denied: Permission “artifactregistry.repositories.uploadArtifacts” denied on resource “projects/my-project/locations/us-west3/repositories/my-repo” (or it may not exist)
When I run gcloud projects get-ancestors-iam-policy my-project, I see that my user principal has both the roles/artifactregistry.repoAdmin and roles/artifactregistry.writer bound. Just to be safe, I ran gcloud artifacts repositories add-iam-policy-binding my-repo --location=us-west3 --member=user:my-email@gmail.com --role=roles/artifactregistry.writer to ensure that I had the permission bound directly to the repository. But I still get this error every time.
I have also tried the IAM policy troubleshooter and it shows that I should also have access to this resource. At this point, I have run out of ideas to check. Any thoughts?
Thanks so much for posting this solution. It worked for me. I was getting nowhere trying to fix this issue by addressing permissions in the GCP console. …zig
I had the same problem, and it turned out it was because docker, when run with sudo, looks for credentials in /root/.docker instead of ~/.docker. I fixed the issue by running sudo usermod -aG docker $USER, logging out of my computer & back in, and then running docker push without sudo.
See this note from https://cloud.google.com/artifact-registry/docs/docker/authentication: “Note: If you normally run Docker commands on Linux with sudo, Docker looks for Artifact Registry credentials in /root/.docker/config.json instead of $HOME/.docker/config.json. If you want to use sudo with docker commands instead of using the Docker security group, configure credentials with sudo gcloud auth configure-docker instead.”
The same problem occurred on the windows platform I used. After two days of troubleshooting, I found that I installed the windows version of gcloud and pushed the image in wsl. This problem occurred. Currently, I uninstalled the windows sdk and installed it. With the linux version of gcloud, all problems are solved. I hope it can help anyone.
I granted some permissions to ****@cloudbuild.gserviceaccount.com, i.e to cloud build service account that was provided by Google itself. Then it finally worked for me
Great…this helped with my issue where error was below and I was trying to perform docker push with sudo:
denied: Unauthenticated request. Unauthenticated requests do not have permission “artifactregistry.repositories.uploadArtifacts” on resource “projects/[PROJECT-ID]/locations/us/repositories/gcr.io” (or it may not exist)
I have similar issue and do not know how to fix it.
In my case, I do not user docker commands to push the image. I just let the Cloud Build to recognize the language and build the image (golang) with the following command:
Cloud Build recognized the golang package, compiles the code, builds the image (with no issues) but at the final stage when trying to push the image to the registry I got the error message:
denied: Permission “artifactregistry.repositories.uploadArtifacts” denied on resource “projects/ …” (or it may not exist).
Even after adding a permission and login with gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin https://us-west3-docker.pkg.dev still not working.
getting error
denied: Unauthenticated request. Unauthenticated requests do not have permission “artifactregistry.repositories.uploadArtifacts” on resource “projects/user-stores-project/locations/asia-south1/repositories/store-service-repo” (or it may not exist).
If you’re using cloud-build, giving the IAM role Artifact Registry Writer to the cloud build service account works. Although, the preferred cloud-build service account is ${project_num}-compute@developer.gserviceaccount.com and not the legacy ${prject_num}@cloudbuild.gserviceaccount.com
