Context

last updated: 2025-09-10

Every entity inside DTZ needs to have a parent context. This represents the organizational structure to hold an entity, allow access control, and provides accounting and billing. Every user has by default attached to its session. So whenever a user is logged in, regardless of the method (apikey, oauth, etc.) the session already has a context attached to it.

flowchart LR 
  uid[User Identity] -- "has access" --> context
  subgraph context
  Context[Context Core] -- "owns" --> Objectstore
  Context -- "owns" --> Containers
  Context -- "owns" --> Rss2Email
  Context -- "owns" --> E@{ shape: processes, label: "Other Services"}
  end

The current context is always shown in the title bar on the top left.

DTZ Context

Changing the context can be achieved by selecting the new context from the drop-down menu.

A new context can be created through the main page or the following link.

https://dtz.rocks/new/ | New Context

In Terraform, the context is implicitly derived from the user session or fetched using the dtz_context data source—even if it’s not explicitly declared in the resource block.

Context Admin

Context admin is a role that allow the owning identity the right to control rights and roles regarding the context. The creator of the context always gets assigned the role of context admin.

Also a new identity is created for the context, which serves as service principle within the context. The identity is created with the following alias.

admin@{context_id}.dtz.rocks

All Context admins automatically get access to all used services within the context.