Comment by lopkeny12ko
8 months ago
> Google Cloud services have strong safeguards in place with a combination of soft delete, advance notification, and human-in-the-loop, as appropriate.
I mean, clearly not? By Google's own admission, in this very article, the resources were not soft deleted, no advance notification was sent, and there was no human in the loop for approving the automated deletion.
And Google's remediation items include adding even more automation for this process. This sounds totally backward to me. Am I missing something?
They automated away the part that had a human error (the internal tool with a field left blank), so that human error can't mess it up in the same way again. They should move that human labor to checking before tons of stuff gets deleted.
It seems to me that the default-delete is the real WTF. Why would a blank field result in a default auto-delete in any sane world. The delete should be opt-in not opt-out.
It took me way too many years to figure out that any management script I write for myself and my co-workers should, by default, execute as a dry run operation.
I now put a -e/--execute flag on every destructive command; without that, the script will conduct some basic sanity checks and halt before making changes.