Merge branch 'refactor/cloud-integration-types' into feat/cloudintegration-module-skeleton

.github/CODEOWNERS

@@ -1,6 +1,8 @@
 # CODEOWNERS info: https://help.github.com/en/articles/about-code-owners
 
-# Owners are automatically requested for review for PRs that changes code that they own.
+# Owners are automatically requested for review for PRs that changes code
+
+# that they own.
 
 /frontend/ @SigNoz/frontend-maintainers
 
@@ -9,10 +11,8 @@
 /frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.json @makeavish
 /frontend/src/container/OnboardingV2Container/AddDataSource/AddDataSource.tsx @makeavish
 
-# CI
-/deploy/ @therealpandey
-.github @therealpandey
-go.mod @therealpandey
+/deploy/ @SigNoz/devops
+.github @SigNoz/devops
 
 # Scaffold Owners
 

.github/workflows/mergequeueci.yaml

@@ -1,60 +0,0 @@
-name: mergequeueci
-
-on:
-  pull_request:
-    types:
-      - dequeued
-
-jobs:
-  notify:
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == false
-    steps:
-      - name: alert
-        uses: slackapi/slack-github-action@v2.1.1
-        with:
-          webhook: ${{ secrets.SLACK_MERGE_QUEUE_WEBHOOK }}
-          webhook-type: incoming-webhook
-          payload: |
-            {
-              "text": ":x: PR removed from merge queue",
-              "blocks": [
-                {
-                  "type": "header",
-                  "text": {
-                    "type": "plain_text",
-                    "text": ":x: PR Removed from Merge Queue"
-                  }
-                },
-                {
-                  "type": "section",
-                  "text": {
-                    "type": "mrkdwn",
-                    "text": "*<${{ github.event.pull_request.html_url }}|PR #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}>*"
-                  }
-                },
-                {
-                  "type": "divider"
-                },
-                {
-                  "type": "section",
-                  "fields": [
-                    {
-                      "type": "mrkdwn",
-                      "text": "*Author*\n@${{ github.event.pull_request.user.login }}"
-                    }
-                  ]
-                }
-              ]
-            }
-      - name: comment
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-        run: |
-          gh api repos/${{ github.repository }}/issues/$PR_NUMBER/comments \
-            -f body="> :x: **PR removed from merge queue**
-          >
-          > @$PR_AUTHOR your PR was removed from the merge queue. Fix the issue and re-queue when ready."

cmd/community/server.go

@@ -13,8 +13,11 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
 	"github.com/SigNoz/signoz/pkg/gateway/noopgateway"
+	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/licensing/nooplicensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
@@ -88,6 +91,9 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ps factory.ProviderSettings, q querier.Querier, a analytics.Analytics) querier.Handler {
 			return querier.NewHandler(ps, q, a)
 		},
+		func(_ sqlstore.SQLStore, _ licensing.Licensing, _ zeus.Zeus, _ gateway.Gateway, _ global.Config) cloudintegration.Module {
+			return implcloudintegration.NewModule()
+		},
 	)
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", "error", err)

cmd/enterprise/server.go

@@ -9,12 +9,13 @@ import (
 	"github.com/SigNoz/signoz/ee/authn/callbackauthn/oidccallbackauthn"
 	"github.com/SigNoz/signoz/ee/authn/callbackauthn/samlcallbackauthn"
 	"github.com/SigNoz/signoz/ee/authz/openfgaauthz"
-	eequerier "github.com/SigNoz/signoz/ee/querier"
 	"github.com/SigNoz/signoz/ee/authz/openfgaschema"
 	"github.com/SigNoz/signoz/ee/gateway/httpgateway"
 	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard"
+	eequerier "github.com/SigNoz/signoz/ee/querier"
 	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
 	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
@@ -25,7 +26,10 @@ import (
 	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	pkgimplcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
@@ -129,6 +133,9 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 			communityHandler := querier.NewHandler(ps, q, a)
 			return eequerier.NewHandler(ps, q, communityHandler)
 		},
+		func(store sqlstore.SQLStore, lic licensing.Licensing, z zeus.Zeus, gw gateway.Gateway, gc global.Config) cloudintegration.Module {
+			return implcloudintegration.NewModule(pkgimplcloudintegration.NewStore(store), store, lic, z, gw, gc)
+		},
 	)
 
 	if err != nil {

ee/modules/cloudintegration/implcloudintegration/aws.go

@@ -0,0 +1,22 @@
+package implcloudintegration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type awsProvider struct{}
+
+func (p *awsProvider) CreateArtifact(
+	_ context.Context,
+	_ valuer.UUID,
+	_ *cloudintegrationtypes.ConnectionArtifactRequest,
+	_ cloudintegration.Credentials,
+	_ valuer.UUID,
+) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}

ee/modules/cloudintegration/implcloudintegration/azure.go

@@ -0,0 +1,23 @@
+package implcloudintegration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// keeping this for example to show how more cloud providers will be added
+type azureProvider struct{}
+
+func (p *azureProvider) CreateArtifact(
+	_ context.Context,
+	_ valuer.UUID,
+	_ *cloudintegrationtypes.ConnectionArtifactRequest,
+	_ cloudintegration.Credentials,
+	_ valuer.UUID,
+) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}

ee/modules/cloudintegration/implcloudintegration/module.go

@@ -0,0 +1,267 @@
+package implcloudintegration
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/global"
+	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/zeustypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/SigNoz/signoz/pkg/zeus"
+)
+
+type module struct {
+	store        cloudintegrationtypes.Store
+	userStore    types.UserStore
+	licensing    licensing.Licensing
+	zeus         zeus.Zeus
+	gateway      gateway.Gateway
+	globalConfig global.Config
+	providers    map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProvider
+}
+
+func NewModule(
+	store cloudintegrationtypes.Store,
+	sqlStore sqlstore.SQLStore,
+	lic licensing.Licensing,
+	z zeus.Zeus,
+	gw gateway.Gateway,
+	gc global.Config,
+) cloudintegration.Module {
+	return &module{
+		store:        store,
+		userStore:    impluser.NewStore(sqlStore, factory.ProviderSettings{}),
+		licensing:    lic,
+		zeus:         z,
+		gateway:      gw,
+		globalConfig: gc,
+		providers:    map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProvider{
+			cloudintegrationtypes.CloudProviderTypeAWS:   &awsProvider{},
+			cloudintegrationtypes.CloudProviderTypeAzure: &azureProvider{},
+		},
+	}
+}
+
+func (m *module) CreateConnectionArtifact(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, request *cloudintegrationtypes.ConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	p, ok := m.providers[provider]
+	if !ok {
+		return nil, errors.NewInvalidInputf(cloudintegrationtypes.ErrCodeCloudProviderInvalidInput, "unsupported cloud provider: %s", provider.StringValue())
+	}
+
+	creds, err := m.resolveCredentials(ctx, orgID, provider)
+	if err != nil {
+		return nil, err
+	}
+
+	newAccountID := valuer.GenerateUUID()
+
+	artifact, err := p.CreateArtifact(ctx, orgID, request, creds, newAccountID)
+	if err != nil {
+		return nil, err
+	}
+
+	account := &cloudintegrationtypes.StorableCloudIntegration{
+		Identifiable: types.Identifiable{ID: newAccountID},
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: time.Now(),
+			UpdatedAt: time.Now(),
+		},
+		Provider: provider,
+		OrgID:    orgID,
+	}
+
+	if err := m.store.UpsertAccount(ctx, account); err != nil {
+		return nil, err
+	}
+
+	return artifact, nil
+}
+
+func (m *module) resolveCredentials(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (cloudintegration.Credentials, error) {
+	creds := cloudintegration.Credentials{}
+
+	pat, err := m.getOrCreateIntegrationPAT(ctx, orgID, provider)
+	if err != nil {
+		return creds, err
+	}
+	creds.SigNozAPIKey = pat
+
+	if m.licensing == nil {
+		return creds, nil
+	}
+
+	license, err := m.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return creds, err
+	}
+
+	if license == nil {
+		return creds, nil
+	}
+
+	respBytes, err := m.zeus.GetDeployment(ctx, license.Key)
+	if err != nil {
+		return creds, errors.NewInternalf(errors.CodeInternal, "couldn't query deployment info: %v", err)
+	}
+
+	deployment, err := zeustypes.NewGettableDeployment(respBytes)
+	if err != nil {
+		return creds, err
+	}
+	creds.SigNozAPIUrl = deployment.SignozAPIUrl
+
+	if m.globalConfig.IngestionURL != nil {
+		creds.IngestionUrl = m.globalConfig.IngestionURL.String()
+	}
+
+	if m.gateway != nil {
+		ingestionKeyName := fmt.Sprintf("%s-integration", provider.StringValue())
+		ingestionKey, err := m.getOrCreateIngestionKey(ctx, orgID, ingestionKeyName)
+		if err != nil {
+			return creds, err
+		}
+		creds.IngestionKey = ingestionKey
+	}
+
+	return creds, nil
+}
+
+func (m *module) getOrCreateIngestionKey(ctx context.Context, orgID valuer.UUID, keyName string) (string, error) {
+	result, err := m.gateway.SearchIngestionKeysByName(ctx, orgID, keyName, 1, 10)
+	if err != nil {
+		return "", errors.NewInternalf(errors.CodeInternal, "couldn't search ingestion keys: %v", err)
+	}
+
+	for _, k := range result.Keys {
+		if k.Name == keyName {
+			return k.Value, nil
+		}
+	}
+
+	created, err := m.gateway.CreateIngestionKey(ctx, orgID, keyName, []string{"integration"}, time.Time{})
+	if err != nil {
+		return "", errors.NewInternalf(errors.CodeInternal, "couldn't create ingestion key: %v", err)
+	}
+
+	return created.Value, nil
+}
+
+func (m *module) getOrCreateIntegrationPAT(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
+	integrationPATName := fmt.Sprintf("%s integration", provider.StringValue())
+
+	integrationUser, err := m.getOrCreateIntegrationUser(ctx, orgID, provider)
+	if err != nil {
+		return "", err
+	}
+
+	allPATs, err := m.userStore.ListAPIKeys(ctx, orgID)
+	if err != nil {
+		return "", errors.NewInternalf(errors.CodeInternal, "couldn't list PATs: %v", err)
+	}
+
+	for _, p := range allPATs {
+		if p.UserID == integrationUser.ID && p.Name == integrationPATName {
+			return p.Token, nil
+		}
+	}
+
+	newPAT, err := types.NewStorableAPIKey(
+		integrationPATName,
+		integrationUser.ID,
+		types.RoleViewer,
+		0,
+	)
+	if err != nil {
+		return "", errors.NewInternalf(errors.CodeInternal, "couldn't create cloud integration PAT: %v", err)
+	}
+
+	if err := m.userStore.CreateAPIKey(ctx, newPAT); err != nil {
+		return "", errors.NewInternalf(errors.CodeInternal, "couldn't persist cloud integration PAT: %v", err)
+	}
+
+	return newPAT.Token, nil
+}
+
+func (m *module) getOrCreateIntegrationUser(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*types.User, error) {
+	cloudIntegrationUserName := fmt.Sprintf("%s-integration", provider.StringValue())
+	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))
+
+	existingUsers, err := m.userStore.GetUsersByEmailAndOrgID(ctx, email, orgID)
+	if err != nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "couldn't look up integration user: %v", err)
+	}
+
+	for _, u := range existingUsers {
+		if u.Status != types.UserStatusDeleted {
+			return u, nil
+		}
+	}
+
+	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, types.RoleViewer, orgID, types.UserStatusActive)
+	if err != nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "couldn't construct integration user: %v", err)
+	}
+
+	password := types.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())
+
+	if err := m.userStore.CreateUser(ctx, cloudIntegrationUser); err != nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "couldn't create integration user: %v", err)
+	}
+
+	if err := m.userStore.CreatePassword(ctx, password); err != nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "couldn't create integration user password: %v", err)
+	}
+
+	return cloudIntegrationUser, nil
+}
+
+func (m *module) GetAccountStatus(_ context.Context, _, _ valuer.UUID) (*cloudintegrationtypes.AccountStatus, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) ListConnectedAccounts(_ context.Context, _ valuer.UUID) (*cloudintegrationtypes.ConnectedAccounts, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) DisconnectAccount(_ context.Context, _, _ valuer.UUID) error {
+	return errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) UpdateAccountConfig(_ context.Context, _, _ valuer.UUID, _ *cloudintegrationtypes.UpdateAccountConfigRequest) (*cloudintegrationtypes.Account, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) ListServicesSummary(_ context.Context, _ valuer.UUID, _ *valuer.UUID) (*cloudintegrationtypes.ServicesSummary, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) GetService(_ context.Context, _ valuer.UUID, _ string, _ *valuer.UUID) (*cloudintegrationtypes.Service, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) UpdateServiceConfig(_ context.Context, _ string, _ valuer.UUID, _ *cloudintegrationtypes.UpdateServiceConfigRequest) (*cloudintegrationtypes.ServiceSummary, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) AgentCheckIn(_ context.Context, _ valuer.UUID, _ *cloudintegrationtypes.AgentCheckInRequest) (cloudintegrationtypes.AgentCheckInResponse, error) {
+	return cloudintegrationtypes.AgentCheckInResponse{}, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) GetDashboardByID(_ context.Context, _ string, _ valuer.UUID) (*dashboardtypes.Dashboard, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}
+
+func (m *module) GetAllDashboards(_ context.Context, _ valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "not implemented")
+}

ee/query-service/app/server.go

@@ -216,7 +216,8 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		}),
 		otelmux.WithPublicEndpoint(),
 	))
-	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
+	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
+	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
 		s.config.APIServer.Timeout.ExcludedRoutes,
 		s.config.APIServer.Timeout.Default,

frontend/src/constants/queryBuilder.ts

@@ -1,6 +1,5 @@
 // ** Helpers
 import { MetrictypesTypeDTO } from 'api/generated/services/sigNoz.schemas';
-import { defaultTraceSelectedColumns } from 'container/OptionsMenu/constants';
 import { createIdFromObjectFields } from 'lib/createIdFromObjectFields';
 import { createNewBuilderItemName } from 'lib/newQueryBuilder/createNewBuilderItemName';
 import { IAttributeValuesResponse } from 'types/api/queryBuilder/getAttributesValues';
@@ -549,49 +548,3 @@ export const DATA_TYPE_VS_ATTRIBUTE_VALUES_KEY: Record<
 	[DataTypes.ArrayBool]: 'boolAttributeValues',
 	[DataTypes.EMPTY]: 'stringAttributeValues',
 };
-
-export const listViewInitialLogQuery: Query = {
-	...initialQueriesMap.logs,
-	builder: {
-		...initialQueriesMap.logs.builder,
-		queryData: [
-			{
-				...initialQueriesMap.logs.builder.queryData[0],
-				aggregateOperator: LogsAggregatorOperator.NOOP,
-				orderBy: [{ columnName: 'timestamp', order: 'desc' }],
-				offset: 0,
-				pageSize: 100,
-			},
-		],
-	},
-};
-
-export const PANEL_TYPES_INITIAL_QUERY: Record<PANEL_TYPES, Query> = {
-	[PANEL_TYPES.TIME_SERIES]: initialQueriesMap.metrics,
-	[PANEL_TYPES.VALUE]: initialQueriesMap.metrics,
-	[PANEL_TYPES.TABLE]: initialQueriesMap.metrics,
-	[PANEL_TYPES.LIST]: listViewInitialLogQuery,
-	[PANEL_TYPES.TRACE]: initialQueriesMap.traces,
-	[PANEL_TYPES.BAR]: initialQueriesMap.metrics,
-	[PANEL_TYPES.PIE]: initialQueriesMap.metrics,
-	[PANEL_TYPES.HISTOGRAM]: initialQueriesMap.metrics,
-	[PANEL_TYPES.EMPTY_WIDGET]: initialQueriesMap.metrics,
-};
-
-export const listViewInitialTraceQuery: Query = {
-	// it should be the above commented query
-	...initialQueriesMap.traces,
-	builder: {
-		...initialQueriesMap.traces.builder,
-		queryData: [
-			{
-				...initialQueriesMap.traces.builder.queryData[0],
-				aggregateOperator: LogsAggregatorOperator.NOOP,
-				orderBy: [{ columnName: 'timestamp', order: 'desc' }],
-				offset: 0,
-				pageSize: 10,
-				selectColumns: defaultTraceSelectedColumns,
-			},
-		],
-	},
-};

frontend/src/container/DashboardContainer/ComponentsSlider/ComponentSlider.styles.scss

@@ -1,4 +1,4 @@
-.panel-type-selection-modal {
+.graph-selection {
 	.ant-modal-content {
 		width: 515px;
 		max-height: 646px;
@@ -76,11 +76,6 @@
 						content: none;
 					}
 				}
-
-				.panel-type-text {
-					text-align: center;
-					margin-top: 1rem;
-				}
 			}
 		}
 
@@ -119,7 +114,7 @@
 }
 
 .lightMode {
-	.panel-type-selection-modal {
+	.graph-selection {
 		.ant-modal-content {
 			border: 1px solid var(--bg-vanilla-300);
 			background: var(--bg-vanilla-100);

frontend/src/container/DashboardContainer/ComponentsSlider/constants.ts

@@ -0,0 +1,50 @@
+import { initialQueriesMap, PANEL_TYPES } from 'constants/queryBuilder';
+import { defaultTraceSelectedColumns } from 'container/OptionsMenu/constants';
+import { Query } from 'types/api/queryBuilder/queryBuilderData';
+import { LogsAggregatorOperator } from 'types/common/queryBuilder';
+
+export const PANEL_TYPES_INITIAL_QUERY = {
+	[PANEL_TYPES.TIME_SERIES]: initialQueriesMap.metrics,
+	[PANEL_TYPES.VALUE]: initialQueriesMap.metrics,
+	[PANEL_TYPES.TABLE]: initialQueriesMap.metrics,
+	[PANEL_TYPES.LIST]: initialQueriesMap.logs,
+	[PANEL_TYPES.TRACE]: initialQueriesMap.traces,
+	[PANEL_TYPES.BAR]: initialQueriesMap.metrics,
+	[PANEL_TYPES.PIE]: initialQueriesMap.metrics,
+	[PANEL_TYPES.HISTOGRAM]: initialQueriesMap.metrics,
+	[PANEL_TYPES.EMPTY_WIDGET]: initialQueriesMap.metrics,
+};
+
+export const listViewInitialLogQuery: Query = {
+	...initialQueriesMap.logs,
+	builder: {
+		...initialQueriesMap.logs.builder,
+		queryData: [
+			{
+				...initialQueriesMap.logs.builder.queryData[0],
+				aggregateOperator: LogsAggregatorOperator.NOOP,
+				orderBy: [{ columnName: 'timestamp', order: 'desc' }],
+				offset: 0,
+				pageSize: 100,
+			},
+		],
+	},
+};
+
+export const listViewInitialTraceQuery: Query = {
+	// it should be the above commented query
+	...initialQueriesMap.traces,
+	builder: {
+		...initialQueriesMap.traces.builder,
+		queryData: [
+			{
+				...initialQueriesMap.traces.builder.queryData[0],
+				aggregateOperator: LogsAggregatorOperator.NOOP,
+				orderBy: [{ columnName: 'timestamp', order: 'desc' }],
+				offset: 0,
+				pageSize: 10,
+				selectColumns: defaultTraceSelectedColumns,
+			},
+		],
+	},
+};

frontend/src/container/DashboardContainer/ComponentsSlider/index.tsx

@@ -0,0 +1,94 @@
+import { Card, Modal } from 'antd';
+import logEvent from 'api/common/logEvent';
+import { QueryParams } from 'constants/query';
+import { PANEL_TYPES } from 'constants/queryBuilder';
+import createQueryParams from 'lib/createQueryParams';
+import history from 'lib/history';
+import { useDashboard } from 'providers/Dashboard/Dashboard';
+import { LogsAggregatorOperator } from 'types/common/queryBuilder';
+import { v4 as uuid } from 'uuid';
+
+import { PANEL_TYPES_INITIAL_QUERY } from './constants';
+import menuItems from './menuItems';
+import { Text } from './styles';
+
+import './ComponentSlider.styles.scss';
+
+function DashboardGraphSlider(): JSX.Element {
+	const { handleToggleDashboardSlider, isDashboardSliderOpen } = useDashboard();
+
+	const onClickHandler = (name: PANEL_TYPES) => (): void => {
+		const id = uuid();
+		handleToggleDashboardSlider(false);
+		logEvent('Dashboard Detail: New panel type selected', {
+			// dashboardId: '',
+			// dashboardName: '',
+			// numberOfPanels: 0, // todo - at this point we don't know these attributes
+			panelType: name,
+			widgetId: id,
+		});
+		const queryParamsLog = {
+			graphType: name,
+			widgetId: id,
+			[QueryParams.compositeQuery]: JSON.stringify({
+				...PANEL_TYPES_INITIAL_QUERY[name],
+				builder: {
+					...PANEL_TYPES_INITIAL_QUERY[name].builder,
+					queryData: [
+						{
+							...PANEL_TYPES_INITIAL_QUERY[name].builder.queryData[0],
+							aggregateOperator: LogsAggregatorOperator.NOOP,
+							orderBy: [{ columnName: 'timestamp', order: 'desc' }],
+							offset: 0,
+							pageSize: 100,
+						},
+					],
+				},
+			}),
+		};
+
+		const queryParams = {
+			graphType: name,
+			widgetId: id,
+			[QueryParams.compositeQuery]: JSON.stringify(
+				PANEL_TYPES_INITIAL_QUERY[name],
+			),
+		};
+		if (name === PANEL_TYPES.LIST) {
+			history.push(
+				`${history.location.pathname}/new?${createQueryParams(queryParamsLog)}`,
+			);
+		} else {
+			history.push(
+				`${history.location.pathname}/new?${createQueryParams(queryParams)}`,
+			);
+		}
+	};
+
+	const handleCardClick = (panelType: PANEL_TYPES): void => {
+		onClickHandler(panelType)();
+	};
+
+	return (
+		<Modal
+			open={isDashboardSliderOpen}
+			onCancel={(): void => {
+				handleToggleDashboardSlider(false);
+			}}
+			rootClassName="graph-selection"
+			footer={null}
+			title="New Panel"
+		>
+			<div className="panel-selection">
+				{menuItems.map(({ name, icon, display }) => (
+					<Card onClick={(): void => handleCardClick(name)} id={name} key={name}>
+						{icon}
+						<Text>{display}</Text>
+					</Card>
+				))}
+			</div>
+		</Modal>
+	);
+}
+
+export default DashboardGraphSlider;

frontend/src/container/DashboardContainer/ComponentsSlider/menuItems.tsx

@@ -9,7 +9,7 @@ import {
 	Table,
 } from 'lucide-react';
 
-export const PanelTypesWithData: ItemsProps[] = [
+const Items: ItemsProps[] = [
 	{
 		name: PANEL_TYPES.TIME_SERIES,
 		icon: <LineChart size={16} color={Color.BG_ROBIN_400} />,
@@ -52,3 +52,5 @@ export interface ItemsProps {
 	icon: JSX.Element;
 	display: string;
 }
+
+export default Items;

frontend/src/container/DashboardContainer/ComponentsSlider/styles.ts

@@ -0,0 +1,41 @@
+import { Card as CardComponent, Typography } from 'antd';
+import styled from 'styled-components';
+
+export const Container = styled.div`
+	display: flex;
+	justify-content: right;
+	gap: 8px;
+	margin-bottom: 12px;
+`;
+
+export const Card = styled(CardComponent)`
+	min-height: 80px;
+	min-width: 120px;
+	overflow-y: auto;
+	cursor: pointer;
+	transition: transform 0.2s;
+
+	.ant-card-body {
+		padding: 12px;
+		height: 100%;
+		display: flex;
+		flex-direction: column;
+		justify-content: space-between;
+		align-items: center;
+
+		.ant-typography {
+			font-size: 12px;
+			font-weight: 600;
+		}
+	}
+
+	&:hover {
+		transform: scale(1.05);
+		border: 1px solid var(--bg-robin-400);
+	}
+`;
+
+export const Text = styled(Typography)`
+	text-align: center;
+	margin-top: 1rem;
+`;

frontend/src/container/DashboardContainer/DashboardDescription/__tests__/DashboardDescription.test.tsx

@@ -182,7 +182,9 @@ describe('Dashboard landing page actions header tests', () => {
 		(useLocation as jest.Mock).mockReturnValue(mockLocation);
 
 		const mockContextValue: IDashboardContext = {
+			isDashboardSliderOpen: false,
 			isDashboardLocked: false,
+			handleToggleDashboardSlider: jest.fn(),
 			handleDashboardLockToggle: jest.fn(),
 			dashboardResponse: {} as IDashboardContext['dashboardResponse'],
 			selectedDashboard: (getDashboardById.data as unknown) as Dashboard,

frontend/src/container/DashboardContainer/DashboardDescription/index.tsx

@@ -40,7 +40,6 @@ import {
 } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { useDashboard } from 'providers/Dashboard/Dashboard';
-import { usePanelTypeSelectionModalStore } from 'providers/Dashboard/helpers/panelTypeSelectionModalHelper';
 import { sortLayout } from 'providers/Dashboard/util';
 import { DashboardData } from 'types/api/dashboard/getAll';
 import { Props } from 'types/api/dashboard/update';
@@ -49,10 +48,10 @@ import { ComponentTypes } from 'utils/permission';
 import { v4 as uuid } from 'uuid';
 
 import DashboardHeader from '../components/DashboardHeader/DashboardHeader';
+import DashboardGraphSlider from '../ComponentsSlider';
 import DashboardSettings from '../DashboardSettings';
 import { Base64Icons } from '../DashboardSettings/General/utils';
 import DashboardVariableSelection from '../DashboardVariablesSelection';
-import PanelTypeSelectionModal from '../PanelTypeSelectionModal';
 import SettingsDrawer from './SettingsDrawer';
 import { VariablesSettingsTab } from './types';
 import {
@@ -70,9 +69,6 @@ interface DashboardDescriptionProps {
 // eslint-disable-next-line sonarjs/cognitive-complexity
 function DashboardDescription(props: DashboardDescriptionProps): JSX.Element {
 	const { handle } = props;
-	const setIsPanelTypeSelectionModalOpen = usePanelTypeSelectionModalStore(
-		(s) => s.setIsPanelTypeSelectionModalOpen,
-	);
 	const {
 		selectedDashboard,
 		panelMap,
@@ -81,6 +77,7 @@ function DashboardDescription(props: DashboardDescriptionProps): JSX.Element {
 		setLayouts,
 		isDashboardLocked,
 		setSelectedDashboard,
+		handleToggleDashboardSlider,
 		handleDashboardLockToggle,
 	} = useDashboard();
 
@@ -148,14 +145,14 @@ function DashboardDescription(props: DashboardDescriptionProps): JSX.Element {
 	const [addPanelPermission] = useComponentPermission(permissions, userRole);
 
 	const onEmptyWidgetHandler = useCallback(() => {
-		setIsPanelTypeSelectionModalOpen(true);
+		handleToggleDashboardSlider(true);
 		logEvent('Dashboard Detail: Add new panel clicked', {
 			dashboardId: selectedDashboard?.id,
 			dashboardName: selectedDashboard?.data.title,
 			numberOfPanels: selectedDashboard?.data.widgets?.length,
 		});
 		// eslint-disable-next-line react-hooks/exhaustive-deps
-	}, [setIsPanelTypeSelectionModalOpen]);
+	}, [handleToggleDashboardSlider]);
 
 	const handleLockDashboardToggle = (): void => {
 		setIsDashbordSettingsOpen(false);
@@ -524,7 +521,7 @@ function DashboardDescription(props: DashboardDescriptionProps): JSX.Element {
 					<DashboardVariableSelection />
 				</section>
 			)}
-			<PanelTypeSelectionModal />
+			<DashboardGraphSlider />
 
 			<Modal
 				open={isRenameDashboardOpen}

frontend/src/container/DashboardContainer/PanelTypeSelectionModal/index.tsx

@@ -1,68 +0,0 @@
-import { memo } from 'react';
-import { Card, Modal, Typography } from 'antd';
-import logEvent from 'api/common/logEvent';
-import { QueryParams } from 'constants/query';
-import { PANEL_TYPES, PANEL_TYPES_INITIAL_QUERY } from 'constants/queryBuilder';
-import createQueryParams from 'lib/createQueryParams';
-import history from 'lib/history';
-import { usePanelTypeSelectionModalStore } from 'providers/Dashboard/helpers/panelTypeSelectionModalHelper';
-import { v4 as uuid } from 'uuid';
-
-import { PanelTypesWithData } from './menuItems';
-
-import './PanelTypeSelectionModal.styles.scss';
-
-function PanelTypeSelectionModal(): JSX.Element {
-	const {
-		isPanelTypeSelectionModalOpen,
-		setIsPanelTypeSelectionModalOpen,
-	} = usePanelTypeSelectionModalStore();
-
-	const onClickHandler = (name: PANEL_TYPES) => (): void => {
-		const id = uuid();
-		setIsPanelTypeSelectionModalOpen(false);
-		logEvent('Dashboard Detail: New panel type selected', {
-			panelType: name,
-			widgetId: id,
-		});
-
-		const queryParams = {
-			graphType: name,
-			widgetId: id,
-			[QueryParams.compositeQuery]: JSON.stringify(
-				PANEL_TYPES_INITIAL_QUERY[name],
-			),
-		};
-
-		history.push(
-			`${history.location.pathname}/new?${createQueryParams(queryParams)}`,
-		);
-	};
-
-	const handleCardClick = (panelType: PANEL_TYPES): void => {
-		onClickHandler(panelType)();
-	};
-
-	return (
-		<Modal
-			open={isPanelTypeSelectionModalOpen}
-			onCancel={(): void => {
-				setIsPanelTypeSelectionModalOpen(false);
-			}}
-			rootClassName="panel-type-selection-modal"
-			footer={null}
-			title="New Panel"
-		>
-			<div className="panel-selection">
-				{PanelTypesWithData.map(({ name, icon, display }) => (
-					<Card onClick={(): void => handleCardClick(name)} id={name} key={name}>
-						{icon}
-						<Typography className="panel-type-text">{display}</Typography>
-					</Card>
-				))}
-			</div>
-		</Modal>
-	);
-}
-
-export default memo(PanelTypeSelectionModal);

frontend/src/container/GridCardLayout/DashboardEmptyState/DashboardEmptyState.tsx

@@ -9,18 +9,17 @@ import DashboardSettings from 'container/DashboardContainer/DashboardSettings';
 import useComponentPermission from 'hooks/useComponentPermission';
 import { useAppContext } from 'providers/App/App';
 import { useDashboard } from 'providers/Dashboard/Dashboard';
-import { usePanelTypeSelectionModalStore } from 'providers/Dashboard/helpers/panelTypeSelectionModalHelper';
 import { ROLES, USER_ROLES } from 'types/roles';
 import { ComponentTypes } from 'utils/permission';
 
 import './DashboardEmptyState.styles.scss';
 
 export default function DashboardEmptyState(): JSX.Element {
-	const setIsPanelTypeSelectionModalOpen = usePanelTypeSelectionModalStore(
-		(s) => s.setIsPanelTypeSelectionModalOpen,
-	);
-
-	const { selectedDashboard, isDashboardLocked } = useDashboard();
+	const {
+		selectedDashboard,
+		isDashboardLocked,
+		handleToggleDashboardSlider,
+	} = useDashboard();
 
 	const variablesSettingsTabHandle = useRef<VariablesSettingsTab>(null);
 	const [isSettingsDrawerOpen, setIsSettingsDrawerOpen] = useState<boolean>(
@@ -42,14 +41,14 @@ export default function DashboardEmptyState(): JSX.Element {
 	const [addPanelPermission] = useComponentPermission(permissions, userRole);
 
 	const onEmptyWidgetHandler = useCallback(() => {
-		setIsPanelTypeSelectionModalOpen(true);
+		handleToggleDashboardSlider(true);
 		logEvent('Dashboard Detail: Add new panel clicked', {
 			dashboardId: selectedDashboard?.id,
 			dashboardName: selectedDashboard?.data.title,
 			numberOfPanels: selectedDashboard?.data.widgets?.length,
 		});
 		// eslint-disable-next-line react-hooks/exhaustive-deps
-	}, [setIsPanelTypeSelectionModalOpen]);
+	}, [handleToggleDashboardSlider]);
 
 	const onConfigureClick = useCallback((): void => {
 		setIsSettingsDrawerOpen(true);

frontend/src/container/GridCardLayout/GridCard/FullView/PanelTypeSelector.tsx

@@ -2,7 +2,7 @@ import { useCallback } from 'react';
 import { Select, Typography } from 'antd';
 import { QueryParams } from 'constants/query';
 import { PANEL_TYPES } from 'constants/queryBuilder';
-import { PanelTypesWithData } from 'container/DashboardContainer/PanelTypeSelectionModal/menuItems';
+import GraphTypes from 'container/DashboardContainer/ComponentsSlider/menuItems';
 import { handleQueryChange } from 'container/NewWidget/utils';
 import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
 import { Query } from 'types/api/queryBuilder/queryBuilderData';
@@ -59,7 +59,7 @@ function PanelTypeSelector({
 				data-testid="panel-change-select"
 				disabled={disabled}
 			>
-				{PanelTypesWithData.map((item) => (
+				{GraphTypes.map((item) => (
 					<Option key={item.name} value={item.name}>
 						<div className="view-panel-select-option">
 							<div className="icon">{item.icon}</div>

frontend/src/container/GridCardLayout/WidgetRow.tsx

@@ -5,7 +5,6 @@ import useComponentPermission from 'hooks/useComponentPermission';
 import { EllipsisIcon, PenLine, Plus, X } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { useDashboard } from 'providers/Dashboard/Dashboard';
-import { usePanelTypeSelectionModalStore } from 'providers/Dashboard/helpers/panelTypeSelectionModalHelper';
 import { setSelectedRowWidgetId } from 'providers/Dashboard/helpers/selectedRowWidgetIdHelper';
 import { ROLES, USER_ROLES } from 'types/roles';
 import { ComponentTypes } from 'utils/permission';
@@ -35,11 +34,11 @@ export function WidgetRowHeader(props: WidgetRowHeaderProps): JSX.Element {
 	} = props;
 	const [isRowSettingsOpen, setIsRowSettingsOpen] = useState<boolean>(false);
 
-	const setIsPanelTypeSelectionModalOpen = usePanelTypeSelectionModalStore(
-		(s) => s.setIsPanelTypeSelectionModalOpen,
-	);
-
-	const { selectedDashboard, isDashboardLocked } = useDashboard();
+	const {
+		handleToggleDashboardSlider,
+		selectedDashboard,
+		isDashboardLocked,
+	} = useDashboard();
 
 	const permissions: ComponentTypes[] = ['add_panel'];
 	const { user } = useAppContext();
@@ -88,7 +87,7 @@ export function WidgetRowHeader(props: WidgetRowHeaderProps): JSX.Element {
 								}
 
 								setSelectedRowWidgetId(selectedDashboard.id, id);
-								setIsPanelTypeSelectionModalOpen(true);
+								handleToggleDashboardSlider(true);
 							}}
 						>
 							New Panel

frontend/src/container/Home/Home.tsx

@@ -15,7 +15,6 @@ import ROUTES from 'constants/routes';
 import { getMetricsListQuery } from 'container/MetricsExplorer/Summary/utils';
 import { useGetMetricsList } from 'hooks/metricsExplorer/useGetMetricsList';
 import { useGetQueryRange } from 'hooks/queryBuilder/useGetQueryRange';
-import { useIsDarkMode } from 'hooks/useDarkMode';
 import history from 'lib/history';
 import cloneDeep from 'lodash-es/cloneDeep';
 import { AnimatePresence } from 'motion/react';
@@ -44,7 +43,6 @@ const homeInterval = 30 * 60 * 1000;
 // eslint-disable-next-line sonarjs/cognitive-complexity
 export default function Home(): JSX.Element {
 	const { user } = useAppContext();
-	const isDarkMode = useIsDarkMode();
 
 	const [startTime, setStartTime] = useState<number | null>(null);
 	const [endTime, setEndTime] = useState<number | null>(null);
@@ -682,11 +680,7 @@ export default function Home(): JSX.Element {
 
 												<div className="checklist-img-container">
 													<img
-														src={
-															isDarkMode
-																? '/Images/allInOne.svg'
-																: '/Images/allInOneLightMode.svg'
-														}
+														src="/Images/allInOne.svg"
 														alt="checklist-img"
 														className="checklist-img"
 													/>

frontend/src/container/NewWidget/RightContainer/index.tsx

@@ -20,10 +20,9 @@ import {
 import { PrecisionOption, PrecisionOptionsEnum } from 'components/Graph/types';
 import TimePreference from 'components/TimePreferenceDropDown';
 import { PANEL_TYPES, PanelDisplay } from 'constants/queryBuilder';
-import {
+import GraphTypes, {
 	ItemsProps,
-	PanelTypesWithData,
-} from 'container/DashboardContainer/PanelTypeSelectionModal/menuItems';
+} from 'container/DashboardContainer/ComponentsSlider/menuItems';
 import { useDashboardVariables } from 'hooks/dashboard/useDashboardVariables';
 import useCreateAlerts from 'hooks/queryBuilder/useCreateAlerts';
 import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
@@ -151,7 +150,7 @@ function RightContainer({
 	);
 
 	const selectedGraphType =
-		PanelTypesWithData.find((e) => e.name === selectedGraph)?.display || '';
+		GraphTypes.find((e) => e.name === selectedGraph)?.display || '';
 
 	const onCreateAlertsHandler = useCreateAlerts(selectedWidget, 'panelView');
 
@@ -177,7 +176,7 @@ function RightContainer({
 
 	const { currentQuery } = useQueryBuilder();
 
-	const [graphTypes, setGraphTypes] = useState<ItemsProps[]>(PanelTypesWithData);
+	const [graphTypes, setGraphTypes] = useState<ItemsProps[]>(GraphTypes);
 
 	const dashboardVariableOptions = useMemo<VariableOption[]>(() => {
 		return Object.entries(dashboardVariables).map(([, value]) => ({
@@ -273,7 +272,7 @@ function RightContainer({
 				prev.filter((graph) => graph.name !== PANEL_TYPES.LIST),
 			);
 		} else {
-			setGraphTypes(PanelTypesWithData);
+			setGraphTypes(GraphTypes);
 		}
 	}, [currentQuery]);
 

frontend/src/container/NewWidget/utils.ts

@@ -11,8 +11,11 @@ import { getYAxisCategories } from 'components/YAxisUnitSelector/utils';
 import {
 	initialQueryBuilderFormValuesMap,
 	PANEL_TYPES,
-	PANEL_TYPES_INITIAL_QUERY,
 } from 'constants/queryBuilder';
+import {
+	listViewInitialLogQuery,
+	PANEL_TYPES_INITIAL_QUERY,
+} from 'container/DashboardContainer/ComponentsSlider/constants';
 import {
 	defaultLogsSelectedColumns,
 	defaultTraceSelectedColumns,
@@ -546,7 +549,10 @@ export const getDefaultWidgetData = (
 	nullZeroValues: '',
 	opacity: '',
 	panelTypes: name,
-	query: PANEL_TYPES_INITIAL_QUERY[name],
+	query:
+		name === PANEL_TYPES.LIST
+			? listViewInitialLogQuery
+			: PANEL_TYPES_INITIAL_QUERY[name],
 	timePreferance: 'GLOBAL_TIME',
 	softMax: null,
 	softMin: null,

frontend/src/hooks/queryBuilder/useQueryBuilderOperations.ts

@@ -12,8 +12,6 @@ import {
 	ATTRIBUTE_TYPES,
 	initialAutocompleteData,
 	initialQueryBuilderFormValuesMap,
-	listViewInitialLogQuery,
-	listViewInitialTraceQuery,
 	mapOfFormulaToFilters,
 	mapOfQueryFilters,
 	PANEL_TYPES,
@@ -25,6 +23,10 @@ import {
 	metricsUnknownSpaceAggregateOperatorOptions,
 	metricsUnknownTimeAggregateOperatorOptions,
 } from 'constants/queryBuilderOperators';
+import {
+	listViewInitialLogQuery,
+	listViewInitialTraceQuery,
+} from 'container/DashboardContainer/ComponentsSlider/constants';
 import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
 import { getMetricsOperatorsByAttributeType } from 'lib/newQueryBuilder/getMetricsOperatorsByAttributeType';
 import { getOperatorsBySourceAndPanelType } from 'lib/newQueryBuilder/getOperatorsBySourceAndPanelType';

frontend/src/providers/Dashboard/Dashboard.tsx

@@ -53,7 +53,9 @@ import { IDashboardContext, WidgetColumnWidths } from './types';
 import { sortLayout } from './util';
 
 export const DashboardContext = createContext<IDashboardContext>({
+	isDashboardSliderOpen: false,
 	isDashboardLocked: false,
+	handleToggleDashboardSlider: () => {},
 	handleDashboardLockToggle: () => {},
 	dashboardResponse: {} as UseQueryResult<
 		SuccessResponseV2<Dashboard>,
@@ -80,6 +82,8 @@ export function DashboardProvider({
 	children,
 	dashboardId,
 }: PropsWithChildren<{ dashboardId: string }>): JSX.Element {
+	const [isDashboardSliderOpen, setIsDashboardSlider] = useState<boolean>(false);
+
 	const [isDashboardLocked, setIsDashboardLocked] = useState<boolean>(false);
 
 	const [
@@ -284,8 +288,13 @@ export function DashboardProvider({
 		}
 	}, [isVisible]);
 
+	const handleToggleDashboardSlider = (value: boolean): void => {
+		setIsDashboardSlider(value);
+	};
+
 	const { mutate: lockDashboard } = useMutation(locked, {
 		onSuccess: (_, props) => {
+			setIsDashboardSlider(false);
 			setIsDashboardLocked(props.lock);
 		},
 		onError: (error) => {
@@ -310,7 +319,9 @@ export function DashboardProvider({
 
 	const value: IDashboardContext = useMemo(
 		() => ({
+			isDashboardSliderOpen,
 			isDashboardLocked,
+			handleToggleDashboardSlider,
 			handleDashboardLockToggle,
 			dashboardResponse,
 			selectedDashboard,
@@ -330,6 +341,7 @@ export function DashboardProvider({
 		}),
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 		[
+			isDashboardSliderOpen,
 			isDashboardLocked,
 			dashboardResponse,
 			selectedDashboard,

frontend/src/providers/Dashboard/helpers/panelTypeSelectionModalHelper.ts

@@ -1,18 +0,0 @@
-import { create } from 'zustand';
-
-interface IPanelTypeSelectionModalState {
-	isPanelTypeSelectionModalOpen: boolean;
-	setIsPanelTypeSelectionModalOpen: (isOpen: boolean) => void;
-}
-
-/**
- * This helper is used for selecting the panel type when creating a new panel in the dashboard.
- * It uses Zustand for state management to keep track of whether the panel type selection modal is open or closed.
- */
-export const usePanelTypeSelectionModalStore = create<IPanelTypeSelectionModalState>(
-	(set) => ({
-		isPanelTypeSelectionModalOpen: false,
-		setIsPanelTypeSelectionModalOpen: (isOpen): void =>
-			set({ isPanelTypeSelectionModalOpen: isOpen }),
-	}),
-);

frontend/src/providers/Dashboard/types.ts

@@ -9,7 +9,9 @@ export type WidgetColumnWidths = {
 };
 
 export interface IDashboardContext {
+	isDashboardSliderOpen: boolean;
 	isDashboardLocked: boolean;
+	handleToggleDashboardSlider: (value: boolean) => void;
 	handleDashboardLockToggle: (value: boolean) => void;
 	dashboardResponse: UseQueryResult<SuccessResponseV2<Dashboard>, unknown>;
 	selectedDashboard: Dashboard | undefined;

pkg/apiserver/signozapiserver/provider.go

@@ -23,7 +23,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/gorilla/mux"
 )
@@ -238,13 +238,13 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 
 func newSecuritySchemes(role types.Role) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
-		{Name: authtypes.IdentNProviderAPIkey.StringValue(), Scopes: []string{role.String()}},
-		{Name: authtypes.IdentNProviderTokenizer.StringValue(), Scopes: []string{role.String()}},
+		{Name: ctxtypes.AuthTypeAPIKey.StringValue(), Scopes: []string{role.String()}},
+		{Name: ctxtypes.AuthTypeTokenizer.StringValue(), Scopes: []string{role.String()}},
 	}
 }
 
 func newAnonymousSecuritySchemes(scopes []string) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
-		{Name: authtypes.IdentNProviderAnonymous.StringValue(), Scopes: scopes},
+		{Name: ctxtypes.AuthTypeAnonymous.StringValue(), Scopes: scopes},
 	}
 }

pkg/apiserver/signozapiserver/session.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/gorilla/mux"
 )
 
@@ -72,7 +73,7 @@ func (provider *provider) addSessionRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: ctxtypes.AuthTypeTokenizer.StringValue()}},
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}

pkg/apiserver/signozapiserver/user.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/gorilla/mux"
 )
 
@@ -208,7 +208,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: ctxtypes.AuthTypeTokenizer.StringValue()}},
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

pkg/authn/passwordauthn/emailpasswordauthn/authn.go

@@ -30,5 +30,5 @@ func (a *AuthN) Authenticate(ctx context.Context, email string, password string,
 		return nil, errors.New(errors.TypeUnauthenticated, types.ErrCodeIncorrectPassword, "invalid email or password")
 	}
 
-	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role, authtypes.IdentNProviderTokenizer), nil
+	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role), nil
 }

pkg/http/middleware/api_key.go

@@ -0,0 +1,143 @@
+package middleware
+
+import (
+	"context"
+	"log/slog"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/sharder"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"golang.org/x/sync/singleflight"
+)
+
+const (
+	apiKeyCrossOrgMessage string = "::API-KEY-CROSS-ORG::"
+)
+
+type APIKey struct {
+	store   sqlstore.SQLStore
+	uuid    *authtypes.UUID
+	headers []string
+	logger  *slog.Logger
+	sharder sharder.Sharder
+	sfGroup *singleflight.Group
+}
+
+func NewAPIKey(store sqlstore.SQLStore, headers []string, logger *slog.Logger, sharder sharder.Sharder) *APIKey {
+	return &APIKey{
+		store:   store,
+		uuid:    authtypes.NewUUID(),
+		headers: headers,
+		logger:  logger,
+		sharder: sharder,
+		sfGroup: &singleflight.Group{},
+	}
+}
+
+func (a *APIKey) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var values []string
+		var apiKeyToken string
+		var apiKey types.StorableAPIKey
+
+		for _, header := range a.headers {
+			values = append(values, r.Header.Get(header))
+		}
+
+		ctx, err := a.uuid.ContextFromRequest(r.Context(), values...)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		apiKeyToken, ok := authtypes.UUIDFromContext(ctx)
+		if !ok {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		err = a.
+			store.
+			BunDB().
+			NewSelect().
+			Model(&apiKey).
+			Where("token = ?", apiKeyToken).
+			Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// allow the APIKey if expires_at is not set
+		if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// get user from db
+		user := types.User{}
+		err = a.store.BunDB().NewSelect().Model(&user).Where("id = ?", apiKey.UserID).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		jwt := authtypes.Claims{
+			UserID: user.ID.String(),
+			Role:   apiKey.Role,
+			Email:  user.Email.String(),
+			OrgID:  user.OrgID.String(),
+		}
+
+		ctx = authtypes.NewContextWithClaims(ctx, jwt)
+
+		claims, err := authtypes.ClaimsFromContext(ctx)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if err := a.sharder.IsMyOwnedKey(r.Context(), types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
+			a.logger.ErrorContext(r.Context(), apiKeyCrossOrgMessage, "claims", claims, "error", err)
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx = ctxtypes.SetAuthType(ctx, ctxtypes.AuthTypeAPIKey)
+
+		comment := ctxtypes.CommentFromContext(ctx)
+		comment.Set("auth_type", ctxtypes.AuthTypeAPIKey.StringValue())
+		comment.Set("user_id", claims.UserID)
+		comment.Set("org_id", claims.OrgID)
+
+		r = r.WithContext(ctxtypes.NewContextWithComment(ctx, comment))
+
+		next.ServeHTTP(w, r)
+
+		lastUsedCtx := context.WithoutCancel(r.Context())
+		_, _, _ = a.sfGroup.Do(apiKey.ID.StringValue(), func() (any, error) {
+			apiKey.LastUsed = time.Now()
+			_, err = a.
+				store.
+				BunDB().
+				NewUpdate().
+				Model(&apiKey).
+				Column("last_used").
+				Where("token = ?", apiKeyToken).
+				Where("revoked = false").
+				Exec(lastUsedCtx)
+			if err != nil {
+				a.logger.ErrorContext(lastUsedCtx, "failed to update last used of api key", "error", err)
+			}
+
+			return true, nil
+		})
+
+	})
+
+}

pkg/http/middleware/authn.go

@@ -0,0 +1,150 @@
+package middleware
+
+import (
+	"context"
+	"log/slog"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/sharder"
+	"github.com/SigNoz/signoz/pkg/tokenizer"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"golang.org/x/sync/singleflight"
+)
+
+const (
+	authCrossOrgMessage string = "::AUTH-CROSS-ORG::"
+)
+
+type AuthN struct {
+	tokenizer tokenizer.Tokenizer
+	headers   []string
+	sharder   sharder.Sharder
+	logger    *slog.Logger
+	sfGroup   *singleflight.Group
+}
+
+func NewAuthN(headers []string, sharder sharder.Sharder, tokenizer tokenizer.Tokenizer, logger *slog.Logger) *AuthN {
+	return &AuthN{
+		headers:   headers,
+		sharder:   sharder,
+		tokenizer: tokenizer,
+		logger:    logger,
+		sfGroup:   &singleflight.Group{},
+	}
+}
+
+func (a *AuthN) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var values []string
+		for _, header := range a.headers {
+			values = append(values, r.Header.Get(header))
+		}
+
+		ctx, err := a.contextFromRequest(r.Context(), values...)
+		if err != nil {
+			r = r.WithContext(ctx)
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		r = r.WithContext(ctx)
+
+		claims, err := authtypes.ClaimsFromContext(ctx)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if err := a.sharder.IsMyOwnedKey(r.Context(), types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
+			a.logger.ErrorContext(r.Context(), authCrossOrgMessage, "claims", claims, "error", err)
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx = ctxtypes.SetAuthType(ctx, ctxtypes.AuthTypeTokenizer)
+
+		comment := ctxtypes.CommentFromContext(ctx)
+		comment.Set("auth_type", ctxtypes.AuthTypeTokenizer.StringValue())
+		comment.Set("tokenizer_provider", a.tokenizer.Config().Provider)
+		comment.Set("user_id", claims.UserID)
+		comment.Set("org_id", claims.OrgID)
+
+		r = r.WithContext(ctxtypes.NewContextWithComment(ctx, comment))
+
+		next.ServeHTTP(w, r)
+
+		accessToken, err := authtypes.AccessTokenFromContext(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		lastObservedAtCtx := context.WithoutCancel(r.Context())
+		_, _, _ = a.sfGroup.Do(accessToken, func() (any, error) {
+			if err := a.tokenizer.SetLastObservedAt(lastObservedAtCtx, accessToken, time.Now()); err != nil {
+				a.logger.ErrorContext(lastObservedAtCtx, "failed to set last observed at", "error", err)
+				return false, err
+			}
+
+			return true, nil
+		})
+	})
+}
+
+func (a *AuthN) contextFromRequest(ctx context.Context, values ...string) (context.Context, error) {
+	ctx, err := a.contextFromAccessToken(ctx, values...)
+	if err != nil {
+		return ctx, err
+	}
+
+	accessToken, err := authtypes.AccessTokenFromContext(ctx)
+	if err != nil {
+		return ctx, err
+	}
+
+	authenticatedUser, err := a.tokenizer.GetIdentity(ctx, accessToken)
+	if err != nil {
+		return ctx, err
+	}
+
+	return authtypes.NewContextWithClaims(ctx, authenticatedUser.ToClaims()), nil
+}
+
+func (a *AuthN) contextFromAccessToken(ctx context.Context, values ...string) (context.Context, error) {
+	var value string
+	for _, v := range values {
+		if v != "" {
+			value = v
+			break
+		}
+	}
+
+	if value == "" {
+		return ctx, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "missing authorization header")
+	}
+
+	// parse from
+	bearerToken, ok := parseBearerAuth(value)
+	if !ok {
+		// this will take care that if the value is not of type bearer token, directly use it
+		bearerToken = value
+	}
+
+	return authtypes.NewContextWithAccessToken(ctx, bearerToken), nil
+}
+
+func parseBearerAuth(auth string) (string, bool) {
+	const prefix = "Bearer "
+	// Case insensitive prefix match
+	if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
+		return "", false
+	}
+
+	return auth[len(prefix):], true
+}

pkg/http/middleware/authz.go

@@ -44,7 +44,7 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
+		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
 			if err := claims.IsViewer(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
@@ -96,7 +96,7 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
+		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
 			if err := claims.IsEditor(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
@@ -147,7 +147,7 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
+		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
 			if err := claims.IsAdmin(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)

pkg/http/middleware/identn.go

@@ -1,75 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"log/slog"
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/identn"
-	"github.com/SigNoz/signoz/pkg/sharder"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-const (
-	identityCrossOrgMessage string = "::IDENTITY-CROSS-ORG::"
-)
-
-type IdentN struct {
-	resolver identn.IdentNResolver
-	sharder  sharder.Sharder
-	logger   *slog.Logger
-}
-
-func NewIdentN(resolver identn.IdentNResolver, sharder sharder.Sharder, logger *slog.Logger) *IdentN {
-	return &IdentN{
-		resolver: resolver,
-		sharder:  sharder,
-		logger:   logger,
-	}
-}
-
-func (m *IdentN) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		idn := m.resolver.GetIdentN(r)
-		if idn == nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		if pre, ok := idn.(identn.IdentNWithPreHook); ok {
-			r = pre.Pre(r)
-		}
-
-		identity, err := idn.GetIdentity(r)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		ctx := r.Context()
-		claims := identity.ToClaims()
-		if err := m.sharder.IsMyOwnedKey(ctx, types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
-			m.logger.ErrorContext(ctx, identityCrossOrgMessage, "claims", claims, "error", err)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		ctx = authtypes.NewContextWithClaims(ctx, claims)
-
-		comment := ctxtypes.CommentFromContext(ctx)
-		comment.Set("identn_provider", claims.IdentNProvider)
-		comment.Set("user_id", claims.UserID)
-		comment.Set("org_id", claims.OrgID)
-		ctx = ctxtypes.NewContextWithComment(ctx, comment)
-
-		r = r.WithContext(ctx)
-		next.ServeHTTP(w, r)
-
-		if hook, ok := idn.(identn.IdentNWithPostHook); ok {
-			hook.Post(context.WithoutCancel(r.Context()), r, claims)
-		}
-	})
-}

pkg/identn/apikeyidentn/identn.go

@@ -1,131 +0,0 @@
-package apikeyidentn
-
-import (
-	"context"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/identn"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"golang.org/x/sync/singleflight"
-)
-
-// todo: will move this in types layer with service account integration
-type apiKeyTokenKey struct{}
-
-type resolver struct {
-	store    sqlstore.SQLStore
-	headers  []string
-	settings factory.ScopedProviderSettings
-	sfGroup  *singleflight.Group
-}
-
-func New(providerSettings factory.ProviderSettings, store sqlstore.SQLStore, headers []string) identn.IdentN {
-	return &resolver{
-		store:    store,
-		headers:  headers,
-		settings: factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn/apikeyidentn"),
-		sfGroup:  &singleflight.Group{},
-	}
-}
-
-func (r *resolver) Name() authtypes.IdentNProvider {
-	return authtypes.IdentNProviderAPIkey
-}
-
-func (r *resolver) Test(req *http.Request) bool {
-	for _, header := range r.headers {
-		if req.Header.Get(header) != "" {
-			return true
-		}
-	}
-	return false
-}
-
-func (r *resolver) Pre(req *http.Request) *http.Request {
-	token := r.extractToken(req)
-	if token == "" {
-		return req
-	}
-
-	ctx := context.WithValue(req.Context(), apiKeyTokenKey{}, token)
-	return req.WithContext(ctx)
-}
-
-func (r *resolver) GetIdentity(req *http.Request) (*authtypes.Identity, error) {
-	ctx := req.Context()
-
-	apiKeyToken, ok := ctx.Value(apiKeyTokenKey{}).(string)
-	if !ok || apiKeyToken == "" {
-		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "missing api key")
-	}
-
-	var apiKey types.StorableAPIKey
-	err := r.store.
-		BunDB().
-		NewSelect().
-		Model(&apiKey).
-		Where("token = ?", apiKeyToken).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
-		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "api key has expired")
-	}
-
-	var user types.User
-	err = r.store.
-		BunDB().
-		NewSelect().
-		Model(&user).
-		Where("id = ?", apiKey.UserID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	identity := authtypes.Identity{
-		UserID: user.ID,
-		Role:   apiKey.Role,
-		Email:  user.Email,
-		OrgID:  user.OrgID,
-	}
-	return &identity, nil
-}
-
-func (r *resolver) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {
-	apiKeyToken, ok := ctx.Value(apiKeyTokenKey{}).(string)
-	if !ok || apiKeyToken == "" {
-		return
-	}
-
-	_, _, _ = r.sfGroup.Do(apiKeyToken, func() (any, error) {
-		_, err := r.store.
-			BunDB().
-			NewUpdate().
-			Model(new(types.StorableAPIKey)).
-			Set("last_used = ?", time.Now()).
-			Where("token = ?", apiKeyToken).
-			Where("revoked = false").
-			Exec(ctx)
-		if err != nil {
-			r.settings.Logger().ErrorContext(ctx, "failed to update last used of api key", "error", err)
-		}
-		return true, nil
-	})
-}
-
-func (r *resolver) extractToken(req *http.Request) string {
-	for _, header := range r.headers {
-		if v := req.Header.Get(header); v != "" {
-			return v
-		}
-	}
-	return ""
-}

pkg/identn/identn.go

@@ -1,43 +0,0 @@
-package identn
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-)
-
-type IdentNResolver interface {
-	// GetIdentN returns the first IdentN whose Test() returns true for the request.
-	// Returns nil if no resolver matched.
-	GetIdentN(r *http.Request) IdentN
-}
-
-type IdentN interface {
-	// Test checks if this identn can handle the request.
-	// This should be a cheap check (e.g., header presence) with no I/O.
-	Test(r *http.Request) bool
-
-	// GetIdentity returns the resolved identity.
-	// Only called when Test() returns true.
-	GetIdentity(r *http.Request) (*authtypes.Identity, error)
-
-	Name() authtypes.IdentNProvider
-}
-
-// IdentNWithPreHook is optionally implemented by resolvers that need to
-// enrich the request before authentication (e.g., storing the access token
-// in context so downstream handlers can use it even on auth failure).
-type IdentNWithPreHook interface {
-	IdentN
-
-	Pre(r *http.Request) *http.Request
-}
-
-// IdentNWithPostHook is optionally implemented by resolvers that need
-// post-response side-effects (e.g., updating last_observed_at).
-type IdentNWithPostHook interface {
-	IdentN
-
-	Post(ctx context.Context, r *http.Request, claims authtypes.Claims)
-}

pkg/identn/resolver.go

@@ -1,31 +0,0 @@
-package identn
-
-import (
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/factory"
-)
-
-type identNResolver struct {
-	identNs  []IdentN
-	settings factory.ScopedProviderSettings
-}
-
-func NewIdentNResolver(providerSettings factory.ProviderSettings, identNs ...IdentN) IdentNResolver {
-	return &identNResolver{
-		identNs:  identNs,
-		settings: factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn"),
-	}
-}
-
-// GetIdentN returns the first IdentN whose Test() returns true.
-// Returns nil if no resolver matched.
-func (c *identNResolver) GetIdentN(r *http.Request) IdentN {
-	for _, idn := range c.identNs {
-		if idn.Test(r) {
-			c.settings.Logger().DebugContext(r.Context(), "identn matched", "provider", idn.Name())
-			return idn
-		}
-	}
-	return nil
-}

pkg/identn/tokenizeridentn/identn.go

@@ -1,103 +0,0 @@
-package tokenizeridentn
-
-import (
-	"context"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/identn"
-	"github.com/SigNoz/signoz/pkg/tokenizer"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"golang.org/x/sync/singleflight"
-)
-
-type resolver struct {
-	tokenizer tokenizer.Tokenizer
-	headers   []string
-	settings  factory.ScopedProviderSettings
-	sfGroup   *singleflight.Group
-}
-
-func New(providerSettings factory.ProviderSettings, tokenizer tokenizer.Tokenizer, headers []string) identn.IdentN {
-	return &resolver{
-		tokenizer: tokenizer,
-		headers:   headers,
-		settings:  factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn/tokenizeridentn"),
-		sfGroup:   &singleflight.Group{},
-	}
-}
-
-func (r *resolver) Name() authtypes.IdentNProvider {
-	return authtypes.IdentNProviderTokenizer
-}
-
-func (r *resolver) Test(req *http.Request) bool {
-	for _, header := range r.headers {
-		if req.Header.Get(header) != "" {
-			return true
-		}
-	}
-	return false
-}
-
-func (r *resolver) Pre(req *http.Request) *http.Request {
-	accessToken := r.extractToken(req)
-	if accessToken == "" {
-		return req
-	}
-
-	ctx := authtypes.NewContextWithAccessToken(req.Context(), accessToken)
-	return req.WithContext(ctx)
-}
-
-func (r *resolver) GetIdentity(req *http.Request) (*authtypes.Identity, error) {
-	ctx := req.Context()
-
-	accessToken, err := authtypes.AccessTokenFromContext(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return r.tokenizer.GetIdentity(ctx, accessToken)
-}
-
-func (r *resolver) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {
-	accessToken, err := authtypes.AccessTokenFromContext(ctx)
-	if err != nil {
-		return
-	}
-
-	_, _, _ = r.sfGroup.Do(accessToken, func() (any, error) {
-		if err := r.tokenizer.SetLastObservedAt(ctx, accessToken, time.Now()); err != nil {
-			r.settings.Logger().ErrorContext(ctx, "failed to set last observed at", "error", err)
-			return false, err
-		}
-		return true, nil
-	})
-}
-
-func (r *resolver) extractToken(req *http.Request) string {
-	var value string
-	for _, header := range r.headers {
-		if v := req.Header.Get(header); v != "" {
-			value = v
-			break
-		}
-	}
-
-	accessToken, ok := r.parseBearerAuth(value)
-	if !ok {
-		return value
-	}
-	return accessToken
-}
-
-func (r *resolver) parseBearerAuth(auth string) (string, bool) {
-	const prefix = "Bearer "
-	if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
-		return "", false
-	}
-	return auth[len(prefix):], true
-}

pkg/modules/cloudintegration/cloudintegration.go

@@ -0,0 +1,93 @@
+package cloudintegration
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Module interface {
+	// CreateConnectionArtifact generates cloud provider specific connection information,
+	// client side handles how this information is shown
+	CreateConnectionArtifact(
+		ctx context.Context,
+		orgID valuer.UUID,
+		provider cloudintegrationtypes.CloudProviderType,
+		request *cloudintegrationtypes.ConnectionArtifactRequest,
+	) (*cloudintegrationtypes.ConnectionArtifact, error)
+
+	// GetAccountStatus returns agent connection status for a cloud integration account
+	GetAccountStatus(ctx context.Context, orgID, accountID valuer.UUID) (*cloudintegrationtypes.AccountStatus, error)
+
+	// ListConnectedAccounts lists accounts where agent is connected
+	ListConnectedAccounts(ctx context.Context, orgID valuer.UUID) (*cloudintegrationtypes.ConnectedAccounts, error)
+
+	// DisconnectAccount soft deletes/removes a cloud integration account.
+	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID) error
+
+	// UpdateAccountConfig updates the configuration of an existing cloud account for a specific organization.
+	UpdateAccountConfig(
+		ctx context.Context,
+		orgID,
+		accountID valuer.UUID,
+		config *cloudintegrationtypes.UpdateAccountConfigRequest,
+	) (*cloudintegrationtypes.Account, error)
+
+	// ListServicesMetadata returns list of services metadata for a cloud provider attached with the integrationID.
+	// This just returns a summary of the service and not the whole service definition
+	ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) (*cloudintegrationtypes.ServicesMetadata, error)
+
+	// GetService returns service definition details for a serviceID. This returns config and
+	// other details required to show in service details page on web client.
+	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*cloudintegrationtypes.Service, error)
+
+	// UpdateServiceConfig updates cloud integration service config
+	UpdateServiceConfig(
+		ctx context.Context,
+		orgID valuer.UUID,
+		serviceID string,
+		config *cloudintegrationtypes.UpdateServiceConfigRequest,
+	) (*cloudintegrationtypes.UpdateServiceConfigResponse, error)
+
+	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
+	AgentCheckIn(
+		ctx context.Context,
+		orgID valuer.UUID,
+		req *cloudintegrationtypes.AgentCheckInRequest,
+	) (*cloudintegrationtypes.AgentCheckInResponse, error)
+
+	// GetDashboardByID returns dashboard JSON for a given dashboard id.
+	// this only returns the dashboard when the service (embedded in dashboard id) is enabled
+	// in the org for any cloud integration account
+	GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error)
+
+	// GetAllDashboards returns list of dashboards across all connected cloud integration accounts
+	// for enabled services in the org. This list gets added to dashboard list page
+	GetAllDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
+}
+
+// CloudProvider is the interface each cloud provider must implement.
+type CloudProvider interface {
+	CreateArtifact(
+		ctx context.Context,
+		orgID valuer.UUID,
+		request *cloudintegrationtypes.ConnectionArtifactRequest,
+		creds cloudintegrationtypes.SignozCredentials,
+		accountID valuer.UUID,
+	) (artifact *cloudintegrationtypes.ConnectionArtifact, err error)
+}
+
+type Handler interface {
+	AgentCheckIn(http.ResponseWriter, *http.Request)
+	GenerateConnectionArtifact(http.ResponseWriter, *http.Request)
+	ListConnectedAccounts(http.ResponseWriter, *http.Request)
+	GetAccountStatus(http.ResponseWriter, *http.Request)
+	ListServices(http.ResponseWriter, *http.Request)
+	GetServiceDetails(http.ResponseWriter, *http.Request)
+	UpdateAccountConfig(http.ResponseWriter, *http.Request)
+	UpdateServiceConfig(http.ResponseWriter, *http.Request)
+	DisconnectAccount(http.ResponseWriter, *http.Request)
+}

pkg/modules/cloudintegration/implcloudintegration/module.go

@@ -0,0 +1,61 @@
+package implcloudintegration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type module struct{}
+
+func NewModule() cloudintegration.Module {
+	return &module{}
+}
+
+func (m *module) CreateConnectionArtifact(_ context.Context, _ valuer.UUID, _ cloudintegrationtypes.CloudProviderType, _ *cloudintegrationtypes.ConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) GetAccountStatus(_ context.Context, _, _ valuer.UUID) (*cloudintegrationtypes.AccountStatus, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) ListConnectedAccounts(_ context.Context, _ valuer.UUID) (*cloudintegrationtypes.ConnectedAccounts, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) DisconnectAccount(_ context.Context, _, _ valuer.UUID) error {
+	return errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) UpdateAccountConfig(_ context.Context, _, _ valuer.UUID, _ *cloudintegrationtypes.UpdateAccountConfigRequest) (*cloudintegrationtypes.Account, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) ListServicesSummary(_ context.Context, _ valuer.UUID, _ *valuer.UUID) (*cloudintegrationtypes.ServicesSummary, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) GetService(_ context.Context, _ valuer.UUID, _ string, _ *valuer.UUID) (*cloudintegrationtypes.Service, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) UpdateServiceConfig(_ context.Context, _ string, _ valuer.UUID, _ *cloudintegrationtypes.UpdateServiceConfigRequest) (*cloudintegrationtypes.ServiceSummary, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) AgentCheckIn(_ context.Context, _ valuer.UUID, _ *cloudintegrationtypes.AgentCheckInRequest) (cloudintegrationtypes.AgentCheckInResponse, error) {
+	return cloudintegrationtypes.AgentCheckInResponse{}, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) GetDashboardByID(_ context.Context, _ string, _ valuer.UUID) (*dashboardtypes.Dashboard, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}
+
+func (m *module) GetAllDashboards(_ context.Context, _ valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
+	return nil, errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cloud integration is an enterprise feature")
+}

pkg/modules/cloudintegration/implcloudintegration/store.go

@@ -0,0 +1,118 @@
+package implcloudintegration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type store struct {
+	store sqlstore.SQLStore
+}
+
+func NewStore(sqlStore sqlstore.SQLStore) cloudintegrationtypes.Store {
+	return &store{store: sqlStore}
+}
+
+func (s *store) GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := s.store.BunDB().NewSelect().Model(account).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration account with id %s not found", id)
+	}
+	return account, nil
+}
+
+func (s *store) UpsertAccount(ctx context.Context, account *cloudintegrationtypes.StorableCloudIntegration) error {
+	account.UpdatedAt = time.Now()
+	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(account).
+		On("CONFLICT (id, provider, org_id) DO UPDATE").
+		Set("config = EXCLUDED.config").
+		Set("account_id = EXCLUDED.account_id").
+		Set("last_agent_report = EXCLUDED.last_agent_report").
+		Set("removed_at = EXCLUDED.removed_at").
+		Set("updated_at = EXCLUDED.updated_at").
+		Exec(ctx)
+	return err
+}
+
+func (s *store) RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
+	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model((*cloudintegrationtypes.StorableCloudIntegration)(nil)).
+		Set("removed_at = ?", time.Now()).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Exec(ctx)
+	return err
+}
+
+func (s *store) GetConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.StorableCloudIntegration, error) {
+	var accounts []*cloudintegrationtypes.StorableCloudIntegration
+	err := s.store.BunDB().NewSelect().Model(&accounts).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("removed_at IS NULL").
+		Where("account_id IS NOT NULL").
+		Where("last_agent_report IS NOT NULL").
+		Order("created_at ASC").
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return accounts, nil
+}
+
+func (s *store) GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, providerAccountID string) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := s.store.BunDB().NewSelect().Model(account).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("account_id = ?", providerAccountID).
+		Where("last_agent_report IS NOT NULL").
+		Where("removed_at IS NULL").
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "connected account with provider account id %s not found", providerAccountID)
+	}
+	return account, nil
+}
+
+func (s *store) GetServiceByType(ctx context.Context, cloudIntegrationID valuer.UUID, serviceType string) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	service := new(cloudintegrationtypes.StorableCloudIntegrationService)
+	err := s.store.BunDB().NewSelect().Model(service).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Where("type = ?", serviceType).
+		Scan(ctx)
+	if err != nil {
+		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration service with type %s not found", serviceType)
+	}
+	return service, nil
+}
+
+func (s *store) UpsertService(ctx context.Context, service *cloudintegrationtypes.StorableCloudIntegrationService) error {
+	service.UpdatedAt = time.Now()
+	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(service).
+		On("CONFLICT (cloud_integration_id, type) DO UPDATE").
+		Set("config = EXCLUDED.config").
+		Set("updated_at = EXCLUDED.updated_at").
+		Exec(ctx)
+	return err
+}
+
+func (s *store) GetServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*cloudintegrationtypes.StorableCloudIntegrationService, error) {
+	var services []*cloudintegrationtypes.StorableCloudIntegrationService
+	err := s.store.BunDB().NewSelect().Model(&services).
+		Where("cloud_integration_id = ?", cloudIntegrationID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return services, nil
+}

pkg/modules/dashboard/impldashboard/handler.go

@@ -15,6 +15,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/transition"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
@@ -108,7 +109,7 @@ func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
 
 	diff := 0
 	// Allow multiple deletions for API key requests; enforce for others
-	if claims.IdentNProvider == authtypes.IdentNProviderTokenizer.StringValue() {
+	if authType, ok := ctxtypes.AuthTypeFromContext(ctx); ok && authType == ctxtypes.AuthTypeTokenizer {
 		diff = 1
 	}
 

pkg/modules/session/implsession/module.go

@@ -158,7 +158,7 @@ func (module *module) CreateCallbackAuthNSession(ctx context.Context, authNProvi
 		return "", errors.WithAdditionalf(err, "root user can only authenticate via password")
 	}
 
-	token, err := module.tokenizer.CreateToken(ctx, authtypes.NewIdentity(user.ID, user.OrgID, user.Email, user.Role, authtypes.IdentNProviderTokenizer), map[string]string{})
+	token, err := module.tokenizer.CreateToken(ctx, authtypes.NewIdentity(user.ID, user.OrgID, user.Email, user.Role), map[string]string{})
 	if err != nil {
 		return "", err
 	}

pkg/query-service/app/server.go

@@ -195,12 +195,13 @@ func (s *Server) createPublicServer(api *APIHandler, web web.Web) (*http.Server,
 		}),
 		otelmux.WithPublicEndpoint(),
 	))
-	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
+	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
 		s.config.APIServer.Timeout.ExcludedRoutes,
 		s.config.APIServer.Timeout.Default,
 		s.config.APIServer.Timeout.Max,
 	).Wrap)
+	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
 	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
 	r.Use(middleware.NewComment().Wrap)
 

pkg/signoz/handler_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory/factorytest"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
@@ -50,7 +51,7 @@ func TestNewHandlers(t *testing.T) {
 
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings), flagger)
 
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, implcloudintegration.NewModule())
 
 	querierHandler := querier.NewHandler(providerSettings, nil, nil)
 	handlers := NewHandlers(modules, providerSettings, nil, querierHandler, nil, nil, nil, nil, nil, nil, nil)

pkg/signoz/module.go

@@ -12,6 +12,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/apdex/implapdex"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain/implauthdomain"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer/implmetricsexplorer"
@@ -51,24 +52,25 @@ import (
 )
 
 type Modules struct {
-	OrgGetter       organization.Getter
-	OrgSetter       organization.Setter
-	Preference      preference.Module
-	User            user.Module
-	UserGetter      user.Getter
-	SavedView       savedview.Module
-	Apdex           apdex.Module
-	Dashboard       dashboard.Module
-	QuickFilter     quickfilter.Module
-	TraceFunnel     tracefunnel.Module
-	RawDataExport   rawdataexport.Module
-	AuthDomain      authdomain.Module
-	Session         session.Module
-	Services        services.Module
-	SpanPercentile  spanpercentile.Module
-	MetricsExplorer metricsexplorer.Module
-	Promote         promote.Module
-	ServiceAccount  serviceaccount.Module
+	OrgGetter        organization.Getter
+	OrgSetter        organization.Setter
+	Preference       preference.Module
+	User             user.Module
+	UserGetter       user.Getter
+	SavedView        savedview.Module
+	Apdex            apdex.Module
+	Dashboard        dashboard.Module
+	QuickFilter      quickfilter.Module
+	TraceFunnel      tracefunnel.Module
+	RawDataExport    rawdataexport.Module
+	AuthDomain       authdomain.Module
+	Session          session.Module
+	Services         services.Module
+	SpanPercentile   spanpercentile.Module
+	MetricsExplorer  metricsexplorer.Module
+	Promote          promote.Module
+	ServiceAccount   serviceaccount.Module
+	CloudIntegration cloudintegration.Module
 }
 
 func NewModules(
@@ -89,6 +91,7 @@ func NewModules(
 	config Config,
 	dashboard dashboard.Module,
 	userGetter user.Getter,
+	cloudIntegration cloudintegration.Module,
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
 	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
@@ -96,23 +99,24 @@ func NewModules(
 	ruleStore := sqlrulestore.NewRuleStore(sqlstore, queryParser, providerSettings)
 
 	return Modules{
-		OrgGetter:       orgGetter,
-		OrgSetter:       orgSetter,
-		Preference:      implpreference.NewModule(implpreference.NewStore(sqlstore), preferencetypes.NewAvailablePreference()),
-		SavedView:       implsavedview.NewModule(sqlstore),
-		Apdex:           implapdex.NewModule(sqlstore),
-		Dashboard:       dashboard,
-		User:            user,
-		UserGetter:      userGetter,
-		QuickFilter:     quickfilter,
-		TraceFunnel:     impltracefunnel.NewModule(impltracefunnel.NewStore(sqlstore)),
-		RawDataExport:   implrawdataexport.NewModule(querier),
-		AuthDomain:      implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs),
-		Session:         implsession.NewModule(providerSettings, authNs, user, userGetter, implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs), tokenizer, orgGetter),
-		SpanPercentile:  implspanpercentile.NewModule(querier, providerSettings),
-		Services:        implservices.NewModule(querier, telemetryStore),
-		MetricsExplorer: implmetricsexplorer.NewModule(telemetryStore, telemetryMetadataStore, cache, ruleStore, dashboard, providerSettings, config.MetricsExplorer),
-		Promote:         implpromote.NewModule(telemetryMetadataStore, telemetryStore),
-		ServiceAccount:  implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), authz, emailing, providerSettings),
+		OrgGetter:        orgGetter,
+		OrgSetter:        orgSetter,
+		Preference:       implpreference.NewModule(implpreference.NewStore(sqlstore), preferencetypes.NewAvailablePreference()),
+		SavedView:        implsavedview.NewModule(sqlstore),
+		Apdex:            implapdex.NewModule(sqlstore),
+		Dashboard:        dashboard,
+		User:             user,
+		UserGetter:       userGetter,
+		QuickFilter:      quickfilter,
+		TraceFunnel:      impltracefunnel.NewModule(impltracefunnel.NewStore(sqlstore)),
+		RawDataExport:    implrawdataexport.NewModule(querier),
+		AuthDomain:       implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs),
+		Session:          implsession.NewModule(providerSettings, authNs, user, userGetter, implauthdomain.NewModule(implauthdomain.NewStore(sqlstore), authNs), tokenizer, orgGetter),
+		SpanPercentile:   implspanpercentile.NewModule(querier, providerSettings),
+		Services:         implservices.NewModule(querier, telemetryStore),
+		MetricsExplorer:  implmetricsexplorer.NewModule(telemetryStore, telemetryMetadataStore, cache, ruleStore, dashboard, providerSettings, config.MetricsExplorer),
+		Promote:          implpromote.NewModule(telemetryMetadataStore, telemetryStore),
+		ServiceAccount:   implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), authz, emailing, providerSettings),
+		CloudIntegration: cloudIntegration,
 	}
 }

pkg/signoz/module_test.go

@@ -13,6 +13,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory/factorytest"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
@@ -49,7 +50,7 @@ func TestNewModules(t *testing.T) {
 
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings), flagger)
 
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, implcloudintegration.NewModule())
 
 	reflectVal := reflect.ValueOf(modules)
 	for i := 0; i < reflectVal.NumField(); i++ {

pkg/signoz/openapi.go

@@ -26,7 +26,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/swaggest/jsonschema-go"
 	"github.com/swaggest/openapi-go"
@@ -82,8 +82,8 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 
 	reflector.SpecSchema().SetTitle("SigNoz")
 	reflector.SpecSchema().SetDescription("OpenTelemetry-Native Logs, Metrics and Traces in a single pane")
-	reflector.SpecSchema().SetAPIKeySecurity(authtypes.IdentNProviderAPIkey.StringValue(), "SigNoz-Api-Key", openapi.InHeader, "API Keys")
-	reflector.SpecSchema().SetHTTPBearerTokenSecurity(authtypes.IdentNProviderTokenizer.StringValue(), "Tokenizer", "Tokens generated by the tokenizer")
+	reflector.SpecSchema().SetAPIKeySecurity(ctxtypes.AuthTypeAPIKey.StringValue(), "SigNoz-Api-Key", openapi.InHeader, "API Keys")
+	reflector.SpecSchema().SetHTTPBearerTokenSecurity(ctxtypes.AuthTypeTokenizer.StringValue(), "Tokenizer", "Tokens generated by the tokenizer")
 
 	collector := handler.NewOpenAPICollector(reflector)
 

pkg/signoz/signoz.go

@@ -16,11 +16,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/gateway"
-	"github.com/SigNoz/signoz/pkg/identn"
-	"github.com/SigNoz/signoz/pkg/identn/apikeyidentn"
-	"github.com/SigNoz/signoz/pkg/identn/tokenizeridentn"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
@@ -46,6 +44,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
 
+	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/web"
 )
 
@@ -68,7 +67,6 @@ type SigNoz struct {
 	Sharder                sharder.Sharder
 	StatsReporter          statsreporter.StatsReporter
 	Tokenizer              pkgtokenizer.Tokenizer
-	IdentNResolver         identn.IdentNResolver
 	Authz                  authz.AuthZ
 	Modules                Modules
 	Handlers               Handlers
@@ -95,6 +93,7 @@ func New(
 	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
 	querierHandlerCallback func(factory.ProviderSettings, querier.Querier, analytics.Analytics) querier.Handler,
+	cloudIntegrationModuleCallback func(sqlstore.SQLStore, licensing.Licensing, zeus.Zeus, gateway.Gateway, global.Config) cloudintegration.Module,
 ) (*SigNoz, error) {
 	// Initialize instrumentation
 	instrumentation, err := instrumentation.New(ctx, config.Instrumentation, version.Info, "signoz")
@@ -391,13 +390,11 @@ func New(
 		return nil, err
 	}
 
-	// Initialize all modules
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter)
+	// Initialize cloudintegration module via callback
+	cloudIntegrationModule := cloudIntegrationModuleCallback(sqlstore, licensing, zeus, gateway, config.Global)
 
-	// Initialize identN resolver
-	tokenizerIdentn := tokenizeridentn.New(providerSettings, tokenizer, []string{"Authorization", "Sec-WebSocket-Protocol"})
-	apikeyIdentn := apikeyidentn.New(providerSettings, sqlstore, []string{"SIGNOZ-API-KEY"})
-	identNResolver := identn.NewIdentNResolver(providerSettings, tokenizerIdentn, apikeyIdentn)
+	// Initialize all modules
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, cloudIntegrationModule)
 
 	userService := impluser.NewService(providerSettings, impluser.NewStore(sqlstore, providerSettings), modules.User, orgGetter, authz, config.User.Root)
 
@@ -477,7 +474,6 @@ func New(
 		Emailing:               emailing,
 		Sharder:                sharder,
 		Tokenizer:              tokenizer,
-		IdentNResolver:         identNResolver,
 		Authz:                  authz,
 		Modules:                modules,
 		Handlers:               handlers,

pkg/tokenizer/jwttokenizer/provider.go

@@ -125,7 +125,7 @@ func (provider *provider) GetIdentity(ctx context.Context, accessToken string) (
 		return nil, errors.Newf(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "claim role mismatch")
 	}
 
-	return authtypes.NewIdentity(valuer.MustNewUUID(claims.UserID), valuer.MustNewUUID(claims.OrgID), valuer.MustNewEmail(claims.Email), claims.Role, authtypes.IdentNProviderTokenizer), nil
+	return authtypes.NewIdentity(valuer.MustNewUUID(claims.UserID), valuer.MustNewUUID(claims.OrgID), valuer.MustNewEmail(claims.Email), claims.Role), nil
 }
 
 func (provider *provider) DeleteToken(ctx context.Context, accessToken string) error {

pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go

@@ -47,7 +47,7 @@ func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID)
 		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
 	}
 
-	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role), authtypes.IdentNProviderTokenizer), nil
+	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role)), nil
 }
 
 func (store *store) GetByAccessToken(ctx context.Context, accessToken string) (*authtypes.StorableToken, error) {

pkg/types/authtypes/authn.go

@@ -25,11 +25,10 @@ var (
 type AuthNProvider struct{ valuer.String }
 
 type Identity struct {
-	UserID        valuer.UUID    `json:"userId"`
-	OrgID         valuer.UUID    `json:"orgId"`
-	IdenNProvider IdentNProvider `json:"identNProvider"`
-	Email         valuer.Email   `json:"email"`
-	Role          types.Role     `json:"role"`
+	UserID valuer.UUID  `json:"userId"`
+	OrgID  valuer.UUID  `json:"orgId"`
+	Email  valuer.Email `json:"email"`
+	Role   types.Role   `json:"role"`
 }
 
 type CallbackIdentity struct {
@@ -79,13 +78,12 @@ func NewStateFromString(state string) (State, error) {
 	}, nil
 }
 
-func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role, identNProvider IdentNProvider) *Identity {
+func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role) *Identity {
 	return &Identity{
-		UserID:        userID,
-		OrgID:         orgID,
-		Email:         email,
-		Role:          role,
-		IdenNProvider: identNProvider,
+		UserID: userID,
+		OrgID:  orgID,
+		Email:  email,
+		Role:   role,
 	}
 }
 
@@ -118,11 +116,10 @@ func (typ *Identity) UnmarshalBinary(data []byte) error {
 
 func (typ *Identity) ToClaims() Claims {
 	return Claims{
-		UserID:         typ.UserID.String(),
-		Email:          typ.Email.String(),
-		Role:           typ.Role,
-		OrgID:          typ.OrgID.String(),
-		IdentNProvider: typ.IdenNProvider.StringValue(),
+		UserID: typ.UserID.String(),
+		Email:  typ.Email.String(),
+		Role:   typ.Role,
+		OrgID:  typ.OrgID.String(),
 	}
 }
 

pkg/types/authtypes/claims.go

@@ -13,11 +13,10 @@ type claimsKey struct{}
 type accessTokenKey struct{}
 
 type Claims struct {
-	UserID         string
-	Email          string
-	Role           types.Role
-	OrgID          string
-	IdentNProvider string
+	UserID string
+	Email  string
+	Role   types.Role
+	OrgID  string
 }
 
 // NewContextWithClaims attaches individual claims to the context.
@@ -54,7 +53,6 @@ func (c *Claims) LogValue() slog.Value {
 		slog.String("email", c.Email),
 		slog.String("role", c.Role.String()),
 		slog.String("org_id", c.OrgID),
-		slog.String("identn_provider", c.IdentNProvider),
 	)
 }
 

pkg/types/authtypes/identn.go

@@ -1,11 +0,0 @@
-package authtypes
-
-import "github.com/SigNoz/signoz/pkg/valuer"
-
-var (
-	IdentNProviderTokenizer = IdentNProvider{valuer.NewString("tokenizer")}
-	IdentNProviderAPIkey    = IdentNProvider{valuer.NewString("api_key")}
-	IdentNProviderAnonymous = IdentNProvider{valuer.NewString("anonymous")}
-)
-
-type IdentNProvider struct{ valuer.String }

pkg/types/authtypes/uuid.go

@@ -0,0 +1,41 @@
+package authtypes
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+)
+
+type uuidKey struct{}
+
+type UUID struct {
+}
+
+func NewUUID() *UUID {
+	return &UUID{}
+}
+
+func (u *UUID) ContextFromRequest(ctx context.Context, values ...string) (context.Context, error) {
+	var value string
+	for _, v := range values {
+		if v != "" {
+			value = v
+			break
+		}
+	}
+
+	if value == "" {
+		return ctx, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "missing Authorization header")
+	}
+
+	return NewContextWithUUID(ctx, value), nil
+}
+
+func NewContextWithUUID(ctx context.Context, uuid string) context.Context {
+	return context.WithValue(ctx, uuidKey{}, uuid)
+}
+
+func UUIDFromContext(ctx context.Context) (string, bool) {
+	uuid, ok := ctx.Value(uuidKey{}).(string)
+	return uuid, ok
+}

pkg/types/cloudintegrationtypes/account.go

@@ -0,0 +1,49 @@
+package cloudintegrationtypes
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type (
+	ConnectedAccounts struct {
+		Accounts []*Account `json:"accounts"`
+	}
+
+	GettableConnectedAccounts = ConnectedAccounts
+
+	UpdateAccountConfigRequest struct {
+		AWS *AWSAccountConfig `json:"aws"`
+	}
+
+	UpdatableAccountConfig = UpdateAccountConfigRequest
+)
+
+type (
+	Account struct {
+		Id                string            `json:"id"`
+		ProviderAccountId *string           `json:"providerAccountID,omitempty"`
+		Provider          CloudProviderType `json:"provider"`
+		RemovedAt         *time.Time        `json:"removedAt,omitempty"`
+		AgentReport       *AgentReport      `json:"agentReport,omitempty"`
+		OrgID             valuer.UUID       `json:"orgID"`
+		Config            *AccountConfig    `json:"accountConfig,omitempty"`
+	}
+
+	GettableAccount = Account
+)
+
+// AgentReport represents heartbeats sent by the agent.
+type AgentReport struct {
+	TimestampMillis int64          `json:"timestampMillis"`
+	Data            map[string]any `json:"data"`
+}
+
+type AccountConfig struct {
+	AWS *AWSAccountConfig `json:"aws,omitempty"`
+}
+
+type AWSAccountConfig struct {
+	Regions []string `json:"regions"`
+}

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -0,0 +1,82 @@
+package cloudintegrationtypes
+
+import (
+	"database/sql/driver"
+	"encoding/json"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/uptrace/bun"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+var (
+	ErrCodeCloudIntegrationNotFound = errors.MustNewCode("cloud_integration_not_found")
+)
+
+// StorableCloudIntegration represents a cloud integration stored in the database.
+// This is also referred as "Account" in the context of cloud integrations.
+type StorableCloudIntegration struct {
+	bun.BaseModel `bun:"table:cloud_integration"`
+
+	types.Identifiable
+	types.TimeAuditable
+	Provider CloudProviderType `json:"provider" bun:"provider,type:text"`
+	// Config is provider specific data in JSON string format
+	Config          string               `json:"config" bun:"config,type:text"`
+	AccountID       *string              `json:"account_id" bun:"account_id,type:text"`
+	LastAgentReport *StorableAgentReport `json:"last_agent_report" bun:"last_agent_report,type:text"`
+	RemovedAt       *time.Time           `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
+	OrgID           valuer.UUID          `bun:"org_id,type:text"`
+}
+
+// StorableAgentReport represents the last heartbeat and arbitrary data sent by the agent
+// as of now there is no use case for Data field, but keeping it for backwards compatibility with older structure.
+type StorableAgentReport struct {
+	TimestampMillis int64          `json:"timestamp_millis"`
+	Data            map[string]any `json:"data"`
+}
+
+// StorableCloudIntegrationService is to store service config for a cloud integration, which is a cloud provider specific configuration.
+type StorableCloudIntegrationService struct {
+	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
+
+	types.Identifiable
+	types.TimeAuditable
+	Type valuer.String `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
+	// Config is cloud provider's service specific data in JSON string format
+	Config             string      `bun:"config,type:text"`
+	CloudIntegrationID valuer.UUID `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integration(id),on_delete:cascade"`
+}
+
+// Scan scans value from DB.
+func (r *StorableAgentReport) Scan(src any) error {
+	var data []byte
+	switch v := src.(type) {
+	case []byte:
+		data = v
+	case string:
+		data = []byte(v)
+	default:
+		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
+	}
+	return json.Unmarshal(data, r)
+}
+
+// Value creates value to be stored in DB.
+func (r *StorableAgentReport) Value() (driver.Value, error) {
+	if r == nil {
+		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
+	}
+
+	serialized, err := json.Marshal(r)
+	if err != nil {
+		return nil, errors.WrapInternalf(
+			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
+		)
+	}
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytes
+	return string(serialized), nil
+}

pkg/types/cloudintegrationtypes/cloudprovider.go

@@ -0,0 +1,41 @@
+package cloudintegrationtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// CloudProviderType type alias.
+type CloudProviderType struct{ valuer.String }
+
+var (
+	// cloud providers.
+	CloudProviderTypeAWS   = CloudProviderType{valuer.NewString("aws")}
+	CloudProviderTypeAzure = CloudProviderType{valuer.NewString("azure")}
+
+	// errors.
+	ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
+
+	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
+	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
+)
+
+// CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
+// This is used for validation and restrictions in different contexts, across codebase.
+var CloudIntegrationUserEmails = []valuer.Email{
+	AWSIntegrationUserEmail,
+	AzureIntegrationUserEmail,
+}
+
+// NewCloudProvider returns a new CloudProviderType from a string.
+// It validates the input and returns an error if the input is not valid cloud provider.
+func NewCloudProvider(provider string) (CloudProviderType, error) {
+	switch provider {
+	case CloudProviderTypeAWS.StringValue():
+		return CloudProviderTypeAWS, nil
+	case CloudProviderTypeAzure.StringValue():
+		return CloudProviderTypeAzure, nil
+	default:
+		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
+	}
+}

pkg/types/cloudintegrationtypes/connection.go

@@ -0,0 +1,104 @@
+package cloudintegrationtypes
+
+import "github.com/SigNoz/signoz/pkg/types/integrationtypes"
+
+// request for creating connection artifact.
+type (
+	PostableConnectionArtifact = ConnectionArtifactRequest
+
+	ConnectionArtifactRequest struct {
+		Aws *AWSConnectionArtifactRequest `json:"aws"`
+	}
+
+	AWSConnectionArtifactRequest struct {
+		DeploymentRegion string   `json:"deploymentRegion"`
+		Regions          []string `json:"regions"`
+	}
+)
+
+type (
+	// SignozCredentials is used to configure Agents to connect with Signoz
+	SignozCredentials struct {
+		SigNozAPIUrl string
+		SigNozAPIKey string // PAT
+		IngestionUrl string
+		IngestionKey string
+	}
+
+	ConnectionArtifact struct {
+		Aws *AWSConnectionArtifact `json:"aws"`
+	}
+
+	AWSConnectionArtifact struct {
+		ConnectionUrl string `json:"connectionURL"`
+	}
+
+	GettableConnectionArtifact = ConnectionArtifact
+)
+
+type (
+	AccountStatus struct {
+		Id                string                         `json:"id"`
+		ProviderAccountId *string                        `json:"providerAccountID,omitempty"`
+		Status            integrationtypes.AccountStatus `json:"status"`
+	}
+
+	GettableAccountStatus = AccountStatus
+)
+
+type (
+	AgentCheckInRequest struct {
+		// older backward compatible fields are mapped to new fields
+		// CloudIntegrationId string `json:"cloudIntegrationId"`
+		// AccountId          string `json:"accountId"`
+
+		// New fields
+		ProviderAccountId string `json:"providerAccountId"`
+		CloudAccountId    string `json:"cloudAccountId"`
+
+		Data map[string]any `json:"data,omitempty"`
+	}
+
+	PostableAgentCheckInRequest struct {
+		AgentCheckInRequest
+		// following are backward compatible fields for older running agents
+		// which gets mapped to new fields in AgentCheckInRequest
+		CloudIntegrationId string `json:"cloud_integration_id"`
+		CloudAccountId     string `json:"cloud_account_id"`
+	}
+
+	GettableAgentCheckInResponse struct {
+		AgentCheckInResponse
+
+		CloudIntegrationId string `json:"cloud_integration_id"`
+		AccountId          string `json:"account_id"`
+	}
+
+	AgentCheckInResponse struct {
+		// Older fields for backward compatibility are mapped to new fields below
+		// CloudIntegrationId string `json:"cloud_integration_id"`
+		// AccountId          string `json:"account_id"`
+
+		// New fields
+		ProviderAccountId string `json:"providerAccountId"`
+		CloudAccountId    string `json:"cloudAccountId"`
+
+		// IntegrationConfig populates data related to integration that is required for an agent
+		// to start collecting telemetry data
+		// keeping JSON key snake_case for backward compatibility
+		IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty"`
+	}
+
+	IntegrationConfig struct {
+		EnabledRegions []string               `json:"enabledRegions"`      // backward compatible
+		Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"` // backward compatible
+
+		// new fields
+		AWS *AWSIntegrationConfig `json:"aws,omitempty"`
+	}
+
+	AWSIntegrationConfig struct {
+		EnabledRegions []string               `json:"enabledRegions"`
+		Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"`
+	}
+)

pkg/types/cloudintegrationtypes/regions.go

@@ -0,0 +1,103 @@
+package cloudintegrationtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+)
+
+var (
+	CodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
+	CodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
+)
+
+// List of all valid cloud regions on Amazon Web Services.
+var ValidAWSRegions = map[string]struct{}{
+	"af-south-1":     {}, // Africa (Cape Town).
+	"ap-east-1":      {}, // Asia Pacific (Hong Kong).
+	"ap-northeast-1": {}, // Asia Pacific (Tokyo).
+	"ap-northeast-2": {}, // Asia Pacific (Seoul).
+	"ap-northeast-3": {}, // Asia Pacific (Osaka).
+	"ap-south-1":     {}, // Asia Pacific (Mumbai).
+	"ap-south-2":     {}, // Asia Pacific (Hyderabad).
+	"ap-southeast-1": {}, // Asia Pacific (Singapore).
+	"ap-southeast-2": {}, // Asia Pacific (Sydney).
+	"ap-southeast-3": {}, // Asia Pacific (Jakarta).
+	"ap-southeast-4": {}, // Asia Pacific (Melbourne).
+	"ca-central-1":   {}, // Canada (Central).
+	"ca-west-1":      {}, // Canada West (Calgary).
+	"eu-central-1":   {}, // Europe (Frankfurt).
+	"eu-central-2":   {}, // Europe (Zurich).
+	"eu-north-1":     {}, // Europe (Stockholm).
+	"eu-south-1":     {}, // Europe (Milan).
+	"eu-south-2":     {}, // Europe (Spain).
+	"eu-west-1":      {}, // Europe (Ireland).
+	"eu-west-2":      {}, // Europe (London).
+	"eu-west-3":      {}, // Europe (Paris).
+	"il-central-1":   {}, // Israel (Tel Aviv).
+	"me-central-1":   {}, // Middle East (UAE).
+	"me-south-1":     {}, // Middle East (Bahrain).
+	"sa-east-1":      {}, // South America (Sao Paulo).
+	"us-east-1":      {}, // US East (N. Virginia).
+	"us-east-2":      {}, // US East (Ohio).
+	"us-west-1":      {}, // US West (N. California).
+	"us-west-2":      {}, // US West (Oregon).
+}
+
+// List of all valid cloud regions for Microsoft Azure.
+var ValidAzureRegions = map[string]struct{}{
+	"australiacentral":   {}, // Australia Central
+	"australiacentral2":  {}, // Australia Central 2
+	"australiaeast":      {}, // Australia East
+	"australiasoutheast": {}, // Australia Southeast
+	"austriaeast":        {}, // Austria East
+	"belgiumcentral":     {}, // Belgium Central
+	"brazilsouth":        {}, // Brazil South
+	"brazilsoutheast":    {}, // Brazil Southeast
+	"canadacentral":      {}, // Canada Central
+	"canadaeast":         {}, // Canada East
+	"centralindia":       {}, // Central India
+	"centralus":          {}, // Central US
+	"chilecentral":       {}, // Chile Central
+	"denmarkeast":        {}, // Denmark East
+	"eastasia":           {}, // East Asia
+	"eastus":             {}, // East US
+	"eastus2":            {}, // East US 2
+	"francecentral":      {}, // France Central
+	"francesouth":        {}, // France South
+	"germanynorth":       {}, // Germany North
+	"germanywestcentral": {}, // Germany West Central
+	"indonesiacentral":   {}, // Indonesia Central
+	"israelcentral":      {}, // Israel Central
+	"italynorth":         {}, // Italy North
+	"japaneast":          {}, // Japan East
+	"japanwest":          {}, // Japan West
+	"koreacentral":       {}, // Korea Central
+	"koreasouth":         {}, // Korea South
+	"malaysiawest":       {}, // Malaysia West
+	"mexicocentral":      {}, // Mexico Central
+	"newzealandnorth":    {}, // New Zealand North
+	"northcentralus":     {}, // North Central US
+	"northeurope":        {}, // North Europe
+	"norwayeast":         {}, // Norway East
+	"norwaywest":         {}, // Norway West
+	"polandcentral":      {}, // Poland Central
+	"qatarcentral":       {}, // Qatar Central
+	"southafricanorth":   {}, // South Africa North
+	"southafricawest":    {}, // South Africa West
+	"southcentralus":     {}, // South Central US
+	"southindia":         {}, // South India
+	"southeastasia":      {}, // Southeast Asia
+	"spaincentral":       {}, // Spain Central
+	"swedencentral":      {}, // Sweden Central
+	"switzerlandnorth":   {}, // Switzerland North
+	"switzerlandwest":    {}, // Switzerland West
+	"uaecentral":         {}, // UAE Central
+	"uaenorth":           {}, // UAE North
+	"uksouth":            {}, // UK South
+	"ukwest":             {}, // UK West
+	"westcentralus":      {}, // West Central US
+	"westeurope":         {}, // West Europe
+	"westindia":          {}, // West India
+	"westus":             {}, // West US
+	"westus2":            {}, // West US 2
+	"westus3":            {}, // West US 3
+}

pkg/types/cloudintegrationtypes/service.go

@@ -0,0 +1,213 @@
+package cloudintegrationtypes
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+var S3Sync = valuer.NewString("s3sync")
+
+type (
+	ServicesMetadata struct {
+		Services []*ServiceMetadata `json:"services"`
+	}
+
+	// ServiceMetadata helps to quickly list available services and whether it is enabled or not.
+	// As getting complete service definition is a heavy operation and the response is also large,
+	// initial integration page load can be very slow.
+	ServiceMetadata struct {
+		ServiceDefinitionMetadata
+		// if the service is enabled for the account
+		Enabled bool `json:"enabled"`
+	}
+
+	GettableServicesMetadata = ServicesMetadata
+
+	Service struct {
+		ServiceDefinition
+		ServiceConfig *ServiceConfig `json:"serviceConfig"`
+	}
+
+	GettableService = Service
+
+	UpdateServiceConfigRequest struct {
+		CloudIntegrationId valuer.UUID    `json:"cloudIntegrationId"`
+		ServiceConfig      *ServiceConfig `json:"serviceConfig"`
+	}
+
+	UpdateServiceConfigResponse struct {
+		Id                 string         `json:"id"` // service id
+		CloudIntegrationId valuer.UUID    `json:"cloudIntegrationId"`
+		ServiceConfig      *ServiceConfig `json:"serviceConfig"`
+	}
+)
+
+type ServiceConfig struct {
+	AWS *AWSServiceConfig `json:"aws,omitempty"`
+}
+
+type AWSServiceConfig struct {
+	Logs    *AWSServiceLogsConfig    `json:"logs"`
+	Metrics *AWSServiceMetricsConfig `json:"metrics"`
+}
+
+// AWSServiceLogsConfig is AWS specific logs config for a service
+// NOTE: the JSON keys are snake case for backward compatibility with existing agents.
+type AWSServiceLogsConfig struct {
+	Enabled   bool                `json:"enabled"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
+}
+
+type AWSServiceMetricsConfig struct {
+	Enabled bool `json:"enabled"`
+}
+
+// DefinitionMetadata represents service definition metadata. This is useful for showing service overview.
+type ServiceDefinitionMetadata struct {
+	Id    string `json:"id"`
+	Title string `json:"title"`
+	Icon  string `json:"icon"`
+}
+
+type ServiceDefinition struct {
+	ServiceDefinitionMetadata
+	Overview         string              `json:"overview"` // markdown
+	Assets           Assets              `json:"assets"`
+	SupportedSignals SupportedSignals    `json:"supported_signals"`
+	DataCollected    DataCollected       `json:"dataCollected"`
+	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy"`
+}
+
+// CollectionStrategy is cloud provider specific configuration for signal collection,
+// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
+type CollectionStrategy struct {
+	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
+}
+
+// Assets represents the collection of dashboards.
+type Assets struct {
+	Dashboards []Dashboard `json:"dashboards"`
+}
+
+// SupportedSignals for cloud provider's service.
+type SupportedSignals struct {
+	Logs    bool `json:"logs"`
+	Metrics bool `json:"metrics"`
+}
+
+// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
+type DataCollected struct {
+	Logs    []CollectedLogAttribute `json:"logs"`
+	Metrics []CollectedMetric       `json:"metrics"`
+}
+
+// CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
+// this is shown as part of service overview.
+type CollectedLogAttribute struct {
+	Name string `json:"name"`
+	Path string `json:"path"`
+	Type string `json:"type"`
+}
+
+// CollectedMetric represents a metric that is collected for a service, this is shown as part of service overview.
+type CollectedMetric struct {
+	Name        string `json:"name"`
+	Type        string `json:"type"`
+	Unit        string `json:"unit"`
+	Description string `json:"description"`
+}
+
+// AWSCollectionStrategy represents signal collection strategy for AWS services.
+// this is AWS specific.
+// NOTE: this structure is still using snake case, for backward compatibility,
+// with existing agents.
+type AWSCollectionStrategy struct {
+	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
+	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
+}
+
+// AWSMetricsStrategy represents metrics collection strategy for AWS services.
+// this is AWS specific.
+// NOTE: this structure is still using snake case, for backward compatibility,
+// with existing agents.
+type AWSMetricsStrategy struct {
+	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
+	StreamFilters []struct {
+		// json tags here are in the shape expected by AWS API as detailed at
+		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
+		Namespace   string   `json:"Namespace"`
+		MetricNames []string `json:"MetricNames,omitempty"`
+	} `json:"cloudwatch_metric_stream_filters"`
+}
+
+// AWSLogsStrategy represents logs collection strategy for AWS services.
+// this is AWS specific.
+// NOTE: this structure is still using snake case, for backward compatibility,
+// with existing agents.
+type AWSLogsStrategy struct {
+	Subscriptions []struct {
+		// subscribe to all logs groups with specified prefix.
+		// eg: `/aws/rds/`
+		LogGroupNamePrefix string `json:"log_group_name_prefix"`
+
+		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
+		// "" implies no filtering is required.
+		FilterPattern string `json:"filter_pattern"`
+	} `json:"cloudwatch_logs_subscriptions"`
+}
+
+// Dashboard represents a dashboard definition for cloud integration.
+// This is used to show available pre-made dashboards for a service,
+// hence has additional fields like name and description and url for redirection to the right dashboard on click.
+type Dashboard struct {
+	Id          string                               `json:"id"`
+	Url         string                               `json:"url"`
+	Title       string                               `json:"title"`
+	Description string                               `json:"description"`
+	Image       string                               `json:"image"`
+	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
+}
+
+// UTILS
+
+// GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
+// This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
+func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcId, dashboardId string) string {
+	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
+}
+
+// GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition.
+func GetDashboardsFromAssets(
+	svcId string,
+	orgID valuer.UUID,
+	cloudProvider CloudProviderType,
+	createdAt time.Time,
+	assets Assets,
+) []*dashboardtypes.Dashboard {
+	dashboards := make([]*dashboardtypes.Dashboard, 0)
+
+	for _, d := range assets.Dashboards {
+		author := fmt.Sprintf("%s-integration", cloudProvider)
+		dashboards = append(dashboards, &dashboardtypes.Dashboard{
+			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
+			Locked: true,
+			OrgID:  orgID,
+			Data:   d.Definition,
+			TimeAuditable: types.TimeAuditable{
+				CreatedAt: createdAt,
+				UpdatedAt: createdAt,
+			},
+			UserAuditable: types.UserAuditable{
+				CreatedBy: author,
+				UpdatedBy: author,
+			},
+		})
+	}
+
+	return dashboards
+}

pkg/types/cloudintegrationtypes/store.go

@@ -0,0 +1,41 @@
+package cloudintegrationtypes
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Store interface {
+	// GetAccountByID returns a cloud integration account by id
+	GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) (*StorableCloudIntegration, error)
+
+	// CreateAccount creates a new cloud integration account
+	CreateAccount(ctx context.Context, orgID valuer.UUID, account *StorableCloudIntegration) (*StorableCloudIntegration, error)
+
+	// UpdateAccount updates an existing cloud integration account
+	UpdateAccount(ctx context.Context, account *StorableCloudIntegration) error
+
+	// RemoveAccount marks a cloud integration account as removed by setting the RemovedAt field
+	RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) error
+
+	// GetConnectedAccounts returns all the cloud integration accounts for the org and cloud provider
+	GetConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider CloudProviderType) ([]*StorableCloudIntegration, error)
+
+	// GetConnectedAccount for given provider
+	GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider CloudProviderType, providerAccountID string) (*StorableCloudIntegration, error)
+
+	// cloud_integration_service related methods
+
+	// GetServiceByType returns the cloud integration service for the given cloud integration id and service type
+	GetServiceByType(ctx context.Context, cloudIntegrationID valuer.UUID, serviceType string) (*StorableCloudIntegrationService, error)
+
+	// CreateService creates a new cloud integration service for the given cloud integration id and service type
+	CreateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *StorableCloudIntegrationService) (*StorableCloudIntegrationService, error)
+
+	// UpdateService updates an existing cloud integration service for the given cloud integration id and service type
+	UpdateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *StorableCloudIntegrationService) error
+
+	// GetServices returns all the cloud integration services for the given cloud integration id
+	GetServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*StorableCloudIntegrationService, error)
+}

pkg/types/ctxtypes/auth.go

@@ -0,0 +1,31 @@
+package ctxtypes
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type AuthType struct {
+	valuer.String
+}
+
+var (
+	AuthTypeTokenizer = AuthType{valuer.NewString("tokenizer")}
+	AuthTypeAPIKey    = AuthType{valuer.NewString("api_key")}
+	AuthTypeInternal  = AuthType{valuer.NewString("internal")}
+	AuthTypeAnonymous = AuthType{valuer.NewString("anonymous")}
+)
+
+type authTypeKey struct{}
+
+// SetAuthType stores the auth type (e.g., AuthTypeJWT, AuthTypeAPIKey, AuthTypeInternal) in context.
+func SetAuthType(ctx context.Context, authType AuthType) context.Context {
+	return context.WithValue(ctx, authTypeKey{}, authType)
+}
+
+// AuthTypeFromContext retrieves the auth type from context if set.
+func AuthTypeFromContext(ctx context.Context) (AuthType, bool) {
+	v, ok := ctx.Value(authTypeKey{}).(AuthType)
+	return v, ok
+}

pkg/types/zeustypes/types.go

@@ -1,8 +1,10 @@
 package zeustypes
 
 import (
+	"fmt"
 	"net/url"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/tidwall/gjson"
 )
 
@@ -35,6 +37,27 @@ type Host struct {
 	URL       string `json:"url" required:"true"`
 }
 
+// GettableDeployment represents the parsed deployment info from zeus.GetDeployment.
+type GettableDeployment struct {
+	Name         string
+	SignozAPIUrl string
+}
+
+// NewGettableDeployment parses raw GetDeployment bytes into a GettableDeployment.
+func NewGettableDeployment(data []byte) (*GettableDeployment, error) {
+	parsed := gjson.ParseBytes(data)
+	name := parsed.Get("name").String()
+	dns := parsed.Get("cluster.region.dns").String()
+	if name == "" || dns == "" {
+		return nil, errors.NewInternalf(errors.CodeInternal,
+			"deployment info response missing name or cluster region dns")
+	}
+	return &GettableDeployment{
+		Name:         name,
+		SignozAPIUrl: fmt.Sprintf("https://%s.%s", name, dns),
+	}, nil
+}
+
 func NewGettableHost(data []byte) *GettableHost {
 	parsed := gjson.ParseBytes(data)
 	dns := parsed.Get("cluster.region.dns").String()