Skip to main content

Overview

The SYNQ Google Cloud Storage integration automatically discovers all GCS buckets in your Google Cloud project and creates custom entities in SYNQ for centralized asset management and governance. This integration can also serve as a reference implementation for building custom integrations using the SYNQ Public API. Source code: github.com/getsynq/synq-google-cloud-storage

What It Does

The integration:
  • Discovers all GCS buckets in your Google Cloud project
  • Creates custom entities in SYNQ for each bucket with rich metadata
  • Syncs comprehensive bucket information including:
    • Storage class and location
    • Versioning status
    • Lifecycle rules with detailed conditions
    • Uniform bucket-level access settings
    • User-defined labels
  • Filters buckets based on include/exclude patterns
  • Auto-cleanup removes entities when buckets are deleted
Each bucket entity includes a detailed description with storage class, location, creation date, versioning status, and complete lifecycle rule configurations.

Use Cases

  • Data Catalog Management: Track all cloud storage resources in one place
  • Resource Discovery: Automatically maintain an up-to-date inventory of GCS buckets
  • Compliance Tracking: Monitor storage configurations and lifecycle policies
  • Cross-Platform Lineage: Connect storage buckets with data pipelines and tables

Installation

Download Pre-built Binaries

Download the latest release for your platform from the releases page.
Intel:
curl -LO https://github.com/getsynq/synq-google-cloud-storage/releases/latest/download/synq-google-cloud-storage_darwin_amd64.tar.gz
tar -xzf synq-google-cloud-storage_darwin_amd64.tar.gz
sudo mv synq-google-cloud-storage /usr/local/bin/
Apple Silicon:
curl -LO https://github.com/getsynq/synq-google-cloud-storage/releases/latest/download/synq-google-cloud-storage_darwin_arm64.tar.gz
tar -xzf synq-google-cloud-storage_darwin_arm64.tar.gz
sudo mv synq-google-cloud-storage /usr/local/bin/
AMD64:
curl -LO https://github.com/getsynq/synq-google-cloud-storage/releases/latest/download/synq-google-cloud-storage_linux_amd64.tar.gz
tar -xzf synq-google-cloud-storage_linux_amd64.tar.gz
sudo mv synq-google-cloud-storage /usr/local/bin/
ARM64:
curl -LO https://github.com/getsynq/synq-google-cloud-storage/releases/latest/download/synq-google-cloud-storage_linux_arm64.tar.gz
tar -xzf synq-google-cloud-storage_linux_arm64.tar.gz
sudo mv synq-google-cloud-storage /usr/local/bin/
Download the .zip file from the releases page and extract it.
Requires Go 1.24 or later:
git clone https://github.com/getsynq/synq-google-cloud-storage.git
cd synq-google-cloud-storage
go build

Configuration

Required: SYNQ API Credentials

Create a .env file with your SYNQ API credentials: 
SYNQ_CLIENT_ID=your_client_id_here
SYNQ_CLIENT_SECRET=your_client_secret_here

# GCP Project ID (optional if running on GCP or using gcloud)
GCP_PROJECT_ID=your-gcp-project-id
The GCP project ID can be auto-detected from:
  • Environment variables (GCP_PROJECT_ID, GOOGLE_CLOUD_PROJECT, GCLOUD_PROJECT)
  • gcloud CLI configuration
  • GCP metadata server (when running on GCP)

Optional: Advanced Configuration

For advanced customization, create a config.yaml file: 
# SYNQ API Configuration (defaults shown for EU region)
synq:
  endpoint: "developer.synq.io:443"  # EU region (default)
  # For US region, use: "api.us.synq.io:443"
  oauth_url: "https://developer.synq.io/oauth2/token"  # EU region (default)
  # For US region, use: "https://api.us.synq.io/oauth2/token"

# GCP Configuration
gcp:
  user_agent: "synq-gcs-client-v1.0.0"
  # project_id: "your-project-id"  # Alternative to GCP_PROJECT_ID env var
  # entity_group_id: "gcs::custom-group-id"  # Defaults to gcs::<project_id>

# Custom Entity Type IDs
types:
  bucket_type_id: 40
  # bucket_icon: "path/to/custom-bucket-icon.svg"

# Resource Filters
filter:
  buckets:
    include: []  # Empty means include all
    exclude: []  # Regex patterns to exclude
    # Examples:
    # include: ["prod-.*"]  # Only include buckets starting with prod-
    # exclude: ["test-.*"]  # Skip buckets starting with test-
Configuration precedence: defaults → config.yaml → environment variables → CLI flags

Network Requirements

If your GCP project has firewall rules that restrict outbound connections, whitelist SYNQ’s egress IP addresses:
See IP Addresses for the latest information.

Running the Integration

Basic Usage

# Minimal setup: just create .env with credentials
cp .env.example .env
# Edit .env and add your credentials

# Run with defaults
./synq-google-cloud-storage

# Run with debug logging
LOG_LEVEL=DEBUG ./synq-google-cloud-storage

# Run with JSON logging for production
LOG_FORMAT=json ./synq-google-cloud-storage

Dry-Run Mode

Preview what entities would be created without making API calls: 
# Dry-run mode (no SYNQ API calls)
./synq-google-cloud-storage --dry-run

# Dry-run with debug logging
LOG_LEVEL=DEBUG ./synq-google-cloud-storage --dry-run
In dry-run mode, the integration scans GCS buckets and shows what would be created, but does not call the SYNQ API or require credentials.

Command-Line Options

Common flags:
  • --dry-run - Preview changes without calling SYNQ API
  • --gcp.project-id - Specify GCP project ID
  • --filter.buckets.include - Bucket name patterns to include
  • --filter.buckets.exclude - Bucket name patterns to exclude
  • --types.bucket-type-id - Custom entity type ID (default: 40)
  • --synq.endpoint - SYNQ API endpoint (EU or US region)
For US region: 
./synq-google-cloud-storage \
  --synq.endpoint=api.us.synq.io:443 \
  --synq.oauth-url=https://api.us.synq.io/oauth2/token
Run ./synq-google-cloud-storage --help for all available options.

How It Works

  1. Authenticates with SYNQ API using OAuth2 client credentials
  2. Creates/updates custom entity type for GCS buckets
  3. Discovers all GCS buckets in your project
  4. Creates entities in SYNQ with comprehensive metadata
  5. Uses entity groups to enable automatic cleanup of deleted buckets

Entity Groups

The integration uses entity groups to track all entities created in each run. When the group is updated, SYNQ automatically removes entities that were in the previous group but not in the current one, enabling automatic cleanup of deleted buckets.

Custom Identifiers

All entities use custom identifiers with gcs:: prefix for namespace isolation. Buckets use identifiers in the format: gcs::<bucket_name>.

Scheduling with Cron

To keep your bucket inventory up-to-date, schedule the integration to run periodically: 
# Run every hour
0 * * * * cd /path/to/integration && ./synq-google-cloud-storage

# Run every 6 hours
0 */6 * * * cd /path/to/integration && ./synq-google-cloud-storage

Using as a Public API Example

This integration demonstrates best practices for using the SYNQ Public API:
  • OAuth2 authentication with client credentials
  • Creating and managing custom entity types
  • Using entity groups for automatic cleanup
  • Implementing filtering and dry-run modes
  • Handling regional deployments
See the source code and API documentation for more details.

Troubleshooting

Verify your SYNQ credentials are correct in the .env file. Ensure you’re using the correct endpoint for your region (EU or US).
Set the GCP_PROJECT_ID environment variable explicitly or configure gcloud CLI with your project:
gcloud config set project YOUR_PROJECT
Ensure your GCP credentials have the storage.buckets.list permission and can read bucket metadata.
If running behind a firewall, verify that outbound connections to the SYNQ API endpoint are allowed. Check your network configuration and firewall rules.

Support

For issues or questions: