https://pulumi.com logo
#google-cloud
Title
# google-cloud
c

colossal-quill-8119

07/14/2023, 1:45 PM
Can’t use pulumi deployments to push docker image to GAR docker repository. It always returns
Copy code
docker:index:Image docker-image **creating failed** error: denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/my-project/locations/asia-south2/repositories/docker-registry"
I’m still stuck in this issue
b

billowy-army-68599

07/19/2023, 7:12 PM
@colossal-quill-8119 sorry for the delay here, I usually monitor community slack but i was on PTO. this error is telling you that you haven’t authenticated to the docker artifact registry. Via CLI this is done using
gcloud auth configure-docker
Can you share the code you currently have? It’s likely a case of needing to pass registry creds to the image you’re building via this https://www.pulumi.com/registry/packages/docker/api-docs/image/
c

colossal-quill-8119

07/20/2023, 4:11 AM
@billowy-army-68599 running gcloud auth configure-docker asia-south2-docker.pkg.dev causes Failed to get credentials for registry: asia-south2-docker.pkg.dev
b

billowy-army-68599

07/20/2023, 4:31 AM
Okay, in that case your gcloud creds aren’t valid for docker, which is not a Pulumi specific problem. Have you read this article? https://cloud.google.com/artifact-registry/docs/docker/authentication
c

colossal-quill-8119

07/20/2023, 4:35 AM
I have. It says to login with service account credentials but 1. I thought setting up oidc in pulumi deployment already handled the auth part 2. To run
gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE
I need the location of the key file
b

billowy-army-68599

07/20/2023, 4:43 AM
I thought setting up oidc in pulumi deployment already handled the auth part
This handles the auth to the gcloud api to create services. Docker authentication works differently which is outside of our control. In order to push to a docker registry, the local docker daemon needs to be authenticated, which is what
gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>
To run
gcloud auth activate-service-account ACCOUNT --key-file=KEY-FILE
I need the location of the key file
I don’t have any insight into that I’m afraid. All I know right now is you’re using OIDC to auth, but I don’t have any sample code, or how you’ve authenticated. I can tell you that once you can run
gcloud auth configure-docker <http://asia-south2-docker.pkg.dev|asia-south2-docker.pkg.dev>
your code will work, I don’t know how to get you there
c

colossal-quill-8119

07/20/2023, 4:46 AM
@many-telephone-49025 maybe you could provide some pointers about this? Otherwise just running gcloud configure-docker should work but clearly it's not working
7 Views