gcloud app deploy fails with Permission “artifactregistry.repositories.downloadArtifacts” denied

we have several projects running on GAE Python Standard Environment and can be deployed without problems.

New projects now suffer this error in Google Cloud Build when doing just a simple gcloud app deploy:

ERROR: failed to create image cache: accessing cache image "eu.gcr.io/my-project/app-engine-tmp/build-cache/default/ttl-7d:latest": connect to repo store "eu.gcr.io/my-project/app-engine-tmp/build-cache/default/ttl-7d:latest": GET https://eu.gcr.io/v2/token?scope=repository%3Amy-project%2Fapp-engine-tmp%2Fbuild-cache%2Fdefault%2Fttl-7d%3Apull&service=eu.gcr.io: DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/my-project/locations/europe/repositories/eu.gcr.io" (or it may not exist)

(I’ve replaced the customer’s project name by my-project here).
Here’s the entire log:

starting build "8bd2df7e-727a-4b3c-a1c1-e40e79749385"

FETCHSOURCE
BUILD
Starting Step #0 - "fetch"
Step #0 - "fetch": Pulling image: eu.gcr.io/serverless-runtimes/utilities/gcs-fetcher:base_20240804_18_04_RC00
Step #0 - "fetch": base_20240804_18_04_RC00: Pulling from serverless-runtimes/utilities/gcs-fetcher
Step #0 - "fetch": Digest: sha256:c44f835ee17e722f0d65f14b44900a0ca9125ce3f07fa88135e266d1a3ba788f
Step #0 - "fetch": Status: Downloaded newer image for eu.gcr.io/serverless-runtimes/utilities/gcs-fetcher:base_20240804_18_04_RC00
Step #0 - "fetch": eu.gcr.io/serverless-runtimes/utilities/gcs-fetcher:base_20240804_18_04_RC00
Step #0 - "fetch": Fetching manifest gs://staging.my-project.appspot.com/ae/f587cadf-c03f-49d8-aec5-bc88b36e9c3b/manifest.json.
Step #0 - "fetch": Processing 2581 files.
Step #0 - "fetch": ******************************************************
Step #0 - "fetch": Status:                      SUCCESS
Step #0 - "fetch": Started:                     2024-08-30T14:42:18Z
Step #0 - "fetch": Completed:                   2024-08-30T14:42:19Z
Step #0 - "fetch": Requested workers:    200
Step #0 - "fetch": Actual workers:       200
Step #0 - "fetch": Total files:         2581
Step #0 - "fetch": Total retries:          0
Step #0 - "fetch": GCS timeouts:           0
Step #0 - "fetch": MiB downloaded:        17.63 MiB
Step #0 - "fetch": MiB/s throughput:      12.70 MiB/s
Step #0 - "fetch": Time for manifest:     78.27 ms
Step #0 - "fetch": Total time:             1.48 s
Step #0 - "fetch": ******************************************************
Finished Step #0 - "fetch"
Starting Step #1 - "pre-buildpack"
Step #1 - "pre-buildpack": Pulling image: eu.gcr.io/serverless-runtimes/google-22-full/builder/python:python_20240826_RC00
Step #1 - "pre-buildpack": python_20240826_RC00: Pulling from serverless-runtimes/google-22-full/builder/python
Step #1 - "pre-buildpack": 9b857f539cb1: Already exists
Step #1 - "pre-buildpack": bd112cf3e6c8: Already exists
Step #1 - "pre-buildpack": 36329e5c2232: Already exists
Step #1 - "pre-buildpack": 5df02f4e8036: Pulling fs layer
Step #1 - "pre-buildpack": abfee54d7c13: Pulling fs layer
Step #1 - "pre-buildpack": 946468808bb6: Pulling fs layer
Step #1 - "pre-buildpack": 2868e0ed0081: Pulling fs layer
Step #1 - "pre-buildpack": 56f6786be55b: Pulling fs layer
Step #1 - "pre-buildpack": c218a6da1a54: Pulling fs layer
Step #1 - "pre-buildpack": 06f428a8446f: Pulling fs layer
Step #1 - "pre-buildpack": 8416fcb4dc1e: Pulling fs layer
Step #1 - "pre-buildpack": c477ba28bed9: Pulling fs layer
Step #1 - "pre-buildpack": 6fdb610addcc: Pulling fs layer
Step #1 - "pre-buildpack": cfc5022d3a16: Pulling fs layer
Step #1 - "pre-buildpack": 25b2039efd92: Pulling fs layer
Step #1 - "pre-buildpack": e89b35b3411b: Pulling fs layer
Step #1 - "pre-buildpack": f0afa281882b: Pulling fs layer
Step #1 - "pre-buildpack": 28474b7a68af: Pulling fs layer
Step #1 - "pre-buildpack": e7103d6f5cd4: Pulling fs layer
Step #1 - "pre-buildpack": efcc4b761029: Pulling fs layer
Step #1 - "pre-buildpack": e1d3292d585f: Pulling fs layer
Step #1 - "pre-buildpack": c72c9d49c9f3: Pulling fs layer
Step #1 - "pre-buildpack": 8f26cb428371: Pulling fs layer
Step #1 - "pre-buildpack": 9da0c55b4d56: Pulling fs layer
Step #1 - "pre-buildpack": 34ce8ba30961: Pulling fs layer
Step #1 - "pre-buildpack": 4f4fb700ef54: Pulling fs layer
Step #1 - "pre-buildpack": 2868e0ed0081: Waiting
Step #1 - "pre-buildpack": 56f6786be55b: Waiting
Step #1 - "pre-buildpack": c218a6da1a54: Waiting
Step #1 - "pre-buildpack": 06f428a8446f: Waiting
Step #1 - "pre-buildpack": 8416fcb4dc1e: Waiting
Step #1 - "pre-buildpack": c477ba28bed9: Waiting
Step #1 - "pre-buildpack": 6fdb610addcc: Waiting
Step #1 - "pre-buildpack": cfc5022d3a16: Waiting
Step #1 - "pre-buildpack": 25b2039efd92: Waiting
Step #1 - "pre-buildpack": e89b35b3411b: Waiting
Step #1 - "pre-buildpack": f0afa281882b: Waiting
Step #1 - "pre-buildpack": 28474b7a68af: Waiting
Step #1 - "pre-buildpack": e7103d6f5cd4: Waiting
Step #1 - "pre-buildpack": efcc4b761029: Waiting
Step #1 - "pre-buildpack": e1d3292d585f: Waiting
Step #1 - "pre-buildpack": c72c9d49c9f3: Waiting
Step #1 - "pre-buildpack": 8f26cb428371: Waiting
Step #1 - "pre-buildpack": 9da0c55b4d56: Waiting
Step #1 - "pre-buildpack": 34ce8ba30961: Waiting
Step #1 - "pre-buildpack": 4f4fb700ef54: Waiting
Step #1 - "pre-buildpack": abfee54d7c13: Download complete
Step #1 - "pre-buildpack": 5df02f4e8036: Verifying Checksum
Step #1 - "pre-buildpack": 5df02f4e8036: Download complete
Step #1 - "pre-buildpack": 946468808bb6: Verifying Checksum
Step #1 - "pre-buildpack": 946468808bb6: Download complete
Step #1 - "pre-buildpack": 2868e0ed0081: Verifying Checksum
Step #1 - "pre-buildpack": 2868e0ed0081: Download complete
Step #1 - "pre-buildpack": 5df02f4e8036: Pull complete
Step #1 - "pre-buildpack": abfee54d7c13: Pull complete
Step #1 - "pre-buildpack": 56f6786be55b: Verifying Checksum
Step #1 - "pre-buildpack": 56f6786be55b: Download complete
Step #1 - "pre-buildpack": 06f428a8446f: Download complete
Step #1 - "pre-buildpack": 946468808bb6: Pull complete
Step #1 - "pre-buildpack": c218a6da1a54: Verifying Checksum
Step #1 - "pre-buildpack": c218a6da1a54: Download complete
Step #1 - "pre-buildpack": 2868e0ed0081: Pull complete
Step #1 - "pre-buildpack": c477ba28bed9: Verifying Checksum
Step #1 - "pre-buildpack": c477ba28bed9: Download complete
Step #1 - "pre-buildpack": 6fdb610addcc: Verifying Checksum
Step #1 - "pre-buildpack": 6fdb610addcc: Download complete
Step #1 - "pre-buildpack": 8416fcb4dc1e: Verifying Checksum
Step #1 - "pre-buildpack": 8416fcb4dc1e: Download complete
Step #1 - "pre-buildpack": 56f6786be55b: Pull complete
Step #1 - "pre-buildpack": 25b2039efd92: Verifying Checksum
Step #1 - "pre-buildpack": 25b2039efd92: Download complete
Step #1 - "pre-buildpack": cfc5022d3a16: Verifying Checksum
Step #1 - "pre-buildpack": cfc5022d3a16: Download complete
Step #1 - "pre-buildpack": e89b35b3411b: Verifying Checksum
Step #1 - "pre-buildpack": e89b35b3411b: Download complete
Step #1 - "pre-buildpack": f0afa281882b: Verifying Checksum
Step #1 - "pre-buildpack": f0afa281882b: Download complete
Step #1 - "pre-buildpack": 28474b7a68af: Verifying Checksum
Step #1 - "pre-buildpack": 28474b7a68af: Download complete
Step #1 - "pre-buildpack": e7103d6f5cd4: Verifying Checksum
Step #1 - "pre-buildpack": e7103d6f5cd4: Download complete
Step #1 - "pre-buildpack": efcc4b761029: Download complete
Step #1 - "pre-buildpack": e1d3292d585f: Verifying Checksum
Step #1 - "pre-buildpack": e1d3292d585f: Download complete
Step #1 - "pre-buildpack": c72c9d49c9f3: Download complete
Step #1 - "pre-buildpack": 9da0c55b4d56: Download complete
Step #1 - "pre-buildpack": c218a6da1a54: Pull complete
Step #1 - "pre-buildpack": 34ce8ba30961: Verifying Checksum
Step #1 - "pre-buildpack": 34ce8ba30961: Download complete
Step #1 - "pre-buildpack": 8f26cb428371: Verifying Checksum
Step #1 - "pre-buildpack": 8f26cb428371: Download complete
Step #1 - "pre-buildpack": 06f428a8446f: Pull complete
Step #1 - "pre-buildpack": 4f4fb700ef54: Verifying Checksum
Step #1 - "pre-buildpack": 4f4fb700ef54: Download complete
Step #1 - "pre-buildpack": 8416fcb4dc1e: Pull complete
Step #1 - "pre-buildpack": c477ba28bed9: Pull complete
Step #1 - "pre-buildpack": 6fdb610addcc: Pull complete
Step #1 - "pre-buildpack": cfc5022d3a16: Pull complete
Step #1 - "pre-buildpack": 25b2039efd92: Pull complete
Step #1 - "pre-buildpack": e89b35b3411b: Pull complete
Step #1 - "pre-buildpack": f0afa281882b: Pull complete
Step #1 - "pre-buildpack": 28474b7a68af: Pull complete
Step #1 - "pre-buildpack": e7103d6f5cd4: Pull complete
Step #1 - "pre-buildpack": efcc4b761029: Pull complete
Step #1 - "pre-buildpack": e1d3292d585f: Pull complete
Step #1 - "pre-buildpack": c72c9d49c9f3: Pull complete
Step #1 - "pre-buildpack": 8f26cb428371: Pull complete
Step #1 - "pre-buildpack": 9da0c55b4d56: Pull complete
Step #1 - "pre-buildpack": 34ce8ba30961: Pull complete
Step #1 - "pre-buildpack": 4f4fb700ef54: Pull complete
Step #1 - "pre-buildpack": Digest: sha256:2ef3f88f95b6f6a7821bee467d7b49a87bea54ee8bb18aa99fd97fc5688f79b3
Step #1 - "pre-buildpack": Status: Downloaded newer image for eu.gcr.io/serverless-runtimes/google-22-full/builder/python:python_20240826_RC00
Step #1 - "pre-buildpack": eu.gcr.io/serverless-runtimes/google-22-full/builder/python:python_20240826_RC00
Step #1 - "pre-buildpack": Preparing directory /layers
Step #1 - "pre-buildpack": Preparing directory /workspace
Step #1 - "pre-buildpack": Preparing directory /builder/home
Step #1 - "pre-buildpack": Preparing directory /builder/outputs
Step #1 - "pre-buildpack": Preparing directory /platform/env
Step #1 - "pre-buildpack": Passing build environment variable BUILDER_OUTPUT to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_RUNTIME to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_LABEL_BUILDER_VERSION to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_LABEL_BUILDER_IMAGE to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_LABEL_RUN_IMAGE to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_LABEL_SOURCE to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_RUNTIME_IMAGE_REGION to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_RUNTIME_VERSION to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable X_GOOGLE_SKIP_RUNTIME_LAUNCH to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GAE_APP_ENGINE_APIS to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable GOOGLE_ENTRYPOINT to buildpacks
Step #1 - "pre-buildpack": Passing build environment variable X_GOOGLE_TARGET_PLATFORM to buildpacks
Step #1 - "pre-buildpack": Checking if image eu.gcr.io/my-project/app-engine-tmp/build-cache/default/ttl-7d:latest exists
Step #1 - "pre-buildpack": WARNING: Failed to reuse previous cache image; will not affect current build: GET https://eu.gcr.io/v2/token?scope=repository%3Amy-project%2Fapp-engine-tmp%2Fbuild-cache%2Fdefault%2Fttl-7d%3Apull&service=eu.gcr.io: DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/my-project/locations/europe/repositories/eu.gcr.io" (or it may not exist)
Finished Step #1 - "pre-buildpack"
Starting Step #2 - "build"
Step #2 - "build": Already have image (with digest): eu.gcr.io/serverless-runtimes/google-22-full/builder/python:python_20240826_RC00
Step #2 - "build": ERROR: failed to create image cache: accessing cache image "eu.gcr.io/my-project/app-engine-tmp/build-cache/default/ttl-7d:latest": connect to repo store "eu.gcr.io/my-project/app-engine-tmp/build-cache/default/ttl-7d:latest": GET https://eu.gcr.io/v2/token?scope=repository%3Amy-project%2Fapp-engine-tmp%2Fbuild-cache%2Fdefault%2Fttl-7d%3Apull&service=eu.gcr.io: DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/my-project/locations/europe/repositories/eu.gcr.io" (or it may not exist)
Finished Step #2 - "build"
ERROR
ERROR: build step 2 "eu.gcr.io/serverless-runtimes/google-22-full/builder/python:python_20240826_RC00" failed: step exited with non-zero status: 1

I don’t know what I am doing wrong, and already tried to equip the user I’m using for deployment with several admin rights regarding artifact registry.

Can anyone help?

  • google-cloud-platform
  • google-app-engine
  • gcloud
  • google-artifact-registry

2

As suggested in the comments, It Seems like you missed adding the Cloud build service account with artifactregistry.repositories.downloadArtifacts permission. The solution was to provide the service account with the artifactregistry.repositories.downloadArtifacts permission. This issue seems to be with the Cloud Build Service Account, not your Service Account. You can identify the Cloud Build Service Account with

NUMBER=$(gcloud projects describe ${PROJECT} --format="value(projectNumber)")

Then enumerate its roles using

gcloud projects get-iam-policy ${PROJECT} --flatten="bindings[].members" --filter="bindings.members:${NUMBER}@cloudbuild.gserviceaccount.com" --format="value(bindings.role)"

Then check whether the permission artifactregistry.repositories.downloadArtifacts is included.

This is due to the change in Cloud Build Service Account. Check the note in the Documentation.

Note: The Cloud Build default service account used to run builds is being changed.

For more information see Cloud Build service account change.

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa Dịch vụ tổ chức sự kiện 5 sao Thông tin về chúng tôi Dịch vụ sinh nhật bé trai Dịch vụ sinh nhật bé gái Sự kiện trọn gói Các tiết mục giải trí Dịch vụ bổ trợ Tiệc cưới sang trọng Dịch vụ khai trương Tư vấn tổ chức sự kiện Hình ảnh sự kiện Cập nhật tin tức Liên hệ ngay Thuê chú hề chuyên nghiệp Tiệc tất niên cho công ty Trang trí tiệc cuối năm Tiệc tất niên độc đáo Sinh nhật bé Hải Đăng Sinh nhật đáng yêu bé Khánh Vân Sinh nhật sang trọng Bích Ngân Tiệc sinh nhật bé Thanh Trang Dịch vụ ông già Noel Xiếc thú vui nhộn Biểu diễn xiếc quay đĩa Dịch vụ tổ chức tiệc uy tín Khám phá dịch vụ của chúng tôi Tiệc sinh nhật cho bé trai Trang trí tiệc cho bé gái Gói sự kiện chuyên nghiệp Chương trình giải trí hấp dẫn Dịch vụ hỗ trợ sự kiện Trang trí tiệc cưới đẹp Khởi đầu thành công với khai trương Chuyên gia tư vấn sự kiện Xem ảnh các sự kiện đẹp Tin mới về sự kiện Kết nối với đội ngũ chuyên gia Chú hề vui nhộn cho tiệc sinh nhật Ý tưởng tiệc cuối năm Tất niên độc đáo Trang trí tiệc hiện đại Tổ chức sinh nhật cho Hải Đăng Sinh nhật độc quyền Khánh Vân Phong cách tiệc Bích Ngân Trang trí tiệc bé Thanh Trang Thuê dịch vụ ông già Noel chuyên nghiệp Xem xiếc khỉ đặc sắc Xiếc quay đĩa thú vị

Filed under: Kiến thức lập trình - @ 23:27

Thẻ:

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa
Thiết kế website Thiết kế website Thiết kế website Cách kháng tài khoản quảng cáo Mua bán Fanpage Facebook Dịch vụ SEO Tổ chức sinh nhật