mirror of
https://github.com/SigNoz/signoz.git
synced 2026-03-17 18:32:11 +00:00
6de4520a95
## Summary
- Adds root user support with environment-based provisioning, protection guards, and automatic reconciliation. A root user is a special admin user that is provisioned via configuration (environment variables) rather than the UI, designed for automated/headless deployments.
## Key Features
- Environment-based provisioning: Configure root user via user.root.enabled, user.root.email, user.root.password, and user.root.org_name settings
- Automatic reconciliation: A background service runs on startup that:
- Looks up the organization by configured org_name
- If no matching org exists, creates the organization and root user via CreateFirstUser
- If the org exists, reconciles the root user (creates, promotes existing user, or updates email/password to match config)
- Retries every 10 seconds until successful
- Protection guards: Root users cannot be:
- Updated or deleted through the API
- Invited or have their password changed through the UI
- Authenticated via SSO/SAML (password-only authentication enforced)
- Self-registration disabled: When root user provisioning is enabled, the self-registration endpoint (/register) is blocked to prevent creating duplicate organizations
- Idempotent password sync: On every reconciliation, the root user's password is synced with the configured value — if it differs, it's updated; if it matches, no-op
128 lines
2.9 KiB
Go
128 lines
2.9 KiB
Go
package implorganization
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/SigNoz/signoz/pkg/sqlstore"
|
|
"github.com/SigNoz/signoz/pkg/types"
|
|
"github.com/SigNoz/signoz/pkg/valuer"
|
|
)
|
|
|
|
type store struct {
|
|
sqlstore sqlstore.SQLStore
|
|
}
|
|
|
|
func NewStore(sqlstore sqlstore.SQLStore) types.OrganizationStore {
|
|
return &store{sqlstore: sqlstore}
|
|
}
|
|
|
|
func (store *store) Create(ctx context.Context, organization *types.Organization) error {
|
|
_, err := store.
|
|
sqlstore.
|
|
BunDBCtx(ctx).
|
|
NewInsert().
|
|
Model(organization).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrOrganizationAlreadyExists, "organization with name: %s already exists", organization.Name)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (store *store) Get(ctx context.Context, id valuer.UUID) (*types.Organization, error) {
|
|
organization := new(types.Organization)
|
|
err := store.
|
|
sqlstore.
|
|
BunDB().
|
|
NewSelect().
|
|
Model(organization).
|
|
Where("id = ?", id.StringValue()).
|
|
Scan(ctx)
|
|
if err != nil {
|
|
return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrOrganizationNotFound, "organization with id: %s does not exist", id.StringValue())
|
|
}
|
|
|
|
return organization, nil
|
|
}
|
|
|
|
func (store *store) GetByName(ctx context.Context, name string) (*types.Organization, error) {
|
|
organization := new(types.Organization)
|
|
err := store.
|
|
sqlstore.
|
|
BunDB().
|
|
NewSelect().
|
|
Model(organization).
|
|
Where("name = ?", name).
|
|
Scan(ctx)
|
|
if err != nil {
|
|
return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrOrganizationNotFound, "organization with name %s does not exist", name)
|
|
}
|
|
|
|
return organization, nil
|
|
}
|
|
|
|
func (store *store) GetAll(ctx context.Context) ([]*types.Organization, error) {
|
|
organizations := make([]*types.Organization, 0)
|
|
err := store.
|
|
sqlstore.
|
|
BunDB().
|
|
NewSelect().
|
|
Model(&organizations).
|
|
Scan(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return organizations, nil
|
|
}
|
|
|
|
func (store *store) Update(ctx context.Context, organization *types.Organization) error {
|
|
_, err := store.
|
|
sqlstore.
|
|
BunDB().
|
|
NewUpdate().
|
|
Model(organization).
|
|
Set("display_name = ?", organization.DisplayName).
|
|
Set("updated_at = ?", time.Now()).
|
|
Where("id = ?", organization.ID.StringValue()).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrOrganizationAlreadyExists, "organization already exists")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (store *store) Delete(ctx context.Context, id valuer.UUID) error {
|
|
_, err := store.
|
|
sqlstore.
|
|
BunDB().
|
|
NewDelete().
|
|
Model(new(types.Organization)).
|
|
Where("id = ?", id.StringValue()).
|
|
Exec(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (store *store) ListByKeyRange(ctx context.Context, start, end uint32) ([]*types.Organization, error) {
|
|
organizations := make([]*types.Organization, 0)
|
|
err := store.
|
|
sqlstore.
|
|
BunDB().
|
|
NewSelect().
|
|
Model(&organizations).
|
|
Where("key >= ?", start).
|
|
Where("key <= ?", end).
|
|
Scan(ctx)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return organizations, nil
|
|
}
|