Version 259.0.0 of the Cloud SDK focuses on expanding authentication capabilities with service account impersonation and Compute Engine service account support for identity tokens. It also introduces Cloud KMS integration for Pub/Sub topic encryption, adds the ability to specify storage locations for Compute Engine image imports, and promotes GKE Hub commands to beta, alongside updating gsutil for Python 3.x compatibility.

Jump to: Annotated Release Notes | Stats 📊

New Features by Service

Cloud SDK

  • Updated gsutil component to be able to use Python v3.x, improving compatibility and leveraging newer Python features.
  • Added the --impersonate-service-account flag to gcloud auth print-identity-token to facilitate generating identity tokens on behalf of a specified service account, to be used in conjunction with --audiences.
    • Flags: --impersonate-service-account, --audiences
  • Added support for Compute Engine service accounts to gcloud auth print-identity-token, allowing identity tokens to be generated for these service accounts.

Cloud Pub/Sub

  • Added optional flags to gcloud pubsub topics create to support Cloud KMS integration, enabling encryption of new topics with customer-managed encryption keys (CMEK).
    • Flags: --topic-encryption-key, --topic-encryption-key-keyring, --topic-encryption-key-location, --topic-encryption-key-project

Compute Engine

  • Added the --storage-location flag to gcloud beta compute images import to allow specifying the regional or multi-regional location where the imported VM image will be stored.
    • Flags: --storage-location

GKE Hub

  • Promoted gcloud container hub commands to beta, indicating increased stability and readiness for broader use. A --version flag was added to allow specifying a specific GKE Connect version.
    • Flags: --version

Credential & Auth Changes

  • Enabled service account impersonation for identity token generation via the new --impersonate-service-account flag on gcloud auth print-identity-token.
  • Expanded gcloud auth print-identity-token to support generating identity tokens for Compute Engine service accounts.

API Changes

Cloud Pub/Sub

  • Introduced underlying API support for Cloud KMS integration with Pub/Sub topics, enabling the use of customer-managed encryption keys for topic data at rest.

Compute Engine

  • Added API capabilities to specify a storage location for imported VM images, accessible via the --storage-location flag in gcloud beta compute images import.

Cloud SDK (Auth)

  • Underlying API enhancements to support new identity token generation features, including service account impersonation and integration with Compute Engine service accounts.

Stats

  • Files changed: 261
  • Inserted lines: +7,712
  • Deleted lines: -3,676

Generated by Gemini - View full diff

Google, Google Cloud, and gcloud are trademarks of Google LLC. This analysis was automatically generated by an AI agent examining only public release artifacts, without access to internal or non-public information from Google Cloud.