GCPcloud~30 mins

Policy troubleshooter in GCP - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Policy Troubleshooter in Google Cloud

📖 Scenario: You are a cloud administrator for a company using Google Cloud Platform (GCP). You want to check why a user cannot access a specific resource. GCP's Policy Troubleshooter helps you find out which policy is blocking or allowing access.

🎯 Goal: Build a simple script that uses GCP Policy Troubleshooter API to check access for a user on a resource and understand the result.

📋 What You'll Learn

Create a dictionary called access_request with keys principal, permission, and resource with exact values

Add a configuration variable called project_id with the exact string value

Write a function called check_access that takes access_request and project_id and returns a dictionary simulating a policy troubleshooting result

Add a final line that calls check_access with access_request and project_id and stores the result in result

💡 Why This Matters

🌍 Real World

Cloud administrators often need to troubleshoot why users cannot access resources. This project simulates using GCP's Policy Troubleshooter to understand access decisions.

💼 Career

Understanding policy troubleshooting is essential for roles like Cloud Engineer, Security Engineer, and Cloud Administrator to maintain secure and functional cloud environments.

Progress0 / 4 steps

Create the access request dictionary

Create a dictionary called access_request with these exact entries: 'principal': 'user:alice@example.com', 'permission': 'storage.buckets.get', and 'resource': '//storage.googleapis.com/projects/_/buckets/my-bucket'.

GCP

# Create the access_request dictionary with principal, permission, and resource
# Your code here

Need a hint?

Use curly braces to create a dictionary with the exact keys and values.

Add the project ID configuration

Create a variable called project_id and set it to the string 'my-gcp-project'.

GCP

access_request = {
    'principal': 'user:alice@example.com',
    'permission': 'storage.buckets.get',
    'resource': '//storage.googleapis.com/projects/_/buckets/my-bucket'
}
# Create the project_id variable with the exact string
# Your code here

Need a hint?

Assign the exact string to the variable project_id.

Write the check_access function

Define a function called check_access that takes parameters access_request and project_id. Inside, return a dictionary with keys access set to "GRANTED" and reasons set to a list containing "User has the required permission".

GCP

access_request = {
    'principal': 'user:alice@example.com',
    'permission': 'storage.buckets.get',
    'resource': '//storage.googleapis.com/projects/_/buckets/my-bucket'
}

project_id = 'my-gcp-project'

def check_access(access_request, project_id):
    # Your code here

Need a hint?

Define the function with the exact name and parameters, then return the dictionary with the exact keys and values.

Call the check_access function and store the result

Call the function check_access with access_request and project_id as arguments, and assign the result to a variable called result.

GCP

access_request = {
    'principal': 'user:alice@example.com',
    'permission': 'storage.buckets.get',
    'resource': '//storage.googleapis.com/projects/_/buckets/my-bucket'
}

project_id = 'my-gcp-project'

def check_access(access_request, project_id):
    return {
        'access': 'GRANTED',
        'reasons': ['User has the required permission']
    }

# Call check_access and store the result in result
# Your code here

Need a hint?

Call the function with the exact variable names and assign the output to result.