Create Service Connection from Azure DevOps to GCP Artifact Registry

0 votes

Are there any tutorials for creating a service account for the GCP Artifact Registry?

I have tried this: https://cloud.google.com/architecture/creating-cicd-pipeline-vsts-kubernetes-engine but it uses GCP Container Registry.

I get this error because of this difference.

##[error]denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource.

But the service account I created has the permissions needed (albeit those roles are in beta). I even gave it a very elevated role and still getting this.

when I created the service connect I followed these steps from the documentation linked above:

Any advice would be appreciated.

Apr 1, 2022 in Other DevOps Questions by Kichu
• 19,040 points
900 views

1 answer to this question.

0 votes

Creating a service account for Google Cloud Platform (GCP) Artifact Registry involves a few steps, including creating a service account, granting necessary permissions, and optionally configuring roles for the service account. While there might not be specific tutorials dedicated solely to creating a service account for GCP Artifact Registry, you can follow general tutorials for creating service accounts in GCP and then adjust the permissions accordingly for Artifact Registry. Here's a step-by-step guide:

  1. Create a Service Account:

    • Go to the Google Cloud Console: https://console.cloud.google.com/.
    • Navigate to the IAM & Admin > Service accounts page.
    • Click on "Create Service Account".
    • Enter a name and description for your service account.
    • Click on "Create".
  2. Assign Roles:

    • After creating the service account, you'll be prompted to grant it roles. At a minimum, you'll need to grant the necessary roles to interact with GCP Artifact Registry.
    • The roles you might consider include:
      • Artifact Registry Reader: Allows read access to repositories.
      • Artifact Registry Writer: Allows write access to repositories.
      • Artifact Registry Administrator: Allows full control over repositories.
    • Click on "Continue" to proceed with assigning roles.
  3. Generate a Key:

    • Once the roles are assigned, you'll be prompted to create a key for the service account.
    • Choose the key type (JSON is recommended) and click on "Create". This will download the key file to your local machine.
  4. Configure Access Control for Artifact Registry:

    • Now that you have the service account and key file, you need to configure access control for GCP Artifact Registry.
    • Navigate to the Artifact Registry page in the Google Cloud Console.
    • Select the repository for which you want to grant access.
    • Click on "Add members" and enter the email address of the service account you created.
    • Choose the appropriate role(s) (e.g., Reader, Writer, Administrator) for the service account.
    • Click on "Save".
  5. Use the Service Account Key:

    • Finally, you can use the downloaded service account key file in your applications or scripts to authenticate with GCP Artifact Registry.
    • Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of the key file to enable authentication.

Remember to securely manage the service account key file, as it provides access to your GCP resources. Rotate keys periodically and follow best practices for key management.

While there might not be tutorials specifically tailored to creating service accounts for GCP Artifact Registry, you can refer to the Google Cloud documentation for detailed instructions on creating service accounts and managing access control in GCP. Additionally, community forums and Q&A sites like Stack Overflow can be helpful if you encounter specific issues or questions during the process.

Also check How to create a service connection for Azure in Azure DevOps with pictures?

answered Apr 29 by anonymous
• 1,380 points

Related Questions In Other DevOps Questions

0 votes
0 answers

Source code migration from TFS 2013 to Azure Devops service

Can someone help me with migrating the ...READ MORE

Mar 17, 2022 in Other DevOps Questions by Kichu
• 19,040 points
794 views
0 votes
0 answers
0 votes
0 answers

unable to install mcafee-epo from azure devops

When I run the command 'pip install ...READ MORE

Mar 20, 2022 in Other DevOps Questions by Kichu
• 19,040 points
509 views
0 votes
0 answers

How to get access token for Azure DevOps from Microsoft Teams app?

I integrated an MS Teams using tab with ...READ MORE

Mar 21, 2022 in Other DevOps Questions by Kichu
• 19,040 points
795 views
0 votes
2 answers

Which is better azure devops or aws devops?

Azure DevOps, a part of Microsoft's cloud ...READ MORE

answered Jan 8 in Cloud Computing by anonymous
• 700 points
2,263 views
0 votes
1 answer
0 votes
1 answer

What is the Difference between VSO, VSTS and Azure Devops

Azure DevOps was previously known as VSO ...READ MORE

answered Mar 8, 2022 in Azure by Edureka
• 13,620 points

edited Jun 27, 2023 by Khan Sarfaraz 1,799 views
0 votes
1 answer

How can I preview PowerPoint files in Azure DevOps (VSTS)?

For work item attachments, there are no ...READ MORE

answered Mar 8, 2022 in DevOps & Agile by gaurav
• 23,260 points
1,438 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP