Can’t use pulumi deployments to push docker image to GAR docker repository. It always returns

docker:index:Image docker-image **creating failed** error: denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/my-project/locations/asia-south2/repositories/docker-registry"

@colossal-quill-8119 sorry for the delay here, I usually monitor community slack but i was on PTO. this error is telling you that you haven’t authenticated to the docker artifact registry. Via CLI this is done using

gcloud auth configure-docker

Can you share the code you currently have? It’s likely a case of needing to pass registry creds to the image you’re building via this https://www.pulumi.com/registry/packages/docker/api-docs/image/

@billowy-army-68599 running gcloud auth configure-docker asia-south2-docker.pkg.dev causes Failed to get credentials for registry: asia-south2-docker.pkg.dev

Okay, in that case your gcloud creds aren’t valid for docker, which is not a Pulumi specific problem. Have you read this article? https://cloud.google.com/artifact-registry/docs/docker/authentication

I have. It says to login with service account credentials but 1. I thought setting up oidc in pulumi deployment already handled the auth part 2. To run

gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE

I need the location of the key file

I thought setting up oidc in pulumi deployment already handled the auth part

This handles the auth to the gcloud api to create services. Docker authentication works differently which is outside of our control. In order to push to a docker registry, the local docker daemon needs to be authenticated, which is what

gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>

To run

gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE

I need the location of the key file

I don’t have any insight into that I’m afraid. All I know right now is you’re using OIDC to auth, but I don’t have any sample code, or how you’ve authenticated. I can tell you that once you can run

gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>

your code will work, I don’t know how to get you there

@many-telephone-49025 maybe you could provide some pointers about this? Otherwise just running gcloud configure-docker should work but clearly it's not working