Admin tenants list API call returns partial list

The API doc at http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listTenants_v2.0_tenants_Admin_API_Service_Developer_Operations-d1e1356.html suggests that this is in fact the correct behaviour.

However, an administrator does need to be able to get a complete list of tenants, does that need to be an extension? Seems like it could be something like one of these:

GET /v2.0/tenants/OS_KSADM

GET /v2.0/OS-KSADM/tenants

Can an extension change the defined behaviour by adding query strings to an already defined URL? If so, this seems simplest:

GET /v2.0/tenants?scope=all

Termie, Dolph, Joe Heck and myself discussed this on 2/16 and determined that the best solution is to restore the special-cased admin behavior for the essex release, and to fix this at the API level in Folsom.

The crux of the argument is that if you're listing the tenants for a token, the API should look like GET /tokens/foo/tenants/, not the current call to GET /tenants/ with the token as a header. The specific details will be hashed out at/after the design summit.

Reviewed: https://review.openstack.org/4384
Committed: http://github.com/openstack/keystone/commit/77c11b2ba190a5c7b7e4d7d47ea8775d58fcaf30
Submitter: Jenkins
Branch: master

commit 77c11b2ba190a5c7b7e4d7d47ea8775d58fcaf30
Author: Gabriel Hurley <email address hidden>
Date: Tue Feb 21 21:24:19 2012 -0800

    Implements admin logic for tenant_list call.

    Incidentally this required refactoring the keystoneclient
    tests to differentiate between calls that are explicitly
    admin API calls vs. public API calls. Previously all tests
    had been hitting the admin API endpoint.

    Fixed bug 933786.

    Change-Id: I50c2505aefb64636b7b64fbff045fd427715396b