From ea864bff0bb56849fd13d0726c03ad45bb15e714 Mon Sep 17 00:00:00 2001
From: "Yunhong, Jiang" <yunhong.jiang@intel.com>
Date: Thu, 15 Nov 2012 14:19:57 +0800
Subject: [PATCH] Change all tenants servers listing as policy-based

Currently when list servers from all tenants (i.e. --all-tenants is set as 1
when "nova list"), privilege is required.

However, computer pollster in ceilometer need to get all instances from
all tenants in one host. Granting admin privilege to the pollster is
not very secure.

All tenants servers list should be policy-based, instead of requiring
admin privelege.

There is one potential backward compatibility. With all_tenants specified,
non-admin accounts will get back owned servers only without this patch,
however it will get policy exception now if policy checking failed. IMHO
the new behaviour makes more sense.

Change-Id: I8f1f064434ab12b6c0cd636f84dfc1b6a9b2fc90
Signed-off-by: Yunhong, Jiang <yunhong.jiang@intel.com>
---
 nova/tests/policy.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nova/tests/policy.json b/nova/tests/policy.json
index b08e89ba..33a08c7c 100644
--- a/nova/tests/policy.json
+++ b/nova/tests/policy.json
@@ -8,6 +8,7 @@
 
     "compute:get": "",
     "compute:get_all": "",
+    "compute:get_all_tenants": "",
 
     "compute:update": "",