I hope you have read my Openstack API articles to provide access to Openstack services through REST APIs. When my client tried to access a glance image for his VM creation, they ended up with an error: Not authorized for image a62daa1b-2fba-47ad-8008-538cd88f306c. The complete error from the glance api.log is as follows:
2022-01-05 09:49:51.322 21697 DEBUG glance.api.v2.images [req-dda8fa7d-128c-4020-b1bc-034427d0c0fd 6afdeddd359941e59a14ecc801059b76 5419eecd22c04417a29a22ce7956ee49 - default default] User not permitted to retrieve images index index /usr/lib/python2.7/site-packages/glance/api/v2/images.py:228
Received the same error when I tried to do the same from the Horizon dashboard and no images were listed.
Error: Forbidden. Insufficient permissions of the requested operation Error: Unable to retrieve the images.
Also when trying to create a public image, I got the below error.
clean_up CreateImage: HTTP 403 Forbidden: You are not authorized to complete publicize_image action.
Seems like both the errors are linked to each other with the same cause.
Solution:
The file /etc/glance/policy.json defines additional access controls that apply to the glance image service. For some reason, either this file has a permission issue, or is unavailable or the policies in the file are restricting to access the images. In my case, I had moved the file and the policy.json file was empty! I reverted back to the original default contents file and restarted the glance service as below.
# systemctl restart openstack-glance-api
Now it works fine, users are able to use the public image, and the listing of the image is also working on the Horizon dashboard.
