8.7.0.1 | Filters | Tenant Culling Filter

The Tenant Culling filter is used on resources that need further specific tenant id information. The filter looks at all the tenants that Keystone returns for a user to creates and populates a list of them based on the specific roles that were used to grant access to the resource.

General filter information

Name: tenant-culling
Default Configuration: No configuration
Released: v8.7.0.0
Bundle: repose-filter-bundle
No Configuration Schema

Prerequisites & Postconditions

Required Request Headers

X-Auth-Token-Key - The datastore cache key that contains the users token information.
X-Relevant-Roles - The roles this user was granted access based on.

Required Preceding Filters

The following filters are used to populate the Required Request Headers:

Keystone v2 filter - Sets the user’s tenant info in the datastore as well as sets the X-Auth-Token-Key header.
Simple RBAC filter / API Validator filter - Either one is required because they set the X-Relevant-Roles header.

Request Headers Created

X-Tenant-Id - The tenants that match the roles this request was authorized with as well as the default if present.

This header will be replaced if previously present.

Request Body Changes

This filter does not modify the request body.

Recommended Follow-On (Succeeding) Filters

This filter is not strictly required by any other filters.

Response Body Changes

This filter does not modify the response body.

Response Headers Created

Changes to response headers vary based on configuration.

Response Status Codes

Response Code	Reason
401	`X-Auth-Token-Key` is missing The datastore fails to find an entry matching the presented key, typically because the TTL for the cached info has expired.