SigNoz/signoz
1
0
Fork 0
mirror of https://github.com/SigNoz/signoz.git synced 2026-03-20 03:30:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
Files
b0e7037dd04d608a1704af7e9ba57504cc22dba4
signoz/pkg/modules/organization/implorganization/getter.go
Pandey 6de4520a95 feat: add root user support (#10313) 
## Summary

- Adds root user support with environment-based provisioning, protection guards, and automatic reconciliation. A root user is a special admin user that is provisioned via configuration (environment variables) rather than the UI, designed for automated/headless deployments.

## Key Features
- Environment-based provisioning: Configure root user via user.root.enabled, user.root.email, user.root.password, and user.root.org_name settings

- Automatic reconciliation: A background service runs on startup that:
    - Looks up the organization by configured org_name
    - If no matching org exists, creates the organization and root user via CreateFirstUser
    - If the org exists, reconciles the root user (creates, promotes existing user, or updates email/password to match config)
    - Retries every 10 seconds until successful

- Protection guards: Root users cannot be:
    - Updated or deleted through the API
    - Invited or have their password changed through the UI
    - Authenticated via SSO/SAML (password-only authentication enforced)

- Self-registration disabled: When root user provisioning is enabled, the self-registration endpoint (/register) is blocked to prevent creating duplicate organizations

- Idempotent password sync: On every reconciliation, the root user's password is synced with the configured value — if it differs, it's updated; if it matches, no-op
2026-02-17 15:26:56 +05:30

37 lines
968 B
Go
Raw Blame History

package implorganization
import (
"context"
"github.com/SigNoz/signoz/pkg/modules/organization"
"github.com/SigNoz/signoz/pkg/sharder"
"github.com/SigNoz/signoz/pkg/types"
"github.com/SigNoz/signoz/pkg/valuer"
)
type getter struct {
store types.OrganizationStore
sharder sharder.Sharder
}
func NewGetter(store types.OrganizationStore, sharder sharder.Sharder) organization.Getter {
return &getter{store: store, sharder: sharder}
}
func (module *getter) Get(ctx context.Context, id valuer.UUID) (*types.Organization, error) {
return module.store.Get(ctx, id)
}
func (module *getter) ListByOwnedKeyRange(ctx context.Context) ([]*types.Organization, error) {
start, end, err := module.sharder.GetMyOwnedKeyRange(ctx)
if err != nil {
return nil, err
}
return module.store.ListByKeyRange(ctx, start, end)
}
func (module *getter) GetByName(ctx context.Context, name string) (*types.Organization, error) {
return module.store.GetByName(ctx, name)
}
Reference in New Issue View Git Blame Copy Permalink