Want to deploy a storage bucket with public readable storage object permission in GCP using terraform

Question

I created a terraform file to create a Google Storage bucket with public readable Storage object permission. I am able to deploy the Storage bucket but can't assign the proper ACL against my template, I found some errors for ACL part.

provider "google-beta" {
  project = "${var.project}"
}

 resource "google_storage_default_object_access_control" "public_rule" {
  bucket = "google_storage_bucket.test-${var.project}"
  role   = "READER"
  entity = "allUsers"
 }

resource "google_storage_bucket" "bucket" {
  name = "test-${var.project}"
  storage_class = "standard"
  location = "US"
}

ERROR: attached

if anyone can help me to assign permission at the time of bucket creation, will be greatfull.

Answer 1

As per Terraform Official Documentation, the function bucket.name is used, and it reads the bucket name from the variable name. You have to provide your project id in the resource_storage_bucket as below. I tried it and it worked correctly for me:

provider "google-beta" {
}

resource "google_storage_default_object_access_control" "public_rule" {
  bucket = google_storage_bucket.bucket.name
  role   = "READER"
  entity = "allUsers"
}

resource "google_storage_bucket" "bucket" {
  name = "[THE_BUCKET_NAME]"
  project = "[PROJECT_ID]"
  storage_class = "standard"
  location = "US"
}

Where PROJECT_ID is your Project ID and THE_BUCKET_NAME is the bucket name you want to put.

Answer 2

The following setup resolved my issue:

provider "google-beta" {
  project = "${var.project}"
}

data "google_iam_policy" "viewer" {
  binding {
    role = "roles/storage.objectViewer"
    members = [
        "allUsers",
    ] 
  }
}

resource "google_storage_bucket_iam_policy" "editor" {
  bucket = "${google_storage_bucket.bucket.name}"
  policy_data = "${data.google_iam_policy.viewer.policy_data}"
}

resource "google_storage_bucket" "bucket" {
  name = "${var.project}-xxxx"
  storage_class = "xxxxx"
  location = "xxxxxxx"
}