Chore: Reduce the usage of sqlstore.createorg and use orgservice instead (#59356)

* remove legacy createorg from org service

* remove another createorg from orgimpl

* remove createorg from api pref tests

* remove createorg from api org tests

* fix tests

* remove createorg from annotations test

* remove createorg from team tests

* remove createorg from service accounts

* remove createorg from accesscontrol tests

* remove createorg from provisioning

* Use quotaservice from sc.hs

pkg/api/annotations_test.go

@@ -385,7 +385,7 @@ func deleteAnnotationsScenario(t *testing.T, desc string, url string, routePatte
 func TestAPI_Annotations_AccessControl(t *testing.T) {
 	sc := setupHTTPServer(t, true)
 	setInitCtxSignedInEditor(sc.initCtx)
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	dashboardAnnotation := &annotations.Item{Id: 1, DashboardId: 1}
@@ -787,7 +787,7 @@ func TestService_AnnotationTypeScopeResolver(t *testing.T) {
 func TestAPI_MassDeleteAnnotations_AccessControl(t *testing.T) {
 	sc := setupHTTPServer(t, true)
 	setInitCtxSignedInEditor(sc.initCtx)
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	type args struct {

pkg/api/org_test.go

@@ -10,8 +10,8 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/org/orgimpl"
 	"github.com/grafana/grafana/pkg/services/quota/quotatest"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
@@ -51,7 +51,7 @@ func TestAPIEndpoint_GetCurrentOrg_LegacyAccessControl(t *testing.T) {
 	sc := setupHTTPServerWithCfg(t, true, cfg)
 	setInitCtxSignedInViewer(sc.initCtx)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	t.Run("Viewer can view CurrentOrg", func(t *testing.T) {
@@ -70,7 +70,7 @@ func TestAPIEndpoint_GetCurrentOrg_AccessControl(t *testing.T) {
 	sc := setupHTTPServer(t, true)
 	setInitCtxSignedInViewer(sc.initCtx)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	t.Run("AccessControl allows viewing CurrentOrg with correct permissions", func(t *testing.T) {
@@ -91,11 +91,14 @@ func TestAPIEndpoint_GetCurrentOrg_AccessControl(t *testing.T) {
 }
 
 func TestAPIEndpoint_PutCurrentOrg_LegacyAccessControl(t *testing.T) {
+	var err error
 	cfg := setting.NewCfg()
 	cfg.RBACEnabled = false
 	sc := setupHTTPServerWithCfg(t, true, cfg)
+	sc.hs.orgService, err = orgimpl.ProvideService(sc.db, sc.cfg, sc.hs.QuotaService)
+	require.NoError(t, err)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err = sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	input := strings.NewReader(testUpdateOrgNameForm)
@@ -116,13 +119,14 @@ func TestAPIEndpoint_PutCurrentOrg_LegacyAccessControl(t *testing.T) {
 }
 
 func TestAPIEndpoint_PutCurrentOrg_AccessControl(t *testing.T) {
+	var err error
 	sc := setupHTTPServer(t, true)
 	setInitCtxSignedInViewer(sc.initCtx)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: sc.initCtx.UserID})
+	sc.hs.orgService, err = orgimpl.ProvideService(sc.db, sc.cfg, sc.hs.QuotaService)
 	require.NoError(t, err)
 
-	sc.hs.orgService, err = orgimpl.ProvideService(sc.db, sc.cfg, quotatest.New(false, nil))
+	_, err = sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: sc.initCtx.UserID})
 	require.NoError(t, err)
 
 	input := strings.NewReader(testUpdateOrgNameForm)
@@ -150,7 +154,7 @@ func TestAPIEndpoint_PutCurrentOrgAddress_LegacyAccessControl(t *testing.T) {
 	cfg.RBACEnabled = false
 	sc := setupHTTPServerWithCfg(t, true, cfg)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	input := strings.NewReader(testUpdateOrgAddressForm)
@@ -172,7 +176,7 @@ func TestAPIEndpoint_PutCurrentOrgAddress_AccessControl(t *testing.T) {
 	sc := setupHTTPServer(t, true)
 	setInitCtxSignedInViewer(sc.initCtx)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	input := strings.NewReader(testUpdateOrgAddressForm)
@@ -208,7 +212,7 @@ func setupOrgsDBForAccessControlTests(t *testing.T, db *sqlstore.SQLStore, c acc
 
 	// Create `orgsCount` orgs
 	for i := 1; i <= int(orgID); i++ {
-		err := db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: fmt.Sprintf("TestOrg%v", i), UserId: 0})
+		_, err := c.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: fmt.Sprintf("TestOrg%v", i), UserID: 0})
 		require.NoError(t, err)
 	}
 }

pkg/api/org_users_test.go

@@ -341,9 +341,9 @@ func setupOrgUsersDBForAccessControlTests(t *testing.T, db *sqlstore.SQLStore, o
 	require.NoError(t, err)
 
 	// Create both orgs with server admin
-	err = db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: testServerAdminViewer.OrgName, UserId: testServerAdminViewer.UserID})
+	_, err = orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: testServerAdminViewer.OrgName, UserID: testServerAdminViewer.UserID})
 	require.NoError(t, err)
-	err = db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: testAdminOrg2.OrgName, UserId: testServerAdminViewer.UserID})
+	_, err = orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: testAdminOrg2.OrgName, UserID: testServerAdminViewer.UserID})
 	require.NoError(t, err)
 
 	err = orgService.AddOrgUser(context.Background(), &org.AddOrgUserCommand{LoginOrEmail: testAdminOrg2.Login, Role: testAdminOrg2.OrgRole, OrgID: testAdminOrg2.OrgID, UserID: testAdminOrg2.UserID})
@@ -728,6 +728,7 @@ func TestOrgUsersAPIEndpointWithSetPerms_AccessControl(t *testing.T) {
 			var err error
 			sc := setupHTTPServer(t, true, func(hs *HTTPServer) {
 				hs.tempUserService = tempuserimpl.ProvideService(hs.SQLStore)
+				hs.orgService, err = orgimpl.ProvideService(hs.SQLStore, setting.NewCfg(), quotatest.New(false, nil))
 				hs.userService, err = userimpl.ProvideService(
 					hs.SQLStore, nil, setting.NewCfg(), teamimpl.ProvideService(hs.SQLStore.(*sqlstore.SQLStore), setting.NewCfg()), localcache.ProvideService(), quotatest.New(false, nil))
 				require.NoError(t, err)

pkg/api/preferences_test.go

@@ -17,6 +17,7 @@ import (
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/dashboards"
+	"github.com/grafana/grafana/pkg/services/org"
 	pref "github.com/grafana/grafana/pkg/services/preference"
 	"github.com/grafana/grafana/pkg/services/preference/preftest"
 )
@@ -51,7 +52,7 @@ func TestAPIEndpoint_GetCurrentOrgPreferences_LegacyAccessControl(t *testing.T)
 	prefService.ExpectedPreference = &pref.Preference{HomeDashboardID: 1, Theme: "dark"}
 	sc.hs.preferenceService = prefService
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	setInitCtxSignedInViewer(sc.initCtx)
@@ -80,7 +81,7 @@ func TestAPIEndpoint_GetCurrentOrgPreferences_AccessControl(t *testing.T) {
 	prefService.ExpectedPreference = &pref.Preference{HomeDashboardID: 1, Theme: "dark"}
 	sc.hs.preferenceService = prefService
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	t.Run("AccessControl allows getting org preferences with correct permissions", func(t *testing.T) {
@@ -105,7 +106,7 @@ func TestAPIEndpoint_PutCurrentOrgPreferences_LegacyAccessControl(t *testing.T)
 	cfg.RBACEnabled = false
 	sc := setupHTTPServerWithCfg(t, true, cfg)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	setInitCtxSignedInViewer(sc.initCtx)
@@ -127,7 +128,7 @@ func TestAPIEndpoint_PutCurrentOrgPreferences_AccessControl(t *testing.T) {
 	sc := setupHTTPServer(t, true)
 	setInitCtxSignedInViewer(sc.initCtx)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	input := strings.NewReader(testUpdateOrgPreferencesCmd)
@@ -157,7 +158,7 @@ func TestAPIEndpoint_PatchUserPreferences(t *testing.T) {
 	cfg.RBACEnabled = false
 	sc := setupHTTPServerWithCfg(t, true, cfg)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	setInitCtxSignedInOrgAdmin(sc.initCtx)
@@ -190,7 +191,7 @@ func TestAPIEndpoint_PatchOrgPreferences(t *testing.T) {
 	cfg.RBACEnabled = false
 	sc := setupHTTPServerWithCfg(t, true, cfg)
 
-	err := sc.db.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "TestOrg", UserId: testUserID})
+	_, err := sc.hs.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "TestOrg", UserID: testUserID})
 	require.NoError(t, err)
 
 	setInitCtxSignedInOrgAdmin(sc.initCtx)

pkg/api/team_members_test.go

@@ -17,6 +17,8 @@ import (
 	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
 	"github.com/grafana/grafana/pkg/services/licensing"
 	"github.com/grafana/grafana/pkg/services/org"
+	"github.com/grafana/grafana/pkg/services/org/orgimpl"
+	"github.com/grafana/grafana/pkg/services/quota/quotatest"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
 	"github.com/grafana/grafana/pkg/services/team/teamimpl"
@@ -123,27 +125,26 @@ func createUser(db sqlstore.Store, orgId int64, t *testing.T) int64 {
 	return user.ID
 }
 
-func setupTeamTestScenario(userCount int, db *sqlstore.SQLStore, t *testing.T) int64 {
+func setupTeamTestScenario(userCount int, db *sqlstore.SQLStore, orgService org.Service, t *testing.T) int64 {
 	teamService := teamimpl.ProvideService(db, setting.NewCfg()) // FIXME
 	user, err := db.CreateUser(context.Background(), user.CreateUserCommand{SkipOrgSetup: true, Login: testUserLogin})
 	require.NoError(t, err)
-	cmd := &models.CreateOrgCommand{Name: "TestOrg", UserId: user.ID}
+	cmd := &org.CreateOrgCommand{Name: "TestOrg", UserID: user.ID}
-	err = db.CreateOrg(context.Background(), cmd)
+	testOrg, err := orgService.CreateWithMember(context.Background(), cmd)
 	require.NoError(t, err)
-	testOrg := cmd.Result
 
-	team, err := teamService.CreateTeam("test", "test@test.com", testOrg.Id)
+	team, err := teamService.CreateTeam("test", "test@test.com", testOrg.ID)
 	require.NoError(t, err)
 
 	for i := 0; i < userCount; i++ {
-		userId := createUser(db, testOrg.Id, t)
+		userId := createUser(db, testOrg.ID, t)
 		require.NoError(t, err)
 
-		err = teamService.AddTeamMember(userId, testOrg.Id, team.Id, false, 0)
+		err = teamService.AddTeamMember(userId, testOrg.ID, team.Id, false, 0)
 		require.NoError(t, err)
 	}
 
-	return testOrg.Id
+	return testOrg.ID
 }
 
 var (
@@ -160,11 +161,12 @@ func TestAddTeamMembersAPIEndpoint_LegacyAccessControl(t *testing.T) {
 	cfg.RBACEnabled = false
 	cfg.EditorsCanAdmin = true
 	sc := setupHTTPServerWithCfg(t, true, cfg)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, cfg, quotatest.New(false, nil))
 	guardian := manager.ProvideService(database.ProvideTeamGuardianStore(sc.db, sc.teamService))
 	sc.hs.teamGuardian = guardian
 
 	teamMemberCount := 3
-	testOrgId := setupTeamTestScenario(teamMemberCount, sc.db, t)
+	testOrgId := setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInOrgAdmin(sc.initCtx)
 	newUserId := createUser(sc.db, testOrgId, t)
@@ -207,11 +209,12 @@ func TestAddTeamMembersAPIEndpoint_LegacyAccessControl(t *testing.T) {
 
 func TestGetTeamMembersAPIEndpoint_RBAC(t *testing.T) {
 	sc := setupHTTPServer(t, true)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, sc.cfg, quotatest.New(false, nil))
 	sc.hs.License = &licensing.OSSLicensingService{}
 
 	teamMemberCount := 3
 	// setupTeamTestScenario sets up 3 user (id: 2,3,4) in the team (id: 1)
-	testOrgId := setupTeamTestScenario(teamMemberCount, sc.db, t)
+	testOrgId := setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInViewer(sc.initCtx)
 	t.Run("Access control allows getting a team members with the right permissions", func(t *testing.T) {
@@ -261,10 +264,11 @@ func TestGetTeamMembersAPIEndpoint_RBAC(t *testing.T) {
 
 func TestAddTeamMembersAPIEndpoint_RBAC(t *testing.T) {
 	sc := setupHTTPServer(t, true)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, sc.cfg, quotatest.New(false, nil))
 	sc.hs.License = &licensing.OSSLicensingService{}
 
 	teamMemberCount := 3
-	testOrgId := setupTeamTestScenario(teamMemberCount, sc.db, t)
+	testOrgId := setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInViewer(sc.initCtx)
 	newUserId := createUser(sc.db, testOrgId, t)
@@ -297,11 +301,12 @@ func TestUpdateTeamMembersAPIEndpoint_LegacyAccessControl(t *testing.T) {
 	cfg.RBACEnabled = false
 	cfg.EditorsCanAdmin = true
 	sc := setupHTTPServerWithCfg(t, true, cfg)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, cfg, quotatest.New(false, nil))
 	guardian := manager.ProvideService(database.ProvideTeamGuardianStore(sc.db, sc.teamService))
 	sc.hs.teamGuardian = guardian
 
 	teamMemberCount := 3
-	setupTeamTestScenario(teamMemberCount, sc.db, t)
+	setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInOrgAdmin(sc.initCtx)
 	input := strings.NewReader(fmt.Sprintf(updateTeamMemberCmd, models.PERMISSION_ADMIN))
@@ -342,10 +347,11 @@ func TestUpdateTeamMembersAPIEndpoint_LegacyAccessControl(t *testing.T) {
 
 func TestUpdateTeamMembersAPIEndpoint_RBAC(t *testing.T) {
 	sc := setupHTTPServer(t, true)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, sc.cfg, quotatest.New(false, nil))
 	sc.hs.License = &licensing.OSSLicensingService{}
 
 	teamMemberCount := 3
-	setupTeamTestScenario(teamMemberCount, sc.db, t)
+	setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInViewer(sc.initCtx)
 	input := strings.NewReader(fmt.Sprintf(updateTeamMemberCmd, models.PERMISSION_ADMIN))
@@ -376,11 +382,12 @@ func TestDeleteTeamMembersAPIEndpoint_LegacyAccessControl(t *testing.T) {
 	cfg.RBACEnabled = false
 	cfg.EditorsCanAdmin = true
 	sc := setupHTTPServerWithCfg(t, true, cfg)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, sc.cfg, quotatest.New(false, nil))
 	guardian := manager.ProvideService(database.ProvideTeamGuardianStore(sc.db, sc.teamService))
 	sc.hs.teamGuardian = guardian
 
 	teamMemberCount := 3
-	setupTeamTestScenario(teamMemberCount, sc.db, t)
+	setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInOrgAdmin(sc.initCtx)
 	t.Run("Organisation admins can remove a team member", func(t *testing.T) {
@@ -417,10 +424,11 @@ func TestDeleteTeamMembersAPIEndpoint_LegacyAccessControl(t *testing.T) {
 
 func TestDeleteTeamMembersAPIEndpoint_RBAC(t *testing.T) {
 	sc := setupHTTPServer(t, true)
+	sc.hs.orgService, _ = orgimpl.ProvideService(sc.db, sc.cfg, quotatest.New(false, nil))
 	sc.hs.License = &licensing.OSSLicensingService{}
 
 	teamMemberCount := 3
-	setupTeamTestScenario(teamMemberCount, sc.db, t)
+	setupTeamTestScenario(teamMemberCount, sc.db, sc.hs.orgService, t)
 
 	setInitCtxSignedInViewer(sc.initCtx)
 	t.Run("Access control allows removing a team member with the right permissions", func(t *testing.T) {

pkg/services/accesscontrol/resourcepermissions/store_test.go

@@ -10,8 +10,10 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/grafana/grafana/pkg/infra/db"
-	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/org"
+	"github.com/grafana/grafana/pkg/services/org/orgimpl"
+	"github.com/grafana/grafana/pkg/services/quota/quotatest"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 	"github.com/grafana/grafana/pkg/services/user"
 )
@@ -435,8 +437,10 @@ func TestIntegrationStore_GetResourcePermissions(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.desc, func(t *testing.T) {
 			store, sql := setupTestEnv(t)
+			orgService, err := orgimpl.ProvideService(sql, sql.Cfg, quotatest.New(false, nil))
+			require.NoError(t, err)
 
-			err := sql.WithDbSession(context.Background(), func(sess *db.Session) error {
+			err = sql.WithDbSession(context.Background(), func(sess *db.Session) error {
 				role := &accesscontrol.Role{
 					OrgID:   tt.user.OrgID,
 					UID:     "seeded",
@@ -471,7 +475,7 @@ func TestIntegrationStore_GetResourcePermissions(t *testing.T) {
 			})
 			require.NoError(t, err)
 
-			seedResourcePermissions(t, store, sql, tt.query.Actions, tt.query.Resource, tt.query.ResourceID, tt.query.ResourceAttribute, tt.numUsers)
+			seedResourcePermissions(t, store, sql, orgService, tt.query.Actions, tt.query.Resource, tt.query.ResourceID, tt.query.ResourceAttribute, tt.numUsers)
 
 			tt.query.User = tt.user
 			permissions, err := store.GetResourcePermissions(context.Background(), tt.user.OrgID, tt.query)
@@ -481,21 +485,20 @@ func TestIntegrationStore_GetResourcePermissions(t *testing.T) {
 	}
 }
 
-func seedResourcePermissions(t *testing.T, store *store, sql *sqlstore.SQLStore, actions []string, resource, resourceID, resourceAttribute string, numUsers int) {
+func seedResourcePermissions(t *testing.T, store *store, sql *sqlstore.SQLStore, orgService org.Service, actions []string, resource, resourceID, resourceAttribute string, numUsers int) {
 	t.Helper()
-	var org *models.Org
+	var orgModel *org.Org
 	for i := 0; i < numUsers; i++ {
-		if org == nil {
+		if orgModel == nil {
-			cmd := &models.CreateOrgCommand{Name: "test", UserId: int64(i)}
+			cmd := &org.CreateOrgCommand{Name: "test", UserID: int64(i)}
-			err := sql.CreateOrg(context.Background(), cmd)
+			addedOrg, err := orgService.CreateWithMember(context.Background(), cmd)
 			require.NoError(t, err)
-			addedOrg := cmd.Result
+			orgModel = addedOrg
-			org = &addedOrg
 		}
 
 		u, err := sql.CreateUser(context.Background(), user.CreateUserCommand{
 			Login: fmt.Sprintf("user:%s%d", resourceID, i),
-			OrgID: org.Id,
+			OrgID: orgModel.ID,
 		})
 		require.NoError(t, err)
 

pkg/services/org/orgimpl/store_test.go

@@ -173,21 +173,21 @@ func TestIntegrationOrgDataAccess(t *testing.T) {
 	})
 
 	t.Run("Testing Account DB Access", func(t *testing.T) {
-		sqlStore := db.InitTestDB(t)
+		ss := db.InitTestDB(t)
-
+		orgStore = sqlStore{
-		t.Run("Given we have organizations, we can query them by IDs", func(t *testing.T) {
+			db:      ss,
-			var err error
+			dialect: ss.GetDialect(),
-			var cmd *models.CreateOrgCommand
+		}
 		ids := []int64{}
 
 		for i := 1; i < 4; i++ {
-				cmd = &models.CreateOrgCommand{Name: fmt.Sprint("Org #", i)}
+			cmd := &org.CreateOrgCommand{Name: fmt.Sprint("Org #", i)}
-				err = sqlStore.CreateOrg(context.Background(), cmd)
+			res, err := orgStore.CreateWithMember(context.Background(), cmd)
 			require.NoError(t, err)
-
+			ids = append(ids, res.ID)
-				ids = append(ids, cmd.Result.Id)
 		}
 
+		t.Run("Given we have organizations, we can query them by IDs", func(t *testing.T) {
 			query := &org.SearchOrgsQuery{IDs: ids}
 			queryResult, err := orgStore.Search(context.Background(), query)
 
@@ -195,14 +195,6 @@ func TestIntegrationOrgDataAccess(t *testing.T) {
 			require.Equal(t, len(queryResult), 3)
 		})
 
-		t.Run("Given we have organizations, we can limit and paginate search", func(t *testing.T) {
-			sqlStore = db.InitTestDB(t)
-			for i := 1; i < 4; i++ {
-				cmd := &models.CreateOrgCommand{Name: fmt.Sprint("Org #", i)}
-				err := sqlStore.CreateOrg(context.Background(), cmd)
-				require.NoError(t, err)
-			}
-
 		t.Run("Should be able to search with defaults", func(t *testing.T) {
 			query := &org.SearchOrgsQuery{}
 			queryResult, err := orgStore.Search(context.Background(), query)
@@ -227,7 +219,6 @@ func TestIntegrationOrgDataAccess(t *testing.T) {
 			require.Equal(t, len(queryResult), 1)
 		})
 	})
-	})
 }
 
 func TestIntegrationOrgUserDataAccess(t *testing.T) {

pkg/services/provisioning/dashboards/config_reader_test.go

@@ -3,14 +3,12 @@ package dashboards
 import (
 	"context"
 	"errors"
-	"fmt"
 	"os"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/org/orgtest"
@@ -26,7 +24,7 @@ var (
 func TestDashboardsAsConfig(t *testing.T) {
 	t.Run("Dashboards as configuration", func(t *testing.T) {
 		logger := log.New("test-logger")
-		store := db.InitTestDB(t)
+		// store := db.InitTestDB(t)
 		orgFake := orgtest.NewOrgServiceFake()
 
 		t.Run("Should fail if orgs don't exist in the database", func(t *testing.T) {
@@ -38,12 +36,6 @@ func TestDashboardsAsConfig(t *testing.T) {
 			orgFake.ExpectedError = nil
 		})
 
-		for i := 1; i <= 2; i++ {
-			orgCommand := models.CreateOrgCommand{Name: fmt.Sprintf("Main Org. %v", i)}
-			err := store.CreateOrg(context.Background(), &orgCommand)
-			require.NoError(t, err)
-		}
-
 		t.Run("default values should be applied", func(t *testing.T) {
 			cfgProvider := configReader{path: appliedDefaults, log: logger, orgService: orgFake}
 			cfg, err := cfgProvider.readConfig(context.Background())

pkg/services/provisioning/notifiers/config_reader_test.go

@@ -14,7 +14,8 @@ import (
 	encryptionservice "github.com/grafana/grafana/pkg/services/encryption/service"
 	"github.com/grafana/grafana/pkg/services/notifications"
 	"github.com/grafana/grafana/pkg/services/org"
-	"github.com/grafana/grafana/pkg/services/org/orgtest"
+	"github.com/grafana/grafana/pkg/services/org/orgimpl"
+	"github.com/grafana/grafana/pkg/services/quota/quotatest"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
 
 	"github.com/stretchr/testify/require"
@@ -35,24 +36,22 @@ var (
 
 func TestNotificationAsConfig(t *testing.T) {
 	var sqlStore *sqlstore.SQLStore
-	var orgFake org.Service
+	var orgService org.Service
 	var ns *alerting.AlertNotificationService
 	logger := log.New("fake.log")
-	orgService := orgtest.NewOrgServiceFake()
-	orgService.ExpectedOrg = &org.Org{}
 
 	encryptionService := encryptionservice.SetupTestService(t)
 
 	t.Run("Testing notification as configuration", func(t *testing.T) {
 		setup := func() {
 			sqlStore = db.InitTestDB(t)
-			orgFake = orgtest.NewOrgServiceFake()
+			orgService, _ = orgimpl.ProvideService(sqlStore, sqlStore.Cfg, quotatest.New(false, nil))
 			nm := &notifications.NotificationService{}
 			ns = alerting.ProvideService(sqlStore, encryptionService, nm)
 
 			for i := 1; i < 5; i++ {
-				orgCommand := models.CreateOrgCommand{Name: fmt.Sprintf("Main Org. %v", i)}
+				orgCommand := org.CreateOrgCommand{Name: fmt.Sprintf("Main Org. %v", i)}
-				err := sqlStore.CreateOrg(context.Background(), &orgCommand)
+				_, err := orgService.CreateWithMember(context.Background(), &orgCommand)
 				require.NoError(t, err)
 			}
 
@@ -73,7 +72,7 @@ func TestNotificationAsConfig(t *testing.T) {
 			setup()
 			_ = os.Setenv("TEST_VAR", "default")
 			cfgProvider := &configReader{
-				orgService:        orgFake,
+				orgService:        orgService,
 				encryptionService: encryptionService,
 				log:               log.New("test logger"),
 			}
@@ -282,7 +281,7 @@ func TestNotificationAsConfig(t *testing.T) {
 
 		t.Run("Broken yaml should return error", func(t *testing.T) {
 			reader := &configReader{
-				orgService:        orgFake,
+				orgService:        orgService,
 				encryptionService: encryptionService,
 				log:               log.New("test logger"),
 			}
@@ -293,7 +292,7 @@ func TestNotificationAsConfig(t *testing.T) {
 
 		t.Run("Skip invalid directory", func(t *testing.T) {
 			cfgProvider := &configReader{
-				orgService:        orgFake,
+				orgService:        orgService,
 				encryptionService: encryptionService,
 				log:               log.New("test logger"),
 			}
@@ -307,7 +306,7 @@ func TestNotificationAsConfig(t *testing.T) {
 
 		t.Run("Unknown notifier should return error", func(t *testing.T) {
 			cfgProvider := &configReader{
-				orgService:        orgFake,
+				orgService:        orgService,
 				encryptionService: encryptionService,
 				log:               log.New("test logger"),
 			}
@@ -318,7 +317,7 @@ func TestNotificationAsConfig(t *testing.T) {
 
 		t.Run("Read incorrect properties", func(t *testing.T) {
 			cfgProvider := &configReader{
-				orgService:        orgFake,
+				orgService:        orgService,
 				encryptionService: encryptionService,
 				log:               log.New("test logger"),
 			}

pkg/services/serviceaccounts/api/api_test.go

@@ -61,8 +61,8 @@ func TestServiceAccountsAPI_CreateServiceAccount(t *testing.T) {
 		store.Cfg.AutoAssignOrg = autoAssignOrg
 	}()
 
-	orgCmd := &models.CreateOrgCommand{Name: "Some Test Org"}
+	orgCmd := &org.CreateOrgCommand{Name: "Some Test Org"}
-	err = store.CreateOrg(context.Background(), orgCmd)
+	_, err = orgService.CreateWithMember(context.Background(), orgCmd)
 	require.Nil(t, err)
 
 	type testCreateSATestCase struct {

pkg/services/serviceaccounts/database/database_test.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/infra/kvstore"
-	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/services/apikey/apikeyimpl"
 	"github.com/grafana/grafana/pkg/services/org"
 	"github.com/grafana/grafana/pkg/services/org/orgimpl"
@@ -43,13 +42,13 @@ func TestStore_CreateServiceAccountOrgNonExistant(t *testing.T) {
 
 func TestStore_CreateServiceAccount(t *testing.T) {
 	_, store := setupTestDatabase(t)
-	orgQuery := &models.CreateOrgCommand{Name: sqlstore.MainOrgName}
+	orgQuery := &org.CreateOrgCommand{Name: sqlstore.MainOrgName}
-	err := store.sqlStore.CreateOrg(context.Background(), orgQuery)
+	orgResult, err := store.orgService.CreateWithMember(context.Background(), orgQuery)
 	require.NoError(t, err)
 
 	t.Run("create service account", func(t *testing.T) {
 		serviceAccountName := "new Service Account"
-		serviceAccountOrgId := orgQuery.Result.Id
+		serviceAccountOrgId := orgResult.ID
 		serviceAccountRole := org.RoleAdmin
 		isDisabled := true
 		saForm := serviceaccounts.CreateServiceAccountForm{
@@ -175,7 +174,7 @@ func TestStore_MigrateApiKeys(t *testing.T) {
 			store.sqlStore.Cfg.AutoAssignOrg = true
 			store.sqlStore.Cfg.AutoAssignOrgId = 1
 			store.sqlStore.Cfg.AutoAssignOrgRole = "Viewer"
-			err := store.sqlStore.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "main"})
+			_, err := store.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "main"})
 			require.NoError(t, err)
 			key := tests.SetupApiKey(t, db, c.key)
 			err = store.MigrateApiKey(context.Background(), key.OrgId, key.Id)
@@ -252,7 +251,7 @@ func TestStore_MigrateAllApiKeys(t *testing.T) {
 			store.sqlStore.Cfg.AutoAssignOrg = true
 			store.sqlStore.Cfg.AutoAssignOrgId = 1
 			store.sqlStore.Cfg.AutoAssignOrgRole = "Viewer"
-			err := store.sqlStore.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "main"})
+			_, err := store.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "main"})
 			require.NoError(t, err)
 
 			for _, key := range c.keys {
@@ -314,7 +313,7 @@ func TestStore_RevertApiKey(t *testing.T) {
 			store.sqlStore.Cfg.AutoAssignOrg = true
 			store.sqlStore.Cfg.AutoAssignOrgId = 1
 			store.sqlStore.Cfg.AutoAssignOrgRole = "Viewer"
-			err := store.sqlStore.CreateOrg(context.Background(), &models.CreateOrgCommand{Name: "main"})
+			_, err := store.orgService.CreateWithMember(context.Background(), &org.CreateOrgCommand{Name: "main"})
 			require.NoError(t, err)
 
 			key := tests.SetupApiKey(t, db, c.key)