Migrate gsutil usage to gcloud storage #4327
Conversation
Summary of ChangesHello @googlyrahman, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request implements an automated migration of Google Cloud Storage command-line interactions from the legacy Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
|
Hi @gericdong, Can we get your review on this PR? Thanks! |
There was a problem hiding this comment.
Code Review
This pull request contains an automated migration from gsutil to gcloud storage. Overall, the migration looks good, but there are a few areas that need attention. I've identified an incorrect migration of gsutil copy which was replaced by a TODO comment instead of the correct gcloud storage cp command. Additionally, there are several instances where the migration of gsutil iam ch to gcloud storage buckets add-iam-policy-binding has resulted in inconsistent quoting for --member and --role arguments. I've added specific comments and suggestions to address these issues for improved robustness and correctness.
| "\n", | ||
| "! gsutil copy $PUBLIC_TRAINING_DATASET $TRAINING_URI\n", | ||
| "\n", | ||
| "# TODO: Command \"gsutil copy\" not found in migration guide. Manual review required.\n", "\n", |
There was a problem hiding this comment.
The gsutil copy command was not migrated correctly. It should be replaced with gcloud storage cp, as copy is an alias for cp in gsutil.
! gcloud storage cp $PUBLIC_TRAINING_DATASET $TRAINING_URI\n
| "! gsutil iam ch serviceAccount:{SERVICE_ACCOUNT}:roles/storage.objectViewer $BUCKET_URI" | ||
| ] | ||
| # Note: Migrating scripts using gsutil iam ch is more complex than get or set. You need to replace the single iam ch command with a series of gcloud storage bucket add-iam-policy-binding and/or gcloud storage bucket remove-iam-policy-binding commands, or replicate the read-modify-write loop. | ||
| "! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.objectViewer" ] |
There was a problem hiding this comment.
For consistency with the command on line 628 and to prevent potential shell parsing issues, it's recommended to quote the values for the --member and --role arguments.
! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=\"serviceAccount:{SERVICE_ACCOUNT}\" --role=\"roles/storage.objectViewer\"
| "# Provision permissions to the SERVICE_ACCOUNT with the GCS bucket\n", | ||
| "! gsutil iam ch serviceAccount:{SERVICE_ACCOUNT}:roles/storage.admin $BUCKET_NAME\n", | ||
| "\n", | ||
| "! gcloud storage buckets add-iam-policy-binding $BUCKET_NAME --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.admin\n", "\n", |
There was a problem hiding this comment.
It's a good practice to quote the values for --member and --role to avoid potential shell expansion issues and ensure the command is robust.
! gcloud storage buckets add-iam-policy-binding $BUCKET_NAME --member=\"serviceAccount:{SERVICE_ACCOUNT}\" --role=\"roles/storage.admin\"\n
| "source": [ | ||
| "! gsutil iam ch serviceAccount:{SERVICE_ACCOUNT}:roles/storage.objectCreator {BUCKET_URI}\n", | ||
| "# Note: Migrating scripts using gsutil iam ch is more complex than get or set. You need to replace the single iam ch command with a series of gcloud storage bucket add-iam-policy-binding and/or gcloud storage bucket remove-iam-policy-binding commands, or replicate the read-modify-write loop.\n", | ||
| "! gcloud storage buckets add-iam-policy-binding {BUCKET_URI} --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.objectCreator\n", |
There was a problem hiding this comment.
For robustness, it's recommended to quote the values for --member and --role arguments to prevent potential shell parsing issues.
! gcloud storage buckets add-iam-policy-binding {BUCKET_URI} --member=\"serviceAccount:{SERVICE_ACCOUNT}\" --role=\"roles/storage.objectCreator\"\n
| "\n", | ||
| "! gsutil iam ch serviceAccount:{SERVICE_ACCOUNT}:roles/storage.objectViewer {BUCKET_URI}" | ||
| ] | ||
| "! gcloud storage buckets add-iam-policy-binding {BUCKET_URI} --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.objectViewer" ] |
There was a problem hiding this comment.
For robustness and consistency, it's recommended to quote the values for --member and --role arguments to prevent potential shell parsing issues.
! gcloud storage buckets add-iam-policy-binding {BUCKET_URI} --member=\"serviceAccount:{SERVICE_ACCOUNT}\" --role=\"roles/storage.objectViewer\"
| "! gsutil iam ch serviceAccount:{SERVICE_ACCOUNT}:roles/storage.objectViewer $BUCKET_URI" | ||
| ] | ||
| "# Note: Migrating scripts using gsutil iam ch is more complex than get or set. You need to replace the single iam ch command with a series of gcloud storage bucket add-iam-policy-binding and/or gcloud storage bucket remove-iam-policy-binding commands, or replicate the read-modify-write loop.\n", | ||
| "! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.objectCreator\n", "\n", |
There was a problem hiding this comment.
It's recommended to quote the values for --member and --role arguments for robustness and to prevent potential shell parsing issues.
! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=\"serviceAccount:{SERVICE_ACCOUNT}\" --role=\"roles/storage.objectCreator\"\n
| "# Note: Migrating scripts using gsutil iam ch is more complex than get or set. You need to replace the single iam ch command with a series of gcloud storage bucket add-iam-policy-binding and/or gcloud storage bucket remove-iam-policy-binding commands, or replicate the read-modify-write loop.\n", | ||
| "! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.objectCreator\n", "\n", | ||
| # Note: Migrating scripts using gsutil iam ch is more complex than get or set. You need to replace the single iam ch command with a series of gcloud storage bucket add-iam-policy-binding and/or gcloud storage bucket remove-iam-policy-binding commands, or replicate the read-modify-write loop. | ||
| "! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=serviceAccount:{SERVICE_ACCOUNT} --role=roles/storage.objectViewer" ] |
There was a problem hiding this comment.
For robustness and consistency, it's recommended to quote the values for --member and --role arguments to prevent potential shell parsing issues.
! gcloud storage buckets add-iam-policy-binding $BUCKET_URI --member=\"serviceAccount:{SERVICE_ACCOUNT}\" --role=\"roles/storage.objectViewer\"
Automated: Migrate paths from gsutil to gcloud storage
This CL is part of the on going effort to migrate from the legacy
gsutiltool to the new and improvedgcloud storagecommand-line interface.gcloud storageis the recommended and modern tool for interacting with Google Cloud Storage, offering better performance, unified authentication, and a more consistent command structure with othergcloudcomponents. 🚀Automation Details
This change was generated automatically by an agent that targets users of
gsutil.The transformations applied are based on the gsutil to gcloud storage migration guide.
While we have based the automation on the migration guide, every use case is unique.
It is crucial that you thoroughly test these changes in environments appropriate to your use-case before merging.
Be aware of potential differences between
gsutilandgcloud storagethat could impact your workflows.For instance, the structure of command output may have changed, requiring updates to any scripts that parse it. Similarly, command behavior can differ subtly; the
gcloud storage rsynccommand has a different file deletion logic thangsutil rsync, which could lead to unintended file deletions.Our migration guides can help guide you through a list of mappings and some notable differences between the two tools.
Standard presubmit tests are run as part of this CL's workflow. If you need to target an additional test workflow or require assistance with testing, please let us know.
Please verify that all your Cloud Storage operations continue to work as expected to avoid any potential disruptions in production.
Support and Collaboration
The
GCS CLIteam is here to help! If you encounter any issues, have a complex use case that this automated change doesn't cover, or face any other blockers, please don't hesitate to reach out.We are happy to work with you to test and adjust these changes as needed.
Contact:
gcs-cli-hyd@google.comWe appreciate your partnership in this important migration effort!
cc: @sushantkhanna