Service accounts: make is_service_account nullable (#45541)

* add base nullable migration to is_service_account Co-authored-by: Jeremy Price <jeremy.price@grafana.com> * fix postgres migration * ServiceAccounts: ensure SA is set to false when creating a user Co-authored-by: Jeremy Price <jeremy.price@grafana.com>
3 years ago · 0ec21a4ed6
parent 0838f4b1ad
commit 0ec21a4ed6
3 changed files with 29 additions and 12 deletions
--- a/pkg/services/sqlstore/migrations/user_mig.go
+++ b/pkg/services/sqlstore/migrations/user_mig.go
@ -127,11 +127,25 @@ func addUserMigrations(mg *Migrator) {
 		Cols: []string{"login", "email"},
 	}))

+	//Service accounts are lightweight users with restricted permissions.  They support API keys
+	//and provisioning and tasks like alarms and reports.
+	// Issues in this migration: is_service_account should be nullable
 	mg.AddMigration("Add is_service_account column to user", NewAddColumnMigration(userV2, &Column{
 		Name: "is_service_account", Type: DB_Bool, Nullable: false, Default: "0",
 	}))
+
+	mg.AddMigration("Update is_service_account column to nullable",
+		NewRawSQLMigration("").
+			SQLite(migSQLITEisServiceAccountNullable).
+			Postgres("ALTER TABLE `user` ALTER COLUMN is_service_account DROP NOT NULL;").
+			Mysql("ALTER TABLE user MODIFY is_service_account BOOLEAN DEFAULT 0;"))
 }

+const migSQLITEisServiceAccountNullable = `ALTER TABLE user ADD COLUMN tmp_service_account BOOLEAN DEFAULT 0;
+UPDATE user SET tmp_service_account = is_service_account;
+ALTER TABLE user DROP COLUMN is_service_account;
+ALTER TABLE user RENAME COLUMN tmp_service_account TO is_service_account;`
+
 type AddMissingUserSaltAndRandsMigration struct {
 	MigrationBase
 }
--- a/pkg/services/sqlstore/org_test.go
+++ b/pkg/services/sqlstore/org_test.go
@ -167,6 +167,7 @@ func TestAccountDataAccess(t *testing.T) {
 				err := SearchUsers(context.Background(), &query)

 				require.NoError(t, err)
+				require.Len(t, query.Result.Users, 2)
 				require.Equal(t, query.Result.Users[0].Email, "ac1@test.com")
 				require.Equal(t, query.Result.Users[1].Email, "ac2@test.com")
 			})
--- a/pkg/services/sqlstore/user.go
+++ b/pkg/services/sqlstore/user.go
@ -113,17 +113,18 @@ func (ss *SQLStore) createUser(ctx context.Context, sess *DBSession, args userCr

 	// create user
 	user = models.User{
-		Email:         args.Email,
-		Name:          args.Name,
-		Login:         args.Login,
-		Company:       args.Company,
-		IsAdmin:       args.IsAdmin,
-		IsDisabled:    args.IsDisabled,
-		OrgId:         orgID,
-		EmailVerified: args.EmailVerified,
-		Created:       time.Now(),
-		Updated:       time.Now(),
-		LastSeenAt:    time.Now().AddDate(-10, 0, 0),
+		Email:            args.Email,
+		Name:             args.Name,
+		Login:            args.Login,
+		Company:          args.Company,
+		IsAdmin:          args.IsAdmin,
+		IsDisabled:       args.IsDisabled,
+		OrgId:            orgID,
+		EmailVerified:    args.EmailVerified,
+		Created:          time.Now(),
+		Updated:          time.Now(),
+		LastSeenAt:       time.Now().AddDate(-10, 0, 0),
+		IsServiceAccount: false,
 	}

 	salt, err := util.GetRandomString(10)
@ -630,7 +631,8 @@ func SearchUsers(ctx context.Context, query *models.SearchUsersQuery) error {

 	// TODO: add to chore, for cleaning up after we have created
 	// service accounts table in the modelling
-	whereConditions = append(whereConditions, "u.is_service_account = false")
+	whereConditions = append(whereConditions, "u.is_service_account = ?")
+	whereParams = append(whereParams, dialect.BooleanStr(false))

 	// Join with only most recent auth module
 	joinCondition := `(