The default policy for server_list API in nova has changed. This
exposed a problem in the way Horizon was calling server_list when
reading quota values. The call was always made with
all_tenants=True, which is only something admin should be able to
do. Instead of ignoring the privilege problem in the API as in the
past, there is a pre-emptive policy check that makes the call fail.
The fix in Horizon is to only pass in all_tenants=True when the
user has the appropriate privilege level. nova_policy.json has been
updated with the appropriate default and the permission check has
been added.
Removing passing in all_tenants=True at all was contemplated, but
when setting quota values on projects in the identity dashboard,
the administrator level user needs to read quota values from a
project that they are not currently scoped to.
This fixes the error on the network topology screen that was the
motivation for the original bug report.
Closes-Bug: #1468551
Change-Id: I4255c57f81a13cac121596c99eea4ac629ed9ca7
6bfeee5baf