google-cloud-platformgoogle-cloud-buildgoogle-cloud-iamgoogle-container-registrygoogle-cloud-deploy

Google Cloud Platform container list tags permission denied

When executing the command:

gcloud container images list-tags gcr.io/x/x

In the terminal, I get the following error:

(gcloud.container.images.list-tags) Access denied: gcr.io/x/x

Which role do I need to give the user so that they are able to execute that command? Thank you.

Solution

  • For read-only purposes (e.g. list-tags), roles/storage.objectViewer should (!?) be sufficient.

    Google Container Registry (GCR) is slightly confusing because:

    1. the API is Docker Registry API
    2. the backing storage is Google Cloud Storage (GCS).

    As a result of:

    1. there's no Google IAM roles specifically for GCR because there's no Google-specific API
    2. the IAM role that's used is applicable to GCS.