RBAC filter changes for multi-tenant

Description

There is a new configuration option called rax:isTenant that you can put on a WADL param to have it extract the param as a tenant. It is disabled by default, but rax:roles will enable it if it sees a role with the pattern role/{tenantParam}. So technically, you don’t need to change anything in API Validator — unless you want to enabled rax:isTenant without enabling rax:roles — which means tenant roles get resolved but no authorization is performed. That’s useful in cases where you want to do authorization in another filter down the chain.

We won't need to make any changes in API Checker since the updated features are accessible in the WADL. We will need to update Simple RBAC in order to let the user set the header parameter at the top of the WADL through a new configuration option.

The new configuration option attribute that will be called tenant-header-name on the simple-rbac element.

Acceptance Criteria:

  • API Validation supports multiple tenants.

    • Even though we won't be making updates to API Validation, we want to add some tests.

  • Simple RBAC supports multiple tenants.

Environment

None

Status

Assignee

Bill Scheidegger

Reporter

Mario Lopez

Labels

External issue ID

None

External issue ID

None

External issue ID

None

External issue ID

None

External issue ID

None

External issue ID

None

CoAssignee

None

Capitalizable

True

Story Points

3

Epic Link

Sprint

None

Fix versions

Priority

Medium