains(t, m["code.filepath"], "source_test.go")
-	assert.Contains(t, m["code.function"], "TestSource")
-	assert.NotZero(t, m["code.lineno"])
-
-	// Ensure the nested "source" key is not present.
-	assert.NotContains(t, m, "source")
-	assert.NotContains(t, m, "code")
-}

pkg/modules/cloudintegration/cloudintegration.go

@@ -53,6 +53,7 @@ type Module interface {
 }
 
 type Handler interface {
+	// GetConnectionArtifact creates a new cloud integration account and returns the connection artifact
 	GetConnectionArtifact(http.ResponseWriter, *http.Request)
 	ListAccounts(http.ResponseWriter, *http.Request)
 	GetAccount(http.ResponseWriter, *http.Request)

pkg/modules/cloudintegration/implcloudintegration/handler.go

@@ -0,0 +1,58 @@
+package implcloudintegration
+
+import (
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+)
+
+type handler struct{}
+
+func NewHandler() cloudintegration.Handler {
+	return &handler{}
+}
+
+func (h handler) GetConnectionArtifact(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) ListAccounts(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) GetAccount(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) UpdateAccount(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) DisconnectAccount(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) ListServicesMetadata(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) GetService(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) UpdateService(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}
+
+func (h handler) AgentCheckIn(writer http.ResponseWriter, request *http.Request) {
+	// TODO implement me
+	panic("implement me")
+}

pkg/modules/cloudintegration/implcloudintegration/store.go

@@ -0,0 +1,134 @@
+package implcloudintegration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type store struct {
+	store sqlstore.SQLStore
+}
+
+func NewStore(sqlStore sqlstore.SQLStore) cloudintegrationtypes.Store {
+	return &store{store: sqlStore}
+}
+
+func (s *store) GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := s.store.BunDBCtx(ctx).NewSelect().Model(account).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration account with id %s not found", id)
+	}
+	return account, nil
+}
+
+func (s *store) ListConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.StorableCloudIntegration, error) {
+	var accounts []*cloudintegrationtypes.StorableCloudIntegration
+	err := s.store.BunDBCtx(ctx).NewSelect().Model(&accounts).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("removed_at IS NULL").
+		Where("account_id IS NOT NULL").
+		Where("last_agent_report IS NOT NULL").
+		Order("created_at ASC").
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return accounts, nil
+}
+
+func (s *store) CreateAccount(ctx context.Context, account *cloudintegrationtypes.StorableCloudIntegration) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(account).Exec(ctx)
+	if err != nil {
+		return nil, s.store.WrapAlreadyExistsErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationAlreadyExists, "cloud integration account with id %s already exists", account.ID)
+	}
+
+	return account, nil
+}
+
+func (s *store) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.StorableCloudIntegration) error {
+	_, err := s.store.BunDBCtx(ctx).
+		NewUpdate().
+		Model(account).
+		WherePK().
+		Where("org_id = ?", account.OrgID).
+		Where("provider = ?", account.Provider).
+		Exec(ctx)
+
+	return err
+}
+
+func (s *store) RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
+	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model(new(cloudintegrationtypes.StorableCloudIntegration)).
+		Set("removed_at = ?", time.Now()).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Exec(ctx)
+	return err
+}
+
+func (s *store) GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, providerAccountID string) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := s.store.BunDBCtx(ctx).NewSelect().Model(account).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("account_id = ?", providerAccountID).
+		Where("last_agent_report IS NOT NULL").
+		Where("removed_at IS NULL").
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "connected account with provider account id %s not found", providerAccountID)
+	}
+	return account, nil
+}
+
+func (s *store) GetServiceByServiceID(ctx context.Context, cloudIntegrationID valuer.UUID, serviceID cloudintegrationtypes.ServiceID) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	service := new(cloudintegrationtypes.StorableCloudIntegrationService)
+	err := s.store.BunDBCtx(ctx).NewSelect().Model(service).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Where("type = ?", serviceID).
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationServiceNotFound, "cloud integration service with id %s not found", serviceID)
+	}
+	return service, nil
+}
+
+func (s *store) ListServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	var services []*cloudintegrationtypes.StorableCloudIntegrationService
+	err := s.store.BunDBCtx(ctx).NewSelect().Model(&services).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return services, nil
+}
+
+func (s *store) CreateService(ctx context.Context, service *cloudintegrationtypes.StorableCloudIntegrationService) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(service).Exec(ctx)
+	if err != nil {
+		return nil, s.store.WrapAlreadyExistsErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationServiceAlreadyExists, "cloud integration service with id %s already exists for integration account", service.Type)
+	}
+
+	return service, nil
+}
+
+func (s *store) UpdateService(ctx context.Context, service *cloudintegrationtypes.StorableCloudIntegrationService) error {
+	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model(service).
+		WherePK().
+		Where("cloud_integration_id = ?", service.CloudIntegrationID).
+		Where("type = ?", service.Type).
+		Exec(ctx)
+	return err
+}

pkg/signoz/handler.go

@@ -12,6 +12,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/modules/apdex"
 	"github.com/SigNoz/signoz/pkg/modules/apdex/implapdex"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/fields"
@@ -38,23 +40,24 @@ import (
 )
 
 type Handlers struct {
-	SavedView             savedview.Handler
-	Apdex                 apdex.Handler
-	Dashboard             dashboard.Handler
-	QuickFilter           quickfilter.Handler
-	TraceFunnel           tracefunnel.Handler
-	RawDataExport         rawdataexport.Handler
-	SpanPercentile        spanpercentile.Handler
-	Services              services.Handler
-	MetricsExplorer       metricsexplorer.Handler
-	Global                global.Handler
-	FlaggerHandler        flagger.Handler
-	GatewayHandler        gateway.Handler
-	Fields                fields.Handler
-	AuthzHandler          authz.Handler
-	ZeusHandler           zeus.Handler
-	QuerierHandler        querier.Handler
-	ServiceAccountHandler serviceaccount.Handler
+	SavedView               savedview.Handler
+	Apdex                   apdex.Handler
+	Dashboard               dashboard.Handler
+	QuickFilter             quickfilter.Handler
+	TraceFunnel             tracefunnel.Handler
+	RawDataExport           rawdataexport.Handler
+	SpanPercentile          spanpercentile.Handler
+	Services                services.Handler
+	MetricsExplorer         metricsexplorer.Handler
+	Global                  global.Handler
+	FlaggerHandler          flagger.Handler
+	GatewayHandler          gateway.Handler
+	Fields                  fields.Handler
+	AuthzHandler            authz.Handler
+	ZeusHandler             zeus.Handler
+	QuerierHandler          querier.Handler
+	ServiceAccountHandler   serviceaccount.Handler
+	CloudIntegrationHandler cloudintegration.Handler
 }
 
 func NewHandlers(
@@ -71,22 +74,23 @@ func NewHandlers(
 	zeusService zeus.Zeus,
 ) Handlers {
 	return Handlers{
-		SavedView:             implsavedview.NewHandler(modules.SavedView),
-		Apdex:                 implapdex.NewHandler(modules.Apdex),
-		Dashboard:             impldashboard.NewHandler(modules.Dashboard, providerSettings),
-		QuickFilter:           implquickfilter.NewHandler(modules.QuickFilter),
-		TraceFunnel:           impltracefunnel.NewHandler(modules.TraceFunnel),
-		RawDataExport:         implrawdataexport.NewHandler(modules.RawDataExport),
-		Services:              implservices.NewHandler(modules.Services),
-		MetricsExplorer:       implmetricsexplorer.NewHandler(modules.MetricsExplorer),
-		SpanPercentile:        implspanpercentile.NewHandler(modules.SpanPercentile),
-		Global:                signozglobal.NewHandler(global),
-		FlaggerHandler:        flagger.NewHandler(flaggerService),
-		GatewayHandler:        gateway.NewHandler(gatewayService),
-		Fields:                implfields.NewHandler(providerSettings, telemetryMetadataStore),
-		AuthzHandler:          signozauthzapi.NewHandler(authz),
-		ZeusHandler:           zeus.NewHandler(zeusService, licensing),
-		QuerierHandler:        querierHandler,
-		ServiceAccountHandler: implserviceaccount.NewHandler(modules.ServiceAccount),
+		SavedView:               implsavedview.NewHandler(modules.SavedView),
+		Apdex:                   implapdex.NewHandler(modules.Apdex),
+		Dashboard:               impldashboard.NewHandler(modules.Dashboard, providerSettings),
+		QuickFilter:             implquickfilter.NewHandler(modules.QuickFilter),
+		TraceFunnel:             impltracefunnel.NewHandler(modules.TraceFunnel),
+		RawDataExport:           implrawdataexport.NewHandler(modules.RawDataExport),
+		Services:                implservices.NewHandler(modules.Services),
+		MetricsExplorer:         implmetricsexplorer.NewHandler(modules.MetricsExplorer),
+		SpanPercentile:          implspanpercentile.NewHandler(modules.SpanPercentile),
+		Global:                  signozglobal.NewHandler(global),
+		FlaggerHandler:          flagger.NewHandler(flaggerService),
+		GatewayHandler:          gateway.NewHandler(gatewayService),
+		Fields:                  implfields.NewHandler(providerSettings, telemetryMetadataStore),
+		AuthzHandler:            signozauthzapi.NewHandler(authz),
+		ZeusHandler:             zeus.NewHandler(zeusService, licensing),
+		QuerierHandler:          querierHandler,
+		ServiceAccountHandler:   implserviceaccount.NewHandler(modules.ServiceAccount),
+		CloudIntegrationHandler: implcloudintegration.NewHandler(),
 	}
 }

pkg/signoz/openapi.go

@@ -16,6 +16,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/fields"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
@@ -61,6 +62,7 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 		struct{ zeus.Handler }{},
 		struct{ querier.Handler }{},
 		struct{ serviceaccount.Handler }{},
+		struct{ cloudintegration.Handler }{},
 	).New(ctx, instrumentation.ToProviderSettings(), apiserver.Config{})
 	if err != nil {
 		return nil, err

pkg/signoz/provider.go

@@ -265,6 +265,7 @@ func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.Au
 			handlers.ZeusHandler,
 			handlers.QuerierHandler,
 			handlers.ServiceAccountHandler,
+			handlers.CloudIntegrationHandler,
 		),
 	)
 }

pkg/types/cloudintegrationtypes/account.go

@@ -10,34 +10,35 @@ import (
 type Account struct {
 	types.Identifiable
 	types.TimeAuditable
-	ProviderAccountId *string           `json:"providerAccountID,omitempty"`
-	Provider          CloudProviderType `json:"provider"`
-	RemovedAt         *time.Time        `json:"removedAt,omitempty"`
-	AgentReport       *AgentReport      `json:"agentReport,omitempty"`
-	OrgID             valuer.UUID       `json:"orgID"`
-	Config            *AccountConfig    `json:"config,omitempty"`
+	ProviderAccountID *string           `json:"providerAccountId" required:"true" nullable:"true"`
+	Provider          CloudProviderType `json:"provider" required:"true"`
+	RemovedAt         *time.Time        `json:"removedAt,omitempty" required:"true" nullable:"true"`
+	AgentReport       *AgentReport      `json:"agentReport,omitempty" required:"true" nullable:"true"`
+	OrgID             valuer.UUID       `json:"orgId" required:"true"`
+	Config            *AccountConfig    `json:"config,omitempty" required:"true" nullable:"false"`
 }
 
 // AgentReport represents heartbeats sent by the agent.
 type AgentReport struct {
-	TimestampMillis int64          `json:"timestampMillis"`
-	Data            map[string]any `json:"data"`
+	TimestampMillis int64          `json:"timestampMillis" required:"true"`
+	Data            map[string]any `json:"data" required:"true" nullable:"true"`
+}
+
+type AccountConfig struct {
+	// required till new providers are added
+	AWS *AWSAccountConfig `json:"aws,omitempty" required:"true" nullable:"false"`
 }
 
 type GettableAccounts struct {
-	Accounts []*Account `json:"accounts"`
+	Accounts []*Account `json:"accounts" required:"true" nullable:"false"`
 }
 
 type GettableAccount = Account
 
 type UpdatableAccount struct {
-	Config *AccountConfig `json:"config"`
-}
-
-type AccountConfig struct {
-	AWS *AWSAccountConfig `json:"aws,omitempty"`
+	Config *AccountConfig `json:"config" required:"true" nullable:"false"`
 }
 
 type AWSAccountConfig struct {
-	Regions []string `json:"regions"`
+	Regions []string `json:"regions" required:"true" nullable:"false"`
 }

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -13,7 +13,10 @@ import (
 )
 
 var (
-	ErrCodeCloudIntegrationNotFound = errors.MustNewCode("cloud_integration_not_found")
+	ErrCodeCloudIntegrationNotFound             = errors.MustNewCode("cloud_integration_not_found")
+	ErrCodeCloudIntegrationAlreadyExists        = errors.MustNewCode("cloud_integration_already_exists")
+	ErrCodeCloudIntegrationServiceNotFound      = errors.MustNewCode("cloud_integration_service_not_found")
+	ErrCodeCloudIntegrationServiceAlreadyExists = errors.MustNewCode("cloud_integration_service_already_exists")
 )
 
 // StorableCloudIntegration represents a cloud integration stored in the database.

pkg/types/cloudintegrationtypes/connection.go

@@ -1,88 +1,74 @@
 package cloudintegrationtypes
 
-import "github.com/SigNoz/signoz/pkg/types/integrationtypes"
+import "time"
 
 type ConnectionArtifactRequest struct {
-	Aws *AWSConnectionArtifactRequest `json:"aws"`
+	// required till new providers are added
+	Aws *AWSConnectionArtifactRequest `json:"aws" required:"true" nullable:"false"`
 }
 
 type AWSConnectionArtifactRequest struct {
-	DeploymentRegion string   `json:"deploymentRegion"`
-	Regions          []string `json:"regions"`
+	DeploymentRegion string   `json:"deploymentRegion" required:"true"`
+	Regions          []string `json:"regions" required:"true" nullable:"false"`
 }
 
 type PostableConnectionArtifact = ConnectionArtifactRequest
 
 type ConnectionArtifact struct {
-	Aws *AWSConnectionArtifact `json:"aws"`
+	// required till new providers are added
+	Aws *AWSConnectionArtifact `json:"aws" required:"true" nullable:"false"`
 }
 
 type AWSConnectionArtifact struct {
-	ConnectionUrl string `json:"connectionURL"`
+	ConnectionURL string `json:"connectionURL" required:"true"`
 }
 
 type GettableConnectionArtifact = ConnectionArtifact
 
-type AccountStatus struct {
-	Id                string                         `json:"id"`
-	ProviderAccountId *string                        `json:"providerAccountID,omitempty"`
-	Status            integrationtypes.AccountStatus `json:"status"`
-}
-
-type GettableAccountStatus = AccountStatus
-
 type AgentCheckInRequest struct {
-	// older backward compatible fields are mapped to new fields
-	// CloudIntegrationId string `json:"cloudIntegrationId"`
-	// AccountId          string `json:"accountId"`
+	ProviderAccountID  string `json:"providerAccountId" required:"false"`
+	CloudIntegrationID string `json:"cloudIntegrationId" required:"false"`
 
-	// New fields
-	ProviderAccountId string `json:"providerAccountId"`
-	CloudAccountId    string `json:"cloudAccountId"`
-
-	Data map[string]any `json:"data,omitempty"`
+	Data map[string]any `json:"data,omitempty" required:"true" nullable:"true"`
 }
 
 type PostableAgentCheckInRequest struct {
 	AgentCheckInRequest
 	// following are backward compatible fields for older running agents
 	// which gets mapped to new fields in AgentCheckInRequest
-	CloudIntegrationId string `json:"cloud_integration_id"`
-	CloudAccountId     string `json:"cloud_account_id"`
-}
-
-type GettableAgentCheckInResponse struct {
-	AgentCheckInResponse
-
-	// For backward compatibility
-	CloudIntegrationId string `json:"cloud_integration_id"`
-	AccountId          string `json:"account_id"`
+	ID        string `json:"account_id" required:"false"`       // => CloudIntegrationID
+	AccountID string `json:"cloud_account_id" required:"false"` // => ProviderAccountID
 }
 
 type AgentCheckInResponse struct {
-	// Older fields for backward compatibility are mapped to new fields below
-	// CloudIntegrationId string `json:"cloud_integration_id"`
-	// AccountId          string `json:"account_id"`
-
-	// New fields
-	ProviderAccountId string `json:"providerAccountId"`
-	CloudAccountId    string `json:"cloudAccountId"`
-
-	// IntegrationConfig populates data related to integration that is required for an agent
-	// to start collecting telemetry data
-	// keeping JSON key snake_case for backward compatibility
-	IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty"`
+	CloudIntegrationID string                     `json:"cloudIntegrationId" required:"true"`
+	ProviderAccountID  string                     `json:"providerAccountId" required:"true"`
+	IntegrationConfig  *ProviderIntegrationConfig `json:"integrationConfig" required:"true"`
+	RemovedAt          *time.Time                 `json:"removedAt" required:"true" nullable:"true"`
 }
 
-type IntegrationConfig struct {
-	EnabledRegions []string               `json:"enabledRegions"`      // backward compatible
-	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"` // backward compatible
+type GettableAgentCheckInResponse struct {
+	// Older fields for backward compatibility with existing AWS agents
+	AccountID              string             `json:"account_id" required:"true"`
+	CloudAccountID         string             `json:"cloud_account_id" required:"true"`
+	OlderIntegrationConfig *IntegrationConfig `json:"integration_config" required:"true" nullable:"true"`
+	OlderRemovedAt         *time.Time         `json:"removed_at" required:"true" nullable:"true"`
 
-	// new fields
-	AWS *AWSIntegrationConfig `json:"aws,omitempty"`
+	AgentCheckInResponse
+}
+
+// IntegrationConfig older integration config struct for backward compatibility,
+// this will be eventually removed once agents are updated to use new struct.
+type IntegrationConfig struct {
+	EnabledRegions []string               `json:"enabledRegions" required:"true" nullable:"false"`      // backward compatible
+	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty" required:"true" nullable:"false"` // backward compatible
+}
+
+type ProviderIntegrationConfig struct {
+	AWS *AWSIntegrationConfig `json:"aws,omitempty" required:"true" nullable:"false"`
 }
 
 type AWSIntegrationConfig struct {
-	EnabledRegions []string               `json:"enabledRegions"`
-	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"`
+	EnabledRegions []string               `json:"enabledRegions" required:"true" nullable:"false"`
+	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty" required:"true" nullable:"false"`
 }

pkg/types/cloudintegrationtypes/service.go

@@ -11,19 +11,20 @@ import (
 )
 
 var (
-	S3Sync = valuer.NewString("s3sync")
-	// ErrCodeInvalidServiceID is the error code for invalid service id.
 	ErrCodeInvalidServiceID = errors.MustNewCode("invalid_service_id")
 )
 
-type ServiceID struct{ valuer.String }
-
 type CloudIntegrationService struct {
 	types.Identifiable
 	types.TimeAuditable
 	Type               ServiceID      `json:"type"`
 	Config             *ServiceConfig `json:"config"`
-	CloudIntegrationID valuer.UUID    `json:"cloudIntegrationID"`
+	CloudIntegrationID valuer.UUID    `json:"cloudIntegrationId"`
+}
+
+type ServiceConfig struct {
+	// required till new providers are added
+	AWS *AWSServiceConfig `json:"aws,omitempty" required:"true" nullable:"false"`
 }
 
 // ServiceMetadata helps to quickly list available services and whether it is enabled or not.
@@ -32,26 +33,56 @@ type CloudIntegrationService struct {
 type ServiceMetadata struct {
 	ServiceDefinitionMetadata
 	// if the service is enabled for the account
-	Enabled bool `json:"enabled"`
+	Enabled bool `json:"enabled" required:"true"`
+}
+
+// ServiceDefinitionMetadata represents service definition metadata. This is useful for showing service tab in frontend.
+type ServiceDefinitionMetadata struct {
+	Id    string `json:"id" required:"true"`
+	Title string `json:"title" required:"true"`
+	Icon  string `json:"icon" required:"true"`
 }
 
 type GettableServicesMetadata struct {
-	Services []*ServiceMetadata `json:"services"`
+	Services []*ServiceMetadata `json:"services" required:"true" nullable:"false"`
 }
 
 type Service struct {
 	ServiceDefinition
-	ServiceConfig *ServiceConfig `json:"serviceConfig"`
+	ServiceConfig *ServiceConfig `json:"serviceConfig" required:"false" nullable:"false"`
 }
 
 type GettableService = Service
 
 type UpdatableService struct {
-	Config *ServiceConfig `json:"config"`
+	Config *ServiceConfig `json:"config" required:"true" nullable:"false"`
 }
 
-type ServiceConfig struct {
-	AWS *AWSServiceConfig `json:"aws,omitempty"`
+type ServiceDefinition struct {
+	ServiceDefinitionMetadata
+	Overview         string              `json:"overview" required:"true"` // markdown
+	Assets           Assets              `json:"assets" required:"true"`
+	SupportedSignals SupportedSignals    `json:"supported_signals" required:"true"`
+	DataCollected    DataCollected       `json:"dataCollected" required:"true"`
+	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy" required:"true" nullable:"false"`
+}
+
+// SupportedSignals for cloud provider's service.
+type SupportedSignals struct {
+	Logs    bool `json:"logs"`
+	Metrics bool `json:"metrics"`
+}
+
+// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
+type DataCollected struct {
+	Logs    []CollectedLogAttribute `json:"logs"`
+	Metrics []CollectedMetric       `json:"metrics"`
+}
+
+// CollectionStrategy is cloud provider specific configuration for signal collection,
+// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
+type CollectionStrategy struct {
+	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
 }
 
 type AWSServiceConfig struct {
@@ -70,45 +101,11 @@ type AWSServiceMetricsConfig struct {
 	Enabled bool `json:"enabled"`
 }
 
-// ServiceDefinitionMetadata represents service definition metadata. This is useful for showing service tab in frontend.
-type ServiceDefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-type ServiceDefinition struct {
-	ServiceDefinitionMetadata
-	Overview         string              `json:"overview"` // markdown
-	Assets           Assets              `json:"assets"`
-	SupportedSignals SupportedSignals    `json:"supported_signals"`
-	DataCollected    DataCollected       `json:"dataCollected"`
-	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy"`
-}
-
-// CollectionStrategy is cloud provider specific configuration for signal collection,
-// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
-type CollectionStrategy struct {
-	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
-}
-
 // Assets represents the collection of dashboards.
 type Assets struct {
 	Dashboards []Dashboard `json:"dashboards"`
 }
 
-// SupportedSignals for cloud provider's service.
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
 // CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
 // this is shown as part of service overview.
 type CollectedLogAttribute struct {
@@ -175,39 +172,6 @@ type Dashboard struct {
 	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
 }
 
-// SupportedServices is the map of supported services for each cloud provider.
-var SupportedServices = map[CloudProviderType][]ServiceID{
-	CloudProviderTypeAWS: {
-		{valuer.NewString("alb")},
-		{valuer.NewString("api-gateway")},
-		{valuer.NewString("dynamodb")},
-		{valuer.NewString("ec2")},
-		{valuer.NewString("ecs")},
-		{valuer.NewString("eks")},
-		{valuer.NewString("elasticache")},
-		{valuer.NewString("lambda")},
-		{valuer.NewString("msk")},
-		{valuer.NewString("rds")},
-		{valuer.NewString("s3sync")},
-		{valuer.NewString("sns")},
-		{valuer.NewString("sqs")},
-	},
-}
-
-// NewServiceID returns a new ServiceID from a string, validated against the supported services for the given cloud provider.
-func NewServiceID(provider CloudProviderType, service string) (ServiceID, error) {
-	services, ok := SupportedServices[provider]
-	if !ok {
-		return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "no services defined for cloud provider: %s", provider)
-	}
-	for _, s := range services {
-		if s.StringValue() == service {
-			return s, nil
-		}
-	}
-	return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "invalid service id %q for cloud provider %s", service, provider)
-}
-
 // UTILS
 
 // GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.

pkg/types/cloudintegrationtypes/serviceid.go

@@ -0,0 +1,75 @@
+package cloudintegrationtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type ServiceID struct{ valuer.String }
+
+var (
+	AWSServiceALB         = ServiceID{valuer.NewString("alb")}
+	AWSServiceAPIGateway  = ServiceID{valuer.NewString("api-gateway")}
+	AWSServiceDynamoDB    = ServiceID{valuer.NewString("dynamodb")}
+	AWSServiceEC2         = ServiceID{valuer.NewString("ec2")}
+	AWSServiceECS         = ServiceID{valuer.NewString("ecs")}
+	AWSServiceEKS         = ServiceID{valuer.NewString("eks")}
+	AWSServiceElastiCache = ServiceID{valuer.NewString("elasticache")}
+	AWSServiceLambda      = ServiceID{valuer.NewString("lambda")}
+	AWSServiceMSK         = ServiceID{valuer.NewString("msk")}
+	AWSServiceRDS         = ServiceID{valuer.NewString("rds")}
+	AWSServiceS3Sync      = ServiceID{valuer.NewString("s3sync")}
+	AWSServiceSNS         = ServiceID{valuer.NewString("sns")}
+	AWSServiceSQS         = ServiceID{valuer.NewString("sqs")}
+)
+
+func (ServiceID) Enum() []any {
+	return []any{
+		AWSServiceALB,
+		AWSServiceAPIGateway,
+		AWSServiceDynamoDB,
+		AWSServiceEC2,
+		AWSServiceECS,
+		AWSServiceEKS,
+		AWSServiceElastiCache,
+		AWSServiceLambda,
+		AWSServiceMSK,
+		AWSServiceRDS,
+		AWSServiceS3Sync,
+		AWSServiceSNS,
+		AWSServiceSQS,
+	}
+}
+
+// SupportedServices is the map of supported services for each cloud provider.
+var SupportedServices = map[CloudProviderType][]ServiceID{
+	CloudProviderTypeAWS: {
+		AWSServiceALB,
+		AWSServiceAPIGateway,
+		AWSServiceDynamoDB,
+		AWSServiceEC2,
+		AWSServiceECS,
+		AWSServiceEKS,
+		AWSServiceElastiCache,
+		AWSServiceLambda,
+		AWSServiceMSK,
+		AWSServiceRDS,
+		AWSServiceS3Sync,
+		AWSServiceSNS,
+		AWSServiceSQS,
+	},
+}
+
+// NewServiceID returns a new ServiceID from a string, validated against the supported services for the given cloud provider.
+func NewServiceID(provider CloudProviderType, service string) (ServiceID, error) {
+	services, ok := SupportedServices[provider]
+	if !ok {
+		return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "no services defined for cloud provider: %s", provider)
+	}
+	for _, s := range services {
+		if s.StringValue() == service {
+			return s, nil
+		}
+	}
+	return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "invalid service id %q for cloud provider %s", service, provider)
+}

pkg/types/cloudintegrationtypes/store.go

@@ -10,6 +10,12 @@ type Store interface {
 	// GetAccountByID returns a cloud integration account by id
 	GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) (*StorableCloudIntegration, error)
 
+	// GetConnectedAccount for a given provider
+	GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider CloudProviderType, providerAccountID string) (*StorableCloudIntegration, error)
+
+	// ListConnectedAccounts returns all the cloud integration accounts for the org and cloud provider
+	ListConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider CloudProviderType) ([]*StorableCloudIntegration, error)
+
 	// CreateAccount creates a new cloud integration account
 	CreateAccount(ctx context.Context, account *StorableCloudIntegration) (*StorableCloudIntegration, error)
 
@@ -19,23 +25,17 @@ type Store interface {
 	// RemoveAccount marks a cloud integration account as removed by setting the RemovedAt field
 	RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) error
 
-	// ListConnectedAccounts returns all the cloud integration accounts for the org and cloud provider
-	ListConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider CloudProviderType) ([]*StorableCloudIntegration, error)
-
-	// GetConnectedAccount for a given provider
-	GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider CloudProviderType, providerAccountID string) (*StorableCloudIntegration, error)
-
 	// cloud_integration_service related methods
 
 	// GetServiceByServiceID returns the cloud integration service for the given cloud integration id and service id
 	GetServiceByServiceID(ctx context.Context, cloudIntegrationID valuer.UUID, serviceID ServiceID) (*StorableCloudIntegrationService, error)
 
+	// ListServices returns all the cloud integration services for the given cloud integration id
+	ListServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*StorableCloudIntegrationService, error)
+
 	// CreateService creates a new cloud integration service
 	CreateService(ctx context.Context, service *StorableCloudIntegrationService) (*StorableCloudIntegrationService, error)
 
 	// UpdateService updates an existing cloud integration service
 	UpdateService(ctx context.Context, service *StorableCloudIntegrationService) error
-
-	// ListServices returns all the cloud integration services for the given cloud integration id
-	ListServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*StorableCloudIntegrationService, error)
 }