I have two accounts (user account and a service account).
- My user account ([email protected]) has ‘Owner’ Role.
- My service account ([email protected]) has ‘Artifact Registry Administrator’ Role.
Both of these accounts have their access set in the project that my Artifact Registry repository exists.
Now, the annoying part is, I cannot seem to authenticate Docker to push my locally built image to the Artifact Registry repository even when I used the gcloud CLI credential helper method in the docs.
Here’s what in my $HOME/.docker/config.json
file.
{
"auths": {},
"credsStore": "desktop",
"credHelpers": {
"asia-southeast1-docker.pkg.dev": "gcloud"
},
"currentContext": "desktop-linux"
}
This is the error message I got.
denied: Unauthenticated request. Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts" on resource "projects/project-id/locations/asia-southeast1/repositories/repository-name" (or it may not exist)
Steps I have used to push an image to my repository (Artifact Registry) in my project.
1. gcloud artifacts repositories create repository-name
--repository-format=docker
--location=asia-southeast1
--description="DESCRIPTION"
--immutable-tags
--async
-
gcloud auth configure-docker asia-southeast1-docker.pkg.dev
-
docker build . --tag IMAGE_URL
-
docker push IMAGE_URL
I have done these steps locally on my terminal using the two accounts I have above.
Frustratingly, nothing seems to work no matter how I tried.
I also tried gcloud auth login
and service account impersonation as well.
However, prior to all my failed attempts, I did manage to push the image ONCE from my terminal. But that’s it. It wouldn’t seem to work anymore. Can anyone help me please?
2
Answers
"Unauthenticated request" means that Artifact Registry isn’t receiving auth, so something is going wrong on the client side. https://cloud.google.com/artifact-registry/docs/docker/authentication has detailed info on how to authenticate.
Permissions/roles (other than allUsers) do not matter at this point since there is no auth for Artifact Registry to check
It’s impossible to know what’s wrong with your setup, but a common pitfall is using sudo for docker push but not for the auth configuration commands. I would also double-check $HOME/.docker/config.json
Based on the steps that you provided, can you retry pushing again through the service account key method after doing step 4: