Docker - I am unable to authenticate my account to push images to GCP Artifact Registry despite having access. How can I move forward?

JunWenSoh
June 12, 2024
134 views
1 vote
2 Answers

I have two accounts (user account and a service account).

My user account ([email protected]) has ‘Owner’ Role.
My service account ([email protected]) has ‘Artifact Registry Administrator’ Role.

Both of these accounts have their access set in the project that my Artifact Registry repository exists.

Now, the annoying part is, I cannot seem to authenticate Docker to push my locally built image to the Artifact Registry repository even when I used the gcloud CLI credential helper method in the docs.

Here’s what in my $HOME/.docker/config.json file.

{
    "auths": {},
    "credsStore": "desktop",
    "credHelpers": {
        "asia-southeast1-docker.pkg.dev": "gcloud"
    },
    "currentContext": "desktop-linux"
}

This is the error message I got.

denied: Unauthenticated request. Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts" on resource "projects/project-id/locations/asia-southeast1/repositories/repository-name" (or it may not exist)

Steps I have used to push an image to my repository (Artifact Registry) in my project.

1.      gcloud artifacts repositories create repository-name 
            --repository-format=docker 
            --location=asia-southeast1 
            --description="DESCRIPTION" 
            --immutable-tags 
            --async

gcloud auth configure-docker asia-southeast1-docker.pkg.dev
docker build . --tag IMAGE_URL
docker push IMAGE_URL

I have done these steps locally on my terminal using the two accounts I have above.
Frustratingly, nothing seems to work no matter how I tried.
I also tried gcloud auth login and service account impersonation as well.

However, prior to all my failed attempts, I did manage to push the image ONCE from my terminal. But that’s it. It wouldn’t seem to work anymore. Can anyone help me please?

Answers

- James
- June 4, 2024 at 11:38 pm
- 0 votes
0
"Unauthenticated request" means that Artifact Registry isn’t receiving auth, so something is going wrong on the client side. https://cloud.google.com/artifact-registry/docs/docker/authentication has detailed info on how to authenticate.

Permissions/roles (other than allUsers) do not matter at this point since there is no auth for Artifact Registry to check

It’s impossible to know what’s wrong with your setup, but a common pitfall is using sudo for docker push but not for the auth configuration commands. I would also double-check $HOME/.docker/config.json

Login or Signup to reply.

- lsalazar
- June 12, 2024 at 10:51 pm
- 0 votes
0
Based on the steps that you provided, can you retry pushing again through the service account key method after doing step 4:
```
cat KEY-FILE | docker login -u KEY-TYPE --password-stdin 
https://LOCATION-docker.pkg.dev
```
Replace the following:

KEY-TYPE is one of the following:
_json_key if you are using the service account key in JSON format as it was provided when you created the file. _json_key_base64 if you base64-encoded the all contents of the file. KEY-FILE is the name of the service account key file in JSON format. LOCATION is the regional or multi-regional location of the repository where the image is stored.
Login or Signup to reply.