feat(authn): clean the rotate handling

ee/query-service/app/server.go

@@ -216,8 +216,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		}),
 		otelmux.WithPublicEndpoint(),
 	))
-	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
+	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
 		s.config.APIServer.Timeout.ExcludedRoutes,
 		s.config.APIServer.Timeout.Default,

pkg/apiserver/signozapiserver/provider.go

@@ -23,7 +23,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/gorilla/mux"
 )
@@ -238,13 +238,13 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 
 func newSecuritySchemes(role types.Role) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
-		{Name: ctxtypes.AuthTypeAPIKey.StringValue(), Scopes: []string{role.String()}},
-		{Name: ctxtypes.AuthTypeTokenizer.StringValue(), Scopes: []string{role.String()}},
+		{Name: authtypes.IdentNProviderAPIkey.StringValue(), Scopes: []string{role.String()}},
+		{Name: authtypes.IdentNProviderTokenizer.StringValue(), Scopes: []string{role.String()}},
 	}
 }
 
 func newAnonymousSecuritySchemes(scopes []string) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
-		{Name: ctxtypes.AuthTypeAnonymous.StringValue(), Scopes: scopes},
+		{Name: authtypes.IdentNProviderAnonymous.StringValue(), Scopes: scopes},
 	}
 }

pkg/apiserver/signozapiserver/session.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/gorilla/mux"
 )
 
@@ -73,7 +72,7 @@ func (provider *provider) addSessionRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: ctxtypes.AuthTypeTokenizer.StringValue()}},
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}

pkg/apiserver/signozapiserver/user.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/gorilla/mux"
 )
 
@@ -208,7 +208,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: ctxtypes.AuthTypeTokenizer.StringValue()}},
+		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

pkg/authn/passwordauthn/emailpasswordauthn/authn.go

@@ -30,5 +30,5 @@ func (a *AuthN) Authenticate(ctx context.Context, email string, password string,
 		return nil, errors.New(errors.TypeUnauthenticated, types.ErrCodeIncorrectPassword, "invalid email or password")
 	}
 
-	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role), nil
+	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role, authtypes.IdentNProviderTokenizer), nil
 }

pkg/http/middleware/api_key.go

@@ -1,143 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"log/slog"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/sharder"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"golang.org/x/sync/singleflight"
-)
-
-const (
-	apiKeyCrossOrgMessage string = "::API-KEY-CROSS-ORG::"
-)
-
-type APIKey struct {
-	store   sqlstore.SQLStore
-	uuid    *authtypes.UUID
-	headers []string
-	logger  *slog.Logger
-	sharder sharder.Sharder
-	sfGroup *singleflight.Group
-}
-
-func NewAPIKey(store sqlstore.SQLStore, headers []string, logger *slog.Logger, sharder sharder.Sharder) *APIKey {
-	return &APIKey{
-		store:   store,
-		uuid:    authtypes.NewUUID(),
-		headers: headers,
-		logger:  logger,
-		sharder: sharder,
-		sfGroup: &singleflight.Group{},
-	}
-}
-
-func (a *APIKey) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var values []string
-		var apiKeyToken string
-		var apiKey types.StorableAPIKey
-
-		for _, header := range a.headers {
-			values = append(values, r.Header.Get(header))
-		}
-
-		ctx, err := a.uuid.ContextFromRequest(r.Context(), values...)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		apiKeyToken, ok := authtypes.UUIDFromContext(ctx)
-		if !ok {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		err = a.
-			store.
-			BunDB().
-			NewSelect().
-			Model(&apiKey).
-			Where("token = ?", apiKeyToken).
-			Scan(r.Context())
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		// allow the APIKey if expires_at is not set
-		if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		// get user from db
-		user := types.User{}
-		err = a.store.BunDB().NewSelect().Model(&user).Where("id = ?", apiKey.UserID).Scan(r.Context())
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		jwt := authtypes.Claims{
-			UserID: user.ID.String(),
-			Role:   apiKey.Role,
-			Email:  user.Email.String(),
-			OrgID:  user.OrgID.String(),
-		}
-
-		ctx = authtypes.NewContextWithClaims(ctx, jwt)
-
-		claims, err := authtypes.ClaimsFromContext(ctx)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		if err := a.sharder.IsMyOwnedKey(r.Context(), types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
-			a.logger.ErrorContext(r.Context(), apiKeyCrossOrgMessage, "claims", claims, "error", err)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		ctx = ctxtypes.SetAuthType(ctx, ctxtypes.AuthTypeAPIKey)
-
-		comment := ctxtypes.CommentFromContext(ctx)
-		comment.Set("auth_type", ctxtypes.AuthTypeAPIKey.StringValue())
-		comment.Set("user_id", claims.UserID)
-		comment.Set("org_id", claims.OrgID)
-
-		r = r.WithContext(ctxtypes.NewContextWithComment(ctx, comment))
-
-		next.ServeHTTP(w, r)
-
-		lastUsedCtx := context.WithoutCancel(r.Context())
-		_, _, _ = a.sfGroup.Do(apiKey.ID.StringValue(), func() (any, error) {
-			apiKey.LastUsed = time.Now()
-			_, err = a.
-				store.
-				BunDB().
-				NewUpdate().
-				Model(&apiKey).
-				Column("last_used").
-				Where("token = ?", apiKeyToken).
-				Where("revoked = false").
-				Exec(lastUsedCtx)
-			if err != nil {
-				a.logger.ErrorContext(lastUsedCtx, "failed to update last used of api key", "error", err)
-			}
-
-			return true, nil
-		})
-
-	})
-
-}

pkg/http/middleware/authn.go

@@ -1,150 +0,0 @@
-package middleware
-
-import (
-	"context"
-	"log/slog"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sharder"
-	"github.com/SigNoz/signoz/pkg/tokenizer"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"golang.org/x/sync/singleflight"
-)
-
-const (
-	authCrossOrgMessage string = "::AUTH-CROSS-ORG::"
-)
-
-type AuthN struct {
-	tokenizer tokenizer.Tokenizer
-	headers   []string
-	sharder   sharder.Sharder
-	logger    *slog.Logger
-	sfGroup   *singleflight.Group
-}
-
-func NewAuthN(headers []string, sharder sharder.Sharder, tokenizer tokenizer.Tokenizer, logger *slog.Logger) *AuthN {
-	return &AuthN{
-		headers:   headers,
-		sharder:   sharder,
-		tokenizer: tokenizer,
-		logger:    logger,
-		sfGroup:   &singleflight.Group{},
-	}
-}
-
-func (a *AuthN) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var values []string
-		for _, header := range a.headers {
-			values = append(values, r.Header.Get(header))
-		}
-
-		ctx, err := a.contextFromRequest(r.Context(), values...)
-		if err != nil {
-			r = r.WithContext(ctx)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		r = r.WithContext(ctx)
-
-		claims, err := authtypes.ClaimsFromContext(ctx)
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		if err := a.sharder.IsMyOwnedKey(r.Context(), types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
-			a.logger.ErrorContext(r.Context(), authCrossOrgMessage, "claims", claims, "error", err)
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		ctx = ctxtypes.SetAuthType(ctx, ctxtypes.AuthTypeTokenizer)
-
-		comment := ctxtypes.CommentFromContext(ctx)
-		comment.Set("auth_type", ctxtypes.AuthTypeTokenizer.StringValue())
-		comment.Set("tokenizer_provider", a.tokenizer.Config().Provider)
-		comment.Set("user_id", claims.UserID)
-		comment.Set("org_id", claims.OrgID)
-
-		r = r.WithContext(ctxtypes.NewContextWithComment(ctx, comment))
-
-		next.ServeHTTP(w, r)
-
-		accessToken, err := authtypes.AccessTokenFromContext(r.Context())
-		if err != nil {
-			next.ServeHTTP(w, r)
-			return
-		}
-
-		lastObservedAtCtx := context.WithoutCancel(r.Context())
-		_, _, _ = a.sfGroup.Do(accessToken, func() (any, error) {
-			if err := a.tokenizer.SetLastObservedAt(lastObservedAtCtx, accessToken, time.Now()); err != nil {
-				a.logger.ErrorContext(lastObservedAtCtx, "failed to set last observed at", "error", err)
-				return false, err
-			}
-
-			return true, nil
-		})
-	})
-}
-
-func (a *AuthN) contextFromRequest(ctx context.Context, values ...string) (context.Context, error) {
-	ctx, err := a.contextFromAccessToken(ctx, values...)
-	if err != nil {
-		return ctx, err
-	}
-
-	accessToken, err := authtypes.AccessTokenFromContext(ctx)
-	if err != nil {
-		return ctx, err
-	}
-
-	authenticatedUser, err := a.tokenizer.GetIdentity(ctx, accessToken)
-	if err != nil {
-		return ctx, err
-	}
-
-	return authtypes.NewContextWithClaims(ctx, authenticatedUser.ToClaims()), nil
-}
-
-func (a *AuthN) contextFromAccessToken(ctx context.Context, values ...string) (context.Context, error) {
-	var value string
-	for _, v := range values {
-		if v != "" {
-			value = v
-			break
-		}
-	}
-
-	if value == "" {
-		return ctx, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "missing authorization header")
-	}
-
-	// parse from
-	bearerToken, ok := parseBearerAuth(value)
-	if !ok {
-		// this will take care that if the value is not of type bearer token, directly use it
-		bearerToken = value
-	}
-
-	return authtypes.NewContextWithAccessToken(ctx, bearerToken), nil
-}
-
-func parseBearerAuth(auth string) (string, bool) {
-	const prefix = "Bearer "
-	// Case insensitive prefix match
-	if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
-		return "", false
-	}
-
-	return auth[len(prefix):], true
-}

pkg/http/middleware/authz.go

@@ -44,7 +44,7 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
+		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsViewer(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
@@ -96,7 +96,7 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
+		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsEditor(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)
@@ -147,7 +147,7 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
 		authtype, ok := commentCtx.Map()["auth_type"]
-		if ok && authtype == ctxtypes.AuthTypeAPIKey.StringValue() {
+		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsAdmin(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
 				render.Error(rw, err)

pkg/http/middleware/identn.go

@@ -0,0 +1,75 @@
+package middleware
+
+import (
+	"context"
+	"log/slog"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/sharder"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+const (
+	identityCrossOrgMessage string = "::IDENTITY-CROSS-ORG::"
+)
+
+type IdentN struct {
+	resolver identn.IdentNResolver
+	sharder  sharder.Sharder
+	logger   *slog.Logger
+}
+
+func NewIdentN(resolver identn.IdentNResolver, sharder sharder.Sharder, logger *slog.Logger) *IdentN {
+	return &IdentN{
+		resolver: resolver,
+		sharder:  sharder,
+		logger:   logger,
+	}
+}
+
+func (m *IdentN) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		idn := m.resolver.GetIdentN(r)
+		if idn == nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if pre, ok := idn.(identn.IdentNWithPreHook); ok {
+			r = pre.Pre(r)
+		}
+
+		identity, err := idn.GetIdentity(r)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx := r.Context()
+		claims := identity.ToClaims()
+		if err := m.sharder.IsMyOwnedKey(ctx, types.NewOrganizationKey(valuer.MustNewUUID(claims.OrgID))); err != nil {
+			m.logger.ErrorContext(ctx, identityCrossOrgMessage, "claims", claims, "error", err)
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		ctx = authtypes.NewContextWithClaims(ctx, claims)
+
+		comment := ctxtypes.CommentFromContext(ctx)
+		comment.Set("identn_provider", claims.IdentNProvider)
+		comment.Set("user_id", claims.UserID)
+		comment.Set("org_id", claims.OrgID)
+		ctx = ctxtypes.NewContextWithComment(ctx, comment)
+
+		r = r.WithContext(ctx)
+		next.ServeHTTP(w, r)
+
+		if hook, ok := idn.(identn.IdentNWithPostHook); ok {
+			hook.Post(context.WithoutCancel(r.Context()), r, claims)
+		}
+	})
+}

pkg/identn/apikeyidentn/identn.go

@@ -0,0 +1,131 @@
+package apikeyidentn
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"golang.org/x/sync/singleflight"
+)
+
+// todo: will move this in types layer with service account integration
+type apiKeyTokenKey struct{}
+
+type resolver struct {
+	store    sqlstore.SQLStore
+	headers  []string
+	settings factory.ScopedProviderSettings
+	sfGroup  *singleflight.Group
+}
+
+func New(providerSettings factory.ProviderSettings, store sqlstore.SQLStore, headers []string) identn.IdentN {
+	return &resolver{
+		store:    store,
+		headers:  headers,
+		settings: factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn/apikeyidentn"),
+		sfGroup:  &singleflight.Group{},
+	}
+}
+
+func (r *resolver) Name() authtypes.IdentNProvider {
+	return authtypes.IdentNProviderAPIkey
+}
+
+func (r *resolver) Test(req *http.Request) bool {
+	for _, header := range r.headers {
+		if req.Header.Get(header) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func (r *resolver) Pre(req *http.Request) *http.Request {
+	token := r.extractToken(req)
+	if token == "" {
+		return req
+	}
+
+	ctx := context.WithValue(req.Context(), apiKeyTokenKey{}, token)
+	return req.WithContext(ctx)
+}
+
+func (r *resolver) GetIdentity(req *http.Request) (*authtypes.Identity, error) {
+	ctx := req.Context()
+
+	apiKeyToken, ok := ctx.Value(apiKeyTokenKey{}).(string)
+	if !ok || apiKeyToken == "" {
+		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "missing api key")
+	}
+
+	var apiKey types.StorableAPIKey
+	err := r.store.
+		BunDB().
+		NewSelect().
+		Model(&apiKey).
+		Where("token = ?", apiKeyToken).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
+		return nil, errors.New(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "api key has expired")
+	}
+
+	var user types.User
+	err = r.store.
+		BunDB().
+		NewSelect().
+		Model(&user).
+		Where("id = ?", apiKey.UserID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	identity := authtypes.Identity{
+		UserID: user.ID,
+		Role:   apiKey.Role,
+		Email:  user.Email,
+		OrgID:  user.OrgID,
+	}
+	return &identity, nil
+}
+
+func (r *resolver) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {
+	apiKeyToken, ok := ctx.Value(apiKeyTokenKey{}).(string)
+	if !ok || apiKeyToken == "" {
+		return
+	}
+
+	_, _, _ = r.sfGroup.Do(apiKeyToken, func() (any, error) {
+		_, err := r.store.
+			BunDB().
+			NewUpdate().
+			Model(new(types.StorableAPIKey)).
+			Set("last_used = ?", time.Now()).
+			Where("token = ?", apiKeyToken).
+			Where("revoked = false").
+			Exec(ctx)
+		if err != nil {
+			r.settings.Logger().ErrorContext(ctx, "failed to update last used of api key", "error", err)
+		}
+		return true, nil
+	})
+}
+
+func (r *resolver) extractToken(req *http.Request) string {
+	for _, header := range r.headers {
+		if v := req.Header.Get(header); v != "" {
+			return v
+		}
+	}
+	return ""
+}

pkg/identn/identn.go

@@ -0,0 +1,43 @@
+package identn
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+)
+
+type IdentNResolver interface {
+	// GetIdentN returns the first IdentN whose Test() returns true for the request.
+	// Returns nil if no resolver matched.
+	GetIdentN(r *http.Request) IdentN
+}
+
+type IdentN interface {
+	// Test checks if this identn can handle the request.
+	// This should be a cheap check (e.g., header presence) with no I/O.
+	Test(r *http.Request) bool
+
+	// GetIdentity returns the resolved identity.
+	// Only called when Test() returns true.
+	GetIdentity(r *http.Request) (*authtypes.Identity, error)
+
+	Name() authtypes.IdentNProvider
+}
+
+// IdentNWithPreHook is optionally implemented by resolvers that need to
+// enrich the request before authentication (e.g., storing the access token
+// in context so downstream handlers can use it even on auth failure).
+type IdentNWithPreHook interface {
+	IdentN
+
+	Pre(r *http.Request) *http.Request
+}
+
+// IdentNWithPostHook is optionally implemented by resolvers that need
+// post-response side-effects (e.g., updating last_observed_at).
+type IdentNWithPostHook interface {
+	IdentN
+
+	Post(ctx context.Context, r *http.Request, claims authtypes.Claims)
+}

pkg/identn/resolver.go

@@ -0,0 +1,31 @@
+package identn
+
+import (
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+)
+
+type identNResolver struct {
+	identNs  []IdentN
+	settings factory.ScopedProviderSettings
+}
+
+func NewIdentNResolver(providerSettings factory.ProviderSettings, identNs ...IdentN) IdentNResolver {
+	return &identNResolver{
+		identNs:  identNs,
+		settings: factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn"),
+	}
+}
+
+// GetIdentN returns the first IdentN whose Test() returns true.
+// Returns nil if no resolver matched.
+func (c *identNResolver) GetIdentN(r *http.Request) IdentN {
+	for _, idn := range c.identNs {
+		if idn.Test(r) {
+			c.settings.Logger().DebugContext(r.Context(), "identn matched", "provider", idn.Name())
+			return idn
+		}
+	}
+	return nil
+}

pkg/identn/tokenizeridentn/identn.go

@@ -0,0 +1,103 @@
+package tokenizeridentn
+
+import (
+	"context"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/tokenizer"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"golang.org/x/sync/singleflight"
+)
+
+type resolver struct {
+	tokenizer tokenizer.Tokenizer
+	headers   []string
+	settings  factory.ScopedProviderSettings
+	sfGroup   *singleflight.Group
+}
+
+func New(providerSettings factory.ProviderSettings, tokenizer tokenizer.Tokenizer, headers []string) identn.IdentN {
+	return &resolver{
+		tokenizer: tokenizer,
+		headers:   headers,
+		settings:  factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/identn/tokenizeridentn"),
+		sfGroup:   &singleflight.Group{},
+	}
+}
+
+func (r *resolver) Name() authtypes.IdentNProvider {
+	return authtypes.IdentNProviderTokenizer
+}
+
+func (r *resolver) Test(req *http.Request) bool {
+	for _, header := range r.headers {
+		if req.Header.Get(header) != "" {
+			return true
+		}
+	}
+	return false
+}
+
+func (r *resolver) Pre(req *http.Request) *http.Request {
+	accessToken := r.extractToken(req)
+	if accessToken == "" {
+		return req
+	}
+
+	ctx := authtypes.NewContextWithAccessToken(req.Context(), accessToken)
+	return req.WithContext(ctx)
+}
+
+func (r *resolver) GetIdentity(req *http.Request) (*authtypes.Identity, error) {
+	ctx := req.Context()
+
+	accessToken, err := authtypes.AccessTokenFromContext(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return r.tokenizer.GetIdentity(ctx, accessToken)
+}
+
+func (r *resolver) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {
+	accessToken, err := authtypes.AccessTokenFromContext(ctx)
+	if err != nil {
+		return
+	}
+
+	_, _, _ = r.sfGroup.Do(accessToken, func() (any, error) {
+		if err := r.tokenizer.SetLastObservedAt(ctx, accessToken, time.Now()); err != nil {
+			r.settings.Logger().ErrorContext(ctx, "failed to set last observed at", "error", err)
+			return false, err
+		}
+		return true, nil
+	})
+}
+
+func (r *resolver) extractToken(req *http.Request) string {
+	var value string
+	for _, header := range r.headers {
+		if v := req.Header.Get(header); v != "" {
+			value = v
+			break
+		}
+	}
+
+	accessToken, ok := r.parseBearerAuth(value)
+	if !ok {
+		return value
+	}
+	return accessToken
+}
+
+func (r *resolver) parseBearerAuth(auth string) (string, bool) {
+	const prefix = "Bearer "
+	if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
+		return "", false
+	}
+	return auth[len(prefix):], true
+}

pkg/modules/cloudintegration/cloudintegration.go

@@ -1,82 +0,0 @@
-package cloudintegration
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Module interface {
-	// CreateConnectionArtifact generates cloud provider specific connection information,
-	// client side handles how this information is shown
-	CreateConnectionArtifact(
-		ctx context.Context,
-		orgID valuer.UUID,
-		provider cloudintegrationtypes.CloudProviderType,
-		request *cloudintegrationtypes.ConnectionArtifactRequest,
-	) (*cloudintegrationtypes.ConnectionArtifact, error)
-
-	// GetAccountStatus returns agent connection status for a cloud integration account
-	GetAccountStatus(ctx context.Context, orgID, accountID valuer.UUID) (*cloudintegrationtypes.AccountStatus, error)
-
-	// ListConnectedAccounts lists accounts where agent is connected
-	ListConnectedAccounts(ctx context.Context, orgID valuer.UUID) (*cloudintegrationtypes.ConnectedAccounts, error)
-
-	// DisconnectAccount soft deletes/removes a cloud integration account.
-	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID) error
-
-	// UpdateAccountConfig updates the configuration of an existing cloud account for a specific organization.
-	UpdateAccountConfig(
-		ctx context.Context,
-		orgID,
-		accountID valuer.UUID,
-		config *cloudintegrationtypes.UpdateAccountConfigRequest,
-	) (*cloudintegrationtypes.Account, error)
-
-	// ListServicesMetadata returns list of services metadata for a cloud provider attached with the integrationID.
-	// This just returns a summary of the service and not the whole service definition
-	ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) (*cloudintegrationtypes.ServicesMetadata, error)
-
-	// GetService returns service definition details for a serviceID. This returns config and
-	// other details required to show in service details page on web client.
-	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*cloudintegrationtypes.Service, error)
-
-	// UpdateServiceConfig updates cloud integration service config
-	UpdateServiceConfig(
-		ctx context.Context,
-		orgID valuer.UUID,
-		serviceID string,
-		config *cloudintegrationtypes.UpdateServiceConfigRequest,
-	) (*cloudintegrationtypes.UpdateServiceConfigResponse, error)
-
-	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
-	AgentCheckIn(
-		ctx context.Context,
-		orgID valuer.UUID,
-		req *cloudintegrationtypes.AgentCheckInRequest,
-	) (*cloudintegrationtypes.AgentCheckInResponse, error)
-
-	// GetDashboardByID returns dashboard JSON for a given dashboard id.
-	// this only returns the dashboard when the service (embedded in dashboard id) is enabled
-	// in the org for any cloud integration account
-	GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error)
-
-	// GetAllDashboards returns list of dashboards across all connected cloud integration accounts
-	// for enabled services in the org. This list gets added to dashboard list page
-	GetAllDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
-}
-
-type Handler interface {
-	AgentCheckIn(http.ResponseWriter, *http.Request)
-	GenerateConnectionArtifact(http.ResponseWriter, *http.Request)
-	ListConnectedAccounts(http.ResponseWriter, *http.Request)
-	GetAccountStatus(http.ResponseWriter, *http.Request)
-	ListServices(http.ResponseWriter, *http.Request)
-	GetServiceDetails(http.ResponseWriter, *http.Request)
-	UpdateAccountConfig(http.ResponseWriter, *http.Request)
-	UpdateServiceConfig(http.ResponseWriter, *http.Request)
-	DisconnectAccount(http.ResponseWriter, *http.Request)
-}

pkg/modules/cloudintegration/implcloudintegration/store.go

@@ -1,152 +0,0 @@
-package implcloudintegration
-
-import (
-	"context"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type store struct {
-	store sqlstore.SQLStore
-}
-
-func NewStore(sqlStore sqlstore.SQLStore) cloudintegrationtypes.Store {
-	return &store{store: sqlStore}
-}
-
-func (s *store) GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.StorableCloudIntegration, error) {
-	account := new(cloudintegrationtypes.StorableCloudIntegration)
-	err := s.store.BunDB().NewSelect().Model(account).
-		Where("id = ?", id).
-		Where("org_id = ?", orgID).
-		Where("provider = ?", provider).
-		Scan(ctx)
-	if err != nil {
-		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration account with id %s not found", id)
-	}
-	return account, nil
-}
-
-func (s *store) CreateAccount(ctx context.Context, orgID valuer.UUID, account *cloudintegrationtypes.StorableCloudIntegration) (*cloudintegrationtypes.StorableCloudIntegration, error) {
-	now := time.Now()
-	if account.ID.IsZero() {
-		account.ID = valuer.GenerateUUID()
-	}
-	account.OrgID = orgID
-	account.CreatedAt = now
-	account.UpdatedAt = now
-
-	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(account).Exec(ctx)
-	if err != nil {
-		return nil, s.store.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "cloud integration account with id %s already exists", account.ID)
-	}
-
-	return account, nil
-}
-
-func (s *store) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.StorableCloudIntegration) error {
-	account.UpdatedAt = time.Now()
-	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model(account).
-		Where("id = ?", account.ID).
-		Where("org_id = ?", account.OrgID).
-		Where("provider = ?", account.Provider).
-		Exec(ctx)
-	return err
-}
-
-func (s *store) RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
-	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model((*cloudintegrationtypes.StorableCloudIntegration)(nil)).
-		Set("removed_at = ?", time.Now()).
-		Where("id = ?", id).
-		Where("org_id = ?", orgID).
-		Where("provider = ?", provider).
-		Exec(ctx)
-	return err
-}
-
-func (s *store) GetConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.StorableCloudIntegration, error) {
-	var accounts []*cloudintegrationtypes.StorableCloudIntegration
-	err := s.store.BunDB().NewSelect().Model(&accounts).
-		Where("org_id = ?", orgID).
-		Where("provider = ?", provider).
-		Where("removed_at IS NULL").
-		Where("account_id IS NOT NULL").
-		Where("last_agent_report IS NOT NULL").
-		Order("created_at ASC").
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return accounts, nil
-}
-
-func (s *store) GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, providerAccountID string) (*cloudintegrationtypes.StorableCloudIntegration, error) {
-	account := new(cloudintegrationtypes.StorableCloudIntegration)
-	err := s.store.BunDB().NewSelect().Model(account).
-		Where("org_id = ?", orgID).
-		Where("provider = ?", provider).
-		Where("account_id = ?", providerAccountID).
-		Where("last_agent_report IS NOT NULL").
-		Where("removed_at IS NULL").
-		Scan(ctx)
-	if err != nil {
-		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "connected account with provider account id %s not found", providerAccountID)
-	}
-	return account, nil
-}
-
-func (s *store) GetServiceByType(ctx context.Context, cloudIntegrationID valuer.UUID, serviceType string) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
-	service := new(cloudintegrationtypes.StorableCloudIntegrationService)
-	err := s.store.BunDB().NewSelect().Model(service).
-		Where("cloud_integration_id = ?", cloudIntegrationID).
-		Where("type = ?", serviceType).
-		Scan(ctx)
-	if err != nil {
-		return nil, s.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration service with type %s not found", serviceType)
-	}
-	return service, nil
-}
-
-func (s *store) CreateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *cloudintegrationtypes.StorableCloudIntegrationService) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
-	now := time.Now()
-	if service.ID.IsZero() {
-		service.ID = valuer.GenerateUUID()
-	}
-	service.CloudIntegrationID = cloudIntegrationID
-	if service.CreatedAt.IsZero() {
-		service.CreatedAt = now
-	}
-	service.UpdatedAt = now
-
-	_, err := s.store.BunDBCtx(ctx).NewInsert().Model(service).Exec(ctx)
-	if err != nil {
-		return nil, s.store.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "cloud integration service with type %s already exists", service.Type)
-	}
-
-	return service, nil
-}
-
-func (s *store) UpdateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *cloudintegrationtypes.StorableCloudIntegrationService) error {
-	service.CloudIntegrationID = cloudIntegrationID
-	service.UpdatedAt = time.Now()
-	_, err := s.store.BunDBCtx(ctx).NewUpdate().Model(service).
-		Where("cloud_integration_id = ?", cloudIntegrationID).
-		Where("type = ?", service.Type).
-		Exec(ctx)
-	return err
-}
-
-func (s *store) GetServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*cloudintegrationtypes.StorableCloudIntegrationService, error) {
-	var services []*cloudintegrationtypes.StorableCloudIntegrationService
-	err := s.store.BunDB().NewSelect().Model(&services).
-		Where("cloud_integration_id = ?", cloudIntegrationID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return services, nil
-}

pkg/modules/dashboard/impldashboard/handler.go

@@ -15,7 +15,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/transition"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
@@ -109,7 +108,7 @@ func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
 
 	diff := 0
 	// Allow multiple deletions for API key requests; enforce for others
-	if authType, ok := ctxtypes.AuthTypeFromContext(ctx); ok && authType == ctxtypes.AuthTypeTokenizer {
+	if claims.IdentNProvider == authtypes.IdentNProviderTokenizer.StringValue() {
 		diff = 1
 	}
 

pkg/modules/session/implsession/module.go

@@ -158,7 +158,7 @@ func (module *module) CreateCallbackAuthNSession(ctx context.Context, authNProvi
 		return "", errors.WithAdditionalf(err, "root user can only authenticate via password")
 	}
 
-	token, err := module.tokenizer.CreateToken(ctx, authtypes.NewIdentity(user.ID, user.OrgID, user.Email, user.Role), map[string]string{})
+	token, err := module.tokenizer.CreateToken(ctx, authtypes.NewIdentity(user.ID, user.OrgID, user.Email, user.Role, authtypes.IdentNProviderTokenizer), map[string]string{})
 	if err != nil {
 		return "", err
 	}

pkg/query-service/app/server.go

@@ -195,13 +195,12 @@ func (s *Server) createPublicServer(api *APIHandler, web web.Web) (*http.Server,
 		}),
 		otelmux.WithPublicEndpoint(),
 	))
-	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
+	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
 		s.config.APIServer.Timeout.ExcludedRoutes,
 		s.config.APIServer.Timeout.Default,
 		s.config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
 	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
 	r.Use(middleware.NewComment().Wrap)
 

pkg/signoz/openapi.go

@@ -26,7 +26,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
-	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/swaggest/jsonschema-go"
 	"github.com/swaggest/openapi-go"
@@ -82,8 +82,8 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 
 	reflector.SpecSchema().SetTitle("SigNoz")
 	reflector.SpecSchema().SetDescription("OpenTelemetry-Native Logs, Metrics and Traces in a single pane")
-	reflector.SpecSchema().SetAPIKeySecurity(ctxtypes.AuthTypeAPIKey.StringValue(), "SigNoz-Api-Key", openapi.InHeader, "API Keys")
-	reflector.SpecSchema().SetHTTPBearerTokenSecurity(ctxtypes.AuthTypeTokenizer.StringValue(), "Tokenizer", "Tokens generated by the tokenizer")
+	reflector.SpecSchema().SetAPIKeySecurity(authtypes.IdentNProviderAPIkey.StringValue(), "SigNoz-Api-Key", openapi.InHeader, "API Keys")
+	reflector.SpecSchema().SetHTTPBearerTokenSecurity(authtypes.IdentNProviderTokenizer.StringValue(), "Tokenizer", "Tokens generated by the tokenizer")
 
 	collector := handler.NewOpenAPICollector(reflector)
 

pkg/signoz/signoz.go

@@ -16,6 +16,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/identn"
+	"github.com/SigNoz/signoz/pkg/identn/apikeyidentn"
+	"github.com/SigNoz/signoz/pkg/identn/tokenizeridentn"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
@@ -65,6 +68,7 @@ type SigNoz struct {
 	Sharder                sharder.Sharder
 	StatsReporter          statsreporter.StatsReporter
 	Tokenizer              pkgtokenizer.Tokenizer
+	IdentNResolver         identn.IdentNResolver
 	Authz                  authz.AuthZ
 	Modules                Modules
 	Handlers               Handlers
@@ -390,6 +394,11 @@ func New(
 	// Initialize all modules
 	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter)
 
+	// Initialize identN resolver
+	tokenizerIdentn := tokenizeridentn.New(providerSettings, tokenizer, []string{"Authorization", "Sec-WebSocket-Protocol"})
+	apikeyIdentn := apikeyidentn.New(providerSettings, sqlstore, []string{"SIGNOZ-API-KEY"})
+	identNResolver := identn.NewIdentNResolver(providerSettings, tokenizerIdentn, apikeyIdentn)
+
 	userService := impluser.NewService(providerSettings, impluser.NewStore(sqlstore, providerSettings), modules.User, orgGetter, authz, config.User.Root)
 
 	// Initialize the querier handler via callback (allows EE to decorate with anomaly detection)
@@ -468,6 +477,7 @@ func New(
 		Emailing:               emailing,
 		Sharder:                sharder,
 		Tokenizer:              tokenizer,
+		IdentNResolver:         identNResolver,
 		Authz:                  authz,
 		Modules:                modules,
 		Handlers:               handlers,

pkg/tokenizer/jwttokenizer/provider.go

@@ -125,7 +125,7 @@ func (provider *provider) GetIdentity(ctx context.Context, accessToken string) (
 		return nil, errors.Newf(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "claim role mismatch")
 	}
 
-	return authtypes.NewIdentity(valuer.MustNewUUID(claims.UserID), valuer.MustNewUUID(claims.OrgID), valuer.MustNewEmail(claims.Email), claims.Role), nil
+	return authtypes.NewIdentity(valuer.MustNewUUID(claims.UserID), valuer.MustNewUUID(claims.OrgID), valuer.MustNewEmail(claims.Email), claims.Role, authtypes.IdentNProviderTokenizer), nil
 }
 
 func (provider *provider) DeleteToken(ctx context.Context, accessToken string) error {

pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go

@@ -47,7 +47,7 @@ func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID)
 		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
 	}
 
-	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role)), nil
+	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role), authtypes.IdentNProviderTokenizer), nil
 }
 
 func (store *store) GetByAccessToken(ctx context.Context, accessToken string) (*authtypes.StorableToken, error) {

pkg/types/authtypes/authn.go

@@ -25,10 +25,11 @@ var (
 type AuthNProvider struct{ valuer.String }
 
 type Identity struct {
-	UserID valuer.UUID  `json:"userId"`
-	OrgID  valuer.UUID  `json:"orgId"`
-	Email  valuer.Email `json:"email"`
-	Role   types.Role   `json:"role"`
+	UserID        valuer.UUID    `json:"userId"`
+	OrgID         valuer.UUID    `json:"orgId"`
+	IdenNProvider IdentNProvider `json:"identNProvider"`
+	Email         valuer.Email   `json:"email"`
+	Role          types.Role     `json:"role"`
 }
 
 type CallbackIdentity struct {
@@ -78,12 +79,13 @@ func NewStateFromString(state string) (State, error) {
 	}, nil
 }
 
-func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role) *Identity {
+func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role, identNProvider IdentNProvider) *Identity {
 	return &Identity{
-		UserID: userID,
-		OrgID:  orgID,
-		Email:  email,
-		Role:   role,
+		UserID:        userID,
+		OrgID:         orgID,
+		Email:         email,
+		Role:          role,
+		IdenNProvider: identNProvider,
 	}
 }
 
@@ -116,10 +118,11 @@ func (typ *Identity) UnmarshalBinary(data []byte) error {
 
 func (typ *Identity) ToClaims() Claims {
 	return Claims{
-		UserID: typ.UserID.String(),
-		Email:  typ.Email.String(),
-		Role:   typ.Role,
-		OrgID:  typ.OrgID.String(),
+		UserID:         typ.UserID.String(),
+		Email:          typ.Email.String(),
+		Role:           typ.Role,
+		OrgID:          typ.OrgID.String(),
+		IdentNProvider: typ.IdenNProvider.StringValue(),
 	}
 }
 

pkg/types/authtypes/claims.go

@@ -13,10 +13,11 @@ type claimsKey struct{}
 type accessTokenKey struct{}
 
 type Claims struct {
-	UserID string
-	Email  string
-	Role   types.Role
-	OrgID  string
+	UserID         string
+	Email          string
+	Role           types.Role
+	OrgID          string
+	IdentNProvider string
 }
 
 // NewContextWithClaims attaches individual claims to the context.
@@ -53,6 +54,7 @@ func (c *Claims) LogValue() slog.Value {
 		slog.String("email", c.Email),
 		slog.String("role", c.Role.String()),
 		slog.String("org_id", c.OrgID),
+		slog.String("identn_provider", c.IdentNProvider),
 	)
 }
 

pkg/types/authtypes/identn.go

@@ -0,0 +1,11 @@
+package authtypes
+
+import "github.com/SigNoz/signoz/pkg/valuer"
+
+var (
+	IdentNProviderTokenizer = IdentNProvider{valuer.NewString("tokenizer")}
+	IdentNProviderAPIkey    = IdentNProvider{valuer.NewString("api_key")}
+	IdentNProviderAnonymous = IdentNProvider{valuer.NewString("anonymous")}
+)
+
+type IdentNProvider struct{ valuer.String }

pkg/types/authtypes/uuid.go

@@ -1,41 +0,0 @@
-package authtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-type uuidKey struct{}
-
-type UUID struct {
-}
-
-func NewUUID() *UUID {
-	return &UUID{}
-}
-
-func (u *UUID) ContextFromRequest(ctx context.Context, values ...string) (context.Context, error) {
-	var value string
-	for _, v := range values {
-		if v != "" {
-			value = v
-			break
-		}
-	}
-
-	if value == "" {
-		return ctx, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "missing Authorization header")
-	}
-
-	return NewContextWithUUID(ctx, value), nil
-}
-
-func NewContextWithUUID(ctx context.Context, uuid string) context.Context {
-	return context.WithValue(ctx, uuidKey{}, uuid)
-}
-
-func UUIDFromContext(ctx context.Context) (string, bool) {
-	uuid, ok := ctx.Value(uuidKey{}).(string)
-	return uuid, ok
-}

pkg/types/cloudintegrationtypes/account.go

@@ -1,49 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type (
-	ConnectedAccounts struct {
-		Accounts []*Account `json:"accounts"`
-	}
-
-	GettableConnectedAccounts = ConnectedAccounts
-
-	UpdateAccountConfigRequest struct {
-		AWS *AWSAccountConfig `json:"aws"`
-	}
-
-	UpdatableAccountConfig = UpdateAccountConfigRequest
-)
-
-type (
-	Account struct {
-		Id                string            `json:"id"`
-		ProviderAccountId *string           `json:"providerAccountID,omitempty"`
-		Provider          CloudProviderType `json:"provider"`
-		RemovedAt         *time.Time        `json:"removedAt,omitempty"`
-		AgentReport       *AgentReport      `json:"agentReport,omitempty"`
-		OrgID             valuer.UUID       `json:"orgID"`
-		Config            *AccountConfig    `json:"accountConfig,omitempty"`
-	}
-
-	GettableAccount = Account
-)
-
-// AgentReport represents heartbeats sent by the agent.
-type AgentReport struct {
-	TimestampMillis int64          `json:"timestampMillis"`
-	Data            map[string]any `json:"data"`
-}
-
-type AccountConfig struct {
-	AWS *AWSAccountConfig `json:"aws,omitempty"`
-}
-
-type AWSAccountConfig struct {
-	Regions []string `json:"regions"`
-}

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -1,82 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"database/sql/driver"
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/uptrace/bun"
-
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var (
-	ErrCodeCloudIntegrationNotFound = errors.MustNewCode("cloud_integration_not_found")
-)
-
-// StorableCloudIntegration represents a cloud integration stored in the database.
-// This is also referred as "Account" in the context of cloud integrations.
-type StorableCloudIntegration struct {
-	bun.BaseModel `bun:"table:cloud_integration"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Provider CloudProviderType `json:"provider" bun:"provider,type:text"`
-	// Config is provider specific data in JSON string format
-	Config          string               `json:"config" bun:"config,type:text"`
-	AccountID       *string              `json:"account_id" bun:"account_id,type:text"`
-	LastAgentReport *StorableAgentReport `json:"last_agent_report" bun:"last_agent_report,type:text"`
-	RemovedAt       *time.Time           `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
-	OrgID           valuer.UUID          `bun:"org_id,type:text"`
-}
-
-// StorableAgentReport represents the last heartbeat and arbitrary data sent by the agent
-// as of now there is no use case for Data field, but keeping it for backwards compatibility with older structure.
-type StorableAgentReport struct {
-	TimestampMillis int64          `json:"timestamp_millis"`
-	Data            map[string]any `json:"data"`
-}
-
-// StorableCloudIntegrationService is to store service config for a cloud integration, which is a cloud provider specific configuration.
-type StorableCloudIntegrationService struct {
-	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Type valuer.String `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
-	// Config is cloud provider's service specific data in JSON string format
-	Config             string      `bun:"config,type:text"`
-	CloudIntegrationID valuer.UUID `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integration(id),on_delete:cascade"`
-}
-
-// Scan scans value from DB.
-func (r *StorableAgentReport) Scan(src any) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-	return json.Unmarshal(data, r)
-}
-
-// Value creates value to be stored in DB.
-func (r *StorableAgentReport) Value() (driver.Value, error) {
-	if r == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
-	}
-
-	serialized, err := json.Marshal(r)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
-		)
-	}
-	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytes
-	return string(serialized), nil
-}

pkg/types/cloudintegrationtypes/cloudprovider.go

@@ -1,41 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// CloudProviderType type alias.
-type CloudProviderType struct{ valuer.String }
-
-var (
-	// cloud providers.
-	CloudProviderTypeAWS   = CloudProviderType{valuer.NewString("aws")}
-	CloudProviderTypeAzure = CloudProviderType{valuer.NewString("azure")}
-
-	// errors.
-	ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
-
-	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
-	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
-)
-
-// CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
-// This is used for validation and restrictions in different contexts, across codebase.
-var CloudIntegrationUserEmails = []valuer.Email{
-	AWSIntegrationUserEmail,
-	AzureIntegrationUserEmail,
-}
-
-// NewCloudProvider returns a new CloudProviderType from a string.
-// It validates the input and returns an error if the input is not valid cloud provider.
-func NewCloudProvider(provider string) (CloudProviderType, error) {
-	switch provider {
-	case CloudProviderTypeAWS.StringValue():
-		return CloudProviderTypeAWS, nil
-	case CloudProviderTypeAzure.StringValue():
-		return CloudProviderTypeAzure, nil
-	default:
-		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
-	}
-}

pkg/types/cloudintegrationtypes/connection.go

@@ -1,96 +0,0 @@
-package cloudintegrationtypes
-
-import "github.com/SigNoz/signoz/pkg/types/integrationtypes"
-
-// request for creating connection artifact.
-type (
-	PostableConnectionArtifact = ConnectionArtifactRequest
-
-	ConnectionArtifactRequest struct {
-		Aws *AWSConnectionArtifactRequest `json:"aws"`
-	}
-
-	AWSConnectionArtifactRequest struct {
-		DeploymentRegion string   `json:"deploymentRegion"`
-		Regions          []string `json:"regions"`
-	}
-)
-
-type (
-	ConnectionArtifact struct {
-		Aws *AWSConnectionArtifact `json:"aws"`
-	}
-
-	AWSConnectionArtifact struct {
-		ConnectionUrl string `json:"connectionURL"`
-	}
-
-	GettableConnectionArtifact = ConnectionArtifact
-)
-
-type (
-	AccountStatus struct {
-		Id                string                         `json:"id"`
-		ProviderAccountId *string                        `json:"providerAccountID,omitempty"`
-		Status            integrationtypes.AccountStatus `json:"status"`
-	}
-
-	GettableAccountStatus = AccountStatus
-)
-
-type (
-	AgentCheckInRequest struct {
-		// older backward compatible fields are mapped to new fields
-		// CloudIntegrationId string `json:"cloudIntegrationId"`
-		// AccountId          string `json:"accountId"`
-
-		// New fields
-		ProviderAccountId string `json:"providerAccountId"`
-		CloudAccountId    string `json:"cloudAccountId"`
-
-		Data map[string]any `json:"data,omitempty"`
-	}
-
-	PostableAgentCheckInRequest struct {
-		AgentCheckInRequest
-		// following are backward compatible fields for older running agents
-		// which gets mapped to new fields in AgentCheckInRequest
-		CloudIntegrationId string `json:"cloud_integration_id"`
-		CloudAccountId     string `json:"cloud_account_id"`
-	}
-
-	GettableAgentCheckInResponse struct {
-		AgentCheckInResponse
-
-		CloudIntegrationId string `json:"cloud_integration_id"`
-		AccountId          string `json:"account_id"`
-	}
-
-	AgentCheckInResponse struct {
-		// Older fields for backward compatibility are mapped to new fields below
-		// CloudIntegrationId string `json:"cloud_integration_id"`
-		// AccountId          string `json:"account_id"`
-
-		// New fields
-		ProviderAccountId string `json:"providerAccountId"`
-		CloudAccountId    string `json:"cloudAccountId"`
-
-		// IntegrationConfig populates data related to integration that is required for an agent
-		// to start collecting telemetry data
-		// keeping JSON key snake_case for backward compatibility
-		IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty"`
-	}
-
-	IntegrationConfig struct {
-		EnabledRegions []string               `json:"enabledRegions"`      // backward compatible
-		Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"` // backward compatible
-
-		// new fields
-		AWS *AWSIntegrationConfig `json:"aws,omitempty"`
-	}
-
-	AWSIntegrationConfig struct {
-		EnabledRegions []string               `json:"enabledRegions"`
-		Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"`
-	}
-)

pkg/types/cloudintegrationtypes/regions.go

@@ -1,103 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-var (
-	CodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
-	CodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
-)
-
-// List of all valid cloud regions on Amazon Web Services.
-var ValidAWSRegions = map[string]struct{}{
-	"af-south-1":     {}, // Africa (Cape Town).
-	"ap-east-1":      {}, // Asia Pacific (Hong Kong).
-	"ap-northeast-1": {}, // Asia Pacific (Tokyo).
-	"ap-northeast-2": {}, // Asia Pacific (Seoul).
-	"ap-northeast-3": {}, // Asia Pacific (Osaka).
-	"ap-south-1":     {}, // Asia Pacific (Mumbai).
-	"ap-south-2":     {}, // Asia Pacific (Hyderabad).
-	"ap-southeast-1": {}, // Asia Pacific (Singapore).
-	"ap-southeast-2": {}, // Asia Pacific (Sydney).
-	"ap-southeast-3": {}, // Asia Pacific (Jakarta).
-	"ap-southeast-4": {}, // Asia Pacific (Melbourne).
-	"ca-central-1":   {}, // Canada (Central).
-	"ca-west-1":      {}, // Canada West (Calgary).
-	"eu-central-1":   {}, // Europe (Frankfurt).
-	"eu-central-2":   {}, // Europe (Zurich).
-	"eu-north-1":     {}, // Europe (Stockholm).
-	"eu-south-1":     {}, // Europe (Milan).
-	"eu-south-2":     {}, // Europe (Spain).
-	"eu-west-1":      {}, // Europe (Ireland).
-	"eu-west-2":      {}, // Europe (London).
-	"eu-west-3":      {}, // Europe (Paris).
-	"il-central-1":   {}, // Israel (Tel Aviv).
-	"me-central-1":   {}, // Middle East (UAE).
-	"me-south-1":     {}, // Middle East (Bahrain).
-	"sa-east-1":      {}, // South America (Sao Paulo).
-	"us-east-1":      {}, // US East (N. Virginia).
-	"us-east-2":      {}, // US East (Ohio).
-	"us-west-1":      {}, // US West (N. California).
-	"us-west-2":      {}, // US West (Oregon).
-}
-
-// List of all valid cloud regions for Microsoft Azure.
-var ValidAzureRegions = map[string]struct{}{
-	"australiacentral":   {}, // Australia Central
-	"australiacentral2":  {}, // Australia Central 2
-	"australiaeast":      {}, // Australia East
-	"australiasoutheast": {}, // Australia Southeast
-	"austriaeast":        {}, // Austria East
-	"belgiumcentral":     {}, // Belgium Central
-	"brazilsouth":        {}, // Brazil South
-	"brazilsoutheast":    {}, // Brazil Southeast
-	"canadacentral":      {}, // Canada Central
-	"canadaeast":         {}, // Canada East
-	"centralindia":       {}, // Central India
-	"centralus":          {}, // Central US
-	"chilecentral":       {}, // Chile Central
-	"denmarkeast":        {}, // Denmark East
-	"eastasia":           {}, // East Asia
-	"eastus":             {}, // East US
-	"eastus2":            {}, // East US 2
-	"francecentral":      {}, // France Central
-	"francesouth":        {}, // France South
-	"germanynorth":       {}, // Germany North
-	"germanywestcentral": {}, // Germany West Central
-	"indonesiacentral":   {}, // Indonesia Central
-	"israelcentral":      {}, // Israel Central
-	"italynorth":         {}, // Italy North
-	"japaneast":          {}, // Japan East
-	"japanwest":          {}, // Japan West
-	"koreacentral":       {}, // Korea Central
-	"koreasouth":         {}, // Korea South
-	"malaysiawest":       {}, // Malaysia West
-	"mexicocentral":      {}, // Mexico Central
-	"newzealandnorth":    {}, // New Zealand North
-	"northcentralus":     {}, // North Central US
-	"northeurope":        {}, // North Europe
-	"norwayeast":         {}, // Norway East
-	"norwaywest":         {}, // Norway West
-	"polandcentral":      {}, // Poland Central
-	"qatarcentral":       {}, // Qatar Central
-	"southafricanorth":   {}, // South Africa North
-	"southafricawest":    {}, // South Africa West
-	"southcentralus":     {}, // South Central US
-	"southindia":         {}, // South India
-	"southeastasia":      {}, // Southeast Asia
-	"spaincentral":       {}, // Spain Central
-	"swedencentral":      {}, // Sweden Central
-	"switzerlandnorth":   {}, // Switzerland North
-	"switzerlandwest":    {}, // Switzerland West
-	"uaecentral":         {}, // UAE Central
-	"uaenorth":           {}, // UAE North
-	"uksouth":            {}, // UK South
-	"ukwest":             {}, // UK West
-	"westcentralus":      {}, // West Central US
-	"westeurope":         {}, // West Europe
-	"westindia":          {}, // West India
-	"westus":             {}, // West US
-	"westus2":            {}, // West US 2
-	"westus3":            {}, // West US 3
-}

pkg/types/cloudintegrationtypes/service.go

@@ -1,211 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var S3Sync = valuer.NewString("s3sync")
-
-type (
-	ServicesMetadata struct {
-		Services []*ServiceMetadata `json:"services"`
-	}
-
-	// ServiceMetadata helps to quickly list available services and whether it is enabled or not.
-	// As getting complete service definition is a heavy operation and the response is also large,
-	// initial integration page load can be very slow.
-	ServiceMetadata struct {
-		ServiceDefinitionMetadata
-		// if the service is enabled for the account
-		Enabled bool `json:"enabled"`
-	}
-
-	GettableServicesMetadata = ServicesMetadata
-
-	Service struct {
-		ServiceDefinition
-		ServiceConfig *ServiceConfig `json:"serviceConfig"`
-	}
-
-	GettableService = Service
-
-	UpdateServiceConfigRequest struct {
-		CloudIntegrationId valuer.UUID    `json:"cloudIntegrationId"`
-		ServiceConfig      *ServiceConfig `json:"serviceConfig"`
-	}
-
-	UpdateServiceConfigResponse struct {
-		Id                 string         `json:"id"` // service id
-		CloudIntegrationId valuer.UUID    `json:"cloudIntegrationId"`
-		ServiceConfig      *ServiceConfig `json:"serviceConfig"`
-	}
-)
-
-type ServiceConfig struct {
-	AWS *AWSServiceConfig `json:"aws,omitempty"`
-}
-
-type AWSServiceConfig struct {
-	Logs    *AWSServiceLogsConfig    `json:"logs"`
-	Metrics *AWSServiceMetricsConfig `json:"metrics"`
-}
-
-// AWSServiceLogsConfig is AWS specific logs config for a service
-// NOTE: the JSON keys are snake case for backward compatibility with existing agents.
-type AWSServiceLogsConfig struct {
-	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
-}
-
-type AWSServiceMetricsConfig struct {
-	Enabled bool `json:"enabled"`
-}
-
-// DefinitionMetadata represents service definition metadata. This is useful for showing service overview.
-type ServiceDefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-type ServiceDefinition struct {
-	ServiceDefinitionMetadata
-	Overview         string              `json:"overview"` // markdown
-	Assets           Assets              `json:"assets"`
-	SupportedSignals SupportedSignals    `json:"supported_signals"`
-	DataCollected    DataCollected       `json:"dataCollected"`
-	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy"`
-}
-
-// CollectionStrategy is cloud provider specific configuration for signal collection,
-// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
-type CollectionStrategy struct {
-	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
-}
-
-// Assets represents the collection of dashboards.
-type Assets struct {
-	Dashboards []Dashboard `json:"dashboards"`
-}
-
-// SupportedSignals for cloud provider's service.
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
-// CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
-// this is shown as part of service overview.
-type CollectedLogAttribute struct {
-	Name string `json:"name"`
-	Path string `json:"path"`
-	Type string `json:"type"`
-}
-
-// CollectedMetric represents a metric that is collected for a service, this is shown as part of service overview.
-type CollectedMetric struct {
-	Name        string `json:"name"`
-	Type        string `json:"type"`
-	Unit        string `json:"unit"`
-	Description string `json:"description"`
-}
-
-// AWSCollectionStrategy represents signal collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
-type AWSCollectionStrategy struct {
-	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
-	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
-}
-
-// AWSMetricsStrategy represents metrics collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
-type AWSMetricsStrategy struct {
-	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
-	StreamFilters []struct {
-		// json tags here are in the shape expected by AWS API as detailed at
-		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
-		Namespace   string   `json:"Namespace"`
-		MetricNames []string `json:"MetricNames,omitempty"`
-	} `json:"cloudwatch_metric_stream_filters"`
-}
-
-// AWSLogsStrategy represents logs collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
-type AWSLogsStrategy struct {
-	Subscriptions []struct {
-		// subscribe to all logs groups with specified prefix.
-		// eg: `/aws/rds/`
-		LogGroupNamePrefix string `json:"log_group_name_prefix"`
-
-		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
-		// "" implies no filtering is required.
-		FilterPattern string `json:"filter_pattern"`
-	} `json:"cloudwatch_logs_subscriptions"`
-}
-
-// Dashboard represents a dashboard definition for cloud integration.
-// This is used to show available pre-made dashboards for a service,
-// hence has additional fields like id, title and description
-type Dashboard struct {
-	Id          string                               `json:"id"`
-	Title       string                               `json:"title"`
-	Description string                               `json:"description"`
-	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
-}
-
-// UTILS
-
-// GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
-// This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
-func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcId, dashboardId string) string {
-	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
-}
-
-// GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition.
-func GetDashboardsFromAssets(
-	svcId string,
-	orgID valuer.UUID,
-	cloudProvider CloudProviderType,
-	createdAt time.Time,
-	assets Assets,
-) []*dashboardtypes.Dashboard {
-	dashboards := make([]*dashboardtypes.Dashboard, 0)
-
-	for _, d := range assets.Dashboards {
-		author := fmt.Sprintf("%s-integration", cloudProvider)
-		dashboards = append(dashboards, &dashboardtypes.Dashboard{
-			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
-			Locked: true,
-			OrgID:  orgID,
-			Data:   d.Definition,
-			TimeAuditable: types.TimeAuditable{
-				CreatedAt: createdAt,
-				UpdatedAt: createdAt,
-			},
-			UserAuditable: types.UserAuditable{
-				CreatedBy: author,
-				UpdatedBy: author,
-			},
-		})
-	}
-
-	return dashboards
-}

pkg/types/cloudintegrationtypes/store.go

@@ -1,41 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Store interface {
-	// GetAccountByID returns a cloud integration account by id
-	GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) (*StorableCloudIntegration, error)
-
-	// CreateAccount creates a new cloud integration account
-	CreateAccount(ctx context.Context, orgID valuer.UUID, account *StorableCloudIntegration) (*StorableCloudIntegration, error)
-
-	// UpdateAccount updates an existing cloud integration account
-	UpdateAccount(ctx context.Context, account *StorableCloudIntegration) error
-
-	// RemoveAccount marks a cloud integration account as removed by setting the RemovedAt field
-	RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) error
-
-	// GetConnectedAccounts returns all the cloud integration accounts for the org and cloud provider
-	GetConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider CloudProviderType) ([]*StorableCloudIntegration, error)
-
-	// GetConnectedAccount for given provider
-	GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider CloudProviderType, providerAccountID string) (*StorableCloudIntegration, error)
-
-	// cloud_integration_service related methods
-
-	// GetServiceByType returns the cloud integration service for the given cloud integration id and service type
-	GetServiceByType(ctx context.Context, cloudIntegrationID valuer.UUID, serviceType string) (*StorableCloudIntegrationService, error)
-
-	// CreateService creates a new cloud integration service for the given cloud integration id and service type
-	CreateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *StorableCloudIntegrationService) (*StorableCloudIntegrationService, error)
-
-	// UpdateService updates an existing cloud integration service for the given cloud integration id and service type
-	UpdateService(ctx context.Context, cloudIntegrationID valuer.UUID, service *StorableCloudIntegrationService) error
-
-	// GetServices returns all the cloud integration services for the given cloud integration id
-	GetServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*StorableCloudIntegrationService, error)
-}

pkg/types/ctxtypes/auth.go

@@ -1,31 +0,0 @@
-package ctxtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type AuthType struct {
-	valuer.String
-}
-
-var (
-	AuthTypeTokenizer = AuthType{valuer.NewString("tokenizer")}
-	AuthTypeAPIKey    = AuthType{valuer.NewString("api_key")}
-	AuthTypeInternal  = AuthType{valuer.NewString("internal")}
-	AuthTypeAnonymous = AuthType{valuer.NewString("anonymous")}
-)
-
-type authTypeKey struct{}
-
-// SetAuthType stores the auth type (e.g., AuthTypeJWT, AuthTypeAPIKey, AuthTypeInternal) in context.
-func SetAuthType(ctx context.Context, authType AuthType) context.Context {
-	return context.WithValue(ctx, authTypeKey{}, authType)
-}
-
-// AuthTypeFromContext retrieves the auth type from context if set.
-func AuthTypeFromContext(ctx context.Context) (AuthType, bool) {
-	v, ok := ctx.Value(authTypeKey{}).(AuthType)
-	return v, ok
-}