GCE module: added Service Account permissions sanity checks
This commit is contained in:
parent
f714cc5f7e
commit
fa9727eb99
1 changed files with 6 additions and 0 deletions
|
@ -340,7 +340,13 @@ def create_instances(module, gce, instance_names):
|
||||||
metadata = {'items': items}
|
metadata = {'items': items}
|
||||||
|
|
||||||
ex_sa_perms = []
|
ex_sa_perms = []
|
||||||
|
bad_perms = []
|
||||||
if service_account_permissions:
|
if service_account_permissions:
|
||||||
|
for perm in service_account_permissions:
|
||||||
|
if not perm in gce.SA_SCOPES_MAP.keys():
|
||||||
|
bad_perms.append(perm)
|
||||||
|
if len(bad_perms) > 0:
|
||||||
|
module.fail_json(msg='bad permissions: %s' % str(bad_perms))
|
||||||
if service_account_email:
|
if service_account_email:
|
||||||
ex_sa_perms.append({'email': service_account_email})
|
ex_sa_perms.append({'email': service_account_email})
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in a new issue