服务帐户无法将 Docker 图像推送到 Google Artifact Registry
Service Account Unable to Push Docker Image to Google Artifact Registry
我正在尝试 push
Docker 图片到 Google Artifact Registry (GAR),同时模拟服务帐户 ($SERV_ACCT_EMAIL
):
denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/$GCP_PROJECT_ID/locations/us-west1/repositories/$GAR_REPOSITORY" (or it may not exist)
$SERV_ACCT_EMAIL
具有 Artifact Registry Writer (roles/artifactregistry.writer
) 和 Artifact Registry Reader (roles/artifactregistry.reader
) 角色;后者具有 artifactregistry.repositories.downloadArtifacts
权限。因此,如果资源被授予access to $SERV_ACCT_EMAIL
,我相信我确实能够push
那些神器。
如何在冒充 $SERV_ACCT_EMAIL
时 push
进入 GAR?
在模拟您的服务帐户 ($SERVICE_ACCOUNT_EMAIL
) 时,您可能需要 configure-docker
:
检查以确保您仍在冒充 $SERVICE_ACCOUNT_EMAIL
:
gcloud auth list
#=>
Credentialed Accounts
ACTIVE ACCOUNT
. . .
* $SERVICE_ACCOUNT_EMAIL
. . .
如果没有:
gcloud auth activate-service-account \
"$SERVICE_ACCOUNT_EMAIL" \
--key-file=$SERVICE_ACCOUNT_JSON_FILE_PATH
#=>
Activated service account credentials for: [$SERVICE_ACCOUNT_EMAIL]
运行 针对 auth
组的 configure-docker
命令:
gcloud auth configure-docker us-west1-docker.pkg.dev
#=>
. . .
Adding credentials for: us-west1-docker.pkg.dev
. . .
最后,再次尝试 push
使用 Docker 图像。
我正在尝试 push
Docker 图片到 Google Artifact Registry (GAR),同时模拟服务帐户 ($SERV_ACCT_EMAIL
):
denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/$GCP_PROJECT_ID/locations/us-west1/repositories/$GAR_REPOSITORY" (or it may not exist)
$SERV_ACCT_EMAIL
具有 Artifact Registry Writer (roles/artifactregistry.writer
) 和 Artifact Registry Reader (roles/artifactregistry.reader
) 角色;后者具有 artifactregistry.repositories.downloadArtifacts
权限。因此,如果资源被授予access to $SERV_ACCT_EMAIL
,我相信我确实能够push
那些神器。
如何在冒充 $SERV_ACCT_EMAIL
时 push
进入 GAR?
在模拟您的服务帐户 ($SERVICE_ACCOUNT_EMAIL
) 时,您可能需要 configure-docker
:
检查以确保您仍在冒充
$SERVICE_ACCOUNT_EMAIL
:gcloud auth list #=> Credentialed Accounts ACTIVE ACCOUNT . . . * $SERVICE_ACCOUNT_EMAIL . . .
如果没有:
gcloud auth activate-service-account \ "$SERVICE_ACCOUNT_EMAIL" \ --key-file=$SERVICE_ACCOUNT_JSON_FILE_PATH #=> Activated service account credentials for: [$SERVICE_ACCOUNT_EMAIL]
运行 针对
auth
组的configure-docker
命令:gcloud auth configure-docker us-west1-docker.pkg.dev #=> . . . Adding credentials for: us-west1-docker.pkg.dev . . .
最后,再次尝试
push
使用 Docker 图像。