You need to create a large number of projects for many different teams. You want to use a Cloud Deployment Manager (DM) deployment to create those projects in a folder called your-folder. What should you do?
A. Make sure that you have the Project Creator role on your-folder. Create the deployment by using the command “gcloud deployment-manager deployments create” with the option –folder your-folder.
B. Make sure that you have the Project Creator role on your-folder. Create the deployment by using the command “gcloud deployment-manager deployments create” with the option –[email protected] where [email protected] is your email address.
C. Whitelist the deploymentmanager.googleapis.com API on the your-folder folder by using the constraints/serviceuser.services Organization Policy constraint. Create the deployment by using the command “gcloud deployment-manager deployments create” with option –folder your-folder.
D. Manually create a project called your-project, and enables the DM API in this project. List the service accounts in this project, and identify the one used by DM. Grant the Project Creator role on your-folder to that service account. Create the deployment by using the command “gcloud deployment-manager deployments create” with the option –project=your-project.
Disclaimer
This is a practice question. There is no guarantee of coming this question in the certification exam.
Answer
D
Explanation
Labels in Deployment Manager
– A label is a key value pair that helps you organize deployments.
– Filter the resources based on their labels.
– For example, environment: production, environment: staging, etc.
Organizational Policy Constraints
– It is a configuration of restrictions.
– It is inherited from all child resources.
– Specifically, contraints/serviceuser.services allows you to deny a set of services, not allowed.
A. Make sure that you have the Project Creator role on your-folder. Create the deployment by using the command “gcloud deployment-manager deployments create” with the option –folder your-folder.
(There is no option to specify a folder as the target for Cloud Deployment Manager CLI.)
B. Make sure that you have the Project Creator role on your-folder. Create the deployment by using the command “gcloud deployment-manager deployments create” with the option –[email protected] where [email protected] is your email address.
(Labels are user defined, they are not interpreted by the gcloud command. No “act-as” label with special interpretation.)
C. Whitelist the deploymentmanager.googleapis.com API on the your-folder folder by using the constraints/serviceuser.services Organization Policy constraint. Create the deployment by using the command “gcloud deployment-manager deployments create” with option –folder your-folder.
(There is no option to specify a folder as the target for Cloud Deployment Manager. Also, whitelisting DM API will not enable it automatically.)
D. Manually create a project called your-project, and enables the DM API in this project. List the service accounts in this project, and identify the one used by DM. Grant the Project Creator role on your-folder to that service account. Create the deployment by using the command “gcloud deployment-manager deployments create” with the option –project=your-project.
(Since there are many projects to create, automation without user login would be good. We need a Project Creator role for an account to create projects in your-folder. We are using a service account and giving it Project Creator role.)