Hi,
I am trying to use a docker image from a private google artifact registry as an image for a pipeline service as documented here.
Since Bitbucket doesn’t have support for OIDC for GCP, I created just a user account with required permission to read from the google artifact registry. Also tested the user by pulling an image locally and it worked, but when I am using the same user in the pipeline, I get the 401 unauthorised error with the message, failed to fetch oauth token. Is it a known problem or am I doing something wrong here?
I am sure that the username and password are defined correctly in secret variables since I have printed the MD5 of them in the pipeline and it was matched.
Hi @payamnj and welcome to the community!
You can check the details on the following page regarding how to use an image from GCR:
Please feel free to let me know how it goes and if you have any questions.
Kind regards,
Theodora
But this applies for container registry, while in this case it is artifact registry.
I have the same issue, and have checked, checked and triple checked the configuration and it does not seem to work once you switch to artifact registry.
We have tested with a json credentials with ample permissions.
We have tried base64 encoding the json and just pasting it in as a variable
We get:
failed to authorize: failed to fetch anonymous token: unexpected status: 403 Forbidden
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Using the service account json key as it was documented in the link that @Theodora Boudale sent, fixed the issue for me.🙏
@Gisle Rognerud since you are getting 403 may be the problem is that your service-account has permision to access the container registery but not the artifact registery! So I guess if you change the service account permissions it should work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.