ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix(domains): platform tenant slug is configurable (prod: dezky-aps)
ci / changes (push) Successful in 4s
Details
ci / tc_portal (push) Has been skipped
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / tc_platform_api (push) Successful in 23s
Details
ci / build_portal (push) Has been skipped
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / test_platform_api (push) Successful in 32s
Details
ci / build_platform_api (push) Successful in 18s
Details
ci / deploy (push) Successful in 41s
Details

Browse Source 
The company tenant ended up as slug dezky-aps (the seeded 'dezky' tenant was
deleted), so the hardcoded apex allowance for slug 'dezky' would have
rejected adding dezky.eu to the real tenant. PLATFORM_TENANT_SLUG env
(default 'dezky') now names the only tenant allowed to claim the
PLATFORM_TENANT_DOMAIN apex.
This commit is contained in:
Ronni Baslund
2026-06-10 20:57:31 +02:00
parent f66a343472
commit 25d932d3c1
3 changed files with 23 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
infrastructure/production/fleet/apps/platform-api-config.yaml
+4 -2
View File
@@ -19,9 +19,11 @@ data:
STALWART_ADMIN_USER: "admin@dezky.eu"
STALWART_PROVISIONING_ENABLED: "true"
# Base for per-tenant service mail domains ({slug}.dezky.eu) AND the
# reserved namespace for customer domains: only the dezky tenant may claim
# the apex; nothing under it can be added as a customer domain.
# reserved namespace for customer domains: only the company's own tenant
# (PLATFORM_TENANT_SLUG) may claim the apex; nothing under it can be added
# as a customer domain.
PLATFORM_TENANT_DOMAIN: "dezky.eu"
PLATFORM_TENANT_SLUG: "dezky-aps"
# JWT validation for portal/operator-issued access tokens. Public Authentik
# URLs on purpose: the token `iss` claim is the public URL, and the pod can
# hairpin to it through the node's public IP.