chore: update docs

.github/workflows/jsci.yaml

@@ -71,49 +71,3 @@ jobs:
         uses: actions/checkout@v4
       - name: validate md languages
         run: bash frontend/scripts/validate-md-languages.sh
-  authz:
-    if: |
-      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
-      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v5
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v5
-        with:
-          node-version: "22"
-
-      - name: Install frontend dependencies
-        working-directory: ./frontend
-        run: |
-          yarn install
-
-      - name: Install uv
-        uses: astral-sh/setup-uv@v5
-
-      - name: Install Python dependencies
-        working-directory: ./tests/integration
-        run: |
-          uv sync
-
-      - name: Start test environment
-        run: |
-          make py-test-setup
-
-      - name: Generate permissions.type.ts
-        run: |
-          node frontend/scripts/generate-permissions-type.js
-
-      - name: Teardown test environment
-        if: always()
-        run: |
-          make py-test-teardown
-
-      - name: Check for changes
-        run: |
-          if ! git diff --exit-code frontend/src/hooks/useAuthZ/permissions.type.ts; then
-            echo "::error::frontend/src/hooks/useAuthZ/permissions.type.ts is out of date. Please run the generator locally and commit the changes: npm run generate:permissions-type (from the frontend directory)"
-            exit 1
-          fi

docs/api/openapi.yml

@@ -1763,134 +1763,6 @@ components:
       - type
       - orgId
       type: object
-    ServiceaccounttypesFactorAPIKey:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        expires_at:
-          minimum: 0
-          type: integer
-        id:
-          type: string
-        key:
-          type: string
-        last_used:
-          format: date-time
-          type: string
-        name:
-          type: string
-        service_account_id:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-      required:
-      - id
-      - key
-      - expires_at
-      - last_used
-      - service_account_id
-      type: object
-    ServiceaccounttypesGettableFactorAPIKeyWithKey:
-      properties:
-        id:
-          type: string
-        key:
-          type: string
-      required:
-      - id
-      - key
-      type: object
-    ServiceaccounttypesPostableFactorAPIKey:
-      properties:
-        expires_at:
-          minimum: 0
-          type: integer
-        name:
-          type: string
-      required:
-      - name
-      - expires_at
-      type: object
-    ServiceaccounttypesPostableServiceAccount:
-      properties:
-        email:
-          type: string
-        name:
-          type: string
-        roles:
-          items:
-            type: string
-          type: array
-      required:
-      - name
-      - email
-      - roles
-      type: object
-    ServiceaccounttypesServiceAccount:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        email:
-          type: string
-        id:
-          type: string
-        name:
-          type: string
-        orgID:
-          type: string
-        roles:
-          items:
-            type: string
-          type: array
-        status:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-      required:
-      - id
-      - name
-      - email
-      - roles
-      - status
-      - orgID
-      type: object
-    ServiceaccounttypesUpdatableFactorAPIKey:
-      properties:
-        expires_at:
-          minimum: 0
-          type: integer
-        name:
-          type: string
-      required:
-      - name
-      - expires_at
-      type: object
-    ServiceaccounttypesUpdatableServiceAccount:
-      properties:
-        email:
-          type: string
-        name:
-          type: string
-        roles:
-          items:
-            type: string
-          type: array
-      required:
-      - name
-      - email
-      - roles
-      type: object
-    ServiceaccounttypesUpdatableServiceAccountStatus:
-      properties:
-        status:
-          type: string
-      required:
-      - status
-      type: object
     TelemetrytypesFieldContext:
       enum:
       - metric
@@ -4665,586 +4537,6 @@ paths:
       summary: Patch objects for a role by relation
       tags:
       - role
-  /api/v1/service_accounts:
-    get:
-      deprecated: false
-      description: This endpoint lists the service accounts for an organisation
-      operationId: ListServiceAccounts
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/ServiceaccounttypesServiceAccount'
-                    type: array
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: List service accounts
-      tags:
-      - serviceaccount
-    post:
-      deprecated: false
-      description: This endpoint creates a service account
-      operationId: CreateServiceAccount
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ServiceaccounttypesPostableServiceAccount'
-      responses:
-        "201":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/TypesIdentifiable'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: Created
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "409":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Conflict
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Create service account
-      tags:
-      - serviceaccount
-  /api/v1/service_accounts/{id}:
-    delete:
-      deprecated: false
-      description: This endpoint deletes an existing service account
-      operationId: DeleteServiceAccount
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Deletes a service account
-      tags:
-      - serviceaccount
-    get:
-      deprecated: false
-      description: This endpoint gets an existing service account
-      operationId: GetServiceAccount
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/ServiceaccounttypesServiceAccount'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Gets a service account
-      tags:
-      - serviceaccount
-    put:
-      deprecated: false
-      description: This endpoint updates an existing service account
-      operationId: UpdateServiceAccount
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ServiceaccounttypesUpdatableServiceAccount'
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Updates a service account
-      tags:
-      - serviceaccount
-  /api/v1/service_accounts/{id}/keys:
-    get:
-      deprecated: false
-      description: This endpoint lists the service account keys
-      operationId: ListServiceAccountKeys
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/ServiceaccounttypesFactorAPIKey'
-                    type: array
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: List service account keys
-      tags:
-      - serviceaccount
-    post:
-      deprecated: false
-      description: This endpoint creates a service account key
-      operationId: CreateServiceAccountKey
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ServiceaccounttypesPostableFactorAPIKey'
-      responses:
-        "201":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/ServiceaccounttypesGettableFactorAPIKeyWithKey'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: Created
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "409":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Conflict
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Create a service account key
-      tags:
-      - serviceaccount
-  /api/v1/service_accounts/{id}/keys/{fid}:
-    delete:
-      deprecated: false
-      description: This endpoint revokes an existing service account key
-      operationId: RevokeServiceAccountKey
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: fid
-        required: true
-        schema:
-          type: string
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Revoke a service account key
-      tags:
-      - serviceaccount
-    put:
-      deprecated: false
-      description: This endpoint updates an existing service account key
-      operationId: UpdateServiceAccountKey
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: fid
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ServiceaccounttypesUpdatableFactorAPIKey'
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Updates a service account key
-      tags:
-      - serviceaccount
-  /api/v1/service_accounts/{id}/status:
-    put:
-      deprecated: false
-      description: This endpoint updates an existing service account status
-      operationId: UpdateServiceAccountStatus
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ServiceaccounttypesUpdatableServiceAccountStatus'
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Updates a service account status
-      tags:
-      - serviceaccount
   /api/v1/user:
     get:
       deprecated: false

docs/contributing/go/abstractions.md

@@ -80,32 +80,9 @@ Do not define an interface before you have at least two concrete implementations
 
 The exception is interfaces required for testing (e.g., for mocking an external dependency). In that case, define the interface in the **consuming** package, not the providing package, following the Go convention of [accepting interfaces and returning structs](https://go.dev/wiki/CodeReviewComments#interfaces).
 
-### 6. Wrappers must add semantics, not just rename
-
-A wrapper type is justified when it adds meaning, validation, or invariants that the underlying type does not carry. It is not justified when it merely renames fields or reorganizes the same data into a different shape.
-
-```go
-// Justified: adds validation that the underlying string does not carry.
-type OrgID struct{ value string }
-func NewOrgID(s string) (OrgID, error) { /* validates format */ }
-
-// Not justified: renames fields with no new invariant or behavior.
-type UserInfo struct {
-    Name  string // same as source.Name
-    Email string // same as source.Email
-}
-```
-
-Ask: what does the wrapper guarantee that the underlying type does not? If the answer is nothing, use the underlying type directly.
-
 ## When a new type IS warranted
 
-A new type earns its place when it meets **at least one** of these criteria:
-
-- **Serialization boundary**: It must be persisted, sent over the wire, or written to config. The source type is unsuitable (unexported fields, function pointers, cycles).
-- **Invariant enforcement**: The constructor or methods enforce constraints that raw data does not carry (e.g., non-empty, validated format, bounded range).
-- **Multiple distinct consumers**: Three or more call sites use the type in meaningfully different ways. The type is the shared vocabulary between them.
-- **Dependency firewall**: The type lives in a lightweight package so that consumers avoid importing a heavy dependency.
+See [Types](types.md#when-a-new-type-is-warranted) for the criteria that justify introducing a new type.
 
 ## What should I remember?
 

docs/contributing/go/packages.md

@@ -49,6 +49,43 @@ Follow these rules:
 
 5. **Test files stay alongside source**: Unit tests go in `_test.go` files next to the code they test, in the same package.
 
+## How should I order code within a file?
+
+Within a single `.go` file, declarations should follow this order:
+
+1. Constants
+2. Variables
+3. Types (structs, interfaces)
+4. Constructor functions (`New...`)
+5. Exported methods and functions
+6. Unexported methods and functions
+
+```go
+// 1. Constants
+const defaultTimeout = 30 * time.Second
+
+// 2. Variables
+var ErrNotFound = errors.New(errors.TypeNotFound, errors.CodeNotFound, "resource not found")
+
+// 3. Types
+type Store struct {
+    db *sql.DB
+}
+
+// 4. Constructors
+func NewStore(db *sql.DB) *Store {
+    return &Store{db: db}
+}
+
+// 5. Exported methods
+func (s *Store) Get(ctx context.Context, id string) (*Resource, error) { ... }
+
+// 6. Unexported methods
+func (s *Store) buildQuery(id string) string { ... }
+```
+
+This ordering makes files predictable. A reader scanning from top to bottom sees the contract (constants, types, constructors) before the implementation (methods), and exported behavior before internal helpers.
+
 ## How should I name symbols?
 
 ### Exported symbols
@@ -90,9 +127,7 @@ Never introduce circular imports. If package A needs package B and B needs A, ex
 
 ## Where do shared types go?
 
-Most types belong in `pkg/types/` under a domain-specific sub-package (e.g., `pkg/types/ruletypes`, `pkg/types/authtypes`).
-
-Do not put domain logic in `pkg/types/`. Only data structures, constants, and simple methods.
+See [Types](types.md) for full conventions on type placement, naming variants, composition, and constructors.
 
 ## How do I merge or move packages?
 
@@ -105,6 +140,10 @@ When two packages are tightly coupled (one imports the other's constants, they c
 5. Delete the old packages. Do not leave behind re-export shims.
 6. Verify with `go build ./...`, `go test ./<new-pkg>/...`, and `go vet ./...`.
 
+## When should I use valuer types?
+
+See [Types](types.md#typed-domain-values-pkgvaluer) for valuer types, when to use them, and the enum pattern using `valuer.String`.
+
 ## When should I add documentation?
 
 Add a `doc.go` with a package-level comment for any package that is non-trivial or has multiple consumers. Keep it to 1–3 sentences:
@@ -119,6 +158,10 @@ package cache
 
 - Package names are domain-specific and lowercase. Never generic names like `util` or `common`.
 - The file matching the package name (e.g., `cache.go`) defines the public interface. Implementation details go elsewhere.
+- Within a file, order declarations: constants, variables, types, constructors, exported functions, unexported functions.
+- Segregate types across files by responsibility. A file with 5 unrelated types is harder to navigate than 5 files with one type each.
+- Use valuer types (`valuer.String`, `valuer.Email`, `valuer.UUID`, `valuer.TextDuration`) for domain values that need validation, normalization, or cross-boundary serialization. See [Types](types.md#typed-domain-values-pkgvaluer) for details.
+- Avoid `init()` functions. If you need to initialize a variable, use a package-level `var` with a function call or a `sync.Once`. `init()` hides execution order, makes testing harder, and has caused subtle bugs in large codebases.
 - Never introduce circular imports. Extract shared types into `pkg/types/` when needed.
 - Watch for symbol name collisions when merging packages, prefix to disambiguate.
 - Put test helpers in a `{pkg}test/` sub-package, not in the main package.

docs/contributing/go/readme.md

@@ -8,7 +8,31 @@ We adhere to three primary style guides as our foundation:
 - [Code Review Comments](https://go.dev/wiki/CodeReviewComments) - For understanding common comments in code reviews
 - [Google Style Guide](https://google.github.io/styleguide/go/) - Additional practices from Google
 
-We **recommend** (almost enforce) reviewing these guides before contributing to the codebase. They provide valuable insights into writing idiomatic Go code and will help you understand our approach to backend development. In addition, we have a few additional rules that make certain areas stricter than the above which can be found in area-specific files in this package:
+We **recommend** (almost enforce) reviewing these guides before contributing to the codebase. They provide valuable insights into writing idiomatic Go code and will help you understand our approach to backend development.
+
+**Discover before inventing.** Before writing new code, search the codebase for existing solutions. SigNoz has established patterns for common problems: `pkg/valuer` for typed domain values, `pkg/errors` for structured errors, `pkg/factory` for provider wiring, `{pkg}test/` sub-packages for test helpers, and shared fixtures for integration tests. Duplicating what already exists creates drift and maintenance burden. When you find an existing pattern, use it. When you don't find one, check with the maintainers before building your own.
+
+## How to approach a feature
+
+Building a feature is not one task, it is a sequence of concerns that build on each other. Work through them in this order:
+
+1. **Domain design (types).** Define the types that represent your domain. What are the entities, what are their relationships, what are the constraints? This is where you decide your data model. Get this right first because everything else depends on it. See [Packages](packages.md) and [Abstractions](abstractions.md).
+
+2. **Structure (services / modules / handlers).** Place your code in the right layer given the current infrastructure. If the current structure does not work for your feature, that is the time to open a discussion and write a technical document, not to silently reshape things in the same PR. See [Handler](handler.md) and [Provider](provider.md).
+
+3. **HTTP endpoints (paths, status codes, errors).** Pay close attention to detail here. Paths, methods, request/response shapes, status codes, error codes. These are the contract with consumers and are expensive to change after release. See [Endpoint](endpoint.md) and [Handler](handler.md).
+
+4. **Database constraints (org_id, foreign keys, migrations).** Ensure org scoping, schema consistency, and migration correctness. See [SQL](sql.md).
+
+5. **Business logic (module layer).** With the types, structure, endpoints, and storage in place, the focus narrows to the actual logic. This is where review should concentrate on correctness, edge cases, and error handling.
+
+This ordering also gives you a natural way to split PRs. Each layer affects a different area and requires a different lens for review. A PR that mixes refactoring with new feature logic is hard to review and risky to ship. Separate them.
+
+For large refactors or features that touch multiple subsystems, write a short technical document outlining the design and get relevant stakeholders aligned before starting implementation. This saves significant back-and-forth during review.
+
+## Area-specific guides
+
+In addition, we have a few additional rules that make certain areas stricter than the above which can be found in area-specific files in this package:
 
 - [Abstractions](abstractions.md) - When to introduce new types and intermediate representations
 - [Errors](errors.md) - Structured error handling
@@ -20,3 +44,5 @@ We **recommend** (almost enforce) reviewing these guides before contributing to
 - [Packages](packages.md) - Naming, layout, and conventions for `pkg/` packages
 - [Service](service.md) - Managed service lifecycle with `factory.Service`
 - [SQL](sql.md) - Database and SQL patterns
+- [Testing](testing.md) - Writing tests that catch bugs without becoming a maintenance burden
+- [Types](types.md) - Type placement, naming variants, composition, and constructors

docs/contributing/go/testing.md

@@ -0,0 +1,260 @@
+# Testing
+
+This document provides rules for writing tests that catch real bugs and do not become a maintenance burden. It covers both how to write good tests and how to recognize bad ones.
+
+## Why we write tests
+
+Tests exist to give confidence that the system behaves correctly. A good test suite lets you change code and know immediately (or in a reasonable time) whether you broke something. A bad test suite lets you change code (and then spend hours figuring out whether the failures are real) and still lets the bugs slip in.
+
+Every test should be written to answer one question: **if this test fails, does that mean a user-visible behavior is broken?** If the answer is no, reconsider whether the test should exist.
+
+Not all tests are equal. Different scopes serve different purposes, and the balance matters.
+
+- **Unit tests**: Fast, focused, test a single function or type in isolation. These form the foundation. They should run in milliseconds, have no I/O, and be fully deterministic.
+- **Integration tests**: Verify that components work together against real dependencies (ClickHouse, PostgreSQL, etc.). Slower, but catch problems that unit tests cannot: real query behavior, configuration issues, serialization mismatches.
+- **End-to-end tests**: Validate full system behavior from the outside. Expensive to write and maintain, but necessary for critical user flows.
+
+When a test can be written at a smaller scope, prefer the smaller scope. But do not force a unit test where an integration test is the natural fit.
+
+## What to test
+
+### Test behaviors, not implementations
+
+A test should verify what the code does, not how it does it (unless the goal of the test is specifically how something happen). If you can refactor the internals of a function e.g, change a query, rename a variable, restructure the logic and no user-visible behavior changes, no test should break.
+
+```go
+// Good: tests the behavior "given this input, expect this output."
+func TestDiscountApplied(t *testing.T) {
+    order := NewOrder(item("widget", 100))
+    order.ApplyDiscount(10)
+    assert.Equal(t, 90, order.Total())
+}
+
+// Bad: tests the implementation "did it call the right internal method?"
+func TestDiscountApplied(t *testing.T) {
+    mockPricer := new(MockPricer)
+    mockPricer.On("CalculateDiscount", 100, 10).Return(90)
+    order := NewOrder(item("widget", 100), WithPricer(mockPricer))
+    order.ApplyDiscount(10)
+    mockPricer.AssertCalled(t, "CalculateDiscount", 100, 10)
+}
+```
+
+The first test survives a refactoring of how discounts are calculated. The second test breaks the moment you rename the method, change its signature, or inline the logic.
+
+**The refactoring test**: before committing a test, ask if someone refactors the internals tomorrow without changing any behavior, will this test break? If yes, consider updating the test.
+
+### Output format as behavior
+
+Some functions exist specifically to produce a formatted output: a query builder generates SQL, a serializer generates JSON, a code generator produces source code. In these cases, the output string *is* the behavior and asserting on it is valid and necessary. The function's contract is the exact output it produces.
+
+This is different from testing a function that *uses* a query internally. If a function's job is to fetch data from a database, the query it sends is an implementation detail and the returned data is the behavior. If its job is to *build* a query for someone else to execute, the query string is the behavior.
+
+The distinction: **is the formatted output the function's product, or the function's mechanism?** Test the product, not the mechanism.
+
+### Test at the public API boundary
+
+Write tests against the exported functions and methods that consumers actually call. Do not test unexported helpers directly. If an unexported function has complex logic worth testing, that is a signal it should be extracted into its own package with its own public API.
+
+### Test edge cases and error paths
+
+The most valuable tests cover the cases that are easy to get wrong:
+
+- Empty inputs, nil inputs, zero values.
+- Boundary conditions (off-by-one, first element, last element).
+- Error conditions (what happens when the dependency fails?).
+- Concurrent access, if the code is designed for it.
+
+A test for the happy path of a trivial function adds little value. A test for the error path of a complex function prevents real bugs.
+
+### The Beyonce Rule
+
+"If you liked it, then you should have put a test on it." Any behavior you want to preserve such as correctness, performance characteristics, security constraints, error handling should be covered by a test. If it breaks and there is no test, that is not a regression; it is an untested assumption.
+
+## How to write a test
+
+### Structure: arrange, act, assert
+
+Every test should have three clearly separated sections:
+
+```go
+func TestTransferInsufficientFunds(t *testing.T) {
+    // Arrange: set up the preconditions.
+    from := NewAccount(50)
+    to := NewAccount(0)
+
+    // Act: perform the operation being tested.
+    err := Transfer(from, to, 100)
+
+    // Assert: verify the outcome.
+    require.Error(t, err)
+    assert.Equal(t, 50, from.Balance())
+    assert.Equal(t, 0, to.Balance())
+}
+```
+
+Do not interleave setup and assertions. Do not put assertions in helper functions that also perform setup. Keep the three sections visually distinct.
+
+### One behavior per test
+
+Each test function should verify one behavior. If a test name needs "and" in it, split it into two tests.
+
+```go
+// Good: one behavior per test.
+func TestParseValidInput(t *testing.T) { ... }
+func TestParseEmptyInput(t *testing.T) { ... }
+func TestParseMalformedInput(t *testing.T) { ... }
+
+// Bad: multiple behaviors in one test.
+func TestParse(t *testing.T) {
+    // test valid input
+    // test empty input
+    // test malformed input
+}
+```
+
+Table-driven tests are fine when the behavior is the same and only the inputs/outputs vary.
+
+### Name tests after behaviors
+
+Test names should describe the scenario and the expected outcome, not the function being tested.
+
+```go
+// Good: describes the behavior.
+func TestWithdrawal_InsufficientFunds_ReturnsError(t *testing.T)
+func TestWithdrawal_ZeroBalance_ReturnsError(t *testing.T)
+
+// Bad: describes the function.
+func TestWithdraw(t *testing.T)
+func TestWithdrawError(t *testing.T)
+```
+
+### Eliminate logic in tests
+
+Tests should be straight-line code. No `if`, no `for`, no `switch`. If you feel the need to add control flow to a test, either split it into multiple tests or restructure the test data.
+
+A test with logic in it needs its own tests. That is a sign something has gone wrong.
+
+### Write clear failure messages
+
+When a test fails, the failure message should tell you what went wrong without reading the test source.
+
+```go
+// Good: failure message explains the context.
+assert.Equal(t, expected, actual, "discount should be applied to order total")
+
+// Bad: failure message is just the default.
+assert.Equal(t, expected, actual)
+```
+
+Use `require` for preconditions that must hold for the rest of the test to make sense. Use `assert` for the actual verifications. This avoids cascading failures from a single root cause.
+
+## How to recognize a bad test
+
+A bad test costs more to maintain than the bugs it prevents. Learning to identify bad tests is as important as learning to write good ones. Always evaluate a test critically before commiting it.
+
+### Tests that duplicate the implementation
+
+If a test contains the same logic as the code it tests, it verifies nothing. It will pass when the code is wrong in the same way the test is wrong, and it will break whenever the code changes even if the change is correct.
+
+A common form: mocking a database, setting up canned rows, calling a function that queries and scans those rows, then asserting that the function returned exactly those rows. The test encodes the query, the row structure, and the scan logic. The same things the production code does. If the function has no branching logic beyond "query and scan," this test is a mirror of the implementation, not a check on it. An integration test against a real database verifies the actual behavior; the mock-based test verifies that the code matches the test author's expectations of the code.
+
+### Tests for functions with no interesting logic
+
+Not every function needs a test. A function that prepares a query, sends it, and scans the result has no branching, no edge cases, and no logic that could be wrong independently of the query being correct. Unit-testing it means mocking the database, which means the test does not verify the query works. It only verifies the function calls the mock in the expected way.
+
+Ask: **what bug would this test catch that would not be caught by the integration test or by the tests of the calling code?** If the answer is nothing, skip the unit test. A missing test is better than a test that provides false confidence.
+
+### Tests that rebuild the dependency boundary
+
+When a test creates an in-package mock of an external interface (database driver, HTTP client, file system) and that mock contains non-trivial logic (reflection-based scanning, response simulation, state machines), the test is now testing its own mock as much as the production code. Bugs in the mock produce false passes or false failures, and the mock must be maintained alongside the real dependency.
+
+If the mock is complex enough to have its own bugs, you have rebuilt the dependency boundary rather than testing against it. Use the real dependency (via integration test) or use a well-maintained fake provided by the dependency's authors.
+
+### Tests that exist for coverage
+
+A test that exercises a function without meaningfully verifying its output adds coverage without adding confidence. Calling a type-conversion function with every numeric type and asserting it does not panic covers lines but does not catch regressions. The function would need to be rewritten to fail, and any such rewrite would be caught by the callers' tests.
+
+Before writing a test, identify the specific failure mode it guards against. If you cannot name one, the test is not worth writing.
+
+### Tests that test the language
+
+Do not test that language type system, standard library, or well-known third-party libraries work correctly. Testing that `reflect.Kind` returns the right value for each type, that pointer dereferencing works, or that a type switch dispatches correctly adds maintenance burden without catching any plausible bug in your code.
+
+## Brittle tests
+
+A brittle test is one that fails when production code changes without an actual bug being introduced. Brittle tests are expensive: they slow down development, train people to ignore failures, and provide no real safety net. Common sources of brittleness:
+
+- **Asserting on implementation details**: Verifying which internal methods were called, in what order, or with what intermediate values. If the method is renamed or the order changes but the output is the same, the test breaks for no reason.
+- **Asserting on serialized representations when the format is not the contract**: Matching exact SQL strings, JSON output, or log messages produced by a function whose job is not to produce that format.
+- **Over-constrained mocks**: Setting up a mock that expects specific arguments in a specific sequence. Any refactoring of the call pattern breaks the mock setup even if behavior is preserved.
+- **Shared mutable state**: Tests that depend on data left behind by other tests. A change in execution order or a new test case causes unrelated failures.
+- **Time-dependence**: Tests that use `time.Now()`, `time.Sleep()`, or real timers. These produce flaky results and break under load.
+
+When you encounter a brittle test, fix or delete it. Do not work around it.
+
+## DAMP
+
+Test code should prioritize clarity (DAMP: Descriptive And Meaningful Phrases).
+
+```go
+// DAMP: each test is self-contained and readable.
+func TestCreateUser(t *testing.T) {
+    user := User{Name: "Alice", Email: "alice@example.com"}
+    err := store.Create(ctx, user)
+    require.NoError(t, err)
+}
+
+func TestCreateDuplicateUser(t *testing.T) {
+    user := User{Name: "Alice", Email: "alice@example.com"}
+    _ = store.Create(ctx, user)
+    err := store.Create(ctx, user)
+    assert.ErrorIs(t, err, ErrAlreadyExists)
+}
+```
+
+Shared setup helpers are fine for constructing objects with sensible defaults. But each test should explicitly set the values it depends on rather than relying on hidden defaults in a shared fixture.
+
+## Flaky tests
+
+A flaky test is one that sometimes passes and sometimes fails without any code change. Flaky tests erode trust in the entire suite. Once people learn to re-run and ignore failures, real bugs slip through.
+
+Common causes and fixes:
+
+- **Timing and sleeps**: Replace `time.Sleep` with channels, condition variables, or polling with a timeout.
+- **Uncontrolled concurrency**: Use deterministic synchronization rather than relying on goroutine scheduling.
+- **Shared state between tests**: Each test should set up and tear down its own state.
+
+If a test is flaky and you cannot fix the root cause quickly, skip or delete it. A skipped test with an explanation is better than a flaky test that trains everyone to ignore red builds.
+
+## Code coverage
+
+Code coverage measures which lines were executed, not whether the code is correct. A function that is called but whose output is never checked has 100% coverage and 0% verification.
+
+Do not use coverage as a target to hit. Use it as a tool to find gaps such as untested error paths, unreachable branches, dead code. A codebase with 60% meaningful coverage is better than one with 95% coverage achieved by testing trivial getters.
+
+## Tests are code
+
+Tests must be maintained and they are not second-class citizen. You should apply the same standards for readability, naming, and structure that you apply to production code. We do not tolerate complexity in tests just because they are tests.
+
+However, tests should be simpler than production code. If a test requires its own helper library, complex setup, or nested control flow, step back and ask whether you are testing the right thing at the right level. This is not a blanket rule but a prompt to pause, assess the situation, and check whether the complexity is justified.
+
+## What should I remember?
+
+- If refactoring internals breaks your test but no behavior changed, the test is likely bad. Delete it or consider updating it.
+- Test what the code does, not how it does it. Verify outputs and state, not method calls.
+- Output format is behavior when the function's job is to produce that format. It is not behavior when the function uses it internally.
+- Ask what specific bug this test catches. If you cannot name one, do not write it.
+- Always evaluate whether the test adds confidence, not just lines.
+- One behavior per test. Name it after the scenario, not the function.
+- No logic in tests. Straight-line code only.
+- Flaky tests are not acceptable. Fix the root cause or nuke the test code.
+- Coverage measures execution, not correctness.
+
+## Mandatory reading
+
+- What to look for in a code review: Tests - https://google.github.io/eng-practices/review/reviewer/looking-for.html#tests
+- Testing Overview - https://abseil.io/resources/swe-book/html/ch11.html
+- Unit Testing - https://abseil.io/resources/swe-book/html/ch12.html
+- Test Doubles - https://abseil.io/resources/swe-book/html/ch13.html
+- Larger Testing - https://abseil.io/resources/swe-book/html/ch14.html

docs/contributing/go/types.md

@@ -0,0 +1,272 @@
+# Types
+
+This guide covers how types are organised, named, constructed, and composed so you can add new ones consistently.
+
+## Where do types live?
+
+Types live in `pkg/types/` and its sub-packages:
+
+```
+pkg/types/
+├── auditable.go          # TimeAuditable, UserAuditable
+├── identity.go           # Identifiable (UUID primary key)
+├── user.go               # User, PostableRegisterOrgAndAdmin, UserStore
+├── alertmanagertypes/    # Alert manager domain types
+│   ├── channel.go
+│   ├── receiver.go
+│   └── config.go
+├── authtypes/            # Auth domain types
+└── ruletypes/            # Rule domain types
+    └── maintenance.go
+```
+
+Follow these rules:
+
+1. **Embeddable building blocks** go in `pkg/types/` directly `Identifiable`, `TimeAuditable`, `UserAuditable`.
+2. **Domain-specific types** go in a sub-package named `pkg/types/<domain>types/` (e.g., `alertmanagertypes`, `ruletypes`, `authtypes`).
+3. **No domain logic** in type packages. Only data structures, constants, and simple methods. Domain services import from type packages, not the other way around.
+4. **Domain services import types, not vice versa.** If a type needs a service, the design is likely wrong and you should restructure so the service operates on the type.
+
+## Type variants
+
+A domain entity often has multiple representations depending on where it appears in the system. We use naming prefixes to distinguish them:
+
+| Prefix | Purpose | Example |
+|---|---|---|
+| `Postable<Type>` | API request input | `PostableRegisterOrgAndAdmin` |
+| `Gettable<Type>` | API response output | `GettablePlannedMaintenance` |
+| `Storable<Type>` | Database model (embeds `bun.BaseModel`) | `StorablePlannedMaintenance` |
+| Plain `<Type>` | Domain logic type | `User` |
+
+Not every entity needs all four variants. Start with the plain type and add variants only when the API or database representation genuinely differs.
+
+Here is a concrete example from `pkg/types/ruletypes/maintenance.go`:
+
+```go
+// Database model embeds bun.BaseModel and composition types
+type StorablePlannedMaintenance struct {
+    bun.BaseModel `bun:"table:planned_maintenance"`
+    types.Identifiable
+    types.TimeAuditable
+    types.UserAuditable
+    Name        string    `bun:"name,type:text,notnull"`
+    Description string    `bun:"description,type:text"`
+    Schedule    *Schedule `bun:"schedule,type:text,notnull"`
+    OrgID       string    `bun:"org_id,type:text"`
+}
+
+// API response: flat struct with JSON tags, computed fields like Status
+type GettablePlannedMaintenance struct {
+    Id          string    `json:"id"`
+    Name        string    `json:"name"`
+    Description string    `json:"description"`
+    Schedule    *Schedule `json:"schedule"`
+    RuleIDs     []string  `json:"alertIds"`
+    CreatedAt   time.Time `json:"createdAt"`
+    CreatedBy   string    `json:"createdBy"`
+    UpdatedAt   time.Time `json:"updatedAt"`
+    UpdatedBy   string    `json:"updatedBy"`
+    Status      string    `json:"status"`
+    Kind        string    `json:"kind"`
+}
+```
+
+When the API shape exactly matches the domain type, use a type alias instead of duplicating fields:
+
+```go
+// From pkg/types/user.go
+type GettableUser = User
+```
+
+## Composition via embedding
+
+`pkg/types/` provides small, reusable structs that you embed into your domain types:
+
+```go
+// pkg/types/identity.go
+type Identifiable struct {
+    ID valuer.UUID `json:"id" bun:"id,pk,type:text"`
+}
+
+// pkg/types/auditable.go
+type TimeAuditable struct {
+    CreatedAt time.Time `bun:"created_at" json:"createdAt"`
+    UpdatedAt time.Time `bun:"updated_at" json:"updatedAt"`
+}
+
+type UserAuditable struct {
+    CreatedBy string `bun:"created_by,type:text" json:"createdBy"`
+    UpdatedBy string `bun:"updated_by,type:text" json:"updatedBy"`
+}
+```
+
+Compose them in a database model:
+
+```go
+type StorablePlannedMaintenance struct {
+    bun.BaseModel `bun:"table:planned_maintenance"`
+    types.Identifiable    // adds ID (UUID primary key)
+    types.TimeAuditable   // adds CreatedAt, UpdatedAt
+    types.UserAuditable   // adds CreatedBy, UpdatedBy
+    Name        string    `bun:"name,type:text,notnull"`
+    Description string    `bun:"description,type:text"`
+}
+```
+
+See [SQL](sql.md) for full database patterns including migrations and queries.
+
+## Constructors
+
+Constructors validate inputs and return a ready-to-use value:
+
+```go
+// New<Type> validates and returns a pointer + error
+func NewUser(displayName string, email valuer.Email, role Role, orgID valuer.UUID) (*User, error) {
+    if email.IsZero() {
+        return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "email is required")
+    }
+    if role == "" {
+        return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "role is required")
+    }
+    if orgID.IsZero() {
+        return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgID is required")
+    }
+
+    return &User{
+        Identifiable:  Identifiable{ID: valuer.GenerateUUID()},
+        DisplayName:   displayName,
+        Email:         email,
+        Role:          role,
+        OrgID:         orgID,
+        TimeAuditable: TimeAuditable{CreatedAt: time.Now(), UpdatedAt: time.Now()},
+    }, nil
+}
+```
+
+Follow these conventions:
+
+- **`New<Type>(args) (*Type, error)`**: validates inputs, returns an error on failure. Use this in production code.
+- **Validation at construction**: check required fields, format constraints, and invariants in the constructor. Callers should not need to validate after construction.
+- **Generate IDs internally**: constructors call `valuer.GenerateUUID()` callers do not pass IDs in.
+- **Set timestamps internally**: constructors set `CreatedAt` and `UpdatedAt` to `time.Now()`.
+
+## Typed domain values (`pkg/valuer/`)
+
+The `pkg/valuer` package provides typed wrappers for common domain values. These types carry validation, normalization, and consistent serialization (JSON, SQL, text) that raw Go primitives do not.
+
+| Type | Wraps | Invariant |
+|---|---|---|
+| `valuer.UUID` | `google/uuid.UUID` | Valid UUIDv7, generated via `GenerateUUID()` |
+| `valuer.Email` | `string` | Valid email format, lowercased and trimmed |
+| `valuer.String` | `string` | Lowercased and trimmed |
+| `valuer.TextDuration` | `time.Duration` | Valid duration, text-serializable |
+
+### When to use a valuer type
+
+Use a valuer type instead of a raw primitive when the value represents a domain concept with any of:
+
+- **Enums**: All enums in the codebase must be backed by `valuer.String`. Do not use raw `string` constants or `iota`-based `int` enums. A struct embedding `valuer.String` with predefined variables gives you normalization, serialization, and an `Enum()` method for OpenAPI schema generation in one place.
+- **Validation**: emails must match a format, UUIDs must be parseable, durations must be valid.
+- **Normalization**: `valuer.String` lowercases and trims input, so comparisons are consistent throughout the system.
+- **Serialization boundary**: the value is stored in a database, sent over the wire, or bound from an HTTP parameter. Valuer types implement `Scan`, `Value`, `MarshalJSON`, `UnmarshalJSON`, and `UnmarshalParam` consistently.
+
+```go
+// Wrong: raw string constant with no validation or normalization.
+const SignalTraces = "traces"
+
+// Right: valuer-backed type that normalizes and serializes consistently.
+type Signal struct {
+    valuer.String
+}
+
+var SignalTraces = Signal{valuer.NewString("traces")}
+```
+
+Only primitive domain types that serve as shared infrastructure belong in `pkg/valuer`. If you need a new base type (like `Email` or `TextDuration`) that multiple packages will embed for validation and serialization, add it there. Domain-specific types that build on top of a valuer (like `Signal` embedding `valuer.String`) belong in their own domain package, not in `pkg/valuer`.
+
+### The `Valuer` interface
+
+Every valuer type implements the `Valuer` interface, which gives you serialization for free:
+
+```go
+type Valuer interface {
+    IsZero() bool                        // check for zero value
+    StringValue() string                 // raw string representation
+    fmt.Stringer                         // String() for printing
+    json.Marshaler / json.Unmarshaler    // JSON
+    sql.Scanner / driver.Valuer          // database
+    encoding.TextMarshaler / TextUnmarshaler  // text
+    ginbinding.BindUnmarshaler           // HTTP query/path params
+}
+```
+
+Use them in struct fields:
+
+```go
+type User struct {
+    Identifiable
+    Email valuer.Email `bun:"email" json:"email"`
+    OrgID valuer.UUID  `bun:"org_id" json:"orgId"`
+}
+```
+
+## Wrappers must add semantics, not just rename
+
+A wrapper type is justified when it adds meaning, validation, or invariants that the underlying type does not carry. It is not justified when it merely renames fields or reorganizes the same data into a different shape.
+
+```go
+// Justified: adds validation that the underlying string does not carry.
+type OrgID struct{ value string }
+func NewOrgID(s string) (OrgID, error) { /* validates format */ }
+
+// Not justified: renames fields with no new invariant or behavior.
+type UserInfo struct {
+    Name  string // same as source.Name
+    Email string // same as source.Email
+}
+```
+
+Ask: what does the wrapper guarantee that the underlying type does not? If the answer is nothing, use the underlying type directly.
+
+## When a new type IS warranted
+
+A new type earns its place when it meets **at least one** of these criteria:
+
+- **Serialization boundary**: It must be persisted, sent over the wire, or written to config. The source type is unsuitable (unexported fields, function pointers, cycles).
+- **Invariant enforcement**: The constructor or methods enforce constraints that raw data does not carry (e.g., non-empty, validated format, bounded range).
+- **Multiple distinct consumers**: Three or more call sites use the type in meaningfully different ways. The type is the shared vocabulary between them.
+- **Dependency firewall**: The type lives in a lightweight package so that consumers avoid importing a heavy dependency.
+
+See [Abstractions](abstractions.md) for the full set of rules on when abstractions are and aren't justified.
+
+## Store interfaces
+
+Each domain type package defines a store interface for persistence. The store interface lives alongside the types it operates on:
+
+```go
+// From pkg/types/ruletypes/maintenance.go
+type MaintenanceStore interface {
+    CreatePlannedMaintenance(context.Context, GettablePlannedMaintenance) (valuer.UUID, error)
+    DeletePlannedMaintenance(context.Context, valuer.UUID) error
+    GetPlannedMaintenanceByID(context.Context, valuer.UUID) (*GettablePlannedMaintenance, error)
+    EditPlannedMaintenance(context.Context, GettablePlannedMaintenance, valuer.UUID) error
+    GetAllPlannedMaintenance(context.Context, string) ([]*GettablePlannedMaintenance, error)
+}
+```
+
+Conventions:
+
+- Name the interface `<Domain>Store` (e.g., `UserStore`, `MaintenanceStore`).
+- Accept `context.Context` as the first parameter.
+- Use typed values (`valuer.UUID`, `valuer.Email`) instead of raw strings for identifiers.
+- Implementations go in separate packages (e.g., `sqlstore/`), see [SQL](sql.md) for details.
+
+## What should I remember?
+
+- Shared types live in `pkg/types/`, domain types in `pkg/types/<domain>types/`.
+- No domain logic in type packages only data structures, constants, and simple methods.
+- Use `Storable`, `Gettable`, `Postable` prefixes when API or database representation differs from the domain type.
+- Embed `Identifiable`, `TimeAuditable`, and `UserAuditable` for standard fields instead of repeating them.
+- Constructors (`New<Type>`) validate, generate IDs, and set timestamps.
+- Use `pkg/valuer/` types instead of raw strings for domain identifiers like UUIDs and emails.
+- Store interfaces live alongside the types they persist and use `context.Context` as the first parameter.

ee/authz/openfgaauthz/provider.go

@@ -98,20 +98,16 @@ func (provider *provider) ListByOrgIDAndNames(ctx context.Context, orgID valuer.
 	return provider.pkgAuthzService.ListByOrgIDAndNames(ctx, orgID, names)
 }
 
-func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*roletypes.Role, error) {
-	return provider.pkgAuthzService.ListByOrgIDAndIDs(ctx, orgID, ids)
+func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, name string, subject string) error {
+	return provider.pkgAuthzService.Grant(ctx, orgID, name, subject)
 }
 
-func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, names []string, subject string) error {
-	return provider.pkgAuthzService.Grant(ctx, orgID, names, subject)
+func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, existingRoleName string, updatedRoleName string, subject string) error {
+	return provider.pkgAuthzService.ModifyGrant(ctx, orgID, existingRoleName, updatedRoleName, subject)
 }
 
-func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, existingRoleNames []string, updatedRoleNames []string, subject string) error {
-	return provider.pkgAuthzService.ModifyGrant(ctx, orgID, existingRoleNames, updatedRoleNames, subject)
-}
-
-func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names []string, subject string) error {
-	return provider.pkgAuthzService.Revoke(ctx, orgID, names, subject)
+func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, name string, subject string) error {
+	return provider.pkgAuthzService.Revoke(ctx, orgID, name, subject)
 }
 
 func (provider *provider) CreateManagedRoles(ctx context.Context, orgID valuer.UUID, managedRoles []*roletypes.Role) error {

frontend/.eslintrc.js

@@ -2,11 +2,7 @@
  * ESLint Configuration for SigNoz Frontend
  */
 module.exports = {
-	ignorePatterns: [
-		'src/parser/*.ts',
-		'scripts/update-registry.js',
-		'scripts/generate-permissions-type.js',
-	],
+	ignorePatterns: ['src/parser/*.ts', 'scripts/update-registry.js'],
 	env: {
 		browser: true,
 		es2021: true,

frontend/package.json

@@ -19,8 +19,7 @@
 		"commitlint": "commitlint --edit $1",
 		"test": "jest",
 		"test:changedsince": "jest --changedSince=main --coverage --silent",
-		"generate:api": "orval --config ./orval.config.ts && sh scripts/post-types-generation.sh",
-		"generate:permissions-type": "node scripts/generate-permissions-type.js"
+		"generate:api": "orval --config ./orval.config.ts && sh scripts/post-types-generation.sh"
 	},
 	"engines": {
 		"node": ">=16.15.0"

frontend/scripts/generate-permissions-type.js

@@ -1,199 +0,0 @@
-#!/usr/bin/env node
-
-const fs = require('fs');
-const path = require('path');
-const { execSync } = require('child_process');
-const axios = require('axios');
-
-const PERMISSIONS_TYPE_FILE = path.join(
-	__dirname,
-	'../src/hooks/useAuthZ/permissions.type.ts',
-);
-
-const SIGNOZ_INTEGRATION_IMAGE = 'signoz:integration';
-const LOCAL_BACKEND_URL = 'http://localhost:8080';
-
-function log(message) {
-	console.log(`[generate-permissions-type] ${message}`);
-}
-
-function getBackendUrlFromDocker() {
-	try {
-		const output = execSync(
-			`docker ps --filter "ancestor=${SIGNOZ_INTEGRATION_IMAGE}" --format "{{.Ports}}"`,
-			{ encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] },
-		).trim();
-
-		if (!output) {
-			return null;
-		}
-
-		const portMatch = output.match(/0\.0\.0\.0:(\d+)->8080\/tcp/);
-		if (portMatch) {
-			return `http://localhost:${portMatch[1]}`;
-		}
-
-		const ipv6Match = output.match(/:::(\d+)->8080\/tcp/);
-		if (ipv6Match) {
-			return `http://localhost:${ipv6Match[1]}`;
-		}
-	} catch (err) {
-		log(`Warning: Could not get port from docker: ${err.message}`);
-	}
-	return null;
-}
-
-async function checkBackendHealth(url, maxAttempts = 3, delayMs = 1000) {
-	for (let attempt = 1; attempt <= maxAttempts; attempt++) {
-		try {
-			await axios.get(`${url}/api/v1/health`, {
-				timeout: 5000,
-				validateStatus: (status) => status === 200,
-			});
-			return true;
-		} catch (err) {
-			if (attempt < maxAttempts) {
-				await new Promise((r) => setTimeout(r, delayMs));
-			}
-		}
-	}
-	return false;
-}
-
-async function discoverBackendUrl() {
-	const dockerUrl = getBackendUrlFromDocker();
-	if (dockerUrl) {
-		log(`Found ${SIGNOZ_INTEGRATION_IMAGE} container, trying ${dockerUrl}...`);
-		if (await checkBackendHealth(dockerUrl)) {
-			log(`Backend found at ${dockerUrl} (from py-test-setup)`);
-			return dockerUrl;
-		}
-		log(`Backend at ${dockerUrl} is not responding`);
-	}
-
-	log(`Trying local backend at ${LOCAL_BACKEND_URL}...`);
-	if (await checkBackendHealth(LOCAL_BACKEND_URL)) {
-		log(`Backend found at ${LOCAL_BACKEND_URL}`);
-		return LOCAL_BACKEND_URL;
-	}
-
-	return null;
-}
-
-async function fetchResources(backendUrl) {
-	log('Fetching resources from API...');
-	const resourcesUrl = `${backendUrl}/api/v1/authz/resources`;
-
-	const { data: response } = await axios.get(resourcesUrl);
-
-	return response;
-}
-
-function transformResponse(apiResponse) {
-	if (!apiResponse.data) {
-		throw new Error('Invalid API response: missing data field');
-	}
-
-	const { resources, relations } = apiResponse.data;
-
-	return {
-		status: apiResponse.status || 'success',
-		data: {
-			resources: resources,
-			relations: relations,
-		},
-	};
-}
-
-function generateTypeScriptFile(data) {
-	const resourcesStr = data.data.resources
-		.map(
-			(r) =>
-				`\t\t\t{\n\t\t\t\tname: '${r.name}',\n\t\t\t\ttype: '${r.type}',\n\t\t\t}`,
-		)
-		.join(',\n');
-
-	const relationsStr = Object.entries(data.data.relations)
-		.map(
-			([type, relations]) =>
-				`\t\t\t${type}: [${relations.map((r) => `'${r}'`).join(', ')}]`,
-		)
-		.join(',\n');
-
-	return `// AUTO GENERATED FILE - DO NOT EDIT - GENERATED BY scripts/generate-permissions-type
-export default {
-\tstatus: '${data.status}',
-\tdata: {
-\t\tresources: [
-${resourcesStr}
-\t\t],
-\t\trelations: {
-${relationsStr}
-\t\t},
-\t},
-} as const;
-`;
-}
-
-async function main() {
-	try {
-		log('Starting permissions type generation...');
-
-		const backendUrl = await discoverBackendUrl();
-
-		if (!backendUrl) {
-			console.error('\n' + '='.repeat(80));
-			console.error('ERROR: No running SigNoz backend found!');
-			console.error('='.repeat(80));
-			console.error(
-				'\nThe permissions type generator requires a running SigNoz backend.',
-			);
-			console.error('\nFor local development, start the backend with:');
-			console.error('  make go-run-enterprise');
-			console.error(
-				'\nFor CI or integration testing, start the test environment with:',
-			);
-			console.error('  make py-test-setup');
-			console.error(
-				'\nIf running in CI and seeing this error, check that the py-test-setup',
-			);
-			console.error('step completed successfully before this step runs.');
-			console.error('='.repeat(80) + '\n');
-			process.exit(1);
-		}
-
-		log('Fetching resources...');
-		const apiResponse = await fetchResources(backendUrl);
-
-		log('Transforming response...');
-		const transformed = transformResponse(apiResponse);
-
-		log('Generating TypeScript file...');
-		const content = generateTypeScriptFile(transformed);
-
-		log(`Writing to ${PERMISSIONS_TYPE_FILE}...`);
-		fs.writeFileSync(PERMISSIONS_TYPE_FILE, content, 'utf8');
-
-		const rootDir = path.join(__dirname, '../..');
-		const relativePath = path.relative(
-			path.join(rootDir, 'frontend'),
-			PERMISSIONS_TYPE_FILE,
-		);
-		log('Linting generated file...');
-		execSync(`cd frontend && yarn eslint --fix ${relativePath}`, {
-			cwd: rootDir,
-			stdio: 'inherit',
-		});
-
-		log('Successfully generated permissions.type.ts');
-	} catch (error) {
-		log(`Error: ${error.message}`);
-		process.exit(1);
-	}
-}
-
-if (require.main === module) {
-	main();
-}
-
-module.exports = { main };

frontend/src/api/generated/services/serviceaccount/index.ts

@@ -1,973 +0,0 @@
-/**
- * ! Do not edit manually
- * * The file has been auto-generated using Orval for SigNoz
- * * regenerate with 'yarn generate:api'
- * SigNoz
- */
-import type {
-	InvalidateOptions,
-	MutationFunction,
-	QueryClient,
-	QueryFunction,
-	QueryKey,
-	UseMutationOptions,
-	UseMutationResult,
-	UseQueryOptions,
-	UseQueryResult,
-} from 'react-query';
-import { useMutation, useQuery } from 'react-query';
-
-import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
-import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
-import type {
-	CreateServiceAccount201,
-	CreateServiceAccountKey201,
-	CreateServiceAccountKeyPathParameters,
-	DeleteServiceAccountPathParameters,
-	GetServiceAccount200,
-	GetServiceAccountPathParameters,
-	ListServiceAccountKeys200,
-	ListServiceAccountKeysPathParameters,
-	ListServiceAccounts200,
-	RenderErrorResponseDTO,
-	RevokeServiceAccountKeyPathParameters,
-	ServiceaccounttypesPostableFactorAPIKeyDTO,
-	ServiceaccounttypesPostableServiceAccountDTO,
-	ServiceaccounttypesUpdatableFactorAPIKeyDTO,
-	ServiceaccounttypesUpdatableServiceAccountDTO,
-	ServiceaccounttypesUpdatableServiceAccountStatusDTO,
-	UpdateServiceAccountKeyPathParameters,
-	UpdateServiceAccountPathParameters,
-	UpdateServiceAccountStatusPathParameters,
-} from '../sigNoz.schemas';
-
-type AwaitedInput<T> = PromiseLike<T> | T;
-
-type Awaited<O> = O extends AwaitedInput<infer T> ? T : never;
-
-/**
- * This endpoint lists the service accounts for an organisation
- * @summary List service accounts
- */
-export const listServiceAccounts = (signal?: AbortSignal) => {
-	return GeneratedAPIInstance<ListServiceAccounts200>({
-		url: `/api/v1/service_accounts`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getListServiceAccountsQueryKey = () => {
-	return [`/api/v1/service_accounts`] as const;
-};
-
-export const getListServiceAccountsQueryOptions = <
-	TData = Awaited<ReturnType<typeof listServiceAccounts>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof listServiceAccounts>>,
-		TError,
-		TData
-	>;
-}) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getListServiceAccountsQueryKey();
-
-	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof listServiceAccounts>>
-	> = ({ signal }) => listServiceAccounts(signal);
-
-	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
-		Awaited<ReturnType<typeof listServiceAccounts>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type ListServiceAccountsQueryResult = NonNullable<
-	Awaited<ReturnType<typeof listServiceAccounts>>
->;
-export type ListServiceAccountsQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List service accounts
- */
-
-export function useListServiceAccounts<
-	TData = Awaited<ReturnType<typeof listServiceAccounts>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof listServiceAccounts>>,
-		TError,
-		TData
-	>;
-}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getListServiceAccountsQueryOptions(options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary List service accounts
- */
-export const invalidateListServiceAccounts = async (
-	queryClient: QueryClient,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getListServiceAccountsQueryKey() },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint creates a service account
- * @summary Create service account
- */
-export const createServiceAccount = (
-	serviceaccounttypesPostableServiceAccountDTO: BodyType<ServiceaccounttypesPostableServiceAccountDTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<CreateServiceAccount201>({
-		url: `/api/v1/service_accounts`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesPostableServiceAccountDTO,
-		signal,
-	});
-};
-
-export const getCreateServiceAccountMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createServiceAccount>>,
-		TError,
-		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof createServiceAccount>>,
-	TError,
-	{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
-	TContext
-> => {
-	const mutationKey = ['createServiceAccount'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof createServiceAccount>>,
-		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return createServiceAccount(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type CreateServiceAccountMutationResult = NonNullable<
-	Awaited<ReturnType<typeof createServiceAccount>>
->;
-export type CreateServiceAccountMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
-export type CreateServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Create service account
- */
-export const useCreateServiceAccount = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createServiceAccount>>,
-		TError,
-		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof createServiceAccount>>,
-	TError,
-	{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
-	TContext
-> => {
-	const mutationOptions = getCreateServiceAccountMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint deletes an existing service account
- * @summary Deletes a service account
- */
-export const deleteServiceAccount = ({
-	id,
-}: DeleteServiceAccountPathParameters) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}`,
-		method: 'DELETE',
-	});
-};
-
-export const getDeleteServiceAccountMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof deleteServiceAccount>>,
-		TError,
-		{ pathParams: DeleteServiceAccountPathParameters },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof deleteServiceAccount>>,
-	TError,
-	{ pathParams: DeleteServiceAccountPathParameters },
-	TContext
-> => {
-	const mutationKey = ['deleteServiceAccount'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof deleteServiceAccount>>,
-		{ pathParams: DeleteServiceAccountPathParameters }
-	> = (props) => {
-		const { pathParams } = props ?? {};
-
-		return deleteServiceAccount(pathParams);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type DeleteServiceAccountMutationResult = NonNullable<
-	Awaited<ReturnType<typeof deleteServiceAccount>>
->;
-
-export type DeleteServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Deletes a service account
- */
-export const useDeleteServiceAccount = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof deleteServiceAccount>>,
-		TError,
-		{ pathParams: DeleteServiceAccountPathParameters },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof deleteServiceAccount>>,
-	TError,
-	{ pathParams: DeleteServiceAccountPathParameters },
-	TContext
-> => {
-	const mutationOptions = getDeleteServiceAccountMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint gets an existing service account
- * @summary Gets a service account
- */
-export const getServiceAccount = (
-	{ id }: GetServiceAccountPathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetServiceAccount200>({
-		url: `/api/v1/service_accounts/${id}`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetServiceAccountQueryKey = ({
-	id,
-}: GetServiceAccountPathParameters) => {
-	return [`/api/v1/service_accounts/${id}`] as const;
-};
-
-export const getGetServiceAccountQueryOptions = <
-	TData = Awaited<ReturnType<typeof getServiceAccount>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetServiceAccountPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getServiceAccount>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey =
-		queryOptions?.queryKey ?? getGetServiceAccountQueryKey({ id });
-
-	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof getServiceAccount>>
-	> = ({ signal }) => getServiceAccount({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getServiceAccount>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetServiceAccountQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getServiceAccount>>
->;
-export type GetServiceAccountQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Gets a service account
- */
-
-export function useGetServiceAccount<
-	TData = Awaited<ReturnType<typeof getServiceAccount>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetServiceAccountPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getServiceAccount>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetServiceAccountQueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Gets a service account
- */
-export const invalidateGetServiceAccount = async (
-	queryClient: QueryClient,
-	{ id }: GetServiceAccountPathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetServiceAccountQueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint updates an existing service account
- * @summary Updates a service account
- */
-export const updateServiceAccount = (
-	{ id }: UpdateServiceAccountPathParameters,
-	serviceaccounttypesUpdatableServiceAccountDTO: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>,
-) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableServiceAccountDTO,
-	});
-};
-
-export const getUpdateServiceAccountMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccount>>,
-		TError,
-		{
-			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateServiceAccount>>,
-	TError,
-	{
-		pathParams: UpdateServiceAccountPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateServiceAccount'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateServiceAccount>>,
-		{
-			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateServiceAccount(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateServiceAccountMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateServiceAccount>>
->;
-export type UpdateServiceAccountMutationBody = BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
-export type UpdateServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Updates a service account
- */
-export const useUpdateServiceAccount = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccount>>,
-		TError,
-		{
-			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateServiceAccount>>,
-	TError,
-	{
-		pathParams: UpdateServiceAccountPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateServiceAccountMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint lists the service account keys
- * @summary List service account keys
- */
-export const listServiceAccountKeys = (
-	{ id }: ListServiceAccountKeysPathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<ListServiceAccountKeys200>({
-		url: `/api/v1/service_accounts/${id}/keys`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getListServiceAccountKeysQueryKey = ({
-	id,
-}: ListServiceAccountKeysPathParameters) => {
-	return [`/api/v1/service_accounts/${id}/keys`] as const;
-};
-
-export const getListServiceAccountKeysQueryOptions = <
-	TData = Awaited<ReturnType<typeof listServiceAccountKeys>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: ListServiceAccountKeysPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof listServiceAccountKeys>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey =
-		queryOptions?.queryKey ?? getListServiceAccountKeysQueryKey({ id });
-
-	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof listServiceAccountKeys>>
-	> = ({ signal }) => listServiceAccountKeys({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof listServiceAccountKeys>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type ListServiceAccountKeysQueryResult = NonNullable<
-	Awaited<ReturnType<typeof listServiceAccountKeys>>
->;
-export type ListServiceAccountKeysQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List service account keys
- */
-
-export function useListServiceAccountKeys<
-	TData = Awaited<ReturnType<typeof listServiceAccountKeys>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: ListServiceAccountKeysPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof listServiceAccountKeys>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getListServiceAccountKeysQueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary List service account keys
- */
-export const invalidateListServiceAccountKeys = async (
-	queryClient: QueryClient,
-	{ id }: ListServiceAccountKeysPathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getListServiceAccountKeysQueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint creates a service account key
- * @summary Create a service account key
- */
-export const createServiceAccountKey = (
-	{ id }: CreateServiceAccountKeyPathParameters,
-	serviceaccounttypesPostableFactorAPIKeyDTO: BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<CreateServiceAccountKey201>({
-		url: `/api/v1/service_accounts/${id}/keys`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesPostableFactorAPIKeyDTO,
-		signal,
-	});
-};
-
-export const getCreateServiceAccountKeyMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createServiceAccountKey>>,
-		TError,
-		{
-			pathParams: CreateServiceAccountKeyPathParameters;
-			data: BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof createServiceAccountKey>>,
-	TError,
-	{
-		pathParams: CreateServiceAccountKeyPathParameters;
-		data: BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['createServiceAccountKey'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof createServiceAccountKey>>,
-		{
-			pathParams: CreateServiceAccountKeyPathParameters;
-			data: BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return createServiceAccountKey(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type CreateServiceAccountKeyMutationResult = NonNullable<
-	Awaited<ReturnType<typeof createServiceAccountKey>>
->;
-export type CreateServiceAccountKeyMutationBody = BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>;
-export type CreateServiceAccountKeyMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Create a service account key
- */
-export const useCreateServiceAccountKey = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createServiceAccountKey>>,
-		TError,
-		{
-			pathParams: CreateServiceAccountKeyPathParameters;
-			data: BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof createServiceAccountKey>>,
-	TError,
-	{
-		pathParams: CreateServiceAccountKeyPathParameters;
-		data: BodyType<ServiceaccounttypesPostableFactorAPIKeyDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getCreateServiceAccountKeyMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint revokes an existing service account key
- * @summary Revoke a service account key
- */
-export const revokeServiceAccountKey = ({
-	id,
-	fid,
-}: RevokeServiceAccountKeyPathParameters) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}/keys/${fid}`,
-		method: 'DELETE',
-	});
-};
-
-export const getRevokeServiceAccountKeyMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof revokeServiceAccountKey>>,
-		TError,
-		{ pathParams: RevokeServiceAccountKeyPathParameters },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof revokeServiceAccountKey>>,
-	TError,
-	{ pathParams: RevokeServiceAccountKeyPathParameters },
-	TContext
-> => {
-	const mutationKey = ['revokeServiceAccountKey'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof revokeServiceAccountKey>>,
-		{ pathParams: RevokeServiceAccountKeyPathParameters }
-	> = (props) => {
-		const { pathParams } = props ?? {};
-
-		return revokeServiceAccountKey(pathParams);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type RevokeServiceAccountKeyMutationResult = NonNullable<
-	Awaited<ReturnType<typeof revokeServiceAccountKey>>
->;
-
-export type RevokeServiceAccountKeyMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Revoke a service account key
- */
-export const useRevokeServiceAccountKey = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof revokeServiceAccountKey>>,
-		TError,
-		{ pathParams: RevokeServiceAccountKeyPathParameters },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof revokeServiceAccountKey>>,
-	TError,
-	{ pathParams: RevokeServiceAccountKeyPathParameters },
-	TContext
-> => {
-	const mutationOptions = getRevokeServiceAccountKeyMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint updates an existing service account key
- * @summary Updates a service account key
- */
-export const updateServiceAccountKey = (
-	{ id, fid }: UpdateServiceAccountKeyPathParameters,
-	serviceaccounttypesUpdatableFactorAPIKeyDTO: BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>,
-) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}/keys/${fid}`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableFactorAPIKeyDTO,
-	});
-};
-
-export const getUpdateServiceAccountKeyMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountKey>>,
-		TError,
-		{
-			pathParams: UpdateServiceAccountKeyPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateServiceAccountKey>>,
-	TError,
-	{
-		pathParams: UpdateServiceAccountKeyPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateServiceAccountKey'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateServiceAccountKey>>,
-		{
-			pathParams: UpdateServiceAccountKeyPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateServiceAccountKey(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateServiceAccountKeyMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateServiceAccountKey>>
->;
-export type UpdateServiceAccountKeyMutationBody = BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>;
-export type UpdateServiceAccountKeyMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Updates a service account key
- */
-export const useUpdateServiceAccountKey = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountKey>>,
-		TError,
-		{
-			pathParams: UpdateServiceAccountKeyPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateServiceAccountKey>>,
-	TError,
-	{
-		pathParams: UpdateServiceAccountKeyPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableFactorAPIKeyDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateServiceAccountKeyMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint updates an existing service account status
- * @summary Updates a service account status
- */
-export const updateServiceAccountStatus = (
-	{ id }: UpdateServiceAccountStatusPathParameters,
-	serviceaccounttypesUpdatableServiceAccountStatusDTO: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>,
-) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}/status`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableServiceAccountStatusDTO,
-	});
-};
-
-export const getUpdateServiceAccountStatusMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
-		TError,
-		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>,
-	TError,
-	{
-		pathParams: UpdateServiceAccountStatusPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateServiceAccountStatus'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
-		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateServiceAccountStatus(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateServiceAccountStatusMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>
->;
-export type UpdateServiceAccountStatusMutationBody = BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-export type UpdateServiceAccountStatusMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Updates a service account status
- */
-export const useUpdateServiceAccountStatus = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
-		TError,
-		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>,
-	TError,
-	{
-		pathParams: UpdateServiceAccountStatusPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateServiceAccountStatusMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2090,154 +2090,6 @@ export interface RoletypesRoleDTO {
 	updatedAt?: Date;
 }
 
-export interface ServiceaccounttypesFactorAPIKeyDTO {
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type integer
-	 * @minimum 0
-	 */
-	expires_at: number;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type string
-	 */
-	key: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	last_used: Date;
-	/**
-	 * @type string
-	 */
-	name?: string;
-	/**
-	 * @type string
-	 */
-	service_account_id: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-}
-
-export interface ServiceaccounttypesGettableFactorAPIKeyWithKeyDTO {
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type string
-	 */
-	key: string;
-}
-
-export interface ServiceaccounttypesPostableFactorAPIKeyDTO {
-	/**
-	 * @type integer
-	 * @minimum 0
-	 */
-	expires_at: number;
-	/**
-	 * @type string
-	 */
-	name: string;
-}
-
-export interface ServiceaccounttypesPostableServiceAccountDTO {
-	/**
-	 * @type string
-	 */
-	email: string;
-	/**
-	 * @type string
-	 */
-	name: string;
-	/**
-	 * @type array
-	 */
-	roles: string[];
-}
-
-export interface ServiceaccounttypesServiceAccountDTO {
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	email: string;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type string
-	 */
-	name: string;
-	/**
-	 * @type string
-	 */
-	orgID: string;
-	/**
-	 * @type array
-	 */
-	roles: string[];
-	/**
-	 * @type string
-	 */
-	status: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-}
-
-export interface ServiceaccounttypesUpdatableFactorAPIKeyDTO {
-	/**
-	 * @type integer
-	 * @minimum 0
-	 */
-	expires_at: number;
-	/**
-	 * @type string
-	 */
-	name: string;
-}
-
-export interface ServiceaccounttypesUpdatableServiceAccountDTO {
-	/**
-	 * @type string
-	 */
-	email: string;
-	/**
-	 * @type string
-	 */
-	name: string;
-	/**
-	 * @type array
-	 */
-	roles: string[];
-}
-
-export interface ServiceaccounttypesUpdatableServiceAccountStatusDTO {
-	/**
-	 * @type string
-	 */
-	status: string;
-}
-
 export enum TelemetrytypesFieldContextDTO {
 	metric = 'metric',
 	log = 'log',
@@ -3198,78 +3050,6 @@ export type PatchObjectsPathParameters = {
 	id: string;
 	relation: string;
 };
-export type ListServiceAccounts200 = {
-	/**
-	 * @type array
-	 */
-	data: ServiceaccounttypesServiceAccountDTO[];
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type CreateServiceAccount201 = {
-	data: TypesIdentifiableDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type DeleteServiceAccountPathParameters = {
-	id: string;
-};
-export type GetServiceAccountPathParameters = {
-	id: string;
-};
-export type GetServiceAccount200 = {
-	data: ServiceaccounttypesServiceAccountDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type UpdateServiceAccountPathParameters = {
-	id: string;
-};
-export type ListServiceAccountKeysPathParameters = {
-	id: string;
-};
-export type ListServiceAccountKeys200 = {
-	/**
-	 * @type array
-	 */
-	data: ServiceaccounttypesFactorAPIKeyDTO[];
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type CreateServiceAccountKeyPathParameters = {
-	id: string;
-};
-export type CreateServiceAccountKey201 = {
-	data: ServiceaccounttypesGettableFactorAPIKeyWithKeyDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type RevokeServiceAccountKeyPathParameters = {
-	id: string;
-	fid: string;
-};
-export type UpdateServiceAccountKeyPathParameters = {
-	id: string;
-	fid: string;
-};
-export type UpdateServiceAccountStatusPathParameters = {
-	id: string;
-};
 export type ListUsers200 = {
 	/**
 	 * @type array

frontend/src/components/GuardAuthZ/GuardAuthZ.test.tsx

@@ -1,321 +0,0 @@
-import { ReactElement } from 'react';
-import {
-	AuthtypesGettableTransactionDTO,
-	AuthtypesTransactionDTO,
-} from 'api/generated/services/sigNoz.schemas';
-import { ENVIRONMENT } from 'constants/env';
-import { BrandedPermission } from 'hooks/useAuthZ/types';
-import { buildPermission } from 'hooks/useAuthZ/utils';
-import { server } from 'mocks-server/server';
-import { rest } from 'msw';
-import { render, screen, waitFor } from 'tests/test-utils';
-
-import { GuardAuthZ } from './GuardAuthZ';
-
-const BASE_URL = ENVIRONMENT.baseURL || '';
-const AUTHZ_CHECK_URL = `${BASE_URL}/api/v1/authz/check`;
-
-function authzMockResponse(
-	payload: AuthtypesTransactionDTO[],
-	authorizedByIndex: boolean[],
-): { data: AuthtypesGettableTransactionDTO[]; status: string } {
-	return {
-		data: payload.map((txn, i) => ({
-			relation: txn.relation,
-			object: txn.object,
-			authorized: authorizedByIndex[i] ?? false,
-		})),
-		status: 'success',
-	};
-}
-
-describe('GuardAuthZ', () => {
-	const TestChild = (): ReactElement => <div>Protected Content</div>;
-	const LoadingFallback = (): ReactElement => <div>Loading...</div>;
-	const ErrorFallback = (error: Error): ReactElement => (
-		<div>Error occurred: {error.message}</div>
-	);
-	const NoPermissionFallback = (_response: {
-		requiredPermissionName: BrandedPermission;
-	}): ReactElement => <div>Access denied</div>;
-	const NoPermissionFallbackWithSuggestions = (response: {
-		requiredPermissionName: BrandedPermission;
-	}): ReactElement => (
-		<div>
-			Access denied. Required permission: {response.requiredPermissionName}
-		</div>
-	);
-
-	it('should render children when permission is granted', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		render(
-			<GuardAuthZ relation="read" object="dashboard:*">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(screen.getByText('Protected Content')).toBeInTheDocument();
-		});
-	});
-
-	it('should render fallbackOnLoading when loading', () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (_req, res, ctx) => {
-				return res(
-					ctx.delay('infinite'),
-					ctx.status(200),
-					ctx.json({ data: [], status: 'success' }),
-				);
-			}),
-		);
-
-		render(
-			<GuardAuthZ
-				relation="read"
-				object="dashboard:*"
-				fallbackOnLoading={<LoadingFallback />}
-			>
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		expect(screen.getByText('Loading...')).toBeInTheDocument();
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should render null when loading and no fallbackOnLoading provided', () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (_req, res, ctx) => {
-				return res(
-					ctx.delay('infinite'),
-					ctx.status(200),
-					ctx.json({ data: [], status: 'success' }),
-				);
-			}),
-		);
-
-		const { container } = render(
-			<GuardAuthZ relation="read" object="dashboard:*">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		expect(container.firstChild).toBeNull();
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should render fallbackOnError when API error occurs', async () => {
-		const errorMessage = 'Internal Server Error';
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(500), ctx.json({ error: errorMessage }));
-			}),
-		);
-
-		render(
-			<GuardAuthZ
-				relation="read"
-				object="dashboard:*"
-				fallbackOnError={ErrorFallback}
-			>
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(screen.getByText(/Error occurred:/)).toBeInTheDocument();
-		});
-
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should pass error object to fallbackOnError function', async () => {
-		const errorMessage = 'Network request failed';
-		let receivedError: Error | null = null;
-
-		const errorFallbackWithCapture = (error: Error): ReactElement => {
-			receivedError = error;
-			return <div>Captured error: {error.message}</div>;
-		};
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(500), ctx.json({ error: errorMessage }));
-			}),
-		);
-
-		render(
-			<GuardAuthZ
-				relation="read"
-				object="dashboard:*"
-				fallbackOnError={errorFallbackWithCapture}
-			>
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(receivedError).not.toBeNull();
-		});
-
-		expect(receivedError).toBeInstanceOf(Error);
-		expect(screen.getByText(/Captured error:/)).toBeInTheDocument();
-	});
-
-	it('should render null when error occurs and no fallbackOnError provided', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(500), ctx.json({ error: 'Internal Server Error' }));
-			}),
-		);
-
-		const { container } = render(
-			<GuardAuthZ relation="read" object="dashboard:*">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(container.firstChild).toBeNull();
-		});
-
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should render fallbackOnNoPermissions when permission is denied', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [false])));
-			}),
-		);
-
-		render(
-			<GuardAuthZ
-				relation="update"
-				object="dashboard:123"
-				fallbackOnNoPermissions={NoPermissionFallback}
-			>
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(screen.getByText('Access denied')).toBeInTheDocument();
-		});
-
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should render null when permission is denied and no fallbackOnNoPermissions provided', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [false])));
-			}),
-		);
-
-		const { container } = render(
-			<GuardAuthZ relation="update" object="dashboard:123">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(container.firstChild).toBeNull();
-		});
-
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should render null when permissions object is null', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(200), ctx.json({ data: [], status: 'success' }));
-			}),
-		);
-
-		const { container } = render(
-			<GuardAuthZ relation="read" object="dashboard:*">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(container.firstChild).toBeNull();
-		});
-
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should pass requiredPermissionName to fallbackOnNoPermissions', async () => {
-		const permission = buildPermission('update', 'dashboard:123');
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [false])));
-			}),
-		);
-
-		render(
-			<GuardAuthZ
-				relation="update"
-				object="dashboard:123"
-				fallbackOnNoPermissions={NoPermissionFallbackWithSuggestions}
-			>
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(
-				screen.getByText(/Access denied. Required permission:/),
-			).toBeInTheDocument();
-		});
-
-		expect(
-			screen.getAllByText(
-				new RegExp(permission.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')),
-			).length,
-		).toBeGreaterThan(0);
-		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
-	});
-
-	it('should handle different relation and object combinations', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const { rerender } = render(
-			<GuardAuthZ relation="read" object="dashboard:*">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(screen.getByText('Protected Content')).toBeInTheDocument();
-		});
-
-		rerender(
-			<GuardAuthZ relation="delete" object="dashboard:456">
-				<TestChild />
-			</GuardAuthZ>,
-		);
-
-		await waitFor(() => {
-			expect(screen.getByText('Protected Content')).toBeInTheDocument();
-		});
-	});
-});

frontend/src/components/GuardAuthZ/GuardAuthZ.tsx

@@ -1,50 +0,0 @@
-import { ReactElement } from 'react';
-import {
-	AuthZObject,
-	AuthZRelation,
-	BrandedPermission,
-} from 'hooks/useAuthZ/types';
-import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
-import { buildPermission } from 'hooks/useAuthZ/utils';
-
-export type GuardAuthZProps<R extends AuthZRelation> = {
-	children: ReactElement;
-	relation: R;
-	object: AuthZObject<R>;
-	fallbackOnLoading?: JSX.Element;
-	fallbackOnError?: (error: Error) => JSX.Element;
-	fallbackOnNoPermissions?: (response: {
-		requiredPermissionName: BrandedPermission;
-	}) => JSX.Element;
-};
-
-export function GuardAuthZ<R extends AuthZRelation>({
-	children,
-	relation,
-	object,
-	fallbackOnLoading,
-	fallbackOnError,
-	fallbackOnNoPermissions,
-}: GuardAuthZProps<R>): JSX.Element | null {
-	const permission = buildPermission<R>(relation, object);
-
-	const { permissions, isLoading, error } = useAuthZ([permission]);
-
-	if (isLoading) {
-		return fallbackOnLoading ?? null;
-	}
-
-	if (error) {
-		return fallbackOnError?.(error) ?? null;
-	}
-
-	if (!permissions?.[permission]?.isGranted) {
-		return (
-			fallbackOnNoPermissions?.({
-				requiredPermissionName: permission,
-			}) ?? null
-		);
-	}
-
-	return children;
-}

frontend/src/components/createGuardedRoute/createGuardedRoute.styles.scss

@@ -1,41 +0,0 @@
-.guard-authz-error-no-authz {
-	display: flex;
-	align-items: center;
-	justify-content: center;
-
-	width: 100%;
-	height: 100%;
-
-	padding: 24px;
-
-	.guard-authz-error-no-authz-content {
-		display: flex;
-		flex-direction: column;
-		justify-content: flex-start;
-		gap: 8px;
-		max-width: 500px;
-	}
-
-	img {
-		width: 32px;
-		height: 32px;
-	}
-
-	h3 {
-		font-size: 18px;
-		color: var(--l1-foreground);
-		line-height: 18px;
-	}
-
-	p {
-		font-size: 14px;
-		color: var(--l3-foreground);
-		line-height: 18px;
-
-		span {
-			background-color: var(--l3-background);
-			white-space: nowrap;
-			padding: 0 2px;
-		}
-	}
-}

frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx

@@ -1,472 +0,0 @@
-import { ReactElement } from 'react';
-import type { RouteComponentProps } from 'react-router-dom';
-import {
-	AuthtypesGettableTransactionDTO,
-	AuthtypesTransactionDTO,
-} from 'api/generated/services/sigNoz.schemas';
-import { ENVIRONMENT } from 'constants/env';
-import { server } from 'mocks-server/server';
-import { rest } from 'msw';
-import { render, screen, waitFor } from 'tests/test-utils';
-
-import { createGuardedRoute } from './createGuardedRoute';
-
-const BASE_URL = ENVIRONMENT.baseURL || '';
-const AUTHZ_CHECK_URL = `${BASE_URL}/api/v1/authz/check`;
-
-function authzMockResponse(
-	payload: AuthtypesTransactionDTO[],
-	authorizedByIndex: boolean[],
-): { data: AuthtypesGettableTransactionDTO[]; status: string } {
-	return {
-		data: payload.map((txn, i) => ({
-			relation: txn.relation,
-			object: txn.object,
-			authorized: authorizedByIndex[i] ?? false,
-		})),
-		status: 'success',
-	};
-}
-
-describe('createGuardedRoute', () => {
-	const TestComponent = ({ testProp }: { testProp: string }): ReactElement => (
-		<div>Test Component: {testProp}</div>
-	);
-
-	it('should render component when permission is granted', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'read',
-			'dashboard:*',
-		);
-
-		const mockMatch = {
-			params: {},
-			isExact: true,
-			path: '/dashboard',
-			url: '/dashboard',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
-		});
-	});
-
-	it('should substitute route parameters in object string', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'read',
-			'dashboard:{id}',
-		);
-
-		const mockMatch = {
-			params: { id: '123' },
-			isExact: true,
-			path: '/dashboard/:id',
-			url: '/dashboard/123',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
-		});
-	});
-
-	it('should handle multiple route parameters', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = (await req.json()) as AuthtypesTransactionDTO[];
-				const txn = payload[0];
-				const responseData: AuthtypesGettableTransactionDTO[] = [
-					{
-						relation: txn.relation,
-						object: {
-							resource: {
-								name: txn.object.resource.name,
-								type: txn.object.resource.type,
-							},
-							selector: '123:456',
-						},
-						authorized: true,
-					},
-				];
-				return res(
-					ctx.status(200),
-					ctx.json({ data: responseData, status: 'success' }),
-				);
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'update',
-			'dashboard:{id}:{version}',
-		);
-
-		const mockMatch = {
-			params: { id: '123', version: '456' },
-			isExact: true,
-			path: '/dashboard/:id/:version',
-			url: '/dashboard/123/456',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
-		});
-	});
-
-	it('should keep placeholder when route parameter is missing', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'read',
-			'dashboard:{id}',
-		);
-
-		const mockMatch = {
-			params: {},
-			isExact: true,
-			path: '/dashboard',
-			url: '/dashboard',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
-		});
-	});
-
-	it('should render loading fallback when loading', () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (_req, res, ctx) => {
-				return res(
-					ctx.delay('infinite'),
-					ctx.status(200),
-					ctx.json({ data: [], status: 'success' }),
-				);
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'read',
-			'dashboard:*',
-		);
-
-		const mockMatch = {
-			params: {},
-			isExact: true,
-			path: '/dashboard',
-			url: '/dashboard',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		expect(screen.getByText('SigNoz')).toBeInTheDocument();
-		expect(
-			screen.queryByText('Test Component: test-value'),
-		).not.toBeInTheDocument();
-	});
-
-	it('should render error fallback when API error occurs', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(500), ctx.json({ error: 'Internal Server Error' }));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'read',
-			'dashboard:*',
-		);
-
-		const mockMatch = {
-			params: {},
-			isExact: true,
-			path: '/dashboard',
-			url: '/dashboard',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText(/Something went wrong/i)).toBeInTheDocument();
-		});
-
-		expect(
-			screen.queryByText('Test Component: test-value'),
-		).not.toBeInTheDocument();
-	});
-
-	it('should render no permissions fallback when permission is denied', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [false])));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'update',
-			'dashboard:{id}',
-		);
-
-		const mockMatch = {
-			params: { id: '123' },
-			isExact: true,
-			path: '/dashboard/:id',
-			url: '/dashboard/123',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			const heading = document.querySelector('h3');
-			expect(heading).toBeInTheDocument();
-			expect(heading?.textContent).toMatch(/permission to view/i);
-		});
-
-		expect(screen.getByText('update')).toBeInTheDocument();
-		expect(screen.getByText('dashboard:123')).toBeInTheDocument();
-		expect(
-			screen.queryByText('Test Component: test-value'),
-		).not.toBeInTheDocument();
-	});
-
-	it('should pass all props to wrapped component', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const ComponentWithMultipleProps = ({
-			prop1,
-			prop2,
-			prop3,
-		}: {
-			prop1: string;
-			prop2: number;
-			prop3: boolean;
-		}): ReactElement => (
-			<div>
-				{prop1} - {prop2} - {prop3.toString()}
-			</div>
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			ComponentWithMultipleProps,
-			'read',
-			'dashboard:*',
-		);
-
-		const mockMatch = {
-			params: {},
-			isExact: true,
-			path: '/dashboard',
-			url: '/dashboard',
-		};
-
-		const props = {
-			prop1: 'value1',
-			prop2: 42,
-			prop3: true,
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('value1 - 42 - true')).toBeInTheDocument();
-		});
-	});
-
-	it('should memoize resolved object based on route params', async () => {
-		let requestCount = 0;
-		const requestedObjects: string[] = [];
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				requestCount++;
-				const payload = (await req.json()) as AuthtypesTransactionDTO[];
-				const obj = payload[0]?.object;
-				const name = obj?.resource?.name;
-				const selector = obj?.selector ?? '*';
-				const objectStr =
-					obj?.resource?.type === 'metaresources' ? name : `${name}:${selector}`;
-				requestedObjects.push(objectStr ?? '');
-
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'read',
-			'dashboard:{id}',
-		);
-
-		const mockMatch1 = {
-			params: { id: '123' },
-			isExact: true,
-			path: '/dashboard/:id',
-			url: '/dashboard/123',
-		};
-
-		const props1 = {
-			testProp: 'test-value-1',
-			match: mockMatch1,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		const { unmount } = render(<GuardedComponent {...props1} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value-1')).toBeInTheDocument();
-		});
-
-		expect(requestCount).toBe(1);
-		expect(requestedObjects).toContain('dashboard:123');
-
-		unmount();
-
-		const mockMatch2 = {
-			params: { id: '456' },
-			isExact: true,
-			path: '/dashboard/:id',
-			url: '/dashboard/456',
-		};
-
-		const props2 = {
-			testProp: 'test-value-2',
-			match: mockMatch2,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props2} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value-2')).toBeInTheDocument();
-		});
-
-		expect(requestCount).toBe(2);
-		expect(requestedObjects).toContain('dashboard:456');
-	});
-
-	it('should handle different relation types', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-			}),
-		);
-
-		const GuardedComponent = createGuardedRoute(
-			TestComponent,
-			'delete',
-			'dashboard:{id}',
-		);
-
-		const mockMatch = {
-			params: { id: '789' },
-			isExact: true,
-			path: '/dashboard/:id',
-			url: '/dashboard/789',
-		};
-
-		const props = {
-			testProp: 'test-value',
-			match: mockMatch,
-			location: ({} as unknown) as RouteComponentProps['location'],
-			history: ({} as unknown) as RouteComponentProps['history'],
-		};
-
-		render(<GuardedComponent {...props} />);
-
-		await waitFor(() => {
-			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
-		});
-	});
-});

frontend/src/components/createGuardedRoute/createGuardedRoute.tsx

@@ -1,73 +0,0 @@
-import { ComponentType, ReactElement, useMemo } from 'react';
-import { RouteComponentProps } from 'react-router-dom';
-import {
-	AuthZObject,
-	AuthZRelation,
-	BrandedPermission,
-} from 'hooks/useAuthZ/types';
-import { parsePermission } from 'hooks/useAuthZ/utils';
-
-import ErrorBoundaryFallback from '../../pages/ErrorBoundaryFallback/ErrorBoundaryFallback';
-import AppLoading from '../AppLoading/AppLoading';
-import { GuardAuthZ } from '../GuardAuthZ/GuardAuthZ';
-
-import './createGuardedRoute.styles.scss';
-
-const onErrorFallback = (): JSX.Element => <ErrorBoundaryFallback />;
-
-function OnNoPermissionsFallback(response: {
-	requiredPermissionName: BrandedPermission;
-}): ReactElement {
-	const { relation, object } = parsePermission(response.requiredPermissionName);
-
-	return (
-		<div className="guard-authz-error-no-authz">
-			<div className="guard-authz-error-no-authz-content">
-				<img src="/Icons/no-data.svg" alt="No permission" />
-				<h3>Uh-oh! You don’t have permission to view this page.</h3>
-				<p>
-					You need the following permission to view this page:
-					<br />
-					Relation: <span>{relation}</span>
-					<br />
-					Object: <span>{object}</span>
-					<br />
-					Ask your SigNoz administrator to grant access.
-				</p>
-			</div>
-		</div>
-	);
-}
-
-// eslint-disable-next-line @typescript-eslint/ban-types
-export function createGuardedRoute<P extends object, R extends AuthZRelation>(
-	Component: ComponentType<P>,
-	relation: R,
-	object: AuthZObject<R>,
-): ComponentType<P & RouteComponentProps<Record<string, string>>> {
-	return function GuardedRouteComponent(
-		props: P & RouteComponentProps<Record<string, string>>,
-	): ReactElement {
-		const resolvedObject = useMemo(() => {
-			const paramPattern = /\{([^}]+)\}/g;
-			return object.replace(paramPattern, (match, paramName) => {
-				const paramValue = props.match?.params?.[paramName];
-				return paramValue !== undefined ? paramValue : match;
-			}) as AuthZObject<R>;
-		}, [props.match?.params]);
-
-		return (
-			<GuardAuthZ
-				relation={relation}
-				object={resolvedObject}
-				fallbackOnLoading={<AppLoading />}
-				fallbackOnError={onErrorFallback}
-				fallbackOnNoPermissions={(response): ReactElement => (
-					<OnNoPermissionsFallback {...response} />
-				)}
-			>
-				<Component {...props} />
-			</GuardAuthZ>
-		);
-	};
-}

frontend/src/hooks/useAuthZ/permissions.type.ts

@@ -1,23 +0,0 @@
-// AUTO GENERATED FILE - DO NOT EDIT - GENERATED BY scripts/generate-permissions-type
-export default {
-	status: 'success',
-	data: {
-		resources: [
-			{
-				name: 'dashboard',
-				type: 'metaresource',
-			},
-			{
-				name: 'dashboards',
-				type: 'metaresources',
-			},
-		],
-		relations: {
-			create: ['metaresources'],
-			delete: ['user', 'role', 'organization', 'metaresource'],
-			list: ['metaresources'],
-			read: ['user', 'role', 'organization', 'metaresource'],
-			update: ['user', 'role', 'organization', 'metaresource'],
-		},
-	},
-} as const;

frontend/src/hooks/useAuthZ/types.ts

@@ -1,57 +0,0 @@
-import permissionsType from './permissions.type';
-import { ObjectSeparator } from './utils';
-
-type PermissionsData = typeof permissionsType.data;
-export type Resource = PermissionsData['resources'][number];
-export type ResourceName = Resource['name'];
-export type ResourceType = Resource['type'];
-
-type RelationsByType = PermissionsData['relations'];
-
-type ResourceTypeMap = {
-	[K in ResourceName]: Extract<Resource, { name: K }>['type'];
-};
-
-type RelationName = keyof RelationsByType;
-
-type ResourcesForRelation<R extends RelationName> = Extract<
-	Resource,
-	{ type: RelationsByType[R][number] }
->['name'];
-
-type IsPluralResource<
-	R extends ResourceName
-> = ResourceTypeMap[R] extends 'metaresources' ? true : false;
-
-type ObjectForResource<R extends ResourceName> = R extends infer U
-	? U extends ResourceName
-		? IsPluralResource<U> extends true
-			? U
-			: `${U}${typeof ObjectSeparator}${string}`
-		: never
-	: never;
-
-type RelationToObject<R extends RelationName> = ObjectForResource<
-	ResourcesForRelation<R>
->;
-
-type AllRelations = RelationName;
-
-export type AuthZRelation = AllRelations;
-export type AuthZResource = ResourceName;
-export type AuthZObject<R extends AuthZRelation> = RelationToObject<R>;
-
-export type BrandedPermission = string & { __brandedPermission: true };
-
-export type AuthZCheckResponse = Record<
-	BrandedPermission,
-	{
-		isGranted: boolean;
-	}
->;
-
-export type UseAuthZResult = {
-	isLoading: boolean;
-	error: Error | null;
-	permissions: AuthZCheckResponse | null;
-};

frontend/src/hooks/useAuthZ/useAuthZ.test.tsx

@@ -1,496 +0,0 @@
-import { ReactElement } from 'react';
-import { renderHook, waitFor } from '@testing-library/react';
-import {
-	AuthtypesGettableTransactionDTO,
-	AuthtypesTransactionDTO,
-} from 'api/generated/services/sigNoz.schemas';
-import { ENVIRONMENT } from 'constants/env';
-import { server } from 'mocks-server/server';
-import { rest } from 'msw';
-import { AllTheProviders } from 'tests/test-utils';
-
-import { BrandedPermission } from './types';
-import { useAuthZ } from './useAuthZ';
-import { buildPermission } from './utils';
-
-const BASE_URL = ENVIRONMENT.baseURL || '';
-const AUTHZ_CHECK_URL = `${BASE_URL}/api/v1/authz/check`;
-
-function authzMockResponse(
-	payload: AuthtypesTransactionDTO[],
-	authorizedByIndex: boolean[],
-): { data: AuthtypesGettableTransactionDTO[]; status: string } {
-	return {
-		data: payload.map((txn, i) => ({
-			relation: txn.relation,
-			object: txn.object,
-			authorized: authorizedByIndex[i] ?? false,
-		})),
-		status: 'success',
-	};
-}
-
-const wrapper = ({ children }: { children: ReactElement }): ReactElement => (
-	<AllTheProviders>{children}</AllTheProviders>
-);
-
-describe('useAuthZ', () => {
-	it('should fetch and return permissions successfully', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-
-		const expectedResponse = {
-			[permission1]: {
-				isGranted: true,
-			},
-			[permission2]: {
-				isGranted: false,
-			},
-		};
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [true, false])),
-				);
-			}),
-		);
-
-		const { result } = renderHook(() => useAuthZ([permission1, permission2]), {
-			wrapper,
-		});
-
-		expect(result.current.isLoading).toBe(true);
-		expect(result.current.permissions).toBeNull();
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(result.current.error).toBeNull();
-		expect(result.current.permissions).toEqual(expectedResponse);
-	});
-
-	it('should handle API errors', async () => {
-		const permission = buildPermission('read', 'dashboard:*');
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(500), ctx.json({ error: 'Internal Server Error' }));
-			}),
-		);
-
-		const { result } = renderHook(() => useAuthZ([permission]), {
-			wrapper,
-		});
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(result.current.error).not.toBeNull();
-		expect(result.current.permissions).toBeNull();
-	});
-
-	it('should refetch when permissions array changes', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-		const permission3 = buildPermission('delete', 'dashboard:456');
-
-		let requestCount = 0;
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				requestCount++;
-				const payload = await req.json();
-
-				if (payload.length === 1) {
-					return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
-				}
-
-				const authorized = payload.map(
-					(txn: { relation: string }) =>
-						txn.relation === 'read' || txn.relation === 'delete',
-				);
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, authorized)),
-				);
-			}),
-		);
-
-		const { result, rerender } = renderHook<
-			ReturnType<typeof useAuthZ>,
-			BrandedPermission[]
-		>((permissions) => useAuthZ(permissions), {
-			wrapper,
-			initialProps: [permission1],
-		});
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(requestCount).toBe(1);
-		expect(result.current.permissions).toEqual({
-			[permission1]: {
-				isGranted: true,
-			},
-		});
-
-		rerender([permission1, permission2, permission3]);
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(requestCount).toBe(2);
-		expect(result.current.permissions).toEqual({
-			[permission1]: {
-				isGranted: true,
-			},
-			[permission2]: {
-				isGranted: false,
-			},
-			[permission3]: {
-				isGranted: true,
-			},
-		});
-	});
-
-	it('should not refetch when permissions array order changes but content is the same', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-
-		let requestCount = 0;
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				requestCount++;
-				const payload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [true, false])),
-				);
-			}),
-		);
-
-		const { result, rerender } = renderHook<
-			ReturnType<typeof useAuthZ>,
-			BrandedPermission[]
-		>((permissions) => useAuthZ(permissions), {
-			wrapper,
-			initialProps: [permission1, permission2],
-		});
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(requestCount).toBe(1);
-
-		rerender([permission2, permission1]);
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(requestCount).toBe(1);
-	});
-
-	it('should handle empty permissions array', async () => {
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
-				return res(ctx.status(200), ctx.json({ data: [], status: 'success' }));
-			}),
-		);
-
-		const { result } = renderHook(() => useAuthZ([]), {
-			wrapper,
-		});
-
-		expect(result.current.isLoading).toBe(false);
-		expect(result.current.error).toBeNull();
-		expect(result.current.permissions).toEqual({});
-	});
-
-	it('should send correct payload format to API', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-
-		let receivedPayload: any = null;
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				receivedPayload = await req.json();
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(receivedPayload, [true, false])),
-				);
-			}),
-		);
-
-		const { result } = renderHook(() => useAuthZ([permission1, permission2]), {
-			wrapper,
-		});
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(receivedPayload).toHaveLength(2);
-		expect(receivedPayload[0]).toMatchObject({
-			relation: 'read',
-			object: {
-				resource: { name: 'dashboard', type: 'metaresource' },
-				selector: '*',
-			},
-		});
-		expect(receivedPayload[1]).toMatchObject({
-			relation: 'update',
-			object: {
-				resource: { name: 'dashboard', type: 'metaresource' },
-				selector: '123',
-			},
-		});
-	});
-
-	it('should batch multiple hooks into single flight request', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-		const permission3 = buildPermission('delete', 'dashboard:456');
-
-		let requestCount = 0;
-		const receivedPayloads: any[] = [];
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				requestCount++;
-				const payload = await req.json();
-				receivedPayloads.push(payload);
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, [true, false, true])),
-				);
-			}),
-		);
-
-		const { result: result1 } = renderHook(() => useAuthZ([permission1]), {
-			wrapper,
-		});
-
-		const { result: result2 } = renderHook(() => useAuthZ([permission2]), {
-			wrapper,
-		});
-
-		const { result: result3 } = renderHook(() => useAuthZ([permission3]), {
-			wrapper,
-		});
-
-		await waitFor(
-			() => {
-				expect(result1.current.isLoading).toBe(false);
-				expect(result2.current.isLoading).toBe(false);
-				expect(result3.current.isLoading).toBe(false);
-			},
-			{ timeout: 200 },
-		);
-
-		expect(requestCount).toBe(1);
-		expect(receivedPayloads).toHaveLength(1);
-		expect(receivedPayloads[0]).toHaveLength(3);
-		expect(receivedPayloads[0][0]).toMatchObject({
-			relation: 'read',
-			object: {
-				resource: { name: 'dashboard', type: 'metaresource' },
-				selector: '*',
-			},
-		});
-		expect(receivedPayloads[0][1]).toMatchObject({
-			relation: 'update',
-			object: { resource: { name: 'dashboard' }, selector: '123' },
-		});
-		expect(receivedPayloads[0][2]).toMatchObject({
-			relation: 'delete',
-			object: { resource: { name: 'dashboard' }, selector: '456' },
-		});
-
-		expect(result1.current.permissions).toEqual({
-			[permission1]: { isGranted: true },
-		});
-		expect(result2.current.permissions).toEqual({
-			[permission2]: { isGranted: false },
-		});
-		expect(result3.current.permissions).toEqual({
-			[permission3]: { isGranted: true },
-		});
-	});
-
-	it('should create separate batches for calls after single flight window', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-		const permission3 = buildPermission('delete', 'dashboard:456');
-
-		let requestCount = 0;
-		const receivedPayloads: any[] = [];
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				requestCount++;
-				const payload = await req.json();
-				receivedPayloads.push(payload);
-				const authorized = payload.length === 1 ? [true] : [false, true];
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, authorized)),
-				);
-			}),
-		);
-
-		const { result: result1 } = renderHook(() => useAuthZ([permission1]), {
-			wrapper,
-		});
-
-		await waitFor(
-			() => {
-				expect(result1.current.isLoading).toBe(false);
-			},
-			{ timeout: 200 },
-		);
-
-		expect(requestCount).toBe(1);
-		expect(receivedPayloads[0]).toHaveLength(1);
-
-		await new Promise((resolve) => setTimeout(resolve, 100));
-
-		const { result: result2 } = renderHook(() => useAuthZ([permission2]), {
-			wrapper,
-		});
-
-		const { result: result3 } = renderHook(() => useAuthZ([permission3]), {
-			wrapper,
-		});
-
-		await waitFor(
-			() => {
-				expect(result2.current.isLoading).toBe(false);
-				expect(result3.current.isLoading).toBe(false);
-			},
-			{ timeout: 200 },
-		);
-
-		expect(requestCount).toBe(2);
-		expect(receivedPayloads).toHaveLength(2);
-		expect(receivedPayloads[1]).toHaveLength(2);
-		expect(receivedPayloads[1][0]).toMatchObject({
-			relation: 'update',
-			object: { resource: { name: 'dashboard' }, selector: '123' },
-		});
-		expect(receivedPayloads[1][1]).toMatchObject({
-			relation: 'delete',
-			object: { resource: { name: 'dashboard' }, selector: '456' },
-		});
-	});
-
-	it('should map permissions correctly when API returns response out of order', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-		const permission3 = buildPermission('delete', 'dashboard:456');
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				const payload = await req.json();
-				const reversed = [...payload].reverse();
-				const authorizedByReversed = [true, false, true];
-				return res(
-					ctx.status(200),
-					ctx.json({
-						data: reversed.map((txn: any, i: number) => ({
-							relation: txn.relation,
-							object: txn.object,
-							authorized: authorizedByReversed[i],
-						})),
-						status: 'success',
-					}),
-				);
-			}),
-		);
-
-		const { result } = renderHook(
-			() => useAuthZ([permission1, permission2, permission3]),
-			{ wrapper },
-		);
-
-		await waitFor(() => {
-			expect(result.current.isLoading).toBe(false);
-		});
-
-		expect(result.current.permissions).toEqual({
-			[permission1]: { isGranted: true },
-			[permission2]: { isGranted: false },
-			[permission3]: { isGranted: true },
-		});
-	});
-
-	it('should not leak state between separate batches', async () => {
-		const permission1 = buildPermission('read', 'dashboard:*');
-		const permission2 = buildPermission('update', 'dashboard:123');
-
-		let requestCount = 0;
-
-		server.use(
-			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
-				requestCount++;
-				const payload = await req.json();
-				const authorized = payload.map(
-					(txn: { relation: string }) => txn.relation === 'read',
-				);
-				return res(
-					ctx.status(200),
-					ctx.json(authzMockResponse(payload, authorized)),
-				);
-			}),
-		);
-
-		const { result: result1 } = renderHook(() => useAuthZ([permission1]), {
-			wrapper,
-		});
-
-		await waitFor(
-			() => {
-				expect(result1.current.isLoading).toBe(false);
-			},
-			{ timeout: 200 },
-		);
-
-		expect(requestCount).toBe(1);
-		expect(result1.current.permissions).toEqual({
-			[permission1]: { isGranted: true },
-		});
-
-		await new Promise((resolve) => setTimeout(resolve, 100));
-
-		const { result: result2 } = renderHook(() => useAuthZ([permission2]), {
-			wrapper,
-		});
-
-		await waitFor(
-			() => {
-				expect(result2.current.isLoading).toBe(false);
-			},
-			{ timeout: 200 },
-		);
-
-		expect(requestCount).toBe(2);
-		expect(result1.current.permissions).toEqual({
-			[permission1]: { isGranted: true },
-		});
-		expect(result2.current.permissions).toEqual({
-			[permission2]: { isGranted: false },
-		});
-		expect(result1.current.permissions).not.toHaveProperty(permission2);
-		expect(result2.current.permissions).not.toHaveProperty(permission1);
-	});
-});

frontend/src/hooks/useAuthZ/useAuthZ.tsx

@@ -1,129 +0,0 @@
-import { useMemo } from 'react';
-import { useQueries } from 'react-query';
-import { authzCheck } from 'api/generated/services/authz';
-import type {
-	AuthtypesObjectDTO,
-	AuthtypesTransactionDTO,
-} from 'api/generated/services/sigNoz.schemas';
-
-import { AuthZCheckResponse, BrandedPermission, UseAuthZResult } from './types';
-import {
-	gettableTransactionToPermission,
-	permissionToTransactionDto,
-} from './utils';
-
-let ctx: Promise<AuthZCheckResponse> | null;
-let pendingPermissions: BrandedPermission[] = [];
-const SINGLE_FLIGHT_WAIT_TIME_MS = 50;
-const AUTHZ_CACHE_TIME = 20_000;
-
-function dispatchPermission(
-	permission: BrandedPermission,
-): Promise<AuthZCheckResponse> {
-	pendingPermissions.push(permission);
-
-	if (!ctx) {
-		let resolve: (v: AuthZCheckResponse) => void, reject: (reason?: any) => void;
-		ctx = new Promise<AuthZCheckResponse>((r, re) => {
-			resolve = r;
-			reject = re;
-		});
-
-		setTimeout(() => {
-			const copiedPermissions = pendingPermissions.slice();
-			pendingPermissions = [];
-			ctx = null;
-
-			fetchManyPermissions(copiedPermissions).then(resolve).catch(reject);
-		}, SINGLE_FLIGHT_WAIT_TIME_MS);
-	}
-
-	return ctx;
-}
-
-async function fetchManyPermissions(
-	permissions: BrandedPermission[],
-): Promise<AuthZCheckResponse> {
-	const payload: AuthtypesTransactionDTO[] = permissions.map((permission) => {
-		const dto = permissionToTransactionDto(permission);
-		const object: AuthtypesObjectDTO = {
-			resource: {
-				name: dto.object.resource.name,
-				type: dto.object.resource.type,
-			},
-			selector: dto.object.selector,
-		};
-		return { relation: dto.relation, object };
-	});
-
-	const { data } = await authzCheck(payload);
-
-	const fromApi = (data ?? []).reduce<AuthZCheckResponse>((acc, item) => {
-		const permission = gettableTransactionToPermission(item);
-		acc[permission] = { isGranted: !!item.authorized };
-		return acc;
-	}, {} as AuthZCheckResponse);
-
-	return permissions.reduce<AuthZCheckResponse>((acc, permission) => {
-		acc[permission] = fromApi[permission] ?? { isGranted: false };
-		return acc;
-	}, {} as AuthZCheckResponse);
-}
-
-export function useAuthZ(permissions: BrandedPermission[]): UseAuthZResult {
-	const queryResults = useQueries(
-		permissions.map((permission) => {
-			return {
-				queryKey: ['authz', permission],
-				cacheTime: AUTHZ_CACHE_TIME,
-				refetchOnMount: false,
-				refetchIntervalInBackground: false,
-				refetchOnWindowFocus: false,
-				refetchOnReconnect: true,
-				queryFn: async (): Promise<AuthZCheckResponse> => {
-					const response = await dispatchPermission(permission);
-
-					return {
-						[permission]: {
-							isGranted: response[permission].isGranted,
-						},
-					};
-				},
-			};
-		}),
-	);
-
-	const isLoading = useMemo(() => queryResults.some((q) => q.isLoading), [
-		queryResults,
-	]);
-	const error = useMemo(
-		() =>
-			!isLoading
-				? (queryResults.find((q) => !!q.error)?.error as Error) || null
-				: null,
-		[isLoading, queryResults],
-	);
-	const data = useMemo(() => {
-		if (isLoading || error) {
-			return null;
-		}
-
-		return queryResults.reduce((acc, q) => {
-			if (!q.data) {
-				return acc;
-			}
-
-			for (const [key, value] of Object.entries(q.data)) {
-				acc[key as BrandedPermission] = value;
-			}
-
-			return acc;
-		}, {} as AuthZCheckResponse);
-	}, [isLoading, error, queryResults]);
-
-	return {
-		isLoading,
-		error,
-		permissions: data ?? null,
-	};
-}

frontend/src/hooks/useAuthZ/utils.ts

@@ -1,85 +0,0 @@
-import { AuthtypesTransactionDTO } from '../../api/generated/services/sigNoz.schemas';
-import permissionsType from './permissions.type';
-import {
-	AuthZObject,
-	AuthZRelation,
-	AuthZResource,
-	BrandedPermission,
-	ResourceName,
-	ResourceType,
-} from './types';
-
-export const PermissionSeparator = '||__||';
-export const ObjectSeparator = ':';
-
-export function buildPermission<R extends AuthZRelation>(
-	relation: R,
-	object: AuthZObject<R>,
-): BrandedPermission {
-	return `${relation}${PermissionSeparator}${object}` as BrandedPermission;
-}
-
-export function buildObjectString(
-	resource: AuthZResource,
-	objectId: string,
-): `${AuthZResource}${typeof ObjectSeparator}${string}` {
-	return `${resource}${ObjectSeparator}${objectId}` as const;
-}
-
-export function parsePermission(
-	permission: BrandedPermission,
-): {
-	relation: AuthZRelation;
-	object: string;
-} {
-	const [relation, object] = permission.split(PermissionSeparator);
-	return { relation: relation as AuthZRelation, object };
-}
-
-const resourceNameToType = permissionsType.data.resources.reduce((acc, r) => {
-	acc[r.name] = r.type;
-	return acc;
-}, {} as Record<ResourceName, ResourceType>);
-
-export function permissionToTransactionDto(
-	permission: BrandedPermission,
-): AuthtypesTransactionDTO {
-	const { relation, object: objectStr } = parsePermission(permission);
-	const directType = resourceNameToType[objectStr as ResourceName];
-	if (directType === 'metaresources') {
-		return {
-			relation,
-			object: {
-				resource: { name: objectStr, type: directType },
-				selector: '*',
-			},
-		};
-	}
-	const [resourceName, selector] = objectStr.split(ObjectSeparator);
-	const type =
-		resourceNameToType[resourceName as ResourceName] ?? 'metaresource';
-
-	return {
-		relation,
-		object: {
-			resource: { name: resourceName, type },
-			selector: selector || '*',
-		},
-	};
-}
-
-export function gettableTransactionToPermission(
-	item: AuthtypesTransactionDTO,
-): BrandedPermission {
-	const {
-		relation,
-		object: { resource, selector },
-	} = item;
-	const resourceName = String(resource.name);
-	const selectorStr = typeof selector === 'string' ? selector : '*';
-	const objectStr =
-		resource.type === 'metaresources'
-			? resourceName
-			: `${resourceName}${ObjectSeparator}${selectorStr}`;
-	return `${relation}${PermissionSeparator}${objectStr}` as BrandedPermission;
-}

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/TooltipPlugin.tsx

@@ -8,7 +8,6 @@ import {
 	createSetCursorHandler,
 	createSetLegendHandler,
 	createSetSeriesHandler,
-	getPlot,
 	isScrollEventInPlot,
 	updatePlotVisibility,
 	updateWindowSize,
@@ -54,7 +53,7 @@ export default function TooltipPlugin({
 	const [viewState, setState] = useState<TooltipViewState>(
 		createInitialViewState,
 	);
-	const { hasPlot, isHovering, isPinned, contents, style } = viewState;
+	const { plot, isHovering, isPinned, contents, style } = viewState;
 
 	/**
 	 * Merge a partial view update into the current React state.
@@ -73,25 +72,12 @@ export default function TooltipPlugin({
 		layoutRef.current?.observer.disconnect();
 		layoutRef.current = createLayoutObserver(layoutRef);
 
-		/**
-		 * Plot lifecycle and GC: viewState uses hasPlot (boolean), not the plot
-		 * reference; clearPlotReferences runs in cleanup so
-		 * detached canvases can be garbage collected.
-		 */
 		// Controller holds the mutable interaction state for this tooltip
 		// instance. It is intentionally *not* React state so uPlot hooks
 		// and DOM listeners can update it freely without triggering a
 		// render on every mouse move.
 		const controller: TooltipControllerState = createInitialControllerState();
 
-		/**
-		 * Clear plot references so detached canvases can be garbage collected.
-		 */
-		const clearPlotReferences = (): void => {
-			controller.plot = null;
-			updateState({ hasPlot: false });
-		};
-
 		const syncTooltipWithDashboard = syncMode === DashboardCursorSync.Tooltip;
 
 		// Enable uPlot's built-in cursor sync when requested so that
@@ -124,10 +110,9 @@ export default function TooltipPlugin({
 		// Lock uPlot's internal cursor when the tooltip is pinned so
 		// subsequent mouse moves do not move the crosshair.
 		function updateCursorLock(): void {
-			const plot = getPlot(controller);
-			if (plot) {
+			if (controller.plot) {
 				// @ts-ignore uPlot cursor lock is not working as expected
-				plot.cursor._lock = controller.pinned;
+				controller.plot.cursor._lock = controller.pinned;
 			}
 		}
 
@@ -157,9 +142,8 @@ export default function TooltipPlugin({
 			const isPinnedBeforeDismiss = controller.pinned;
 			controller.pinned = false;
 			controller.hoverActive = false;
-			const plot = getPlot(controller);
-			if (plot) {
-				plot.setCursor({ left: -10, top: -10 });
+			if (controller.plot) {
+				controller.plot.setCursor({ left: -10, top: -10 });
 			}
 			scheduleRender(isPinnedBeforeDismiss);
 		}
@@ -167,12 +151,11 @@ export default function TooltipPlugin({
 		// Build the React node to be rendered inside the tooltip by
 		// delegating to the caller-provided `render` function.
 		function createTooltipContents(): React.ReactNode {
-			const plot = getPlot(controller);
-			if (!controller.hoverActive || !plot) {
+			if (!controller.hoverActive || !controller.plot) {
 				return null;
 			}
 			return renderRef.current({
-				uPlotInstance: plot,
+				uPlotInstance: controller.plot,
 				dataIndexes: controller.seriesIndexes,
 				seriesIndex: controller.focusedSeriesIndex,
 				isPinned: controller.pinned,
@@ -257,13 +240,9 @@ export default function TooltipPlugin({
 
 		// When pinning is enabled, a click on the plot overlay while
 		// hovering converts the transient tooltip into a pinned one.
-		// Uses getPlot(controller) to avoid closing over u (plot), which
-		// would retain the plot and detached canvases across unmounts.
-		const handleUPlotOverClick = (event: MouseEvent): void => {
-			const plot = getPlot(controller);
+		const handleUPlotOverClick = (u: uPlot, event: MouseEvent): void => {
 			if (
-				plot &&
-				event.target === plot.over &&
+				event.target === u.over &&
 				controller.hoverActive &&
 				!controller.pinned &&
 				controller.focusedSeriesIndex != null
@@ -281,9 +260,10 @@ export default function TooltipPlugin({
 		// on the controller and optionally attach the pinning handler.
 		const handleInit = (u: uPlot): void => {
 			controller.plot = u;
-			updateState({ hasPlot: true });
+			updateState({ plot: u });
 			if (canPinTooltip) {
-				overClickHandler = handleUPlotOverClick;
+				overClickHandler = (event: MouseEvent): void =>
+					handleUPlotOverClick(u, event);
 				u.over.addEventListener('click', overClickHandler);
 			}
 		};
@@ -319,6 +299,7 @@ export default function TooltipPlugin({
 		const handleSetCursor = createSetCursorHandler(ctx);
 
 		handleWindowResize();
+
 		const removeReadyHook = config.addHook('ready', (): void =>
 			updatePlotVisibility(controller),
 		);
@@ -344,20 +325,16 @@ export default function TooltipPlugin({
 			removeSetSeriesHook();
 			removeSetLegendHook();
 			removeSetCursorHook();
-			if (overClickHandler) {
-				const plot = getPlot(controller);
-				if (plot) {
-					plot.over.removeEventListener('click', overClickHandler);
-				}
+			if (controller.plot && overClickHandler) {
+				controller.plot.over.removeEventListener('click', overClickHandler);
 				overClickHandler = null;
 			}
-			clearPlotReferences();
 		};
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [config]);
 
 	useLayoutEffect((): void => {
-		if (!hasPlot || !layoutRef.current) {
+		if (!plot || !layoutRef.current) {
 			return;
 		}
 		const layout = layoutRef.current;
@@ -372,9 +349,9 @@ export default function TooltipPlugin({
 			layout.width = 0;
 			layout.height = 0;
 		}
-	}, [isHovering, hasPlot]);
+	}, [isHovering, plot]);
 
-	if (!hasPlot) {
+	if (!plot) {
 		return null;
 	}
 

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/tooltipController.ts

@@ -10,11 +10,6 @@ import {
 
 const WINDOW_OFFSET = 16;
 
-/** Get the plot instance from the controller; returns null if never set or cleared. */
-export function getPlot(controller: TooltipControllerState): uPlot | null {
-	return controller.plot ?? null;
-}
-
 export function createInitialControllerState(): TooltipControllerState {
 	return {
 		plot: null,
@@ -51,13 +46,12 @@ export function updateWindowSize(controller: TooltipControllerState): void {
  * This is used to decide if a synced tooltip should be shown at all.
  */
 export function updatePlotVisibility(controller: TooltipControllerState): void {
-	const plot = getPlot(controller);
-	if (!plot) {
+	if (!controller.plot) {
 		controller.plotWithinViewport = false;
 		return;
 	}
 	controller.plotWithinViewport = isPlotInViewport(
-		plot.rect,
+		controller.plot.rect,
 		controller.windowWidth,
 		controller.windowHeight,
 	);
@@ -72,11 +66,10 @@ export function isScrollEventInPlot(
 	event: Event,
 	controller: TooltipControllerState,
 ): boolean {
-	const plot = getPlot(controller);
 	return (
 		event.target instanceof Node &&
-		plot !== null &&
-		event.target.contains(plot.root)
+		controller.plot !== null &&
+		event.target.contains(controller.plot.root)
 	);
 }
 
@@ -172,12 +165,11 @@ export function createSetLegendHandler(
 ): (u: uPlot) => void {
 	return (u: uPlot): void => {
 		const { controller } = ctx;
-		const plot = getPlot(controller);
-		if (!plot?.cursor?.idxs) {
+		if (!controller.plot?.cursor?.idxs) {
 			return;
 		}
 
-		const newSeriesIndexes = plot.cursor.idxs.slice();
+		const newSeriesIndexes = controller.plot.cursor.idxs.slice();
 		const isAnySeriesActive = newSeriesIndexes.some((v, i) => i > 0 && v != null);
 
 		const previousCursorDrivenBySync = controller.cursorDrivenBySync;

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/types.ts

@@ -18,8 +18,7 @@ export enum DashboardCursorSync {
 }
 
 export interface TooltipViewState {
-	/** Whether a plot instance exists; plot reference is in controller, not state. */
-	hasPlot?: boolean;
+	plot?: uPlot | null;
 	style: Partial<CSSProperties>;
 	isHovering: boolean;
 	isPinned: boolean;

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/utils.ts

@@ -123,7 +123,7 @@ export function createInitialViewState(): TooltipViewState {
 		isHovering: false,
 		isPinned: false,
 		contents: null,
-		hasPlot: false,
+		plot: null,
 		dismiss: (): void => {},
 	};
 }

pkg/apiserver/signozapiserver/provider.go

@@ -18,7 +18,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -49,7 +48,6 @@ type provider struct {
 	authzHandler           authz.Handler
 	zeusHandler            zeus.Handler
 	querierHandler         querier.Handler
-	serviceAccountHandler  serviceaccount.Handler
 }
 
 func NewFactory(
@@ -71,7 +69,6 @@ func NewFactory(
 	authzHandler authz.Handler,
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
-	serviceAccountHandler serviceaccount.Handler,
 ) factory.ProviderFactory[apiserver.APIServer, apiserver.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("signoz"), func(ctx context.Context, providerSettings factory.ProviderSettings, config apiserver.Config) (apiserver.APIServer, error) {
 		return newProvider(
@@ -96,7 +93,6 @@ func NewFactory(
 			authzHandler,
 			zeusHandler,
 			querierHandler,
-			serviceAccountHandler,
 		)
 	})
 }
@@ -123,7 +119,6 @@ func newProvider(
 	authzHandler authz.Handler,
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
-	serviceAccountHandler serviceaccount.Handler,
 ) (apiserver.APIServer, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/apiserver/signozapiserver")
 	router := mux.NewRouter().UseEncodedPath()
@@ -148,7 +143,6 @@ func newProvider(
 		authzHandler:           authzHandler,
 		zeusHandler:            zeusHandler,
 		querierHandler:         querierHandler,
-		serviceAccountHandler:  serviceAccountHandler,
 	}
 
 	provider.authZ = middleware.NewAuthZ(settings.Logger(), orgGetter, authz)
@@ -229,10 +223,6 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 		return err
 	}
 
-	if err := provider.addServiceAccountRoutes(router); err != nil {
-		return err
-	}
-
 	return nil
 }
 

pkg/apiserver/signozapiserver/serviceaccount.go

@@ -1,184 +0,0 @@
-package signozapiserver
-
-import (
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/gorilla/mux"
-)
-
-func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Create), handler.OpenAPIDef{
-		ID:                  "CreateServiceAccount",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Create service account",
-		Description:         "This endpoint creates a service account",
-		Request:             new(serviceaccounttypes.PostableServiceAccount),
-		RequestContentType:  "",
-		Response:            new(types.Identifiable),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusCreated,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.List), handler.OpenAPIDef{
-		ID:                  "ListServiceAccounts",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "List service accounts",
-		Description:         "This endpoint lists the service accounts for an organisation",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*serviceaccounttypes.ServiceAccount, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Get), handler.OpenAPIDef{
-		ID:                  "GetServiceAccount",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Gets a service account",
-		Description:         "This endpoint gets an existing service account",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(serviceaccounttypes.ServiceAccount),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Update), handler.OpenAPIDef{
-		ID:                  "UpdateServiceAccount",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Updates a service account",
-		Description:         "This endpoint updates an existing service account",
-		Request:             new(serviceaccounttypes.UpdatableServiceAccount),
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}/status", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.UpdateStatus), handler.OpenAPIDef{
-		ID:                  "UpdateServiceAccountStatus",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Updates a service account status",
-		Description:         "This endpoint updates an existing service account status",
-		Request:             new(serviceaccounttypes.UpdatableServiceAccountStatus),
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Delete), handler.OpenAPIDef{
-		ID:                  "DeleteServiceAccount",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Deletes a service account",
-		Description:         "This endpoint deletes an existing service account",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodDelete).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.CreateFactorAPIKey), handler.OpenAPIDef{
-		ID:                  "CreateServiceAccountKey",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Create a service account key",
-		Description:         "This endpoint creates a service account key",
-		Request:             new(serviceaccounttypes.PostableFactorAPIKey),
-		RequestContentType:  "",
-		Response:            new(serviceaccounttypes.GettableFactorAPIKeyWithKey),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusCreated,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.ListFactorAPIKey), handler.OpenAPIDef{
-		ID:                  "ListServiceAccountKeys",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "List service account keys",
-		Description:         "This endpoint lists the service account keys",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*serviceaccounttypes.FactorAPIKey, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.UpdateFactorAPIKey), handler.OpenAPIDef{
-		ID:                  "UpdateServiceAccountKey",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Updates a service account key",
-		Description:         "This endpoint updates an existing service account key",
-		Request:             new(serviceaccounttypes.UpdatableFactorAPIKey),
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.RevokeFactorAPIKey), handler.OpenAPIDef{
-		ID:                  "RevokeServiceAccountKey",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Revoke a service account key",
-		Description:         "This endpoint revokes an existing service account key",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodDelete).GetError(); err != nil {
-		return err
-	}
-
-	return nil
-}

pkg/authz/authz.go

@@ -62,17 +62,14 @@ type AuthZ interface {
 	//  Lists all the roles for the organization filtered by name
 	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*roletypes.Role, error)
 
-	//  Lists all the roles for the organization filtered by ids
-	ListByOrgIDAndIDs(context.Context, valuer.UUID, []valuer.UUID) ([]*roletypes.Role, error)
-
 	// Grants a role to the subject based on role name.
-	Grant(context.Context, valuer.UUID, []string, string) error
+	Grant(context.Context, valuer.UUID, string, string) error
 
 	// Revokes a granted role from the subject based on role name.
-	Revoke(context.Context, valuer.UUID, []string, string) error
+	Revoke(context.Context, valuer.UUID, string, string) error
 
 	// Changes the granted role for the subject based on role name.
-	ModifyGrant(context.Context, valuer.UUID, []string, []string, string) error
+	ModifyGrant(context.Context, valuer.UUID, string, string, string) error
 
 	// Bootstrap the managed roles.
 	CreateManagedRoles(context.Context, valuer.UUID, []*roletypes.Role) error

pkg/authz/authzstore/sqlauthzstore/store.go

@@ -96,39 +96,6 @@ func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID,
 		return nil, err
 	}
 
-	if len(roles) != len(names) {
-		return nil, store.sqlstore.WrapNotFoundErrf(
-			nil,
-			roletypes.ErrCodeRoleNotFound,
-			"not all roles found for the provided names: %v", names,
-		)
-	}
-
-	return roles, nil
-}
-
-func (store *store) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*roletypes.StorableRole, error) {
-	roles := make([]*roletypes.StorableRole, 0)
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&roles).
-		Where("org_id = ?", orgID).
-		Where("id IN (?)", bun.In(ids)).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(roles) != len(ids) {
-		return nil, store.sqlstore.WrapNotFoundErrf(
-			nil,
-			roletypes.ErrCodeRoleNotFound,
-			"not all roles found for the provided ids: %v", ids,
-		)
-	}
-
 	return roles, nil
 }
 

pkg/authz/openfgaauthz/provider.go

@@ -114,46 +114,28 @@ func (provider *provider) ListByOrgIDAndNames(ctx context.Context, orgID valuer.
 	return roles, nil
 }
 
-func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*roletypes.Role, error) {
-	storableRoles, err := provider.store.ListByOrgIDAndIDs(ctx, orgID, ids)
-	if err != nil {
-		return nil, err
-	}
-
-	roles := make([]*roletypes.Role, len(storableRoles))
-	for idx, storable := range storableRoles {
-		roles[idx] = roletypes.NewRoleFromStorableRole(storable)
-	}
-
-	return roles, nil
-}
-
-func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, names []string, subject string) error {
-	selectors := make([]authtypes.Selector, len(names))
-	for idx, name := range names {
-		selectors[idx] = authtypes.MustNewSelector(authtypes.TypeRole, name)
-	}
-
+func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, name string, subject string) error {
 	tuples, err := authtypes.TypeableRole.Tuples(
 		subject,
 		authtypes.RelationAssignee,
-		selectors,
+		[]authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, name),
+		},
 		orgID,
 	)
 	if err != nil {
 		return err
 	}
-
 	return provider.Write(ctx, tuples, nil)
 }
 
-func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, existingRoleNames []string, updatedRoleNames []string, subject string) error {
-	err := provider.Revoke(ctx, orgID, existingRoleNames, subject)
+func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, existingRoleName string, updatedRoleName string, subject string) error {
+	err := provider.Revoke(ctx, orgID, existingRoleName, subject)
 	if err != nil {
 		return err
 	}
 
-	err = provider.Grant(ctx, orgID, updatedRoleNames, subject)
+	err = provider.Grant(ctx, orgID, updatedRoleName, subject)
 	if err != nil {
 		return err
 	}
@@ -161,16 +143,13 @@ func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, ex
 	return nil
 }
 
-func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names []string, subject string) error {
-	selectors := make([]authtypes.Selector, len(names))
-	for idx, name := range names {
-		selectors[idx] = authtypes.MustNewSelector(authtypes.TypeRole, name)
-	}
-
+func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, name string, subject string) error {
 	tuples, err := authtypes.TypeableRole.Tuples(
 		subject,
 		authtypes.RelationAssignee,
-		selectors,
+		[]authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, name),
+		},
 		orgID,
 	)
 	if err != nil {
@@ -199,7 +178,7 @@ func (provider *provider) CreateManagedRoles(ctx context.Context, _ valuer.UUID,
 }
 
 func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) error {
-	return provider.Grant(ctx, orgID, []string{roletypes.SigNozAdminRoleName}, authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil))
+	return provider.Grant(ctx, orgID, roletypes.SigNozAdminRoleName, authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil))
 }
 
 func (setter *provider) Create(_ context.Context, _ valuer.UUID, _ *roletypes.Role) error {

pkg/modules/cloudintegration/cloudintegration.go

@@ -1,62 +0,0 @@
-package cloudintegration
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Module interface {
-	GetName() cloudintegrationtypes.CloudProviderType
-
-	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
-	AgentCheckIn(ctx context.Context, req *cloudintegrationtypes.PostableAgentCheckInPayload) (any, error)
-
-	GenerateConnectionParams(ctx context.Context) (*cloudintegrationtypes.GettableCloudIntegrationConnectionParams, error)
-	// GenerateConnectionArtifact generates cloud provider specific connection information, client side handles how this information is shown
-	GenerateConnectionArtifact(ctx context.Context, req *cloudintegrationtypes.PostableConnectionArtifact) (any, error)
-	// GetAccountStatus returns agent connection status for a cloud integration account
-	GetAccountStatus(ctx context.Context, orgID, accountID string) (*cloudintegrationtypes.GettableAccountStatus, error)
-	// ListConnectedAccounts lists accounts where agent is connected
-	ListConnectedAccounts(ctx context.Context, orgID string) (*cloudintegrationtypes.GettableConnectedAccountsList, error)
-
-	// LIstServices return list of services for a cloud provider attached with the accountID. This just returns a summary
-	ListServices(ctx context.Context, orgID string, accountID *string) (any, error) // returns either GettableAWSServices or GettableAzureServices
-	// GetServiceDetails returns service definition details for a serviceId. This returns config and other details required to show in service details page on client.
-	GetServiceDetails(ctx context.Context, req *cloudintegrationtypes.GetServiceDetailsReq) (any, error)
-
-	// GetDashboard returns dashboard json for a give cloud integration service dashboard.
-	// this only returns the dashboard when account is connected and service is enabled
-	GetDashboard(ctx context.Context, id string, orgID valuer.UUID) (*dashboardtypes.Dashboard, error)
-	// GetAvailableDashboards returns list of available dashboards across all connected cloud integration accounts in the org.
-	// this list gets added to dashboard list page
-	GetAvailableDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
-
-	// UpdateAccountConfig updates cloud integration account config
-	UpdateAccountConfig(ctx context.Context, orgId valuer.UUID, accountId string, config []byte) (any, error)
-	// UpdateServiceConfig updates cloud integration service config
-	UpdateServiceConfig(ctx context.Context, serviceId string, orgID valuer.UUID, config []byte) (any, error)
-
-	// DisconnectAccount soft deletes/removes a cloud integration account.
-	DisconnectAccount(ctx context.Context, orgID, accountID string) (*cloudintegrationtypes.CloudIntegration, error)
-}
-
-type Handler interface {
-	AgentCheckIn(http.ResponseWriter, *http.Request)
-
-	GenerateConnectionParams(http.ResponseWriter, *http.Request)
-	GenerateConnectionArtifact(http.ResponseWriter, *http.Request)
-
-	ListConnectedAccounts(http.ResponseWriter, *http.Request)
-	GetAccountStatus(http.ResponseWriter, *http.Request)
-	ListServices(http.ResponseWriter, *http.Request)
-	GetServiceDetails(http.ResponseWriter, *http.Request)
-
-	UpdateAccountConfig(http.ResponseWriter, *http.Request)
-	UpdateServiceConfig(http.ResponseWriter, *http.Request)
-
-	DisconnectAccount(http.ResponseWriter, *http.Request)
-}

pkg/modules/cloudintegration/implsqlstore/accounts.go

@@ -1,193 +0,0 @@
-package implcloudintegration
-
-import (
-	"context"
-	"database/sql"
-	"fmt"
-	"log/slog"
-	"strings"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types"
-	cloudintegrationtypes "github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var ErrCodeCloudIntegrationAccountNotFound = errors.MustNewCode("cloud_integration_account_not_found")
-
-// cloudProviderAccountsSQLRepository is a SQL-backed implementation of CloudIntegrationAccountStore.
-type cloudProviderAccountsSQLRepository struct {
-	store sqlstore.SQLStore
-}
-
-// NewSQLCloudIntegrationAccountStore constructs a SQL-backed CloudIntegrationAccountStore.
-func NewSQLCloudIntegrationAccountStore(store sqlstore.SQLStore) cloudintegrationtypes.CloudIntegrationAccountStore {
-	return &cloudProviderAccountsSQLRepository{store: store}
-}
-
-// -----------------------------
-// Account store implementation
-// -----------------------------
-
-func (r *cloudProviderAccountsSQLRepository) ListConnected(
-	ctx context.Context, orgId string, cloudProvider string,
-) ([]cloudintegrationtypes.CloudIntegration, error) {
-	accounts := []cloudintegrationtypes.CloudIntegration{}
-
-	err := r.store.BunDB().NewSelect().
-		Model(&accounts).
-		Where("org_id = ?", orgId).
-		Where("provider = ?", cloudProvider).
-		Where("removed_at is NULL").
-		Where("account_id is not NULL").
-		Where("last_agent_report is not NULL").
-		Order("created_at").
-		Scan(ctx)
-	if err != nil {
-		slog.ErrorContext(ctx, "error querying connected cloud accounts", "error", err)
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "could not query connected cloud accounts")
-	}
-
-	return accounts, nil
-}
-
-func (r *cloudProviderAccountsSQLRepository) Get(
-	ctx context.Context, orgId string, provider string, id string,
-) (*cloudintegrationtypes.CloudIntegration, error) {
-	var result cloudintegrationtypes.CloudIntegration
-
-	err := r.store.BunDB().NewSelect().
-		Model(&result).
-		Where("org_id = ?", orgId).
-		Where("provider = ?", provider).
-		Where("id = ?", id).
-		Scan(ctx)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, errors.WrapNotFoundf(
-				err,
-				ErrCodeCloudIntegrationAccountNotFound,
-				"couldn't find account with Id %s", id,
-			)
-		}
-
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud provider account")
-	}
-
-	return &result, nil
-}
-
-func (r *cloudProviderAccountsSQLRepository) GetConnectedCloudAccount(
-	ctx context.Context, orgId string, provider string, accountId string,
-) (*cloudintegrationtypes.CloudIntegration, error) {
-	var result cloudintegrationtypes.CloudIntegration
-
-	err := r.store.BunDB().NewSelect().
-		Model(&result).
-		Where("org_id = ?", orgId).
-		Where("provider = ?", provider).
-		Where("account_id = ?", accountId).
-		Where("last_agent_report is not NULL").
-		Where("removed_at is NULL").
-		Scan(ctx)
-
-	if errors.Is(err, sql.ErrNoRows) {
-		return nil, errors.WrapNotFoundf(err, ErrCodeCloudIntegrationAccountNotFound, "couldn't find connected cloud account %s", accountId)
-	} else if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud provider account")
-	}
-
-	return &result, nil
-}
-
-func (r *cloudProviderAccountsSQLRepository) Upsert(
-	ctx context.Context,
-	orgId string,
-	provider string,
-	id *string,
-	config []byte,
-	accountId *string,
-	agentReport *cloudintegrationtypes.AgentReport,
-	removedAt *time.Time,
-) (*cloudintegrationtypes.CloudIntegration, error) {
-	// Insert
-	if id == nil {
-		temp := valuer.GenerateUUID().StringValue()
-		id = &temp
-	}
-
-	// Prepare clause for setting values in `on conflict do update`
-	onConflictSetStmts := []string{}
-	setColStatement := func(col string) string {
-		return fmt.Sprintf("%s=excluded.%s", col, col)
-	}
-
-	if config != nil {
-		onConflictSetStmts = append(
-			onConflictSetStmts, setColStatement("config"),
-		)
-	}
-
-	if accountId != nil {
-		onConflictSetStmts = append(
-			onConflictSetStmts, setColStatement("account_id"),
-		)
-	}
-
-	if agentReport != nil {
-		onConflictSetStmts = append(
-			onConflictSetStmts, setColStatement("last_agent_report"),
-		)
-	}
-
-	if removedAt != nil {
-		onConflictSetStmts = append(
-			onConflictSetStmts, setColStatement("removed_at"),
-		)
-	}
-
-	// set updated_at to current timestamp if it's an upsert
-	onConflictSetStmts = append(
-		onConflictSetStmts, setColStatement("updated_at"),
-	)
-
-	onConflictClause := ""
-	if len(onConflictSetStmts) > 0 {
-		onConflictClause = fmt.Sprintf(
-			"conflict(id, provider, org_id) do update SET\n%s",
-			strings.Join(onConflictSetStmts, ",\n"),
-		)
-	}
-
-	integration := cloudintegrationtypes.CloudIntegration{
-		OrgID:        orgId,
-		Provider:     provider,
-		Identifiable: types.Identifiable{ID: valuer.MustNewUUID(*id)},
-		TimeAuditable: types.TimeAuditable{
-			CreatedAt: time.Now(),
-			UpdatedAt: time.Now(),
-		},
-		Config:          string(config),
-		AccountID:       accountId,
-		LastAgentReport: agentReport,
-		RemovedAt:       removedAt,
-	}
-
-	_, err := r.store.BunDB().NewInsert().
-		Model(&integration).
-		On(onConflictClause).
-		Exec(ctx)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't upsert cloud integration account")
-	}
-
-	upsertedAccount, err := r.Get(ctx, orgId, provider, *id)
-	if err != nil {
-		slog.ErrorContext(ctx, "error upserting cloud integration account", "error", err)
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't get upserted cloud integration account")
-	}
-
-	return upsertedAccount, nil
-}

pkg/modules/cloudintegration/implsqlstore/serviceconfig.go

@@ -1,133 +0,0 @@
-package implcloudintegration
-
-import (
-	"context"
-	"database/sql"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types"
-	cloudintegrationtypes "github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var ErrCodeServiceConfigNotFound = errors.MustNewCode("service_config_not_found")
-
-// serviceConfigSQLRepository is a SQL-backed implementation of CloudIntegrationServiceStore.
-type serviceConfigSQLRepository struct {
-	store sqlstore.SQLStore
-}
-
-// NewSQLCloudIntegrationServiceStore constructs a SQL-backed CloudIntegrationServiceStore.
-func NewSQLCloudIntegrationServiceStore(store sqlstore.SQLStore) cloudintegrationtypes.CloudIntegrationServiceStore {
-	return &serviceConfigSQLRepository{store: store}
-}
-
-// -----------------------------
-// Service config store implementation
-// -----------------------------
-
-func (r *serviceConfigSQLRepository) Get(
-	ctx context.Context,
-	orgID string,
-	cloudAccountId string,
-	serviceType string,
-) ([]byte, error) {
-	var result cloudintegrationtypes.CloudIntegrationService
-
-	err := r.store.BunDB().NewSelect().
-		Model(&result).
-		Join("JOIN cloud_integration ci ON ci.id = cis.cloud_integration_id").
-		Where("ci.org_id = ?", orgID).
-		Where("ci.id = ?", cloudAccountId).
-		Where("cis.type = ?", serviceType).
-		Scan(ctx)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, errors.WrapNotFoundf(err, ErrCodeServiceConfigNotFound, "couldn't find config for cloud account %s", cloudAccountId)
-		}
-
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud service config")
-	}
-
-	return []byte(result.Config), nil
-}
-
-func (r *serviceConfigSQLRepository) Upsert(
-	ctx context.Context,
-	orgID string,
-	cloudProvider string,
-	cloudAccountId string,
-	serviceId string,
-	config []byte,
-) ([]byte, error) {
-	// get cloud integration id from account id
-	// if the account is not connected, we don't need to upsert the config
-	var cloudIntegrationId string
-	err := r.store.BunDB().NewSelect().
-		Model((*cloudintegrationtypes.CloudIntegration)(nil)).
-		Column("id").
-		Where("provider = ?", cloudProvider).
-		Where("account_id = ?", cloudAccountId).
-		Where("org_id = ?", orgID).
-		Where("removed_at is NULL").
-		Where("last_agent_report is not NULL").
-		Scan(ctx, &cloudIntegrationId)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return nil, errors.WrapNotFoundf(
-				err,
-				ErrCodeCloudIntegrationAccountNotFound,
-				"couldn't find active cloud integration account",
-			)
-		}
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query cloud integration id")
-	}
-
-	serviceConfig := cloudintegrationtypes.CloudIntegrationService{
-		Identifiable: types.Identifiable{ID: valuer.GenerateUUID()},
-		TimeAuditable: types.TimeAuditable{
-			CreatedAt: time.Now(),
-			UpdatedAt: time.Now(),
-		},
-		Config:             string(config),
-		Type:               serviceId,
-		CloudIntegrationID: cloudIntegrationId,
-	}
-	_, err = r.store.BunDB().NewInsert().
-		Model(&serviceConfig).
-		On("conflict(cloud_integration_id, type) do update set config=excluded.config, updated_at=excluded.updated_at").
-		Exec(ctx)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't upsert cloud service config")
-	}
-
-	return config, nil
-}
-
-func (r *serviceConfigSQLRepository) GetAllForAccount(
-	ctx context.Context,
-	orgID string,
-	cloudAccountId string,
-) (map[string][]byte, error) {
-	var serviceConfigs []cloudintegrationtypes.CloudIntegrationService
-
-	err := r.store.BunDB().NewSelect().
-		Model(&serviceConfigs).
-		Join("JOIN cloud_integration ci ON ci.id = cis.cloud_integration_id").
-		Where("ci.id = ?", cloudAccountId).
-		Where("ci.org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't query service configs from db")
-	}
-
-	result := make(map[string][]byte)
-
-	for _, r := range serviceConfigs {
-		result[r.Type] = []byte(r.Config)
-	}
-
-	return result, nil
-}

pkg/modules/serviceaccount/implserviceaccount/handler.go

@@ -1,335 +0,0 @@
-package implserviceaccount
-
-import (
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/http/binding"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/gorilla/mux"
-)
-
-type handler struct {
-	module serviceaccount.Module
-}
-
-func NewHandler(module serviceaccount.Module) serviceaccount.Handler {
-	return &handler{module: module}
-}
-
-func (handler *handler) Create(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := new(serviceaccounttypes.PostableServiceAccount)
-	if err := binding.JSON.BindBody(r.Body, req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount := serviceaccounttypes.NewServiceAccount(req.Name, req.Email, req.Roles, serviceaccounttypes.StatusActive, valuer.MustNewUUID(claims.OrgID))
-	err = handler.module.Create(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, types.Identifiable{ID: serviceAccount.ID})
-}
-
-func (handler *handler) Get(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount, err := handler.module.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, serviceAccount)
-}
-
-func (handler *handler) List(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccounts, err := handler.module.List(ctx, valuer.MustNewUUID(claims.OrgID))
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, serviceAccounts)
-}
-
-func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := new(serviceaccounttypes.UpdatableServiceAccount)
-	if err := binding.JSON.BindBody(r.Body, req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount, err := handler.module.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount.Update(req.Name, req.Email, req.Roles)
-	err = handler.module.Update(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (handler *handler) UpdateStatus(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := new(serviceaccounttypes.UpdatableServiceAccountStatus)
-	if err := binding.JSON.BindBody(r.Body, req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount, err := handler.module.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount.UpdateStatus(req.Status)
-	err = handler.module.UpdateStatus(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (handler *handler) Delete(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = handler.module.Delete(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (handler *handler) CreateFactorAPIKey(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := new(serviceaccounttypes.PostableFactorAPIKey)
-	if err := binding.JSON.BindBody(r.Body, req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	// this takes care of checking the existence of service account and the org constraint.
-	serviceAccount, err := handler.module.GetWithoutRoles(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	factorAPIKey, err := serviceAccount.NewFactorAPIKey(req.Name, req.ExpiresAt)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = handler.module.CreateFactorAPIKey(ctx, factorAPIKey)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, serviceaccounttypes.NewGettableFactorAPIKeyWithKey(factorAPIKey.ID, factorAPIKey.Key))
-}
-
-func (handler *handler) ListFactorAPIKey(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount, err := handler.module.GetWithoutRoles(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	factorAPIKeys, err := handler.module.ListFactorAPIKey(ctx, serviceAccount.ID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, serviceaccounttypes.NewGettableFactorAPIKeys(factorAPIKeys))
-}
-
-func (handler *handler) UpdateFactorAPIKey(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	factorAPIKeyID, err := valuer.NewUUID(mux.Vars(r)["fid"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := new(serviceaccounttypes.UpdatableFactorAPIKey)
-	if err := binding.JSON.BindBody(r.Body, req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount, err := handler.module.GetWithoutRoles(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	factorAPIKey, err := handler.module.GetFactorAPIKey(ctx, serviceAccount.ID, factorAPIKeyID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	factorAPIKey.Update(req.Name, req.ExpiresAt)
-	err = handler.module.UpdateFactorAPIKey(ctx, serviceAccount.ID, factorAPIKey)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (handler *handler) RevokeFactorAPIKey(rw http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	factorAPIKeyID, err := valuer.NewUUID(mux.Vars(r)["fid"])
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	serviceAccount, err := handler.module.GetWithoutRoles(ctx, valuer.MustNewUUID(claims.OrgID), id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = handler.module.RevokeFactorAPIKey(ctx, serviceAccount.ID, factorAPIKeyID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}

pkg/modules/serviceaccount/implserviceaccount/module.go

@@ -1,351 +0,0 @@
-package implserviceaccount
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/emailing"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/emailtypes"
-	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type module struct {
-	store    serviceaccounttypes.Store
-	authz    authz.AuthZ
-	emailing emailing.Emailing
-	settings factory.ScopedProviderSettings
-}
-
-func NewModule(store serviceaccounttypes.Store, authz authz.AuthZ, emailing emailing.Emailing, providerSettings factory.ProviderSettings) serviceaccount.Module {
-	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount")
-	return &module{store: store, authz: authz, emailing: emailing, settings: settings}
-}
-
-func (module *module) Create(ctx context.Context, orgID valuer.UUID, serviceAccount *serviceaccounttypes.ServiceAccount) error {
-	// validates the presence of all roles passed in the create request
-	roles, err := module.authz.ListByOrgIDAndNames(ctx, orgID, serviceAccount.Roles)
-	if err != nil {
-		return err
-	}
-
-	// authz actions cannot run in sql transactions
-	err = module.authz.Grant(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	storableServiceAccount := serviceaccounttypes.NewStorableServiceAccount(serviceAccount)
-	storableServiceAccountRoles := serviceaccounttypes.NewStorableServiceAccountRoles(serviceAccount.ID, roles)
-	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		err := module.store.Create(ctx, storableServiceAccount)
-		if err != nil {
-			return err
-		}
-
-		err = module.store.CreateServiceAccountRoles(ctx, storableServiceAccountRoles)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.ServiceAccount, error) {
-	storableServiceAccount, err := module.store.Get(ctx, orgID, id)
-	if err != nil {
-		return nil, err
-	}
-
-	// did the orchestration on application layer instead of DB as the ORM also does it anyways for many to many tables.
-	storableServiceAccountRoles, err := module.store.GetServiceAccountRoles(ctx, id)
-	if err != nil {
-		return nil, err
-	}
-
-	roleIDs := make([]valuer.UUID, len(storableServiceAccountRoles))
-	for idx, sar := range storableServiceAccountRoles {
-		roleIDs[idx] = valuer.MustNewUUID(sar.RoleID)
-	}
-
-	roles, err := module.authz.ListByOrgIDAndIDs(ctx, orgID, roleIDs)
-	if err != nil {
-		return nil, err
-	}
-
-	rolesNames, err := serviceaccounttypes.NewRolesFromStorableServiceAccountRoles(storableServiceAccountRoles, roles)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceAccount := serviceaccounttypes.NewServiceAccountFromStorables(storableServiceAccount, rolesNames)
-	return serviceAccount, nil
-}
-
-func (module *module) GetWithoutRoles(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.ServiceAccount, error) {
-	storableServiceAccount, err := module.store.Get(ctx, orgID, id)
-	if err != nil {
-		return nil, err
-	}
-
-	// passing []string{} (not nil to prevent panics) roles as the function isn't supposed to put roles.
-	serviceAccount := serviceaccounttypes.NewServiceAccountFromStorables(storableServiceAccount, []string{})
-	return serviceAccount, nil
-}
-
-func (module *module) List(ctx context.Context, orgID valuer.UUID) ([]*serviceaccounttypes.ServiceAccount, error) {
-	storableServiceAccounts, err := module.store.List(ctx, orgID)
-	if err != nil {
-		return nil, err
-	}
-
-	storableServiceAccountRoles, err := module.store.ListServiceAccountRolesByOrgID(ctx, orgID)
-	if err != nil {
-		return nil, err
-	}
-
-	// convert the service account roles to structured data
-	saIDToRoleIDs, roleIDs := serviceaccounttypes.GetUniqueRolesAndServiceAccountMapping(storableServiceAccountRoles)
-	roles, err := module.authz.ListByOrgIDAndIDs(ctx, orgID, roleIDs)
-	if err != nil {
-		return nil, err
-	}
-
-	// fill in the role fetched data back to service account
-	serviceAccounts := serviceaccounttypes.NewServiceAccountsFromRoles(storableServiceAccounts, roles, saIDToRoleIDs)
-	return serviceAccounts, nil
-}
-
-func (module *module) Update(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	serviceAccount, err := module.Get(ctx, orgID, input.ID)
-	if err != nil {
-		return err
-	}
-
-	roles, err := module.authz.ListByOrgIDAndNames(ctx, orgID, input.Roles)
-	if err != nil {
-		return err
-	}
-
-	// gets the role diff if any to modify grants.
-	grants, revokes := serviceAccount.PatchRoles(input)
-	err = module.authz.ModifyGrant(ctx, orgID, revokes, grants, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	storableServiceAccountRoles := serviceaccounttypes.NewStorableServiceAccountRoles(serviceAccount.ID, roles)
-	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		err := module.store.Update(ctx, orgID, serviceaccounttypes.NewStorableServiceAccount(input))
-		if err != nil {
-			return err
-		}
-
-		// delete all the service account roles and create new rather than diff here.
-		err = module.store.DeleteServiceAccountRoles(ctx, input.ID)
-		if err != nil {
-			return err
-		}
-
-		err = module.store.CreateServiceAccountRoles(ctx, storableServiceAccountRoles)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (module *module) UpdateStatus(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	serviceAccount, err := module.Get(ctx, orgID, input.ID)
-	if err != nil {
-		return err
-	}
-
-	if input.Status == serviceAccount.Status {
-		return nil
-	}
-
-	switch input.Status {
-	case serviceaccounttypes.StatusActive:
-		err := module.activateServiceAccount(ctx, orgID, input)
-		if err != nil {
-			return err
-		}
-	case serviceaccounttypes.StatusDisabled:
-		err := module.disableServiceAccount(ctx, orgID, input)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (module *module) Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
-	serviceAccount, err := module.Get(ctx, orgID, id)
-	if err != nil {
-		return err
-	}
-
-	// revoke from authz first as this cannot run in sql transaction
-	err = module.authz.Revoke(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		err := module.store.DeleteServiceAccountRoles(ctx, serviceAccount.ID)
-		if err != nil {
-			return err
-		}
-
-		err = module.store.RevokeAllFactorAPIKeys(ctx, serviceAccount.ID)
-		if err != nil {
-			return err
-		}
-
-		err = module.store.Delete(ctx, serviceAccount.OrgID, serviceAccount.ID)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (module *module) CreateFactorAPIKey(ctx context.Context, factorAPIKey *serviceaccounttypes.FactorAPIKey) error {
-	storableFactorAPIKey := serviceaccounttypes.NewStorableFactorAPIKey(factorAPIKey)
-
-	err := module.store.CreateFactorAPIKey(ctx, storableFactorAPIKey)
-	if err != nil {
-		return err
-	}
-
-	serviceAccount, err := module.store.GetByID(ctx, factorAPIKey.ServiceAccountID)
-	if err != nil {
-		return err
-	}
-
-	if err := module.emailing.SendHTML(ctx, serviceAccount.Email, "New API Key created for your SigNoz account", emailtypes.TemplateNameAPIKeyEvent, map[string]any{
-		"Name":         serviceAccount.Name,
-		"KeyName":      factorAPIKey.Name,
-		"KeyID":        factorAPIKey.ID.String(),
-		"KeyCreatedAt": factorAPIKey.CreatedAt.String(),
-	}); err != nil {
-		module.settings.Logger().ErrorContext(ctx, "failed to send email", "error", err)
-	}
-
-	return nil
-}
-
-func (module *module) GetFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.FactorAPIKey, error) {
-	storableFactorAPIKey, err := module.store.GetFactorAPIKey(ctx, serviceAccountID, id)
-	if err != nil {
-		return nil, err
-	}
-
-	return serviceaccounttypes.NewFactorAPIKeyFromStorable(storableFactorAPIKey), nil
-}
-
-func (module *module) ListFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID) ([]*serviceaccounttypes.FactorAPIKey, error) {
-	storables, err := module.store.ListFactorAPIKey(ctx, serviceAccountID)
-	if err != nil {
-		return nil, err
-	}
-
-	return serviceaccounttypes.NewFactorAPIKeyFromStorables(storables), nil
-}
-
-func (module *module) UpdateFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, factorAPIKey *serviceaccounttypes.FactorAPIKey) error {
-	return module.store.UpdateFactorAPIKey(ctx, serviceAccountID, serviceaccounttypes.NewStorableFactorAPIKey(factorAPIKey))
-}
-
-func (module *module) RevokeFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, id valuer.UUID) error {
-	factorAPIKey, err := module.GetFactorAPIKey(ctx, serviceAccountID, id)
-	if err != nil {
-		return err
-	}
-
-	err = module.store.RevokeFactorAPIKey(ctx, serviceAccountID, id)
-	if err != nil {
-		return err
-	}
-
-	serviceAccount, err := module.store.GetByID(ctx, serviceAccountID)
-	if err != nil {
-		return err
-	}
-
-	if err := module.emailing.SendHTML(ctx, serviceAccount.Email, "API Key revoked for your SigNoz account", emailtypes.TemplateNameAPIKeyEvent, map[string]any{
-		"Name":         serviceAccount.Name,
-		"KeyName":      factorAPIKey.Name,
-		"KeyID":        factorAPIKey.ID.String(),
-		"KeyCreatedAt": factorAPIKey.CreatedAt.String(),
-	}); err != nil {
-		module.settings.Logger().ErrorContext(ctx, "failed to send email", "error", err)
-	}
-
-	return nil
-}
-
-func (module *module) disableServiceAccount(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	err := module.authz.Revoke(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		// revoke all the API keys on disable
-		err := module.store.RevokeAllFactorAPIKeys(ctx, input.ID)
-		if err != nil {
-			return err
-		}
-
-		// update the status but do not delete the role mappings as we will reuse them on activation.
-		err = module.Update(ctx, orgID, input)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (module *module) activateServiceAccount(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	err := module.authz.Grant(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	err = module.Update(ctx, orgID, input)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}

pkg/modules/serviceaccount/implserviceaccount/store.go

@@ -1,282 +0,0 @@
-package implserviceaccount
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type store struct {
-	sqlstore sqlstore.SQLStore
-}
-
-func NewStore(sqlstore sqlstore.SQLStore) serviceaccounttypes.Store {
-	return &store{sqlstore: sqlstore}
-}
-
-func (store *store) Create(ctx context.Context, storable *serviceaccounttypes.StorableServiceAccount) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewInsert().
-		Model(storable).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeServiceAccountAlreadyExists, "service account with id: %s already exists", storable.ID)
-	}
-
-	return nil
-}
-
-func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.StorableServiceAccount, error) {
-	storable := new(serviceaccounttypes.StorableServiceAccount)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(storable).
-		Where("id = ?", id).
-		Where("org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccountNotFound, "service account with id: %s doesn't exist in org: %s", id, orgID)
-	}
-
-	return storable, nil
-}
-
-func (store *store) GetByID(ctx context.Context, id valuer.UUID) (*serviceaccounttypes.StorableServiceAccount, error) {
-	storable := new(serviceaccounttypes.StorableServiceAccount)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(storable).
-		Where("id = ?", id).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccountNotFound, "service account with id: %s doesn't exist", id)
-	}
-
-	return storable, nil
-}
-
-func (store *store) List(ctx context.Context, orgID valuer.UUID) ([]*serviceaccounttypes.StorableServiceAccount, error) {
-	storables := make([]*serviceaccounttypes.StorableServiceAccount, 0)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&storables).
-		Where("org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return storables, nil
-}
-
-func (store *store) Update(ctx context.Context, orgID valuer.UUID, storable *serviceaccounttypes.StorableServiceAccount) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewUpdate().
-		Model(storable).
-		WherePK().
-		Where("org_id = ?", orgID).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (store *store) Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewDelete().
-		Model(new(serviceaccounttypes.StorableServiceAccount)).
-		Where("id = ?", id).
-		Where("org_id = ?", orgID).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (store *store) CreateServiceAccountRoles(ctx context.Context, storables []*serviceaccounttypes.StorableServiceAccountRole) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewInsert().
-		Model(&storables).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeServiceAccountRoleAlreadyExists, "duplicate role assignments for service account")
-	}
-
-	return nil
-}
-
-func (store *store) GetServiceAccountRoles(ctx context.Context, id valuer.UUID) ([]*serviceaccounttypes.StorableServiceAccountRole, error) {
-	storables := make([]*serviceaccounttypes.StorableServiceAccountRole, 0)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&storables).
-		Where("service_account_id = ?", id).
-		Scan(ctx)
-	if err != nil {
-		// no need to wrap not found here as this is many to many table
-		return nil, err
-	}
-
-	return storables, nil
-}
-
-func (store *store) ListServiceAccountRolesByOrgID(ctx context.Context, orgID valuer.UUID) ([]*serviceaccounttypes.StorableServiceAccountRole, error) {
-	storables := make([]*serviceaccounttypes.StorableServiceAccountRole, 0)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&storables).
-		Join("JOIN service_account").
-		JoinOn("service_account.id = service_account_role.service_account_id").
-		Where("service_account.org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return storables, nil
-}
-
-func (store *store) DeleteServiceAccountRoles(ctx context.Context, id valuer.UUID) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewDelete().
-		Model(new(serviceaccounttypes.StorableServiceAccountRole)).
-		Where("service_account_id = ?", id).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (store *store) CreateFactorAPIKey(ctx context.Context, storable *serviceaccounttypes.StorableFactorAPIKey) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewInsert().
-		Model(storable).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeServiceAccountFactorAPIKeyAlreadyExists, "api key with name: %s already exists for service account: %s", storable.Name, storable.ServiceAccountID)
-	}
-
-	return nil
-}
-
-func (store *store) GetFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.StorableFactorAPIKey, error) {
-	storable := new(serviceaccounttypes.StorableFactorAPIKey)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(storable).
-		Where("id = ?", id).
-		Where("service_account_id = ?", serviceAccountID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccounFactorAPIKeytNotFound, "api key with id: %s doesn't exist for service account: %s", id, serviceAccountID)
-	}
-
-	return storable, nil
-}
-
-func (store *store) ListFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID) ([]*serviceaccounttypes.StorableFactorAPIKey, error) {
-	storables := make([]*serviceaccounttypes.StorableFactorAPIKey, 0)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&storables).
-		Where("service_account_id = ?", serviceAccountID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return storables, nil
-}
-
-func (store *store) UpdateFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, storable *serviceaccounttypes.StorableFactorAPIKey) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewUpdate().
-		Model(storable).
-		Where("service_account_id = ?", serviceAccountID).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (store *store) RevokeFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, id valuer.UUID) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewDelete().
-		Model(new(serviceaccounttypes.StorableFactorAPIKey)).
-		Where("service_account_id = ?", serviceAccountID).
-		Where("id = ?", id).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (store *store) RevokeAllFactorAPIKeys(ctx context.Context, serviceAccountID valuer.UUID) error {
-	_, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewDelete().
-		Model(new(serviceaccounttypes.StorableFactorAPIKey)).
-		Where("service_account_id = ?", serviceAccountID).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (store *store) RunInTx(ctx context.Context, cb func(context.Context) error) error {
-	return store.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
-		return cb(ctx)
-	})
-}

pkg/modules/serviceaccount/serviceaccount.go

@@ -1,69 +0,0 @@
-package serviceaccount
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Module interface {
-	// Creates a new service account for an organization.
-	Create(context.Context, valuer.UUID, *serviceaccounttypes.ServiceAccount) error
-
-	// Gets a service account by id.
-	Get(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.ServiceAccount, error)
-
-	// Gets a service account by id without fetching roles.
-	GetWithoutRoles(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.ServiceAccount, error)
-
-	// List all service accounts for an organization.
-	List(context.Context, valuer.UUID) ([]*serviceaccounttypes.ServiceAccount, error)
-
-	// Updates an existing service account
-	Update(context.Context, valuer.UUID, *serviceaccounttypes.ServiceAccount) error
-
-	// Updates an existing service account status
-	UpdateStatus(context.Context, valuer.UUID, *serviceaccounttypes.ServiceAccount) error
-
-	// Deletes an existing service account by id
-	Delete(context.Context, valuer.UUID, valuer.UUID) error
-
-	// Creates a new API key for a service account
-	CreateFactorAPIKey(context.Context, *serviceaccounttypes.FactorAPIKey) error
-
-	// Gets a factor API key by id
-	GetFactorAPIKey(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.FactorAPIKey, error)
-
-	// Lists all the API keys for a service account
-	ListFactorAPIKey(context.Context, valuer.UUID) ([]*serviceaccounttypes.FactorAPIKey, error)
-
-	// Updates an existing API key for a service account
-	UpdateFactorAPIKey(context.Context, valuer.UUID, *serviceaccounttypes.FactorAPIKey) error
-
-	// Revokes an existing API key for a service account
-	RevokeFactorAPIKey(context.Context, valuer.UUID, valuer.UUID) error
-}
-
-type Handler interface {
-	Create(http.ResponseWriter, *http.Request)
-
-	Get(http.ResponseWriter, *http.Request)
-
-	List(http.ResponseWriter, *http.Request)
-
-	Update(http.ResponseWriter, *http.Request)
-
-	UpdateStatus(http.ResponseWriter, *http.Request)
-
-	Delete(http.ResponseWriter, *http.Request)
-
-	CreateFactorAPIKey(http.ResponseWriter, *http.Request)
-
-	ListFactorAPIKey(http.ResponseWriter, *http.Request)
-
-	UpdateFactorAPIKey(http.ResponseWriter, *http.Request)
-
-	RevokeFactorAPIKey(http.ResponseWriter, *http.Request)
-}

pkg/modules/user/impluser/module.go

@@ -175,7 +175,7 @@ func (module *Module) CreateUser(ctx context.Context, input *types.User, opts ..
 	createUserOpts := root.NewCreateUserOptions(opts...)
 
 	// since assign is idempotant multiple calls to assign won't cause issues in case of retries.
-	err := module.authz.Grant(ctx, input.OrgID, []string{roletypes.MustGetSigNozManagedRoleFromExistingRole(input.Role)}, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.StringValue(), input.OrgID, nil))
+	err := module.authz.Grant(ctx, input.OrgID, roletypes.MustGetSigNozManagedRoleFromExistingRole(input.Role), authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.StringValue(), input.OrgID, nil))
 	if err != nil {
 		return err
 	}
@@ -237,8 +237,8 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 	if user.Role != "" && user.Role != existingUser.Role {
 		err = m.authz.ModifyGrant(ctx,
 			orgID,
-			[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(existingUser.Role)},
-			[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
+			roletypes.MustGetSigNozManagedRoleFromExistingRole(existingUser.Role),
+			roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role),
 			authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil),
 		)
 		if err != nil {
@@ -295,7 +295,7 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 	}
 
 	// since revoke is idempotant multiple calls to revoke won't cause issues in case of retries
-	err = module.authz.Revoke(ctx, orgID, []string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)}, authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil))
+	err = module.authz.Revoke(ctx, orgID, roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role), authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil))
 	if err != nil {
 		return err
 	}

pkg/modules/user/impluser/service.go

@@ -159,8 +159,8 @@ func (s *service) createOrPromoteRootUser(ctx context.Context, orgID valuer.UUID
 		if oldRole != types.RoleAdmin {
 			if err := s.authz.ModifyGrant(ctx,
 				orgID,
-				[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(oldRole)},
-				[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(types.RoleAdmin)},
+				roletypes.MustGetSigNozManagedRoleFromExistingRole(oldRole),
+				roletypes.MustGetSigNozManagedRoleFromExistingRole(types.RoleAdmin),
 				authtypes.MustNewSubject(authtypes.TypeableUser, existingUser.ID.StringValue(), orgID, nil),
 			); err != nil {
 				return err

pkg/signoz/handler.go

@@ -24,8 +24,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport/implrawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/savedview"
 	"github.com/SigNoz/signoz/pkg/modules/savedview/implsavedview"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/services"
 	"github.com/SigNoz/signoz/pkg/modules/services/implservices"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile"
@@ -38,23 +36,22 @@ import (
 )
 
 type Handlers struct {
-	SavedView             savedview.Handler
-	Apdex                 apdex.Handler
-	Dashboard             dashboard.Handler
-	QuickFilter           quickfilter.Handler
-	TraceFunnel           tracefunnel.Handler
-	RawDataExport         rawdataexport.Handler
-	SpanPercentile        spanpercentile.Handler
-	Services              services.Handler
-	MetricsExplorer       metricsexplorer.Handler
-	Global                global.Handler
-	FlaggerHandler        flagger.Handler
-	GatewayHandler        gateway.Handler
-	Fields                fields.Handler
-	AuthzHandler          authz.Handler
-	ZeusHandler           zeus.Handler
-	QuerierHandler        querier.Handler
-	ServiceAccountHandler serviceaccount.Handler
+	SavedView       savedview.Handler
+	Apdex           apdex.Handler
+	Dashboard       dashboard.Handler
+	QuickFilter     quickfilter.Handler
+	TraceFunnel     tracefunnel.Handler
+	RawDataExport   rawdataexport.Handler
+	SpanPercentile  spanpercentile.Handler
+	Services        services.Handler
+	MetricsExplorer metricsexplorer.Handler
+	Global          global.Handler
+	FlaggerHandler  flagger.Handler
+	GatewayHandler  gateway.Handler
+	Fields          fields.Handler
+	AuthzHandler    authz.Handler
+	ZeusHandler     zeus.Handler
+	QuerierHandler  querier.Handler
 }
 
 func NewHandlers(
@@ -71,22 +68,21 @@ func NewHandlers(
 	zeusService zeus.Zeus,
 ) Handlers {
 	return Handlers{
-		SavedView:             implsavedview.NewHandler(modules.SavedView),
-		Apdex:                 implapdex.NewHandler(modules.Apdex),
-		Dashboard:             impldashboard.NewHandler(modules.Dashboard, providerSettings),
-		QuickFilter:           implquickfilter.NewHandler(modules.QuickFilter),
-		TraceFunnel:           impltracefunnel.NewHandler(modules.TraceFunnel),
-		RawDataExport:         implrawdataexport.NewHandler(modules.RawDataExport),
-		Services:              implservices.NewHandler(modules.Services),
-		MetricsExplorer:       implmetricsexplorer.NewHandler(modules.MetricsExplorer),
-		SpanPercentile:        implspanpercentile.NewHandler(modules.SpanPercentile),
-		Global:                signozglobal.NewHandler(global),
-		FlaggerHandler:        flagger.NewHandler(flaggerService),
-		GatewayHandler:        gateway.NewHandler(gatewayService),
-		Fields:                implfields.NewHandler(providerSettings, telemetryMetadataStore),
-		AuthzHandler:          signozauthzapi.NewHandler(authz),
-		ZeusHandler:           zeus.NewHandler(zeusService, licensing),
-		QuerierHandler:        querierHandler,
-		ServiceAccountHandler: implserviceaccount.NewHandler(modules.ServiceAccount),
+		SavedView:       implsavedview.NewHandler(modules.SavedView),
+		Apdex:           implapdex.NewHandler(modules.Apdex),
+		Dashboard:       impldashboard.NewHandler(modules.Dashboard, providerSettings),
+		QuickFilter:     implquickfilter.NewHandler(modules.QuickFilter),
+		TraceFunnel:     impltracefunnel.NewHandler(modules.TraceFunnel),
+		RawDataExport:   implrawdataexport.NewHandler(modules.RawDataExport),
+		Services:        implservices.NewHandler(modules.Services),
+		MetricsExplorer: implmetricsexplorer.NewHandler(modules.MetricsExplorer),
+		SpanPercentile:  implspanpercentile.NewHandler(modules.SpanPercentile),
+		Global:          signozglobal.NewHandler(global),
+		FlaggerHandler:  flagger.NewHandler(flaggerService),
+		GatewayHandler:  gateway.NewHandler(gatewayService),
+		Fields:          implfields.NewHandler(providerSettings, telemetryMetadataStore),
+		AuthzHandler:    signozauthzapi.NewHandler(authz),
+		ZeusHandler:     zeus.NewHandler(zeusService, licensing),
+		QuerierHandler:  querierHandler,
 	}
 }

pkg/signoz/module.go

@@ -27,8 +27,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport/implrawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/savedview"
 	"github.com/SigNoz/signoz/pkg/modules/savedview/implsavedview"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/services"
 	"github.com/SigNoz/signoz/pkg/modules/services/implservices"
 	"github.com/SigNoz/signoz/pkg/modules/session"
@@ -68,7 +66,6 @@ type Modules struct {
 	SpanPercentile  spanpercentile.Module
 	MetricsExplorer metricsexplorer.Module
 	Promote         promote.Module
-	ServiceAccount  serviceaccount.Module
 }
 
 func NewModules(
@@ -113,6 +110,5 @@ func NewModules(
 		Services:        implservices.NewModule(querier, telemetryStore),
 		MetricsExplorer: implmetricsexplorer.NewModule(telemetryStore, telemetryMetadataStore, cache, ruleStore, dashboard, providerSettings, config.MetricsExplorer),
 		Promote:         implpromote.NewModule(telemetryMetadataStore, telemetryStore),
-		ServiceAccount:  implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), authz, emailing, providerSettings),
 	}
 }

pkg/signoz/openapi.go

@@ -22,7 +22,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -60,7 +59,6 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 		struct{ authz.Handler }{},
 		struct{ zeus.Handler }{},
 		struct{ querier.Handler }{},
-		struct{ serviceaccount.Handler }{},
 	).New(ctx, instrumentation.ToProviderSettings(), apiserver.Config{})
 	if err != nil {
 		return nil, err

pkg/signoz/provider.go

@@ -255,7 +255,6 @@ func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.Au
 			handlers.AuthzHandler,
 			handlers.ZeusHandler,
 			handlers.QuerierHandler,
-			handlers.ServiceAccountHandler,
 		),
 	)
 }

pkg/telemetrymetrics/statement_builder.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log/slog"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
@@ -188,7 +189,9 @@ func (b *MetricQueryStatementBuilder) buildPipelineStatement(
 		}
 
 		// spatial_aggregation_cte
-		if frag, args := b.buildSpatialAggregationCTE(ctx, start, end, query, keys); frag != "" {
+		if frag, args, err := b.buildSpatialAggregationCTE(ctx, start, end, query, keys); err != nil {
+			return nil, err
+		} else if frag != "" {
 			cteFragments = append(cteFragments, frag)
 			cteArgs = append(cteArgs, args)
 		}
@@ -519,7 +522,14 @@ func (b *MetricQueryStatementBuilder) buildSpatialAggregationCTE(
 	_ uint64,
 	query qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation],
 	_ map[string][]*telemetrytypes.TelemetryFieldKey,
-) (string, []any) {
+) (string, []any, error) {
+	if query.Aggregations[0].SpaceAggregation.IsZero() {
+		return "", nil, errors.Newf(
+			errors.TypeInvalidInput,
+			errors.CodeInvalidInput,
+			"invalid space aggregation, should be one of the following: [`sum`, `avg`, `min`, `max`, `count`, `p50`, `p75`, `p90`, `p95`, `p99`]",
+		)
+	}
 	sb := sqlbuilder.NewSelectBuilder()
 
 	sb.Select("ts")
@@ -536,7 +546,7 @@ func (b *MetricQueryStatementBuilder) buildSpatialAggregationCTE(
 	sb.GroupBy(querybuilder.GroupByKeys(query.GroupBy)...)
 
 	q, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
-	return fmt.Sprintf("__spatial_aggregation_cte AS (%s)", q), args
+	return fmt.Sprintf("__spatial_aggregation_cte AS (%s)", q), args, nil
 }
 
 func (b *MetricQueryStatementBuilder) BuildFinalSelect(

pkg/telemetrymetrics/stmt_builder_test.go

@@ -122,7 +122,7 @@ func TestStatementBuilder(t *testing.T) {
 			expectedErr: nil,
 		},
 		{
-			name:        "test_histogram_percentile1",
+			name:        "test_histogram_percentile",
 			requestType: qbtypes.RequestTypeTimeSeries,
 			query: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
 				Signal:       telemetrytypes.SignalMetrics,
@@ -132,7 +132,6 @@ func TestStatementBuilder(t *testing.T) {
 						MetricName:       "signoz_latency",
 						Type:             metrictypes.HistogramType,
 						Temporality:      metrictypes.Delta,
-						TimeAggregation:  metrictypes.TimeAggregationRate,
 						SpaceAggregation: metrictypes.SpaceAggregationPercentile95,
 					},
 				},
@@ -188,7 +187,7 @@ func TestStatementBuilder(t *testing.T) {
 			expectedErr: nil,
 		},
 		{
-			name:        "test_histogram_percentile2",
+			name:        "test_histogram_percentile",
 			requestType: qbtypes.RequestTypeTimeSeries,
 			query: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
 				Signal:       telemetrytypes.SignalMetrics,
@@ -198,7 +197,6 @@ func TestStatementBuilder(t *testing.T) {
 						MetricName:       "http_server_duration_bucket",
 						Type:             metrictypes.HistogramType,
 						Temporality:      metrictypes.Cumulative,
-						TimeAggregation:  metrictypes.TimeAggregationRate,
 						SpaceAggregation: metrictypes.SpaceAggregationPercentile95,
 					},
 				},
@@ -213,7 +211,7 @@ func TestStatementBuilder(t *testing.T) {
 			},
 			expected: qbtypes.Statement{
 				Query: "WITH __temporal_aggregation_cte AS (SELECT ts, `service.name`, `le`, multiIf(row_number() OVER rate_window = 1, nan, (per_series_value - lagInFrame(per_series_value, 1) OVER rate_window) < 0, per_series_value / (ts - lagInFrame(ts, 1) OVER rate_window), (per_series_value - lagInFrame(per_series_value, 1) OVER rate_window) / (ts - lagInFrame(ts, 1) OVER rate_window)) AS per_series_value FROM (SELECT fingerprint, toStartOfInterval(toDateTime(intDiv(unix_milli, 1000)), toIntervalSecond(30)) AS ts, `service.name`, `le`, max(value) AS per_series_value FROM signoz_metrics.distributed_samples_v4 AS points INNER JOIN (SELECT fingerprint, JSONExtractString(labels, 'service.name') AS `service.name`, JSONExtractString(labels, 'le') AS `le` FROM signoz_metrics.time_series_v4_6hrs WHERE metric_name IN (?) AND unix_milli >= ? AND unix_milli <= ? AND LOWER(temporality) LIKE LOWER(?) AND __normalized = ? GROUP BY fingerprint, `service.name`, `le`) AS filtered_time_series ON points.fingerprint = filtered_time_series.fingerprint WHERE metric_name IN (?) AND unix_milli >= ? AND unix_milli < ? GROUP BY fingerprint, ts, `service.name`, `le` ORDER BY fingerprint, ts) WINDOW rate_window AS (PARTITION BY fingerprint ORDER BY fingerprint, ts)), __spatial_aggregation_cte AS (SELECT ts, `service.name`, `le`, sum(per_series_value) AS value FROM __temporal_aggregation_cte WHERE isNaN(per_series_value) = ? GROUP BY ts, `service.name`, `le`) SELECT ts, `service.name`, histogramQuantile(arrayMap(x -> toFloat64(x), groupArray(le)), groupArray(value), 0.950) AS value FROM __spatial_aggregation_cte GROUP BY `service.name`, ts ORDER BY `service.name`, ts",
-				Args:  []any{"http_server_duration_bucket", uint64(1747936800000), uint64(1747983420000), "cumulative", false, "http_server_duration_bucket", uint64(1747947360000), uint64(1747983420000), 0},
+				Args:  []any{"http_server_duration_bucket", uint64(1747936800000), uint64(1747983420000), "cumulative", false, "http_server_duration_bucket", uint64(1747947390000), uint64(1747983420000), 0},
 			},
 			expectedErr: nil,
 		},

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -1,578 +0,0 @@
-// NOTE:
-//   - When Account keyword is used in struct names, it refers cloud integration account. CloudIntegration refers to DB schema.
-//   - When Account Config keyword is used in struct names, it refers to configuration for cloud integration accounts
-//   - When Service keyword is used in struct names, it refers to cloud integration service. CloudIntegrationService refers to DB schema.
-//     where `service` is services provided by each cloud provider like AWS S3, Azure BlobStorage etc.
-//   - When Service Config keyword is used in struct names, it refers to configuration for cloud integration services
-package cloudintegrationtypes
-
-import (
-	"database/sql/driver"
-	"encoding/json"
-	"strings"
-	"time"
-
-	"github.com/uptrace/bun"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// CloudProviderType type alias
-type CloudProviderType struct{ valuer.String }
-
-var (
-	CloudProviderTypeAWS   = CloudProviderType{valuer.NewString("aws")}
-	CloudProviderTypeAzure = CloudProviderType{valuer.NewString("azure")}
-)
-
-var ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
-
-// NewCloudProvider returns a new CloudProviderType from a string. It validates the input and returns an error if the input is not valid.
-func NewCloudProvider(provider string) (CloudProviderType, error) {
-	switch provider {
-	case CloudProviderTypeAWS.StringValue():
-		return CloudProviderTypeAWS, nil
-	case CloudProviderTypeAzure.StringValue():
-		return CloudProviderTypeAzure, nil
-	default:
-		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
-	}
-}
-
-var (
-	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
-	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
-)
-
-// CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
-// This is used for validation and restrictions in different contexts, across codebase.
-var CloudIntegrationUserEmails = []valuer.Email{
-	AWSIntegrationUserEmail,
-	AzureIntegrationUserEmail,
-}
-
-func IsCloudIntegrationDashboardUuid(dashboardUuid string) bool {
-	parts := strings.SplitN(dashboardUuid, "--", 4)
-	if len(parts) != 4 {
-		return false
-	}
-
-	return parts[0] == "cloud-integration"
-}
-
-// GetCloudIntegrationDashboardID returns the cloud provider from dashboard id, if it's a cloud integration dashboard id.
-// throws an error if invalid format or invalid cloud provider is provided in the dashboard id.
-func GetCloudProviderFromDashboardID(dashboardUuid string) (CloudProviderType, error) {
-	parts := strings.SplitN(dashboardUuid, "--", 4)
-	if len(parts) != 4 {
-		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid dashboard uuid: %s", dashboardUuid)
-	}
-
-	providerStr := parts[1]
-
-	cloudProvider, err := NewCloudProvider(providerStr)
-	if err != nil {
-		return CloudProviderType{}, err
-	}
-
-	return cloudProvider, nil
-}
-
-// Generic utility functions for JSON serialization/deserialization
-// this is helpful to return right errors from a common place and avoid repeating the same code in multiple places.
-// UnmarshalJSON is a generic function to unmarshal JSON data into any type
-func UnmarshalJSON[T any](src []byte, target *T) error {
-	err := json.Unmarshal(src, target)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize JSON",
-		)
-	}
-	return nil
-}
-
-// MarshalJSON is a generic function to marshal any type to JSON
-func MarshalJSON[T any](source *T) ([]byte, error) {
-	if source == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "source is nil")
-	}
-
-	serialized, err := json.Marshal(source)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-// GettableConnectedAccountsList is the response for listing connected accounts for a cloud provider.
-type GettableConnectedAccountsList struct {
-	Accounts []*Account `json:"accounts"`
-}
-
-// SigNozAgentConfig represents parameters required for agent deployment in cloud provider accounts
-// these represent parameters passed during agent deployment, how they are passed might change for each cloud provider but the purpose is same.
-type SigNozAgentConfig struct {
-	Region string `json:"region,omitempty"` // AWS-specific: The region in which SigNoz agent should be installed
-
-	IngestionUrl string `json:"ingestion_url"`
-	IngestionKey string `json:"ingestion_key"`
-	SigNozAPIUrl string `json:"signoz_api_url"`
-	SigNozAPIKey string `json:"signoz_api_key"`
-
-	Version string `json:"version,omitempty"`
-}
-
-// PostableConnectionArtifact represent request body for generating connection artifact API.
-// Data is request body raw bytes since each cloud provider will have have different request body structure and generics hardly help in such cases.
-// Artifact is a generic name for different types of connection methods like connection URL for AWS, connection command for Azure etc.
-type PostableConnectionArtifact struct {
-	OrgID string
-	Data  []byte // either PostableAWSConnectionUrl or PostableAzureConnectionCommand
-}
-
-// PostableAWSConnectionUrl is request body for AWS connection artifact API
-type PostableAWSConnectionUrl struct {
-	AgentConfig   *SigNozAgentConfig `json:"agent_config"`
-	AccountConfig *AWSAccountConfig  `json:"account_config"`
-}
-
-// PostableAzureConnectionCommand is request body for Azure connection artifact API
-type PostableAzureConnectionCommand struct {
-	AgentConfig   *SigNozAgentConfig  `json:"agent_config"`
-	AccountConfig *AzureAccountConfig `json:"account_config"`
-}
-
-// GettableAzureConnectionArtifact is Azure specific connection artifact which contains connection commands for agent deployment
-type GettableAzureConnectionArtifact struct {
-	AzureShellConnectionCommand string `json:"az_shell_connection_command"`
-	AzureCliConnectionCommand   string `json:"az_cli_connection_command"`
-}
-
-// GettableAWSConnectionUrl is AWS specific connection artifact which contains connection url for agent deployment
-type GettableAWSConnectionUrl struct {
-	AccountId     string `json:"account_id"`
-	ConnectionUrl string `json:"connection_url"`
-}
-
-// GettableAzureConnectionCommand is Azure specific connection artifact which contains connection commands for agent deployment
-type GettableAzureConnectionCommand struct {
-	AccountId                   string `json:"account_id"`
-	AzureShellConnectionCommand string `json:"az_shell_connection_command"`
-	AzureCliConnectionCommand   string `json:"az_cli_connection_command"`
-}
-
-// GettableAccountStatus is cloud integration account status response
-type GettableAccountStatus struct {
-	Id             string        `json:"id"`
-	CloudAccountId *string       `json:"cloud_account_id,omitempty"`
-	Status         AccountStatus `json:"status"`
-}
-
-// PostableAgentCheckInPayload is request body for agent check-in API.
-// This is used by agent to send heartbeat.
-type PostableAgentCheckInPayload struct {
-	ID        string `json:"account_id"`
-	AccountID string `json:"cloud_account_id"`
-	// Arbitrary cloud specific Agent data
-	Data  map[string]any `json:"data,omitempty"`
-	OrgID string         `json:"-"`
-}
-
-// AWSAgentIntegrationConfig is used by agent for deploying infra to send telemetry to SigNoz
-type AWSAgentIntegrationConfig struct {
-	EnabledRegions              []string               `json:"enabled_regions"`
-	TelemetryCollectionStrategy *AWSCollectionStrategy `json:"telemetry,omitempty"`
-}
-
-// AzureAgentIntegrationConfig is used by agent for deploying infra to send telemetry to SigNoz
-type AzureAgentIntegrationConfig struct {
-	DeploymentRegion      string   `json:"deployment_region"` // will not be changed once set
-	EnabledResourceGroups []string `json:"resource_groups"`
-	// TelemetryCollectionStrategy is map of service to telemetry config
-	TelemetryCollectionStrategy map[string]*AzureCollectionStrategy `json:"telemetry,omitempty"`
-}
-
-// GettableAgentCheckInRes is generic response from agent check-in API.
-// AWSAgentIntegrationConfig and AzureAgentIntegrationConfig these configs are used by agent to deploy the infra and send telemetry to SigNoz
-type GettableAgentCheckInRes[AgentConfigT any] struct {
-	AccountId         string       `json:"account_id"`
-	CloudAccountId    string       `json:"cloud_account_id"`
-	RemovedAt         *time.Time   `json:"removed_at"`
-	IntegrationConfig AgentConfigT `json:"integration_config"`
-}
-
-// UpdatableServiceConfig is generic
-type UpdatableServiceConfig[ServiceConfigT any] struct {
-	CloudAccountId string         `json:"cloud_account_id"`
-	Config         ServiceConfigT `json:"config"`
-}
-
-// ServiceConfigTyped is a generic interface for cloud integration service's configuration
-// this is generic interface to define helper functions for CloudIntegrationService.Config field.
-type ServiceConfigTyped[definition Definition] interface {
-	Validate(def definition) error
-	IsMetricsEnabled() bool
-	IsLogsEnabled() bool
-}
-
-type AWSServiceConfig struct {
-	Logs    *AWSServiceLogsConfig    `json:"logs,omitempty"`
-	Metrics *AWSServiceMetricsConfig `json:"metrics,omitempty"`
-}
-
-type AWSServiceLogsConfig struct {
-	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
-}
-
-type AWSServiceMetricsConfig struct {
-	Enabled bool `json:"enabled"`
-}
-
-// IsMetricsEnabled returns true if metrics collection is configured and enabled
-func (a *AWSServiceConfig) IsMetricsEnabled() bool {
-	return a.Metrics != nil && a.Metrics.Enabled
-}
-
-// IsLogsEnabled returns true if logs collection is configured and enabled
-func (a *AWSServiceConfig) IsLogsEnabled() bool {
-	return a.Logs != nil && a.Logs.Enabled
-}
-
-type AzureServiceConfig struct {
-	Logs    []*AzureServiceLogsConfig    `json:"logs,omitempty"`
-	Metrics []*AzureServiceMetricsConfig `json:"metrics,omitempty"`
-}
-
-// AzureServiceLogsConfig is Azure specific service config for logs
-type AzureServiceLogsConfig struct {
-	Enabled bool   `json:"enabled"`
-	Name    string `json:"name"`
-}
-
-// AzureServiceMetricsConfig is Azure specific service config for metrics
-type AzureServiceMetricsConfig struct {
-	Enabled bool   `json:"enabled"`
-	Name    string `json:"name"`
-}
-
-// IsMetricsEnabled returns true if any metric is configured and enabled
-func (a *AzureServiceConfig) IsMetricsEnabled() bool {
-	if a.Metrics == nil {
-		return false
-	}
-	for _, m := range a.Metrics {
-		if m.Enabled {
-			return true
-		}
-	}
-	return false
-}
-
-// IsLogsEnabled returns true if any log is configured and enabled
-func (a *AzureServiceConfig) IsLogsEnabled() bool {
-	if a.Logs == nil {
-		return false
-	}
-	for _, l := range a.Logs {
-		if l.Enabled {
-			return true
-		}
-	}
-	return false
-}
-
-func (a *AWSServiceConfig) Validate(def *AWSDefinition) error {
-	if def.Id != S3Sync.String() && a.Logs != nil && a.Logs.S3Buckets != nil {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "s3 buckets can only be added to service-type[%s]", S3Sync)
-	} else if def.Id == S3Sync.String() && a.Logs != nil && a.Logs.S3Buckets != nil {
-		for region := range a.Logs.S3Buckets {
-			if _, found := ValidAWSRegions[region]; !found {
-				return errors.NewInvalidInputf(CodeInvalidCloudRegion, "invalid cloud region: %s", region)
-			}
-		}
-	}
-
-	return nil
-}
-
-func (a *AzureServiceConfig) Validate(def *AzureDefinition) error {
-	logsMap := make(map[string]bool)
-	metricsMap := make(map[string]bool)
-
-	if def.Strategy != nil && def.Strategy.Logs != nil {
-		for _, log := range def.Strategy.Logs {
-			logsMap[log.Name] = true
-		}
-	}
-
-	if def.Strategy != nil && def.Strategy.Metrics != nil {
-		for _, metric := range def.Strategy.Metrics {
-			metricsMap[metric.Name] = true
-		}
-	}
-
-	for _, log := range a.Logs {
-		if _, found := logsMap[log.Name]; !found {
-			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid log name: %s", log.Name)
-		}
-	}
-
-	for _, metric := range a.Metrics {
-		if _, found := metricsMap[metric.Name]; !found {
-			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid metric name: %s", metric.Name)
-		}
-	}
-
-	return nil
-}
-
-// UpdatableServiceConfigRes is response for UpdateServiceConfig API
-// TODO: find a better way to name this
-type UpdatableServiceConfigRes struct {
-	ServiceId string `json:"id"`
-	Config    any    `json:"config"`
-}
-
-// UpdatableAccountConfigTyped is a generic struct for updating cloud integration account config used in UpdateAccountConfig API
-type UpdatableAccountConfigTyped[AccountConfigT any] struct {
-	Config *AccountConfigT `json:"config"`
-}
-
-type (
-	UpdatableAWSAccountConfig   = UpdatableAccountConfigTyped[AWSAccountConfig]
-	UpdatableAzureAccountConfig = UpdatableAccountConfigTyped[AzureAccountConfig]
-)
-
-// AWSAccountConfig is the configuration for AWS cloud integration account
-type AWSAccountConfig struct {
-	EnabledRegions []string `json:"regions"`
-}
-
-// AzureAccountConfig is the configuration for Azure cloud integration account
-type AzureAccountConfig struct {
-	DeploymentRegion      string   `json:"deployment_region,omitempty"`
-	EnabledResourceGroups []string `json:"resource_groups,omitempty"`
-}
-
-// GettableServices is a generic struct for listing services of a cloud integration account used in ListServices API
-type GettableServices[ServiceSummaryT any] struct {
-	Services []ServiceSummaryT `json:"services"`
-}
-
-type (
-	GettableAWSServices   = GettableServices[AWSServiceSummary]
-	GettableAzureServices = GettableServices[AzureServiceSummary]
-)
-
-// GetServiceDetailsReq is a req struct for getting service definition details
-type GetServiceDetailsReq struct {
-	OrgID          valuer.UUID
-	ServiceId      string
-	CloudAccountID *string
-}
-
-// ServiceSummary is a generic struct for service summary used in ListServices API
-type ServiceSummary[ServiceConfigT any] struct {
-	DefinitionMetadata
-	Config *ServiceConfigT `json:"config"`
-}
-
-type (
-	AWSServiceSummary   = ServiceSummary[AWSServiceConfig]
-	AzureServiceSummary = ServiceSummary[AzureServiceConfig]
-)
-
-// GettableServiceDetails is a generic struct for service details used in GetServiceDetails API
-type GettableServiceDetails[DefinitionT any, ServiceConfigT any] struct {
-	Definition       DefinitionT              `json:",inline"`
-	Config           ServiceConfigT           `json:"config"`
-	ConnectionStatus *ServiceConnectionStatus `json:"status,omitempty"`
-}
-
-type (
-	GettableAWSServiceDetails   = GettableServiceDetails[AWSDefinition, *AWSServiceConfig]
-	GettableAzureServiceDetails = GettableServiceDetails[AzureDefinition, *AzureServiceConfig]
-)
-
-// ServiceConnectionStatus represents integration connection status for a particular service
-// this struct helps to check ingested data and determines connection status by whether data was ingested or not.
-// this is composite struct for both metrics and logs
-type ServiceConnectionStatus struct {
-	Logs    []*SignalConnectionStatus `json:"logs"`
-	Metrics []*SignalConnectionStatus `json:"metrics"`
-}
-
-// SignalConnectionStatus represents connection status for a particular signal type (logs or metrics) for a service
-// this struct is used in API responses for clients to show relevant information about the connection status.
-type SignalConnectionStatus struct {
-	CategoryID           string `json:"category"`
-	CategoryDisplayName  string `json:"category_display_name"`
-	LastReceivedTsMillis int64  `json:"last_received_ts_ms"` // epoch milliseconds
-	LastReceivedFrom     string `json:"last_received_from"`  // resource identifier
-}
-
-// GettableCloudIntegrationConnectionParams is response for connection params API
-type GettableCloudIntegrationConnectionParams struct {
-	IngestionUrl string `json:"ingestion_url,omitempty"`
-	IngestionKey string `json:"ingestion_key,omitempty"`
-	SigNozAPIUrl string `json:"signoz_api_url,omitempty"`
-	SigNozAPIKey string `json:"signoz_api_key,omitempty"`
-}
-
-// GettableIngestionKey is a struct for ingestion key returned from gateway
-type GettableIngestionKey struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-	// other attributes from gateway response not included here since they are not being used.
-}
-
-// GettableIngestionKeysSearch is a struct for response of ingestion keys search API on gateway
-type GettableIngestionKeysSearch struct {
-	Status string                 `json:"status"`
-	Data   []GettableIngestionKey `json:"data"`
-	Error  string                 `json:"error"`
-}
-
-// GettableCreateIngestionKey is a struct for response of create ingestion key API on gateway
-type GettableCreateIngestionKey struct {
-	Status string               `json:"status"`
-	Data   GettableIngestionKey `json:"data"`
-	Error  string               `json:"error"`
-}
-
-// GettableDeployment is response struct for deployment details fetched from Zeus
-type GettableDeployment struct {
-	Name        string `json:"name"`
-	ClusterInfo struct {
-		Region struct {
-			DNS string `json:"dns"`
-		} `json:"region"`
-	} `json:"cluster"`
-}
-
-// --------------------------------------------------------------------------
-// DATABASE TYPES
-// --------------------------------------------------------------------------
-
-// --------------------------------------------------------------------------
-// Cloud integration uses the cloud_integration table
-// and cloud_integrations_service table
-// --------------------------------------------------------------------------
-
-type CloudIntegration struct {
-	bun.BaseModel `bun:"table:cloud_integration"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Provider        string       `json:"provider" bun:"provider,type:text,unique:provider_id"`
-	Config          string       `json:"config" bun:"config,type:text"` // json serialized config
-	AccountID       *string      `json:"account_id" bun:"account_id,type:text"`
-	LastAgentReport *AgentReport `json:"last_agent_report" bun:"last_agent_report,type:text"`
-	RemovedAt       *time.Time   `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
-	OrgID           string       `bun:"org_id,type:text,unique:provider_id"`
-}
-
-// Account represents a cloud integration account, this is used for business logic and API responses.
-type Account struct {
-	Id             string        `json:"id"`
-	CloudAccountId string        `json:"cloud_account_id"`
-	Config         any           `json:"config"` // AWSAccountConfig or AzureAccountConfig
-	Status         AccountStatus `json:"status"`
-}
-
-// AccountStatus is generic struct for cloud integration account status
-type AccountStatus struct {
-	Integration AccountIntegrationStatus `json:"integration"`
-}
-
-// AccountIntegrationStatus stores heartbeat information from agent check in
-type AccountIntegrationStatus struct {
-	LastHeartbeatTsMillis *int64 `json:"last_heartbeat_ts_ms"`
-}
-
-func (a *CloudIntegration) Status() AccountStatus {
-	status := AccountStatus{}
-	if a.LastAgentReport != nil {
-		lastHeartbeat := a.LastAgentReport.TimestampMillis
-		status.Integration.LastHeartbeatTsMillis = &lastHeartbeat
-	}
-	return status
-}
-
-func (a *CloudIntegration) Account(cloudProvider CloudProviderType) *Account {
-	ca := &Account{Id: a.ID.StringValue(), Status: a.Status()}
-
-	if a.AccountID != nil {
-		ca.CloudAccountId = *a.AccountID
-	}
-
-	ca.Config = map[string]interface{}{}
-
-	if len(a.Config) < 1 {
-		return ca
-	}
-
-	switch cloudProvider {
-	case CloudProviderTypeAWS:
-		config := new(AWSAccountConfig)
-		_ = UnmarshalJSON([]byte(a.Config), config)
-		ca.Config = config
-	case CloudProviderTypeAzure:
-		config := new(AzureAccountConfig)
-		_ = UnmarshalJSON([]byte(a.Config), config)
-		ca.Config = config
-	default:
-	}
-
-	return ca
-}
-
-type AgentReport struct {
-	TimestampMillis int64          `json:"timestamp_millis"`
-	Data            map[string]any `json:"data"`
-}
-
-// Scan scans data from db
-func (r *AgentReport) Scan(src any) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	return json.Unmarshal(data, r)
-}
-
-// Value serializes data to bytes for db insertion
-func (r *AgentReport) Value() (driver.Value, error) {
-	if r == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
-	}
-
-	serialized, err := json.Marshal(r)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-type CloudIntegrationService struct {
-	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Type               string `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
-	Config             string `bun:"config,type:text"` // json serialized config
-	CloudIntegrationID string `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integrations(id),on_delete:cascade"`
-}

pkg/types/cloudintegrationtypes/regions.go

@@ -1,103 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-var (
-	CodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
-	CodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
-)
-
-// List of all valid cloud regions on Amazon Web Services
-var ValidAWSRegions = map[string]bool{
-	"af-south-1":     true, // Africa (Cape Town).
-	"ap-east-1":      true, // Asia Pacific (Hong Kong).
-	"ap-northeast-1": true, // Asia Pacific (Tokyo).
-	"ap-northeast-2": true, // Asia Pacific (Seoul).
-	"ap-northeast-3": true, // Asia Pacific (Osaka).
-	"ap-south-1":     true, // Asia Pacific (Mumbai).
-	"ap-south-2":     true, // Asia Pacific (Hyderabad).
-	"ap-southeast-1": true, // Asia Pacific (Singapore).
-	"ap-southeast-2": true, // Asia Pacific (Sydney).
-	"ap-southeast-3": true, // Asia Pacific (Jakarta).
-	"ap-southeast-4": true, // Asia Pacific (Melbourne).
-	"ca-central-1":   true, // Canada (Central).
-	"ca-west-1":      true, // Canada West (Calgary).
-	"eu-central-1":   true, // Europe (Frankfurt).
-	"eu-central-2":   true, // Europe (Zurich).
-	"eu-north-1":     true, // Europe (Stockholm).
-	"eu-south-1":     true, // Europe (Milan).
-	"eu-south-2":     true, // Europe (Spain).
-	"eu-west-1":      true, // Europe (Ireland).
-	"eu-west-2":      true, // Europe (London).
-	"eu-west-3":      true, // Europe (Paris).
-	"il-central-1":   true, // Israel (Tel Aviv).
-	"me-central-1":   true, // Middle East (UAE).
-	"me-south-1":     true, // Middle East (Bahrain).
-	"sa-east-1":      true, // South America (Sao Paulo).
-	"us-east-1":      true, // US East (N. Virginia).
-	"us-east-2":      true, // US East (Ohio).
-	"us-west-1":      true, // US West (N. California).
-	"us-west-2":      true, // US West (Oregon).
-}
-
-// List of all valid cloud regions for Microsoft Azure
-var ValidAzureRegions = map[string]bool{
-	"australiacentral":   true, // Australia Central
-	"australiacentral2":  true, // Australia Central 2
-	"australiaeast":      true, // Australia East
-	"australiasoutheast": true, // Australia Southeast
-	"austriaeast":        true, // Austria East
-	"belgiumcentral":     true, // Belgium Central
-	"brazilsouth":        true, // Brazil South
-	"brazilsoutheast":    true, // Brazil Southeast
-	"canadacentral":      true, // Canada Central
-	"canadaeast":         true, // Canada East
-	"centralindia":       true, // Central India
-	"centralus":          true, // Central US
-	"chilecentral":       true, // Chile Central
-	"denmarkeast":        true, // Denmark East
-	"eastasia":           true, // East Asia
-	"eastus":             true, // East US
-	"eastus2":            true, // East US 2
-	"francecentral":      true, // France Central
-	"francesouth":        true, // France South
-	"germanynorth":       true, // Germany North
-	"germanywestcentral": true, // Germany West Central
-	"indonesiacentral":   true, // Indonesia Central
-	"israelcentral":      true, // Israel Central
-	"italynorth":         true, // Italy North
-	"japaneast":          true, // Japan East
-	"japanwest":          true, // Japan West
-	"koreacentral":       true, // Korea Central
-	"koreasouth":         true, // Korea South
-	"malaysiawest":       true, // Malaysia West
-	"mexicocentral":      true, // Mexico Central
-	"newzealandnorth":    true, // New Zealand North
-	"northcentralus":     true, // North Central US
-	"northeurope":        true, // North Europe
-	"norwayeast":         true, // Norway East
-	"norwaywest":         true, // Norway West
-	"polandcentral":      true, // Poland Central
-	"qatarcentral":       true, // Qatar Central
-	"southafricanorth":   true, // South Africa North
-	"southafricawest":    true, // South Africa West
-	"southcentralus":     true, // South Central US
-	"southindia":         true, // South India
-	"southeastasia":      true, // Southeast Asia
-	"spaincentral":       true, // Spain Central
-	"swedencentral":      true, // Sweden Central
-	"switzerlandnorth":   true, // Switzerland North
-	"switzerlandwest":    true, // Switzerland West
-	"uaecentral":         true, // UAE Central
-	"uaenorth":           true, // UAE North
-	"uksouth":            true, // UK South
-	"ukwest":             true, // UK West
-	"westcentralus":      true, // West Central US
-	"westeurope":         true, // West Europe
-	"westindia":          true, // West India
-	"westus":             true, // West US
-	"westus2":            true, // West US 2
-	"westus3":            true, // West US 3
-}

pkg/types/cloudintegrationtypes/servicedefinitions.go

@@ -1,263 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var S3Sync = valuer.NewString("s3sync")
-
-// Generic interface for cloud service definition.
-// This is implemented by AWSDefinition and AzureDefinition, which represent service definitions for AWS and Azure respectively.
-// Generics work well so far because service definitions share a similar logic.
-// We dont want to over-do generics as well, if the service definitions functionally diverge in the future consider breaking generics.
-type Definition interface {
-	GetId() string
-	Validate() error
-	PopulateDashboardURLs(cloudProvider CloudProviderType, svcId string)
-	GetIngestionStatusCheck() *IngestionStatusCheck
-	GetAssets() Assets
-}
-
-// AWSDefinition represents AWS Service definition, which includes collection strategy, dashboards and meta info for integration
-type AWSDefinition = ServiceDefinition[AWSCollectionStrategy]
-
-// AzureDefinition represents Azure Service definition, which includes collection strategy, dashboards and meta info for integration
-type AzureDefinition = ServiceDefinition[AzureCollectionStrategy]
-
-// Making AWSDefinition and AzureDefinition satisfy Definition interface, so that they can be used in a generic way
-var (
-	_ Definition = &AWSDefinition{}
-	_ Definition = &AzureDefinition{}
-)
-
-// ServiceDefinition represents generic struct for cloud service, regardless of the cloud provider.
-// this struct must satify Definition interface.
-// StrategyT is of either AWSCollectionStrategy or AzureCollectionStrategy, depending on the cloud provider.
-type ServiceDefinition[StrategyT any] struct {
-	DefinitionMetadata
-	Overview             string                `json:"overview"` // markdown
-	Assets               Assets                `json:"assets"`
-	SupportedSignals     SupportedSignals      `json:"supported_signals"`
-	DataCollected        DataCollected         `json:"data_collected"`
-	IngestionStatusCheck *IngestionStatusCheck `json:"ingestion_status_check,omitempty"`
-	Strategy             *StrategyT            `json:"telemetry_collection_strategy"`
-}
-
-// Following methods are quite self explanatory, they are just to satisfy the Definition interface and provide some utility functions for service definitions.
-func (def *ServiceDefinition[StrategyT]) GetId() string {
-	return def.Id
-}
-
-func (def *ServiceDefinition[StrategyT]) Validate() error {
-	seenDashboardIds := map[string]interface{}{}
-
-	if def.Strategy == nil {
-		return errors.NewInternalf(errors.CodeInternal, "telemetry_collection_strategy is required")
-	}
-
-	for _, dd := range def.Assets.Dashboards {
-		if _, seen := seenDashboardIds[dd.Id]; seen {
-			return errors.NewInternalf(errors.CodeInternal, "multiple dashboards found with id %s", dd.Id)
-		}
-		seenDashboardIds[dd.Id] = nil
-	}
-
-	return nil
-}
-
-func (def *ServiceDefinition[StrategyT]) PopulateDashboardURLs(cloudProvider CloudProviderType, svcId string) {
-	for i := range def.Assets.Dashboards {
-		dashboardId := def.Assets.Dashboards[i].Id
-		url := "/dashboard/" + GetCloudIntegrationDashboardID(cloudProvider, svcId, dashboardId)
-		def.Assets.Dashboards[i].Url = url
-	}
-}
-
-func (def *ServiceDefinition[StrategyT]) GetIngestionStatusCheck() *IngestionStatusCheck {
-	return def.IngestionStatusCheck
-}
-
-func (def *ServiceDefinition[StrategyT]) GetAssets() Assets {
-	return def.Assets
-}
-
-// DefinitionMetadata represents service definition metadata. This is useful for showing service overview
-type DefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-// IngestionStatusCheckCategory represents a category of ingestion status check. Applies for both metrics and logs.
-// A category can be "Overview" of metrics or "Enhanced" Metrics for AWS, and "Transaction" or "Capacity" metrics for Azure.
-// Each category can have multiple checks (AND logic), if all checks pass,
-// then we can be sure that data is being ingested for that category of the signal
-type IngestionStatusCheckCategory struct {
-	Category    string                           `json:"category"`
-	DisplayName string                           `json:"display_name"`
-	Checks      []*IngestionStatusCheckAttribute `json:"checks"`
-}
-
-// IngestionStatusCheckAttribute represents a check or condition for ingestion status.
-// Key can be metric name or part of log message
-type IngestionStatusCheckAttribute struct {
-	Key        string                                 `json:"key"` // OPTIONAL search key (metric name or log message)
-	Attributes []*IngestionStatusCheckAttributeFilter `json:"attributes"`
-}
-
-// IngestionStatusCheck represents combined checks for metrics and logs for a service
-type IngestionStatusCheck struct {
-	Metrics []*IngestionStatusCheckCategory `json:"metrics"`
-	Logs    []*IngestionStatusCheckCategory `json:"logs"`
-}
-
-// IngestionStatusCheckAttributeFilter represents filter for a check, which can be used to filter specific log messages or metrics with specific attributes.
-// For example, we can use it to filter logs with specific log level or metrics with specific dimensions.
-type IngestionStatusCheckAttributeFilter struct {
-	Name     string `json:"name"`
-	Operator string `json:"operator"`
-	Value    string `json:"value"` // OPTIONAL
-}
-
-// Assets represents the collection of dashboards
-type Assets struct {
-	Dashboards []Dashboard `json:"dashboards"`
-}
-
-// SupportedSignals for cloud provider's service
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-// DataCollected is curated static list of metrics and logs, this is shown as part of service overview
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
-// CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
-// this is shown as part of service overview
-type CollectedLogAttribute struct {
-	Name string `json:"name"`
-	Path string `json:"path"`
-	Type string `json:"type"`
-}
-
-// CollectedMetric represents a metric that is collected for a service, this is shown as part of service overview
-type CollectedMetric struct {
-	Name        string `json:"name"`
-	Type        string `json:"type"`
-	Unit        string `json:"unit"`
-	Description string `json:"description"`
-}
-
-// AWSCollectionStrategy represents signal collection strategy for AWS services.
-// this is AWS specific.
-type AWSCollectionStrategy struct {
-	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
-	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
-}
-
-// AzureCollectionStrategy represents signal collection strategy for Azure services.
-// this is Azure specific.
-type AzureCollectionStrategy struct {
-	Metrics []*AzureMetricsStrategy `json:"azure_metrics,omitempty"`
-	Logs    []*AzureLogsStrategy    `json:"azure_logs,omitempty"`
-}
-
-// AWSMetricsStrategy represents metrics collection strategy for AWS services.
-// this is AWS specific.
-type AWSMetricsStrategy struct {
-	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
-	StreamFilters []struct {
-		// json tags here are in the shape expected by AWS API as detailed at
-		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
-		Namespace   string   `json:"Namespace"`
-		MetricNames []string `json:"MetricNames,omitempty"`
-	} `json:"cloudwatch_metric_stream_filters"`
-}
-
-// AWSLogsStrategy represents logs collection strategy for AWS services.
-// this is AWS specific.
-type AWSLogsStrategy struct {
-	Subscriptions []struct {
-		// subscribe to all logs groups with specified prefix.
-		// eg: `/aws/rds/`
-		LogGroupNamePrefix string `json:"log_group_name_prefix"`
-
-		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
-		// "" implies no filtering is required.
-		FilterPattern string `json:"filter_pattern"`
-	} `json:"cloudwatch_logs_subscriptions"`
-}
-
-// AzureMetricsStrategy represents metrics collection strategy for Azure services.
-// this is Azure specific.
-type AzureMetricsStrategy struct {
-	CategoryType string `json:"category_type"`
-	Name         string `json:"name"`
-}
-
-// AzureLogsStrategy represents logs collection strategy for Azure services.
-// this is Azure specific. Even though this is similar to AzureMetricsStrategy, keeping it separate for future flexibility and clarity.
-type AzureLogsStrategy struct {
-	CategoryType string `json:"category_type"`
-	Name         string `json:"name"`
-}
-
-// Dashboard represents a dashboard definition for cloud integration.
-type Dashboard struct {
-	Id          string                                `json:"id"`
-	Url         string                                `json:"url"`
-	Title       string                                `json:"title"`
-	Description string                                `json:"description"`
-	Image       string                                `json:"image"`
-	Definition  *dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
-}
-
-// UTILS
-
-// GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
-// This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
-func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcId, dashboardId string) string {
-	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
-}
-
-// GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition
-func GetDashboardsFromAssets(
-	svcId string,
-	orgID valuer.UUID,
-	cloudProvider CloudProviderType,
-	createdAt *time.Time,
-	assets Assets,
-) []*dashboardtypes.Dashboard {
-	dashboards := make([]*dashboardtypes.Dashboard, 0)
-
-	for _, d := range assets.Dashboards {
-		author := fmt.Sprintf("%s-integration", cloudProvider)
-		dashboards = append(dashboards, &dashboardtypes.Dashboard{
-			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
-			Locked: true,
-			OrgID:  orgID,
-			Data:   *d.Definition,
-			TimeAuditable: types.TimeAuditable{
-				CreatedAt: *createdAt,
-				UpdatedAt: *createdAt,
-			},
-			UserAuditable: types.UserAuditable{
-				CreatedBy: author,
-				UpdatedBy: author,
-			},
-		})
-	}
-
-	return dashboards
-}

pkg/types/cloudintegrationtypes/store.go

@@ -1,42 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"context"
-	"time"
-)
-
-type CloudIntegrationAccountStore interface {
-	ListConnected(ctx context.Context, orgId string, provider string) ([]CloudIntegration, error)
-
-	Get(ctx context.Context, orgId string, provider string, id string) (*CloudIntegration, error)
-
-	GetConnectedCloudAccount(ctx context.Context, orgId, provider string, accountID string) (*CloudIntegration, error)
-
-	// Insert an account or update it by (cloudProvider, id)
-	// for specified non-empty fields
-	Upsert(
-		ctx context.Context,
-		orgId string,
-		provider string,
-		id *string,
-		config []byte,
-		accountId *string,
-		agentReport *AgentReport,
-		removedAt *time.Time,
-	) (*CloudIntegration, error)
-}
-
-type CloudIntegrationServiceStore interface {
-	Get(ctx context.Context, orgID, cloudAccountId, serviceType string) ([]byte, error)
-
-	Upsert(
-		ctx context.Context,
-		orgID,
-		cloudProvider,
-		cloudAccountId,
-		serviceId string,
-		config []byte,
-	) ([]byte, error)
-
-	GetAllForAccount(ctx context.Context, orgID, cloudAccountId string) (map[string][]byte, error)
-}

pkg/types/emailtypes/template.go

@@ -18,7 +18,6 @@ var (
 var (
 	TemplateNameInvitationEmail = TemplateName{valuer.NewString("invitation")}
 	TemplateNameResetPassword   = TemplateName{valuer.NewString("reset_password")}
-	TemplateNameAPIKeyEvent     = TemplateName{valuer.NewString("api_key_event")}
 )
 
 type TemplateName struct{ valuer.String }
@@ -29,8 +28,6 @@ func NewTemplateName(name string) (TemplateName, error) {
 		return TemplateNameInvitationEmail, nil
 	case TemplateNameResetPassword.StringValue():
 		return TemplateNameResetPassword, nil
-	case TemplateNameAPIKeyEvent.StringValue():
-		return TemplateNameAPIKeyEvent, nil
 	default:
 		return TemplateName{}, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid template name: %s", name)
 	}

pkg/types/metrictypes/metrictypes.go

@@ -3,7 +3,6 @@ package metrictypes
 import (
 	"database/sql/driver"
 	"fmt"
-	"slices"
 	"strings"
 
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -136,10 +135,6 @@ func (t *Type) Scan(src interface{}) error {
 	return nil
 }
 
-func (t Type) IsPercentileSpaceAggregationAllowed() bool {
-	return t == HistogramType || t == ExpHistogramType || t == SummaryType
-}
-
 var (
 	GaugeType        = Type{valuer.NewString("gauge")}
 	SumType          = Type{valuer.NewString("sum")}
@@ -190,10 +185,6 @@ func (TimeAggregation) Enum() []any {
 	}
 }
 
-func (t TimeAggregation) IsValid() bool {
-	return slices.ContainsFunc(t.Enum(), func(v any) bool { return v == t })
-}
-
 type SpaceAggregation struct {
 	valuer.String
 }
@@ -227,10 +218,6 @@ func (SpaceAggregation) Enum() []any {
 	}
 }
 
-func (s SpaceAggregation) IsValid() bool {
-	return slices.ContainsFunc(s.Enum(), func(v any) bool { return v == s })
-}
-
 func (s SpaceAggregation) IsPercentile() bool {
 	return s == SpaceAggregationPercentile50 ||
 		s == SpaceAggregationPercentile75 ||

pkg/types/querybuildertypes/querybuildertypesv5/validation.go

@@ -215,13 +215,6 @@ func (q *QueryBuilderQuery[T]) validateAggregations(requestType RequestType) err
 					aggId,
 				)
 			}
-			if !v.SpaceAggregation.IsValid() {
-				return errors.Newf(
-					errors.TypeInvalidInput,
-					errors.CodeInvalidInput,
-					"invalid space aggregation, should be one of the following: [`sum`, `avg`, `min`, `max`, `count`, `p50`, `p75`, `p90`, `p95`, `p99`]",
-				)
-			}
 		case TraceAggregation:
 			if v.Expression == "" {
 				aggId := fmt.Sprintf("aggregation #%d", i+1)

pkg/types/roletypes/store.go

@@ -12,7 +12,6 @@ type Store interface {
 	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*StorableRole, error)
 	List(context.Context, valuer.UUID) ([]*StorableRole, error)
 	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*StorableRole, error)
-	ListByOrgIDAndIDs(context.Context, valuer.UUID, []valuer.UUID) ([]*StorableRole, error)
 	Update(context.Context, valuer.UUID, *StorableRole) error
 	Delete(context.Context, valuer.UUID, valuer.UUID) error
 	RunInTx(context.Context, func(ctx context.Context) error) error

pkg/types/serviceaccounttypes/factor_api_key.go

@@ -1,161 +0,0 @@
-package serviceaccounttypes
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-var (
-	ErrCodeServiceAccountFactorAPIkeyInvalidInput  = errors.MustNewCode("service_account_factor_api_key_invalid_input")
-	ErrCodeServiceAccountFactorAPIKeyAlreadyExists = errors.MustNewCode("service_account_factor_api_key_already_exists")
-	ErrCodeServiceAccounFactorAPIKeytNotFound      = errors.MustNewCode("service_account_factor_api_key_not_found")
-)
-
-type StorableFactorAPIKey struct {
-	bun.BaseModel `bun:"table:factor_api_key"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Name             string    `bun:"name"`
-	Key              string    `bun:"key"`
-	ExpiresAt        uint64    `bun:"expires_at"`
-	LastUsed         time.Time `bun:"last_used"`
-	ServiceAccountID string    `bun:"service_account_id"`
-}
-
-type FactorAPIKey struct {
-	types.Identifiable
-	types.TimeAuditable
-	Name             string      `json:"name" requrired:"true"`
-	Key              string      `json:"key" required:"true"`
-	ExpiresAt        uint64      `json:"expires_at" required:"true"`
-	LastUsed         time.Time   `json:"last_used" required:"true"`
-	ServiceAccountID valuer.UUID `json:"service_account_id" required:"true"`
-}
-
-type GettableFactorAPIKeyWithKey struct {
-	types.Identifiable
-	Key string `json:"key" required:"true"`
-}
-
-type GettableFactorAPIKey struct {
-	types.Identifiable
-	types.TimeAuditable
-	Name             string      `json:"name" requrired:"true"`
-	ExpiresAt        uint64      `json:"expires_at" required:"true"`
-	LastUsed         time.Time   `json:"last_used" required:"true"`
-	ServiceAccountID valuer.UUID `json:"service_account_id" required:"true"`
-}
-
-type PostableFactorAPIKey struct {
-	Name      string `json:"name" required:"true"`
-	ExpiresAt uint64 `json:"expires_at" required:"true"`
-}
-
-type UpdatableFactorAPIKey struct {
-	Name      string `json:"name" required:"true"`
-	ExpiresAt uint64 `json:"expires_at" required:"true"`
-}
-
-func NewFactorAPIKeyFromStorable(storable *StorableFactorAPIKey) *FactorAPIKey {
-	return &FactorAPIKey{
-		Identifiable:     storable.Identifiable,
-		TimeAuditable:    storable.TimeAuditable,
-		Name:             storable.Name,
-		Key:              storable.Key,
-		ExpiresAt:        storable.ExpiresAt,
-		LastUsed:         storable.LastUsed,
-		ServiceAccountID: valuer.MustNewUUID(storable.ServiceAccountID),
-	}
-}
-
-func NewFactorAPIKeyFromStorables(storables []*StorableFactorAPIKey) []*FactorAPIKey {
-	factorAPIKeys := make([]*FactorAPIKey, len(storables))
-
-	for idx, storable := range storables {
-		factorAPIKeys[idx] = NewFactorAPIKeyFromStorable(storable)
-	}
-
-	return factorAPIKeys
-}
-
-func NewStorableFactorAPIKey(factorAPIKey *FactorAPIKey) *StorableFactorAPIKey {
-	return &StorableFactorAPIKey{
-		Identifiable:     factorAPIKey.Identifiable,
-		TimeAuditable:    factorAPIKey.TimeAuditable,
-		Name:             factorAPIKey.Name,
-		Key:              factorAPIKey.Key,
-		ExpiresAt:        factorAPIKey.ExpiresAt,
-		LastUsed:         factorAPIKey.LastUsed,
-		ServiceAccountID: factorAPIKey.ServiceAccountID.String(),
-	}
-}
-
-func NewGettableFactorAPIKeys(keys []*FactorAPIKey) []*GettableFactorAPIKey {
-	gettables := make([]*GettableFactorAPIKey, len(keys))
-
-	for idx, key := range keys {
-		gettables[idx] = &GettableFactorAPIKey{
-			Identifiable:     key.Identifiable,
-			TimeAuditable:    key.TimeAuditable,
-			Name:             key.Name,
-			ExpiresAt:        key.ExpiresAt,
-			LastUsed:         key.LastUsed,
-			ServiceAccountID: key.ServiceAccountID,
-		}
-	}
-
-	return gettables
-}
-
-func NewGettableFactorAPIKeyWithKey(id valuer.UUID, key string) *GettableFactorAPIKeyWithKey {
-	return &GettableFactorAPIKeyWithKey{
-		Identifiable: types.Identifiable{
-			ID: id,
-		},
-		Key: key,
-	}
-}
-
-func (apiKey *FactorAPIKey) Update(name string, expiresAt uint64) {
-	apiKey.Name = name
-	apiKey.ExpiresAt = expiresAt
-	apiKey.UpdatedAt = time.Now()
-}
-
-func (key *PostableFactorAPIKey) UnmarshalJSON(data []byte) error {
-	type Alias PostableFactorAPIKey
-
-	var temp Alias
-	if err := json.Unmarshal(data, &temp); err != nil {
-		return err
-	}
-
-	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountFactorAPIkeyInvalidInput, "name cannot be empty")
-	}
-
-	*key = PostableFactorAPIKey(temp)
-	return nil
-}
-
-func (key *UpdatableFactorAPIKey) UnmarshalJSON(data []byte) error {
-	type Alias UpdatableFactorAPIKey
-
-	var temp Alias
-	if err := json.Unmarshal(data, &temp); err != nil {
-		return err
-	}
-
-	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountFactorAPIkeyInvalidInput, "name cannot be empty")
-	}
-
-	*key = UpdatableFactorAPIKey(temp)
-	return nil
-}

pkg/types/serviceaccounttypes/service_acccount.go

@@ -1,253 +0,0 @@
-package serviceaccounttypes
-
-import (
-	"crypto/rand"
-	"encoding/base64"
-	"encoding/json"
-	"slices"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-var (
-	ErrCodeServiceAccountInvalidInput      = errors.MustNewCode("service_account_invalid_input")
-	ErrCodeServiceAccountAlreadyExists     = errors.MustNewCode("service_account_already_exists")
-	ErrCodeServiceAccountNotFound          = errors.MustNewCode("service_account_not_found")
-	ErrCodeServiceAccountRoleAlreadyExists = errors.MustNewCode("service_account_role_already_exists")
-)
-
-var (
-	StatusActive   = valuer.NewString("active")
-	StatusDisabled = valuer.NewString("disabled")
-	ValidStatus    = []valuer.String{StatusActive, StatusDisabled}
-)
-
-type StorableServiceAccount struct {
-	bun.BaseModel `bun:"table:service_account,alias:service_account"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Name   string        `bun:"name"`
-	Email  string        `bun:"email"`
-	Status valuer.String `bun:"status"`
-	OrgID  string        `bun:"org_id"`
-}
-
-type ServiceAccount struct {
-	types.Identifiable
-	types.TimeAuditable
-	Name   string        `json:"name" required:"true"`
-	Email  valuer.Email  `json:"email" required:"true"`
-	Roles  []string      `json:"roles" required:"true" nullable:"false"`
-	Status valuer.String `json:"status" required:"true"`
-	OrgID  valuer.UUID   `json:"orgID" required:"true"`
-}
-
-type PostableServiceAccount struct {
-	Name  string       `json:"name" required:"true"`
-	Email valuer.Email `json:"email" required:"true"`
-	Roles []string     `json:"roles" required:"true" nullable:"false"`
-}
-
-type UpdatableServiceAccount struct {
-	Name  string       `json:"name" required:"true"`
-	Email valuer.Email `json:"email" required:"true"`
-	Roles []string     `json:"roles" required:"true" nullable:"false"`
-}
-
-type UpdatableServiceAccountStatus struct {
-	Status valuer.String `json:"status" required:"true"`
-}
-
-func NewServiceAccount(name string, email valuer.Email, roles []string, status valuer.String, orgID valuer.UUID) *ServiceAccount {
-	return &ServiceAccount{
-		Identifiable: types.Identifiable{
-			ID: valuer.GenerateUUID(),
-		},
-		TimeAuditable: types.TimeAuditable{
-			CreatedAt: time.Now(),
-			UpdatedAt: time.Now(),
-		},
-		Name:   name,
-		Email:  email,
-		Roles:  roles,
-		Status: status,
-		OrgID:  orgID,
-	}
-}
-
-func NewServiceAccountFromStorables(storableServiceAccount *StorableServiceAccount, roles []string) *ServiceAccount {
-	return &ServiceAccount{
-		Identifiable:  storableServiceAccount.Identifiable,
-		TimeAuditable: storableServiceAccount.TimeAuditable,
-		Name:          storableServiceAccount.Name,
-		Email:         valuer.MustNewEmail(storableServiceAccount.Email),
-		Roles:         roles,
-		Status:        storableServiceAccount.Status,
-		OrgID:         valuer.MustNewUUID(storableServiceAccount.OrgID),
-	}
-}
-
-func NewServiceAccountsFromRoles(storableServiceAccounts []*StorableServiceAccount, roles []*roletypes.Role, serviceAccountIDToRoleIDsMap map[string][]valuer.UUID) []*ServiceAccount {
-	serviceAccounts := make([]*ServiceAccount, 0, len(storableServiceAccounts))
-
-	roleIDToRole := make(map[string]*roletypes.Role, len(roles))
-	for _, role := range roles {
-		roleIDToRole[role.ID.String()] = role
-	}
-
-	for _, sa := range storableServiceAccounts {
-		roleIDs := serviceAccountIDToRoleIDsMap[sa.ID.String()]
-
-		roleNames := make([]string, len(roleIDs))
-		for idx, rid := range roleIDs {
-			if role, ok := roleIDToRole[rid.String()]; ok {
-				roleNames[idx] = role.Name
-			}
-		}
-
-		account := NewServiceAccountFromStorables(sa, roleNames)
-		serviceAccounts = append(serviceAccounts, account)
-	}
-
-	return serviceAccounts
-}
-
-func NewStorableServiceAccount(serviceAccount *ServiceAccount) *StorableServiceAccount {
-	return &StorableServiceAccount{
-		Identifiable:  serviceAccount.Identifiable,
-		TimeAuditable: serviceAccount.TimeAuditable,
-		Name:          serviceAccount.Name,
-		Email:         serviceAccount.Email.String(),
-		Status:        serviceAccount.Status,
-		OrgID:         serviceAccount.OrgID.String(),
-	}
-}
-
-func (sa *ServiceAccount) Update(name string, email valuer.Email, roles []string) {
-	sa.Name = name
-	sa.Email = email
-	sa.Roles = roles
-	sa.UpdatedAt = time.Now()
-}
-
-func (sa *ServiceAccount) UpdateStatus(status valuer.String) {
-	sa.Status = status
-	sa.UpdatedAt = time.Now()
-}
-
-func (sa *ServiceAccount) NewFactorAPIKey(name string, expiresAt uint64) (*FactorAPIKey, error) {
-	key := make([]byte, 32)
-	_, err := rand.Read(key)
-	if err != nil {
-		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to generate token")
-	}
-	// Encode the token in base64.
-	encodedKey := base64.StdEncoding.EncodeToString(key)
-
-	return &FactorAPIKey{
-		Identifiable: types.Identifiable{
-			ID: valuer.GenerateUUID(),
-		},
-		TimeAuditable: types.TimeAuditable{
-			CreatedAt: time.Now(),
-			UpdatedAt: time.Now(),
-		},
-		Name:             name,
-		Key:              encodedKey,
-		ExpiresAt:        expiresAt,
-		LastUsed:         time.Now(),
-		ServiceAccountID: sa.ID,
-	}, nil
-}
-
-func (sa *ServiceAccount) PatchRoles(input *ServiceAccount) ([]string, []string) {
-	currentRolesSet := make(map[string]struct{}, len(sa.Roles))
-	inputRolesSet := make(map[string]struct{}, len(input.Roles))
-
-	for _, role := range sa.Roles {
-		currentRolesSet[role] = struct{}{}
-	}
-	for _, role := range input.Roles {
-		inputRolesSet[role] = struct{}{}
-	}
-
-	// additions: roles present in input but not in current
-	additions := []string{}
-	for _, role := range input.Roles {
-		if _, exists := currentRolesSet[role]; !exists {
-			additions = append(additions, role)
-		}
-	}
-
-	// deletions: roles present in current but not in input
-	deletions := []string{}
-	for _, role := range sa.Roles {
-		if _, exists := inputRolesSet[role]; !exists {
-			deletions = append(deletions, role)
-		}
-	}
-
-	return additions, deletions
-}
-
-func (sa *PostableServiceAccount) UnmarshalJSON(data []byte) error {
-	type Alias PostableServiceAccount
-
-	var temp Alias
-	if err := json.Unmarshal(data, &temp); err != nil {
-		return err
-	}
-
-	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name cannot be empty")
-	}
-
-	if len(temp.Roles) == 0 {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "roles cannot be empty")
-	}
-
-	*sa = PostableServiceAccount(temp)
-	return nil
-}
-
-func (sa *UpdatableServiceAccount) UnmarshalJSON(data []byte) error {
-	type Alias UpdatableServiceAccount
-
-	var temp Alias
-	if err := json.Unmarshal(data, &temp); err != nil {
-		return err
-	}
-
-	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name cannot be empty")
-	}
-
-	if len(temp.Roles) == 0 {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "roles cannot be empty")
-	}
-
-	*sa = UpdatableServiceAccount(temp)
-	return nil
-}
-
-func (sa *UpdatableServiceAccountStatus) UnmarshalJSON(data []byte) error {
-	type Alias UpdatableServiceAccountStatus
-
-	var temp Alias
-	if err := json.Unmarshal(data, &temp); err != nil {
-		return err
-	}
-
-	if !slices.Contains(ValidStatus, temp.Status) {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "invalid status: %s, allowed status are: %v", temp.Status, ValidStatus)
-	}
-
-	*sa = UpdatableServiceAccountStatus(temp)
-	return nil
-}

pkg/types/serviceaccounttypes/service_account_role.go

@@ -1,81 +0,0 @@
-package serviceaccounttypes
-
-import (
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-type StorableServiceAccountRole struct {
-	bun.BaseModel `bun:"table:service_account_role,alias:service_account_role"`
-
-	types.Identifiable
-	types.TimeAuditable
-	ServiceAccountID string `bun:"service_account_id"`
-	RoleID           string `bun:"role_id"`
-}
-
-func NewStorableServiceAccountRoles(serviceAccountID valuer.UUID, roles []*roletypes.Role) []*StorableServiceAccountRole {
-	storableServiceAccountRoles := make([]*StorableServiceAccountRole, len(roles))
-	for idx, role := range roles {
-		storableServiceAccountRoles[idx] = &StorableServiceAccountRole{
-			Identifiable: types.Identifiable{
-				ID: valuer.GenerateUUID(),
-			},
-			TimeAuditable: types.TimeAuditable{
-				CreatedAt: time.Now(),
-				UpdatedAt: time.Now(),
-			},
-			ServiceAccountID: serviceAccountID.String(),
-			RoleID:           role.ID.String(),
-		}
-	}
-
-	return storableServiceAccountRoles
-}
-
-func NewRolesFromStorableServiceAccountRoles(storable []*StorableServiceAccountRole, roles []*roletypes.Role) ([]string, error) {
-	roleIDToName := make(map[string]string, len(roles))
-	for _, role := range roles {
-		roleIDToName[role.ID.String()] = role.Name
-	}
-
-	names := make([]string, 0, len(storable))
-	for _, sar := range storable {
-		roleName, ok := roleIDToName[sar.RoleID]
-		if !ok {
-			return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "role id %s not found in provided roles", sar.RoleID)
-		}
-		names = append(names, roleName)
-	}
-
-	return names, nil
-}
-
-func GetUniqueRolesAndServiceAccountMapping(storableServiceAccountRoles []*StorableServiceAccountRole) (map[string][]valuer.UUID, []valuer.UUID) {
-	serviceAccountIDRoles := make(map[string][]valuer.UUID)
-	uniqueRoleIDSet := make(map[string]struct{})
-
-	for _, sar := range storableServiceAccountRoles {
-		saID := sar.ServiceAccountID
-		roleID := sar.RoleID
-		if _, ok := serviceAccountIDRoles[saID]; !ok {
-			serviceAccountIDRoles[saID] = make([]valuer.UUID, 0)
-		}
-
-		roleUUID := valuer.MustNewUUID(roleID)
-		serviceAccountIDRoles[saID] = append(serviceAccountIDRoles[saID], roleUUID)
-		uniqueRoleIDSet[roleID] = struct{}{}
-	}
-
-	roleIDs := make([]valuer.UUID, 0, len(uniqueRoleIDSet))
-	for rid := range uniqueRoleIDSet {
-		roleIDs = append(roleIDs, valuer.MustNewUUID(rid))
-	}
-
-	return serviceAccountIDRoles, roleIDs
-}

pkg/types/serviceaccounttypes/store.go

@@ -1,33 +0,0 @@
-package serviceaccounttypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Store interface {
-	// Service Account
-	Create(context.Context, *StorableServiceAccount) error
-	Get(context.Context, valuer.UUID, valuer.UUID) (*StorableServiceAccount, error)
-	GetByID(context.Context, valuer.UUID) (*StorableServiceAccount, error)
-	List(context.Context, valuer.UUID) ([]*StorableServiceAccount, error)
-	Update(context.Context, valuer.UUID, *StorableServiceAccount) error
-	Delete(context.Context, valuer.UUID, valuer.UUID) error
-
-	// Service Account Role
-	CreateServiceAccountRoles(context.Context, []*StorableServiceAccountRole) error
-	GetServiceAccountRoles(context.Context, valuer.UUID) ([]*StorableServiceAccountRole, error)
-	ListServiceAccountRolesByOrgID(context.Context, valuer.UUID) ([]*StorableServiceAccountRole, error)
-	DeleteServiceAccountRoles(context.Context, valuer.UUID) error
-
-	// Service Account Factor API Key
-	CreateFactorAPIKey(context.Context, *StorableFactorAPIKey) error
-	GetFactorAPIKey(context.Context, valuer.UUID, valuer.UUID) (*StorableFactorAPIKey, error)
-	ListFactorAPIKey(context.Context, valuer.UUID) ([]*StorableFactorAPIKey, error)
-	UpdateFactorAPIKey(context.Context, valuer.UUID, *StorableFactorAPIKey) error
-	RevokeFactorAPIKey(context.Context, valuer.UUID, valuer.UUID) error
-	RevokeAllFactorAPIKeys(context.Context, valuer.UUID) error
-
-	RunInTx(context.Context, func(context.Context) error) error
-}

templates/email/api_key_event.gotmpl

@@ -1,88 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>{{.subject}}</title>
-</head>
-
-<body style="margin:0;padding:0;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',Arial,sans-serif;line-height:1.6;color:#333;background:#fff">
-  <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background:#fff">
-    <tr>
-      <td align="center" style="padding:0">
-        <table role="presentation" width="600" cellspacing="0" cellpadding="0" border="0" style="max-width:600px;width:100%">
-          {{ if .format.Header.Enabled }}
-          <tr>
-            <td align="center" style="padding:16px 20px 16px">
-              <img src="{{.format.Header.LogoURL}}" alt="SigNoz" width="160" height="40" style="display:block;border:0;outline:none;max-width:100%;height:auto">
-            </td>
-          </tr>
-          {{ end }}
-          <tr>
-            <td style="padding:16px 20px 16px">
-              <p style="margin:0 0 16px;font-size:16px;color:#333">
-                Hi there,
-              </p>
-              <p style="margin:0 0 16px;font-size:16px;color:#333;line-height:1.6">
-                An API key was {{.Event}} for your service account <strong>{{.Name}}</strong>.
-              </p>
-              <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="margin:0 0 16px">
-                <tr>
-                  <td style="padding:20px;background:#f5f5f5;border-radius:6px;border-left:4px solid #4E74F8">
-                    <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0">
-                      <tr>
-                        <td style="padding:0 0 8px">
-                          <p style="margin:0;font-size:15px;color:#333;line-height:1.6">
-                            <strong>Key ID:</strong> {{.KeyID}}
-                          </p>
-                        </td>
-                      </tr>
-                      <tr>
-                        <td style="padding:0 0 8px">
-                          <p style="margin:0;font-size:15px;color:#333;line-height:1.6">
-                            <strong>Key Name:</strong> {{.KeyName}}
-                          </p>
-                        </td>
-                      </tr>
-                      <tr>
-                        <td style="padding:0 0 8px">
-                          <p style="margin:0;font-size:15px;color:#333;line-height:1.6">
-                            <strong>Created At:</strong> {{.KeyCreatedAt}}
-                          </p>
-                        </td>
-                      </tr>
-                    </table>
-                  </td>
-                </tr>
-              </table>
-              {{ if .format.Help.Enabled }}
-              <p style="margin:0 0 16px;font-size:16px;color:#333;line-height:1.6">
-                Need help? Chat with our team in the SigNoz application or email us at <a href="mailto:{{.format.Help.Email}}" style="color:#4E74F8;text-decoration:none">{{.format.Help.Email}}</a>.
-              </p>
-              {{ end }}
-              <p style="margin:0;font-size:16px;color:#333;line-height:1.6">
-                Thanks,<br><strong>The SigNoz Team</strong>
-              </p>
-            </td>
-          </tr>
-          {{ if .format.Footer.Enabled }}
-          <tr>
-            <td align="center" style="padding:8px 16px 8px">
-              <p style="margin:0 0 8px;font-size:12px;color:#999;line-height:1.5">
-                <a href="https://signoz.io/terms-of-service/" style="color:#4E74F8;text-decoration:none">Terms of Service</a> - <a href="https://signoz.io/privacy/" style="color:#4E74F8;text-decoration:none">Privacy Policy</a>
-              </p>
-              <p style="margin:0;font-size:12px;color:#999;line-height:1.5">
-                &#169; 2026 SigNoz Inc.
-              </p>
-            </td>
-          </tr>
-          {{ end }}
-        </table>
-      </td>
-    </tr>
-  </table>
-</body>
-
-</html>