Matt Riedemann <mriedemos@gmail.com> wrote on 01/16/2019 09:34:17 AM:
One more note about this - I have not yet tested doing a snapshot of a volume-backed server where the admin creates the snapshot and the tenant user tries to create a new server from that snapshot. In that case the tenant user should have access to the snapshot image, but they might not have access to the volume snapshot so that could still fail. For that to work, we'd likely need to force an ownership transfer of the volume to the tenant user (owner of the server) I guess.
Or depend on a new cinder capability for sharing volumes across projects, similar to how images can be shared across projects. This would be useful for other things as well. I do agree that in this case, forcing ownership transfer would probably be better than sharing. In fact, I wish we could do that for images here.