chore: Migrate gsutil usage to gcloud storage

[gurusai-voleti]

Automated: Migrate {target_path} from gsutil to gcloud storage

This CL is part of the on going effort to migrate from the legacy gsutil tool to the new and improved gcloud storage command-line interface.
gcloud storage is the recommended and modern tool for interacting with Google Cloud Storage, offering better performance, unified authentication, and a more consistent command structure with other gcloud components. 🚀

Automation Details

This change was generated automatically by an agent that targets users of gsutil.
The transformations applied are based on the gsutil to gcloud storage migration guide.

⚠️ Action Required: Please Review and Test Carefully

While we have based the automation on the migration guide, every use case is unique.
It is crucial that you thoroughly test these changes in environments appropriate to your use-case before merging.
Be aware of potential differences between gsutil and gcloud storage that could impact your workflows.
For instance, the structure of command output may have changed, requiring updates to any scripts that parse it. Similarly, command behavior can differ subtly; the gcloud storage rsync command has a different file deletion logic than gsutil rsync, which could lead to unintended file deletions.

Our migration guides can help guide you through a list of mappings and some notable differences between the two tools.

Standard presubmit tests are run as part of this CL's workflow. If you need to target an additional test workflow or require assistance with testing, please let us know.

Please verify that all your Cloud Storage operations continue to work as expected to avoid any potential disruptions in production.

Support and Collaboration

The GCS CLI team is here to help! If you encounter any issues, have a complex use case that this automated change doesn't cover, or face any other blockers, please don't hesitate to reach out.
We are happy to work with you to test and adjust these changes as needed.

Contact: [email protected]

We appreciate your partnership in this important migration effort!

#gsutil-migration

[gurusai-voleti]

Hi @ashmeenkaur, Can we get your review on this PR? Thanks!

[gemini-code-assist]

Summary of Changes

Hello @gurusai-voleti, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request automates the migration from the legacy gsutil command-line tool to the modern gcloud storage interface across the codebase. This change is part of an ongoing effort to standardize on gcloud storage for its improved performance, unified authentication, and consistent command structure within the Google Cloud ecosystem. The changes involve updating various scripts and documentation to use the new command syntax, including recursive copy and remove operations. While automated, careful review and testing are crucial due to potential subtle behavioral differences between the two tools, as highlighted in the PR description.

Highlights

• Migration to gcloud storage: All instances of gsutil commands have been migrated to their gcloud storage equivalents across documentation and various scripts.
• Command Syntax Updates: The cp -r command has been updated to cp --recursive, and rm -r to rm --recursive to align with gcloud storage syntax. The ls command has also been updated to gcloud storage ls.
• Tool Version Checks: Scripts that previously checked for gsutil installation now check for gcloud using gcloud -v.
• Documentation and Script Examples: Examples and command snippets in docs/semantics.md, perfmetrics/scripts/README.md, and perfmetrics/scripts/ls_metrics/README.md have been updated to reflect the gcloud storage usage.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request automatically migrates gsutil commands to gcloud storage. The changes are generally correct and follow the migration guide. I've identified a few instances where shell=True is used with subprocess calls, which poses a security risk of command injection, especially since parts of the commands are constructed from configuration files. I've provided suggestions to refactor these calls to be more secure by avoiding shell=True.

[gemini-code-assist]

Using shell=True with Popen and string formatting can lead to shell injection vulnerabilities if destination_blob_name contains malicious characters from the config file. It's safer to pass arguments as a list and avoid shell=True. You can use an f-string with a trailing slash on the source directory to copy its contents recursively, which avoids shell globbing.

Suggested change

	process = Popen(
	'gsutil -m cp -r {}/* {}'.format(TEMPORARY_DIRECTORY,
	'gcloud storage cp --recursive {}/* {}'.format(TEMPORARY_DIRECTORY,
	destination_blob_name),
	shell=True)
	process = Popen([
	'gcloud', 'storage', 'cp', '--recursive',
	f'{TEMPORARY_DIRECTORY}/', destination_blob_name
	],
	shell=False)

[gemini-code-assist]

Using shell=True with subprocess.check_output and string formatting can lead to shell injection vulnerabilities if path contains malicious characters from the config file. It's safer to pass arguments as a list and set shell=False.

Suggested change

	contents = subprocess.check_output(
	'gsutil -m ls {}'.format(path), shell=True)
	'gcloud storage ls {}'.format(path), shell=True)
	contents = subprocess.check_output(
	['gcloud', 'storage', 'ls', path], shell=False)

[gemini-code-assist]

Using shell=True with subprocess.call and string formatting can lead to shell injection vulnerabilities if directory_structure.name contains malicious characters from the config file. It's safer to pass arguments as a list and set shell=False. The * wildcard will be interpreted by gcloud itself.

Suggested change

	subprocess.call(
	'gsutil -m rm -r gs://{}/*'.format(directory_structure.name),
	'gcloud storage rm --recursive gs://{}/*'.format(directory_structure.name),
	shell=True, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)
	subprocess.call(
	['gcloud', 'storage', 'rm', '--recursive', f'gs://{directory_structure.name}/*'],
	shell=False, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT)