1 files changed, 10 insertions, 0 deletions

diff --git a/nova/api/openstack/compute/assisted_volume_snapshots.py b/nova/api/openstack/compute/assisted_volume_snapshots.py
index ea6ebc8359..ae7213884b 100644
--- a/nova/api/openstack/compute/assisted_volume_snapshots.py
+++ b/nova/api/openstack/compute/assisted_volume_snapshots.py
@@ -39,6 +39,11 @@ class AssistedVolumeSnapshotsController(wsgi.Controller):
     def create(self, req, body):
         """Creates a new snapshot."""
         context = req.environ['nova.context']
+        # NOTE(gmann) We pass empty target to policy enforcement. This API
+        # is called by cinder which does not have correct project_id.
+        # By passing the empty target, we make sure that we do not check
+        # the requester project_id and allow users with
+        # allowed role to create snapshot.
         context.can(avs_policies.POLICY_ROOT % 'create', target={})
 
         snapshot = body['snapshot']
@@ -69,6 +74,11 @@ class AssistedVolumeSnapshotsController(wsgi.Controller):
     def delete(self, req, id):
         """Delete a snapshot."""
         context = req.environ['nova.context']
+        # NOTE(gmann) We pass empty target to policy enforcement. This API
+        # is called by cinder which does not have correct project_id.
+        # By passing the empty target, we make sure that we do not check
+        # the requester project_id and allow users with allowed role to
+        # delete snapshot.
         context.can(avs_policies.POLICY_ROOT % 'delete', target={})
 
         delete_metadata = {}