GCP Artifact Registry access guide with Cloud Build - 'permission denied' scenarios when pulling images
I'm working with an scenario while trying to use Google Cloud Build to pull Docker images from the GCP Artifact Registry. Despite having set up everything according to the documentation, I'm getting a `permission denied` behavior when the Cloud Build tries to access the images. My Artifact Registry repository is named `my-repo` and is located in the `us-central1` region. I've ensured that the service account used by Cloud Build has the `roles/artifactregistry.reader` role assigned, and I verified that the following IAM policy is applied: ```json { "bindings": [ { "role": "roles/artifactregistry.reader", "members": [ "serviceAccount:PROJECT_NUMBER@cloudbuild.gserviceaccount.com" ] } ] } ``` However, when my build triggers run, they produce the following behavior message: ``` behavior: unauthorized: Access to the requested resource is not permitted. ``` I've also tried running a test command from the Cloud Shell: ```bash gcloud artifacts docker images list us-central1-docker.pkg.dev/my-project/my-repo ``` This command works without issues, confirming that the images are accessible from Cloud Shell. I've also added the `cloudbuild.yaml` configuration file as follows: ```yaml steps: - name: 'gcr.io/cloud-builders/docker' args: ['pull', 'us-central1-docker.pkg.dev/my-project/my-repo/my-image:latest'] ``` I confirmed that I am using the latest version of the Google Cloud SDK and Cloud Build, but I'm still working with this scenario. What am I missing, or what else can I check to resolve this access question?