8.8.1.0 | Filters | Tenant Culling Filter

The Tenant Culling filter is used on resources that need further specific tenant id information. The filter looks at all the tenants that Keystone returns for a user to creates and populates a list of them based on the specific roles that were used to grant access to the resource.

General filter information

Name: tenant-culling
Default Configuration: No configuration
Released: v8.7.0.0
Bundle: repose-filter-bundle
No Configuration Schema

Prerequisites & Postconditions

Required Request Headers

X-Map-Roles - A mapping between tenants and the roles on them. The value of this header is a JSON object that has been base 64 encoded.
X-Relevant-Roles - The roles this user was granted access based on.

Required Preceding Filters

The following filters are used to populate the Required Request Headers:

Keystone v2 filter - Populates the X-Map-Roles header needed to determine the appropriate tenant ids.
Simple RBAC filter / API Validator filter - Either one is required because they set the X-Relevant-Roles header.

Request Headers Created

X-Tenant-Id - The tenants that match the roles this request was authorized with.
X-Map-Roles - The mapping will be updated to only contain those tenants that have a role that matched against relevant roles.

These headers prior values will be overwritten where existent.

Request Body Changes

This filter does not modify the request body.

Recommended Follow-On (Succeeding) Filters

This filter is not strictly required by any other filters.

Response Body Changes

This filter does not modify the response body.

Response Headers Created

Changes to response headers vary based on configuration.

Response Status Codes

Response Code	Reason
500	`X-Map-Roles` is missing, can’t be decoded, or is a malformed JSON object.