feat(tenants): isPlatformTenant flag replaces PLATFORM_TENANT_SLUG

Identifying the company tenant by slug in env was fragile — every purge/recreate changed the slug (or id) and the apex guard chased reality through three config flips in one day. The identity now lives ON the tenant document: isPlatformTenant, operator-set from the tenant page (single holder — setting it clears the flag everywhere else), guarded so tenant admins can't set it on themselves through the shared PATCH route. The dezky.eu apex guard reads the flag; PLATFORM_TENANT_SLUG is gone. Dev seed flags its seeded tenant. config-rev 5 rolls platform-api.
2026-06-10 21:47:27 +02:00
parent eefe1b3ec3
commit 83214eb379
12 changed files with 93 additions and 31 deletions
@@ -19,11 +19,10 @@ data:
  STALWART_ADMIN_USER: "admin@dezky.eu"
  STALWART_PROVISIONING_ENABLED: "true"
  # Base for per-tenant service mail domains ({slug}.dezky.eu) AND the
-  # reserved namespace for customer domains: only the company's own tenant
-  # (PLATFORM_TENANT_SLUG) may claim the apex; nothing under it can be added
-  # as a customer domain.
+  # reserved namespace for customer domains: only the tenant flagged
+  # isPlatformTenant (operator-set on the tenant page) may claim the apex;
+  # nothing under it can be added as a customer domain.
  PLATFORM_TENANT_DOMAIN: "dezky.eu"
-  PLATFORM_TENANT_SLUG: "dezky-aps"
  # No auto-seeded tenants in production — the dezky company tenant is
  # created and owned through the operator like any other.
  SEED_ENABLED: "false"
@@ -21,7 +21,7 @@ spec:
      annotations:
        # Bump to force a rolling restart when only the ConfigMap changed —
        # pods read it as env, which is only resolved at container start.
-        dezky.eu/config-rev: "4"
+        dezky.eu/config-rev: "5"
    spec:
      containers:
        - name: platform-api