Comment 1 for bug 1740950

I believe I've found the issue, and it's a regression in the 3.27 Cinder volume attachment_update API:

PUT /volumes/{id}/attachments/{attachment_id}

The volume manager code is updating the volume with the host from the connector dict, which nova gets from os-brick, and setting that on the volume here:

https://github.com/openstack/cinder/blob/a95c9e5668f6a7596e0198cca2b6b7fef20ab3e9/cinder/volume/manager.py#L4370

Nova only started using this code as of this change:

https://review.openstack.org/#/c/330285/

Which is not released yet.

That's also the reason why I couldn't reproduce this on vexxhost since they are running Pike code. And before https://review.openstack.org/#/c/330285/, nova would call the os-attach volume actions API but never passed a host name directly for that, so this was always None:

https://github.com/openstack/cinder/blob/master/cinder/volume/manager.py#L1189

So the question is what to do about this before the Queens release. There are a couple of options:

1. Add a policy rule in Cinder to not expose the attached_host field in the response to non-admins. To not break backward compatibility, you'd likely need to default this to allow admin_or_owner.
2. Don't store the attached_host value when calling attachment_update, and if some client needs to actually set the hostname for the attachment to get it later, like glance, it should use the os-attach volume action API.