Docker push error : requested access to the resource is denied

vniekecc · October 11, 2023, 1:25pm

Hi , I am new to GitLab and this forum - so please excuse me if go about the incorrect way finding a solution for my problem.

Our dev team that designed the current solution, all left our business, so i’m trying resolve the issue.

When we try and push our docker image to registry.gitlab.com we get back “requested access to the resource is denied”

Can anyone assist with this issue, why this is happening?

balonik · October 11, 2023, 1:44pm

Hi @vniekecc

Docker needs to authenticate to GitLab before it can push images to registry. If you are running it in a Pipeline job this is usually done by setting DOCKER_AUTH_CONFIG as described here.

If you are using Docker command locally or from some shared server, you need to login as well.
docker login registry.gitlab.com and use your username and token.

You can get better answer if you describe your setup in more details.

vniekecc · October 11, 2023, 3:10pm

Hi balonik, much appreciated for your help.

I was thinking the same was not 100% sure. We are running YML scripts in DEVOPS that will create the images. The username & password is stored in DEVOPS and is encrypted when passed to the scripts. Problem now is I cannot test the login manually. But we have the URL where it is trying to push the image too. Whom can assist me in tracing the login account being used and reset the password? As mentioned, the previous developers left our company and country, so we are stuck. I’m desperate for a solution?

balonik · October 12, 2023, 6:47am

Please share the YML files and any commands you execute. If you do not want to share it publicly, you can share it with me in DM.

vniekecc · October 12, 2023, 7:18am

Hi Balonik, please see below details as requested.

parameters:

name: environment
type: string
default: “dev”
name: branchName
type: string
default: “dev”
name: poolName
type: string
default: “development”
name: serviceName
type: string
default: “”
name: dockerFileLocation
type: string
default: “”
name: networkName
type: string
default: “zoneNetwork”
name: ports
type: string
default: “”

stages:

stage: ${{ parameters.environment }}
dependsOn:
condition: and(succeeded(), eq(variables[‘Build.SourceBranch’], ‘refs/heads/${{ parameters.branchName }}’))
pool:
name: ${{ parameters.poolName }}
jobs:
- job: Build
  workspace:
  clean: all
  steps:
  - script: docker login -u $(regUID) -p $(regPWD) $(regLocation)
    displayName: Login to Docker Reg
  - script: cd ${{ parameters.dockerFileLocation }} && docker build --build-arg env=${{ parameters.environment }} -t registry.gitlab.com/bcxzone/bcxzone/${{ parameters.serviceName }}:${{ parameters.environment }} .
    displayName: Docker Build
  - script: docker push registry.gitlab.com/bcxzone/bcxzone/${{ parameters.serviceName }}:${{ parameters.environment }}
    displayName: Docker Push
- deployment: Deployment
  dependsOn: Build
  workspace:
  clean: all
  environment: ${{ parameters.environment }}
  strategy:
  runOnce:
  deploy:
  steps:
  - script: docker network create ${{ parameters.networkName }} || true
  displayName: Create Network
  - script: docker stop $(docker ps -a -q -f “name=${{ parameters.serviceName }}${{ parameters.environment }}") || true
  displayName: Stop Container
  - script: docker rm -f $(docker ps -a -q -f "name=${{ parameters.serviceName }}${{ parameters.environment }}”) || true
  displayName: Remove Container
  - script: docker create --name ${{ parameters.serviceName }}${{ parameters.environment }} -e “ASPNETCORE_ENVIRONMENT=${{ parameters.environment }}” ${{parameters.ports}} -e TZ=Africa/Johannesburg --net ${{ parameters.networkName }} -P --restart always registry.gitlab.com/bcxzone/bcxzone/${{ parameters.serviceName }}:${{ parameters.environment }}
  displayName: Create Container
  - script: docker start ${{ parameters.serviceName }}${{ parameters.environment }}
  displayName: Start Container
  - script: docker ps
  displayName: List Containers

balonik · October 12, 2023, 8:01am

That file is for Azure DevOps not GitLab CI. I am not that familiar with Azure DevOps, you could find someone that can help you in https://techcommunity.microsoft.com/t5/azure-devops/bd-p/AzureDevOpsForum

vniekecc · October 12, 2023, 8:18am

Ok, thanks will do that

vniekecc · October 12, 2023, 8:52am

Hi Balonik, before I asked for more info in the Microsoft forums, Who can assist us to recover the username and/or password? Currently the credentials is in a DEVOPS register and is encrypted.
We are trying to access the gitlab account but cannot. This will perhaps help us in generating a new access token to be used - think the current one has expired.

balonik · October 12, 2023, 9:22am

If you don’t know where or who created the access token, just create a new one and use that to access GitLab.

vniekecc · October 12, 2023, 10:33am

Ok, this is the part that I do not know how to do it - I’m very new to gitlab.
On a high-level
1)Do I create a new project with new registry?
2) Then generate a token with new username and password and expiry date and copy this into the Docker json file?

balonik · October 12, 2023, 11:34am

Self-hosted Gitlab or gitlab.com? Paid or Free?

vniekecc · October 12, 2023, 11:42am

Selfhosted, so I think this is free.

balonik · October 12, 2023, 11:58am

If you push only to single project, navigate to that project in GitLab. If you push into more projects, navigate to a group where all the projects are.

In the left pane select Settings → Access Tokens. There you can add new token. For docker push you need to grant “write_registry” scope and “Developer” role.

You get a token that you need to save somehow in your Azure DevOps pipeline.

vniekecc · October 12, 2023, 1:09pm

Cool, much appreciated for your help. Will do this - thanx