fix: enrich unspecified fields in logs pipelines filters (#10686)

* fix: enrich unspecified fields

* fix: return error in enrich function

* chore: nit change asked

conf/example.yaml

@@ -144,6 +144,8 @@ telemetrystore:
 
 ##################### Prometheus #####################
 prometheus:
+  # The maximum time a PromQL query is allowed to run before being aborted.
+  timeout: 2m
   active_query_tracker:
     # Whether to enable the active query tracker.
     enabled: true

docs/api/openapi.yml

@@ -342,34 +342,6 @@ components:
         config:
           $ref: '#/components/schemas/AuthtypesAuthDomainConfig'
       type: object
-    AuthtypesUserWithRoles:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        displayName:
-          type: string
-        email:
-          type: string
-        id:
-          type: string
-        isRoot:
-          type: boolean
-        orgId:
-          type: string
-        roles:
-          items:
-            $ref: '#/components/schemas/AuthtypesRole'
-          nullable: true
-          type: array
-        status:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-      required:
-      - id
-      type: object
     CloudintegrationtypesAWSAccountConfig:
       properties:
         regions:
@@ -2675,25 +2647,6 @@ components:
       required:
       - id
       type: object
-    TypesUpdatableSelfUser:
-      properties:
-        displayName:
-          type: string
-      required:
-      - displayName
-      type: object
-    TypesUpdatableUser:
-      properties:
-        displayName:
-          type: string
-        roleNames:
-          items:
-            type: string
-          type: array
-      required:
-      - displayName
-      - roleNames
-      type: object
     TypesUser:
       properties:
         createdAt:
@@ -7828,66 +7781,6 @@ paths:
       summary: Readiness check
       tags:
       - health
-  /api/v2/roles/{id}/users:
-    get:
-      deprecated: false
-      description: This endpoint returns the users having the role by role id
-      operationId: GetUsersByRoleID
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/TypesUser'
-                    type: array
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Get users by role id
-      tags:
-      - users
   /api/v2/sessions:
     delete:
       deprecated: false
@@ -8046,306 +7939,6 @@ paths:
       summary: Rotate session
       tags:
       - sessions
-  /api/v2/users:
-    get:
-      deprecated: false
-      description: This endpoint lists all users for the organization
-      operationId: ListUsersV2
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/TypesUser'
-                    type: array
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: List users v2
-      tags:
-      - users
-  /api/v2/users/{id}:
-    get:
-      deprecated: false
-      description: This endpoint returns the user by id
-      operationId: GetUserV2
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/TypesUser'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Get user by user id
-      tags:
-      - users
-    put:
-      deprecated: false
-      description: This endpoint updates the user by id
-      operationId: UpdateUserV2
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TypesUpdatableUser'
-      responses:
-        "204":
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Update user v2
-      tags:
-      - users
-  /api/v2/users/{id}/roles:
-    get:
-      deprecated: false
-      description: This endpoint returns the user roles by user id
-      operationId: GetUserRoles
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/AuthtypesRole'
-                    type: array
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Get user roles
-      tags:
-      - users
-  /api/v2/users/me:
-    get:
-      deprecated: false
-      description: This endpoint returns the user I belong to
-      operationId: GetMyUserV2
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/AuthtypesUserWithRoles'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - tokenizer: []
-      summary: Get my user v2
-      tags:
-      - users
-    put:
-      deprecated: false
-      description: This endpoint updates the user I belong to
-      operationId: UpdateMyUserV2
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TypesUpdatableSelfUser'
-      responses:
-        "204":
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - tokenizer: []
-      summary: Update my user v2
-      tags:
-      - users
   /api/v2/zeus/hosts:
     get:
       deprecated: false

ee/query-service/app/server.go

@@ -136,6 +136,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
 		signoz.SQLStore,
 		integrationsController.GetPipelinesForInstalledIntegrations,
+		reader,
 	)
 	if err != nil {
 		return nil, err

ee/query-service/rules/manager_test.go

@@ -257,7 +257,7 @@ func TestManager_TestNotification_SendUnmatched_PromRule(t *testing.T) {
 						WillReturnRows(samplesRows)
 
 					// Create Prometheus provider for this test
-					promProvider = prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, store)
+					promProvider = prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, store)
 				},
 				ManagerOptionsHook: func(opts *rules.ManagerOptions) {
 					// Set Prometheus provider for PromQL queries

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -437,48 +437,6 @@ export interface AuthtypesUpdateableAuthDomainDTO {
 	config?: AuthtypesAuthDomainConfigDTO;
 }
 
-export interface AuthtypesUserWithRolesDTO {
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	displayName?: string;
-	/**
-	 * @type string
-	 */
-	email?: string;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type boolean
-	 */
-	isRoot?: boolean;
-	/**
-	 * @type string
-	 */
-	orgId?: string;
-	/**
-	 * @type array
-	 * @nullable true
-	 */
-	roles?: AuthtypesRoleDTO[] | null;
-	/**
-	 * @type string
-	 */
-	status?: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-}
-
 export interface CloudintegrationtypesAWSAccountConfigDTO {
 	/**
 	 * @type array
@@ -3186,24 +3144,6 @@ export interface TypesStorableAPIKeyDTO {
 	userId?: string;
 }
 
-export interface TypesUpdatableSelfUserDTO {
-	/**
-	 * @type string
-	 */
-	displayName: string;
-}
-
-export interface TypesUpdatableUserDTO {
-	/**
-	 * @type string
-	 */
-	displayName: string;
-	/**
-	 * @type array
-	 */
-	roleNames: string[];
-}
-
 export interface TypesUserDTO {
 	/**
 	 * @type string
@@ -4243,20 +4183,6 @@ export type Readyz503 = {
 	status: string;
 };
 
-export type GetUsersByRoleIDPathParameters = {
-	id: string;
-};
-export type GetUsersByRoleID200 = {
-	/**
-	 * @type array
-	 */
-	data: TypesUserDTO[];
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
 export type GetSessionContext200 = {
 	data: AuthtypesSessionContextDTO;
 	/**
@@ -4281,53 +4207,6 @@ export type RotateSession200 = {
 	status: string;
 };
 
-export type ListUsersV2200 = {
-	/**
-	 * @type array
-	 */
-	data: TypesUserDTO[];
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type GetUserV2PathParameters = {
-	id: string;
-};
-export type GetUserV2200 = {
-	data: TypesUserDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type UpdateUserV2PathParameters = {
-	id: string;
-};
-export type GetUserRolesPathParameters = {
-	id: string;
-};
-export type GetUserRoles200 = {
-	/**
-	 * @type array
-	 */
-	data: AuthtypesRoleDTO[];
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type GetMyUserV2200 = {
-	data: AuthtypesUserWithRolesDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
 export type GetHosts200 = {
 	data: ZeustypesGettableHostDTO;
 	/**

frontend/src/api/generated/services/users/index.ts

@@ -25,20 +25,12 @@ import type {
 	CreateInvite201,
 	DeleteUserPathParameters,
 	GetMyUser200,
-	GetMyUserV2200,
 	GetResetPasswordToken200,
 	GetResetPasswordTokenPathParameters,
 	GetUser200,
 	GetUserPathParameters,
-	GetUserRoles200,
-	GetUserRolesPathParameters,
-	GetUsersByRoleID200,
-	GetUsersByRoleIDPathParameters,
-	GetUserV2PathParameters,
-	GetUserV2200,
 	ListAPIKeys200,
 	ListUsers200,
-	ListUsersV2200,
 	RenderErrorResponseDTO,
 	RevokeAPIKeyPathParameters,
 	TypesChangePasswordRequestDTO,
@@ -49,12 +41,9 @@ import type {
 	TypesPostableInviteDTO,
 	TypesPostableResetPasswordDTO,
 	TypesStorableAPIKeyDTO,
-	TypesUpdatableSelfUserDTO,
-	TypesUpdatableUserDTO,
 	UpdateAPIKeyPathParameters,
 	UpdateUser200,
 	UpdateUserPathParameters,
-	UpdateUserV2PathParameters,
 } from '../sigNoz.schemas';
 
 /**
@@ -1356,648 +1345,3 @@ export const useForgotPassword = <
 
 	return useMutation(mutationOptions);
 };
-/**
- * This endpoint returns the users having the role by role id
- * @summary Get users by role id
- */
-export const getUsersByRoleID = (
-	{ id }: GetUsersByRoleIDPathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetUsersByRoleID200>({
-		url: `/api/v2/roles/${id}/users`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetUsersByRoleIDQueryKey = ({
-	id,
-}: GetUsersByRoleIDPathParameters) => {
-	return [`/api/v2/roles/${id}/users`] as const;
-};
-
-export const getGetUsersByRoleIDQueryOptions = <
-	TData = Awaited<ReturnType<typeof getUsersByRoleID>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetUsersByRoleIDPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getUsersByRoleID>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getGetUsersByRoleIDQueryKey({ id });
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof getUsersByRoleID>>> = ({
-		signal,
-	}) => getUsersByRoleID({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getUsersByRoleID>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetUsersByRoleIDQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getUsersByRoleID>>
->;
-export type GetUsersByRoleIDQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get users by role id
- */
-
-export function useGetUsersByRoleID<
-	TData = Awaited<ReturnType<typeof getUsersByRoleID>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetUsersByRoleIDPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getUsersByRoleID>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetUsersByRoleIDQueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get users by role id
- */
-export const invalidateGetUsersByRoleID = async (
-	queryClient: QueryClient,
-	{ id }: GetUsersByRoleIDPathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetUsersByRoleIDQueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint lists all users for the organization
- * @summary List users v2
- */
-export const listUsersV2 = (signal?: AbortSignal) => {
-	return GeneratedAPIInstance<ListUsersV2200>({
-		url: `/api/v2/users`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getListUsersV2QueryKey = () => {
-	return [`/api/v2/users`] as const;
-};
-
-export const getListUsersV2QueryOptions = <
-	TData = Awaited<ReturnType<typeof listUsersV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof listUsersV2>>,
-		TError,
-		TData
-	>;
-}) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getListUsersV2QueryKey();
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof listUsersV2>>> = ({
-		signal,
-	}) => listUsersV2(signal);
-
-	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
-		Awaited<ReturnType<typeof listUsersV2>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type ListUsersV2QueryResult = NonNullable<
-	Awaited<ReturnType<typeof listUsersV2>>
->;
-export type ListUsersV2QueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List users v2
- */
-
-export function useListUsersV2<
-	TData = Awaited<ReturnType<typeof listUsersV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof listUsersV2>>,
-		TError,
-		TData
-	>;
-}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getListUsersV2QueryOptions(options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary List users v2
- */
-export const invalidateListUsersV2 = async (
-	queryClient: QueryClient,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getListUsersV2QueryKey() },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint returns the user by id
- * @summary Get user by user id
- */
-export const getUserV2 = (
-	{ id }: GetUserV2PathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetUserV2200>({
-		url: `/api/v2/users/${id}`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetUserV2QueryKey = ({ id }: GetUserV2PathParameters) => {
-	return [`/api/v2/users/${id}`] as const;
-};
-
-export const getGetUserV2QueryOptions = <
-	TData = Awaited<ReturnType<typeof getUserV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetUserV2PathParameters,
-	options?: {
-		query?: UseQueryOptions<Awaited<ReturnType<typeof getUserV2>>, TError, TData>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getGetUserV2QueryKey({ id });
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof getUserV2>>> = ({
-		signal,
-	}) => getUserV2({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<Awaited<ReturnType<typeof getUserV2>>, TError, TData> & {
-		queryKey: QueryKey;
-	};
-};
-
-export type GetUserV2QueryResult = NonNullable<
-	Awaited<ReturnType<typeof getUserV2>>
->;
-export type GetUserV2QueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get user by user id
- */
-
-export function useGetUserV2<
-	TData = Awaited<ReturnType<typeof getUserV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetUserV2PathParameters,
-	options?: {
-		query?: UseQueryOptions<Awaited<ReturnType<typeof getUserV2>>, TError, TData>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetUserV2QueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get user by user id
- */
-export const invalidateGetUserV2 = async (
-	queryClient: QueryClient,
-	{ id }: GetUserV2PathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetUserV2QueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint updates the user by id
- * @summary Update user v2
- */
-export const updateUserV2 = (
-	{ id }: UpdateUserV2PathParameters,
-	typesUpdatableUserDTO: BodyType<TypesUpdatableUserDTO>,
-) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v2/users/${id}`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: typesUpdatableUserDTO,
-	});
-};
-
-export const getUpdateUserV2MutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateUserV2>>,
-		TError,
-		{
-			pathParams: UpdateUserV2PathParameters;
-			data: BodyType<TypesUpdatableUserDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateUserV2>>,
-	TError,
-	{
-		pathParams: UpdateUserV2PathParameters;
-		data: BodyType<TypesUpdatableUserDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateUserV2'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateUserV2>>,
-		{
-			pathParams: UpdateUserV2PathParameters;
-			data: BodyType<TypesUpdatableUserDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateUserV2(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateUserV2MutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateUserV2>>
->;
-export type UpdateUserV2MutationBody = BodyType<TypesUpdatableUserDTO>;
-export type UpdateUserV2MutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Update user v2
- */
-export const useUpdateUserV2 = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateUserV2>>,
-		TError,
-		{
-			pathParams: UpdateUserV2PathParameters;
-			data: BodyType<TypesUpdatableUserDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateUserV2>>,
-	TError,
-	{
-		pathParams: UpdateUserV2PathParameters;
-		data: BodyType<TypesUpdatableUserDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateUserV2MutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint returns the user roles by user id
- * @summary Get user roles
- */
-export const getUserRoles = (
-	{ id }: GetUserRolesPathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetUserRoles200>({
-		url: `/api/v2/users/${id}/roles`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetUserRolesQueryKey = ({ id }: GetUserRolesPathParameters) => {
-	return [`/api/v2/users/${id}/roles`] as const;
-};
-
-export const getGetUserRolesQueryOptions = <
-	TData = Awaited<ReturnType<typeof getUserRoles>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetUserRolesPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getUserRoles>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getGetUserRolesQueryKey({ id });
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof getUserRoles>>> = ({
-		signal,
-	}) => getUserRoles({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getUserRoles>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetUserRolesQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getUserRoles>>
->;
-export type GetUserRolesQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get user roles
- */
-
-export function useGetUserRoles<
-	TData = Awaited<ReturnType<typeof getUserRoles>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetUserRolesPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getUserRoles>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetUserRolesQueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get user roles
- */
-export const invalidateGetUserRoles = async (
-	queryClient: QueryClient,
-	{ id }: GetUserRolesPathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetUserRolesQueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint returns the user I belong to
- * @summary Get my user v2
- */
-export const getMyUserV2 = (signal?: AbortSignal) => {
-	return GeneratedAPIInstance<GetMyUserV2200>({
-		url: `/api/v2/users/me`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetMyUserV2QueryKey = () => {
-	return [`/api/v2/users/me`] as const;
-};
-
-export const getGetMyUserV2QueryOptions = <
-	TData = Awaited<ReturnType<typeof getMyUserV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof getMyUserV2>>,
-		TError,
-		TData
-	>;
-}) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getGetMyUserV2QueryKey();
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof getMyUserV2>>> = ({
-		signal,
-	}) => getMyUserV2(signal);
-
-	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
-		Awaited<ReturnType<typeof getMyUserV2>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetMyUserV2QueryResult = NonNullable<
-	Awaited<ReturnType<typeof getMyUserV2>>
->;
-export type GetMyUserV2QueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get my user v2
- */
-
-export function useGetMyUserV2<
-	TData = Awaited<ReturnType<typeof getMyUserV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof getMyUserV2>>,
-		TError,
-		TData
-	>;
-}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetMyUserV2QueryOptions(options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get my user v2
- */
-export const invalidateGetMyUserV2 = async (
-	queryClient: QueryClient,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetMyUserV2QueryKey() },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint updates the user I belong to
- * @summary Update my user v2
- */
-export const updateMyUserV2 = (
-	typesUpdatableSelfUserDTO: BodyType<TypesUpdatableSelfUserDTO>,
-) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v2/users/me`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: typesUpdatableSelfUserDTO,
-	});
-};
-
-export const getUpdateMyUserV2MutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateMyUserV2>>,
-		TError,
-		{ data: BodyType<TypesUpdatableSelfUserDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateMyUserV2>>,
-	TError,
-	{ data: BodyType<TypesUpdatableSelfUserDTO> },
-	TContext
-> => {
-	const mutationKey = ['updateMyUserV2'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateMyUserV2>>,
-		{ data: BodyType<TypesUpdatableSelfUserDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return updateMyUserV2(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateMyUserV2MutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateMyUserV2>>
->;
-export type UpdateMyUserV2MutationBody = BodyType<TypesUpdatableSelfUserDTO>;
-export type UpdateMyUserV2MutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Update my user v2
- */
-export const useUpdateMyUserV2 = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateMyUserV2>>,
-		TError,
-		{ data: BodyType<TypesUpdatableSelfUserDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateMyUserV2>>,
-	TError,
-	{ data: BodyType<TypesUpdatableSelfUserDTO> },
-	TContext
-> => {
-	const mutationOptions = getUpdateMyUserV2MutationOptions(options);
-
-	return useMutation(mutationOptions);
-};

pkg/apiserver/signozapiserver/user.go

@@ -111,7 +111,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/user", handler.New(provider.authZ.AdminAccess(provider.userHandler.ListUsersDeprecated), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/user", handler.New(provider.authZ.AdminAccess(provider.userHandler.ListUsers), handler.OpenAPIDef{
 		ID:                  "ListUsers",
 		Tags:                []string{"users"},
 		Summary:             "List users",
@@ -128,24 +128,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users", handler.New(provider.authZ.AdminAccess(provider.userHandler.ListUsers), handler.OpenAPIDef{
-		ID:                  "ListUsersV2",
-		Tags:                []string{"users"},
-		Summary:             "List users v2",
-		Description:         "This endpoint lists all users for the organization",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*types.User, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/user/me", handler.New(provider.authZ.OpenAccess(provider.userHandler.GetMyUserDeprecated), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/user/me", handler.New(provider.authZ.OpenAccess(provider.userHandler.GetMyUser), handler.OpenAPIDef{
 		ID:                  "GetMyUser",
 		Tags:                []string{"users"},
 		Summary:             "Get my user",
@@ -162,41 +145,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users/me", handler.New(provider.authZ.OpenAccess(provider.userHandler.GetMyUser), handler.OpenAPIDef{
-		ID:                  "GetMyUserV2",
-		Tags:                []string{"users"},
-		Summary:             "Get my user v2",
-		Description:         "This endpoint returns the user I belong to",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(authtypes.UserWithRoles),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v2/users/me", handler.New(provider.authZ.OpenAccess(provider.userHandler.UpdateMyUser), handler.OpenAPIDef{
-		ID:                  "UpdateMyUserV2",
-		Tags:                []string{"users"},
-		Summary:             "Update my user v2",
-		Description:         "This endpoint updates the user I belong to",
-		Request:             new(types.UpdatableSelfUser),
-		RequestContentType:  "application/json",
-		Response:            nil,
-		ResponseContentType: "",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/user/{id}", handler.New(provider.authZ.SelfAccess(provider.userHandler.GetUserDeprecated), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/user/{id}", handler.New(provider.authZ.SelfAccess(provider.userHandler.GetUser), handler.OpenAPIDef{
 		ID:                  "GetUser",
 		Tags:                []string{"users"},
 		Summary:             "Get user",
@@ -213,24 +162,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetUser), handler.OpenAPIDef{
-		ID:                  "GetUserV2",
-		Tags:                []string{"users"},
-		Summary:             "Get user by user id",
-		Description:         "This endpoint returns the user by id",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(types.User),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/user/{id}", handler.New(provider.authZ.SelfAccess(provider.userHandler.UpdateUserDeprecated), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/user/{id}", handler.New(provider.authZ.SelfAccess(provider.userHandler.UpdateUser), handler.OpenAPIDef{
 		ID:                  "UpdateUser",
 		Tags:                []string{"users"},
 		Summary:             "Update user",
@@ -247,23 +179,6 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.UpdateUser), handler.OpenAPIDef{
-		ID:                  "UpdateUserV2",
-		Tags:                []string{"users"},
-		Summary:             "Update user v2",
-		Description:         "This endpoint updates the user by id",
-		Request:             new(types.UpdatableUser),
-		RequestContentType:  "application/json",
-		Response:            nil,
-		ResponseContentType: "",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
 	if err := router.Handle("/api/v1/user/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.DeleteUser), handler.OpenAPIDef{
 		ID:                  "DeleteUser",
 		Tags:                []string{"users"},
@@ -349,39 +264,5 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users/{id}/roles", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetUserRoles), handler.OpenAPIDef{
-		ID:                  "GetUserRoles",
-		Tags:                []string{"users"},
-		Summary:             "Get user roles",
-		Description:         "This endpoint returns the user roles by user id",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*authtypes.Role, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v2/roles/{id}/users", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetUsersByRoleID), handler.OpenAPIDef{
-		ID:                  "GetUsersByRoleID",
-		Tags:                []string{"users"},
-		Summary:             "Get users by role id",
-		Description:         "This endpoint returns the users having the role by role id",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*types.User, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
 	return nil
 }

pkg/modules/user/impluser/getter.go

@@ -37,7 +37,7 @@ func (module *getter) GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID)
 	return rootUser, userRoles, nil
 }
 
-func (module *getter) ListByOrgIDDeprecated(ctx context.Context, orgID valuer.UUID) ([]*types.DeprecatedUser, error) {
+func (module *getter) ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*types.DeprecatedUser, error) {
 	users, err := module.store.ListUsersByOrgID(ctx, orgID)
 	if err != nil {
 		return nil, err
@@ -84,23 +84,6 @@ func (module *getter) ListByOrgIDDeprecated(ctx context.Context, orgID valuer.UU
 	return deprecatedUsers, nil
 }
 
-func (module *getter) ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*types.User, error) {
-	users, err := module.store.ListUsersByOrgID(ctx, orgID)
-	if err != nil {
-		return nil, err
-	}
-
-	// filter root users if feature flag `hide_root_users` is true
-	evalCtx := featuretypes.NewFlaggerEvaluationContext(orgID)
-	hideRootUsers := module.flagger.BooleanOrEmpty(ctx, flagger.FeatureHideRootUser, evalCtx)
-
-	if hideRootUsers {
-		users = slices.DeleteFunc(users, func(user *types.User) bool { return user.IsRoot })
-	}
-
-	return users, nil
-}
-
 func (module *getter) GetDeprecatedUserByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.DeprecatedUser, error) {
 	user, err := module.store.GetByOrgIDAndID(ctx, orgID, id)
 	if err != nil {
@@ -116,19 +99,11 @@ func (module *getter) GetDeprecatedUserByOrgIDAndID(ctx context.Context, orgID v
 		return nil, errors.New(errors.TypeUnexpected, authtypes.ErrCodeUserRolesNotFound, "no user roles entries found")
 	}
 
-	if userRoles[0].Role == nil {
-		return nil, errors.New(errors.TypeUnexpected, authtypes.ErrCodeRoleNotFound, "role not found for user role entry")
-	}
-
 	role := authtypes.SigNozManagedRoleToExistingLegacyRole[userRoles[0].Role.Name]
 
 	return types.NewDeprecatedUserFromUserAndRole(user, role), nil
 }
 
-func (module *getter) GetUserByOrgIDAndID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.User, error) {
-	return module.store.GetByOrgIDAndID(ctx, orgID, userID)
-}
-
 func (module *getter) Get(ctx context.Context, id valuer.UUID) (*types.DeprecatedUser, error) {
 	user, err := module.store.GetUser(ctx, id)
 	if err != nil {
@@ -144,10 +119,6 @@ func (module *getter) Get(ctx context.Context, id valuer.UUID) (*types.Deprecate
 		return nil, errors.New(errors.TypeUnexpected, authtypes.ErrCodeUserRolesNotFound, "no user roles entries found")
 	}
 
-	if userRoles[0].Role == nil {
-		return nil, errors.New(errors.TypeUnexpected, authtypes.ErrCodeRoleNotFound, "role not found for user role entry")
-	}
-
 	role := authtypes.SigNozManagedRoleToExistingLegacyRole[userRoles[0].Role.Name]
 
 	return types.NewDeprecatedUserFromUserAndRole(user, role), nil
@@ -209,15 +180,5 @@ func (module *getter) GetUserRoles(ctx context.Context, userID valuer.UUID) ([]*
 		return nil, err
 	}
 
-	for _, ur := range userRoles {
-		if ur.Role == nil {
-			return nil, errors.New(errors.TypeUnexpected, authtypes.ErrCodeRoleNotFound, "role not found for user role entry")
-		}
-	}
-
 	return userRoles, nil
 }
-
-func (module *getter) GetUsersByOrgIDAndRoleID(ctx context.Context, orgID valuer.UUID, roleID valuer.UUID) ([]*types.User, error) {
-	return module.store.GetUsersByOrgIDAndRoleID(ctx, orgID, roleID)
-}

pkg/modules/user/impluser/handler.go

@@ -85,7 +85,7 @@ func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, nil)
 }
 
-func (h *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -106,28 +106,7 @@ func (h *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, user)
 }
 
-func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	userID := mux.Vars(r)["id"]
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusOK, user)
-}
-
-func (h *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -146,85 +125,6 @@ func (h *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, user)
 }
 
-func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	userRoles, err := h.getter.GetUserRoles(ctx, user.ID)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	roles := make([]*authtypes.Role, len(userRoles))
-	for idx, userRole := range userRoles {
-		roles[idx] = authtypes.NewRoleFromStorableRole(userRole.Role)
-	}
-
-	userWithRoles := &authtypes.UserWithRoles{
-		User:  user,
-		Roles: roles,
-	}
-
-	render.Success(w, http.StatusOK, userWithRoles)
-}
-
-func (h *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	updatableSelfUser := new(types.UpdatableSelfUser)
-	if err := json.NewDecoder(r.Body).Decode(&updatableSelfUser); err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	_, err = h.setter.UpdateMyUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), updatableSelfUser)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusNoContent, nil)
-}
-
-func (h *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	users, err := h.getter.ListByOrgIDDeprecated(ctx, valuer.MustNewUUID(claims.OrgID))
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusOK, users)
-}
-
 func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -244,7 +144,7 @@ func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, users)
 }
 
-func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -262,7 +162,7 @@ func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	updatedUser, err := h.setter.UpdateUserDeprecated(ctx, valuer.MustNewUUID(claims.OrgID), id, &user, claims.UserID)
+	updatedUser, err := h.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), id, &user, claims.UserID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -271,33 +171,6 @@ func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, updatedUser)
 }
 
-func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	userID := mux.Vars(r)["id"]
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	updatableUser := new(types.UpdatableUser)
-	if err := json.NewDecoder(r.Body).Decode(&updatableUser); err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	_, err = h.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), updatableUser, valuer.MustNewUUID(claims.UserID))
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusNoContent, nil)
-}
-
 func (h *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -570,56 +443,3 @@ func (h *handler) RevokeAPIKey(w http.ResponseWriter, r *http.Request) {
 
 	render.Success(w, http.StatusNoContent, nil)
 }
-
-func (h *handler) GetUserRoles(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	userID := mux.Vars(r)["id"]
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	userRoles, err := h.getter.GetUserRoles(ctx, user.ID)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	roles := make([]*authtypes.Role, len(userRoles))
-	for idx, userRole := range userRoles {
-		roles[idx] = authtypes.NewRoleFromStorableRole(userRole.Role)
-	}
-
-	render.Success(w, http.StatusOK, roles)
-}
-
-func (h *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	roleID := mux.Vars(r)["id"]
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	users, err := h.getter.GetUsersByOrgIDAndRoleID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(roleID))
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusOK, users)
-}

pkg/modules/user/impluser/service.go

@@ -156,7 +156,9 @@ func (s *service) createOrPromoteRootUser(ctx context.Context, orgID valuer.UUID
 		existingUser.PromoteToRoot()
 
 		err = s.store.RunInTx(ctx, func(ctx context.Context) error {
-			if err := s.setter.UpdateAnyUser(ctx, orgID, existingUser); err != nil {
+			// update users table
+			deprecatedUser := types.NewDeprecatedUserFromUserAndRole(existingUser, types.RoleAdmin)
+			if err := s.setter.UpdateAnyUser(ctx, orgID, deprecatedUser); err != nil {
 				return err
 			}
 
@@ -199,7 +201,8 @@ func (s *service) updateExistingRootUser(ctx context.Context, orgID valuer.UUID,
 
 	if existingRoot.Email != s.config.Email {
 		existingRoot.UpdateEmail(s.config.Email)
-		if err := s.setter.UpdateAnyUser(ctx, orgID, existingRoot); err != nil {
+		deprecatedUser := types.NewDeprecatedUserFromUserAndRole(existingRoot, types.RoleAdmin)
+		if err := s.setter.UpdateAnyUser(ctx, orgID, deprecatedUser); err != nil {
 			return err
 		}
 	}

pkg/modules/user/impluser/setter.go

@@ -220,7 +220,7 @@ func (module *setter) CreateUser(ctx context.Context, user *types.User, opts ...
 	return nil
 }
 
-func (module *setter) UpdateUserDeprecated(ctx context.Context, orgID valuer.UUID, id string, user *types.DeprecatedUser, updatedBy string) (*types.DeprecatedUser, error) {
+func (module *setter) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *types.DeprecatedUser, updatedBy string) (*types.DeprecatedUser, error) {
 	existingUser, err := module.getter.GetDeprecatedUserByOrgIDAndID(ctx, orgID, valuer.MustNewUUID(id))
 	if err != nil {
 		return nil, err
@@ -265,7 +265,7 @@ func (module *setter) UpdateUserDeprecated(ctx context.Context, orgID valuer.UUI
 	existingUser.Update(user.DisplayName, user.Role)
 
 	// update the user - idempotent (this does analytics too so keeping it outside txn)
-	if err := module.UpdateAnyUserDeprecated(ctx, orgID, existingUser); err != nil {
+	if err := module.UpdateAnyUser(ctx, orgID, existingUser); err != nil {
 		return nil, err
 	}
 
@@ -291,113 +291,7 @@ func (module *setter) UpdateUserDeprecated(ctx context.Context, orgID valuer.UUI
 	return existingUser, nil
 }
 
-func (module *setter) UpdateMyUser(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, updatable *types.UpdatableSelfUser) (*types.User, error) {
-	existingUser, err := module.getter.GetUserByOrgIDAndID(ctx, orgID, userID)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := existingUser.ErrIfRoot(); err != nil {
-		return nil, errors.WithAdditionalf(err, "cannot update root user")
-	}
-
-	if err := existingUser.ErrIfDeleted(); err != nil {
-		return nil, errors.WithAdditionalf(err, "cannot update deleted user")
-	}
-
-	existingUser.Update(updatable.DisplayName)
-	if err := module.UpdateAnyUser(ctx, orgID, existingUser); err != nil {
-		return nil, err
-	}
-
-	return existingUser, nil
-}
-
-func (module *setter) UpdateUser(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, updatable *types.UpdatableUser, updatedBy valuer.UUID) (*types.User, error) {
-	existingUser, err := module.getter.GetUserByOrgIDAndID(ctx, orgID, userID)
-	if err != nil {
-		return nil, err
-	}
-
-	if err := existingUser.ErrIfRoot(); err != nil {
-		return nil, errors.WithAdditionalf(err, "cannot update root user")
-	}
-
-	if err := existingUser.ErrIfDeleted(); err != nil {
-		return nil, errors.WithAdditionalf(err, "cannot update deleted user")
-	}
-
-	existingUserRoles, err := module.getter.GetUserRoles(ctx, existingUser.ID)
-	if err != nil {
-		return nil, err
-	}
-
-	existingUserRoleNames := roleNamesFromUserRoles(existingUserRoles)
-
-	var grants, revokes []string
-	var rolesChanged bool
-	if len(updatable.RoleNames) > 0 {
-		// validate that all requested role names exist before making any changes
-		_, err := module.authz.ListByOrgIDAndNames(ctx, orgID, updatable.RoleNames)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	grants, revokes = module.patchRolesNames(existingUserRoleNames, updatable.RoleNames)
-	rolesChanged = (len(grants) > 0) || (len(revokes) > 0)
-
-	if rolesChanged && existingUser.ID == updatedBy {
-		return nil, errors.New(errors.TypeForbidden, errors.CodeForbidden, "cannot change self roles")
-	}
-
-	if rolesChanged {
-		err = module.authz.ModifyGrant(
-			ctx,
-			orgID,
-			revokes,
-			grants,
-			authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil),
-		)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	existingUser.Update(updatable.DisplayName)
-
-	if err := module.UpdateAnyUser(ctx, existingUser.OrgID, existingUser); err != nil {
-		return nil, err
-	}
-
-	if rolesChanged {
-		// this by default runs in txn
-		if err := module.UpdateUserRoles(ctx, existingUser.OrgID, existingUser.ID, updatable.RoleNames); err != nil {
-			return nil, err
-		}
-	}
-
-	return existingUser, nil
-}
-
-func (module *setter) UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *types.User) error {
-	if err := module.store.UpdateUser(ctx, orgID, user); err != nil {
-		return err
-	}
-
-	if err := module.tokenizer.DeleteIdentity(ctx, user.ID); err != nil {
-		return err
-	}
-
-	// stats collector things
-	traits := types.NewTraitsFromUser(user)
-	module.analytics.IdentifyUser(ctx, user.OrgID.String(), user.ID.String(), traits)
-	module.analytics.TrackUser(ctx, user.OrgID.String(), user.ID.String(), "User Updated", traits)
-
-	return nil
-}
-
-func (module *setter) UpdateAnyUserDeprecated(ctx context.Context, orgID valuer.UUID, deprecateUser *types.DeprecatedUser) error {
+func (module *setter) UpdateAnyUser(ctx context.Context, orgID valuer.UUID, deprecateUser *types.DeprecatedUser) error {
 	user := types.NewUserFromDeprecatedUser(deprecateUser)
 	if err := module.store.UpdateUser(ctx, orgID, user); err != nil {
 		return err
@@ -907,17 +801,13 @@ func (module *setter) activatePendingUser(ctx context.Context, user *types.User,
 
 func (module *setter) UpdateUserRoles(ctx context.Context, orgID, userID valuer.UUID, finalRoleNames []string) error {
 	return module.store.RunInTx(ctx, func(ctx context.Context) error {
-		// delete old user_role entries
+		// delete old user_role entries and create new ones from SSO
 		if err := module.userRoleStore.DeleteUserRoles(ctx, userID); err != nil {
 			return err
 		}
 
-		// create fresh ones only if there are roles to assign
-		if len(finalRoleNames) > 0 {
-			return module.createUserRoleEntries(ctx, orgID, userID, finalRoleNames)
-		}
-
-		return nil
+		// create fresh ones
+		return module.createUserRoleEntries(ctx, orgID, userID, finalRoleNames)
 	})
 }
 
@@ -930,33 +820,3 @@ func roleNamesFromUserRoles(userRoles []*authtypes.UserRole) []string {
 	}
 	return names
 }
-
-func (module *setter) patchRolesNames(currentRolesNames, targetRoleNames []string) ([]string, []string) {
-	currentRolesSet := make(map[string]struct{}, len(currentRolesNames))
-	targetRolesSet := make(map[string]struct{}, len(targetRoleNames))
-
-	for _, role := range currentRolesNames {
-		currentRolesSet[role] = struct{}{}
-	}
-	for _, role := range targetRoleNames {
-		targetRolesSet[role] = struct{}{}
-	}
-
-	// additions: roles present in input but not in current
-	additions := []string{}
-	for _, role := range targetRoleNames {
-		if _, exists := currentRolesSet[role]; !exists {
-			additions = append(additions, role)
-		}
-	}
-
-	// deletions: roles present in current but not in input
-	deletions := []string{}
-	for _, role := range currentRolesNames {
-		if _, exists := targetRolesSet[role]; !exists {
-			deletions = append(deletions, role)
-		}
-	}
-
-	return additions, deletions
-}

pkg/modules/user/impluser/store.go

@@ -667,22 +667,3 @@ func (store *store) GetUsersByEmailsOrgIDAndStatuses(ctx context.Context, orgID
 
 	return users, nil
 }
-
-func (store *store) GetUsersByOrgIDAndRoleID(ctx context.Context, orgID valuer.UUID, roleID valuer.UUID) ([]*types.User, error) {
-	users := []*types.User{}
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&users).
-		Join(`JOIN user_role ON user_role.user_id = "users".id`).
-		Where(`"users".org_id = ?`, orgID).
-		Where("user_role.role_id = ?", roleID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return users, nil
-}

pkg/modules/user/user.go

@@ -34,13 +34,10 @@ type Setter interface {
 	// Initiate forgot password flow for a user
 	ForgotPassword(ctx context.Context, orgID valuer.UUID, email valuer.Email, frontendBaseURL string) error
 
-	UpdateUserDeprecated(ctx context.Context, orgID valuer.UUID, id string, user *types.DeprecatedUser, updatedBy string) (*types.DeprecatedUser, error)
-	UpdateMyUser(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, updatable *types.UpdatableSelfUser) (*types.User, error)
-	UpdateUser(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, updatable *types.UpdatableUser, updatedBy valuer.UUID) (*types.User, error)
+	UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *types.DeprecatedUser, updatedBy string) (*types.DeprecatedUser, error)
 
 	// UpdateAnyUser updates a user and persists the changes to the database along with the analytics and identity deletion.
-	UpdateAnyUserDeprecated(ctx context.Context, orgID valuer.UUID, deprecateUser *types.DeprecatedUser) error
-	UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *types.User) error
+	UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *types.DeprecatedUser) error
 	DeleteUser(ctx context.Context, orgID valuer.UUID, id string, deletedBy string) error
 
 	// invite
@@ -63,13 +60,11 @@ type Getter interface {
 	// Get root user by org id.
 	GetRootUserByOrgID(context.Context, valuer.UUID) (*types.User, []*authtypes.UserRole, error)
 
-	// Get gets the users based on the given org id
-	ListByOrgIDDeprecated(context.Context, valuer.UUID) ([]*types.DeprecatedUser, error)
-	ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*types.User, error)
+	// Get gets the users based on the given id
+	ListByOrgID(context.Context, valuer.UUID) ([]*types.DeprecatedUser, error)
 
 	// Get deprecated user object by orgID and id.
 	GetDeprecatedUserByOrgIDAndID(context.Context, valuer.UUID, valuer.UUID) (*types.DeprecatedUser, error)
-	GetUserByOrgIDAndID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.User, error)
 
 	// Get user by id.
 	Get(context.Context, valuer.UUID) (*types.DeprecatedUser, error)
@@ -91,9 +86,6 @@ type Getter interface {
 
 	// Gets user_role with roles entries from db
 	GetUserRoles(ctx context.Context, userID valuer.UUID) ([]*authtypes.UserRole, error)
-
-	// Gets all the user with role using role id in an org id
-	GetUsersByOrgIDAndRoleID(ctx context.Context, orgID valuer.UUID, roleID valuer.UUID) ([]*types.User, error)
 }
 
 type Handler interface {
@@ -101,19 +93,11 @@ type Handler interface {
 	CreateInvite(http.ResponseWriter, *http.Request)
 	CreateBulkInvite(http.ResponseWriter, *http.Request)
 
-	// users
-	ListUsersDeprecated(http.ResponseWriter, *http.Request)
 	ListUsers(http.ResponseWriter, *http.Request)
-	UpdateUserDeprecated(http.ResponseWriter, *http.Request)
 	UpdateUser(http.ResponseWriter, *http.Request)
 	DeleteUser(http.ResponseWriter, *http.Request)
-	GetUserDeprecated(http.ResponseWriter, *http.Request)
 	GetUser(http.ResponseWriter, *http.Request)
-	GetMyUserDeprecated(http.ResponseWriter, *http.Request)
 	GetMyUser(http.ResponseWriter, *http.Request)
-	UpdateMyUser(http.ResponseWriter, *http.Request)
-	GetUserRoles(http.ResponseWriter, *http.Request)
-	GetUsersByRoleID(http.ResponseWriter, *http.Request)
 
 	// Reset Password
 	GetResetPasswordToken(http.ResponseWriter, *http.Request)

pkg/prometheus/config.go

@@ -3,6 +3,7 @@ package prometheus
 import (
 	"time"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 )
 
@@ -20,6 +21,9 @@ type Config struct {
 	//
 	// If not set, the prometheus default is used (currently 5m).
 	LookbackDelta time.Duration `mapstructure:"lookback_delta"`
+
+	// Timeout is the maximum time a query is allowed to run before being aborted.
+	Timeout time.Duration `mapstructure:"timeout"`
 }
 
 func NewConfigFactory() factory.ConfigFactory {
@@ -33,10 +37,14 @@ func newConfig() factory.Config {
 			Path:          "",
 			MaxConcurrent: 20,
 		},
+		Timeout: 2 * time.Minute,
 	}
 }
 
 func (c Config) Validate() error {
+	if c.Timeout <= 0 {
+		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "prometheus::timeout must be greater than 0")
+	}
 	return nil
 }
 

pkg/prometheus/constants.go

@@ -1,3 +0,0 @@
-package prometheus
-
-const FingerprintAsPromLabelName = "fingerprint"

pkg/prometheus/engine.go

@@ -2,7 +2,6 @@ package prometheus
 
 import (
 	"log/slog"
-	"time"
 
 	"github.com/prometheus/prometheus/promql"
 )
@@ -21,7 +20,7 @@ func NewEngine(logger *slog.Logger, cfg Config) *Engine {
 		Logger:             logger,
 		Reg:                nil,
 		MaxSamples:         5_0000_000,
-		Timeout:            2 * time.Minute,
+		Timeout:            cfg.Timeout,
 		ActiveQueryTracker: activeQueryTracker,
 		LookbackDelta:      cfg.LookbackDelta,
 	})

pkg/prometheus/label.go

@@ -6,6 +6,8 @@ import (
 	"github.com/prometheus/prometheus/promql"
 )
 
+const FingerprintAsPromLabelName string = "fingerprint"
+
 func RemoveExtraLabels(res *promql.Result, labelsToRemove ...string) error {
 	if len(labelsToRemove) == 0 || res == nil {
 		return nil

pkg/querier/promql_query.go

@@ -36,6 +36,28 @@ var unquotedDottedNamePattern = regexp.MustCompile(`(?:^|[{,(\s])([a-zA-Z_][a-zA
 // This is a common mistake when migrating to UTF-8 syntax.
 var quotedMetricOutsideBracesPattern = regexp.MustCompile(`"([^"]+)"\s*\{`)
 
+// tryEnhancePromQLExecError attempts to convert a PromQL execution error into
+// a properly typed error. Returns nil if the error is not a recognized execution error.
+func tryEnhancePromQLExecError(execErr error) error {
+	var eqc promql.ErrQueryCanceled
+	var eqt promql.ErrQueryTimeout
+	var es promql.ErrStorage
+	switch {
+	case errors.As(execErr, &eqc):
+		return errors.Newf(errors.TypeCanceled, errors.CodeCanceled, "query canceled").WithAdditional(eqc.Error())
+	case errors.As(execErr, &eqt):
+		return errors.Newf(errors.TypeTimeout, errors.CodeTimeout, "query timed out").WithAdditional(eqt.Error())
+	case errors.Is(execErr, context.DeadlineExceeded):
+		return errors.Newf(errors.TypeTimeout, errors.CodeTimeout, "query timed out")
+	case errors.Is(execErr, context.Canceled):
+		return errors.Newf(errors.TypeCanceled, errors.CodeCanceled, "query canceled")
+	case errors.As(execErr, &es):
+		return errors.Newf(errors.TypeInternal, errors.CodeInternal, "query execution error: %v", execErr)
+	default:
+		return nil
+	}
+}
+
 // enhancePromQLError adds helpful context to PromQL parse errors,
 // particularly for UTF-8 syntax migration issues where metric and label
 // names containing dots need to be quoted.
@@ -213,27 +235,20 @@ func (q *promqlQuery) Execute(ctx context.Context) (*qbv5.Result, error) {
 		time.Unix(0, end),
 		q.query.Step.Duration,
 	)
-
 	if err != nil {
+		// NewRangeQuery can fail with execution errors (e.g. context deadline exceeded)
+		// during the query queue/scheduling stage, not just parse errors.
+		if err := tryEnhancePromQLExecError(err); err != nil {
+			return nil, err
+		}
+
 		return nil, enhancePromQLError(query, err)
 	}
 
 	res := qry.Exec(ctx)
 	if res.Err != nil {
-		var eqc promql.ErrQueryCanceled
-		var eqt promql.ErrQueryTimeout
-		var es promql.ErrStorage
-		switch {
-		case errors.As(res.Err, &eqc):
-			return nil, errors.Newf(errors.TypeCanceled, errors.CodeCanceled, "query canceled")
-		case errors.As(res.Err, &eqt):
-			return nil, errors.Newf(errors.TypeTimeout, errors.CodeTimeout, "query timeout")
-		case errors.As(res.Err, &es):
-			return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "query execution error: %v", res.Err)
-		}
-
-		if errors.Is(res.Err, context.Canceled) {
-			return nil, errors.Newf(errors.TypeCanceled, errors.CodeCanceled, "query canceled")
+		if err := tryEnhancePromQLExecError(res.Err); err != nil {
+			return nil, err
 		}
 
 		return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "query execution error: %v", res.Err)

pkg/query-service/app/logparsingpipeline/controller.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"maps"
 	"slices"
 	"strings"
 
@@ -12,6 +13,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	"github.com/SigNoz/signoz/pkg/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	"github.com/SigNoz/signoz/pkg/query-service/model"
 	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
 	"github.com/SigNoz/signoz/pkg/query-service/utils"
@@ -34,19 +36,101 @@ type LogParsingPipelineController struct {
 	Repo
 
 	GetIntegrationPipelines func(context.Context, string) ([]pipelinetypes.GettablePipeline, error)
+	// TODO(Piyush): remove with qbv5 migration
+	reader interfaces.Reader
 }
 
 func NewLogParsingPipelinesController(
 	sqlStore sqlstore.SQLStore,
 	getIntegrationPipelines func(context.Context, string) ([]pipelinetypes.GettablePipeline, error),
+	reader interfaces.Reader,
 ) (*LogParsingPipelineController, error) {
 	repo := NewRepo(sqlStore)
 	return &LogParsingPipelineController{
 		Repo:                    repo,
 		GetIntegrationPipelines: getIntegrationPipelines,
+		reader:                  reader,
 	}, nil
 }
 
+// enrichPipelinesFilters resolves the type (tag vs resource) for filter keys that are
+// missing type info, by looking them up in the store.
+//
+// TODO(Piyush): remove with qbv5 migration
+func (pc *LogParsingPipelineController) enrichPipelinesFilters(
+	ctx context.Context, pipelines []pipelinetypes.GettablePipeline,
+) ([]pipelinetypes.GettablePipeline, error) {
+	// Collect names of non-static keys that are missing type info.
+	// Static fields (body, trace_id, etc.) are intentionally Unspecified and map
+	// to top-level OTEL fields — they do not need enrichment.
+	unspecifiedNames := map[string]struct{}{}
+	for _, p := range pipelines {
+		if p.Filter != nil {
+			for _, item := range p.Filter.Items {
+				if item.Key.Type == v3.AttributeKeyTypeUnspecified {
+					// Skip static fields
+					if _, isStatic := constants.StaticFieldsLogsV3[item.Key.Key]; isStatic {
+						continue
+					}
+					// Skip enrich body.* fields
+					if strings.HasPrefix(item.Key.Key, "body.") {
+						continue
+					}
+					unspecifiedNames[item.Key.Key] = struct{}{}
+				}
+			}
+		}
+	}
+	if len(unspecifiedNames) == 0 {
+		return pipelines, nil
+	}
+
+	logFields, apiErr := pc.reader.GetLogFieldsFromNames(ctx, slices.Collect(maps.Keys(unspecifiedNames)))
+	if apiErr != nil {
+		slog.ErrorContext(ctx, "failed to fetch log fields for pipeline filter enrichment", "error", apiErr)
+		return pipelines, apiErr
+	}
+
+	// Build a simple name → AttributeKeyType map from the response.
+	fieldTypes := map[string]v3.AttributeKeyType{}
+	for _, f := range append(logFields.Selected, logFields.Interesting...) {
+		switch f.Type {
+		case constants.Resources:
+			fieldTypes[f.Name] = v3.AttributeKeyTypeResource
+		case constants.Attributes:
+			fieldTypes[f.Name] = v3.AttributeKeyTypeTag
+		}
+	}
+
+	// Set the resolved type on each untyped filter key in-place.
+	for i := range pipelines {
+		if pipelines[i].Filter != nil {
+			for j := range pipelines[i].Filter.Items {
+				key := &pipelines[i].Filter.Items[j].Key
+				if key.Type == v3.AttributeKeyTypeUnspecified {
+					// Skip static fields
+					if _, isStatic := constants.StaticFieldsLogsV3[key.Key]; isStatic {
+						continue
+					}
+					// Skip enrich body.* fields
+					if strings.HasPrefix(key.Key, "body.") {
+						continue
+					}
+
+					if t, ok := fieldTypes[key.Key]; ok {
+						key.Type = t
+					} else {
+						// default to attribute
+						key.Type = v3.AttributeKeyTypeTag
+					}
+				}
+			}
+		}
+	}
+
+	return pipelines, nil
+}
+
 // PipelinesResponse is used to prepare http response for pipelines config related requests
 type PipelinesResponse struct {
 	*opamptypes.AgentConfigVersion
@@ -256,7 +340,12 @@ func (ic *LogParsingPipelineController) PreviewLogsPipelines(
 	ctx context.Context,
 	request *PipelinesPreviewRequest,
 ) (*PipelinesPreviewResponse, error) {
-	result, collectorLogs, err := SimulatePipelinesProcessing(ctx, request.Pipelines, request.Logs)
+	pipelines, err := ic.enrichPipelinesFilters(ctx, request.Pipelines)
+	if err != nil {
+		return nil, err
+	}
+
+	result, collectorLogs, err := SimulatePipelinesProcessing(ctx, pipelines, request.Logs)
 	if err != nil {
 		return nil, err
 	}
@@ -293,10 +382,8 @@ func (pc *LogParsingPipelineController) RecommendAgentConfig(
 	if configVersion != nil {
 		pipelinesVersion = configVersion.Version
 	}
-
-	pipelinesResp, err := pc.GetPipelinesByVersion(
-		context.Background(), orgId, pipelinesVersion,
-	)
+	ctx := context.Background()
+	pipelinesResp, err := pc.GetPipelinesByVersion(ctx, orgId, pipelinesVersion)
 	if err != nil {
 		return nil, "", err
 	}
@@ -306,12 +393,17 @@ func (pc *LogParsingPipelineController) RecommendAgentConfig(
 		return nil, "", errors.WrapInternalf(err, CodeRawPipelinesMarshalFailed, "could not serialize pipelines to JSON")
 	}
 
-	if querybuilder.BodyJSONQueryEnabled {
-		// add default normalize pipeline at the beginning, only for sending to collector
-		pipelinesResp.Pipelines = append([]pipelinetypes.GettablePipeline{pc.getNormalizePipeline()}, pipelinesResp.Pipelines...)
+	enrichedPipelines, err := pc.enrichPipelinesFilters(ctx, pipelinesResp.Pipelines)
+	if err != nil {
+		return nil, "", err
 	}
 
-	updatedConf, err := GenerateCollectorConfigWithPipelines(currentConfYaml, pipelinesResp.Pipelines)
+	if querybuilder.BodyJSONQueryEnabled {
+		// add default normalize pipeline at the beginning, only for sending to collector
+		enrichedPipelines = append([]pipelinetypes.GettablePipeline{pc.getNormalizePipeline()}, enrichedPipelines...)
+	}
+
+	updatedConf, err := GenerateCollectorConfigWithPipelines(currentConfYaml, enrichedPipelines)
 	if err != nil {
 		return nil, "", err
 	}

pkg/query-service/app/querier/querier_test.go

@@ -1407,7 +1407,7 @@ func Test_querier_Traces_runWindowBasedListQueryDesc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,
@@ -1633,7 +1633,7 @@ func Test_querier_Traces_runWindowBasedListQueryAsc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,
@@ -1934,7 +1934,7 @@ func Test_querier_Logs_runWindowBasedListQueryDesc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,
@@ -2162,7 +2162,7 @@ func Test_querier_Logs_runWindowBasedListQueryAsc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,

pkg/query-service/app/querier/v2/querier_test.go

@@ -1459,7 +1459,7 @@ func Test_querier_Traces_runWindowBasedListQueryDesc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,
@@ -1685,7 +1685,7 @@ func Test_querier_Traces_runWindowBasedListQueryAsc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,
@@ -1985,7 +1985,7 @@ func Test_querier_Logs_runWindowBasedListQueryDesc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,
@@ -2213,7 +2213,7 @@ func Test_querier_Logs_runWindowBasedListQueryAsc(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Duration(time.Second),
 				nil,

pkg/query-service/app/server.go

@@ -121,6 +121,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
 		signoz.SQLStore,
 		integrationsController.GetPipelinesForInstalledIntegrations,
+		reader,
 	)
 	if err != nil {
 		return nil, err

pkg/query-service/rules/base_rule_test.go

@@ -698,7 +698,7 @@ func TestBaseRule_FilterNewSeries(t *testing.T) {
 				slog.Default(),
 				nil,
 				telemetryStore,
-				prometheustest.New(context.Background(), settings, prometheus.Config{}, telemetryStore),
+				prometheustest.New(context.Background(), settings, prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore),
 				"",
 				time.Second,
 				nil,

pkg/query-service/rules/manager_test.go

@@ -253,7 +253,7 @@ func TestManager_TestNotification_SendUnmatched_PromRule(t *testing.T) {
 						WillReturnRows(samplesRows)
 
 					// Create Prometheus provider for this test
-					promProvider = prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, store)
+					promProvider = prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, store)
 				},
 				ManagerOptionsHook: func(opts *ManagerOptions) {
 					// Set Prometheus provider for PromQL queries

pkg/query-service/rules/managertestfactory.go

@@ -99,7 +99,7 @@ func NewTestManager(t *testing.T, testOpts *TestManagerOptions) *Manager {
 
 	options := clickhouseReader.NewOptions("", "", "archiveNamespace")
 	providerSettings := instrumentationtest.New().ToProviderSettings()
-	prometheus := prometheustest.New(context.Background(), providerSettings, prometheus.Config{}, telemetryStore)
+	prometheus := prometheustest.New(context.Background(), providerSettings, prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore)
 	reader := clickhouseReader.NewReader(
 		instrumentationtest.New().Logger(),
 		nil,

pkg/query-service/rules/prom_rule_test.go

@@ -940,7 +940,7 @@ func TestPromRuleUnitCombinations(t *testing.T) {
 			).
 			WillReturnRows(samplesRows)
 
-		promProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore)
+		promProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore)
 
 		postableRule.RuleCondition.CompareOp = ruletypes.CompareOp(c.compareOp)
 		postableRule.RuleCondition.MatchType = ruletypes.MatchType(c.matchType)
@@ -1061,7 +1061,7 @@ func _Enable_this_after_9146_issue_fix_is_merged_TestPromRuleNoData(t *testing.T
 			WithArgs("test_metric", "__name__", "test_metric").
 			WillReturnRows(fingerprintRows)
 
-		promProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore)
+		promProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore)
 
 		var target float64 = 0
 		postableRule.RuleCondition.Thresholds = &ruletypes.RuleThresholdData{
@@ -1281,7 +1281,7 @@ func TestMultipleThresholdPromRule(t *testing.T) {
 			).
 			WillReturnRows(samplesRows)
 
-		promProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore)
+		promProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore)
 
 		postableRule.RuleCondition.CompareOp = ruletypes.CompareOp(c.compareOp)
 		postableRule.RuleCondition.MatchType = ruletypes.MatchType(c.matchType)
@@ -1441,7 +1441,7 @@ func TestPromRule_NoData(t *testing.T) {
 			promProvider := prometheustest.New(
 				context.Background(),
 				instrumentationtest.New().ToProviderSettings(),
-				prometheus.Config{},
+				prometheus.Config{Timeout: 2 * time.Minute},
 				telemetryStore,
 			)
 			defer func() {
@@ -1590,7 +1590,7 @@ func TestPromRule_NoData_AbsentFor(t *testing.T) {
 			promProvider := prometheustest.New(
 				context.Background(),
 				instrumentationtest.New().ToProviderSettings(),
-				prometheus.Config{},
+				prometheus.Config{Timeout: 2 * time.Minute},
 				telemetryStore,
 			)
 			defer func() {
@@ -1748,7 +1748,7 @@ func TestPromRuleEval_RequireMinPoints(t *testing.T) {
 			promProvider := prometheustest.New(
 				context.Background(),
 				instrumentationtest.New().ToProviderSettings(),
-				prometheus.Config{LookbackDelta: lookBackDelta},
+				prometheus.Config{Timeout: 2 * time.Minute, LookbackDelta: lookBackDelta},
 				telemetryStore,
 			)
 			defer func() {

pkg/query-service/rules/threshold_rule_test.go

@@ -779,7 +779,7 @@ func TestThresholdRuleUnitCombinations(t *testing.T) {
 			},
 		)
 		require.NoError(t, err)
-		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore), "", time.Duration(time.Second), nil, readerCache, options)
+		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore), "", time.Duration(time.Second), nil, readerCache, options)
 		rule, err := NewThresholdRule("69", valuer.GenerateUUID(), &postableRule, reader, nil, logger)
 		rule.TemporalityMap = map[string]map[v3.Temporality]bool{
 			"signoz_calls_total": {
@@ -894,7 +894,7 @@ func TestThresholdRuleNoData(t *testing.T) {
 		)
 		assert.NoError(t, err)
 		options := clickhouseReader.NewOptions("", "", "archiveNamespace")
-		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore), "", time.Duration(time.Second), nil, readerCache, options)
+		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore), "", time.Duration(time.Second), nil, readerCache, options)
 
 		rule, err := NewThresholdRule("69", valuer.GenerateUUID(), &postableRule, reader, nil, logger)
 		rule.TemporalityMap = map[string]map[v3.Temporality]bool{
@@ -1014,7 +1014,7 @@ func TestThresholdRuleTracesLink(t *testing.T) {
 		}
 
 		options := clickhouseReader.NewOptions("", "", "archiveNamespace")
-		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore), "", time.Duration(time.Second), nil, nil, options)
+		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore), "", time.Duration(time.Second), nil, nil, options)
 
 		rule, err := NewThresholdRule("69", valuer.GenerateUUID(), &postableRule, reader, nil, logger)
 		rule.TemporalityMap = map[string]map[v3.Temporality]bool{
@@ -1151,7 +1151,7 @@ func TestThresholdRuleLogsLink(t *testing.T) {
 		}
 
 		options := clickhouseReader.NewOptions("", "", "archiveNamespace")
-		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore), "", time.Duration(time.Second), nil, nil, options)
+		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore), "", time.Duration(time.Second), nil, nil, options)
 
 		rule, err := NewThresholdRule("69", valuer.GenerateUUID(), &postableRule, reader, nil, logger)
 		rule.TemporalityMap = map[string]map[v3.Temporality]bool{
@@ -1418,7 +1418,7 @@ func TestMultipleThresholdRule(t *testing.T) {
 			},
 		)
 		require.NoError(t, err)
-		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore), "", time.Second, nil, readerCache, options)
+		reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore), "", time.Second, nil, readerCache, options)
 		rule, err := NewThresholdRule("69", valuer.GenerateUUID(), &postableRule, reader, nil, logger)
 		rule.TemporalityMap = map[string]map[v3.Temporality]bool{
 			"signoz_calls_total": {
@@ -2220,7 +2220,7 @@ func TestThresholdEval_RequireMinPoints(t *testing.T) {
 			)
 			require.NoError(t, err)
 
-			prometheusProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, telemetryStore)
+			prometheusProvider := prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, telemetryStore)
 			reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, prometheusProvider, "", time.Second, nil, readerCache, options)
 
 			rule, err := NewThresholdRule("some-id", valuer.GenerateUUID(), &postableRule, reader, nil, logger)

pkg/statsreporter/analyticsstatsreporter/provider.go

@@ -178,7 +178,7 @@ func (provider *provider) Report(ctx context.Context) error {
 		}
 
 		for _, user := range users {
-			traits := types.NewTraitsFromUser(user)
+			traits := types.NewTraitsFromDeprecatedUser(user)
 			if maxLastObservedAt, ok := maxLastObservedAtPerUserID[user.ID]; ok {
 				traits["auth_token.last_observed_at.max.time"] = maxLastObservedAt.UTC()
 				traits["auth_token.last_observed_at.max.time_unix"] = maxLastObservedAt.Unix()

pkg/types/authtypes/user_role.go

@@ -5,14 +5,13 @@ import (
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
 
 var (
 	ErrCodeUserRoleAlreadyExists = errors.MustNewCode("user_role_already_exists")
-	ErrCodeUserRolesNotFound     = errors.MustNewCode("user_roles_not_found")
+	ErrCodeUserRolesNotFound      = errors.MustNewCode("user_roles_not_found")
 )
 
 type UserRole struct {
@@ -48,11 +47,6 @@ func NewUserRoles(userID valuer.UUID, roles []*Role) []*UserRole {
 	return userRoles
 }
 
-type UserWithRoles struct {
-	*types.User
-	Roles []*Role `json:"roles"`
-}
-
 type UserRoleStore interface {
 	// create user roles in bulk
 	CreateUserRoles(ctx context.Context, userRoles []*UserRole) error

pkg/types/user.go

@@ -51,15 +51,6 @@ type DeprecatedUser struct {
 	Role Role `json:"role"`
 }
 
-type UpdatableSelfUser struct {
-	DisplayName string `json:"displayName" required:"true"`
-}
-
-type UpdatableUser struct {
-	DisplayName string   `json:"displayName" required:"true"`
-	RoleNames   []string `json:"roleNames" required:"true" nullable:"false"`
-}
-
 type PostableRegisterOrgAndAdmin struct {
 	Name           string       `json:"name"`
 	Email          valuer.Email `json:"email"`
@@ -307,9 +298,6 @@ type UserStore interface {
 	// Get user by reset password token
 	GetUserByResetPasswordToken(ctx context.Context, token string) (*User, error)
 
-	// Get users having role by org id and role id
-	GetUsersByOrgIDAndRoleID(ctx context.Context, orgID valuer.UUID, roleID valuer.UUID) ([]*User, error)
-
 	// Transaction
 	RunInTx(ctx context.Context, cb func(ctx context.Context) error) error
 }

tests/integration/fixtures/idputils.py

@@ -654,6 +654,19 @@ def get_oidc_domain(signoz: types.SigNoz, admin_token: str) -> dict:
     )
 
 
+def get_user_by_email(signoz: types.SigNoz, admin_token: str, email: str) -> dict:
+    """Helper to get a user by email."""
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    return next(
+        (user for user in response.json()["data"] if user["email"] == email),
+        None,
+    )
+
+
 def perform_oidc_login(
     signoz: types.SigNoz,  # pylint: disable=unused-argument
     idp: types.TestContainerIDP,

tests/integration/fixtures/utils.py

@@ -3,9 +3,6 @@ import os
 from typing import Any
 
 import isodate
-import requests
-
-from fixtures import types
 
 
 # parses the given timestamp string from ISO format to datetime.datetime
@@ -34,33 +31,3 @@ def parse_duration(duration: Any) -> datetime.timedelta:
 def get_testdata_file_path(file: str) -> str:
     testdata_dir = os.path.join(os.path.dirname(__file__), "..", "testdata")
     return os.path.join(testdata_dir, file)
-
-
-def get_user_by_email(signoz: types.SigNoz, admin_token: str, email: str) -> dict:
-    """Helper to get a user by email."""
-    headers = {"Authorization": f"Bearer {admin_token}"} if admin_token else {}
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
-        timeout=2,
-        headers=headers,
-    )
-    return next(
-        (user for user in response.json()["data"] if user["email"] == email),
-        None,
-    )
-
-
-def get_user_role_names(signoz: types.SigNoz, admin_token: str, user_id: str) -> list:
-    """Helper to get the user roles by user ID"""
-    headers = {"Authorization": f"Bearer {admin_token}"} if admin_token else {}
-    response = requests.get(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{user_id}/roles"),
-        timeout=2,
-        headers=headers,
-    )
-
-    roles = response.json()["data"]
-    if not roles:
-        return []
-
-    return [role["name"] for role in roles]

tests/integration/src/callbackauthn/02_saml.py

@@ -12,8 +12,11 @@ from fixtures.auth import (
     USER_ADMIN_PASSWORD,
     add_license,
 )
-from fixtures.idputils import get_saml_domain, perform_saml_login
-from fixtures.utils import get_user_by_email, get_user_role_names
+from fixtures.idputils import (
+    get_saml_domain,
+    get_user_by_email,
+    perform_saml_login,
+)
 from fixtures.types import Operation, SigNoz, TestContainerDocker, TestContainerIDP
 
 
@@ -128,12 +131,26 @@ def test_saml_authn(
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
 
     # Assert that the user was created in signoz.
-    found_user = get_user_by_email(signoz, admin_token, "viewer@saml.integration.test")
-    assert found_user is not None
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
 
-    # Confirm role
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "viewer@saml.integration.test"
+        ),
+        None,
+    )
+
+    assert found_user is not None
+    assert found_user["role"] == "VIEWER"
 
 
 def test_idp_initiated_saml_authn(
@@ -165,14 +182,26 @@ def test_idp_initiated_saml_authn(
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
 
     # Assert that the user was created in signoz.
-    found_user = get_user_by_email(
-        signoz, admin_token, "viewer.idp.initiated@saml.integration.test"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
     )
-    assert found_user is not None
 
-    # Confirm role
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "viewer.idp.initiated@saml.integration.test"
+        ),
+        None,
+    )
+
+    assert found_user is not None
+    assert found_user["role"] == "VIEWER"
 
 
 def test_saml_update_domain_with_group_mappings(
@@ -242,8 +271,7 @@ def test_saml_role_mapping_single_group_admin(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
 
 
 def test_saml_role_mapping_single_group_editor(
@@ -269,8 +297,7 @@ def test_saml_role_mapping_single_group_editor(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
 
 def test_saml_role_mapping_multiple_groups_highest_wins(
@@ -300,8 +327,7 @@ def test_saml_role_mapping_multiple_groups_highest_wins(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
 
 def test_saml_role_mapping_explicit_viewer_group(
@@ -328,8 +354,7 @@ def test_saml_role_mapping_explicit_viewer_group(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_saml_role_mapping_unmapped_group_uses_default(
@@ -355,8 +380,7 @@ def test_saml_role_mapping_unmapped_group_uses_default(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_saml_update_domain_with_use_role_claim(
@@ -433,8 +457,7 @@ def test_saml_role_mapping_role_claim_takes_precedence(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
 
 
 def test_saml_role_mapping_invalid_role_claim_fallback(
@@ -464,8 +487,7 @@ def test_saml_role_mapping_invalid_role_claim_fallback(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
 
 def test_saml_role_mapping_case_insensitive(
@@ -495,8 +517,7 @@ def test_saml_role_mapping_case_insensitive(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
 
 
 def test_saml_name_mapping(
@@ -524,8 +545,7 @@ def test_saml_name_mapping(
     assert (
         found_user["displayName"] == "Jane"
     )  # We are only mapping the first name here
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_saml_empty_name_fallback(
@@ -550,8 +570,7 @@ def test_saml_empty_name_fallback(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_saml_sso_login_activates_pending_invite_user(
@@ -594,8 +613,7 @@ def test_saml_sso_login_activates_pending_invite_user(
     found_user = get_user_by_email(signoz, admin_token, email)
     assert found_user is not None
     assert found_user["status"] == "active"
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_saml_sso_deleted_user_gets_new_user_on_login(
@@ -662,7 +680,7 @@ def test_saml_sso_deleted_user_gets_new_user_on_login(
 
     # Verify a NEW active user was auto-provisioned via SSO
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
         headers={"Authorization": f"Bearer {admin_token}"},
     )
@@ -676,7 +694,4 @@ def test_saml_sso_deleted_user_gets_new_user_on_login(
     )
     assert found_user is not None
     assert found_user["status"] == "active"
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert (
-        "signoz-viewer" in found_user_role_names
-    )  # default role from SSO domain config
+    assert found_user["role"] == "VIEWER"  # default role from SSO domain config

tests/integration/src/callbackauthn/03_oidc.py

@@ -11,8 +11,11 @@ from fixtures.auth import (
     USER_ADMIN_PASSWORD,
     add_license,
 )
-from fixtures.idputils import get_oidc_domain, perform_oidc_login
-from fixtures.utils import get_user_by_email, get_user_role_names
+from fixtures.idputils import (
+    get_oidc_domain,
+    get_user_by_email,
+    perform_oidc_login,
+)
 from fixtures.types import Operation, SigNoz, TestContainerDocker, TestContainerIDP
 
 
@@ -109,12 +112,26 @@ def test_oidc_authn(
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
 
     # Assert that the user was created in signoz.
-    found_user = get_user_by_email(signoz, admin_token, "viewer@oidc.integration.test")
-    assert found_user is not None
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
 
-    # Confirm role
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "viewer@oidc.integration.test"
+        ),
+        None,
+    )
+
+    assert found_user is not None
+    assert found_user["role"] == "VIEWER"
 
 
 def test_oidc_update_domain_with_group_mappings(
@@ -191,8 +208,7 @@ def test_oidc_role_mapping_single_group_admin(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
 
 
 def test_oidc_role_mapping_single_group_editor(
@@ -218,8 +234,7 @@ def test_oidc_role_mapping_single_group_editor(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
 
 def test_oidc_role_mapping_multiple_groups_highest_wins(
@@ -249,8 +264,7 @@ def test_oidc_role_mapping_multiple_groups_highest_wins(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
 
 
 def test_oidc_role_mapping_explicit_viewer_group(
@@ -277,8 +291,7 @@ def test_oidc_role_mapping_explicit_viewer_group(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_oidc_role_mapping_unmapped_group_uses_default(
@@ -304,8 +317,7 @@ def test_oidc_role_mapping_unmapped_group_uses_default(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
 
 
 def test_oidc_update_domain_with_use_role_claim(
@@ -385,8 +397,7 @@ def test_oidc_role_mapping_role_claim_takes_precedence(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
 
 
 def test_oidc_role_mapping_invalid_role_claim_fallback(
@@ -418,8 +429,7 @@ def test_oidc_role_mapping_invalid_role_claim_fallback(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
 
 def test_oidc_role_mapping_case_insensitive(
@@ -449,8 +459,7 @@ def test_oidc_role_mapping_case_insensitive(
     found_user = get_user_by_email(signoz, admin_token, email)
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
 
 def test_oidc_name_mapping(
@@ -473,13 +482,20 @@ def test_oidc_name_mapping(
     )
 
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    found_user = get_user_by_email(signoz, admin_token, email)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=5,
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    users = response.json()["data"]
+    found_user = next((u for u in users if u["email"] == email), None)
 
     assert found_user is not None
     # Keycloak concatenates firstName + lastName into "name" claim
     assert found_user["displayName"] == "John Doe"
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names  # Default role
+    assert found_user["role"] == "VIEWER"  # Default role
 
 
 def test_oidc_empty_name_uses_fallback(
@@ -502,12 +518,19 @@ def test_oidc_empty_name_uses_fallback(
     )
 
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    found_user = get_user_by_email(signoz, admin_token, email)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=5,
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    users = response.json()["data"]
+    found_user = next((u for u in users if u["email"] == email), None)
 
     # User should still be created even with empty name
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"
     # Note: displayName may be empty - this is a known limitation
 
 
@@ -547,9 +570,16 @@ def test_oidc_sso_login_activates_pending_invite_user(
         signoz, idp, driver, get_session_context, idp_login, email, "password123"
     )
 
-    # User should be active with VIEWER role from SSO
-    found_user = get_user_by_email(signoz, admin_token, email)
+    # User should be active with ADMIN role from invite, not VIEWER from SSO
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    found_user = next(
+        (user for user in response.json()["data"] if user["email"] == email),
+        None,
+    )
     assert found_user is not None
     assert found_user["status"] == "active"
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-viewer" in found_user_role_names
+    assert found_user["role"] == "VIEWER"

tests/integration/src/passwordauthn/01_register.py

@@ -5,7 +5,6 @@ import requests
 
 from fixtures import types
 from fixtures.logger import setup_logger
-from fixtures.utils import get_user_by_email, get_user_role_names
 
 logger = setup_logger(__name__)
 
@@ -75,10 +74,31 @@ def test_register(signoz: types.SigNoz, get_token: Callable[[str, str], str]) ->
 
     admin_token = get_token("admin@integration.test", "password123Z$")
 
-    found_user = get_user_by_email(signoz, admin_token, "admin@integration.test")
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "admin@integration.test"),
+        None,
+    )
+
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-admin" in found_user_role_names
+    assert found_user["role"] == "ADMIN"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{found_user["id"]}"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.json()["data"]["role"] == "ADMIN"
 
 
 def test_invite_and_register(
@@ -100,11 +120,21 @@ def test_invite_and_register(
     assert invited_user["role"] == "EDITOR"
 
     # Verify the user user appears in the users list but as pending_invite status
-    found_user = get_user_by_email(signoz, admin_token, "editor@integration.test")
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "editor@integration.test"),
+        None,
+    )
     assert found_user is not None
     assert found_user["status"] == "pending_invite"
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
 
     reset_token = invited_user["token"]
 
@@ -122,7 +152,7 @@ def test_invite_and_register(
 
     # Verify that an admin endpoint cannot be called by the editor user
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
         headers={"Authorization": f"Bearer {editor_token}"},
     )
@@ -130,12 +160,24 @@ def test_invite_and_register(
     assert response.status_code == HTTPStatus.FORBIDDEN
 
     # Verify that the editor user status has been updated to ACTIVE
-    admin_token = get_token("admin@integration.test", "password123Z$")
-    found_user = get_user_by_email(signoz, admin_token, "editor@integration.test")
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {get_token("admin@integration.test", "password123Z$")}"
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "editor@integration.test"),
+        None,
+    )
 
     assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    assert found_user["role"] == "EDITOR"
     assert found_user["displayName"] == "editor"
     assert found_user["email"] == "editor@integration.test"
     assert found_user["status"] == "active"
@@ -179,7 +221,25 @@ def test_self_access(
 ) -> None:
     admin_token = get_token("admin@integration.test", "password123Z$")
 
-    found_user = get_user_by_email(signoz, admin_token, "editor@integration.test")
-    assert found_user is not None
-    found_user_role_names = get_user_role_names(signoz, admin_token, found_user["id"])
-    assert "signoz-editor" in found_user_role_names
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "editor@integration.test"),
+        None,
+    )
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{found_user['id']}"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.json()["data"]["role"] == "EDITOR"

tests/integration/src/passwordauthn/03_apikey.py

@@ -26,7 +26,7 @@ def test_api_key(signoz: types.SigNoz, get_token: Callable[[str, str], str]) ->
     assert "token" in pat_response["data"]
 
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
         headers={"SIGNOZ-API-KEY": f"{pat_response["data"]["token"]}"},
     )
@@ -85,7 +85,7 @@ def test_api_key_role(
     assert "token" in pat_response["data"]
 
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
         headers={"SIGNOZ-API-KEY": f"{pat_response["data"]["token"]}"},
     )
@@ -109,7 +109,7 @@ def test_api_key_role(
     assert "token" in pat_response["data"]
 
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
         headers={"SIGNOZ-API-KEY": f"{pat_response["data"]["token"]}"},
     )

tests/integration/src/passwordauthn/04_password.py

@@ -6,7 +6,6 @@ from sqlalchemy import sql
 
 from fixtures import types
 from fixtures.logger import setup_logger
-from fixtures.utils import get_user_by_email
 
 logger = setup_logger(__name__)
 
@@ -36,10 +35,23 @@ def test_change_password(
     assert response.status_code == HTTPStatus.NO_CONTENT
 
     # Get the user id
-    found_user = get_user_by_email(
-        signoz, admin_token, "admin+password@integration.test"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "admin+password@integration.test"
+        ),
+        None,
     )
-    assert found_user is not None
 
     # Try logging in with the password
     token = get_token("admin+password@integration.test", "password123Z$")
@@ -88,10 +100,23 @@ def test_reset_password(
     admin_token = get_token("admin@integration.test", "password123Z$")
 
     # Get the user id for admin+password@integration.test
-    found_user = get_user_by_email(
-        signoz, admin_token, "admin+password@integration.test"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "admin+password@integration.test"
+        ),
+        None,
     )
-    assert found_user is not None
 
     response = requests.get(
         signoz.self.host_configs["8080"].get(
@@ -133,10 +158,23 @@ def test_reset_password_with_no_password(
     admin_token = get_token("admin@integration.test", "password123Z$")
 
     # Get the user id for admin+password@integration.test
-    found_user = get_user_by_email(
-        signoz, admin_token, "admin+password@integration.test"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (
+            user
+            for user in user_response
+            if user["email"] == "admin+password@integration.test"
+        ),
+        None,
     )
-    assert found_user is not None
 
     with signoz.sqlstore.conn.connect() as conn:
         result = conn.execute(
@@ -267,7 +305,17 @@ def test_forgot_password_creates_reset_token(
 
     # Verify reset password token was created by querying the database
     # First, get the user ID
-    found_user = get_user_by_email(signoz, admin_token, "forgot@integration.test")
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.OK
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "forgot@integration.test"),
+        None,
+    )
     assert found_user is not None
 
     reset_token = None
@@ -323,7 +371,17 @@ def test_reset_password_with_expired_token(
     admin_token = get_token("admin@integration.test", "password123Z$")
 
     # Get user ID for the forgot@integration.test user
-    found_user = get_user_by_email(signoz, admin_token, "forgot@integration.test")
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.OK
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "forgot@integration.test"),
+        None,
+    )
     assert found_user is not None
 
     # Get org ID

tests/integration/src/passwordauthn/05_role.py

@@ -4,7 +4,6 @@ from typing import Callable, Tuple
 import requests
 
 from fixtures import types
-from fixtures.utils import get_user_role_names
 
 
 def test_change_role(
@@ -41,7 +40,7 @@ def test_change_role(
     )
 
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
+        signoz.self.host_configs["8080"].get("/api/v1/user/me"),
         timeout=2,
         headers={"Authorization": f"Bearer {new_user_token}"},
     )
@@ -61,20 +60,20 @@ def test_change_role(
 
     # Change the new user's role - move to ADMIN
     response = requests.put(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{new_user_id}"),
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{new_user_id}"),
         json={
             "displayName": "role change user",
-            "roleNames": ["signoz-admin"],
+            "role": "ADMIN",
         },
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
 
-    assert response.status_code == HTTPStatus.NO_CONTENT
+    assert response.status_code == HTTPStatus.OK
 
     # Make some API calls again
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
+        signoz.self.host_configs["8080"].get("/api/v1/user/me"),
         timeout=2,
         headers={"Authorization": f"Bearer {new_user_token}"},
     )
@@ -107,302 +106,3 @@ def test_change_role(
     )
 
     assert response.status_code == HTTPStatus.OK
-
-
-def test_remove_all_roles(
-    signoz: types.SigNoz,
-    get_token: Callable[[str, str], str],
-    get_tokens: Callable[[str, str], Tuple[str, str]],
-):
-    admin_token = get_token("admin@integration.test", "password123Z$")
-
-    # Create a new user as EDITOR
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite"),
-        json={"email": "admin+noroles@integration.test", "role": "EDITOR"},
-        timeout=2,
-        headers={"Authorization": f"Bearer {admin_token}"},
-    )
-    assert response.status_code == HTTPStatus.CREATED
-
-    invited_user = response.json()["data"]
-    reset_token = invited_user["token"]
-
-    # Activate user via reset password
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
-        json={"password": "password123Z$", "token": reset_token},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NO_CONTENT
-
-    # Login and get user id
-    new_user_token, new_user_refresh_token = get_tokens(
-        "admin+noroles@integration.test", "password123Z$"
-    )
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.OK
-    new_user_id = response.json()["data"]["id"]
-
-    # Validate the user has the editor role
-    role_names = get_user_role_names(signoz, admin_token, new_user_id)
-    assert role_names is not None
-    assert "signoz-editor" in role_names
-
-    # Remove all roles
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{new_user_id}"),
-        json={
-            "displayName": "no roles user",
-            "roleNames": [],
-        },
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NO_CONTENT
-
-    # Validate the user has no roles
-    role_names = get_user_role_names(signoz, admin_token, new_user_id)
-    assert role_names is None or len(role_names) == 0
-
-    # Old token should be invalidated after role change
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.UNAUTHORIZED
-
-    # Token rotation should also fail for a user with no roles
-    # (the session endpoint requires roles to build an identity)
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v2/sessions/rotate"),
-        json={
-            "refreshToken": new_user_refresh_token,
-        },
-        headers={"Authorization": f"Bearer {new_user_token}"},
-        timeout=2,
-    )
-    assert (
-        response.status_code != HTTPStatus.OK
-    ), "token rotation should fail for user with no roles"
-
-
-def test_multiple_roles(
-    signoz: types.SigNoz,
-    get_token: Callable[[str, str], str],
-    get_tokens: Callable[[str, str], Tuple[str, str]],
-):
-    admin_token = get_token("admin@integration.test", "password123Z$")
-
-    # Create a new user as VIEWER
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite"),
-        json={"email": "admin+multirole@integration.test", "role": "VIEWER"},
-        timeout=2,
-        headers={"Authorization": f"Bearer {admin_token}"},
-    )
-    assert response.status_code == HTTPStatus.CREATED
-
-    invited_user = response.json()["data"]
-    reset_token = invited_user["token"]
-
-    # Activate user via reset password
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
-        json={"password": "password123Z$", "token": reset_token},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NO_CONTENT
-
-    # Login and get user id
-    new_user_token, new_user_refresh_token = get_tokens(
-        "admin+multirole@integration.test", "password123Z$"
-    )
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.OK
-    new_user_id = response.json()["data"]["id"]
-
-    # Validate user starts with viewer role
-    role_names = get_user_role_names(signoz, admin_token, new_user_id)
-    assert role_names is not None
-    assert role_names == [
-        "signoz-viewer"
-    ], f"expected ['signoz-viewer'], got {role_names}"
-
-    # As viewer, admin-only APIs should be forbidden
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/org/preferences"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.FORBIDDEN
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.FORBIDDEN
-
-    # Assign multiple roles: editor + viewer
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{new_user_id}"),
-        json={
-            "displayName": "multi role user",
-            "roleNames": ["signoz-editor", "signoz-viewer"],
-        },
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NO_CONTENT
-
-    # Validate user has both roles
-    role_names = get_user_role_names(signoz, admin_token, new_user_id)
-    assert role_names is not None
-    assert sorted(role_names) == [
-        "signoz-editor",
-        "signoz-viewer",
-    ], f"expected ['signoz-editor', 'signoz-viewer'], got {sorted(role_names)}"
-
-    # Rotate token to pick up new roles
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v2/sessions/rotate"),
-        json={"refreshToken": new_user_refresh_token},
-        headers={"Authorization": f"Bearer {new_user_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    rotate_response = response.json()["data"]
-    new_user_token = rotate_response["accessToken"]
-    new_user_refresh_token = rotate_response["refreshToken"]
-
-    # Verify /me includes both roles
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.OK
-    me_role_names = sorted(r["name"] for r in response.json()["data"]["roles"])
-    assert me_role_names == [
-        "signoz-editor",
-        "signoz-viewer",
-    ], f"expected ['signoz-editor', 'signoz-viewer'] in /me, got {me_role_names}"
-
-    # Editor+viewer still cannot access admin-only APIs
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/org/preferences"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.FORBIDDEN
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.FORBIDDEN
-
-    # Assign all three roles including admin
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{new_user_id}"),
-        json={
-            "displayName": "multi role user",
-            "roleNames": ["signoz-admin", "signoz-editor", "signoz-viewer"],
-        },
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NO_CONTENT
-
-    role_names = get_user_role_names(signoz, admin_token, new_user_id)
-    assert sorted(role_names) == [
-        "signoz-admin",
-        "signoz-editor",
-        "signoz-viewer",
-    ], f"expected all three roles, got {sorted(role_names)}"
-
-    # Rotate token to pick up admin role
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v2/sessions/rotate"),
-        json={"refreshToken": new_user_refresh_token},
-        headers={"Authorization": f"Bearer {new_user_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    rotate_response = response.json()["data"]
-    new_user_token = rotate_response["accessToken"]
-    new_user_refresh_token = rotate_response["refreshToken"]
-
-    # Now with admin role, admin-only APIs should succeed
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/org/preferences"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    # Reduce back to single viewer role
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{new_user_id}"),
-        json={
-            "displayName": "multi role user",
-            "roleNames": ["signoz-viewer"],
-        },
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NO_CONTENT
-
-    role_names = get_user_role_names(signoz, admin_token, new_user_id)
-    assert role_names == [
-        "signoz-viewer"
-    ], f"expected ['signoz-viewer'] after reduction, got {role_names}"
-
-    # Rotate token to pick up reduced roles
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v2/sessions/rotate"),
-        json={"refreshToken": new_user_refresh_token},
-        headers={"Authorization": f"Bearer {new_user_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    rotate_response = response.json()["data"]
-    new_user_token = rotate_response["accessToken"]
-
-    # After reducing to viewer, admin-only APIs should be forbidden again
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/org/preferences"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.FORBIDDEN
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {new_user_token}"},
-    )
-    assert response.status_code == HTTPStatus.FORBIDDEN

tests/integration/src/role/01_register.py

@@ -52,7 +52,7 @@ def test_root_user_signoz_admin_assignment(
 
     # Get the user from the /user/me endpoint and extract the id
     user_response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
+        signoz.self.host_configs["8080"].get("/api/v1/user/me"),
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )

tests/integration/src/role/02_user.py

@@ -47,7 +47,7 @@ def test_user_invite_accept_role_grant(
     # Login with editor email and password
     editor_token = get_token(USER_EDITOR_EMAIL, USER_EDITOR_PASSWORD)
     user_me_response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
+        signoz.self.host_configs["8080"].get("/api/v1/user/me"),
         headers={"Authorization": f"Bearer {editor_token}"},
         timeout=2,
     )
@@ -102,7 +102,7 @@ def test_user_update_role_grant(
     # Get the editor user's id
     editor_token = get_token(USER_EDITOR_EMAIL, USER_EDITOR_PASSWORD)
     user_me_response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
+        signoz.self.host_configs["8080"].get("/api/v1/user/me"),
         headers={"Authorization": f"Bearer {editor_token}"},
         timeout=2,
     )
@@ -121,14 +121,14 @@ def test_user_update_role_grant(
     org_id = roles_data[0]["orgId"]
 
     # Update the user's role to viewer
-    update_payload = {"roleNames": ["signoz-viewer"]}
+    update_payload = {"role": "VIEWER"}
     update_response = requests.put(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{editor_id}"),
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{editor_id}"),
         json=update_payload,
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
-    assert update_response.status_code == HTTPStatus.NO_CONTENT
+    assert update_response.status_code == HTTPStatus.OK
 
     # Check that user no longer has the editor role in the db
     with signoz.sqlstore.conn.connect() as conn:
@@ -179,7 +179,7 @@ def test_user_delete_role_revoke(
     # login with editor to get the user_id and check if user exists
     editor_token = get_token(USER_EDITOR_EMAIL, USER_EDITOR_PASSWORD)
     user_me_response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me"),
+        signoz.self.host_configs["8080"].get("/api/v1/user/me"),
         headers={"Authorization": f"Bearer {editor_token}"},
         timeout=2,
     )

tests/integration/src/rootuser/01_rootuser.py

@@ -14,7 +14,7 @@ def test_root_user_created(signoz: types.SigNoz) -> None:
     The root user service reconciles asynchronously after startup.
 
     Phase 1: Poll /api/v1/version until setupCompleted=true.
-    Phase 2: Poll /api/v2/users until it returns 200, confirming the root
+    Phase 2: Poll /api/v1/user until it returns 200, confirming the root
              user actually exists and the impersonation provider works.
     """
     # Phase 1: wait for setupCompleted
@@ -39,13 +39,13 @@ def test_root_user_created(signoz: types.SigNoz) -> None:
     # Phase 2: wait for root user to be fully resolved
     for attempt in range(15):
         response = requests.get(
-            signoz.self.host_configs["8080"].get("/api/v2/users"),
+            signoz.self.host_configs["8080"].get("/api/v1/user"),
             timeout=2,
         )
         if response.status_code == HTTPStatus.OK:
             return
         logger.info(
-            "Attempt %s: /api/v2/users returned %s, retrying ...",
+            "Attempt %s: /api/v1/user returned %s, retrying ...",
             attempt + 1,
             response.status_code,
         )

tests/integration/src/rootuser/02_impersonation.py

@@ -4,7 +4,6 @@ import requests
 
 from fixtures import types
 from fixtures.logger import setup_logger
-from fixtures.utils import get_user_role_names
 
 logger = setup_logger(__name__)
 
@@ -33,7 +32,7 @@ def test_impersonated_user_is_admin(signoz: types.SigNoz) -> None:
     Listing users is an admin-only endpoint.
     """
     response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v2/users"),
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
     )
 
@@ -47,5 +46,4 @@ def test_impersonated_user_is_admin(signoz: types.SigNoz) -> None:
         None,
     )
     assert root_user is not None
-    root_user_role_names = get_user_role_names(signoz, None, root_user["id"])
-    assert "signoz-admin" in root_user_role_names
+    assert root_user["role"] == "ADMIN"