3

I'm having the sample problem as Vaclav. I've followed the GCR quick start to the letter which entailed creating a new project (called gcr-project) and copying the code for a Flask (python) app.

After building the docker image, I entered the commands:

gcloud auth configure-docker
docker tag quickstart-image gcr.io/gcr-project/quickstart-image:tag1
docker push gcr.io/gcr-project/quickstart-image:tag1

The response was:

unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

So it would be nice to know if the issue is with the credentials (I'm using cloud SDK OK for other projects) or permissions. The documentation here suggests you need storage-admin rights but the projects already has it, see screen cap here

Would appreciate any tips for trouble shooting this as I was looking for to using the GCR but this problem is a hard stop for me.

UPDATE: I tried the same process with the cloud shell

me@cloudshell:~ (gcr-project-XXXXXX)$ docker push gcr.io/gcr-project/quickstart-image:tag1
The push refers to repository [gcr.io/gcr-project/quickstart-image]
4399528b7213: Preparing
1d10b1eeca74: Preparing
75156020d862: Preparing
c5697656a146: Preparing
2a435270de82: Preparing
c35f70b5c25a: Waiting
28e260baaf1b: Waiting
556c5fb0d91b: Waiting

denied: Token exchange failed for project 'gcr-project'. Please enable Google Container Registry API in Cloud Console at https://console.cloud.google.com/apis/api/containerregistry.googleapis.com/overview?project=gcr-project before performing this operation.
me@cloudshell:~ (gcr-project-XXXXXX)$

This prompted me to check the API & Services dashboard to confirm the container-registry API was enabled - It is.

UPDATE 2: I'm having these problems on a machine running ubuntu 19.04. Per the comments below I was able to do a push via the cloud shell. So I then went through the same exercise on a MacBook Pro - worked no problems.

So I then uninstalled Cloud SDK per the doco having used the standard linux install instructions previously. I then re-installed using the debian-ubuntu install instructions (version 274.0.1-0)... STILL no go.

When I do a docker pull on the image (because push worked on MBP) I get this error: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

And when I do a push I get this error: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication

So at this stage, given the success on the MBP and the lack thereof on the linux/ubuntu machine, the problem is constrained to to linux/ubuntu installs.

UPDATE 3: I got on to a separate ubuntu server, did a clean install with sudo snap install google-cloud-sdk --classic , did everything else per the docs and still had the exact same problem. So I recon this is a linux google cloud SDK specific problem.

Is there anyone out there Ubuntu land who as been able install and use cloud SDK with GCR recently?????????

LaughingBubba
  • 641
  • 6
  • 8
  • Never used GCR myself, but are you sure that **gcr-project** is not used by someone else already? – UNOPARATOR Jan 05 '20 at 12:08
  • You reference the project-name (gcr-project) in the commands and on the cloud-shell you'll see the unique project-id (gcr-project-XXXXXX) on the cli prompt. I changed the id number to XXXXXX to protect the innocent. – LaughingBubba Jan 05 '20 at 12:15
  • Shouldn't this ```docker push gcr.io/gcr-project/quickstart-image:tag1``` be ```docker push gcr.io/gcr-project-XXXXXX/quickstart-image:tag1``` then? (same goes for tagging too) – UNOPARATOR Jan 05 '20 at 12:18
  • You're right, I re-read the doco says `docker push [HOSTNAME]/[PROJECT-ID]/[IMAGE]:[TAG]` so I re-did everything in cloud-shell and this time it worked with `docker push gcr.io/gcr-project-264210/quickstart-image:tag1` HOWEVER ... When I re-do it with PROJECT-ID on my local machine I still get `unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication ` ... so something wonky with the set up on my machine. – LaughingBubba Jan 06 '20 at 01:20
  • According to [this documentation](https://cloud.google.com/container-registry/docs/advanced-authentication), I think you should use ```gcloud docker``` command instead of using ```docker``` command directly. – UNOPARATOR Jan 06 '20 at 09:58
  • Already tried that and I get the same result. Also, the same doco suggests that you use `gcloud auth configure-docker` as the preferred method - which I am. I'll also point out the same method works fine on macOS per UPDATE2. – LaughingBubba Jan 06 '20 at 23:30

1 Answers1

10

I was able to replicate this issue on multiple ubuntu machines. I tried again after the most recent cloud SDK update (276.0.0) but had no luck.

In the end I went with json key file authentincati described in the docs here as a work around which worked fine.

LaughingBubba
  • 641
  • 6
  • 8