From fa9727eb99fdd0c38ed7f3ba72cdf31c69e82a61 Mon Sep 17 00:00:00 2001
From: Vasyl Kaigorodov <vkaigoro@redhat.com>
Date: Fri, 15 May 2015 16:00:24 +0200
Subject: [PATCH] GCE module: added Service Account permissions sanity checks

---
 cloud/google/gce.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cloud/google/gce.py b/cloud/google/gce.py
index 261f6d32297..b288d9dfb43 100644
--- a/cloud/google/gce.py
+++ b/cloud/google/gce.py
@@ -340,7 +340,13 @@ def create_instances(module, gce, instance_names):
         metadata = {'items': items}
 
     ex_sa_perms = []
+    bad_perms = []
     if service_account_permissions:
+        for perm in service_account_permissions:
+            if not perm in gce.SA_SCOPES_MAP.keys():
+                bad_perms.append(perm)
+        if len(bad_perms) > 0:
+            module.fail_json(msg='bad permissions: %s' % str(bad_perms))
         if service_account_email:
             ex_sa_perms.append({'email': service_account_email})
         else: