The default Neutron policy is that the provider:* attributes are only
sent on a get_networks() call if the caller is an admin. Well, Capnet
needs that attribute so it knows which Capnet bridge to put a virtual
NIC into. And it turns out that if a non-admin user adds a VM to an
admin-owned shared network, when Nova sets up the VM, it calls out to
Neutron to collect network info for the VM -- but it must be doing it as
the tenant user -- not with its admin powers. Well, we have to know
this attribute... so we open up the policy a tiny bit to send the
provider:physical_network attribute if the network is a shared network.
So we override that default Neutron policy bit here.
This is really the wrong thing to do, I suppose, because it leaks
provider info through get_networks for shared networks. But the
alternative is to make a secondary call in our Nova plugin to
get_networks() with admin creds, and that I don't have time for right
(The bit of our Nova plugin that requires this is in
Nova agent collected the port's network info