chore: Migrate gsutil usage to gcloud storage

[bhandarivijay-png]

Automated: Migrate {target_path} from gsutil to gcloud storage

This CL is part of the on going effort to migrate from the legacy gsutil tool to the new and improved gcloud storage command-line interface.
gcloud storage is the recommended and modern tool for interacting with Google Cloud Storage, offering better performance, unified authentication, and a more consistent command structure with other gcloud components. 🚀

Automation Details

This change was generated automatically by an agent that targets users of gsutil.
The transformations applied are based on the gsutil to gcloud storage migration guide.

⚠️ Action Required: Please Review and Test Carefully

While we have based the automation on the migration guide, every use case is unique.
It is crucial that you thoroughly test these changes in environments appropriate to your use-case before merging.
Be aware of potential differences between gsutil and gcloud storage that could impact your workflows.
For instance, the structure of command output may have changed, requiring updates to any scripts that parse it. Similarly, command behavior can differ subtly; the gcloud storage rsync command has a different file deletion logic than gsutil rsync, which could lead to unintended file deletions.

Our migration guides can help guide you through a list of mappings and some notable differences between the two tools.

Standard presubmit tests are run as part of this CL's workflow. If you need to target an additional test workflow or require assistance with testing, please let us know.

Please verify that all your Cloud Storage operations continue to work as expected to avoid any potential disruptions in production.

Support and Collaboration

The GCS CLI team is here to help! If you encounter any issues, have a complex use case that this automated change doesn't cover, or face any other blockers, please don't hesitate to reach out.
We are happy to work with you to test and adjust these changes as needed.

Contact: gcs-cli-hyd@google.com

We appreciate your partnership in this important migration effort!

#gsutil-migration

[bhandarivijay-png]

Hi @functicons, Can we get your review on this PR? Thanks!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request systematically updates various scripts and documentation to transition from the legacy gsutil command-line tool to the recommended gcloud storage interface. This change aims to leverage the improved performance, unified authentication, and consistent command structure offered by gcloud storage for interacting with Google Cloud Storage. The migration was performed automatically, and users are advised to carefully validate the updated functionalities.

Highlights

• Automated Migration: This pull request was automatically generated to migrate gsutil commands to gcloud storage commands.
• Command Replacement: All instances of gsutil commands for copying, listing, creating, deleting buckets, and managing IAM policies have been replaced with their gcloud storage equivalents.
• User Action Required: Thorough testing of these changes in appropriate environments is crucial due to potential subtle differences in command behavior and output structure between gsutil and gcloud storage.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• benchmarks/benchmarkUtil.py
  • Updated gsutil cp to gcloud storage cp for uploading configuration files.
• benchmarks/trigger_bigbench_benchmark.py
  • Replaced gsutil cp with gcloud storage cp for uploading benchmark results.
• benchmarks/trigger_hibench_benchmark.py
  • Migrated gsutil cp to gcloud storage cp for uploading HiBench reports.
• gcloud/bin/audit-dpgce-create
  • Changed gsutil ls -b to gcloud storage ls --buckets for checking GCS bucket existence.
• gcloud/bin/audit-dpgce-destroy
  • Updated gsutil ls -b to gcloud storage ls --buckets for auditing GCS buckets during destruction.
• gcloud/bin/audit-private-create
  • Replaced gsutil ls -b with gcloud storage ls --buckets for checking GCS bucket existence.
• gcloud/bin/audit-private-destroy
  • Migrated gsutil ls -b to gcloud storage ls --buckets for auditing GCS buckets during destruction.
• gcloud/bin/recreate-dpgce
  • Updated commented-out gsutil -m cp to gcloud storage cp --manifest-path --recursive for copying initialization actions.
  • Removed a trailing blank line.
• gcloud/bin/recreate-dpgke
  • Changed gsutil -m cp -r to gcloud storage cp --recursive for copying initialization actions.
  • Removed a trailing blank line.
• gcloud/lib/dataproc/jobs.sh
  • Replaced gsutil cp -q with gcloud storage cp for downloading diagnostic files.
• gcloud/lib/gcp/gcs.sh
  • Migrated gsutil ls -b to gcloud storage ls --buckets for checking bucket existence.
  • Updated gsutil mb -l to gcloud storage buckets create --location for creating buckets.
  • Changed gsutil iam ch to gcloud storage buckets add-iam-policy-binding for granting IAM permissions.
  • Replaced gsutil -m cp -r with gcloud storage cp --recursive for copying init scripts.
  • Updated gsutil -m rm -r to gcloud storage rm --recursive for deleting buckets.
  • Modified commented-out gsutil -m rm -r to gcloud storage rm --recursive.
• gcloud/lib/shared-functions.sh
  • Updated gsutil ls -b to gcloud storage ls --buckets for checking bucket existence.
  • Replaced gsutil mb -l with gcloud storage buckets create --location for creating buckets.
  • Changed gsutil -m cp -r to gcloud storage cp --recursive for copying init scripts.
  • Migrated gsutil -m rm -r to gcloud storage rm --recursive for deleting buckets.
  • Updated gsutil cp -q to gcloud storage cp for downloading diagnostic files.
• spark-tensorflow/gcloud-tests/test-tf-tsv.sh
  • Replaced gsutil ls with gcloud storage ls for locating saved model paths.
• spark-translate/README.md
  • Updated gsutil mb to gcloud storage buckets create in documentation.
  • Changed gsutil cp to gcloud storage cp for uploading files in documentation.
  • Migrated gsutil cat to gcloud storage cat for verifying translated words in documentation.

Activity

• This pull request was automatically generated by an agent as part of an ongoing effort to migrate from gsutil to gcloud storage.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request automates the migration of gsutil commands to the more modern gcloud storage CLI across Python scripts, shell scripts, and documentation files (.md). While the automated replacements for commands like cp, ls, rm, mb, and iam ch appear correct and preserve the scripts' logic, a critical security concern has been identified. The audit revealed multiple instances of potential command injection vulnerabilities, arising from constructing shell commands using unvalidated external input (from command-line arguments or configuration files) and executing them via shell=True in Python or eval and unquoted variables in Bash. It is crucial to address these by sanitizing all external inputs and using safer methods for command execution, such as passing arguments as lists in Python and properly quoting all variables in Bash.

[gemini-code-assist]

The command string is constructed using .format() with variables scenario.config_file_name and scenario_destination_bucket_path, which are derived from YAML configuration files. Since this command is executed via execute_shell (which uses subprocess.Popen(cmd, shell=True)), it is vulnerable to command injection if the YAML content or scenario names contain shell metacharacters. It is recommended to avoid shell=True and pass arguments as a list.

[gemini-code-assist]

The command string is constructed using .format() with file and output_path. output_path is derived from sys.argv[1] and sys.argv[2], which are untrusted command-line arguments. Since the command is executed via execute_shell (which uses subprocess.Popen(cmd, shell=True)), an attacker can inject arbitrary shell commands by providing malicious command-line arguments. It is recommended to avoid shell=True and pass arguments as a list.

[gemini-code-assist]

The command string is constructed using .format() with output_path, which is derived from sys.argv[1] and sys.argv[2]. Since the command is executed via execute_shell (which uses subprocess.Popen(cmd, shell=True)), an attacker can inject arbitrary shell commands by providing malicious command-line arguments. It is recommended to avoid shell=True and pass arguments as a list.

[gemini-code-assist]

The script calls check_exists with a command string that includes ${BUCKET} and ${TEMP_BUCKET}. These variables are sourced from env.json and are not sanitized. The check_exists function (defined in lib/script-utils.sh) uses eval to execute the command string. An attacker who can control the values in env.json can inject arbitrary shell commands by escaping the single quotes in the command string. It is recommended to avoid using eval and to ensure variables are properly quoted and validated.

[gemini-code-assist]

The script calls check_resource_exact with command strings containing ${BUCKET} and ${TEMP_BUCKET}. check_resource_exact uses eval (defined in lib/script-utils.sh), leading to potential command injection if the variables in env.json contain shell metacharacters. It is recommended to avoid using eval and to ensure variables are properly quoted and validated.

[gemini-code-assist]

The script calls check_exists with command strings containing ${BUCKET} and ${TEMP_BUCKET}. check_exists uses eval (defined in lib/script-utils.sh), leading to potential command injection if the variables in env.json contain shell metacharacters. It is recommended to avoid using eval and to ensure variables are properly quoted and validated.

[gemini-code-assist]

The script calls check_resource_exact with command strings containing ${BUCKET} and ${TEMP_BUCKET}. check_resource_exact uses eval (defined in lib/script-utils.sh), leading to potential command injection if the variables in env.json contain shell metacharacters. It is recommended to avoid using eval and to ensure variables are properly quoted and validated.

[gemini-code-assist]

The variable ${BUCKET} is unquoted in the command execution. If ${BUCKET} contains shell metacharacters (e.g., ;), it can lead to command injection. It is recommended to always quote variables in shell scripts, e.g., gs://"${BUCKET}"/.