Share the snapshot of volume-backed instance to other tenant, but can not build instance with this image.

Create a snapshot(image) of a volume-backed instance, this will generate a image in glance. At first, this image is private, I can update this image's visibility to shared, and execuate glance member-create and glance member-update on this image to share image to another tenant. Then another tenant use this image to create a new instance, it will failed of this message "HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot xxx"

From the analysis of logs and nova code, it is because nova-api will call _validate_bdm function to get snapshot from cinder, but in cinder, the added tenant can not see the volume snapshot, the snapshot is not belong to the tenant, so cinder-api will return 404 when nova-api call get_snapshot.

How can I make this process to succeed?

====steps========
1. show the snapshot of volume-backed instance
# glance image-show a13fe7a1-e001-41c8-8119-70d5090cb7b0
+----------------------+----------------------------------------------------------------------------------+
| Property | Value |
+----------------------+----------------------------------------------------------------------------------+
| base_image_ref | |
| bdm_v2 | True |
| block_device_mapping | [{"guest_format": null, "boot_index": 0, "delete_on_termination": false, |
| | "no_device": null, "snapshot_id": "7a1b5060-e58c-4244-bb61-4ccef0295a1f", |
| | "volume_type": null, "device_name": "/dev/sda", "disk_bus": "scsi", "image_id": |
| | null, "source_type": "snapshot", "tag": null, "device_type": "disk", |
| | "volume_id": null, "destination_type": "volume", "volume_size": 50}] |
| boot_roles | heat_stack_owner,myrole,swiftuser |
| checksum | d41d8cd98f00b204e9800998ecf8427e |
| container_format | bare |
| created_at | 2019-12-02T06:31:36Z |
| disk_format | qcow2 |
| hw_disk_bus | scsi |
| hw_qemu_guest_agent | yes |
| hw_scsi_model | virtio-scsi |
| hw_video_model | qxl |
| id | a13fe7a1-e001-41c8-8119-70d5090cb7b0 |
| locations | [{"url": "rbd://4ffaf12a-099d-4297-a22e- |
| | f8c16c17d6e3/images/a13fe7a1-e001-41c8-8119-70d5090cb7b0/snap", "metadata": {}}] |
| min_disk | 50 |
| min_ram | 0 |
| name | fhl-volume |
| os_distro | centos |
| os_hash_algo | sha512 |
| os_hash_value | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
| | ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| os_hidden | False |
| os_type | linux |
| owner | 17bf57ec04994db2b591fda36c368e99 |
| owner_project_name | myproject |
| owner_user_name | myuser |
| protected | False |
| root_device_name | /dev/sda |
| size | 0 |
| status | active |
| tags | [] |
| updated_at | 2020-04-09T09:40:57Z |
| virtual_size | Not available |
| visibility | private |
| vm_mode | hvm |
+----------------------+----------------------------------------------------------------------------------+

2. Make the image shared, and add member
glance image-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 --visibility shared
glance member-create a13fe7a1-e001-41c8-8119-70d5090cb7b0 07cb8171cf854517b3678fd5e30b4cda
glance member-update a13fe7a1-e001-41c8-8119-70d5090cb7b0 07cb8171cf854517b3678fd5e30b4cda accepted

3. Tenant 07cb8171cf854517b3678fd5e30b4cda use the image to create a new instance.

===the instance created logs==========
nova-api
HTTP exception thrown: Block Device Mapping is Invalid: failed to get snapshot 7a1b5060-e58c-4244-bb61-4ccef0295a1f.

cinder-api
"GET /v3/07cb8171cf854517b3678fd5e30b4cda/snapshots/7a1b5060-e58c-4244-bb61-4ccef0295a1f HTTP/1.1" status: 404 len: 445 time: 0.0378442