Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Docker push fails with message "denied: requested access to the resource is denied"

+2
−0

Recently I had to push a new Docker image to our GitLab registry.

  • I have the Maintainer role on that project.
  • I had created a new token and used it to log in to Docker.

However, when trying to build and push the image, I got the error message

denied: requested access to the resource is denied

The output looked as follows:

The push refers to repository [registry.gitlab.com/.../...]
ae17b0564d98: Preparing
9ef3e4c4bfdc: Preparing
4504b43db9b6: Preparing
108bb35b89d0: Preparing
793f447bc25b: Preparing
397bd9b6f39e: Waiting
290cec21aafb: Waiting
e7f8b07649a4: Waiting
109e67eff29c: Waiting
556c5fb0d91b: Waiting
denied: requested access to the resource is denied

Why can't I push my new Docker image to the GitLab registry?

(I've found that there are many possible reasons for this error. I've found the solution for my case and will add it as an answer. If you have a different solution, please add it as an answer for future visitors!)

History
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

2 answers

+1
−0

[2024-05-24: I originally wrote a similar answer in that other Q&A site]

Summary:

Check:

  1. Are you logged in? Look in ~/.docker/config.json for auths section
  2. The Auth token needs read_repository and write_repository scopes (OP's answer)
  3. Check the container registry visibility. If the container is only visible to Reporter or higher, then the user which made the token needs to have that role
  4. Does the Project already exist on GitLab? You can't push to arbitrary or new namespace
  5. Did you build / tag with the same name?

Access Denied for GitLab Container Registry

The access denied can be because the personal access token (PAT) which you are using does not have access to the project for this container registry.

  • The PAT must have read_registry scope to be able to pull, and also write_registry scope, if you want to push to the container registry
  • The GitLab User who owns the PAT must have permission to access the GitLab Project which owns this container registry:
    • For a docker push to a Private project, you need at least Developer access to that project
    • For docker pull, it is enough to be a Guest
    • If the container's visibility is Only Project Members, you need at least Reporter access

You cannot use deploy tokens with the public API. They are only useful for CI/CD jobs.

Invalid tag name

Another reason for access denied can be if the project does not actually exist. You can't push to arbitrary namespaces in GitLab. For example, if the error says:

access denied for registry.gitlab.com/milohax/backend

There is no "backend" project in @milohax's namespace. This may not even be your namespace (since it's one of mine): http://gitlab.com/milohax

The container tag and the URL should match: for instance, you should probably be doing this, substituting your username or group name for $GL_USER, the project's namespace for $GL_NAMESPACE, and a name of the image for $IMAGE :

docker build -t registry.gitlab.com/$GL_USER/$GL_NAMESPACE/$IMAGE:1.0

docker push registry.gitlab.com/$GL_USER/$GL_NAMESPACE/$IMAGE:1.0
History
Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

Looks like my situation was included in this answer as well. Nice! Also, welcome to Codidact! (1 comment)
+2
−0

There are many reasons why this error may occur.
In my case, my new token had the read_registry scope but not the write_registry scope.
I created a new token that had the read_registry and write_registry scopes. I then logged out of Docker, and logged in again using the new token.
After that I was able to push the new image successfully.

I found this solution on that other Q&A site.

History
Why does this post require moderator attention?
You might want to add some details to your flag.

0 comment threads

Sign up to answer this question »