tenant-config: Filter inactive tenants in name-based query

[Hoseong-Seo]

Describe the feature

When a tenant is deleted via DELETE /tenants/, the record is soft-deleted by setting sbtaws_active = False. However, _get_tenant_config_by_name in
index.py
queries the GSI by name without filtering on sbtaws_active:

def _get_tenant_config_by_name(name):
response = tenant_details_table_handler.query(
IndexName=tenant_config_index_name,
KeyConditionExpression=Key(tenant_name_column).eq(name),
)
# Items[0] may be the deleted tenant
This causes the deleted tenant's config to be returned when a new tenant with the same name is created.

Use Case

1. Create tenant with name "acme"
2. Delete tenant "acme" (soft delete: sbtaws_active → False)
3. Create a new tenant with name "acme"
4. Call GET /tenant-config/acme
5. The deleted tenant's config is returned instead of the new active tenant's config, making the new tenant unable to access the application.

Proposed Solution

Add FilterExpression to the name-based query:

from boto3.dynamodb.conditions import Attr

response = tenant_details_table_handler.query(
IndexName=tenant_config_index_name,
KeyConditionExpression=Key(tenant_name_column).eq(name),
FilterExpression=Attr("sbtaws_active").eq(True),
)

Other Information

Affected file:
index.py — _get_tenant_config_by_name

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.1029.2

Environment details (OS name and version, etc.)

macOS (darwin), Node.js 24.3.0, Python 3.10