I find myself using a lot roles/storage.legacyBucketWriter which has the following permissions:
May be it's okay but it feels odd to me to be using a role with legacy in its name ...
I don't want to create a custom role either because it seems overkill since there is this role fitting the need.
And yes there is a role roles/storage.objectAdmin but it lacks the storage.buckets.get permission.
What do you think ?
Remember legacy roles are related to primitive roles on GCP, It is 'Legacy' because it exactly matches the pre-IAM permissions granted via the legacy role on an Object. It all depends on your use case, the best recommended practice is to follow the principle of least privilege.
Keep in mind as is mentioned at the official documentation:
Legacy Bucket IAM roles work in tandem with bucket ACLs: when you add or remove a Legacy Bucket role, the ACLs associated with the bucket reflect your changes.
Also, consider the scope of the read/write legacy roles as is described on this table.
Finally take a look at the section of Security, ACLs, and access control for follow the best practices recommended for Cloud Storage service.