Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/xxx/..."

I am trying to setup a repository in Artifact Registry and push an image to it from my local workstation (or cloud shell). I have done:

  • gcloud init
  • gcloud auth configure-docker
  • docker tag my-image
  • docker push

docker push responds with the following error:

denied: Permission "artifactregistry.repositories.uploadArtifacts" denied on resource "projects/my-project/locations/us-west3/repositories/my-repo" (or it may not exist)

When I run `gcloud projects get-ancestors-iam-policy my-project`, I see that my user principal has both the roles/artifactregistry.repoAdmin and roles/artifactregistry.writer bound. Just to be safe, I ran `gcloud artifacts repositories add-iam-policy-binding my-repo --location=us-west3 --member=user:[email protected] --role=roles/artifactregistry.writer` to ensure that I had the permission bound directly to the repository. But I still get this error every time.

I have also tried the IAM policy troubleshooter and it shows that I should also have access to this resource. At this point, I have run out of ideas to check. Any thoughts?


I finally got something to work, but it was not what I expected. I was able to use:

gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin

followed by the docker push

This might mean that the problem wasn't with my account permissions but rather the docker <=> gcloud authentication integration.

could you please tell me how to push docker image to google artifact registry from terminal on GCP

I had the same problem, and it turned out it was because docker, when run with sudo, looks for credentials in /root/.docker instead of ~/.docker. I fixed the issue by running sudo usermod -aG docker $USER, logging out of my computer & back in, and then running docker push without sudo.

See this note from "Note: If you normally run Docker commands on Linux with sudo, Docker looks for Artifact Registry credentials in /root/.docker/config.json instead of $HOME/.docker/config.json. If you want to use sudo with docker commands instead of using the Docker security group, configure credentials with sudo gcloud auth configure-docker instead."

Great....this helped with my issue where error was below and I was trying to perform docker push with sudo:
denied: Unauthenticated request. Unauthenticated requests do not have permission "artifactregistry.repositories.uploadArtifacts" on resource "projects/[PROJECT-ID]/locations/us/repositories/" (or it may not exist)

The same problem occurred on the windows platform I used. After two days of troubleshooting, I found that I installed the windows version of gcloud and pushed the image in wsl. This problem occurred. Currently, I uninstalled the windows sdk and installed it. With the linux version of gcloud, all problems are solved. I hope it can help anyone.

