Cloud fuction storage trigger on bucket of other project

Question

Not able to create cloud function trigger on bucket which is under other project.

Deploying function (may take a while - up to 2 minutes)...failed.

ERROR: (gcloud.functions.deploy) OperationError: code=7, message=Insufficient permissions to (re)configure a trigger (permission denied for bucket ing-auto). Please, give owner permissions to the editor role of the bucket and try again.

For service account used in cloud function has owner access to the project where bucket lies.

i.e there are two project project-a and project-b. cloud function need to be created in project-a. google bucket is in project-b. service account user serv-user is part of project-a and has owner access of project-b which will be used to execute cloud function.

gcloud functions deploy hello_gcs --runtime python37 --trigger-resource bucket-from-other-project-xxx --trigger-event goog
le.storage.object.finalize

I am able to create cloud function storage trigger on buckets of same project

Answer 1

It is possible even for Cloud Functions V1:

For a Cloud Function in PROJECT_1 that wants to watch a resource in PROJECT_2:

grant the Cloud Functions Service Agent identity of PROJECT_1 the Cloud Functions Service Agent role on PROJECT_2.

Yes: identity and role have the same name.

Answer 2

You cannot trigger a Cloud Function with a bucket in another project.

As per the documentation:

Note: Cloud Functions can only be triggered by Cloud Storage buckets in the same Google Cloud Platform project.

Answer 3

It is not possible. Quoting the Google Cloud Functions documentation:

Cloud Functions can only be triggered by Cloud Storage buckets in the same Google Cloud Platform project.

As a possible workaround you can deploy your Cloud Function as HTTP triggered. Then, in the project where the bucket belongs to, deploy another Cloud Function triggered by the Cloud Storage event and in its code make an HTTP call to trigger the first Cloud Function.