Google Cloud SDK version 210.0.0 introduces several breaking changes related to Container Builder command group renames and deprecations, along with changes to Kubernetes Engine cluster creation defaults. Key new features include the promotion of Compute Engine sole-tenancy commands to GA and the addition of new VPC flow logging flags for subnets. This release also includes significant groundwork for new services like Firestore and enhanced Cloud KMS capabilities, alongside various internal refactorings.

Jump to: Annotated Release Notes | Unannounced Changes 🕵️ | Stats 📊

Breaking Changes

  • Removed deprecated gcloud compute interconnects patch; users should now use gcloud compute interconnects update.
  • Deprecated the container-builder-local binary; users should transition to cloud-build-local.
  • Deprecated the gcloud container builds command group; users should transition to gcloud builds. Existing commands will work during a deprecation period.
  • Renamed the containers.build_timeout property to builds.timeout in gcloud builds.
  • Renamed the container.build_check_tag property to builds.check_tag in gcloud builds.
  • Starting in Kubernetes Engine version 1.12, gcloud container clusters create will have basic authentication and client certificate issuance disabled by default.
  • Removed automated app.yaml generation from gcloud app deploy; the deprecated gcloud beta app gen-config is still available separately.
  • The UnidentifiedDirMatcher now explicitly errors out if no app.yaml is found, instead of attempting to generate one.
  • Removed the Rsync function from StorageClient, which may affect Python code directly utilizing this SDK helper.
  • Added a warning indicating that RunGsutilCommand is not compatible with Python 3 and should no longer be used.
  • The DRYRUN_AUDIT_LOG_ONLY enum value has been removed from AdmissionRule.EnforcementModeValueValuesEnum in the Binary Authorization v1beta1 API. Existing configurations using this value may fail.
  • The Binding message in Cloud KMS API has been updated. The members field was re-indexed from 1 to 2, and the role field from 2 to 3, to accommodate a new condition field at index 1. This change could break clients relying on strict positional field indexing.
  • The Binding message in Cloud Resource Manager API has been updated. The members field was re-indexed from 1 to 2, and the role field from 2 to 3, to accommodate a new condition field at index 1. This change could break clients relying on strict positional field indexing.
  • The CryptoKeyVersion.StateValueValuesEnum in Cloud KMS API had its integer values re-indexed to introduce a new PENDING_GENERATION state. ENABLED moved from 1 to 2, DISABLED from 2 to 3, and so on. Clients relying on the integer values of these enum states may experience issues.
  • Removed HostTypesService and HostsService from the Compute Alpha API client, indicating the removal of functionality related to host types and hosts in the alpha version of the Compute API.
  • Removed generic message definitions for StatusProto, TypedMessage, and MessageSet from composer_v1.json and composer_v1beta1.json. This could be a breaking change for any client or tool directly relying on these specific schema definitions within the Composer API.
  • Removed ComputeHostTypes API endpoints and associated resource collections (HOSTTYPES, HOSTS) from the compute/alpha API.
  • Removed the VERSIONED_EXPR_UNSPECIFIED enum value from SecurityPolicyRuleMatcher.VersionedExprValueValuesEnum in the compute/beta API, which may affect clients relying on this specific value.
  • The Host object has been entirely removed from the Compute Engine alpha API, and the HttpHealthCheck object has been significantly redefined with fields removed, added, and renamed (e.g., hostType removed, host added, instances removed). This will break any client code interacting with these alpha API resources.
  • The requestId parameter has been removed from the compute.instances.start method in the Compute Engine v1 API.
  • The enum value VERSIONED_EXPR_UNSPECIFIED has been removed from SecurityPolicyRuleMatcher.versionedExpr in the Compute Engine beta API. If programmatic clients relied on this enum, it could be a breaking change.
  • Removed the bearer_token and pp (prettyPrint) fields from the StandardQueryParameters message for the Datastore v1 API. While these are typically internal query parameters, their removal could implicitly affect tooling that relied on them.
  • Removed bearer_token and pp (prettyPrint) global query parameters from the Datastore v1 API schema.

Security Updates

  • The Binding message in Cloud Tasks API now includes a condition field of type Expr, which provides groundwork for IAM Conditions. This will allow for more granular access control policies. [MEDIUM]
  • Introduced a new SecurityPolicies API (compute.securityPolicies service) in compute/v1. This enables comprehensive management of global network security policies, including methods for adding, deleting, getting, listing, patching, and removing security rules. It also allows associating security policies with backend services (compute.backendServices.setSecurityPolicy), significantly enhancing network security controls. [HIGH]
  • New SecurityPolicy resources and methods (addRule, delete, get, getRule, insert, list, patch, patchRule, removeRule) have been introduced in the Compute Engine v1 API, along with a setSecurityPolicy method for BackendService. This enables advanced security policy management, likely for Web Application Firewall (WAF) or similar features. [MEDIUM]

New Features by Service

Cloud Build

  • Renamed the container-builder-local binary to cloud-build-local (no functional changes), with initial release version 0.4.0.
  • Released initial cloud-build-local package installers for deb and RPM.

Cloud IoT

  • Promoted gcloud registries add-iam-policy-binding to beta.
  • Promoted gcloud registries remove-iam-policy-binding to beta.

Cloud Services

  • gcloud beta services disable now supports the --force option to disable dependent services.

Compute Engine

  • Promoted sole-tenancy commands to GA.
  • Promoted the --internal-ip flag of gcloud compute ssh to GA.
  • Added the list-nodes command to gcloud compute sole-tenancy node-groups for displaying node information.
  • Added the --use-serving-port flag to gcloud compute health-checks tcp create command.
  • Promoted the --enable-logging flag of gcloud compute firewall-rules create and update to beta.
  • Promoted gcloud compute networks subnets list-usable to GA.
  • Added --aggregation-interval, --flow-sampling, and --metadata flags to gcloud compute networks subnets update for configuring VPC flow logging.
    • Flags: --aggregation-interval, --flow-sampling, --metadata
    • File: flags.py:130
  • The Commitment message in compute/alpha now includes an allocations field for specifying resource allocations.
  • The SslCertificate message in compute/beta now supports managed SSL certificates, introducing new fields like expireTime, managed, selfManaged, subjectAlternativeNames, and type, along with new SslCertificateManagedSslCertificate and SslCertificateSelfManagedSslCertificate messages.
  • The compute/v1 Instances service now includes a SimulateMaintenanceEvent method to simulate maintenance events on instances.
  • The BackendService message in compute/v1 now includes a securityPolicy field to indicate the associated security policy.
  • The CustomerEncryptionKey message in compute/v1 now includes a kmsKeyName field for referencing encryption keys stored in Google Cloud KMS.
  • The Firewall message in compute/v1 now includes a disabled boolean field, allowing firewall rules to be temporarily disabled.
  • In the alpha API, Commitment resources now include an allocations field. HttpHealthCheck resources gain new configuration fields: checkIntervalSec, healthyThreshold, port, requestPath, and timeoutSec.
  • In the beta API, SslCertificate resources now support managed and self-managed configurations through new fields: expireTime, managed, selfManaged, subjectAlternativeNames, and type. New types SslCertificateManagedSslCertificate and SslCertificateSelfManagedSslCertificate have been added to facilitate this.
  • In the v1 API, BackendService resources can now be associated with a securityPolicy via the new setSecurityPolicy method. CustomerEncryptionKey now supports a kmsKeyName field. Firewall rules can be disabled. Instances gained a simulateMaintenanceEvent method.

Kubernetes Engine

  • Introduced initial CLI definitions for managing Kubernetes Managed Namespaces, including resource arguments and command logic for kubernetespolicy.projects.namespaces.
  • In the v1alpha1 API, AuthenticatorGroupsConfig now includes a securityGroup field, suggesting enhanced group authentication capabilities.

Cloud KMS

  • Added new command flags and supporting logic for advanced Cloud KMS operations, including asymmetric signing (--signature-file, --digest-algorithm), input/output files (--input-file, --output-file), specifying key protection levels (--protection-level), attestation files (--attestation-file), and default algorithms for crypto keys (--default-algorithm). This enables more granular control over key types and operations, particularly for asymmetric keys.
    • Flags: --signature-file, --input-file, --output-file, --protection-level, --attestation-file, --default-algorithm, --digest-algorithm
    • File: flags.py:196
  • Added the AsymmetricDecrypt method to CryptoKeyVersions for decrypting data encrypted with a public key.
  • Added the AsymmetricSign method to CryptoKeyVersions for signing data using a private key.
  • Added the GetPublicKey method to CryptoKeyVersions for retrieving the public key associated with an asymmetric CryptoKeyVersion.

Cloud Firestore

  • Initial API client and message definitions for Cloud Firestore, supporting v1 and v1beta1 versions, with v1beta1 set as the default.
  • Introduced the client library for the Cloud Firestore v1 API, including new message definitions and resource paths for managing projects, databases, and operations.
  • Introduction of the Cloud Firestore API, specifically adding the v1beta1 Python client library for data plane operations (defining messages and resources) and the v1 Firestore Admin API via a Discovery JSON definition, providing administrative functions and metadata schemas for index, export, and import operations.
  • Added support for the Cloud Firestore v1beta1 API, including new index management capabilities via GoogleFirestoreAdminV1beta1Index and GoogleFirestoreAdminV1beta1IndexField schemas.

Cloud Key Management Service (KMS)

  • Added comprehensive support for asymmetric keys with new ASYMMETRIC_SIGN and ASYMMETRIC_DECRYPT purposes for CryptoKey objects. This includes new API methods like AsymmetricSign, AsymmetricDecrypt, and GetPublicKey to retrieve public key material and perform asymmetric cryptographic operations.
  • Introduced support for Hardware Security Module (HSM) protected keys via a new protection_level field in CryptoKeyVersion and CryptoKeyVersionTemplate, along with KeyOperationAttestation for verifying HSM operations.
  • Added CryptoKeyVersionTemplate to specify properties for new CryptoKeyVersion instances, including algorithm and protectionLevel.

Cloud Tasks

  • Groundwork for Conditional IAM policies by adding the Binding.condition field and the Expr message type to the Cloud Tasks v2beta2 API. The Expr message represents an expression in Common Expression Language (CEL) syntax for defining conditions, although the feature is currently marked as ‘Unimplemented’.

Dataproc

  • In the v1beta2 API, Binding resources gained a condition field of type Expr, hinting at support for IAM Conditions for Dataproc policies.
  • Added condition field to the Binding resource and a new Expr resource type in the Dataproc v1beta2 API, indicating support for IAM Conditions for more granular access control.

Datastore

  • Added new API client methods and messages for managing Datastore indexes, including Get and List operations for projects.indexes resources, and messages like GoogleDatastoreAdminV1Index and GoogleDatastoreAdminV1IndexedProperty.

Firestore

  • Introduced the v1 API client and extensive message definitions for Firestore, including operations for projects.databases.operations (Cancel, Delete, Get, List) and projects.locations (Get, List).
  • Introduced the v1beta1 API client and extensive message definitions for Firestore, including operations for projects.databases.operations (Cancel, Delete, Get, List) and projects.locations (Get, List).
  • Added the client library for the Firestore v1beta1 API. This new client enables programmatic interaction with Firestore documents, including operations like BatchGet, BeginTransaction, Commit, CreateDocument, Delete, Get, List, ListCollectionIds, Listen, Patch, Rollback, RunQuery, and Write. It also allows for the management of Firestore indexes (Create, Delete, Get, List) and provides methods for ExportDocuments and ImportDocuments at the database level.

Cloud Genomics

  • Introduced the ContainerKilledEvent message to the Genomics v1, v1alpha2, and v2alpha1 APIs, providing an event for containers forcibly terminated by the worker.
  • Added a new timeout field to the Action message in the Genomics v2alpha1 API, allowing users to specify a maximum execution time for individual pipeline actions.
  • Added a new condition field of type Expr to the Binding message in the Genomics v1 API, enabling support for conditional IAM policies.
  • Introduced support for IAM policy conditions (Expr type), allowing more granular access control on resource bindings for Genomics v1 and v1alpha2 APIs.
  • Added a new ContainerKilledEvent for Genomics pipelines, reporting when a container is forcibly terminated during execution (available across v1, v1alpha2, and v2alpha1 APIs).
  • Enabled specifying a timeout duration for individual pipeline Action steps in the Genomics v2alpha1 API, allowing termination of long-running actions.

Cloud IAM

  • Introduced a new LintPolicy API method to programmatically lint and validate Cloud IAM policy objects, bindings, and conditions in the IAM v1 API.

Identity and Access Management

  • Introduced a Policy Linting API with new messages LintPolicyRequest, LintPolicyResponse, and LintResult and a new method iam.iamPolicies.lintPolicy for validating IAM policies.

Cloud Speech-to-Text

  • Added a new tags (repeated string) field to RecognitionMetadata for tagging input samples, enabling grouping logs and training AutoML models.

Credential & Auth Changes

  • Added the condition field to the Binding message (using new Expr message type) in the Cloud Genomics v1 API, providing groundwork for conditional IAM policies.

API Changes

Compute Engine

  • Added aggregation_interval, flow_sampling, and metadata parameters to MakeSubnetworkUpdateRequest for VPC flow logging configuration, aligning with new flags.
  • The compute sole-tenancy node-types list command completer has been updated to remove explicit api_version='beta', indicating a potential graduation or internal alignment with a stable API version.
  • Field numbering for the Commitment message in compute/alpha was adjusted to accommodate the new allocations field.
  • Field numbering for the SslCertificate message in compute/beta was adjusted due to the insertion of new fields for managed certificates.
  • Field numbering for the BackendService message in compute/v1 was adjusted to accommodate the new securityPolicy field.
  • Field numbering for the CustomerEncryptionKey message in compute/v1 was adjusted to accommodate the new kmsKeyName field.
  • Field numbering for the Firewall message in compute/v1 was adjusted to accommodate the new disabled field.
  • The API revision for Compute Engine alpha, beta, and v1 APIs has been updated from 20180711 to 20180724.
  • The Image.licenses description has been clarified across alpha, beta, and v1 APIs.
  • In the beta API, descriptions for InstanceGroupManagerUpdatePolicy.minimalAction and SecurityPolicy have been clarified.

Kubernetes Engine

  • Logic added to CreateCluster to set autoscaling if options.enable_autoprovisioning is specified, related to cluster autoscaling features.
  • In the v1beta1 API, descriptions for ClusterAutoscaling.enableNodeAutoprovisioning and ClusterAutoscaling.resourceLimits have been clarified.

Cloud Endpoints

  • The CreateServiceIfNew function was refactored into DoesServiceExist and CreateService to support explicit service existence checks and warn before implicit creation.

Cloud Services

  • Renamed PeerServicePermissionDeniedException to CreateConnectionsPermissionDeniedException and introduced ListConnectionsPermissionDeniedException for more specific error handling.
  • A new ListConnections function was added to interact with service networking connections, alongside updates to CreateConnection.

Cloud Composer

  • API definitions for Cloud Composer (v1beta1 to v1) were updated, aligning with the promotion of gcloud composer commands to GA.
  • Removed deprecated internal message types MessageSet, StatusProto, and TypedMessage from composer/v1 and composer/v1beta1 API messages. These were likely internal cleanup and not user-facing.
  • Removed deprecated internal message types MessageSet, StatusProto, and TypedMessage from composer/v1 and composer/v1beta1 API messages. These were likely internal cleanup and not user-facing.

Cloud Tasks

  • API client and message definitions for Cloud Tasks (v2beta2) were significantly updated, aligning with the promotion of gcloud tasks commands to beta.
  • Added a new message Expr to represent an expression text, likely for IAM Conditions. This message defines fields like description, expression, location, and title.
  • The Binding message for IAM policies in Cloud Tasks now includes a condition field of type Expr. The fields within Binding have also been reordered (previously members and role, now condition, then members, then role). The condition field is currently described as ‘Unimplemented’.
  • The Tasks.List method description now explicitly states that ‘The tasks may be returned in any order. The ordering may change at any time.’
  • Updated descriptions for various fields, clarifying behavior and limits. For example, LeaseTasksRequest.maxTasks now states that the maximum total size of a lease tasks response is 32 MB, and ListTasksRequest now explicitly notes that tasks may be returned in any order.
  • Changed HTTP method enum values from title case (e.g., HTTP Post) to uppercase (e.g., HTTP POST) in AppEngineHttpRequest.httpMethod.

Service Usage API

  • Changed the beta services list command to flatten service names using --flatten=config.name instead of --flatten=serviceName. A new ConsumerServiceLegacyCompleter was introduced, suggesting backward compatibility for the old service naming convention.

App Engine

  • Renamed references from ‘Google Cloud Container Builder’ to ‘Google Cloud Build’ in various API message and JSON schema descriptions (Deployment.cloudBuildOptions, BuildInfo).

Cloud Bigtable

Binary Authorization

  • Introduced the Expr message type and added a condition field to the Binding message for supporting IAM conditions. Also added delegationServiceAccountEmail to UserOwnedDrydockNote. The documentation URL has been updated.

Cloud Build

  • Renamed ‘Cloud Container Builder’ to ‘Cloud Build’ across API descriptions, client information, and documentation links.

Cloud IoT Core

  • Introduced the Expr message type and added an ‘unimplemented’ condition field to the Binding message for IAM conditions.

Cloud KMS

Cloud Key Management Service (KMS)

  • New message types AsymmetricDecryptRequest, AsymmetricDecryptResponse, AsymmetricSignRequest, AsymmetricSignResponse, Digest, Expr, KeyOperationAttestation, CryptoKeyVersionTemplate, PublicKey, and LocationMetadata were added to the cloudkms_v1 API.
  • Modified the CryptoKey message to include a versionTemplate field and updated descriptions for primary, nextRotationTime, and rotationPeriod to clarify behavior with different key purposes.
  • The CryptoKeyVersion message was significantly updated with new fields: algorithm, attestation, generateTime, and protectionLevel. Descriptions for CryptoKeyVersion and its states were also expanded.
  • Updated EncryptRequest message descriptions to specify size limits for plaintext and additionalAuthenticatedData based on the key version’s protection_level (SOFTWARE vs. HSM).
  • Added new query parameters view and versionView to CloudkmsProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsListRequest and CloudkmsProjectsLocationsKeyRingsCryptoKeysListRequest respectively, allowing control over the detail level in the response.
  • New RPC methods GetPublicKey, AsymmetricSign, and AsymmetricDecrypt were added under cryptoKeyVersions resource, enabling new asymmetric key functionalities.

Cloud Resource Manager

Dataproc

  • In the v1beta2 API, the members and role fields in the Binding resource have shifted their field numbers due to the addition of the condition field. Descriptions for RegexValidation.regexes, TemplateParameter (for description, fields, name), ValueValidation.values, and WorkflowTemplate.parameters have been clarified or expanded.
  • Updated descriptions for parameters, TemplateParameter, name, description, regexes, and values fields within the dataproc_v1beta2.json schema to provide more clarity on template parameters.

Datastore

  • Changed the API title from ‘Google Cloud Datastore API’ to ‘Cloud Datastore API’ in datastore_v1.json.
  • Added CREATE_INDEX and DELETE_INDEX as new OperationTypeValueValuesEnum options in GoogleDatastoreAdminV1CommonMetadata for Datastore Admin operations.

DLP

  • Expanded the description for the infoTypes field in GooglePrivacyDlpV2InspectConfig to mention the ‘ALL_BASIC’ InfoType and emphasize the need for specific InfoTypes for precise control.

Deployment Manager

  • Updated the API revision for deploymentmanager_alpha.json, deploymentmanager_v2.json, and deploymentmanager_v2beta.json to 20180720.

DNS

  • Updated the API revision for dns_v1.json, dns_v1alpha2.json, dns_v1beta1.json, dns_v1beta2.json, and dns_v2beta1.json to 20180720.

Cloud Firestore

  • Added new API client messages and resource paths for Cloud Firestore v1. This includes operations for projects, databases, and locations. The firestore_v1_messages.py file also bundles admin-related message types from v1beta1 and v1beta2 for export, import, and index management.
  • Added new resource definitions for Cloud Firestore v1, including PROJECTS, PROJECTS_DATABASES, PROJECTS_DATABASES_OPERATIONS, and PROJECTS_LOCATIONS with BASE_URL set to https://firestore.googleapis.com/v1/.
  • Added v1beta1 message definitions for Cloud Firestore, including comprehensive data structures for documents, values, queries, transactions, and various operations such as BatchGetDocumentsRequest, CommitRequest, RunQueryRequest, ListenRequest, and their respective responses. (2239 new lines)
  • Defined v1beta1 resource collections for Cloud Firestore, including PROJECTS, PROJECTS_DATABASES, PROJECTS_DATABASES_DOCUMENTS, and PROJECTS_DATABASES_INDEXES with their respective paths. (70 new lines)
  • The v1beta1 API for Cloud Firestore has been added to the SDK, including definitions for index management resources.

Firestore

  • The Google Cloud Firestore v1beta1 API client library (firestore_v1beta1_client.py) has been added to the SDK, making the Firestore v1beta1 API accessible for interaction with documents, indexes, and administrative operations.

Cloud Firestore Admin

  • Introduced the v1 Discovery API JSON for Cloud Firestore, specifying API endpoints and schemas for administrative operations. This includes schemas for locations, long-running operations, and metadata for index, export, and import operations (e.g., GoogleFirestoreAdminV1beta1IndexOperationMetadata, GoogleFirestoreAdminV1beta1ExportDocumentsMetadata, GoogleFirestoreAdminV1beta2FieldOperationMetadata). (853 new lines)

Cloud Genomics

  • Added the new ContainerKilledEvent message to Genomics v1, v1alpha2, and v2alpha1 API definitions.
  • Added the new Expr message type to the Genomics v1 API, used for defining conditions in IAM bindings.
  • The Action message in the Genomics v2alpha1 API now includes a timeout field.
  • Field order in the Binding message for Genomics v1 API was adjusted, and a condition field was added.
  • Extensive rephrasing and formatting updates (e.g., using backticks for code elements like --flag-name) were applied across various message descriptions in Genomics v1, v1alpha2, and v2alpha1 APIs for improved clarity and consistency.

Cloud Genomics (v1)

  • The Binding object in genomics_v1.json now includes a condition field (referencing the new Expr message type) to support IAM policy conditions. A new Expr message type is also defined.
  • Added the ContainerKilledEvent message type to genomics_v1.json.

Cloud Genomics (v1alpha2)

Cloud Genomics (v2alpha1)

Cloud IAM (v1)

  • Added the LintPolicy method to iam_v1_client.py and defined the iam.iamPolicies.lintPolicy API endpoint for linting IAM policies.

Identity and Access Management

  • Added an ‘unimplemented’ condition field (referencing the new Expr message type) to Binding and BindingDelta messages, and re-indexed existing fields. This lays groundwork for IAM Policy Conditions.
  • Added a new Expr message type to define expression text for conditions.

Cloud Logging

  • Updated the description for the MetricDescriptor type field to explicitly include external.googleapis.com as a valid DNS name prefix for user-defined metric types, with an example for Prometheus metrics.

Cloud ML Engine

  • Added an ‘unimplemented’ condition field (referencing the new GoogleTypeExpr message) to GoogleIamV1Binding, and re-indexed existing fields. This lays groundwork for IAM Policy Conditions.
  • Added a new GoogleTypeExpr message type to define expression text for conditions.

Cloud Pub/Sub

  • Relaxed the message payload requirements for Publish operations, removing the strict constraint that the message payload must not be empty.
  • Added an ‘unimplemented’ condition field (referencing the new Expr message type) to Binding, and re-indexed existing fields. This lays groundwork for IAM Policy Conditions.
  • Added a new Expr message type to define expression text for conditions.
  • Clarified the description for PubsubMessage and its data field, noting that data can be empty if at least one attribute is present.

Service Management

  • Updated the description for the MetricDescriptor type field to explicitly include external.googleapis.com as a valid DNS name prefix for user-defined metric types, with an example for Prometheus metrics.

Service Networking

  • Updated the description for the MetricDescriptor type field to explicitly include external.googleapis.com as a valid DNS name prefix for user-defined metric types, with an example for Prometheus metrics.

Service Usage

  • Updated the description for the MetricDescriptor type field to explicitly include external.googleapis.com as a valid DNS name prefix for user-defined metric types, with an example for Prometheus metrics.

Cloud Storage

  • Clarified the description for the Patch method on buckets by removing redundant text about patch semantics.

Cloud Tool Results

  • Added new TestIssue.CategoryValueValuesEnum values: availableDeepLinks and nonSdkApiUsageViolation, expanding the types of test issues that can be reported.

Unannounced Changes

Changes found in code but not mentioned in official release notes: 🕵️

Groundwork

  • Added entrypoint processing in AppengineApiClient to handle and remove an exec prefix for deployment, likely for App Engine Flex.
  • Implemented GetDegradedWarning in V1Adapter and V1Alpha1Adapter to provide more specific degraded cluster warnings based on cluster conditions.
  • Added new API client and utility functions for kubernetespolicy/v1alpha1 service, enabling Create, Delete, Get, and List operations for Kubernetes Namespaces.
  • Added TEST_NOT_APP_HOSTED error handling for invalid .xctestrun files in Firebase Test Lab.
  • Imported OrderedDict and used it in DiscoveryDoc.FromJson to preserve key order when loading JSON discovery documents, a minor internal tooling change.
  • Performed a major refactoring and additions to multitype.py, introducing MultitypeResourceSpec and complex logic for parsing and resolving polymorphic resource concepts.
  • Added __pycache__ to the default .gcloudignore for Python App Engine standard environment applications.
  • Refactored AddCycleFrequencyArgs to introduce a supports_weekly parameter and conditional group naming, indicating enhancements to resource policy cycle frequency definitions.
  • Made significant additions to the Cloud KMS API client and messages (v1), along with new command library utilities (get_digest.py, maps.py), indicating expanded KMS functionality.
  • Empty __init__.py files were added for container/policy and container/policy/namespaces, laying groundwork for new command groups related to container policy.
  • New module kms/get_digest.py was added, containing utility functions like GetDigest for calculating cryptographic digests (SHA256, SHA384, SHA512) of files, which is essential for KMS signing operations.
  • New module kms/maps.py was added, providing mappings for Cloud KMS algorithms, key purposes (encryption, asymmetric-signing, asymmetric-encryption), and protection levels (software, hsm), facilitating the integration of new KMS features.
  • New module command_lib/util/glob.py was created to centralize generalized globbing and ignore file parsing logic, including Glob class and helper functions (_HandleSpaces, _Unescape, GetPathPrefixes), previously embedded in gcloudignore.py.
  • New module googlecloudsdk/core/console/multiline.py was added, providing a framework (SimpleSuffixConsoleOutput, SuffixConsoleMessage) for managing and updating multiline console output with suffixes and indentation, likely for advanced interactive progress indicators.
  • Added an internal property (monitoring) for overriding Cloud Monitoring API endpoints, indicating groundwork for future monitoring features.
  • Extensive groundwork for new Compute Engine security policies has been added, including new API definitions for SecurityPolicy, SecurityPolicyList, SecurityPolicyReference, SecurityPolicyRule, SecurityPolicyRuleMatcher, and SecurityPolicyRuleMatcherConfig objects, and methods for managing them.
  • Groundwork for managed SSL certificates in Compute Engine beta API is introduced via new API definitions for SslCertificateManagedSslCertificate and SslCertificateSelfManagedSslCertificate objects.
  • Groundwork for IAM Conditions in Dataproc is introduced with the new Expr class and the condition field in the Binding resource.
  • Added _CLIENT_ID and _CLIENT_SECRET attributes to the generated FirestoreV1 client.
  • Added _CLIENT_ID and _CLIENT_SECRET attributes to the generated FirestoreV1beta1 client.
  • Added new package markers __init__.py files for firestore and its v1 and v1beta1 subdirectories, preparing for the new API integration.
  • New generated message classes (firestore_v1_messages.py) and resource definitions (resources.py) for the Cloud Firestore v1 API client have been added, laying the groundwork for v1 command-line interface features.
  • The full firestore_v1beta1_client.py file was added, providing programmatic access to the Firestore v1beta1 API, including client classes and methods for managing Firestore documents and indexes, as well as export/import operations. This is foundational for supporting Firestore v1beta1 commands in the SDK.
  • The new FirestoreV1beta1 client defines API access scopes (_SCOPES) including https://www.googleapis.com/auth/cloud-platform and https://www.googleapis.com/auth/datastore.
  • Complete addition of the Cloud Firestore v1beta1 API client library (message classes, resource definitions) and the v1 Firestore Admin API Discovery JSON, laying the groundwork for full Cloud Firestore support in the SDK. This is a significant internal addition not covered by official release notes.
  • New v1beta1 API definitions for Cloud Firestore were added, including index administration capabilities.
  • A new ContainerKilledEvent message was introduced in the Cloud Genomics APIs (v1, v1alpha2, v2alpha1) for tracking forcibly terminated containers.
  • Groundwork for conditional IAM policies in Cloud Genomics v1 API was laid by adding a condition field to the Binding message and introducing the Expr message type.
  • Added resource path definitions for projects and projects.indexes for the datastore/v1 API in the API generation configuration.
  • Added configuration entries for firestore/v1beta1 (marked as default) and firestore/v1 APIs, enabling their generation within the SDK.

Refactoring

  • Removed resource registry entries for compute.hosts and compute.hostTypes, likely a refactoring related to sole-tenancy commands promotion.
  • Updated a prompt message in daisy_utils.py from ‘Google Cloud Container Builder service’ to ‘Google Cloud Build service’, reflecting rebranding.
  • Removed redundant Http() helper function from api_lib/container/images/util.py, now directly using http.Http() for transport.
  • Improved PrintWorkflowMetadata in Dataproc to correctly handle workflow templates, including those instantiated inline without explicit IDs.
  • Clarified the ALPHA release track description in calliope/base.py regarding API permission errors and early access requirements.
  • Added IS_COMMAND_GROUP = True and IS_COMMAND = True attributes to Group and Command base classes respectively for explicit identification.
  • Updated _ImplementationsFromModule to use the new IS_COMMAND and IS_COMMAND_GROUP attributes for identifying commands and groups, improving modularity.
  • Refined the regex in MarkdownGenerator for processing quoted strings, affecting how user input is rendered in markdown.
  • Added from __future__ imports to container/constants.py for Python 2/3 compatibility.
  • Removed .encode('utf8') when writing instances to stdin in ml_engine/local_utils.py, likely a Python 2/3 compatibility fix or adjustment to stdin’s expected input type.
  • Added property: spanner/instance to the instance attribute in spanner/resources.yaml for better integration with core properties, and renamed the internal YAML anchor from &repository to &database for clarity.
  • Refactored concept parsing logic in command_lib/util/concepts/info_holders.py by introducing _IsPluralArg to improve how plural arguments are handled for resource arguments.
  • Major refactoring of command_lib/util/concepts/presentation_specs.py, renaming MultitypeConceptPresentationSpec to MultitypeResourcePresentationSpec and updating GetFlagName to prioritize the presentation name for anchor flags, improving flag generation logic for multitype resource arguments.
  • Extensive refactoring of the ignore file parsing logic: command_lib/util/gcloudignore.py now delegates core glob matching, space handling, and unescaping to a new dedicated command_lib/util/glob.py module, simplifying the gcloudignore implementation.
  • Introduced a _display_width_cache in googlecloudsdk/core/console/console_attr.py and implemented caching for DisplayWidth calculations, optimizing performance for console output.
  • Significant refactoring of the SDK’s progress tracking logic, introducing _BaseProgressTracker, _NormalProgressTracker, and _NonInteractiveProgressTracker classes, along with integration of a new multiline module for improved console output in interactive and non-interactive environments.
  • Internal refactoring in session_capturer.py to use io.open instead of builtins.open for file operations, likely for improved compatibility.
  • Updated numerous App Engine documentation URLs within AppEngineHttpTarget and AppEngineRouting descriptions from relative paths to absolute https://cloud.google.com/appengine/docs/... URLs.
  • The PubsubMessage description was clarified from ‘payload must not be empty’ to ‘message must contain either a non-empty data field or at least one attribute’.
  • The DOCS_URL for Cloud Scheduler was updated from https://cloud.google.com/cloud-scheduler/ to https://cloud.google.com/scheduler/.
  • Updated numerous documentation links across Cloud Scheduler and Cloud Tasks API definitions from relative paths (e.g., /appengine/docs/...) to absolute HTTPS URLs (e.g., https://cloud.google.com/appengine/docs/...). This impacts cloudscheduler_v1alpha1.json, cloudtasks/v2beta2/cloudtasks_v2beta2_client.py, and cloudtasks/v2beta2/cloudtasks_v2beta2_messages.py.
  • Minor rewording in AppEngineRouting descriptions for service, version, and instance in cloudscheduler_v1alpha1.json.
  • Minor rewording and clarification in PubsubMessage and PubsubMessage.data descriptions in cloudscheduler_v1alpha1.json.
  • Removed specific API object links from task size descriptions in cloudtasks/v2beta2/cloudtasks_v2beta2_client.py, simplifying the text.
  • Changed HTTP method enum values from HTTP Post, HTTP Get, etc., to HTTP POST, HTTP GET, etc. (uppercase) in AppEngineHttpRequest.HttpMethodValueValuesEnum.
  • Simplified descriptions for TaskStatus.attemptResponseCount, TaskStatus.firstAttemptStatus, and TaskStatus.lastAttemptStatus by replacing explicit API object references with ‘pull tasks’.
  • Numerous documentation links in the Cloud Tasks v2beta2 API definitions were updated from relative paths or non-HTTPS URLs to fully qualified https://cloud.google.com URLs, improving consistency and reliability of references.
  • Minor punctuation update in the nextPageToken description.
  • Minor HTML tag update (from <b> to <strong>) within the updateMask description for the Composer v1 API.
  • Minor formatting change: added a newline at the end of composer_v1.json and composer_v1beta1.json.
  • Updated the description for the licenses field in the Disk message in both compute/beta and compute/v1 APIs for clarity.
  • Fixed a markdown rendering tag (code>) in the description for the minimalAction field in InstanceGroupManagerUpdatePolicy in compute/beta messages.
  • Updated the resource comment for SecurityPolicy in compute/beta messages to reflect its availability in v1.securityPolicies.
  • Added a package marker file for firestore/v1beta1 (__init__.py), indicating a restructuring or further modularization of the Firestore API definitions within the SDK.
  • Numerous descriptions and formatting (e.g., consistent use of backticks for code elements) were updated across Cloud Genomics API message definitions to enhance clarity and consistency.
  • Numerous documentation and description string updates for improved clarity and consistent formatting across genomics_v1.json, genomics_v1alpha2.json, and genomics_v2alpha1.json.
  • Updated the API revision date for replicapoolupdater_v1beta1.
  • Updated the API revision date for sqladmin_v1beta4.
  • Updated the API revision date for storage_v1.
  • Updated the API revision date for toolresults_v1beta3.

Other

  • MakeVmMaintenancePolicy was modified to only configure dailyMaintenanceWindow, effectively removing weeklyMaintenanceWindow for VM maintenance policies.

Hidden Feature

  • Added full API definitions for Firestore (v1 and v1beta1), including new clients, messages, and resource definitions, indicating introduction of Firestore API support.
  • The Action message in Cloud Genomics v2alpha1 API gained a timeout field to specify execution limits for pipeline actions.
  • Introduction of Expr message type and condition field in google-cloud-sdk/lib/googlecloudsdk/third_party/apis/genomics_v1.json to support IAM policy conditions.
  • Addition of ContainerKilledEvent message type in google-cloud-sdk/lib/googlecloudsdk/third_party/apis/genomics_v1.json, genomics_v1alpha2.json, and genomics_v2alpha1.json.
  • Addition of timeout field to Action message in google-cloud-sdk/lib/googlecloudsdk/third_party/apis/genomics_v2alpha1.json.
  • New LintPolicy method added to google-cloud-sdk/lib/googlecloudsdk/third_party/apis/iam/v1/iam_v1_client.py.

Other

  • The DEGRADED_WARNING message in container commands was updated to be more specific, including cluster_name and cluster_degraded_warning placeholders.
  • The AddEnableAutoRepairFlag in container commands now includes more detailed help text for create operations, clarifying that node autorepair is enabled by default for node pools using COS as a base image.

Stats

  • Files changed: 155
  • Inserted lines: +20,417
  • Deleted lines: -10,929

Generated by Gemini - View full diff

Google, Google Cloud, and gcloud are trademarks of Google LLC. This analysis was automatically generated by an AI agent examining only public release artifacts, without access to internal or non-public information from Google Cloud.