VMware Cloud Community
Kay_Hu
Contributor
Contributor

Getting ACCESS_TO_RESOURCE_IS_FORBIDDEN error when I try to instantiatevAppTemplate using vCloud Java REST API

Here is my request and response, did I miss anything?

http-outgoing-0 >> "POST /api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/instantiateVAppTemplate HTTP/1.1[\r][\n]"

http-outgoing-0 >> "Accept: application/vnd.vmware.vcloud.vApp+xml;version=5.5[\r][\n]"

http-outgoing-0 >> "Content-Type: application/vnd.vmware.vcloud.instantiateVAppTemplateParams+xml[\r][\n]"

http-outgoing-0 >> "Content-Length: 769[\r][\n]"

http-outgoing-0 >> "Host: {my host}[\r][\n]"

http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"

http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.3.4 (java 1.5)[\r][\n]"

http-outgoing-0 >> "Cookie: vcloud-token=n5RpIPHSOMxRsU6IykZncZzwbSlRfPe4nRdhwymOXp0=[\r][\n]"

http-outgoing-0 >> "Cookie2: $Version=1[\r][\n]"

http-outgoing-0 >> "[\r][\n]"

http-outgoing-0 >> "<?xml version="1.0" encoding="UTF-8" standalone="yes"?><InstantiateVAppTemplateParams xmlns="http://www.vmware.com/vcloud/v1.5" xmlns:ns2="http://www.vmware.com/vcloud/extension/v1.5" xmlns:ns3="http://schemas.dmtf.org/ovf/envelope/1" xmlns:ns4="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:ns5="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:ns6="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:ns7="http://schemas.dmtf.org/ovf/environment/1" xmlns:ns8="http://www.vmware.com/schema/ovf" deploy="true" powerOn="true" name="newRestvApp"><Source href="{my base url}/api/vAppTemplate/vappTemplate-c36fe2d6-0534-463c-ae8e-56c6fecf60b5"/></InstantiateVAppTemplateParams>"

http-outgoing-0 << "H"

http-outgoing-0 << "TTP/1.1 403 Forbidden[\r][\n]"

http-outgoing-0 << "Date: Fri, 29 Aug 2014 18:15:30 GMT[\r][\n]"

http-outgoing-0 << "Vary: Accept-Encoding[\r][\n]"

http-outgoing-0 << "Date: Fri, 29 Aug 2014 18:15:30 GMT[\r][\n]"

http-outgoing-0 << "Content-Type: application/vnd.vmware.vcloud.error+xml; version=5.5[\r][\n]"

http-outgoing-0 << "Content-Length: 442[\r][\n]"

http-outgoing-0 << "[\r][\n]"

http-outgoing-0 << HTTP/1.1 403 Forbidden

http-outgoing-0 << Date: Fri, 29 Aug 2014 18:15:30 GMT

http-outgoing-0 << Vary: Accept-Encoding

http-outgoing-0 << Date: Fri, 29 Aug 2014 18:15:30 GMT

http-outgoing-0 << Content-Type: application/vnd.vmware.vcloud.error+xml; version=5.5

http-outgoing-0 << Content-Length: 442

Connection can be kept alive indefinitely

http-outgoing-0 << "<"

http-outgoing-0 << "?xml version="1.0" encoding="UTF-8"?>[\n]"

http-outgoing-0 << "<Error xmlns="http://www.vmware.com/vcloud/v1.5" minorErrorCode="ACCESS_TO_RESOURCE_IS_FORBIDDEN" message="No access to entity &quot;com.vmware.vcloud.entity.vapptemplate:c36fe2d6-0534-463c-ae8e-56c6fecf60b5&quot;." majorErrorCode="403" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://10.32.112.163/api/v1.5/schema/master.xsd"></Error>[\n]"

Connection [id: 0][route: {s}->{my base url}:443] can be kept alive indefinitely

Connection released: [id: 0][route: {s}->{my base url}:443][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]

Disconnected from the target VM, address: '127.0.0.1:59333', transport: 'socket'

After I retrieved the target vdc object, I find there is no /action/instantiateVAppTemplate link, does it mean the user has no privilege to perform the action, and then causes the 403 error?

http-outgoing-0 << "<Vdc xmlns="http://www.vmware.com/vcloud/v1.5" status="1" name="OVDCQEDFS" id="urn:vcloud:vdc:79dd1731-50b8-41bb-8e46-2ea1cb5db129" type="application/vnd.vmware.vcloud.vdc+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://10.32.112.163/api/v1.5/schema/master.xsd">[\n]"

http-outgoing-0 << "    <Link rel="down" type="application/vnd.vmware.vcloud.metadata+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/metadata"/>[\n]"

http-outgoing-0 << "    <Link rel="add" type="application/vnd.vmware.vcloud.instantiateOvfParams+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/instantiateOvf"/>[\n]"

http-outgoing-0 << "    <Link rel="add" type="application/vnd.vmware.vcloud.cloneVAppParams+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/cloneVApp"/>[\n]"

http-outgoing-0 << "    <Link rel="add" type="application/vnd.vmware.vcloud.cloneVAppTemplateParams+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/cloneVAppTemplate"/>[\n]"

http-outgoing-0 << "    <Link rel="add" type="application/vnd.vmware.vcloud.cloneMediaParams+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/cloneMedia"/>[\n]"

http-outgoing-0 << "    <Link rel="add" type="application/vnd.vmware.vcloud.captureVAppParams+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/captureVApp"/>[\n]"

http-outgoing-0 << "    <Link rel="add" type="application/vnd.vmware.vcloud.composeVAppParams+xml" href="{my base url}/api/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/action/composeVApp"/>[\n]"

http-outgoing-0 << "    <Link rel="edgeGateways" type="application/vnd.vmware.vcloud.query.records+xml" href="{my base url}/api/admin/vdc/79dd1731-50b8-41bb-8e46-2ea1cb5db129/edgeGateways"/>[\n]"

http-outgoing-0 << "    <Description/>[\n]"

Reply
0 Kudos
1 Reply
Kay_Hu
Contributor
Contributor

After change role to Catalog Author, it can work now.