feat: adding tests for cloudintegration api

pkg/types/integration.go

@@ -151,7 +151,8 @@ func (c *AccountConfig) Value() (driver.Value, error) {
 	if err != nil {
 		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't serialize cloud account config to JSON")
 	}
-	return serialized, nil
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
+	return string(serialized), nil
 }
 
 type AgentReport struct {
@@ -186,7 +187,8 @@ func (r *AgentReport) Value() (driver.Value, error) {
 			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
 		)
 	}
-	return serialized, nil
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
+	return string(serialized), nil
 }
 
 type CloudIntegrationService struct {
@@ -240,5 +242,6 @@ func (c *CloudServiceConfig) Value() (driver.Value, error) {
 			err, errors.CodeInternal, "couldn't serialize cloud service config to JSON",
 		)
 	}
-	return serialized, nil
+	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
+	return string(serialized), nil
 }

tests/integration/src/cloudintegrations/02_generate_connection_url.py

@@ -0,0 +1,206 @@
+from http import HTTPStatus
+from typing import Callable
+
+import requests
+from sqlalchemy import text
+from wiremock.client import (
+    HttpMethods,
+    Mapping,
+    MappingRequest,
+    MappingResponse,
+    WireMockMatchers,
+)
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+
+def cleanup_cloud_accounts(postgres: types.TestContainerSQL) -> None:
+    try:
+        with postgres.conn.connect() as conn:
+            conn.execute(text("TRUNCATE TABLE cloud_integration CASCADE"))
+            conn.commit()
+            logger.info("Cleaned up cloud_integration table")
+    except Exception as e:
+        logger.info(f"Cleanup skipped: {str(e)[:100]}")
+
+
+def test_generate_connection_url(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test to generate connection URL for AWS CloudFormation stack deployment."""
+    # Clean up any corrupted data from previous test runs
+    cleanup_cloud_accounts(postgres)
+
+    # Get authentication token for admin user
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+
+    # Mock the deployment info query (for license validation)
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+
+    # Prepare request payload
+    request_payload = {
+        "account_config": {"regions": ["us-east-1", "us-west-2"]},
+        "agent_config": {
+            "region": "us-east-1",
+            "ingestion_url": "https://ingest.test.signoz.cloud",
+            "ingestion_key": "test-ingestion-key-123456",
+            "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+            "signoz_api_key": "test-api-key-789",
+            "version": "v0.0.8",
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=request_payload,
+        timeout=10,
+    )
+
+    # Assert successful response
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}: {response.text}"
+
+    # Parse response JSON
+    response_data = response.json()
+
+    # Assert response structure contains expected data
+    assert "data" in response_data, "Response should contain 'data' field"
+
+    # Assert required fields in the response data
+    expected_fields = ["account_id", "connection_url"]
+
+    for field in expected_fields:
+        assert (
+            field in response_data["data"]
+        ), f"Response data should contain '{field}' field"
+
+    data = response_data["data"]
+
+    # Assert account_id is a valid UUID format
+    assert (
+        len(data["account_id"]) > 0
+    ), "account_id should be a non-empty string (UUID)"
+
+    # Assert connection_url contains expected CloudFormation parameters
+    connection_url = data["connection_url"]
+
+    # Verify it's an AWS CloudFormation URL
+    assert (
+        "console.aws.amazon.com/cloudformation" in connection_url
+    ), "connection_url should be an AWS CloudFormation URL"
+
+    # Verify region is included
+    assert (
+        "region=us-east-1" in connection_url
+    ), "connection_url should contain the specified region"
+
+    # Verify required parameters are in the URL
+    required_params = [
+        "param_SigNozIntegrationAgentVersion=v0.0.8",
+        "param_SigNozApiUrl=https%3A%2F%2Ftest-deployment.test.signoz.cloud",
+        "param_SigNozApiKey=test-api-key-789",
+        "param_SigNozAccountId=",  # Will be a UUID
+        "param_IngestionUrl=https%3A%2F%2Fingest.test.signoz.cloud",
+        "param_IngestionKey=test-ingestion-key-123456",
+        "stackName=signoz-integration",
+        "templateURL=https%3A%2F%2Fsignoz-integrations.s3.us-east-1.amazonaws.com%2Faws-quickcreate-template-v0.0.8.json",
+    ]
+
+    for param in required_params:
+        assert (
+            param in connection_url
+        ), f"connection_url should contain parameter: {param}"
+
+    logger.info("Connection URL generated successfully")
+    logger.info(f"Account ID: {data['account_id']}")
+    logger.info(f"Connection URL length: {len(connection_url)} characters")
+
+def test_generate_connection_url_unsupported_provider(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+) -> None:
+    """Test that unsupported cloud providers return an error."""
+    # Get authentication token for admin user
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Try with GCP (unsupported)
+    cloud_provider = "gcp"
+
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+
+    request_payload = {
+        "account_config": {"regions": ["us-central1"]},
+        "agent_config": {
+            "region": "us-central1",
+            "ingestion_url": "https://ingest.test.signoz.cloud",
+            "ingestion_key": "test-ingestion-key-123456",
+            "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+            "signoz_api_key": "test-api-key-789",
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=request_payload,
+        timeout=10,
+    )
+
+    # Should return Bad Request for unsupported provider
+    assert (
+        response.status_code == HTTPStatus.BAD_REQUEST
+    ), f"Expected 400 for unsupported provider, got {response.status_code}"
+
+    response_data = response.json()
+    assert "error" in response_data, "Response should contain 'error' field"
+    assert (
+        "unsupported cloud provider" in response_data["error"].lower()
+    ), "Error message should indicate unsupported provider"
+
+    logger.info("Unsupported provider correctly rejected with 400 Bad Request")

tests/integration/src/cloudintegrations/03_accounts.py

@@ -0,0 +1,590 @@
+from http import HTTPStatus
+from typing import Callable
+import uuid
+
+import pytest
+import requests
+from sqlalchemy import text
+from wiremock.client import (
+    HttpMethods,
+    Mapping,
+    MappingRequest,
+    MappingResponse,
+    WireMockMatchers,
+)
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+
+def cleanup_cloud_accounts(postgres: types.TestContainerSQL) -> None:
+    try:
+        with postgres.conn.connect() as conn:
+            # Try to delete all records instead of truncate in case table exists
+            conn.execute(text("DELETE FROM cloud_integration"))
+            conn.commit()
+            logger.info("Cleaned up cloud_integration table")
+    except Exception as e:
+        # Table might not exist, which is fine
+        logger.info(f"Cleanup skipped or partial: {str(e)[:100]}")
+
+
+def generate_unique_cloud_account_id() -> str:
+    """Generate a unique cloud account ID for testing."""
+    # Use last 12 digits of UUID to simulate AWS account ID format
+    return str(uuid.uuid4().int)[:12]
+
+
+def simulate_agent_checkin(
+    signoz: types.SigNoz,
+    admin_token: str,
+    cloud_provider: str,
+    account_id: str,
+    cloud_account_id: str,
+) -> dict:
+    """Simulate an agent check-in to mark the account as connected.
+
+    Returns:
+        dict with the response from check-in
+    """
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/agent-check-in"
+    )
+
+    checkin_payload = {
+        "account_id": account_id,
+        "cloud_account_id": cloud_account_id,
+        "data": {},
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=checkin_payload,
+        timeout=10,
+    )
+
+    if response.status_code != HTTPStatus.OK:
+        logger.error(f"Agent check-in failed: {response.status_code}, response: {response.text}")
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Agent check-in failed: {response.status_code}"
+
+    logger.info(f"Agent check-in completed for account: {account_id}")
+
+    response_data = response.json()
+    return response_data.get("data", response_data)
+
+
+def create_test_account(
+    signoz: types.SigNoz,
+    admin_token: str,
+    cloud_provider: str = "aws",
+) -> dict:
+    """Create a test account via generate-connection-url.
+
+    Returns the data as-is from the API response. Caller is responsible for
+    doing agent check-in if needed to mark the account as connected.
+
+    Returns:
+        dict with account_id and connection_url from the API
+    """
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+    )
+
+    request_payload = {
+        "account_config": {"regions": ["us-east-1"]},
+        "agent_config": {
+            "region": "us-east-1",
+            "ingestion_url": "https://ingest.test.signoz.cloud",
+            "ingestion_key": "test-ingestion-key-123456",
+            "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+            "signoz_api_key": "test-api-key-789",
+            "version": "v0.0.8",
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=request_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Failed to create test account: {response.status_code}"
+
+    response_data = response.json()
+    # API returns data wrapped in {'status': 'success', 'data': {...}}
+    data = response_data.get("data", response_data)
+
+    return data
+
+
+def test_list_connected_accounts_empty(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test listing connected accounts when there are none."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    # API returns data wrapped in {'status': 'success', 'data': {...}}
+    data = response_data.get("data", response_data)
+    assert "accounts" in data, "Response should contain 'accounts' field"
+    assert isinstance(data["accounts"], list), "Accounts should be a list"
+
+    # Note: If table doesn't exist yet, cleanup won't work and there might be leftover data
+    # This is acceptable for integration tests with --reuse flag
+    initial_count = len(data["accounts"])
+    logger.info(f"Accounts list returned successfully with {initial_count} existing account(s)")
+
+
+def test_list_connected_accounts_with_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test listing connected accounts after creating one."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Simulate agent check-in to mark as connected
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(signoz, admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # List accounts
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "accounts" in data, "Response should contain 'accounts' field"
+    assert isinstance(data["accounts"], list), "Accounts should be a list"
+
+    # Find our account in the list (there may be leftover accounts from previous test runs)
+    account = next((a for a in data["accounts"] if a["id"] == account_id), None)
+    assert account is not None, f"Account {account_id} should be found in list"
+    assert account["id"] == account_id, "Account ID should match"
+    assert "config" in account, "Account should have config field"
+    assert "status" in account, "Account should have status field"
+
+    logger.info(f"Found account in list: {account_id}")
+
+
+def test_get_account_status(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test getting the status of a specific account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account (no check-in needed for status check)
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Get account status
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{account_id}/status"
+    )
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "id" in data, "Response should contain 'id' field"
+    assert data["id"] == account_id, "Account ID should match"
+    assert "status" in data, "Response should contain 'status' field"
+    assert "integration" in data["status"], "Status should contain 'integration' field"
+
+    logger.info(f"Retrieved status for account: {account_id}")
+
+
+def test_get_account_status_not_found(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test getting status for a non-existent account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+    fake_account_id = "00000000-0000-0000-0000-000000000000"
+
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{fake_account_id}/status"
+    )
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404, got {response.status_code}"
+
+    logger.info("Non-existent account correctly returned 404")
+
+
+def test_update_account_config(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test updating account configuration."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Simulate agent check-in to mark as connected
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(signoz, admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Update account configuration
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{account_id}/config"
+    )
+
+    updated_config = {
+        "config": {"regions": ["us-east-1", "us-west-2", "eu-west-1"]}
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=updated_config,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "id" in data, "Response should contain 'id' field"
+    assert data["id"] == account_id, "Account ID should match"
+
+    # Verify the update by listing accounts
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+
+    list_response_data = list_response.json()
+    list_data = list_response_data.get("data", list_response_data)
+    account = next((a for a in list_data["accounts"] if a["id"] == account_id), None)
+    assert account is not None, "Account should be found in list"
+    assert "config" in account, "Account should have config"
+    assert "regions" in account["config"], "Config should have regions"
+    assert len(account["config"]["regions"]) == 3, "Should have 3 regions"
+    assert set(account["config"]["regions"]) == {
+        "us-east-1",
+        "us-west-2",
+        "eu-west-1",
+    }, "Regions should match updated config"
+
+    logger.info(f"Updated account configuration: {account_id}")
+
+
+def test_disconnect_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test disconnecting an account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    # Simulate agent check-in to mark as connected
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(signoz, admin_token, cloud_provider, account_id, cloud_account_id)
+
+    # Disconnect the account
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{account_id}/disconnect"
+    )
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    # Verify account is no longer in the connected list
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_response_data = list_response.json()
+    list_data = list_response_data.get("data", list_response_data)
+    assert len(list_data["accounts"]) == 0, "Should have no connected accounts"
+
+    logger.info(f"Disconnected account: {account_id}")
+
+
+def test_disconnect_account_not_found(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test disconnecting a non-existent account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+    fake_account_id = "00000000-0000-0000-0000-000000000000"
+
+    endpoint = (
+        f"/api/v1/cloud-integrations/{cloud_provider}/accounts/{fake_account_id}/disconnect"
+    )
+
+    response = requests.delete(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404, got {response.status_code}"
+
+    logger.info("Disconnect non-existent account correctly returned 404")
+
+
+def test_list_accounts_unsupported_provider(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test listing accounts for an unsupported cloud provider."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "gcp"  # Unsupported provider
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.BAD_REQUEST
+    ), f"Expected 400, got {response.status_code}"
+
+    logger.info("Unsupported provider correctly rejected with 400 Bad Request")

tests/integration/src/cloudintegrations/04_services.py

@@ -0,0 +1,787 @@
+from http import HTTPStatus
+from typing import Callable
+import uuid
+
+import requests
+from sqlalchemy import text
+from wiremock.client import (
+    HttpMethods,
+    Mapping,
+    MappingRequest,
+    MappingResponse,
+    WireMockMatchers,
+)
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+
+def cleanup_cloud_accounts(postgres: types.TestContainerSQL) -> None:
+    """Clean up cloud_integration table to avoid corrupted data issues."""
+    try:
+        with postgres.conn.connect() as conn:
+            # Try to delete all records instead of truncate in case table exists
+            conn.execute(text("DELETE FROM cloud_integration"))
+            conn.commit()
+            logger.info("Cleaned up cloud_integration table")
+    except Exception as e:
+        # Table might not exist, which is fine
+        logger.info(f"Cleanup skipped or partial: {str(e)[:100]}")
+
+
+def generate_unique_cloud_account_id() -> str:
+    """Generate a unique cloud account ID for testing."""
+    # Use last 12 digits of UUID to simulate AWS account ID format
+    return str(uuid.uuid4().int)[:12]
+
+
+def simulate_agent_checkin(
+    signoz: types.SigNoz,
+    admin_token: str,
+    cloud_provider: str,
+    account_id: str,
+    cloud_account_id: str,
+) -> dict:
+    """Simulate an agent check-in to mark the account as connected.
+
+    Returns:
+        dict with the response from check-in
+    """
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/agent-check-in"
+
+    checkin_payload = {
+        "account_id": account_id,
+        "cloud_account_id": cloud_account_id,
+        "data": {},
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=checkin_payload,
+        timeout=10,
+    )
+
+    if response.status_code != HTTPStatus.OK:
+        logger.error(
+            f"Agent check-in failed: {response.status_code}, response: {response.text}"
+        )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Agent check-in failed: {response.status_code}"
+
+    logger.info(f"Agent check-in completed for account: {account_id}")
+
+    response_data = response.json()
+    return response_data.get("data", response_data)
+
+
+def create_test_account(
+    signoz: types.SigNoz,
+    admin_token: str,
+    cloud_provider: str = "aws",
+) -> dict:
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/accounts/generate-connection-url"
+
+    request_payload = {
+        "account_config": {"regions": ["us-east-1"]},
+        "agent_config": {
+            "region": "us-east-1",
+            "ingestion_url": "https://ingest.test.signoz.cloud",
+            "ingestion_key": "test-ingestion-key-123456",
+            "signoz_api_url": "https://test-deployment.test.signoz.cloud",
+            "signoz_api_key": "test-api-key-789",
+            "version": "v0.0.8",
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=request_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Failed to create test account: {response.status_code}"
+
+    response_data = response.json()
+    # API returns data wrapped in {'status': 'success', 'data': {...}}
+    data = response_data.get("data", response_data)
+
+    return data
+
+
+def test_list_services_without_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test listing available services without specifying an account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "services" in data, "Response should contain 'services' field"
+    assert isinstance(data["services"], list), "Services should be a list"
+    assert len(data["services"]) > 0, "Should have at least one service available"
+
+    # Verify service structure
+    service = data["services"][0]
+    assert "id" in service, "Service should have 'id' field"
+    assert "title" in service, "Service should have 'title' field"
+    assert "icon" in service, "Service should have 'icon' field"
+
+
+def test_list_services_with_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test listing services for a specific connected account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(
+        signoz, admin_token, cloud_provider, account_id, cloud_account_id
+    )
+
+    # List services for the account
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services?cloud_account_id={cloud_account_id}"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+    assert "services" in data, "Response should contain 'services' field"
+    assert isinstance(data["services"], list), "Services should be a list"
+    assert len(data["services"]) > 0, "Should have at least one service available"
+
+    # Services should include config field (may be null if not configured)
+    service = data["services"][0]
+    assert "id" in service, "Service should have 'id' field"
+    assert "title" in service, "Service should have 'title' field"
+    assert "icon" in service, "Service should have 'icon' field"
+
+    logger.info(
+        f"Listed {len(data['services'])} services for account {cloud_account_id}"
+    )
+
+
+def test_get_service_details_without_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test getting service details without specifying an account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+    # First get the list of services to get a valid service ID
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    assert len(list_data["services"]) > 0, "Should have at least one service"
+    service_id = list_data["services"][0]["id"]
+
+    # Get service details
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify service details structure
+    assert "id" in data, "Service details should have 'id' field"
+    assert data["id"] == service_id, "Service ID should match requested ID"
+    assert "title" in data, "Service details should have 'name' field"
+    assert "overview" in data, "Service details should have 'overview' field"
+    # assert assets to had list of dashboards
+    assert "assets" in data, "Service details should have 'assets' field"
+    assert isinstance(data["assets"], dict), "Assets should be a dictionary"
+
+    logger.info(f"Retrieved details for service: {service_id}")
+
+
+def test_get_service_details_with_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test getting service details for a specific connected account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(
+        signoz, admin_token, cloud_provider, account_id, cloud_account_id
+    )
+
+    # Get list of services first
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    assert len(list_data["services"]) > 0, "Should have at least one service"
+    service_id = list_data["services"][0]["id"]
+
+    # Get service details with account
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}?cloud_account_id={cloud_account_id}"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify service details structure
+    assert "id" in data, "Service details should have 'id' field"
+    assert data["id"] == service_id, "Service ID should match requested ID"
+    assert "title" in data, "Service details should have 'title' field"
+    assert "overview" in data, "Service details should have 'overview' field"
+    assert "assets" in data, "Service details should have 'assets' field"
+    assert "config" in data, "Service details should have 'config' field"
+    assert "status" in data, "Config should have 'status' field"
+
+    logger.info(
+        f"Retrieved details for service {service_id} with account {cloud_account_id}"
+    )
+
+
+def test_get_service_details_invalid_service(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test getting details for a non-existent service."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+    fake_service_id = "non-existent-service"
+
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{fake_service_id}"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404, got {response.status_code}"
+
+    logger.info("Non-existent service correctly returned 404")
+
+
+def test_list_services_unsupported_provider(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test listing services for an unsupported cloud provider."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "gcp"  # Unsupported provider
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.BAD_REQUEST
+    ), f"Expected 400, got {response.status_code}"
+
+    logger.info(
+        "Unsupported provider correctly rejected with 400 Bad Request for services"
+    )
+
+
+def test_update_service_config(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test updating service configuration for a connected account."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(
+        signoz, admin_token, cloud_provider, account_id, cloud_account_id
+    )
+
+    # Get list of services to pick a valid service ID
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    assert len(list_data["services"]) > 0, "Should have at least one service"
+    service_id = list_data["services"][0]["id"]
+
+    # Update service configuration
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}/config"
+
+    config_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+            "logs": {"enabled": True},
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=config_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {response.status_code}"
+
+    response_data = response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify response structure
+    assert "id" in data, "Response should contain 'id' field"
+    assert data["id"] == service_id, "Service ID should match"
+    assert "config" in data, "Response should contain 'config' field"
+    assert "metrics" in data["config"], "Config should contain 'metrics' field"
+    assert "logs" in data["config"], "Config should contain 'logs' field"
+
+    logger.info(f"Updated service config for {service_id} on account {cloud_account_id}")
+
+
+def test_update_service_config_without_account(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test updating service config without a connected account should fail."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    cloud_provider = "aws"
+
+    # Get a valid service ID
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    service_id = list_data["services"][0]["id"]
+
+    # Try to update config with non-existent account
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}/config"
+
+    fake_cloud_account_id = generate_unique_cloud_account_id()
+    config_payload = {
+        "cloud_account_id": fake_cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=config_payload,
+        timeout=10,
+    )
+
+
+    # todo: improve the handler logic to return 500
+    assert (
+        response.status_code == HTTPStatus.INTERNAL_SERVER_ERROR
+    ), f"Expected 500 for non-existent account, got {response.status_code}"
+
+    logger.info("Update service config correctly rejected for non-existent account")
+
+
+def test_update_service_config_invalid_service(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test updating config for a non-existent service should fail."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(
+        signoz, admin_token, cloud_provider, account_id, cloud_account_id
+    )
+
+    # Try to update config for invalid service
+    fake_service_id = "non-existent-service"
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{fake_service_id}/config"
+
+    config_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+        },
+    }
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=config_payload,
+        timeout=10,
+    )
+
+    assert (
+        response.status_code == HTTPStatus.NOT_FOUND
+    ), f"Expected 404 for invalid service, got {response.status_code}"
+
+    logger.info("Update service config correctly rejected for invalid service")
+
+
+def test_update_service_config_disable_service(
+    signoz: types.SigNoz,
+    create_user_admin: types.Operation,  # pylint: disable=unused-argument
+    make_http_mocks: Callable[[types.TestContainerDocker, list], None],
+    get_token: Callable[[str, str], str],
+    postgres: types.TestContainerSQL,
+) -> None:
+    """Test disabling a service by updating config with enabled=false."""
+    cleanup_cloud_accounts(postgres)
+
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    add_license(signoz, make_http_mocks, get_token)
+
+    # Mock the deployment info query
+    make_http_mocks(
+        signoz.zeus,
+        [
+            Mapping(
+                request=MappingRequest(
+                    method=HttpMethods.GET,
+                    url="/v2/deployments/me",
+                    headers={
+                        "X-Signoz-Cloud-Api-Key": {
+                            WireMockMatchers.EQUAL_TO: "secret-key"
+                        }
+                    },
+                ),
+                response=MappingResponse(
+                    status=200,
+                    json_body={
+                        "status": "success",
+                        "data": {
+                            "name": "test-deployment",
+                            "cluster": {"region": {"dns": "test.signoz.cloud"}},
+                        },
+                    },
+                ),
+                persistent=False,
+            )
+        ],
+    )
+
+    # Create a test account and do check-in
+    cloud_provider = "aws"
+    account_data = create_test_account(signoz, admin_token, cloud_provider)
+    account_id = account_data["account_id"]
+
+    cloud_account_id = generate_unique_cloud_account_id()
+    simulate_agent_checkin(
+        signoz, admin_token, cloud_provider, account_id, cloud_account_id
+    )
+
+    # Get a valid service
+    list_endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services"
+    list_response = requests.get(
+        signoz.self.host_configs["8080"].get(list_endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=10,
+    )
+
+    list_data = list_response.json().get("data", list_response.json())
+    service_id = list_data["services"][0]["id"]
+
+    # First enable the service
+    endpoint = f"/api/v1/cloud-integrations/{cloud_provider}/services/{service_id}/config"
+
+    enable_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": True},
+        },
+    }
+
+    enable_response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=enable_payload,
+        timeout=10,
+    )
+
+    assert enable_response.status_code == HTTPStatus.OK, "Failed to enable service"
+
+    # Now disable the service
+    disable_payload = {
+        "cloud_account_id": cloud_account_id,
+        "config": {
+            "metrics": {"enabled": False},
+            "logs": {"enabled": False},
+        },
+    }
+
+    disable_response = requests.post(
+        signoz.self.host_configs["8080"].get(endpoint),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        json=disable_payload,
+        timeout=10,
+    )
+
+    assert (
+        disable_response.status_code == HTTPStatus.OK
+    ), f"Expected 200, got {disable_response.status_code}"
+
+    response_data = disable_response.json()
+    data = response_data.get("data", response_data)
+
+    # Verify service is disabled
+    assert data["config"]["metrics"]["enabled"] == False, "Metrics should be disabled"
+    assert data["config"]["logs"]["enabled"] == False, "Logs should be disabled"
+
+    logger.info(f"Successfully disabled service {service_id}")
+