ExamTopics Logo
Mail Us[email protected]
Menu
Google Discussions
exam questions

Exam Professional Cloud DevOps Engineer All Questions

View all questions & answers for the Professional Cloud DevOps Engineer exam
Go to Exam

Exam Professional Cloud DevOps Engineer topic 1 question 155 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 155
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:

Initializing the backend...

Error: Failed to get existing workspaces: querying Cloud Storage failed: googleapi: Error 403

You need to resolve the issue by following Google-recommended practices. What should you do?

  • A. Change the Terraform code to use local state.
  • B. Create a storage bucket with the name specified in the Terraform configuration.
  • C. Grant the roles/owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.
  • D. Grant the roles/storage.objectAdmin Identity and Access Management (1AM) role to the Cloud Build service account on the state file bucket.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by activist at Oct. 21, 2023, 11:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dija123
8 months, 1 week ago
Selected Answer: D
Agree with D
upvoted 1 times
...
kish18
1 year ago
Selected Answer: D
this is regarding the permission, hence providing the correct role will resolve this
upvoted 1 times
...
xhilmi
1 year, 1 month ago
Selected Answer: D
To resolve that issue, you should ensure that the Cloud Build service account has the necessary permissions to access the Cloud Storage bucket used for storing Terraform state. The recommended practice is to grant the roles/storage.objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket. Therefore, the correct answer is (option D) This permission grants the necessary access for Cloud Build to read and write objects (which include Terraform state files) in the specified Cloud Storage bucket, resolving the 403 error. It's important to follow the principle of least privilege and only grant the permissions needed for the specific task at hand.
upvoted 2 times
...
nqthien041292
1 year, 1 month ago
Selected Answer: D
Vote D
upvoted 1 times
...
activist
1 year, 2 months ago
https://cloud.google.com/storage/docs/access-control/iam-roles
upvoted 1 times
...
lelele2023
1 year, 2 months ago
Selected Answer: D
Think it's D since the 403 error occurred while the tf actions queries state file in bucket, you only need the object admin permission(state file ). Storage Object Admin (roles/storage.objectAdmin) Grants full control over objects, including listing, creating, viewing, and deleting objects, as well as setting object ACLs. Also grants access to create, delete, get, and list managed folders.
upvoted 1 times
...
activist
1 year, 2 months ago
Answer D seems to be correct.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel