No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Can’t use pulumi deployments to push docker image to GAR docker repository. It always returns
```docker:index:Image docker-image **creating failed** error: denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/my-project/locations/asia-south2/repositories/docker-registry"```

<@U03PTRCS3QB> sorry for the delay here, I usually monitor community slack but i was on PTO.

this error is telling you that you haven’t authenticated to the docker artifact registry. Via CLI this is done using `gcloud auth configure-docker` Can you share the code you currently have? It’s likely a case of needing to pass registry creds to the image you’re building via this <https://www.pulumi.com/registry/packages/docker/api-docs/image/>

<@UCWG26BH7> running gcloud auth configure-docker asia-south2-docker.pkg.dev causes Failed to get credentials for registry: asia-south2-docker.pkg.dev

Okay, in that case your gcloud creds aren’t valid for docker, which is not a Pulumi specific problem. Have you read this article?
<https://cloud.google.com/artifact-registry/docs/docker/authentication>

I have. It says to login with service account credentials but
1. I thought setting up oidc in pulumi deployment already handled the auth part
2. To run `gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE` I need the location of the key file

&gt; I thought setting up oidc in pulumi deployment already handled the auth part
This handles the auth to the gcloud api to create services. Docker authentication works differently which is outside of our control. In order to push to a docker registry, the local docker daemon needs to be authenticated, which is what `gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>`

&gt; To run `gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE` I need the location of the key file
I don’t have any insight into that I’m afraid. All I know right now is you’re using OIDC to auth, but I don’t have any sample code, or how you’ve authenticated. I can tell you that once you can run `gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>` your code will work, I don’t know how to get you there

<@U033KKRC6HY> maybe you could provide some pointers about this? Otherwise just running gcloud configure-docker _should_ work but clearly it's not working