Tenant-ID Topic Prefix

Topic names must begin with a tenant identifier prefix t-<6 alphanum>. Every topic belongs to exactly one tenant.

“Like every partner and a customer is really a tenant. There's like about 26 tenants or partners.”

Rationale

Without a tenant prefix, RBAC by prefix-pattern is impossible and cross-tenant ACL leakage becomes unprovable. A canonical t-<id>. prefix is the foundation every other multi-tenant control depends on: chargeback, quotas, prefix-based ACLs, audit attribution. The starter pack's env.domain.entity.v1 convention is orthogonal; the tenant prefix sits in front of it.

Pattern

^t-[a-z0-9]{6}\.(dev|staging|prod)\.[a-z0-9-]+\.[a-z0-9-]+\.v[0-9]+$

Examples

Parameters

Implementation

Drop this YAML into Conduktor Console as a ResourcePolicy, then link it from an ApplicationInstance, Application, or KafkaCluster.

# Conduktor self-service ResourcePolicy
# Schema: https://docs.conduktor.io/platform/reference/resource-reference/self-service/#resourcepolicy
# Composes with the starter topic-name-convention policy: tenant prefix sits in FRONT
# of the env.domain.entity.v1 segment.
---
apiVersion: self-serve/v1
kind: ResourcePolicy
metadata:
  name: tenant-id-topic-prefix
spec:
  targetKind: Topic
  description: Topic names must begin with t-<6 alphanum>. (e.g. t-ab12cd.prod.orders.placed.v1)
  rules:
    - condition: metadata.name.matches("^t-[a-z0-9]{6}\\..*")
      errorMessage: "Topic name must start with a tenant prefix t-<6 alphanum>. (e.g. t-ab12cd.prod.orders.placed.v1)"

Related policies

• Topic Name Convention
• Consumer Group Prefix
• Tenant Label Must Match Topic Prefix