<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<pre style="margin: 1.5em 0px; padding: 0px; border: 0px; font-weight: normal; font-style: normal; font-size: 12.0012px; font-family: 'andale mono', 'lucida console', monospace; vertical-align: baseline; white-space: pre-wrap; font-variant: normal; font-stretch: normal; line-height: 18.0018px; color: rgb(83, 83, 83); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">See the commit that just merged:
<a href="https://review.openstack.org/#/c/240719/" style="margin: 0px; padding: 0px; border: 0px; font-weight: inherit; font-style: inherit; font-size: 12.0012px; font-family: inherit; vertical-align: baseline; color: rgb(188, 21, 24); text-decoration: none;">https://review.openstack.org/#/c/240719/</a>
You could create a role called "observer" or "auditor" on the admin
project, and modify the policy files for the services you want so that
users with "auditor" with tokens that have "is_admin_project" set can
read the data for that API.
Can you enumerate the APIS you want to call this way?</pre>
</blockquote>
this will probably need a patch in ceilometer. it currently is
configured to limit results to a matching project of user. if this
functionality is required, you should raise it on dev list or as a
bug.<br>
<br>
cheers,<br>
<br>
<pre class="moz-signature" cols="72">--
gord</pre>
</body>
</html>