Skip to content

feat: backend support for creating and storing service accounts#22698

Open
geokat wants to merge 2 commits intomainfrom
geokat/devex-21-feat-service-accounts-backend
Open

feat: backend support for creating and storing service accounts#22698
geokat wants to merge 2 commits intomainfrom
geokat/devex-21-feat-service-accounts-backend

Conversation

@geokat
Copy link
Contributor

@geokat geokat commented Mar 6, 2026
edited
Loading

Adds is_service_account boolean column to the users table and updates
the user creation API so that service accounts can be created as a distinct
user type.

Changes

  • Migration: Add is_service_account column with CHECK constraints
    enforcing login_type='none' and empty email for service accounts.
    Modify email unique indexes to exclude empty emails so multiple service
    accounts can coexist.
  • API: Validate service account constraints in the user creation
    handler (no email, no password, login type must be none).
  • Query: Update GetUserByEmailOrUsername to skip empty email
    matching.
  • Tests: Add migration fixtures and subtests covering service
    account creation and validation.

Related to:
https://linear.app/codercom/issue/DEVEX-19/feat-admins-can-createmanage-service-accounts-via-uicli
https://linear.app/codercom/issue/DEVEX-21/feat-allow-option-for-sharing-workspaces-for-only-service-accouts

@geokat geokat force-pushed the geokat/devex-21-feat-service-accounts-backend branch 9 times, most recently from 0063e70 to 1ad59a7 Compare March 6, 2026 21:27
@geokat geokat changed the title WIP: Service accounts (backend work) feat: backend support for creating and storing service accounts Mar 6, 2026
@geokat geokat force-pushed the geokat/devex-21-feat-service-accounts-backend branch from 1ad59a7 to 36a539d Compare March 6, 2026 22:30
@geokat
feat: backend support for creating and storing service accounts
253df8c 
Add is_service_account column to users table with CHECK constraints
enforcing login_type='none' and empty email for service accounts.
Update user creation API to validate service account constraints.

Related to:
https://linear.app/codercom/issue/DEVEX-19/feat-admins-can-createmanage-service-accounts-via-uicli
https://linear.app/codercom/issue/DEVEX-21/feat-allow-option-for-sharing-workspaces-for-only-service-accouts
@geokat geokat force-pushed the geokat/devex-21-feat-service-accounts-backend branch from 36a539d to 253df8c Compare March 6, 2026 22:42
@geokat geokat requested review from Emyrk and aslilac March 6, 2026 22:59
@geokat geokat marked this pull request as ready for review March 6, 2026 22:59
@coder-tasks
Copy link
Contributor

coder-tasks bot commented Mar 6, 2026

Documentation Check

Updates Needed

  • docs/admin/users/headless-auth.md - This page currently describes creating headless users with --login-type=none and an email address. Service accounts are a related but distinct concept: they require is_service_account=true, must have an empty email, and multiple can coexist. The page should clarify the difference between a headless user and a service account, or a new page (docs/admin/users/service-accounts.md) should be added.

Already Covered

  • docs/admin/security/audit-logs.md — Updated to show is_service_account field as tracked ✓
  • docs/reference/api/schemas.md — Updated with service_account field and email now optional ✓
  • docs/reference/api/users.md — Updated request body example ✓

Note: Since this PR is intentionally backend-only support (UI/CLI coming in follow-up PRs), full service account admin documentation may be better deferred until those PRs land.

Automated review via Coder Tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aslilac aslilac Awaiting requested review from aslilac

@Emyrk Emyrk Awaiting requested review from Emyrk

At least 1 approving review is required to merge this pull request.

Assignees

@geokat geokat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@geokat