From d17321783307010e1a6c83fec105380d67612cd8 Mon Sep 17 00:00:00 2001 From: Jason DeTiberus Date: Tue, 11 Jul 2017 15:12:10 -0400 Subject: [PATCH] cloud: gce: Allow specifying scopes by URI (#25074) Previously the gce module would only allow scopes to be specified by alias, this adds support for specifying scopes by full URI, however validation is limited to just ensuring the URI begins with: https://www.googleapis.com/auth --- lib/ansible/modules/cloud/google/gce.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/cloud/google/gce.py b/lib/ansible/modules/cloud/google/gce.py index 33fc331c96f..0480e478ac6 100644 --- a/lib/ansible/modules/cloud/google/gce.py +++ b/lib/ansible/modules/cloud/google/gce.py @@ -233,6 +233,7 @@ EXAMPLES = ''' - storage-full - taskqueue - bigquery + - https://www.googleapis.com/auth/ndev.clouddns.readwrite service_account_email: "your-sa@your-project-name.iam.gserviceaccount.com" credentials_file: "/path/to/your-key.json" project_id: "your-project-name" @@ -463,7 +464,7 @@ def create_instances(module, gce, instance_names, number, lc_zone): bad_perms = [] if service_account_permissions: for perm in service_account_permissions: - if perm not in gce.SA_SCOPES_MAP: + if perm not in gce.SA_SCOPES_MAP and not perm.startswith('https://www.googleapis.com/auth'): bad_perms.append(perm) if len(bad_perms) > 0: module.fail_json(msg='bad permissions: %s' % str(bad_perms))