Version 242.0.0 of the Google Cloud SDK includes a critical security fix for gcloud config config-helper to prevent stale identity tokens. Cloud Composer introduces breaking changes by deprecating potentially harmful database subcommands. The release also adds new features, such as IAP Tunneling by default for Compute Engine SSH/SCP, new flags for Data Catalog, IAM service accounts, and Compute Engine image deprecation controls.

Jump to: Annotated Release Notes | Stats 📊

Breaking Changes

  • Deprecated support for the initdb, resetdb, and upgradedb subcommands within gcloud composer environments run. Execution of these subcommands can be detrimental to the Airflow metadata of existing Composer environments.

Security Updates

  • Fixed a bug in Cloud Firestore Emulator version 1.4.3 that caused parsing security rules with string literals to fail, which could potentially lead to incorrect rule enforcement. [MEDIUM]
  • Fixed a bug in gcloud config config-helper which could result in old identity tokens being used when --force-auth-refresh was not present, potentially affecting authentication and authorization. [HIGH]

New Features by Service

Cloud Data Catalog

  • Added the --lookup-entry flag to gcloud beta data-catalog entries update to update entries corresponding to the lookup of a given resource.
    • Flags: --lookup-entry

Cloud Firestore Emulator

  • Released Cloud Firestore Emulator version 1.4.4 with reduced lock contention for multiple writes on a single document and a fix for updatedAt timestamp on no-op writes.
  • Released Cloud Firestore Emulator version 1.4.3, which includes a fix for parsing security rules with string literals.

Compute Engine

  • Updated gcloud beta compute ssh and gcloud beta compute scp to use IAP Tunneling by default if an external interface/IP address is not available and --internal-ip has not been specified.
  • Added a warning message about the maximum number of nodes that a cluster can have when being created.
  • Added the --deprecate-in and --deprecate-on flags to gcloud compute images deprecate to set informational deprecate times to images.
    • Flags: --deprecate-in, --deprecate-on

Identity and Access Management

  • Added the --description flag to gcloud beta iam service-accounts create and gcloud beta iam service-accounts update.
    • Flags: --description

Kubernetes Engine

  • Renamed --size flag of gcloud container clusters resize to --num-nodes, while --size is retained as an alias for compatibility.
    • Flags: --num-nodes
  • Disabled node auto-repair and node auto-upgrade by default when the --enable-kubernetes-alpha flag is used to create clusters with Kubernetes alpha features enabled, providing more control to users.
    • Flags: --enable-kubernetes-alpha

Credential & Auth Changes

  • Fixed a bug in gcloud config config-helper which could result in old identity tokens being returned when --force-auth-refresh was not present, impacting credential freshness and authorization.

API Changes

Cloud Composer

  • Deprecated support for initdb, resetdb, and upgradedb subcommands within gcloud composer environments run, indicating an API change to discourage direct manipulation of Airflow metadata.

Cloud Data Catalog

  • Added the --lookup-entry flag to gcloud beta data-catalog entries update, implying an underlying API enhancement for updating entries based on resource lookup.

Identity and Access Management

  • Added the --description flag to gcloud beta iam service-accounts create and gcloud beta iam service-accounts update, indicating an API update to support descriptions for service accounts.

Stats

  • Files changed: 70
  • Inserted lines: +2,423
  • Deleted lines: -454

Generated by Gemini - View full diff

Google, Google Cloud, and gcloud are trademarks of Google LLC. This analysis was automatically generated by an AI agent examining only public release artifacts, without access to internal or non-public information from Google Cloud.