我正在尝试使用Google Cloud SDK将容器推送到Windows 10上的Google Cloud Container Registry或Google Cloud Artifact Registry。我从两个服务都收到类似的权限错误,但是我似乎无法弄清楚原因。对于Container Registry,在推送时我得到:
> docker push us.gcr.io/{PROJECT}/{PATH}/{CONTAINER}:{TAG}
unauthorized: You don't have the needed permissions to perform this operation,
and you may have invalid credentials. To authenticate your request, follow the
steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
在Artifact Registry上,我得到:
> docker push northamerica-northeast1-docker.pkg.dev/{PROJECT}/{REPOSITORY}/{CONTAINER}:{TAG}
denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource
"projects/opallabs/locations/northamerica-northeast1/repositories/domar" (or it may not exist)
我已经跑过gcloud init
和gcloud auth configure-docker
几次了。我可以使用gcloud
从命令行创建和编辑Google Cloud资源,而不会遇到任何麻烦。我是Google Cloud项目的所有者,但是为了安全起见,我为自己分配了存储管理员,Artifact Registry管理员,Artifact Registry信息库管理员。但是,当我运行gcloud auth print-access-token
并使用https://www.googleapis.com/oauth2/v1/tokeninfo
端点分析令牌时,出现的唯一作用域是:
{
...
"scope": "openid https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/cloud-
platform https://www.googleapis.com/auth/appengine.admin https://www.googleapis.com/auth/compute
https://www.googleapis.com/auth/accounts.reauth",
...
}
根据troubleshooting link,,可能缺少https://www.googleapis.com/auth/devstorage.read_write
或https://www.googleapis.com/auth/devstorage.full_control
范围,但是我不确定为什么会丢失它们。我按照设置说明在最后一台Windows 10计算机上进行了此操作,但是在新计算机上进行的相同设置似乎无效。
我的Docker凭证帮助者条目:
{
"credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud",
"northamerica-northeast1-docker.pkg.dev": "gcloud",
"us-central1-docker.pkg.dev": "gcloud"
}
}
> docker-credential-gcloud list
{
"https://asia.gcr.io": "_dcgcloud_token",
"https://eu.gcr.io": "_dcgcloud_token",
"https://gcr.io": "_dcgcloud_token",
"https://marketplace.gcr.io": "_dcgcloud_token",
"https://staging-k8s.gcr.io": "_dcgcloud_token",
"https://us.gcr.io": "_dcgcloud_token"
}
gcloud -v
Google Cloud SDK 311.0.0
Beta 2020.09.18
bq 2.0.60
核心2020.09.18
gsutil 4.53
docker -v
Docker版本19.03.13,内部版本4484c46d9d
答案 0 :(得分:1)
感谢link提供的Muss Rahman,通过转到Docker Desktop中的“设置”->“命令行”,然后取消选中“启用云体验”开关,我能够进行身份验证。 docker manual中似乎没有该设置,所以我不确定它如何影响身份验证,我所知道的是,对于Docker版本19.03.13,如果要使用gcloud进行身份验证,请在Windows上构建4484c46d9d需要禁用。