chore: Migrate gsutil usage to gcloud storage

[bhandarivijay-png]

Automated: Migrate {target_path} from gsutil to gcloud storage

This CL is part of the on going effort to migrate from the legacy gsutil tool to the new and improved gcloud storage command-line interface.
gcloud storage is the recommended and modern tool for interacting with Google Cloud Storage, offering better performance, unified authentication, and a more consistent command structure with other gcloud components. 🚀

Automation Details

This change was generated automatically by an agent that targets users of gsutil.
The transformations applied are based on the gsutil to gcloud storage migration guide.

⚠️ Action Required: Please Review and Test Carefully

While we have based the automation on the migration guide, every use case is unique.
It is crucial that you thoroughly test these changes in environments appropriate to your use-case before merging.
Be aware of potential differences between gsutil and gcloud storage that could impact your workflows.
For instance, the structure of command output may have changed, requiring updates to any scripts that parse it. Similarly, command behavior can differ subtly; the gcloud storage rsync command has a different file deletion logic than gsutil rsync, which could lead to unintended file deletions.

Our migration guides can help guide you through a list of mappings and some notable differences between the two tools.

Standard presubmit tests are run as part of this CL's workflow. If you need to target an additional test workflow or require assistance with testing, please let us know.

Please verify that all your Cloud Storage operations continue to work as expected to avoid any potential disruptions in production.

Support and Collaboration

The GCS CLI team is here to help! If you encounter any issues, have a complex use case that this automated change doesn't cover, or face any other blockers, please don't hesitate to reach out.
We are happy to work with you to test and adjust these changes as needed.

Contact: gcs-cli-hyd@google.com

We appreciate your partnership in this important migration effort!

#gsutil-migration

[bhandarivijay-png]

Hi @mattdangerw, Can we get your review on this PR? Thanks!

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request systematically migrates existing Google Cloud Storage operations from the deprecated gsutil command-line tool to the gcloud storage CLI. The change aims to standardize interactions with Google Cloud Storage, leveraging the benefits of the newer tool, such as better performance and integration within the gcloud ecosystem. It ensures that all relevant scripts and notebooks are aligned with Google's recommended practices for cloud storage management.

Highlights

• Migration to gcloud storage: All instances of gsutil commands across various scripts and notebooks have been updated to use the modern gcloud storage equivalent commands. This includes copy, remove, and ACL modification operations.
• Automated Change: This change was automatically generated as part of an ongoing effort to migrate from the legacy gsutil tool to the recommended gcloud storage CLI, offering improved performance and unified authentication.
• Command Syntax Updates: Specific command syntax has been adjusted to match gcloud storage conventions, such as using --recursive for directory operations and gcloud storage objects update --add-acl-grant for ACL modifications.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• keras_cv/src/tools/checkpoint_conversion/ViT_weight_conversion.ipynb
  • Replaced !gsutil cp with !gcloud storage cp for copying files.
• keras_cv/src/tools/convert_presets.py
  • Updated gsutil rm -rf to gcloud storage rm --recursive --continue-on-error for recursive deletion.
  • Updated gsutil cp -r to gcloud storage cp --recursive for recursive copying.
• shell/backbone_converters/convert_efficientnet_v2_backbones.py
  • Changed the printed gsutil cp -r command to gcloud storage cp --recursive.
• shell/weights/process_backbone_weights.sh
  • Migrated gsutil cp commands to gcloud storage cp.
  • Migrated gsutil acl ch commands to gcloud storage objects update --add-acl-grant for setting ACLs.
• shell/weights/upload_weights.sh
  • Migrated gsutil cp command to gcloud storage cp.
  • Migrated gsutil acl ch command to gcloud storage objects update --add-acl-grant for setting ACLs.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request automates the migration from gsutil to gcloud storage. However, the migration preserves and introduces several instances of shell injection vulnerabilities due to unquoted variables in shell commands and os.system calls, which could lead to arbitrary command execution. Additionally, I've identified an incomplete migration and potential issues with the syntax for setting Access Control Lists (ACLs). It is highly recommended to properly quote all shell variables, prefer subprocess.run with argument lists, and use the canonical, documented gcloud syntax.

[gemini-code-assist]

The script uses unquoted variables $WEIGHTS, $OUTPUT_WEIGHTS, and $GCS_PATH in shell commands, which can lead to command injection and word splitting issues. It is a security best practice to always wrap shell variables in double quotes. Additionally, for granting public read access, the canonical gcloud syntax --add-acl-grant=allUsers:READER should be used instead of AllUsers:R for clarity and safety.

Suggested change

	gcloud storage cp $WEIGHTS $GCS_PATH/
	gcloud storage cp $OUTPUT_WEIGHTS $GCS_PATH/
	gsutil acl ch -u AllUsers:R $GCS_PATH/$WEIGHTS
	gsutil acl ch -u AllUsers:R $GCS_PATH/$OUTPUT_WEIGHTS
	gcloud storage objects update $GCS_PATH/$WEIGHTS --add-acl-grant=AllUsers:R
	gcloud storage objects update $GCS_PATH/$OUTPUT_WEIGHTS --add-acl-grant=AllUsers:R
	gcloud storage cp "$WEIGHTS" "$GCS_PATH/"
	gcloud storage cp "$OUTPUT_WEIGHTS" "$GCS_PATH/"
	gcloud storage objects update "$GCS_PATH/$WEIGHTS" --add-acl-grant=AllUsers:R
	gcloud storage objects update "$GCS_PATH/$OUTPUT_WEIGHTS" --add-acl-grant=AllUsers:R

[gemini-code-assist]

The script uses unquoted variables $WEIGHTS and $GCS_PATH in shell commands, making it susceptible to command injection and word splitting. Always wrap shell variables in double quotes to prevent arbitrary command execution. Additionally, the canonical gcloud syntax --add-acl-grant=allUsers:READER should be used for granting public read access instead of AllUsers:R for better clarity and safety.

Suggested change

	gcloud storage cp $WEIGHTS $GCS_PATH/
	gcloud storage objects update --add-acl-grant=AllUsers:R $GCS_PATH/$WEIGHTS
	gcloud storage cp "$WEIGHTS" "$GCS_PATH/"
	gcloud storage objects update --add-acl-grant=AllUsers:R "$GCS_PATH/$WEIGHTS"

[gemini-code-assist]

The notebook uses IPython's shell execution syntax ! with an interpolated variable {path}. Since path is derived from an external CSV file (gs://vit_models/augreg/index.csv), an attacker who can modify this CSV could inject malicious shell commands. It is recommended to quote the variable to prevent shell interpolation issues.

Suggested change

	"!gcloud storage cp {path} ." ]
	"!gcloud storage cp \"{path}\" ." ]

[gemini-code-assist]

The script uses os.system with f-strings containing the preset variable. If a preset name contains shell metacharacters, it could lead to command injection. While presets are currently defined within the library, using os.system with unvalidated interpolation is a dangerous pattern. It is recommended to use subprocess.run with a list of arguments, which avoids shell interpretation.

Suggested change

	os.system(f"gcloud storage rm --recursive --continue-on-error gs://{BUCKET}/{preset}")
	os.system(f"gcloud storage cp --recursive {preset} gs://{BUCKET}/{preset}")
	subprocess.run(["gcloud", "storage", "rm", "--recursive", "--continue-on-error", f"gs://{BUCKET}/{preset}"], check=True)
	subprocess.run(["gcloud", "storage", "cp", "--recursive", preset, f"gs://{BUCKET}/{preset}"], check=True)

[gemini-code-assist]

The migration for gsutil acl ch seems to be incomplete here. The comment on line 77 appears to be incorrect, as other files in this pull request correctly migrate similar gsutil acl commands. Additionally, according to the gcloud documentation, the canonical syntax for granting public read access is --add-acl-grant=allUsers:READER. While AllUsers:R might work as an abbreviation, using the documented format is safer and more explicit.

Suggested change

	# The gsutil to gcloud migration guide does not provide a mapping for ACL role abbreviations like 'R'.
	print('`gsutil acl ch -u AllUsers:R "gs://keras-cv/models/efficientnet_v2/*"`')
	print('`gcloud storage objects update "gs://keras-cv/models/efficientnet_v2/*" --add-acl-grant=allUsers:READER`')