3
votes

When trying to gcloud builds submit --tag gcr.io/********/*** in order to build a container image, I get a:

ERROR: (gcloud.builds.submit) HTTPError 403: Insufficient Permission

I am trying this from a compute VM instance, where gcloud is set up with the service account.

The service account has the following roles:

Cloud Build Service Account, Cloud Build Editor, Cloud Scheduler Job Runner, Cloud SQL Admin, Editor, Organization Administrator, Cloud Run Admin, Cloud Run Invoker, Cloud Run Service Agent,

If anyone has any idea why I am getting denied, help woul be greatly appreciated.

1
Is the first ******** the same as your Google Cloud project name?Dustin Ingram
Great question of @DustinIngramguillaume blaquiere

1 Answers

3
votes

If your using gcloud cli.

  1. Please Verify Your Gcloud auth is Using Services Account.
  2. Then try again gcloud builds submit --tag gcr.io/********/***

If you use Google Cloud Build : Add google cloud steps to your cloudbuild.yml

steps:
  - name: 'gcr.io/cloud-builders/docker'
    entrypoint: 'bash'
    args:
      - '-c'
      - 'docker pull gcr.io/$PROJECT_ID/$_APP_NAME:latest || exit 0'
  - name: gcr.io/cloud-builders/docker
    args:
      - 'build'
      - '-t'
      - 'gcr.io/$PROJECT_ID/$_APP_NAME:latest'
      - '.'
  - name: gcr.io/cloud-builders/docker
    args:
      - 'push'
      - 'gcr.io/$PROJECT_ID/$_APP_NAME:latest'
images:
  - 'gcr.io/$PROJECT_ID/$_APP_NAME'
timeout: 1200s
substitutions:
  _APP_NAME: 'app_examples'

Reference : https://cloud.google.com/cloud-build/docs/running-builds/start-build-manually