neutron list commands don't provide tenant information in admin

What credentials are you running neutron client with?

enikanorov: admin, as I said

That is intended behavior. In CLI admin user can see resources of other admins.
I saw similar bugs filed for such behavior. As far as I recall, this is how it always worked and this will not be changed for API v2.

enikanorov: not even adding a tenant name to display?

enikanorov: an example for when no "tenant_name/id" field prevents you from working with secgroups:
https://bugs.launchpad.net/neutron/+bug/1250768

The all-tenants syntax, as well as displaying tenant_id in list results is supported by a wide set of openstack projects.
As far as I am aware at least nova, glance, and cinder.

Neutron should be consistent in the interest of providing a uniform user experience (and as pointed out by Yair - improve usability).

I am proposing to confirm and target this bug.

I have also moved the bug to the client project - it does not pertain, in my opinion to the API (unless we find out there's no way for an admin tenant to get only its own resources, which would be a server-side bug)

This issue could be fixed by displaying tenant_id in the list command's output.
Please provide your opinion on this.

I know that you could add/remove columns in cli, but I'd prefer it if Neutron had the same "all-tenants" flag as nova and have it set to False by default.
The neutron admin client acts differently than other projects admin client

As Salvatore said already

Hello,
I was checking this littlebit and I think that if it should be made as "--all-tenants" flag which admin user can set to True then it should be probably changed in neutron api code and in neutronclient code only simple new flag should be added to list commands. What are You think about that? Maybe I completly misunderstand something and it can be done only in neutronclient code?

Related fix proposed to branch: master
Review: https://review.openstack.org/190817

Generally speaking, I agree that --all-tenants option is more consistent with other openstack projects.

However, we have several issues to be addressed before changing the client behavior.

* The behavior is backward-incompatible. It changes the client behaviors with admin roles.
   If we make this change, admins who use neutron CLI for some automated operations are forced to change their scripts.

* Behaviors of listing Neutron resource sometimes requires special filtering if we introduce --all-tenants option and show only resources which belong to a current project. For example, how do we handle 'router:external=True network' or 'shared' network/firewall? There are no so many such resources, so we can handle it specially.

The first point is more important to me. I think at least we need the major version bumping: 3.x.x.

Change abandoned by Kyle Mestery (<email address hidden>) on branch: master
Review: https://review.openstack.org/190817
Reason: This review is > 4 weeks without comment and currently blocked by a core reviewer with a -2. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and contacting the reviewer with the -2 on this review to ensure you address their concerns.

each List class in neutron has a data type list (coloumn['s','s',...]) that determine which values has to be displayed for each list command.

i want your view on this solution that if we add a 'tenant_id' tag in this list we can get the tenant_id for the list commands. but for this we have to edit alot of classes.

reply will be appriciated. i am new to this and want to help and learn

Example:

In ListNetwork class we have
-list_columns = ['id', 'name', 'subnets']

if we edit this to
list_columns = ['tenant_id','id', 'name', 'subnets']

Now on running neutron net-list command we will also get tenant_id along with id, name and subnets.

Fix proposed to branch: master
Review: https://review.openstack.org/396623

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/396623
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.