Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Google Discussions

Exam Professional Cloud DevOps Engineer topic 1 question 155 discussion

Actual exam question from Google's Professional Cloud DevOps Engineer
Question #: 155
Topic #: 1
[All Professional Cloud DevOps Engineer Questions]

You are deploying a Cloud Build job that deploys Terraform code when a Git branch is updated. While testing, you noticed that the job fails. You see the following error in the build logs:

Initializing the backend...

Error: Failed to get existing workspaces: querying Cloud Storage failed: googleapi: Error 403

You need to resolve the issue by following Google-recommended practices. What should you do?

  • A. Change the Terraform code to use local state.
  • B. Create a storage bucket with the name specified in the Terraform configuration.
  • C. Grant the roles/owner Identity and Access Management (IAM) role to the Cloud Build service account on the project.
  • D. Grant the roles/storage.objectAdmin Identity and Access Management (1AM) role to the Cloud Build service account on the state file bucket.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by activist at Oct. 21, 2023, 11:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
dija123
2 weeks ago
Selected Answer: D
Agree with D
upvoted 1 times
...
kish18
4 months, 3 weeks ago
Selected Answer: D
this is regarding the permission, hence providing the correct role will resolve this
upvoted 1 times
...
xhilmi
5 months, 1 week ago
Selected Answer: D
To resolve that issue, you should ensure that the Cloud Build service account has the necessary permissions to access the Cloud Storage bucket used for storing Terraform state. The recommended practice is to grant the roles/storage.objectAdmin Identity and Access Management (IAM) role to the Cloud Build service account on the state file bucket. Therefore, the correct answer is (option D) This permission grants the necessary access for Cloud Build to read and write objects (which include Terraform state files) in the specified Cloud Storage bucket, resolving the 403 error. It's important to follow the principle of least privilege and only grant the permissions needed for the specific task at hand.
upvoted 2 times
...
nqthien041292
5 months, 2 weeks ago
Selected Answer: D
Vote D
upvoted 1 times
...
activist
6 months, 2 weeks ago
https://cloud.google.com/storage/docs/access-control/iam-roles
upvoted 1 times
...
lelele2023
6 months, 2 weeks ago
Selected Answer: D
Think it's D since the 403 error occurred while the tf actions queries state file in bucket, you only need the object admin permission(state file ). Storage Object Admin (roles/storage.objectAdmin) Grants full control over objects, including listing, creating, viewing, and deleting objects, as well as setting object ACLs. Also grants access to create, delete, get, and list managed folders.
upvoted 1 times
...
activist
6 months, 4 weeks ago
Answer D seems to be correct.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel