hey Jadon, Thanks for your response.

I have checked all the suggested areas:

Image Access: I verified that the image is accessible by running openstack image show <image-name>, and it appears to be available.

Visibility Settings: I confirmed that the image is set to all visibility levels (public, shared, community, and private).

Credentials and Policies: The application credential access rule and the Nova policy file rule appear to be correctly configured.

Despite these checks, I am still encountering the same error message: "Can not find requested image."

is any other way to solve this problem?



---- On Mon, 29 Jul 2024 19:45:40 +0530 Jadon Naas <jadon.naas@canonical.com> wrote ---

Hello Naveen!

That error message "Can not find requested image" sounds like OpenStack cannot find the image you are passing in as the image to use when creating an instance. Can you check to make sure that you can access the image (such as by running openstack image show <image-name> with the name of the image in place of <image-name>) as the user account that created the application credential?

Thanks!

Jadon

On Sat, Jul 27, 2024 at 8:01 AM Naveen <naveen@zybisys.com> wrote:

Hello, Thanks for your Support i got a result but im facing a new issue if i tried to create a server getting error like this


{
    "badRequest": {
        "code": 400,
        "message": "Can not find requested image"
    }


This is my application credential access rule with member role.

"service": "compute",
           "path": "/v2.1/servers",
           "method": "POST"

and also checked this in all(public,shared,community,private) visibility

this is my rule given in nova policy file "os_compute_api:servers:create": "rule:project_member_or_admin"

Thanks in advance



---- On Sat, 27 Jul 2024 17:29:34 +0530 Naveen <naveen@zybisys.com> wrote ---


Hello, Thanks for your Support i got a result but im facing a new issue if i tried to create a server getting error like this

{
    "badRequest": {
        "code": 400,
        "message": "Can not find requested image"
    }


This is my application credential access rule with member role.

"service": "compute",
           "path": "/v2.1/servers",
           "method": "POST"

and also checked this in all(public,shared,community,private) visibility

this is my rule given in nova policy file "os_compute_api:servers:create": "rule:project_member_or_admin"


Thanks in advance

---- On Thu, 25 Jul 2024 16:03:16 +0530 <smooney@redhat.com> wrote ---




On Thu, 2024-07-25 at 05:13 +0000, openstack@tr.id.au wrote:
> Hi Naveen,
>
> A few things come to mind:
>
> - Do an openstack application credential show​ on the AC to verify it picked up any necessary roles. Also check the --
> role​ option when creating the AC.
so it might be related to SRBAC and https://launchpad.net/bugs/2030061
https://review.opendev.org/c/openstack/keystone/+/893737
so yes you man need to ensure you have the correcct reader role in addtion to member if appropriate.

> - Try adding an additional rule similar to the first but with "path": "/v2.1/servers/detail"​. The openstack server
> list​ command seems to use the detail​ endpoint; it failed for my AC until the extra rule was added.
> - The nova-api service for your openstack cloud needs to have service_type​ set before access rules will be
> understood. This is documented at
> https://docs.openstack.org/keystone/latest/user/application_credentials.html#access-rules. If you don't have admin
> access to your cloud, you may need to raise a support ticket with your service provider and ask them to check that
> this has been done.
>
> Cheers,
>
> Tim
>
> On Thursday, 25 July 2024 at 14:16, Naveen Anbarasu <nawin8056@gmail.com> wrote:
>
> > Hi team,
> >
> > I have created an application credential for the compute service and successfully obtained a token.
> > Access rule:
> > "service": "compute",
> > "method": "GET",
> > "path": "/v2.1/servers"
> >
> > However, when using the token to retrieve the server list, I receive a Error 403 Forbidden error with the message:
> > 'Policy doesn't allow os_compute_api:servers to be performed.
> >
> > But i have a necessary permission within the respective project (member role)
> >
> > How can I solve this problem?
> >
> > Thanks in advance





Disclaimer :  The content of this email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify the sender and remove the messages from your system. If you are not the named addressee, it is strictly forbidden for you to share, circulate, distribute or copy any part of this e-mail to any third party without the written consent of the sender.

 

E-mail transmission cannot be guaranteed to be secured or error free as information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or may contain viruses. Therefore, we do not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email."






Disclaimer :  The content of this email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify the sender and remove the messages from your system. If you are not the named addressee, it is strictly forbidden for you to share, circulate, distribute or copy any part of this e-mail to any third party without the written consent of the sender.

 

E-mail transmission cannot be guaranteed to be secured or error free as information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or may contain viruses. Therefore, we do not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email."