refactor: cleaning tests

pkg/types/integration.go

@@ -151,7 +151,8 @@ func (c *AccountConfig) Value() (driver.Value, error) {
 	if err != nil {
 		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't serialize cloud account config to JSON")
 	}
-	return serialized, nil
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
+	return string(serialized), nil
 }
 
 type AgentReport struct {
@@ -186,7 +187,8 @@ func (r *AgentReport) Value() (driver.Value, error) {
 			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
 		)
 	}
-	return serialized, nil
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
+	return string(serialized), nil
 }
 
 type CloudIntegrationService struct {
@@ -240,5 +242,6 @@ func (c *CloudServiceConfig) Value() (driver.Value, error) {
 			err, errors.CodeInternal, "couldn't serialize cloud service config to JSON",
 		)
 	}
-	return serialized, nil
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
+	return string(serialized), nil
 }

tests/integration/fixtures/cloudintegrations.py

@@ -0,0 +1,90 @@
+"""Fixtures for cloud integration tests."""
+from typing import Callable, Optional
+from http import HTTPStatus
+
+import pytest
+import requests
+
+from fixtures import types
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+@pytest.fixture(name="create_test_account", scope="function")
+def create_test_account(
+    signoz: types.SigNoz,
+) -> Callable[[str, str], dict]:
+    """Factory to create a test cloud account via generate-connection-url.
+
+    Yields the factory to the test. After the test completes, if the factory was
+    used, the created account is disconnected using the same admin_token and
+    cloud_provider that were used to create it.
+    """
+    created_account_id: Optional[str] = None
+    admin_token_shared: Optional[str] = None
+    cloud_provider_shared: Optional[str] = None
+
+    def _create(
+        admin_token: str,
+        cloud_provider: str = "aws",
+    ) -> dict:
+        endpoint = (
+            f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+        )
+
+        request_payload = {
+            "account_config": {"regions": ["us-east-1"]},
+            "agent_config": {
+                "region": "us-east-1",
+                "ingestion_url": "https://ingest.test.signoz.cloud",
+                "ingestion_key": "test-ingestion-key-123456",
+                "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+                "signoz_api_key": "test-api-key-789",
+                "version": "v0.0.8",
+            },
+        }
+
+        response = requests.post(
+            signoz.self.host_configs["8080"].get(endpoint),
+            headers={"Authorization": f"Bearer {admin_token}"},
+            json=request_payload,
+            timeout=10,
+        )
+
+        assert (
+            response.status_code == HTTPStatus.OK
+        ), f"Failed to create test account: {response.status_code}"
+
+        response_data = response.json()
+        data = response_data.get("data", response_data)
+
+        # Save only account_id; share admin_token/cloud_provider via closure
+        nonlocal created_account_id, admin_token_shared, cloud_provider_shared
+        created_account_id = data.get("account_id")
+        admin_token_shared = admin_token
+        cloud_provider_shared = cloud_provider
+
+        return data
+
+    def _disconnect(admin_token: str, cloud_provider: str = "aws") -> requests.Response:
+        """Disconnect the created account using provided admin_token/cloud_provider."""
+        assert created_account_id
+        endpoint = (
+            f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{created_account_id}/disconnect"
+        )
+        return requests.post(
+            signoz.self.host_configs["8080"].get(endpoint),
+            headers={"Authorization": f"Bearer {admin_token}"},
+            timeout=10,
+        )
+
+    # Yield factory to the test
+    yield _create
+
+    # Post-test cleanup: disconnect the created account if any
+    if created_account_id:
+        r = _disconnect(admin_token_shared, cloud_provider_shared)
+        if r.status_code != HTTPStatus.OK:
+            logger.info(
+                "Disconnect cleanup returned %s for account %s", r.status_code, created_account_id
+            )

tests/integration/fixtures/cloudintegrationsutils.py

@@ -0,0 +1,60 @@
+"""Fixtures for cloud integration tests."""
+from typing import Callable
+from http import HTTPStatus
+
+import pytest
+import requests
+from sqlalchemy import text
+
+from fixtures import types
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+
+def simulate_agent_checkin(
+    signoz: types.SigNoz,
+) -> Callable[[str, str, str, str], dict]:
+    """Simulate an agent check-in to mark the account as connected."""
+
+    def _simulate(
+        admin_token: str,
+        cloud_provider: str,
+        account_id: str,
+        cloud_account_id: str,
+    ) -> dict:
+        """Simulate an agent check-in to mark the account as connected.
+
+        Returns:
+            dict with the response from check-in
+        """
+        endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/agent-check-in"
+
+        checkin_payload = {
+            "account_id": account_id,
+            "cloud_account_id": cloud_account_id,
+            "data": {},
+        }
+
+        response = requests.post(
+            signoz.self.host_configs["8080"].get(endpoint),
+            headers={"Authorization": f"Bearer {admin_token}"},
+            json=checkin_payload,
+            timeout=10,
+        )
+
+        if response.status_code != HTTPStatus.OK:
+            logger.error(
+                "Agent check-in failed: %s, response: %s",
+                response.status_code,
+                response.text,
+            )
+
+        assert (
+            response.status_code == HTTPStatus.OK
+        ), f"Agent check-in failed: {response.status_code}"
+
+        response_data = response.json()
+        return response_data.get("data", response_data)
+
+    return _simulate

tests/integration/src/cloudintegrations/02_generate_connection_url.py

@@ -0,0 +1,150 @@
+from http import HTTPStatus
+from typing import Callable
+
+import pytest
+import requests
+from wiremock.client import (
+    HttpMethods,
+    Mapping,
+    MappingRequest,
+    MappingResponse,
+    WireMockMatchers,
+)
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+
+def test_generate_connection_url(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test to generate connection URL for AWS CloudFormation stack deployment."""
+
+    # Get authentication token for admin user
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    cloud_provider = "aws"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+
+    # Prepare request payload
+    request_payload = {
+        "account_config": {"regions": ["us-east-1", "us-west-2"]},
+        "agent_config": {
+            "region": "us-east-1",
+            "ingestion_url": "https://ingest.test.signoz.cloud",
+            "ingestion_key": "test-ingestion-key-123456",
+            "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+            "signoz_api_key": "test-api-key-789",
+            "version": "v0.0.8",
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=request_payload,
+        timeout=10,
+    )
+
+    # Assert successful response
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}: {response.text}"
+
+    # Parse response JSON
+    response_data = response.json()
+
+    # Assert response structure contains expected data
+    assert "data" in response_data, "Response should contain 'data' field"
+
+    # Assert required fields in the response data
+    expected_fields = ["account_id", "connection_url"]
+
+    for field in expected_fields:
+        assert (
+            field in response_data["data"]
+        ), f"Response data should contain '{field}' field"
+
+    data = response_data["data"]
+
+    # Assert account_id is a valid UUID format
+    assert (
+        len(data["account_id"]) > 0
+    ), "account_id should be a non-empty string (UUID)"
+
+    # Assert connection_url contains expected CloudFormation parameters
+    connection_url = data["connection_url"]
+
+    # Verify it's an AWS CloudFormation URL
+    assert (
+        "console.aws.amazon.com/cloudformation" in connection_url
+    ), "connection_url should be an AWS CloudFormation URL"
+
+    # Verify region is included
+    assert (
+        "region=us-east-1" in connection_url
+    ), "connection_url should contain the specified region"
+
+    # Verify required parameters are in the URL
+    required_params = [
+        "param_SigNozIntegrationAgentVersion=v0.0.8",
+        "param_SigNozApiUrl=https%3A%2F%2Ftest-deployment.test.signoz.cloud",
+        "param_SigNozApiKey=test-api-key-789",
+        "param_SigNozAccountId=",  # Will be a UUID
+        "param_IngestionUrl=https%3A%2F%2Fingest.test.signoz.cloud",
+        "param_IngestionKey=test-ingestion-key-123456",
+        "stackName=signoz-integration",
+        "templateURL=https%3A%2F%2Fsignoz-integrations.s3.us-east-1.amazonaws.com%2Faws-quickcreate-template-v0.0.8.json",
+    ]
+
+    for param in required_params:
+        assert (
+            param in connection_url
+        ), f"connection_url should contain parameter: {param}"
+
+
+def test_generate_connection_url_unsupported_provider(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test that unsupported cloud providers return an error."""
+    # Get authentication token for admin user
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    # Try with GCP (unsupported)
+    cloud_provider = "gcp"
+
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+
+    request_payload = {
+        "account_config": {"regions": ["us-central1"]},
+        "agent_config": {
+            "region": "us-central1",
+            "ingestion_url": "https://ingest.test.signoz.cloud",
+            "ingestion_key": "test-ingestion-key-123456",
+            "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+            "signoz_api_key": "test-api-key-789",
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=request_payload,
+        timeout=10,
+    )
+
+    # Should return Bad Request for unsupported provider
+    assert (
+        response.status_code == HTTPStatus.BAD_REQUEST
+    ), f"Expected 400 for unsupported provider, got {response.status_code}"
+
+    response_data = response.json()
+    assert "error" in response_data, "Response should contain 'error' field"
+    assert (
+        "unsupported cloud provider" in response_data["error"].lower()
+    ), "Error message should indicate unsupported provider"

tests/integration/src/cloudintegrations/03_accounts.py

@@ -0,0 +1,323 @@
+from http import HTTPStatus
+from typing import Callable
+import uuid
+
+import pytest
+import requests
+from wiremock.client import (
+    HttpMethods,
+    Mapping,
+    MappingRequest,
+    MappingResponse,
+    WireMockMatchers,
+)
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license
+from fixtures.logger import setup_logger
+from fixtures.cloudintegrations import (
+    create_test_account,
+)
+from fixtures.cloudintegrationsutils import simulate_agent_checkin
+
+logger = setup_logger(__name__)
+
+
+def test_list_connected_accounts_empty(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test listing connected accounts when there are none."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    cloud_provider = "aws"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    # API returns data wrapped in {'status': 'success', 'data': {...}}
+    data = response_data.get("data", response_data)
+    assert "accounts" in data, "Response should contain 'accounts' field"
+    assert isinstance(data["accounts"], list), "Accounts should be a list"
+
+
+
+def test_list_connected_accounts_with_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test listing connected accounts after creating one."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Simulate agent check-in to mark as connected
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # List accounts
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "accounts" in data, "Response should contain 'accounts' field"
+    assert isinstance(data["accounts"], list), "Accounts should be a list"
+
+    # Find our account in the list (there may be leftover accounts from previous test runs)
+    account = next((a for a in data["accounts"] if a["id"] == account_id), None)
+    assert account is not None, f"Account {account_id} should be found in list"
+    assert account["id"] == account_id, "Account ID should match"
+    assert "config" in account, "Account should have config field"
+    assert "status" in account, "Account should have status field"
+
+
+
+def test_get_account_status(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test getting the status of a specific account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    # Create a test account (no check-in needed for status check)
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Get account status
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{account_id}/status"
+    )
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "id" in data, "Response should contain 'id' field"
+    assert data["id"] == account_id, "Account ID should match"
+    assert "status" in data, "Response should contain 'status' field"
+    assert "integration" in data["status"], "Status should contain 'integration' field"
+
+
+def test_get_account_status_not_found(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test getting status for a non-existent account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    cloud_provider = "aws"
+    fake_account_id = "00000000-0000-0000-0000-000000000000"
+
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{fake_account_id}/status"
+    )
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404, got {response.status_code}"
+
+
+def test_update_account_config(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test updating account configuration."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Simulate agent check-in to mark as connected
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Update account configuration
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{account_id}/config"
+    )
+
+    updated_config = {
+        "config": {"regions": ["us-east-1", "us-west-2", "eu-west-1"]}
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=updated_config,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "id" in data, "Response should contain 'id' field"
+    assert data["id"] == account_id, "Account ID should match"
+
+    # Verify the update by listing accounts
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+
+    list_response_data = list_response.json()
+    list_data = list_response_data.get("data", list_response_data)
+    account = next((a for a in list_data["accounts"] if a["id"] == account_id), None)
+    assert account is not None, "Account should be found in list"
+    assert "config" in account, "Account should have config"
+    assert "regions" in account["config"], "Config should have regions"
+    assert len(account["config"]["regions"]) == 3, "Should have 3 regions"
+    assert set(account["config"]["regions"]) == {
+        "us-east-1",
+        "us-west-2",
+        "eu-west-1",
+    }, "Regions should match updated config"
+
+
+
+def test_disconnect_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test disconnecting an account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Simulate agent check-in to mark as connected
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Disconnect the account
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{account_id}/disconnect"
+    )
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    # Verify our specific account is no longer in the connected list
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_response_data = list_response.json()
+    list_data = list_response_data.get("data", list_response_data)
+
+    # Check that our specific account is not in the list
+    disconnected_account = next(
+        (a for a in list_data["accounts"] if a["id"] == account_id), None
+    )
+    assert disconnected_account is None, f"Account {account_id} should be removed from connected accounts"
+
+
+
+def test_disconnect_account_not_found(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test disconnecting a non-existent account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "aws"
+    fake_account_id = "00000000-0000-0000-0000-000000000000"
+
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{fake_account_id}/disconnect"
+    )
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404, got {response.status_code}"
+
+
+
+def test_list_accounts_unsupported_provider(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test listing accounts for an unsupported cloud provider."""
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "gcp"  # Unsupported provider
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.BAD_REQUEST
+    ), f"Expected 400, got {response.status_code}"

tests/integration/src/cloudintegrations/04_services.py

@@ -0,0 +1,475 @@
+from http import HTTPStatus
+from typing import Callable
+import uuid
+
+import pytest
+import requests
+from wiremock.client import (
+    HttpMethods,
+    Mapping,
+    MappingRequest,
+    MappingResponse,
+    WireMockMatchers,
+)
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license
+from fixtures.logger import setup_logger
+from fixtures.cloudintegrations import (
+    create_test_account,
+)
+from fixtures.cloudintegrationsutils import simulate_agent_checkin
+
+logger = setup_logger(__name__)
+
+
+def test_list_services_without_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test listing available services without specifying an account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "aws"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "services" in data, "Response should contain 'services' field"
+    assert isinstance(data["services"], list), "Services should be a list"
+    assert len(data["services"]) > 0, "Should have at least one service available"
+
+    # Verify service structure
+    service = data["services"][0]
+    assert "id" in service, "Service should have 'id' field"
+    assert "title" in service, "Service should have 'title' field"
+    assert "icon" in service, "Service should have 'icon' field"
+
+
+
+def test_list_services_with_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test listing services for a specific connected account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # List services for the account
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services?cloud_account_id={cloud_account_id}"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "services" in data, "Response should contain 'services' field"
+    assert isinstance(data["services"], list), "Services should be a list"
+    assert len(data["services"]) > 0, "Should have at least one service available"
+
+    # Services should include config field (may be null if not configured)
+    service = data["services"][0]
+    assert "id" in service, "Service should have 'id' field"
+    assert "title" in service, "Service should have 'title' field"
+    assert "icon" in service, "Service should have 'icon' field"
+
+
+
+def test_get_service_details_without_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test getting service details without specifying an account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "aws"
+    # First get the list of services to get a valid service ID
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    assert len(list_data["services"]) > 0, "Should have at least one service"
+    service_id = list_data["services"][0]["id"]
+
+    # Get service details
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify service details structure
+    assert "id" in data, "Service details should have 'id' field"
+    assert data["id"] == service_id, "Service ID should match requested ID"
+    assert "title" in data, "Service details should have 'name' field"
+    assert "overview" in data, "Service details should have 'overview' field"
+    # assert assets to had list of dashboards
+    assert "assets" in data, "Service details should have 'assets' field"
+    assert isinstance(data["assets"], dict), "Assets should be a dictionary"
+
+
+
+def test_get_service_details_with_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test getting service details for a specific connected account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Get list of services first
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    assert len(list_data["services"]) > 0, "Should have at least one service"
+    service_id = list_data["services"][0]["id"]
+
+    # Get service details with account
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}?cloud_account_id={cloud_account_id}"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify service details structure
+    assert "id" in data, "Service details should have 'id' field"
+    assert data["id"] == service_id, "Service ID should match requested ID"
+    assert "title" in data, "Service details should have 'title' field"
+    assert "overview" in data, "Service details should have 'overview' field"
+    assert "assets" in data, "Service details should have 'assets' field"
+    assert "config" in data, "Service details should have 'config' field"
+    assert "status" in data, "Config should have 'status' field"
+
+
+
+def test_get_service_details_invalid_service(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test getting details for a non-existent service."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "aws"
+    fake_service_id = "non-existent-service"
+
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{fake_service_id}"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404, got {response.status_code}"
+
+
+
+def test_list_services_unsupported_provider(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test listing services for an unsupported cloud provider."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "gcp"  # Unsupported provider
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.BAD_REQUEST
+    ), f"Expected 400, got {response.status_code}"
+
+
+
+def test_update_service_config(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test updating service configuration for a connected account."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Get list of services to pick a valid service ID
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    assert len(list_data["services"]) > 0, "Should have at least one service"
+    service_id = list_data["services"][0]["id"]
+
+    # Update service configuration
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}/config"
+
+    config_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+            "logs": {"enabled": True},
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=config_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify response structure
+    assert "id" in data, "Response should contain 'id' field"
+    assert data["id"] == service_id, "Service ID should match"
+    assert "config" in data, "Response should contain 'config' field"
+    assert "metrics" in data["config"], "Config should contain 'metrics' field"
+    assert "logs" in data["config"], "Config should contain 'logs' field"
+
+
+
+def test_update_service_config_without_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test updating service config without a connected account should fail."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    cloud_provider = "aws"
+
+    # Get a valid service ID
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    service_id = list_data["services"][0]["id"]
+
+    # Try to update config with non-existent account
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}/config"
+
+    fake_cloud_account_id = str(uuid.uuid4())
+    config_payload = {
+        "cloud_account_id": fake_cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=config_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.INTERNAL_SERVER_ERROR
+    ), f"Expected 500 for non-existent account, got {response.status_code}"
+
+
+
+def test_update_service_config_invalid_service(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test updating config for a non-existent service should fail."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Try to update config for invalid service
+    fake_service_id = "non-existent-service"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{fake_service_id}/config"
+
+    config_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=config_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404 for invalid service, got {response.status_code}"
+
+
+
+def test_update_service_config_disable_service(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    create_test_account: Callable,
+) -> None:
+    """Test disabling a service by updating config with enabled=false."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = str(uuid.uuid4())
+    simulate_agent_checkin(signoz)(admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Get a valid service
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    service_id = list_data["services"][0]["id"]
+
+    # First enable the service
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}/config"
+
+    enable_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+        },
+    }
+
+    enable_response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=enable_payload,
+        timeout=10,
+    )
+
+    assert enable_response.status_code == HTTPStatus.OK, "Failed to enable service"
+
+    # Now disable the service
+    disable_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": False},
+            "logs": {"enabled": False},
+        },
+    }
+
+    disable_response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=disable_payload,
+        timeout=10,
+    )
+
+    assert (
+        disable_response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {disable_response.status_code}"
+
+    response_data = disable_response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify service is disabled
+    assert data["config"]["metrics"]["enabled"] is False, "Metrics should be disabled"
+    assert data["config"]["logs"]["enabled"] is False, "Logs should be disabled"