In this post we’ll cover how to enable sharing of a private image from one project and using that image in another project. We’ll set this up for Cloudbuild use. Let’s get started!
You’ll need access to two projects, we’ll call them Host and Caller. The Host project contains the private image that the Caller project wants to access via a Caller’s cloudbuild.
Remember — you’re wanting to access the image using the cloudbuild service account from the caller’s project.
Allowing access to the private image: Go to the IAM page for the project that wants to access the image. Look for the cloudbuild service account and copy the service account:
Add IAM Role to Host Project:
Switch to the project that hosts the image while staying on the IAM page. We’ll now create an IAM role to allow the caller’s cloudbuild service account to access the artifact registry.
Click Grant Access, then enter the service account email you copied above. Next add “Artifact Registry Reader” role and save.
Note, I’ve seen documentation about “compute > compute image user” which didn’t work for me, hence this post. You just need to allow artifact registry reader access in the Host project for the Caller’s cloudbuild service account.
