492.0.0 release

google-cloud-sdk/RELEASE_NOTES

@@ -5,6 +5,113 @@ Copyright 2014-2024 Google Inc. All rights reserved.
 Subscribe to these release notes at [https://groups.google.com/forum/#!forum/google-cloud-sdk-announce](https://groups.google.com/forum/#!forum/google-cloud-sdk-announce).
 
 
+## 492.0.0 (2024-09-10)
+
+### Anthos Multi-Cloud
+
+* Added `--security-posture` flag to `gcloud container attached clusters` to
+  set the mode of the Kubernetes security posture API's off-cluster features.
+
+### Artifact Registry
+
+* Supported `--filter` and `--sort-by` on resource list apis.
+* Added update commands for annotations on Files, Packages and Package Versions.
+
+### Assured Workloads
+
+*   Added `SOVEREIGN_CONTROLS_BY_SIA_MINSAIT` and `SOVEREIGN_CONTROLS_BY_PSN`
+     as options for `--partner` flag of `gcloud assured workloads create` for
+     both beta and GA.
+*   Added support for the following Compliance Regimes for
+     `gcloud assured workloads create`: `AU_REGIONS_AND_US_SUPPORT`,
+     `ISR_REGIONS`, `ISR_REGIONS_AND_SUPPORT`, `CA_PROTECTED_B`, `IL5`, `IL2`,
+     `JP_REGIONS_AND_SUPPORT`,
+     `KSA_REGIONS_AND_SUPPORT_WITH_SOVEREIGNTY_CONTROLS`, and
+     `REGIONAL_CONTROLS`.
+*   The `gcloud assured workloads create` command will now automatically receive
+     new Compliance Regime and Partner options as they are added to the Assured
+     Workloads API.
+
+### Cloud Filestore
+
+* Added `--deletion-protection` and `--deletion-protection-reason` flags to
+  `gcloud filestore instances create`.
+* Added
+  `--deletion-protection`, `--no-deletion-protection` and
+  `--deletion-protection-reason` flags to `gcloud filestore instances update`.
+
+### Cloud Functions
+
+* Changed `gcloud functions deploy` to deploy _new_ functions via
+  Cloud Functions (2nd gen) by default. 1st gen
+  functions can still be created by specifying `--no-gen2` or by setting the
+  `functions/gen2` property to `off`. This change will be applied in the GA
+  release track to match beta and alpha.
+
+### Cloud NetApp
+
+* Added `--zone` and `--replica-zone` flag to `gcloud netapp [volumes|storage-pools] create` commands.
+
+### Cloud Run
+
+* Promoted `gcloud run services logs read` and `gcloud run jobs logs read` to GA.
+
+### Cloud SQL
+
+* Added `--server_ca_mode` flag to `gcloud beta sql instances create` for
+    creation of instances using CAS server CA.
+* Added `sql ssl server_certs` group for CAS server cert management and
+    rotation with the commands `create`, `list`, `rotate`, and `rollback`.
+
+### Colab Enterprise
+
+*   Fixed output in `gcloud beta colab-enterprise runtime-templates` commands
+    involving LROs to correctly show resource name rather than operation name.
+
+### Compute Engine
+
+* Promoting `--turbo-mode` in `gcloud compute instances create` to beta. It lets
+instances run at supported turbo frequency. Only supported on C4 VM families
+with possible value "ALL_CORE_MAX".
+
+### Database Migration
+
+* Added `--username` and `--password` flags to `gcloud database-migration connection-profiles create sqlserver`.
+* Added `gcloud database-migrate connection-profiles test` to validate a Database Migration Service connection profile.
+
+### GKE Hub
+
+* Removed `--description` flag of `gcloud beta container fleet memberships create`.
+
+### Kubernetes Engine
+
+* Updates default kubectl from 1.28.12 to 1.29.8.
+* Additional kubectl versions:
+  * kubectl.1.27 (1.27.16)
+  * kubectl.1.28 (1.28.13)
+  * kubectl.1.29 (1.29.8)
+  * kubectl.1.30 (1.30.4)
+  * kubectl.1.31 (1.31.0)
+* Added `--accelerators` flag to `gcloud container node-pools update` to enable accelerator config update on nodepools.
+
+### Network Management
+
+* Added `gcloud beta network-management vpc-flow-logs-configs` command group
+ which is manage the VPC Flow Logs configurations.
+
+### Network Security
+
+*   New commands for network-security resources - AuthzPolicy.
+*   Added `security-profiles custom-mirroring` commands to manage custom mirroring security profiles and promoted them to beta.
+
+### Service Extensions
+
+* New commands for service-extensions resources - AuthzExtensions.
+
+
+Subscribe to these release notes at [https://groups.google.com/forum/#!forum/google-cloud-sdk-announce](https://groups.google.com/forum/#!forum/google-cloud-sdk-announce).
+
+
 ## 491.0.0 (2024-09-04)
 
 ### Breaking Changes

google-cloud-sdk/lib/googlecloudsdk/api_lib/ai/endpoints/client.py

@@ -270,10 +270,10 @@ def Get(self, endpoint_ref):
     )
     return self.client.projects_locations_endpoints.Get(req)
 
-  def List(self, location_ref):
+  def List(self, location_ref, filter_str=None):
     """Lists endpoints in the project."""
     req = self.messages.AiplatformProjectsLocationsEndpointsListRequest(
-        parent=location_ref.RelativeName()
+        parent=location_ref.RelativeName(), filter=filter_str
     )
     return list_pager.YieldFromList(
         self.client.projects_locations_endpoints,

google-cloud-sdk/lib/googlecloudsdk/api_lib/artifacts/filter_rewriter.py

@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*- #
+# Copyright 2024 Google LLC. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Artifact resource filter expression rewrite backend.
+
+Refer to the core.resource.resource_expr_rewrite docstring for expression
+rewrite details.
+"""
+
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import unicode_literals
+
+from googlecloudsdk.core.resource import resource_expr_rewrite
+
+
+class Rewriter(resource_expr_rewrite.Backend):
+  """Artifact resource filter expression rewriter backend.
+
+  Rewriter is used for all artifacts resources List APIs where filtering on
+  annotations and name is done only in the server side.
+  """
+
+  def Rewrite(self, expression, defaults=None):
+    if expression:
+      if expression.startswith("annotations") or expression.startswith("name="):
+        return None, expression
+    return expression, None

google-cloud-sdk/lib/googlecloudsdk/api_lib/assured/message_util.py

@@ -19,7 +19,38 @@
 from __future__ import unicode_literals
 
 from googlecloudsdk.api_lib.assured import util
-from googlecloudsdk.calliope.base import ReleaseTrack
+from googlecloudsdk.calliope import base as calliope_base
+from googlecloudsdk.command_lib.util.apis import arg_utils
+from googlecloudsdk.generated_clients.apis.assuredworkloads.v1 import assuredworkloads_v1_messages
+from googlecloudsdk.generated_clients.apis.assuredworkloads.v1beta1 import assuredworkloads_v1beta1_messages
+
+ReleaseTrack = calliope_base.ReleaseTrack
+
+V1ComplianceRegimes = (
+    assuredworkloads_v1_messages.GoogleCloudAssuredworkloadsV1Workload.ComplianceRegimeValueValuesEnum
+)
+V1beta1ComplianceRegimes = (
+    assuredworkloads_v1beta1_messages.GoogleCloudAssuredworkloadsV1beta1Workload.ComplianceRegimeValueValuesEnum
+)
+
+compliance_regimes_enum = {
+    ReleaseTrack.GA: V1ComplianceRegimes,
+    ReleaseTrack.BETA: V1beta1ComplianceRegimes,
+    ReleaseTrack.ALPHA: V1beta1ComplianceRegimes,
+}
+
+V1Partners = (
+    assuredworkloads_v1_messages.GoogleCloudAssuredworkloadsV1Workload.PartnerValueValuesEnum
+)
+V1beta1Partners = (
+    assuredworkloads_v1beta1_messages.GoogleCloudAssuredworkloadsV1beta1Workload.PartnerValueValuesEnum
+)
+
+partners_enum = {
+    ReleaseTrack.GA: V1Partners,
+    ReleaseTrack.BETA: V1beta1Partners,
+    ReleaseTrack.ALPHA: V1beta1Partners,
+}
 
 
 def GetMessages(release_track):
@@ -114,11 +145,13 @@ def CreateAssuredWorkload(
   if labels:
     workload.labels = CreateLabels(labels, workload_message)
   if compliance_regime:
-    workload.complianceRegime = (
-        workload_message.ComplianceRegimeValueValuesEnum(compliance_regime)
+    workload.complianceRegime = arg_utils.ChoiceToEnum(
+        compliance_regime, compliance_regimes_enum[release_track]
     )
   if partner:
-    workload.partner = workload_message.PartnerValueValuesEnum(partner)
+    workload.partner = arg_utils.ChoiceToEnum(
+        partner, partners_enum[release_track]
+    )
   if partner_services_billing_account:
     workload.partnerServicesBillingAccount = partner_services_billing_account
   if partner_permissions:

google-cloud-sdk/lib/googlecloudsdk/api_lib/colab_enterprise/util.py

@@ -14,6 +14,7 @@
 # limitations under the License.
 """A library that is used to support trace commands."""
 
+from apitools.base.py import encoding
 from googlecloudsdk.api_lib.util import apis as core_apis
 from googlecloudsdk.core import log
 
@@ -54,6 +55,7 @@ def WaitForOpMaybe(
     kind,
     asynchronous=False,
     message=None,
+    resource=None,
 ):
   """Waits for an operation if asynchronous flag is off.
 
@@ -64,26 +66,33 @@ def WaitForOpMaybe(
     op_ref: The operation reference to the operation resource. It's the result
       by calling resources.REGISTRY.Parse
     log_method: Logging method used for operation.
-    kind: str, the resource kind (eg runtime template), which will
-      be passed to logging function.
+    kind: str, the resource kind (eg runtime template), which will be passed to
+      logging function.
     asynchronous: bool, whether to wait for the operation or return immediately
     message: str, the message to display while waiting for the operation.
+    resource: str, name of the resource the operation is acting on
 
   Returns:
     The result of the operation if asynchronous is true, or the Operation
       message otherwise.
   """
   logging_function = {
       'create': log.CreatedResource,
-      'delete': log.DeletedResource
+      'delete': log.DeletedResource,
   }
   if asynchronous:
     logging_function[log_method](resource=op.name, kind=kind, is_async=True)
     return op
   # Using AIPlatform API lib to wait since the poller in gcloud sdk operations
   # lib doesn't support simple_uri.
-  response = operations_client.WaitForOperation(
+  response_msg = operations_client.WaitForOperation(
       op, op_ref, message=message
   ).response
-  logging_function[log_method](resource=op.name, kind=kind, is_async=False)
-  return response
+  if response_msg is not None:
+    response = encoding.MessageToPyValue(response_msg)
+    if 'name' in response:
+      resource = response['name']
+  logging_function[log_method](
+      resource=resource, kind=kind, is_async=False
+  )
+  return response_msg

google-cloud-sdk/lib/googlecloudsdk/api_lib/compute/vpn_gateways/vpn_gateways_utils.py

@@ -198,7 +198,8 @@ def List(self, project, filter_expr):
     next_page_token = None
     while True:
       request = self._messages.ComputeVpnGatewaysAggregatedListRequest(
-          project=project, filter=filter_expr, pageToken=next_page_token)
+          project=project, filter=filter_expr, pageToken=next_page_token,
+          returnPartialSuccess=True)
       response = self._service.AggregatedList(request)
       next_page_token = response.nextPageToken
       for scoped_vpn_gateways in response.items.additionalProperties:

google-cloud-sdk/lib/googlecloudsdk/api_lib/compute/vpn_tunnels/vpn_tunnels_utils.py

@@ -202,7 +202,8 @@ def List(self, project, filter_expr):
     next_page_token = None
     while True:
       request = self._messages.ComputeVpnTunnelsAggregatedListRequest(
-          project=project, filter=filter_expr, pageToken=next_page_token)
+          project=project, filter=filter_expr, pageToken=next_page_token,
+          returnPartialSuccess=True)
       response = self._service.AggregatedList(request)
       next_page_token = response.nextPageToken
       for scoped_vpn_tunnels in response.items.additionalProperties: