Hello all, I'm trying to deploy a container service to cloud run using Pulumi. I setup a service account with "owner" role (just for a POC) but I keep running into this error:

docker:index:Image (image):
    error: denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource

when I run

pulumi up

. PS: With the "owner" role, the service account is expected to have all the permissions. I also went in to confirm and it does have the

"artifactregistry.repositories.uploadArtifacts"

permission. I must be missing something. Would love to get some assistance. Thanks.

how are you currently passing authentication in?

I downloaded credentials in a json file from the Cloud console and set it up with my project's config file. I hope that's what you're asking...

Is docker also authorised with the credentials? https://cloud.google.com/artifact-registry/docs/docker/authentication#json-key

I believe I had done that at some point but I'll look into it in more details with the link you've shared as well. Thanks.

It's worth testing with the docker cli to be sure. From what I recall, the gcloud helper doesn't setup auth for artifact registry by default

Alright then... I would play around with it some more and let you know how it goes. Thanks.