wso2 · anuruddhal · Dec 16, 2025 · Dec 16, 2025 · wso2-engineering · Dec 16, 2025
diff --git a/icp_server/config.bal b/icp_server/config.bal
@@ -20,16 +20,19 @@ import ballerina/file;
 
 // Server configuration
 configurable int serverPort = 9445;
-configurable string serverHost = "localhost";
-configurable string organization = "WSO2 Inc.";
 configurable int graphqlPort = 9446;
 configurable int observabilityServerPort = 9448;
+configurable int webServerPort = 9445;
+configurable int defaultOpensearchAdaptorPort = 9449;
+
+configurable string serverHost = "localhost";
+configurable string organization = "WSO2 Inc.";
+
 configurable string keystorePath = check file:joinPath("..", "conf", "security", "ballerinaKeystore.p12");
 configurable string keystorePassword = "ballerina";
 configurable string truststorePath = check file:joinPath("..", "conf", "security", "ballerinaTruststore.p12");
 configurable string truststorePassword = "ballerina";
 
-configurable int webServerPort = 9445;
 configurable string webServerKeystorePath = check file:joinPath("..", "conf", "security", "keystore.p12");
 configurable string webServerKeystorePassword = "changeit";
 
@@ -78,8 +81,11 @@ configurable string logLevel = "INFO"; // DEBUG, INFO, WARN, ERROR
 configurable boolean enableAuditLogging = true;
 configurable boolean enableMetrics = true;
 
+configurable string observabilityBackendURL = "https://localhost:" + defaultOpensearchAdaptorPort.toString();
+configurable string defaultobservabilityJwtHMACSecret = "default-secret-key-at-least-32-characters-long-for-hs256";
+
 // OpenSearch configuration
-configurable string opensearchUrl = "https://opensearch:9200";
+configurable string opensearchUrl = "https://localhost:9200";
 configurable string opensearchUsername = "admin";
 configurable string opensearchPassword = "Ballerina@123";
 

diff --git a/icp_server/database/credentialsdb.mv.db b/icp_server/database/credentialsdb.mv.db
diff --git a/icp_server/database/icpdb.mv.db b/icp_server/database/icpdb.mv.db
diff --git a/icp_server/default_auth_backend.bal b/icp_server/default_auth_backend.bal
@@ -33,8 +33,8 @@ configurable string apiKey = "default-api-key";
 // Separate H2 database connection for user credentials (default auth backend only)
 // This is a separate database file from the main ICP database
 final sql:Client credentialsDbClient = check new jdbc:Client(
-    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE", 
-    "sa", 
+    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE",
+    "sa",
     ""
 );
-final sql:Client credentialsDbClient = check new jdbc:Client(
-    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE", 
-    "sa", 
-    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE",
-    "sa",
-    ""
-);
+final sql:Client credentialsDbClient = check new jdbc:Client(
+    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE",
+    "sa",
+    ""
+);
+log:printInfo("Successfully initialized credentials database client");
-final sql:Client credentialsDbClient = check new jdbc:Client(
-    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE", 
-    "sa", 
-    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE",
-    "sa",
-    ""
-);
+final sql:Client credentialsDbClient = check new jdbc:Client(
+    "jdbc:h2:file:./database/credentialsdb;MODE=MySQL;AUTO_SERVER=TRUE",
+    "sa",
+    ""
+);
+log:printInfo("Successfully initialized credentials database client");
 

diff --git a/icp_server/default_observability_backend.bal b/icp_server/default_observability_backend.bal
@@ -0,0 +1,74 @@
+// Copyright (c) 2025, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+//
+// WSO2 Inc. licenses this file to you under the Apache License,
+// Version 2.0 (the "License"); you may not use this file except
+// in compliance with the License.
+// You may obtain a copy of the License at
+//
+//  http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+import icp_server.types as types;
+
+import ballerina/http;
+import ballerina/log;
+
+// HTTP client for OpenSearch with SSL verification disabled
+final http:Client observabilityClient = check new (observabilityBackendURL,
+    config = {
+        secureSocket: {
+            enable: false
+        }
+    }
+);
+
+// HTTP service configuration
+listener http:Listener observabilityListener = new (observabilityServerPort,
+    config = {
+        host: serverHost,
+        secureSocket: {
+            key: {
+                path: keystorePath,
+                password: keystorePassword
+            }
+        }
+    }
-// HTTP service configuration
-listener http:Listener observabilityListener = new (observabilityServerPort,
-    config = {
-        host: serverHost,
-        secureSocket: {
-            key: {
-                path: keystorePath,
-                password: keystorePassword
-            }
-        }
-    }
+listener http:Listener observabilityListener = new (observabilityServerPort,
+    config = {
+        host: serverHost,
+        secureSocket: {
+            key: {
+                path: keystorePath,
+                password: keystorePassword
+            }
+        }
+    }
+);
+        log:printInfo("Initializing observability listener on port: " + observabilityServerPort.toString());
-// HTTP service configuration
-listener http:Listener observabilityListener = new (observabilityServerPort,
-    config = {
-        host: serverHost,
-        secureSocket: {
-            key: {
-                path: keystorePath,
-                password: keystorePassword
-            }
-        }
-    }
+listener http:Listener observabilityListener = new (observabilityServerPort,
+    config = {
+        host: serverHost,
+        secureSocket: {
+            key: {
+                path: keystorePath,
+                password: keystorePassword
+            }
+        }
+    }
+);
+        log:printInfo("Initializing observability listener on port: " + observabilityServerPort.toString());
+);
+
+@http:ServiceConfig {
+    auth: [
+        {
+            jwtValidatorConfig: {
+                issuer: frontendJwtIssuer,
+                audience: frontendJwtAudience,
+                signatureConfig: {
+                    secret: defaultobservabilityJwtHMACSecret
+                }
+            }
+        }
+    ],
+    cors: {
+        allowOrigins: ["*"],
+        allowHeaders: ["Content-Type", "Authorization"]
+    }
+}
+service /icp/observability on observabilityListener {
+
+    function init() {
+        log:printInfo("Observability service started at " + serverHost + ":" + observabilityServerPort.toString());
+    }
+
+    resource function post logs(http:Request request, types:LogEntryRequest logRequest) returns types:LogEntriesResponse|error {
+        log:printInfo("Received log request for component: " + logRequest.componentId);
+
+        // Invoke observability backend
+        return check observabilityClient->post("/observability/logs/", logRequest);
+    }
-    resource function post logs(http:Request request, types:LogEntryRequest logRequest) returns types:LogEntriesResponse|error {
-        log:printInfo("Received log request for component: " + logRequest.componentId);
-
-        // Invoke observability backend
-        return check observabilityClient->post("/observability/logs/", logRequest);
-    }
+    resource function post logs(http:Request request, types:LogEntryRequest logRequest) returns types:LogEntriesResponse|error {
+        log:printInfo("Received log request for component: " + logRequest.componentId);
+
+        // Invoke observability backend
+        return check observabilityClient->post("/observability/logs/", logRequest);
+        log:printDebug("Forwarding log request to observability backend for component: " + logRequest.componentId);
+        types:LogEntriesResponse|error response = observabilityClient->post("/observability/logs/", logRequest);
+        if response is error {
+            log:printError("Failed to forward log request: " + response.message());
+            return response;
+        }
+        log:printDebug("Successfully processed log request for component: " + logRequest.componentId);
+        return response;
-    resource function post logs(http:Request request, types:LogEntryRequest logRequest) returns types:LogEntriesResponse|error {
-        log:printInfo("Received log request for component: " + logRequest.componentId);
-
-        // Invoke observability backend
-        return check observabilityClient->post("/observability/logs/", logRequest);
-    }
+    resource function post logs(http:Request request, types:LogEntryRequest logRequest) returns types:LogEntriesResponse|error {
+        log:printInfo("Received log request for component: " + logRequest.componentId);
+
+        // Invoke observability backend
+        return check observabilityClient->post("/observability/logs/", logRequest);
+        log:printDebug("Forwarding log request to observability backend for component: " + logRequest.componentId);
+        types:LogEntriesResponse|error response = observabilityClient->post("/observability/logs/", logRequest);
+        if response is error {
+            log:printError("Failed to forward log request: " + response.message());
+            return response;
+        }
+        log:printDebug("Successfully processed log request for component: " + logRequest.componentId);
+        return response;
+}
+
diff --git a/icp_server/modules/types/types.bal b/icp_server/modules/types/types.bal
@@ -1352,16 +1352,23 @@ public type ComponentInDB record {
 
 // === Observability Related Types ===
 
+public enum LogEntryRequestSort {
+    asc,
+    desc
+}
+
 public type LogEntryRequest record {
-    string startTime;
-    string endTime;
-    int logStartIndex;
-    int logCount;
-    string? runtime = ();
-    string? component = ();
-    string? environment = ();
-    string? project = ();
-    string? logLevel = ();
+    string componentId;
+    string environmentId?;
+    string[] versionIdList?;
+    string[] logLevels?;
+    string region?;
+    string searchPhrase?;
+    string regexPhrase?;
+    string startTime?;
+    string endTime?;
+    int 'limit = 100;
+    LogEntryRequestSort sort = "asc";
 };
 
 public type LogEntry record {
@@ -1383,38 +1390,14 @@ public type LogCount record {
     int 'error;
 };
 
+public type LogColumn record {
+    string name;
+    string 'type;
+};
+
 public type LogEntriesResponse record {
-    LogEntry[] logs;
-    LogCount logCounts;
-};
-
-public type OpenSearchHit record {
-    string _index;
-    string _id;
-    json? _score;
-    map<string> _source;
-    json[]? sort;
-};
-
-public type OpenSearchHits record {
-    record {
-        int value;
-        string relation;
-    } total;
-    json? max_score;
-    OpenSearchHit[] hits;
-};
-
-public type OpenSearchResponse record {
-    int took;
-    boolean timed_out;
-    record {
-        int total;
-        int successful;
-        int skipped;
-        int failed;
-    } _shards;
-    OpenSearchHits hits;
+    LogColumn[] columns;
+    json[][] rows;
 };
 
 // === Auth Related Types ===