denied: Caller does not have permission or the res...

vvj · 03-08-2024 07:55 AM

Hello Team,

We are getting following error when we run Azure DevOps pipeline to push a docker image to GCP Artifact registry. The Assigned roles to our Service Account are stated below. I feel the roles are proper.

Artifact Registry Administrator

Artifact Registry Writer

Owner

Storage Admin

Storage HMAC Key Admin

Storage Object Admin

But we are facing the error - denied: Caller does not have permission or the resource may not exist 'read' when running the Azure DevOps pipeline. Hence let us know if there is any issue with this.

Awaiting for any resolution pls.

vvj

Hello,

Anyone there to help ??

Willbin

Hello @vvj,

Welcome to Google Cloud Community!

Based on the error message, the service account might be missing the required "read" permission for the GCAR repository you're trying to access. You might also want to add the Artifact Registry Reader role (roles/artifactregistry.reader).

If the issue still persists, try pushing the Docker image directly using the gcloud command-line tool with the service account credentials to see if the error persists outside of the Azure DevOps pipeline. This can help isolate if the issue is with the pipeline configuration or the service account permissions. Then review the Azure DevOps pipeline logs for any specific details related to the authentication attempt and the permission error.

See this document to configure roles and permissions.

denied: Caller does not have permission or the resource may not exist 'read'. -- Getting this error