google-cloud-python denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource

I asked a question in Stack Overflow but still can't find a solution: https://stackoverflow.com/questions/73796128/error-denied-permission-artifactregistry-repositories-downloadartifacts-deni

The content of the question: I am new in Python. I am deploying Python code to Google Cloud Run and I am getting an error.

Here is the terminal:

Deploying from source. To deploy a container use [--image]. See https://cloud.google.com/run/docs/deploying-source-code for more details.
Source code location (/Users/name/......):  
Next time, use `gcloud run deploy --source .` to deploy the current directory.

Service name (google-cloud-run):  
Please specify a region:
 [1] asia-east1
 ......
Please enter your numeric choice:  27

To make this the default region, run `gcloud config set run/region us-central1`.

This command is equivalent to running `gcloud builds submit --tag [IMAGE] /Users/name/......` and `gcloud run deploy google-cloud-run --image [IMAGE]`

Allow unauthenticated invocations to [google-cloud-run] (y/N)?  y

Building using Dockerfile and deploying container to Cloud Run service [google-cloud-run] in project [project-id] region [us-central1]
X Building and deploying new service... Building Container.                                                                                    
  ✓ Uploading sources...                                                                                                                       
  - Building Container... Logs are available at [https://console.cloud.google.com/cloud-build/builds/bdaf9cea-3e87-46e4-81f8-33b2675808f8?proje
  ct=1044629281917].                                                                                                                           
  . Creating Revision...                                                                                                                       
  . Routing traffic...                                                                                                                         
  . Setting IAM Policy...                                                                                                                      
Deployment failed                                                                                                                              
ERROR: (gcloud.run.deploy) Build failed; check build logs for details

It looks like it fails in the build container.

When I check my logs, the error is: denied: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/project-id/locations/us-central1/repositories/cloud-run-source-deploy" (or it may not exist).

My code:

import os

from flask import Flask

app = Flask(__name__)


@app.route("/")
def hello_world():
    name = os.environ.get("NAME", "World")
    return "Hello {}!".format(name)


if __name__ == "__main__":
    app.run(debug=True, host="0.0.0.0", port=int(os.environ.get("PORT", 8080)))

My Google Cloud IAM account roles:

Artifact Registry Administrator
Artifact Registry Reader
Artifact Registry Repository Administrator
Artifact Registry Writer
Cloud Build Editor
Cloud Run Admin
Container Registry Service Agent
Service Account Admin
Service Account User
Service Usage Admin
Service Usage Consumer
Source Repository Administrator
Source Repository Reader
Source Repository Writer
Storage Admin
Storage Object Admin
Viewer

How can I fix this error? Appreciate if someone can advise. Thank you in advance!

Sep 27 '22 10:09 mycar98765

I'm going to transfer this issue to the google-cloud-python repository as we are preparing to move the code for google-cloud-run to that repository in the next 1-2 weeks.

Apr 17 '23 16:04 parthea

@mycar98765 Were you able to resolve this issue?

Jun 24 '24 18:06 vchudnov-g

Closing this issue, as we have had no response. Please re-open if it is still a problem.

Jul 16 '24 17:07 vchudnov-g