Comment 8 for bug 1675791

Yeah so I think the problem is what you described in the bug description. The instance is owned by the demo project, but when the admin shelves the instances, the resulting snapshot image is owned by the admin project. The shelve_image_id is stored on the instance, and when we go to unshelve we try to build the instance using that image, which is owned by the admin, so the demo user that is trying to unshelve does not have access to the snapshot image and we get the 404 from Glance, and we fail.

A way to workaround this is for the admin to add image membership access to the demo user on the snapshot image, but that's not great.

I'm not sure if this is intentional or not. I wanted to look at the snapshot flow to see which project ends up owning the snapshot, the context performing the snapshot or the owner of the instance. The snapshot case matters less because the instance owner doesn't necessarily need access to the snapshot image if the admin created the snapshot, but for unshelve the instance owner does actually need access to the snapshot image.