Skip to content

fix(domains): cluster-default deployments skip domain/subdomain approval#137

Merged
uittenbroekrobbert merged 1 commit into
mainfrom
fix/cluster-default-skips-domain-approval
Jun 12, 2026
Merged

fix(domains): cluster-default deployments skip domain/subdomain approval#137
uittenbroekrobbert merged 1 commit into
mainfrom
fix/cluster-default-skips-domain-approval

Conversation

@uittenbroekrobbert

Copy link
Copy Markdown
Contributor

The bug (blocks PR deployments)

A colleague's new PR deployment failed with:

Gebruik van een subdomein 'pr797' voor het domein 'rijksapp.dev' is op aanvraag (error_type: domain_validation)

…for a deployment that uses the cluster default and never requested rijksapp.dev.

Root cause

In DomainConfigEnforcer.enforce, when a deployment has no base-domain (cluster default), actual_domain was resolved to:

actual_domain = next(iter(supported)) if supported else None   # ARBITRARY supported domain (set order)

That arbitrary domain happened to be rijksapp.dev — a subdomain-restricted platform domain — so the subdomain-approval check ran its restrictions against a cluster-default deployment and rejected it. (Most regel-k4c PRs predate the API enforcer, so pr797 was just the first new one to hit it.)

Fix

Resolve actual_domain = None for the cluster default. There is no user-chosen domain to validate, so every if actual_domain … check (dots-compat, base-domain approval, subdomain approval, availability, bare-domain) naturally skips — the cluster default is always allowed. Explicit base-domains and __custom__ are unchanged and still go through approval.

Tests

  • cluster-default + restricted subdomainno error (fails on pre-fix code).
  • explicit restricted domain + unapproved subdomainstill rejected (feature intact).
  • 697 domain/wizard/enforce tests pass; ruff + pyright clean.

So the answer to "moeten we iets veranderen aan onze URL-strategie?" is no — the URL strategy is fine; this was a validation bug. Cluster-default PRs deploy normally once this ships.

A deployment with no base-domain uses the cluster-default URL -- the platform
default, not a user-requested domain. The enforcer resolved a missing
base-domain to next(iter(supported)) (an ARBITRARY supported domain, set-iteration
order) and then ran THAT domain's subdomain restrictions against the deployment,
wrongly rejecting cluster-default PR deployments:

  "Gebruik van een subdomein 'pr797' voor het domein 'rijksapp.dev' is op aanvraag"

for a deployment that only ever used the cluster default.

Resolve actual_domain to None for the cluster default, so every domain/subdomain
check (dots-compat, base-domain approval, subdomain approval, availability,
bare-domain) skips -- there is nothing to approve. Explicit base-domains and the
"__custom__" path are unchanged and still go through approval.

Regression tests: cluster-default + restricted subdomain -> no error; explicit
restricted domain + unapproved subdomain -> still rejected.
@uittenbroekrobbert uittenbroekrobbert merged commit f74d03e into main Jun 12, 2026
19 of 20 checks passed
@uittenbroekrobbert uittenbroekrobbert deleted the fix/cluster-default-skips-domain-approval branch June 12, 2026 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant