Google CLI Tools for Administrative Operations

Questions and Answers

What is the purpose of the tool-proxy-cli --proxy_address command mentioned in the text?

To bypass the proxy

To stop a Borg job in production (correct)

To start a Borg job

To check the proxy logs

In the tools configuration, what does the 'binary_in_mpm' option specify?

The address of the proxy

The MPM to use for the command (correct)

The command to execute

The unit test to run

What triggers the MPA (Multi-Person Approval) process for running sensitive commands through the proxy?

Being in 'group:admin-leads' (correct)

Being part of 'group:admin'

Running a unit test

Executing any command

How does the proxy handle authorization for running sensitive commands?

Triggers a waiting period for approval from 'group:admin-leads'

What aspect of the development workflow is changed by the Tool Proxy usage?

Prepending commands with a specific tool-proxy-cli

What is the primary purpose of using proxies in production environments according to the text?

To improve the reliability and security of deployed systems without requiring substantial changes.

What is the role of safe proxies at Google according to the text?

To provide a framework for authorized persons to access or modify the state of production systems.

How do safe proxies at Google help to limit the ability of privileged administrators to accidentally or maliciously cause issues in the production environment?

By allowing authorized persons to review, approve, and run risky commands without direct access to production systems.

What is the process for using safe proxies at Google to access or modify the state of production systems?

Authorized persons submit requests to the safe proxy, which reviews and approves the requests before executing them.

How does the use of safe proxies at Google help to improve the reliability and security of production environments?

By providing a framework for authorized persons to access or modify the state of production systems in a controlled and monitored manner.

What is the primary role of the Tool Proxy?

To act as an intermediary between engineers and production servers

How does the Tool Proxy achieve the goal of making production safer?

By not allowing humans to directly access production servers

What is the purpose of the policies used by the Tool Proxy?

To control and authorize invocations of CLI tools

What is the purpose of the group:admin and group:admin-leads groups mentioned in the policy example?

To control authorization for executing CLI tools

What is the typical deployment method for Tool Proxy instances?

As Borg jobs

What is the primary role of safe proxies in the described system?

Route traffic between clients and target systems

How is access control enforced in the safe proxy model?

Using application-layer access control lists (ACLs)

What is the purpose of the Zero Touch Prod project mentioned in the text?

To eliminate human interaction in production systems

Which of the following is NOT a benefit of using safe proxies mentioned in the text?

Facilitating unit testing of target systems

Based on the information provided, what can be inferred about the configuration of safe proxies at Google?

Safe proxy configurations restrict target systems to accept only calls from the proxy