Hello, Thanks for your Support i got a result but im facing a new issue if i tried to create a server getting error like this { "badRequest": { "code": 400, "message": "Can not find requested image" } } This is my application credential access rule with member role. "service": "compute", "path": "/v2.1/servers", "method": "POST" and also checked this in all(public,shared,community,private) visibility this is my rule given in nova policy file "os_compute_api:servers:create": "rule:project_member_or_admin" Thanks in advance ---- On Thu, 25 Jul 2024 16:03:16 +0530 <smooney@redhat.com> wrote --- On Thu, 2024-07-25 at 05:13 +0000, mailto:openstack@tr.id.au wrote:
Hi Naveen,
A few things come to mind:
- Do an openstack application credential show on the AC to verify it picked up any necessary roles. Also check the -- role option when creating the AC. so it might be related to SRBAC and https://launchpad.net/bugs/2030061 https://review.opendev.org/c/openstack/keystone/+/893737 so yes you man need to ensure you have the correcct reader role in addtion to member if appropriate.
- Try adding an additional rule similar to the first but with "path": "/v2.1/servers/detail". The openstack server list command seems to use the detail endpoint; it failed for my AC until the extra rule was added. - The nova-api service for your openstack cloud needs to have service_type set before access rules will be understood. This is documented at https://docs.openstack.org/keystone/latest/user/application_credentials.html.... If you don't have admin access to your cloud, you may need to raise a support ticket with your service provider and ask them to check that this has been done.
Cheers,
Tim
On Thursday, 25 July 2024 at 14:16, Naveen Anbarasu <mailto:nawin8056@gmail.com> wrote:
Hi team,
I have created an application credential for the compute service and successfully obtained a token. Access rule: "service": "compute", "method": "GET", "path": "/v2.1/servers"
However, when using the token to retrieve the server list, I receive a Error 403 Forbidden error with the message: 'Policy doesn't allow os_compute_api:servers to be performed.
But i have a necessary permission within the respective project (member role)
How can I solve this problem?
Thanks in advance Disclaimer : The content of this email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify the sender and remove the messages from your system. If you are not the named addressee, it is strictly forbidden for you to share, circulate, distribute or copy any part of this e-mail to any third party without the written consent of the sender.
E-mail transmission cannot be guaranteed to be secured or error free as information could be intercepted, corrupted, lost, destroyed, arrive late, incomplete, or may contain viruses. Therefore, we do not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email."