This issue is not triggered by the python-manilaclient since it does an explict get on the relevant share before using the API to list its export locations. The get on the share itself fails a policy check if the share belongs to another tenant and is not public.
I have confirmed however that if one uses the UUID of a non-public share belonging to another tenant and invokes the API directlyn (e.g. via curl command) to list the export locations for the share or to show the contents of a particular export for the share this succeeds.
This issue is not triggered by the python-manilaclient since it does an explict get on the relevant share before using the API to list its export locations. The get on the share itself fails a policy check if the share belongs to another tenant and is not public.
I have confirmed however that if one uses the UUID of a non-public share belonging to another tenant and invokes the API directlyn (e.g. via curl command) to list the export locations for the share or to show the contents of a particular export for the share this succeeds.