feat: adding handlers

ee/sqlstore/postgressqlstore/provider.go

@@ -101,7 +101,7 @@ func (provider *provider) WrapNotFoundErrf(err error, code errors.Code, format s
 
 func (provider *provider) WrapAlreadyExistsErrf(err error, code errors.Code, format string, args ...any) error {
 	var pgErr *pgconn.PgError
-	if errors.As(err, &pgErr) && (pgErr.Code == "23505" || pgErr.Code == "23503") {
+	if errors.As(err, &pgErr) && pgErr.Code == "23505" {
 		return errors.Wrapf(err, errors.TypeAlreadyExists, code, format, args...)
 	}
 

frontend/src/api/index.ts

@@ -81,8 +81,7 @@ export const interceptorRejected = async (
 				response.config.url !== '/sessions/email_password' &&
 				!(
 					response.config.url === '/sessions' && response.config.method === 'delete'
-				) &&
-				response.config.url !== '/authz/check'
+				)
 			) {
 				try {
 					const accessToken = getLocalStorageApi(LOCALSTORAGE.AUTH_TOKEN);

frontend/src/api/interceptors.test.ts

@@ -1,152 +0,0 @@
-import axios, { AxiosHeaders, AxiosResponse } from 'axios';
-
-import { interceptorRejected } from './index';
-
-jest.mock('api/browser/localstorage/get', () => ({
-	__esModule: true,
-	default: jest.fn(() => 'mock-token'),
-}));
-
-jest.mock('api/v2/sessions/rotate/post', () => ({
-	__esModule: true,
-	default: jest.fn(() =>
-		Promise.resolve({
-			data: { accessToken: 'new-token', refreshToken: 'new-refresh' },
-		}),
-	),
-}));
-
-jest.mock('AppRoutes/utils', () => ({
-	__esModule: true,
-	default: jest.fn(),
-}));
-
-jest.mock('axios', () => {
-	const actualAxios = jest.requireActual('axios');
-	const mockAxios = jest.fn().mockResolvedValue({ data: 'success' });
-
-	return {
-		...actualAxios,
-		default: Object.assign(mockAxios, {
-			...actualAxios.default,
-			isAxiosError: jest.fn().mockReturnValue(true),
-			create: actualAxios.create,
-		}),
-		__esModule: true,
-	};
-});
-
-describe('interceptorRejected', () => {
-	beforeEach(() => {
-		jest.clearAllMocks();
-		((axios as unknown) as jest.Mock).mockResolvedValue({ data: 'success' });
-		((axios.isAxiosError as unknown) as jest.Mock).mockReturnValue(true);
-	});
-
-	it('should preserve array payload structure when retrying a 401 request', async () => {
-		const arrayPayload = [
-			{ relation: 'assignee', object: { resource: { name: 'role' } } },
-			{ relation: 'assignee', object: { resource: { name: 'editor' } } },
-		];
-
-		const error = ({
-			response: {
-				status: 401,
-				config: {
-					url: '/some-endpoint',
-					method: 'POST',
-					baseURL: 'http://localhost/',
-					headers: new AxiosHeaders(),
-					data: JSON.stringify(arrayPayload),
-				},
-			},
-			config: {
-				url: '/some-endpoint',
-				method: 'POST',
-				baseURL: 'http://localhost/',
-				headers: new AxiosHeaders(),
-				data: JSON.stringify(arrayPayload),
-			},
-		} as unknown) as AxiosResponse;
-
-		try {
-			await interceptorRejected(error);
-		} catch {
-			// Expected to reject after retry
-		}
-
-		const mockAxiosFn = (axios as unknown) as jest.Mock;
-		expect(mockAxiosFn.mock.calls.length).toBe(1);
-		const retryCallConfig = mockAxiosFn.mock.calls[0][0];
-		expect(Array.isArray(JSON.parse(retryCallConfig.data))).toBe(true);
-		expect(JSON.parse(retryCallConfig.data)).toEqual(arrayPayload);
-	});
-
-	it('should preserve object payload structure when retrying a 401 request', async () => {
-		const objectPayload = { key: 'value', nested: { data: 123 } };
-
-		const error = ({
-			response: {
-				status: 401,
-				config: {
-					url: '/some-endpoint',
-					method: 'POST',
-					baseURL: 'http://localhost/',
-					headers: new AxiosHeaders(),
-					data: JSON.stringify(objectPayload),
-				},
-			},
-			config: {
-				url: '/some-endpoint',
-				method: 'POST',
-				baseURL: 'http://localhost/',
-				headers: new AxiosHeaders(),
-				data: JSON.stringify(objectPayload),
-			},
-		} as unknown) as AxiosResponse;
-
-		try {
-			await interceptorRejected(error);
-		} catch {
-			// Expected to reject after retry
-		}
-
-		const mockAxiosFn = (axios as unknown) as jest.Mock;
-		expect(mockAxiosFn.mock.calls.length).toBe(1);
-		const retryCallConfig = mockAxiosFn.mock.calls[0][0];
-		expect(JSON.parse(retryCallConfig.data)).toEqual(objectPayload);
-	});
-
-	it('should handle undefined data gracefully when retrying', async () => {
-		const error = ({
-			response: {
-				status: 401,
-				config: {
-					url: '/some-endpoint',
-					method: 'GET',
-					baseURL: 'http://localhost/',
-					headers: new AxiosHeaders(),
-					data: undefined,
-				},
-			},
-			config: {
-				url: '/some-endpoint',
-				method: 'GET',
-				baseURL: 'http://localhost/',
-				headers: new AxiosHeaders(),
-				data: undefined,
-			},
-		} as unknown) as AxiosResponse;
-
-		try {
-			await interceptorRejected(error);
-		} catch {
-			// Expected to reject after retry
-		}
-
-		const mockAxiosFn = (axios as unknown) as jest.Mock;
-		expect(mockAxiosFn.mock.calls.length).toBe(1);
-		const retryCallConfig = mockAxiosFn.mock.calls[0][0];
-		expect(retryCallConfig.data).toBeUndefined();
-	});
-});

frontend/src/assets/UnAuthorized.tsx

@@ -1,14 +1,8 @@
-function UnAuthorized({
-	width = 137,
-	height = 137,
-}: {
-	height?: number;
-	width?: number;
-}): JSX.Element {
+function UnAuthorized(): JSX.Element {
 	return (
 		<svg
-			width={width}
-			height={height}
+			width="137"
+			height="137"
 			viewBox="0 0 137 137"
 			fill="none"
 			xmlns="http://www.w3.org/2000/svg"

frontend/src/components/ShiftOverlay/ShiftHoldOverlayController.tsx

@@ -1,13 +1,13 @@
 import { createShortcutActions } from '../../constants/shortcutActions';
 import { useCmdK } from '../../providers/cmdKProvider';
-import { ROLES } from '../../types/roles';
 import { ShiftOverlay } from './ShiftOverlay';
 import { useShiftHoldOverlay } from './useShiftHoldOverlay';
 
+type UserRole = 'ADMIN' | 'EDITOR' | 'AUTHOR' | 'VIEWER';
 export function ShiftHoldOverlayController({
 	userRole,
 }: {
-	userRole: ROLES;
+	userRole: UserRole;
 }): JSX.Element | null {
 	const { open: isCmdKOpen } = useCmdK();
 	const noop = (): void => undefined;

frontend/src/components/ShiftOverlay/ShiftOverlay.tsx

@@ -1,18 +1,18 @@
 import { useMemo } from 'react';
 import ReactDOM from 'react-dom';
-import { ROLES } from 'types/roles';
 
 import { formatShortcut } from './formatShortcut';
 
 import './shiftOverlay.scss';
 
+export type UserRole = 'ADMIN' | 'EDITOR' | 'AUTHOR' | 'VIEWER';
 export type CmdAction = {
 	id: string;
 	name: string;
 	shortcut?: string[];
 	keywords?: string;
 	section?: string;
-	roles?: ROLES[];
+	roles?: UserRole[];
 	perform: () => void;
 };
 
@@ -33,7 +33,7 @@ function Shortcut({ label, keyHint }: ShortcutProps): JSX.Element {
 interface ShiftOverlayProps {
 	visible: boolean;
 	actions: CmdAction[];
-	userRole: ROLES;
+	userRole: UserRole;
 }
 
 export function ShiftOverlay({

frontend/src/components/cmdKPalette/cmdKPalette.tsx

@@ -11,7 +11,6 @@ import {
 import logEvent from 'api/common/logEvent';
 import { useThemeMode } from 'hooks/useDarkMode';
 import history from 'lib/history';
-import { ROLES as UserRole } from 'types/roles';
 
 import { createShortcutActions } from '../../constants/shortcutActions';
 import { useCmdK } from '../../providers/cmdKProvider';
@@ -29,6 +28,7 @@ type CmdAction = {
 	perform: () => void;
 };
 
+type UserRole = 'ADMIN' | 'EDITOR' | 'AUTHOR' | 'VIEWER';
 export function CmdKPalette({
 	userRole,
 }: {

frontend/src/constants/shortcutActions.tsx

@@ -18,7 +18,8 @@ import {
 	TowerControl,
 	Workflow,
 } from 'lucide-react';
-import { ROLES } from 'types/roles';
+
+export type UserRole = 'ADMIN' | 'EDITOR' | 'AUTHOR' | 'VIEWER';
 
 export type CmdAction = {
 	id: string;
@@ -27,7 +28,7 @@ export type CmdAction = {
 	keywords?: string;
 	section?: string;
 	icon?: React.ReactNode;
-	roles?: ROLES[];
+	roles?: UserRole[];
 	perform: () => void;
 };
 

frontend/src/hooks/useAuthZ/constants.ts

@@ -1,2 +0,0 @@
-export const SINGLE_FLIGHT_WAIT_TIME_MS = 50;
-export const AUTHZ_CACHE_TIME = 20_000;

frontend/src/hooks/useAuthZ/legacy.ts

@@ -1,18 +0,0 @@
-import { buildPermission } from './utils';
-
-export const IsAdminPermission = buildPermission(
-	'assignee',
-	'role:signoz-admin',
-);
-export const IsEditorPermission = buildPermission(
-	'assignee',
-	'role:signoz-editor',
-);
-export const IsViewerPermission = buildPermission(
-	'assignee',
-	'role:signoz-viewer',
-);
-export const IsAnonymousPermission = buildPermission(
-	'assignee',
-	'role:signoz-anonymous',
-);

frontend/src/hooks/useAuthZ/types.ts

@@ -14,7 +14,7 @@ type ResourceTypeMap = {
 
 type RelationName = keyof RelationsByType;
 
-export type ResourcesForRelation<R extends RelationName> = Extract<
+type ResourcesForRelation<R extends RelationName> = Extract<
 	Resource,
 	{ type: RelationsByType[R][number] }
 >['name'];
@@ -50,26 +50,8 @@ export type AuthZCheckResponse = Record<
 	}
 >;
 
-export type UseAuthZOptions = {
-	/**
-	 * If false, the query/permissions will not be fetched.
-	 * Useful when you want to disable the query/permissions for a specific use case, like logout.
-	 *
-	 * @default true
-	 */
-	enabled?: boolean;
-};
-
 export type UseAuthZResult = {
-	/**
-	 * If query is cached, and refetch happens in background, this is false.
-	 */
 	isLoading: boolean;
-	/**
-	 * If query is fetching, even if happens in background, this is true.
-	 */
-	isFetching: boolean;
 	error: Error | null;
 	permissions: AuthZCheckResponse | null;
-	refetchPermissions: () => void;
 };

frontend/src/hooks/useAuthZ/useAuthZ.tsx

@@ -1,4 +1,4 @@
-import { useCallback, useMemo } from 'react';
+import { useMemo } from 'react';
 import { useQueries } from 'react-query';
 import { authzCheck } from 'api/generated/services/authz';
 import type {
@@ -6,13 +6,7 @@ import type {
 	AuthtypesTransactionDTO,
 } from 'api/generated/services/sigNoz.schemas';
 
-import { AUTHZ_CACHE_TIME, SINGLE_FLIGHT_WAIT_TIME_MS } from './constants';
-import {
-	AuthZCheckResponse,
-	BrandedPermission,
-	UseAuthZOptions,
-	UseAuthZResult,
-} from './types';
+import { AuthZCheckResponse, BrandedPermission, UseAuthZResult } from './types';
 import {
 	gettableTransactionToPermission,
 	permissionToTransactionDto,
@@ -20,6 +14,8 @@ import {
 
 let ctx: Promise<AuthZCheckResponse> | null;
 let pendingPermissions: BrandedPermission[] = [];
+const SINGLE_FLIGHT_WAIT_TIME_MS = 50;
+const AUTHZ_CACHE_TIME = 20_000;
 
 function dispatchPermission(
 	permission: BrandedPermission,
@@ -74,12 +70,7 @@ async function fetchManyPermissions(
 	}, {} as AuthZCheckResponse);
 }
 
-export function useAuthZ(
-	permissions: BrandedPermission[],
-	options?: UseAuthZOptions,
-): UseAuthZResult {
-	const { enabled } = options ?? { enabled: true };
-
+export function useAuthZ(permissions: BrandedPermission[]): UseAuthZResult {
 	const queryResults = useQueries(
 		permissions.map((permission) => {
 			return {
@@ -89,7 +80,6 @@ export function useAuthZ(
 				refetchIntervalInBackground: false,
 				refetchOnWindowFocus: false,
 				refetchOnReconnect: true,
-				enabled,
 				queryFn: async (): Promise<AuthZCheckResponse> => {
 					const response = await dispatchPermission(permission);
 
@@ -106,10 +96,6 @@ export function useAuthZ(
 	const isLoading = useMemo(() => queryResults.some((q) => q.isLoading), [
 		queryResults,
 	]);
-	const isFetching = useMemo(() => queryResults.some((q) => q.isFetching), [
-		queryResults,
-	]);
-
 	const error = useMemo(
 		() =>
 			!isLoading
@@ -135,17 +121,9 @@ export function useAuthZ(
 		}, {} as AuthZCheckResponse);
 	}, [isLoading, error, queryResults]);
 
-	const refetchPermissions = useCallback(() => {
-		for (const query of queryResults) {
-			query.refetch();
-		}
-	}, [queryResults]);
-
 	return {
 		isLoading,
-		isFetching,
 		error,
 		permissions: data ?? null,
-		refetchPermissions,
 	};
 }

frontend/src/hooks/useAuthZ/utils.ts

@@ -3,9 +3,9 @@ import permissionsType from './permissions.type';
 import {
 	AuthZObject,
 	AuthZRelation,
+	AuthZResource,
 	BrandedPermission,
 	ResourceName,
-	ResourcesForRelation,
 	ResourceType,
 } from './types';
 
@@ -19,10 +19,11 @@ export function buildPermission<R extends AuthZRelation>(
 	return `${relation}${PermissionSeparator}${object}` as BrandedPermission;
 }
 
-export function buildObjectString<
-	R extends 'delete' | 'read' | 'update' | 'assignee'
->(resource: ResourcesForRelation<R>, objectId: string): AuthZObject<R> {
-	return `${resource}${ObjectSeparator}${objectId}` as AuthZObject<R>;
+export function buildObjectString(
+	resource: AuthZResource,
+	objectId: string,
+): `${AuthZResource}${typeof ObjectSeparator}${string}` {
+	return `${resource}${ObjectSeparator}${objectId}` as const;
 }
 
 export function parsePermission(

frontend/src/pages/UnAuthorized/index.styles.scss

@@ -1,5 +0,0 @@
-.unauthorized-page {
-	&__description {
-		text-align: center;
-	}
-}

frontend/src/pages/UnAuthorized/index.tsx

@@ -1,51 +1,20 @@
-import { useCallback } from 'react';
 import { Space, Typography } from 'antd';
 import UnAuthorized from 'assets/UnAuthorized';
-import { Container } from 'components/NotFound/styles';
-import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
-import { useQueryState } from 'nuqs';
-import { handleContactSupport } from 'pages/Integrations/utils';
-
-import { useAppContext } from '../../providers/App/App';
-import { USER_ROLES } from '../../types/roles';
-
-import './index.styles.scss';
+import { Button, Container } from 'components/NotFound/styles';
+import ROUTES from 'constants/routes';
 
 function UnAuthorizePage(): JSX.Element {
-	const [debugCurrentRole] = useQueryState('currentRole');
-	const { user } = useAppContext();
-	const { isCloudUser: isCloudUserVal } = useGetTenantLicense();
-
-	const userIsAnonymous =
-		debugCurrentRole === USER_ROLES.ANONYMOUS ||
-		user.role === USER_ROLES.ANONYMOUS;
-	const mistakeMessage = userIsAnonymous
-		? 'If you believe this is a mistake, please contact your administrator or'
-		: 'Please contact your administrator.';
-
-	const handleContactSupportClick = useCallback((): void => {
-		handleContactSupport(isCloudUserVal);
-	}, [isCloudUserVal]);
-
 	return (
-		<Container className="unauthorized-page">
+		<Container>
 			<Space align="center" direction="vertical">
-				<UnAuthorized width={64} height={64} />
-				<Typography.Title level={3}>Access Restricted</Typography.Title>
+				<UnAuthorized />
+				<Typography.Title level={3}>
+					Oops.. you don&apos;t have permission to view this page
+				</Typography.Title>
 
-				<p className="unauthorized-page__description">
-					It looks like you don&lsquo;t have permission to view this page. <br />
-					{mistakeMessage}
-					{userIsAnonymous ? (
-						<Typography.Link
-							className="contact-support-link"
-							onClick={handleContactSupportClick}
-						>
-							{' '}
-							reach out to us.
-						</Typography.Link>
-					) : null}
-				</p>
+				<Button to={ROUTES.HOME} tabIndex={0} className="periscope-btn primary">
+					Return To Home
+				</Button>
 			</Space>
 		</Container>
 	);

frontend/src/providers/App/App.tsx

@@ -19,12 +19,6 @@ import getUserVersion from 'api/v1/version/get';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import dayjs from 'dayjs';
 import useActiveLicenseV3 from 'hooks/useActiveLicenseV3/useActiveLicenseV3';
-import {
-	IsAdminPermission,
-	IsEditorPermission,
-	IsViewerPermission,
-} from 'hooks/useAuthZ/legacy';
-import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
 import { useGetFeatureFlag } from 'hooks/useGetFeatureFlag';
 import { useGlobalEventListener } from 'hooks/useGlobalEventListener';
 import { ChangelogSchema } from 'types/api/changelog/getChangelogByVersion';
@@ -40,7 +34,7 @@ import {
 	UserPreference,
 } from 'types/api/preferences/preference';
 import { Organization } from 'types/api/user/getOrganization';
-import { ROLES, USER_ROLES } from 'types/roles';
+import { USER_ROLES } from 'types/roles';
 
 import { IAppContext, IUser } from './types';
 import { getUserDefaults } from './utils';
@@ -49,7 +43,7 @@ export const AppContext = createContext<IAppContext | undefined>(undefined);
 
 export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 	// on load of the provider set the user defaults with access token , refresh token from local storage
-	const [defaultUser, setDefaultUser] = useState<IUser>(() => getUserDefaults());
+	const [user, setUser] = useState<IUser>(() => getUserDefaults());
 	const [activeLicense, setActiveLicense] = useState<LicenseResModel | null>(
 		null,
 	);
@@ -76,51 +70,18 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 	// if logged out and trying to hit any route none of these calls will trigger
 	const {
 		data: userData,
-		isFetching: isFetchingUserData,
-		error: userFetchDataError,
+		isFetching: isFetchingUser,
+		error: userFetchError,
 	} = useQuery({
 		queryFn: get,
 		queryKey: ['/api/v1/user/me'],
 		enabled: isLoggedIn,
 	});
 
-	const {
-		permissions: permissionsResult,
-		isFetching: isFetchingPermissions,
-		error: errorOnPermissions,
-		refetchPermissions,
-	} = useAuthZ([IsAdminPermission, IsEditorPermission, IsViewerPermission], {
-		enabled: isLoggedIn,
-	});
-
-	const isFetchingUser = isFetchingUserData || isFetchingPermissions;
-	const userFetchError = userFetchDataError || errorOnPermissions;
-
-	const userRole = useMemo(() => {
-		if (permissionsResult?.[IsAdminPermission]?.isGranted) {
-			return USER_ROLES.ADMIN;
-		}
-		if (permissionsResult?.[IsEditorPermission]?.isGranted) {
-			return USER_ROLES.EDITOR;
-		}
-		if (permissionsResult?.[IsViewerPermission]?.isGranted) {
-			return USER_ROLES.VIEWER;
-		}
-		// if none of the permissions, so anonymous
-		return USER_ROLES.ANONYMOUS;
-	}, [permissionsResult]);
-
-	const user: IUser = useMemo(() => {
-		return {
-			...defaultUser,
-			role: userRole as ROLES,
-		};
-	}, [defaultUser, userRole]);
-
 	useEffect(() => {
 		if (!isFetchingUser && userData && userData.data) {
 			setLocalStorageApi(LOCALSTORAGE.LOGGED_IN_USER_EMAIL, userData.data.email);
-			setDefaultUser((prev) => ({
+			setUser((prev) => ({
 				...prev,
 				...userData.data,
 			}));
@@ -242,7 +203,7 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 	}, [userPreferencesData, isFetchingUserPreferences, isLoggedIn]);
 
 	function updateUser(user: IUser): void {
-		setDefaultUser((prev) => ({
+		setUser((prev) => ({
 			...prev,
 			...user,
 		}));
@@ -283,7 +244,7 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 					...org.slice(orgIndex + 1, org.length),
 				];
 				setOrg(updatedOrg);
-				setDefaultUser((prev) => {
+				setUser((prev) => {
 					if (prev.orgId === orgId) {
 						return {
 							...prev,
@@ -311,7 +272,7 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 	// global event listener for AFTER_LOGIN event to start the user fetch post all actions are complete
 	useGlobalEventListener('AFTER_LOGIN', (event) => {
 		if (event.detail) {
-			setDefaultUser((prev) => ({
+			setUser((prev) => ({
 				...prev,
 				accessJwt: event.detail.accessJWT,
 				refreshJwt: event.detail.refreshJWT,
@@ -319,14 +280,12 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 			}));
 			setIsLoggedIn(true);
 		}
-
-		refetchPermissions();
 	});
 
 	// global event listener for LOGOUT event to clean the app context state
 	useGlobalEventListener('LOGOUT', () => {
 		setIsLoggedIn(false);
-		setDefaultUser(getUserDefaults());
+		setUser(getUserDefaults());
 		setActiveLicense(null);
 		setTrialInfo(null);
 		setFeatureFlags(null);

frontend/src/providers/App/__tests__/App.test.tsx

@@ -1,273 +0,0 @@
-import { ReactElement } from 'react';
-import { QueryClient, QueryClientProvider } from 'react-query';
-import { renderHook, waitFor } from '@testing-library/react';
-import setLocalStorageApi from 'api/browser/localstorage/set';
-import {
-	AuthtypesGettableTransactionDTO,
-	AuthtypesTransactionDTO,
-} from 'api/generated/services/sigNoz.schemas';
-import { LOCALSTORAGE } from 'constants/localStorage';
-import { SINGLE_FLIGHT_WAIT_TIME_MS } from 'hooks/useAuthZ/constants';
-import { server } from 'mocks-server/server';
-import { rest } from 'msw';
-import { USER_ROLES } from 'types/roles';
-
-import { AppProvider, useAppContext } from '../App';
-
-const AUTHZ_CHECK_URL = 'http://localhost/api/v1/authz/check';
-
-jest.mock('constants/env', () => ({
-	ENVIRONMENT: { baseURL: 'http://localhost', wsURL: '' },
-}));
-
-/**
- * Since we are mocking the check permissions, this is needed
- */
-const waitForSinglePreflightToFinish = async (): Promise<void> =>
-	await new Promise((r) => setTimeout(r, SINGLE_FLIGHT_WAIT_TIME_MS));
-
-function authzMockResponse(
-	payload: AuthtypesTransactionDTO[],
-	authorizedByIndex: boolean[],
-): { data: AuthtypesGettableTransactionDTO[]; status: string } {
-	return {
-		data: payload.map((txn, i) => ({
-			relation: txn.relation,
-			object: txn.object,
-			authorized: authorizedByIndex[i] ?? false,
-		})),
-		status: 'success',
-	};
-}
-
-const queryClient = new QueryClient({
-	defaultOptions: {
-		queries: {
-			refetchOnWindowFocus: false,
-			retry: false,
-		},
-	},
-});
-
-function createWrapper(): ({
-	children,
-}: {
-	children: ReactElement;
-}) => ReactElement {
-	return function Wrapper({
-		children,
-	}: {
-		children: ReactElement;
-	}): ReactElement {
-		return (
-			<QueryClientProvider client={queryClient}>
-				<AppProvider>{children}</AppProvider>
-			</QueryClientProvider>
-		);
-	};
-}
-
-describe('AppProvider user.role from permissions', () => {
-	beforeEach(() => {
-		queryClient.clear();
-		setLocalStorageApi(LOCALSTORAGE.IS_LOGGED_IN, 'true');
-	});
-
-	it('sets user.role to ADMIN and hasEditPermission to true when admin permission is granted', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [true, false, false])),
-				);
-			}),
-		);
-
-		const wrapper = createWrapper();
-		const { result } = renderHook(() => useAppContext(), { wrapper });
-
-		await waitForSinglePreflightToFinish();
-
-		await waitFor(
-			() => {
-				expect(result.current.user.role).toBe(USER_ROLES.ADMIN);
-				expect(result.current.hasEditPermission).toBe(true);
-			},
-			{ timeout: 2000 },
-		);
-	});
-
-	it('sets user.role to EDITOR and hasEditPermission to true when only editor permission is granted', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [false, true, false])),
-				);
-			}),
-		);
-
-		const wrapper = createWrapper();
-		const { result } = renderHook(() => useAppContext(), { wrapper });
-
-		await waitForSinglePreflightToFinish();
-
-		await waitFor(
-			() => {
-				expect(result.current.user.role).toBe(USER_ROLES.EDITOR);
-				expect(result.current.hasEditPermission).toBe(true);
-			},
-			{ timeout: 2000 },
-		);
-	});
-
-	it('sets user.role to VIEWER and hasEditPermission to false when only viewer permission is granted', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [false, false, true])),
-				);
-			}),
-		);
-
-		const wrapper = createWrapper();
-		const { result } = renderHook(() => useAppContext(), { wrapper });
-
-		await waitForSinglePreflightToFinish();
-
-		await waitFor(
-			() => {
-				expect(result.current.user.role).toBe(USER_ROLES.VIEWER);
-				expect(result.current.hasEditPermission).toBe(false);
-			},
-			{ timeout: 2000 },
-		);
-	});
-
-	it('sets user.role to ANONYMOUS and hasEditPermission to false when no role permission is granted', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [false, false, false])),
-				);
-			}),
-		);
-
-		const wrapper = createWrapper();
-		const { result } = renderHook(() => useAppContext(), { wrapper });
-
-		await waitForSinglePreflightToFinish();
-
-		await waitFor(
-			() => {
-				expect(result.current.user.role).toBe(USER_ROLES.ANONYMOUS);
-				expect(result.current.hasEditPermission).toBe(false);
-			},
-			{ timeout: 2000 },
-		);
-	});
-
-	/**
-	 * This is expected to not happen, but we'll test it just in case.
-	 */
-	describe('when multiple role permissions are granted', () => {
-		it('prefers ADMIN over EDITOR and VIEWER when multiple role permissions are granted', async () => {
-			server.use(
-				rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-					const payload = await req.json();
-					return res(
-						ctx.status(200),
-						ctx.json(authzMockResponse(payload, [true, true, true])),
-					);
-				}),
-			);
-
-			const wrapper = createWrapper();
-			const { result } = renderHook(() => useAppContext(), { wrapper });
-
-			await waitFor(
-				() => {
-					expect(result.current.user.role).toBe(USER_ROLES.ADMIN);
-					expect(result.current.hasEditPermission).toBe(true);
-				},
-				{ timeout: 300 },
-			);
-		});
-
-		it('prefers EDITOR over VIEWER when editor and viewer permissions are granted', async () => {
-			server.use(
-				rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-					const payload = await req.json();
-					return res(
-						ctx.status(200),
-						ctx.json(authzMockResponse(payload, [false, true, true])),
-					);
-				}),
-			);
-
-			const wrapper = createWrapper();
-			const { result } = renderHook(() => useAppContext(), { wrapper });
-
-			await waitForSinglePreflightToFinish();
-
-			await waitFor(
-				() => {
-					expect(result.current.user.role).toBe(USER_ROLES.EDITOR);
-					expect(result.current.hasEditPermission).toBe(true);
-				},
-				{ timeout: 2000 },
-			);
-		});
-	});
-});
-
-describe('AppProvider when authz/check fails', () => {
-	beforeEach(() => {
-		queryClient.clear();
-		setLocalStorageApi(LOCALSTORAGE.IS_LOGGED_IN, 'true');
-	});
-
-	it('sets userFetchError when authz/check returns 500 (same as user fetch error)', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_, res, ctx) =>
-				res(ctx.status(500), ctx.json({ error: 'Internal Server Error' })),
-			),
-		);
-
-		const wrapper = createWrapper();
-		const { result } = renderHook(() => useAppContext(), { wrapper });
-
-		await waitForSinglePreflightToFinish();
-
-		await waitFor(
-			() => {
-				expect(result.current.userFetchError).toBeTruthy();
-			},
-			{ timeout: 2000 },
-		);
-	});
-
-	it('sets userFetchError when authz/check fails with network error (same as user fetch error)', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_, res) => res.networkError('Network error')),
-		);
-
-		const wrapper = createWrapper();
-		const { result } = renderHook(() => useAppContext(), { wrapper });
-
-		await waitForSinglePreflightToFinish();
-
-		await waitFor(
-			() => {
-				expect(result.current.userFetchError).toBeTruthy();
-			},
-			{ timeout: 2000 },
-		);
-	});
-});

frontend/src/types/api/user/getUser.ts

@@ -13,9 +13,6 @@ export interface UserResponse {
 	displayName: string;
 	orgId: string;
 	organization: string;
-	/**
-	 * @deprecated This will be removed in the future releases in favor of new AuthZ framework
-	 */
 	role: ROLES;
 	updatedAt?: number;
 }

frontend/src/types/roles.ts

@@ -2,16 +2,14 @@ export type ADMIN = 'ADMIN';
 export type VIEWER = 'VIEWER';
 export type EDITOR = 'EDITOR';
 export type AUTHOR = 'AUTHOR';
-export type ANONYMOUS = 'ANONYMOUS';
 
-export type ROLES = ADMIN | VIEWER | EDITOR | AUTHOR | ANONYMOUS;
+export type ROLES = ADMIN | VIEWER | EDITOR | AUTHOR;
 
 export const USER_ROLES = {
 	ADMIN: 'ADMIN',
 	VIEWER: 'VIEWER',
 	EDITOR: 'EDITOR',
 	AUTHOR: 'AUTHOR',
-	ANONYMOUS: 'ANONYMOUS',
 };
 
 export enum RoleType {

frontend/src/utils/permission/index.ts

@@ -69,7 +69,7 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	ALERT_OVERVIEW: ['ADMIN', 'EDITOR', 'VIEWER'],
 	LOGIN: ['ADMIN', 'EDITOR', 'VIEWER'],
 	FORGOT_PASSWORD: ['ADMIN', 'EDITOR', 'VIEWER'],
-	NOT_FOUND: ['ADMIN', 'VIEWER', 'EDITOR', 'ANONYMOUS'],
+	NOT_FOUND: ['ADMIN', 'VIEWER', 'EDITOR'],
 	PASSWORD_RESET: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SERVICE_METRICS: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SETTINGS: ['ADMIN', 'EDITOR', 'VIEWER'],
@@ -77,7 +77,7 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	TRACES_EXPLORER: ['ADMIN', 'EDITOR', 'VIEWER'],
 	TRACE: ['ADMIN', 'EDITOR', 'VIEWER'],
 	TRACE_DETAIL: ['ADMIN', 'EDITOR', 'VIEWER'],
-	UN_AUTHORIZED: ['ADMIN', 'EDITOR', 'VIEWER', 'ANONYMOUS'],
+	UN_AUTHORIZED: ['ADMIN', 'EDITOR', 'VIEWER'],
 	USAGE_EXPLORER: ['ADMIN', 'EDITOR', 'VIEWER'],
 	VERSION: ['ADMIN', 'EDITOR', 'VIEWER'],
 	LOGS: ['ADMIN', 'EDITOR', 'VIEWER'],
@@ -101,7 +101,7 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	ROLE_DETAILS: ['ADMIN'],
 	MEMBERS_SETTINGS: ['ADMIN'],
 	BILLING: ['ADMIN'],
-	SUPPORT: ['ADMIN', 'EDITOR', 'VIEWER', 'ANONYMOUS'],
+	SUPPORT: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SOMETHING_WENT_WRONG: ['ADMIN', 'EDITOR', 'VIEWER'],
 	LOGS_SAVE_VIEWS: ['ADMIN', 'EDITOR', 'VIEWER'],
 	TRACES_SAVE_VIEWS: ['ADMIN', 'EDITOR', 'VIEWER'],

pkg/apiserver/signozapiserver/cloudintegration.go

@@ -0,0 +1,194 @@
+package signozapiserver
+
+import (
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/http/handler"
+	"github.com/SigNoz/signoz/pkg/types"
+	citypes "github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/gorilla/mux"
+)
+
+func (provider *provider) addCloudIntegrationRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/connection_artifact", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetConnectionArtifact),
+		handler.OpenAPIDef{
+			ID:                  "GetConnectionArtifact",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get connection artifact",
+			Description:         "This endpoint returns a connection artifact for the specified cloud provider and creates new cloud integration account",
+			Request:             new(citypes.PostableConnectionArtifact),
+			RequestContentType:  "application/json",
+			Response:            new(citypes.GettableConnectionArtifact),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.ListAccounts),
+		handler.OpenAPIDef{
+			ID:                  "ListAccounts",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "List accounts",
+			Description:         "This endpoint lists the accounts for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableAccounts),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetAccount),
+		handler.OpenAPIDef{
+			ID:                  "GetAccount",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get account",
+			Description:         "This endpoint gets an account for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableAccount),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.UpdateAccount),
+		handler.OpenAPIDef{
+			ID:                  "UpdateAccount",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Update account",
+			Description:         "This endpoint updates an account for the specified cloud provider",
+			Request:             new(citypes.UpdatableAccount),
+			RequestContentType:  "application/json",
+			Response:            nil,
+			ResponseContentType: "",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.DisconnectAccount),
+		handler.OpenAPIDef{
+			ID:                  "DisconnectAccount",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Disconnect account",
+			Description:         "This endpoint disconnects an account for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            nil,
+			ResponseContentType: "",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.ListServicesMetadata),
+		handler.OpenAPIDef{
+			ID:                  "ListServicesMetadata",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "List services metadata",
+			Description:         "This endpoint lists the services metadata for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableServicesMetadata),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services/{service_id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetService),
+		handler.OpenAPIDef{
+			ID:                  "GetService",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get service",
+			Description:         "This endpoint gets a service for the specified cloud provider",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            new(citypes.GettableService),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services/{service_id}", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.UpdateService),
+		handler.OpenAPIDef{
+			ID:                  "UpdateService",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Update service",
+			Description:         "This endpoint updates a service for the specified cloud provider",
+			Request:             new(citypes.UpdatableService),
+			RequestContentType:  "application/json",
+			Response:            nil,
+			ResponseContentType: "",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/agent-check-in", handler.New(
+		provider.authZ.ViewAccess(provider.cloudIntegrationHandler.AgentCheckIn),
+		handler.OpenAPIDef{
+			ID:                  "AgentCheckIn",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Agent check-in",
+			Description:         "This endpoint is called by the deployed agent to check in",
+			Request:             new(citypes.PostableAgentCheckInRequest),
+			RequestContentType:  "application/json",
+			Response:            new(citypes.GettableAgentCheckInResponse),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer), // agent role is viewer
+		},
+	)).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/apiserver/signozapiserver/provider.go

@@ -12,6 +12,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/fields"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
@@ -29,27 +30,28 @@ import (
 )
 
 type provider struct {
-	config                 apiserver.Config
-	settings               factory.ScopedProviderSettings
-	router                 *mux.Router
-	authZ                  *middleware.AuthZ
-	orgHandler             organization.Handler
-	userHandler            user.Handler
-	sessionHandler         session.Handler
-	authDomainHandler      authdomain.Handler
-	preferenceHandler      preference.Handler
-	globalHandler          global.Handler
-	promoteHandler         promote.Handler
-	flaggerHandler         flagger.Handler
-	dashboardModule        dashboard.Module
-	dashboardHandler       dashboard.Handler
-	metricsExplorerHandler metricsexplorer.Handler
-	gatewayHandler         gateway.Handler
-	fieldsHandler          fields.Handler
-	authzHandler           authz.Handler
-	zeusHandler            zeus.Handler
-	querierHandler         querier.Handler
-	serviceAccountHandler  serviceaccount.Handler
+	config                  apiserver.Config
+	settings                factory.ScopedProviderSettings
+	router                  *mux.Router
+	authZ                   *middleware.AuthZ
+	orgHandler              organization.Handler
+	userHandler             user.Handler
+	sessionHandler          session.Handler
+	authDomainHandler       authdomain.Handler
+	preferenceHandler       preference.Handler
+	globalHandler           global.Handler
+	promoteHandler          promote.Handler
+	flaggerHandler          flagger.Handler
+	dashboardModule         dashboard.Module
+	dashboardHandler        dashboard.Handler
+	metricsExplorerHandler  metricsexplorer.Handler
+	gatewayHandler          gateway.Handler
+	fieldsHandler           fields.Handler
+	authzHandler            authz.Handler
+	zeusHandler             zeus.Handler
+	querierHandler          querier.Handler
+	serviceAccountHandler   serviceaccount.Handler
+	cloudIntegrationHandler cloudintegration.Handler
 }
 
 func NewFactory(
@@ -72,6 +74,7 @@ func NewFactory(
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
 	serviceAccountHandler serviceaccount.Handler,
+	cloudIntegrationHandler cloudintegration.Handler,
 ) factory.ProviderFactory[apiserver.APIServer, apiserver.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("signoz"), func(ctx context.Context, providerSettings factory.ProviderSettings, config apiserver.Config) (apiserver.APIServer, error) {
 		return newProvider(
@@ -97,6 +100,7 @@ func NewFactory(
 			zeusHandler,
 			querierHandler,
 			serviceAccountHandler,
+			cloudIntegrationHandler,
 		)
 	})
 }
@@ -124,31 +128,33 @@ func newProvider(
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
 	serviceAccountHandler serviceaccount.Handler,
+	cloudIntegrationHandler cloudintegration.Handler,
 ) (apiserver.APIServer, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/apiserver/signozapiserver")
 	router := mux.NewRouter().UseEncodedPath()
 
 	provider := &provider{
-		config:                 config,
-		settings:               settings,
-		router:                 router,
-		orgHandler:             orgHandler,
-		userHandler:            userHandler,
-		sessionHandler:         sessionHandler,
-		authDomainHandler:      authDomainHandler,
-		preferenceHandler:      preferenceHandler,
-		globalHandler:          globalHandler,
-		promoteHandler:         promoteHandler,
-		flaggerHandler:         flaggerHandler,
-		dashboardModule:        dashboardModule,
-		dashboardHandler:       dashboardHandler,
-		metricsExplorerHandler: metricsExplorerHandler,
-		gatewayHandler:         gatewayHandler,
-		fieldsHandler:          fieldsHandler,
-		authzHandler:           authzHandler,
-		zeusHandler:            zeusHandler,
-		querierHandler:         querierHandler,
-		serviceAccountHandler:  serviceAccountHandler,
+		config:                  config,
+		settings:                settings,
+		router:                  router,
+		orgHandler:              orgHandler,
+		userHandler:             userHandler,
+		sessionHandler:          sessionHandler,
+		authDomainHandler:       authDomainHandler,
+		preferenceHandler:       preferenceHandler,
+		globalHandler:           globalHandler,
+		promoteHandler:          promoteHandler,
+		flaggerHandler:          flaggerHandler,
+		dashboardModule:         dashboardModule,
+		dashboardHandler:        dashboardHandler,
+		metricsExplorerHandler:  metricsExplorerHandler,
+		gatewayHandler:          gatewayHandler,
+		fieldsHandler:           fieldsHandler,
+		authzHandler:            authzHandler,
+		zeusHandler:             zeusHandler,
+		querierHandler:          querierHandler,
+		serviceAccountHandler:   serviceAccountHandler,
+		cloudIntegrationHandler: cloudIntegrationHandler,
 	}
 
 	provider.authZ = middleware.NewAuthZ(settings.Logger(), orgGetter, authz)

pkg/modules/cloudintegration/cloudintegration.go

@@ -53,6 +53,7 @@ type Module interface {
 }
 
 type Handler interface {
+	// GetConnectionArtifact creates a new cloud integration account and returns the connection artifact
 	GetConnectionArtifact(http.ResponseWriter, *http.Request)
 	ListAccounts(http.ResponseWriter, *http.Request)
 	GetAccount(http.ResponseWriter, *http.Request)

pkg/ruler/rulestore/sqlrulestore/maintenance.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"time"
 
-	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
@@ -136,7 +135,7 @@ func (r *maintenance) DeletePlannedMaintenance(ctx context.Context, id valuer.UU
 		Where("id = ?", id.StringValue()).
 		Exec(ctx)
 	if err != nil {
-		return r.sqlstore.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "cannot delete planned maintenance because it is referenced by associated rules, remove the rules from the planned maintenance first")
+		return err
 	}
 
 	return nil

pkg/ruler/rulestore/sqlrulestore/rule.go

@@ -6,7 +6,6 @@ import (
 	"log/slog"
 	"slices"
 
-	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
@@ -76,7 +75,7 @@ func (r *rule) DeleteRule(ctx context.Context, id valuer.UUID, cb func(context.C
 			Where("id = ?", id.StringValue()).
 			Exec(ctx)
 		if err != nil {
-			return r.sqlstore.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "cannot delete rule because it is referenced by a planned maintenance, remove the rule from the planned maintenance first")
+			return err
 		}
 
 		return cb(ctx)

pkg/signoz/handler.go

@@ -11,6 +11,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/global/signozglobal"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/modules/apdex"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/apdex/implapdex"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
@@ -54,7 +55,8 @@ type Handlers struct {
 	AuthzHandler          authz.Handler
 	ZeusHandler           zeus.Handler
 	QuerierHandler        querier.Handler
-	ServiceAccountHandler serviceaccount.Handler
+	ServiceAccountHandler      serviceaccount.Handler
+	CloudIntegrationHandler    cloudintegration.Handler
 }
 
 func NewHandlers(

pkg/signoz/openapi.go

@@ -22,6 +22,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
@@ -61,6 +62,7 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 		struct{ zeus.Handler }{},
 		struct{ querier.Handler }{},
 		struct{ serviceaccount.Handler }{},
+		struct{ cloudintegration.Handler }{},
 	).New(ctx, instrumentation.ToProviderSettings(), apiserver.Config{})
 	if err != nil {
 		return nil, err

pkg/signoz/provider.go

@@ -176,7 +176,6 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddStatusUserFactory(sqlstore, sqlschema),
 		sqlmigration.NewDeprecateUserInviteFactory(sqlstore, sqlschema),
 		sqlmigration.NewUpdateCloudIntegrationUniqueIndexFactory(sqlstore, sqlschema),
-		sqlmigration.NewUpdatePlannedMaintenanceRuleFactory(sqlstore, sqlschema),
 	)
 }
 
@@ -264,6 +263,7 @@ func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.Au
 			handlers.ZeusHandler,
 			handlers.QuerierHandler,
 			handlers.ServiceAccountHandler,
+			handlers.CloudIntegrationHandler,
 		),
 	)
 }

pkg/sqlmigration/070_update_planned_maintenance_rule.go

@@ -1,132 +0,0 @@
-package sqlmigration
-
-import (
-	"context"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/uptrace/bun"
-	"github.com/uptrace/bun/migrate"
-)
-
-type updatePlannedMaintenanceRule struct {
-	sqlstore  sqlstore.SQLStore
-	sqlschema sqlschema.SQLSchema
-}
-
-type plannedMaintenanceRuleRow struct {
-	bun.BaseModel `bun:"table:planned_maintenance_rule"`
-
-	ID                   string `bun:"id"`
-	PlannedMaintenanceID string `bun:"planned_maintenance_id"`
-	RuleID               string `bun:"rule_id"`
-}
-
-func NewUpdatePlannedMaintenanceRuleFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
-	return factory.NewProviderFactory(
-		factory.MustNewName("update_planned_maintenance_rule"),
-		func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
-			return &updatePlannedMaintenanceRule{
-				sqlstore:  sqlstore,
-				sqlschema: sqlschema,
-			}, nil
-		},
-	)
-}
-
-func (migration *updatePlannedMaintenanceRule) Register(migrations *migrate.Migrations) error {
-	if err := migrations.Register(migration.Up, migration.Down); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (migration *updatePlannedMaintenanceRule) Up(ctx context.Context, db *bun.DB) error {
-	table, _, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("planned_maintenance_rule"))
-	if err != nil {
-		return err
-	}
-
-	if err := migration.sqlschema.ToggleFKEnforcement(ctx, db, false); err != nil {
-		return err
-	}
-
-	tx, err := db.BeginTx(ctx, nil)
-	if err != nil {
-		return err
-	}
-
-	defer func() {
-		_ = tx.Rollback()
-	}()
-
-	// Read all existing rows
-	var rows []*plannedMaintenanceRuleRow
-	err = tx.NewSelect().Model(&rows).Scan(ctx)
-	if err != nil {
-		return err
-	}
-
-	// Drop the existing table
-	dropTableSQLs := migration.sqlschema.Operator().DropTable(table)
-	for _, sql := range dropTableSQLs {
-		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
-			return err
-		}
-	}
-
-	// Create the table fresh without CASCADE constraints
-	newTable := &sqlschema.Table{
-		Name: sqlschema.TableName("planned_maintenance_rule"),
-		Columns: []*sqlschema.Column{
-			{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "planned_maintenance_id", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "rule_id", DataType: sqlschema.DataTypeText, Nullable: false},
-		},
-		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{
-			ColumnNames: []sqlschema.ColumnName{"id"},
-		},
-		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
-			{
-				ReferencingColumnName: "planned_maintenance_id",
-				ReferencedTableName:   "planned_maintenance",
-				ReferencedColumnName:  "id",
-			},
-			{
-				ReferencingColumnName: "rule_id",
-				ReferencedTableName:   "rule",
-				ReferencedColumnName:  "id",
-			},
-		},
-	}
-
-	createTableSQLs := migration.sqlschema.Operator().CreateTable(newTable)
-	for _, sql := range createTableSQLs {
-		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
-			return err
-		}
-	}
-
-	// Re-insert the data
-	if len(rows) > 0 {
-		_, err = tx.NewInsert().Model(&rows).Exec(ctx)
-		if err != nil {
-			return err
-		}
-	}
-
-	if err := tx.Commit(); err != nil {
-		return err
-	}
-
-	if err := migration.sqlschema.ToggleFKEnforcement(ctx, db, true); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (migration *updatePlannedMaintenanceRule) Down(ctx context.Context, db *bun.DB) error {
-	return nil
-}

pkg/sqlstore/sqlitesqlstore/provider.go

@@ -100,7 +100,7 @@ func (provider *provider) WrapNotFoundErrf(err error, code errors.Code, format s
 
 func (provider *provider) WrapAlreadyExistsErrf(err error, code errors.Code, format string, args ...any) error {
 	if sqlite3Err, ok := err.(*sqlite.Error); ok {
-		if sqlite3Err.Code() == sqlite3.SQLITE_CONSTRAINT_UNIQUE || sqlite3Err.Code() == sqlite3.SQLITE_CONSTRAINT_PRIMARYKEY || sqlite3Err.Code() == sqlite3.SQLITE_CONSTRAINT_FOREIGNKEY {
+		if sqlite3Err.Code() == sqlite3.SQLITE_CONSTRAINT_UNIQUE || sqlite3Err.Code() == sqlite3.SQLITE_CONSTRAINT_PRIMARYKEY {
 			return errors.Wrapf(err, errors.TypeAlreadyExists, code, format, args...)
 		}
 	}

pkg/types/cloudintegrationtypes/account.go

@@ -10,34 +10,35 @@ import (
 type Account struct {
 	types.Identifiable
 	types.TimeAuditable
-	ProviderAccountId *string           `json:"providerAccountID,omitempty"`
-	Provider          CloudProviderType `json:"provider"`
-	RemovedAt         *time.Time        `json:"removedAt,omitempty"`
-	AgentReport       *AgentReport      `json:"agentReport,omitempty"`
-	OrgID             valuer.UUID       `json:"orgID"`
-	Config            *AccountConfig    `json:"config,omitempty"`
+	ProviderAccountId *string           `json:"providerAccountID" required:"true" nullable:"true"`
+	Provider          CloudProviderType `json:"provider" required:"true"`
+	RemovedAt         *time.Time        `json:"removedAt,omitempty" required:"true" nullable:"true"`
+	AgentReport       *AgentReport      `json:"agentReport,omitempty" required:"true" nullable:"true"`
+	OrgID             valuer.UUID       `json:"orgID" required:"true"`
+	Config            *AccountConfig    `json:"config,omitempty" required:"true" nullable:"false"`
 }
 
 // AgentReport represents heartbeats sent by the agent.
 type AgentReport struct {
-	TimestampMillis int64          `json:"timestampMillis"`
-	Data            map[string]any `json:"data"`
+	TimestampMillis int64          `json:"timestampMillis" required:"true"`
+	Data            map[string]any `json:"data" required:"true" nullable:"true"`
+}
+
+type AccountConfig struct {
+	// required till new providers are added
+	AWS *AWSAccountConfig `json:"aws,omitempty" required:"true" nullable:"false"`
 }
 
 type GettableAccounts struct {
-	Accounts []*Account `json:"accounts"`
+	Accounts []*Account `json:"accounts" required:"true" nullable:"false"`
 }
 
 type GettableAccount = Account
 
 type UpdatableAccount struct {
-	Config *AccountConfig `json:"config"`
-}
-
-type AccountConfig struct {
-	AWS *AWSAccountConfig `json:"aws,omitempty"`
+	Config *AccountConfig `json:"config" required:"true" nullable:"false"`
 }
 
 type AWSAccountConfig struct {
-	Regions []string `json:"regions"`
+	Regions []string `json:"regions" required:"true" nullable:"false"`
 }

pkg/types/cloudintegrationtypes/connection.go

@@ -1,88 +1,87 @@
 package cloudintegrationtypes
 
-import "github.com/SigNoz/signoz/pkg/types/integrationtypes"
+import "time"
 
 type ConnectionArtifactRequest struct {
-	Aws *AWSConnectionArtifactRequest `json:"aws"`
+	// required till new providers are added
+	Aws *AWSConnectionArtifactRequest `json:"aws" required:"true" nullable:"false"`
 }
 
 type AWSConnectionArtifactRequest struct {
-	DeploymentRegion string   `json:"deploymentRegion"`
-	Regions          []string `json:"regions"`
+	DeploymentRegion string   `json:"deploymentRegion" required:"true"`
+	Regions          []string `json:"regions" required:"true" nullable:"false"`
 }
 
 type PostableConnectionArtifact = ConnectionArtifactRequest
 
 type ConnectionArtifact struct {
-	Aws *AWSConnectionArtifact `json:"aws"`
+	// required till new providers are added
+	Aws *AWSConnectionArtifact `json:"aws" required:"true" nullable:"false"`
 }
 
 type AWSConnectionArtifact struct {
-	ConnectionUrl string `json:"connectionURL"`
+	ConnectionUrl string `json:"connectionURL" required:"true"`
 }
 
 type GettableConnectionArtifact = ConnectionArtifact
 
-type AccountStatus struct {
-	Id                string                         `json:"id"`
-	ProviderAccountId *string                        `json:"providerAccountID,omitempty"`
-	Status            integrationtypes.AccountStatus `json:"status"`
-}
-
-type GettableAccountStatus = AccountStatus
-
 type AgentCheckInRequest struct {
 	// older backward compatible fields are mapped to new fields
 	// CloudIntegrationId string `json:"cloudIntegrationId"`
 	// AccountId          string `json:"accountId"`
 
 	// New fields
-	ProviderAccountId string `json:"providerAccountId"`
-	CloudAccountId    string `json:"cloudAccountId"`
+	ProviderAccountId string `json:"providerAccountId" required:"false"`
+	CloudAccountId    string `json:"cloudAccountId" false:"false"`
 
-	Data map[string]any `json:"data,omitempty"`
+	Data map[string]any `json:"data,omitempty" required:"true" nullable:"true"`
 }
 
 type PostableAgentCheckInRequest struct {
 	AgentCheckInRequest
 	// following are backward compatible fields for older running agents
 	// which gets mapped to new fields in AgentCheckInRequest
-	CloudIntegrationId string `json:"cloud_integration_id"`
-	CloudAccountId     string `json:"cloud_account_id"`
+	CloudIntegrationId string `json:"cloud_integration_id" required:"false"`
+	CloudAccountId     string `json:"cloud_account_id" required:"false"`
+}
+
+type AgentCheckInResponse struct {
+	// Older fields for backward compatibility are mapped to new fields below
+	// CloudIntegrationId string `json:"cloud_integration_id"`
+	// AccountId string `json:"account_id"`
+
+	// backward-compatible JSON key
+	RemovedAt *time.Time `json:"removed_at" required:"true" nullable:"true"`
+
+	// New fields
+	ProviderAccountId string `json:"providerAccountId" required:"true"`
+	CloudAccountId    string `json:"cloudAccountId" required:"true"`
+
+	// IntegrationConfig populates data related to integration that is required for an agent
+	// to start collecting telemetry data
+	// keeping JSON key snake_case for backward compatibility
+	IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty" required:"true" nullable:"false"`
 }
 
 type GettableAgentCheckInResponse struct {
 	AgentCheckInResponse
 
 	// For backward compatibility
-	CloudIntegrationId string `json:"cloud_integration_id"`
-	AccountId          string `json:"account_id"`
-}
-
-type AgentCheckInResponse struct {
-	// Older fields for backward compatibility are mapped to new fields below
-	// CloudIntegrationId string `json:"cloud_integration_id"`
-	// AccountId          string `json:"account_id"`
-
-	// New fields
-	ProviderAccountId string `json:"providerAccountId"`
-	CloudAccountId    string `json:"cloudAccountId"`
-
-	// IntegrationConfig populates data related to integration that is required for an agent
-	// to start collecting telemetry data
-	// keeping JSON key snake_case for backward compatibility
-	IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty"`
+	CloudIntegrationId string `json:"cloud_integration_id" required:"true"`
+	AccountId          string `json:"account_id" required:"true"`
 }
 
 type IntegrationConfig struct {
-	EnabledRegions []string               `json:"enabledRegions"`      // backward compatible
-	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"` // backward compatible
+	EnabledRegions []string               `json:"enabledRegions" required:"true" nullable:"false"`      // backward compatible
+	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty" required:"true" nullable:"false"` // backward compatible
 
 	// new fields
-	AWS *AWSIntegrationConfig `json:"aws,omitempty"`
+
+	// required till new providers are added
+	AWS *AWSIntegrationConfig `json:"aws,omitempty" required:"true" nullable:"false"`
 }
 
 type AWSIntegrationConfig struct {
-	EnabledRegions []string               `json:"enabledRegions"`
-	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"`
+	EnabledRegions []string               `json:"enabledRegions" required:"true" nullable:"false"`
+	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty" required:"true" nullable:"false"`
 }

pkg/types/cloudintegrationtypes/service.go

@@ -11,13 +11,9 @@ import (
 )
 
 var (
-	S3Sync = valuer.NewString("s3sync")
-	// ErrCodeInvalidServiceID is the error code for invalid service id.
 	ErrCodeInvalidServiceID = errors.MustNewCode("invalid_service_id")
 )
 
-type ServiceID struct{ valuer.String }
-
 type CloudIntegrationService struct {
 	types.Identifiable
 	types.TimeAuditable
@@ -26,32 +22,67 @@ type CloudIntegrationService struct {
 	CloudIntegrationID valuer.UUID    `json:"cloudIntegrationID"`
 }
 
+type ServiceConfig struct {
+	// required till new providers are added
+	AWS *AWSServiceConfig `json:"aws,omitempty" required:"true" nullable:"false"`
+}
+
 // ServiceMetadata helps to quickly list available services and whether it is enabled or not.
 // As getting complete service definition is a heavy operation and the response is also large,
 // initial integration page load can be very slow.
 type ServiceMetadata struct {
 	ServiceDefinitionMetadata
 	// if the service is enabled for the account
-	Enabled bool `json:"enabled"`
+	Enabled bool `json:"enabled" required:"true"`
+}
+
+// ServiceDefinitionMetadata represents service definition metadata. This is useful for showing service tab in frontend.
+type ServiceDefinitionMetadata struct {
+	Id    string `json:"id" required:"true"`
+	Title string `json:"title" required:"true"`
+	Icon  string `json:"icon" required:"true"`
 }
 
 type GettableServicesMetadata struct {
-	Services []*ServiceMetadata `json:"services"`
+	Services []*ServiceMetadata `json:"services" required:"true" nullable:"false"`
 }
 
 type Service struct {
 	ServiceDefinition
-	ServiceConfig *ServiceConfig `json:"serviceConfig"`
+	ServiceConfig *ServiceConfig `json:"serviceConfig" required:"false" nullable:"false"`
 }
 
 type GettableService = Service
 
 type UpdatableService struct {
-	Config *ServiceConfig `json:"config"`
+	Config *ServiceConfig `json:"config" required:"true" nullable:"false"`
 }
 
-type ServiceConfig struct {
-	AWS *AWSServiceConfig `json:"aws,omitempty"`
+type ServiceDefinition struct {
+	ServiceDefinitionMetadata
+	Overview         string              `json:"overview" required:"true"` // markdown
+	Assets           Assets              `json:"assets" required:"true"`
+	SupportedSignals SupportedSignals    `json:"supported_signals" required:"true"`
+	DataCollected    DataCollected       `json:"dataCollected" required:"true"`
+	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy" required:"true" nullable:"false"`
+}
+
+// SupportedSignals for cloud provider's service.
+type SupportedSignals struct {
+	Logs    bool `json:"logs"`
+	Metrics bool `json:"metrics"`
+}
+
+// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
+type DataCollected struct {
+	Logs    []CollectedLogAttribute `json:"logs"`
+	Metrics []CollectedMetric       `json:"metrics"`
+}
+
+// CollectionStrategy is cloud provider specific configuration for signal collection,
+// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
+type CollectionStrategy struct {
+	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
 }
 
 type AWSServiceConfig struct {
@@ -70,45 +101,11 @@ type AWSServiceMetricsConfig struct {
 	Enabled bool `json:"enabled"`
 }
 
-// ServiceDefinitionMetadata represents service definition metadata. This is useful for showing service tab in frontend.
-type ServiceDefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-type ServiceDefinition struct {
-	ServiceDefinitionMetadata
-	Overview         string              `json:"overview"` // markdown
-	Assets           Assets              `json:"assets"`
-	SupportedSignals SupportedSignals    `json:"supported_signals"`
-	DataCollected    DataCollected       `json:"dataCollected"`
-	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy"`
-}
-
-// CollectionStrategy is cloud provider specific configuration for signal collection,
-// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
-type CollectionStrategy struct {
-	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
-}
-
 // Assets represents the collection of dashboards.
 type Assets struct {
 	Dashboards []Dashboard `json:"dashboards"`
 }
 
-// SupportedSignals for cloud provider's service.
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
 // CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
 // this is shown as part of service overview.
 type CollectedLogAttribute struct {
@@ -175,39 +172,6 @@ type Dashboard struct {
 	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
 }
 
-// SupportedServices is the map of supported services for each cloud provider.
-var SupportedServices = map[CloudProviderType][]ServiceID{
-	CloudProviderTypeAWS: {
-		{valuer.NewString("alb")},
-		{valuer.NewString("api-gateway")},
-		{valuer.NewString("dynamodb")},
-		{valuer.NewString("ec2")},
-		{valuer.NewString("ecs")},
-		{valuer.NewString("eks")},
-		{valuer.NewString("elasticache")},
-		{valuer.NewString("lambda")},
-		{valuer.NewString("msk")},
-		{valuer.NewString("rds")},
-		{valuer.NewString("s3sync")},
-		{valuer.NewString("sns")},
-		{valuer.NewString("sqs")},
-	},
-}
-
-// NewServiceID returns a new ServiceID from a string, validated against the supported services for the given cloud provider.
-func NewServiceID(provider CloudProviderType, service string) (ServiceID, error) {
-	services, ok := SupportedServices[provider]
-	if !ok {
-		return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "no services defined for cloud provider: %s", provider)
-	}
-	for _, s := range services {
-		if s.StringValue() == service {
-			return s, nil
-		}
-	}
-	return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "invalid service id %q for cloud provider %s", service, provider)
-}
-
 // UTILS
 
 // GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.

pkg/types/cloudintegrationtypes/serviceid.go

@@ -0,0 +1,75 @@
+package cloudintegrationtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type ServiceID struct{ valuer.String }
+
+var (
+	AWSServiceALB         = ServiceID{valuer.NewString("alb")}
+	AWSServiceAPIGateway  = ServiceID{valuer.NewString("api-gateway")}
+	AWSServiceDynamoDB    = ServiceID{valuer.NewString("dynamodb")}
+	AWSServiceEC2         = ServiceID{valuer.NewString("ec2")}
+	AWSServiceECS         = ServiceID{valuer.NewString("ecs")}
+	AWSServiceEKS         = ServiceID{valuer.NewString("eks")}
+	AWSServiceElastiCache = ServiceID{valuer.NewString("elasticache")}
+	AWSServiceLambda      = ServiceID{valuer.NewString("lambda")}
+	AWSServiceMSK         = ServiceID{valuer.NewString("msk")}
+	AWSServiceRDS         = ServiceID{valuer.NewString("rds")}
+	AWSServiceS3Sync      = ServiceID{valuer.NewString("s3sync")}
+	AWSServiceSNS         = ServiceID{valuer.NewString("sns")}
+	AWSServiceSQS         = ServiceID{valuer.NewString("sqs")}
+)
+
+func (ServiceID) Enum() []any {
+	return []any{
+		AWSServiceALB,
+		AWSServiceAPIGateway,
+		AWSServiceDynamoDB,
+		AWSServiceEC2,
+		AWSServiceECS,
+		AWSServiceEKS,
+		AWSServiceElastiCache,
+		AWSServiceLambda,
+		AWSServiceMSK,
+		AWSServiceRDS,
+		AWSServiceS3Sync,
+		AWSServiceSNS,
+		AWSServiceSQS,
+	}
+}
+
+// SupportedServices is the map of supported services for each cloud provider.
+var SupportedServices = map[CloudProviderType][]ServiceID{
+	CloudProviderTypeAWS: {
+		AWSServiceALB,
+		AWSServiceAPIGateway,
+		AWSServiceDynamoDB,
+		AWSServiceEC2,
+		AWSServiceECS,
+		AWSServiceEKS,
+		AWSServiceElastiCache,
+		AWSServiceLambda,
+		AWSServiceMSK,
+		AWSServiceRDS,
+		AWSServiceS3Sync,
+		AWSServiceSNS,
+		AWSServiceSQS,
+	},
+}
+
+// NewServiceID returns a new ServiceID from a string, validated against the supported services for the given cloud provider.
+func NewServiceID(provider CloudProviderType, service string) (ServiceID, error) {
+	services, ok := SupportedServices[provider]
+	if !ok {
+		return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "no services defined for cloud provider: %s", provider)
+	}
+	for _, s := range services {
+		if s.StringValue() == service {
+			return s, nil
+		}
+	}
+	return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "invalid service id %q for cloud provider %s", service, provider)
+}