Reputation: 3097
gcp docker push - permission denied
The default service account that a GCP VM use has been granted storage.buckets.* and storage.objects.* roles yet I get the error that storage.buckets.create permission isn't setup.
denied: Token exchange failed for project 'test-307504'. Caller does not have permission 'storage.buckets.create'. To configure permissions, follow instructions at: https://cloud.google.com/container-registry/docs/access-control
The default service account is [email protected] and I've created roles related to storage and assigned to the IAM service account and I ran the command gcloud auth configure-docker. But still I'm unable to push docker images to the GCR repository.
Is there something else I should be doing after assigning the roles to refresh on the VM?
Upvotes: 0
Views: 891
Answers (1)
Reputation: 4913
Apart from permissions, check for the access scope at the VM level.
While you are at, read up on Using the Compute Engine Default Service Account and Best Practices too.
Upvotes: 2
Related Questions
- Unable to push Docker image into GCP container registry [permission error]
- Unable to run gcloud docker push from google compute engine instance
- Can't push image to google container registry - Caller does not have permission 'storage.buckets.get'
- Google Container Registry access denied when pushing docker container
- Don't have permission to push to GCR - but am owner of the project
- gcloud docker push results in "denied: Token exchange failed for project 'gcp-project-id-example'."
- docker push to Google Container Registry errors "Caller does not have permission 'storage.buckets.create'"
- GCP container push not working - "denied: Please enable Google Container Registry API in Cloud Console at ..."
- Pushing a Docker image with gcloud failed
- gcloud docker push 403 Forbidden