Add a data entry for google_storage_bucket

[jakebiesinger-onduo]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Terraform can create buckets as resources and has a data entry for google_storage_bucket_object, allowing object metadata to be retrieved using the API. However, there is no way to look up metadata on a bucket directly without also having ownership of the bucket. In other words, there is currently no data source for google_storage_bucket.

For me, the primary use case for this data source is to be able to look up the project that a particular storage bucket belongs to. For example, say I have a module that provisions pubsub notifications on a GCS bucket:

modules/notify/variables.tf:

var gcs-bucket {}
var project-containing-bucket {}

modules/notify/main.tf:

# pubsub to publish to
resource google_pubsub_topic notifications {
  name = "gcs-notifications-${var.gcs-bucket}"
}
# the GCS notification itself
resource google_storage_notification notification {
  bucket = var.gcs-bucket
  topic  = google_pubsub_topic.notifications.id
}

# lookup the project containing our bucket
data google_storage_project_service_account source-project-gcs-account {
  project = var.project-containing-bucket 
}
# permission for the GCS service account on the bucket's host project to write to our pubsub topic
resource google_pubsub_topic_iam_member gcs-writes-to-topic {
  topic  = google_pubsub_topic.notifications.id
  role   = "roles/pubsub.publisher"
  member = "serviceAccount:${data.google_storage_project_service_account.source-project-gcs-account.email_address}
}

As a module author, I can either require that the module owns the bucket (not ideal and not always possible), or I can hope that the caller has correctly specified project-containing-bucket.

It would be much nicer to have a data source for storage buckets:

modules/notify/main.tf:

data google_storage_bucket source-bucket {
  name = var.gcs-bucket
}

then we can refer to the bucket's project:

data google_storage_project_service_account source-project-gcs-account {
  project = data.google_storage_bucket.source-bucket.project_id
}

New or Affected Resource(s)

(new) Data source:

• google_storage_bucket

Potential Terraform Configuration

# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.

data google_storage_project_service_account source-project-gcs-account {
  project = data.google_storage_bucket.source-bucket 
}

References

The relevant API is here

and since you're already doing the lookup, it would make sense to include some other output features beyond the project, likely most of the existing storage_bucket fields

[mercuriete]

I have the same necessity, how this issue is going?

thanks for your work.

[mattseymour]

Could we please have an update on this particular request / issue?

[calexandre]

We also need this feature! 👍

[webyneter]

We also do!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.