feat: backend support for creating and storing service accounts (#22698)

Add is_service_account column to users table with CHECK constraints enforcing login_type='none' and empty email for service accounts. Update user creation API to validate service account constraints. Related to: https://linear.app/codercom/issue/PLAT-27/feat-backend-support-for-creating-and-storing-service-accounts
2026-06-02 20:48:20 +00:00 · 2026-03-11 10:19:08 -07:00
parent e96cd5cbb2
commit e5c19d0af4
28 changed files with 522 additions and 87 deletions
@@ -2166,6 +2166,7 @@ This is required on creation to enable a user-flow of validating a template work
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ],
  "password": "string",
+  "service_account": true,
  "user_status": "active",
  "username": "string"
 }
@@ -2175,11 +2176,12 @@ This is required on creation to enable a user-flow of validating a template work

 | Name               | Type                                       | Required | Restrictions | Description                                                                         |
 |--------------------|--------------------------------------------|----------|--------------|-------------------------------------------------------------------------------------|
-| `email`            | string                                     | true     |              |                                                                                     |
+| `email`            | string                                     | false    |              |                                                                                     |
 | `login_type`       | [codersdk.LoginType](#codersdklogintype)   | false    |              | Login type defaults to LoginTypePassword.                                           |
 | `name`             | string                                     | false    |              |                                                                                     |
 | `organization_ids` | array of string                            | false    |              | Organization ids is a list of organization IDs that the user should be a member of. |
 | `password`         | string                                     | false    |              |                                                                                     |
+| `service_account`  | boolean                                    | false    |              | Service accounts are admin-managed accounts that cannot login.                      |
 | `user_status`      | [codersdk.UserStatus](#codersdkuserstatus) | false    |              | User status defaults to UserStatusDormant.                                          |
 | `username`         | string                                     | true     |              |                                                                                     |

@@ -90,6 +90,7 @@ curl -X POST http://coder-server:8080/api/v2/users \
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ],
  "password": "string",
+  "service_account": true,
  "user_status": "active",
  "username": "string"
 }