Kv2 needs to send tenant and tenant roles to back end filters. Goal of story is to capture tenant roles for ticketing rbac.
Info is already passed as header with the whole service catalog. Shouldn't be a requirement to continue to pass the header to OS. The OS shouldn't care about this data unless explicitly told to do so
- A request header exists that points back to the items in the local datastore where this information is.
- Docs are updated to reflect that this feature requires Kv2 cache to be configured 'on' for this feature to work.
- Cache misses due to ttl milliseconds will be handled as token expiration.
- Kv2 filter should add response header www-authenticate if it sees a 401 from downstream filters / origin service.