Instructions for connecting to Google Compute Engine missing a permissions step

The instructions for using libcloud with GCE cloud storage[1] are quite good, except they appear to be missing a step. If you follow the instructions using a Service Account and then follow the first example, you will get an error

 
GoogleBaseError: {'domain': 'global', 'reason': 'forbidden', 'message': "Required 'compute.zones.list' permission for 'projects/<project id>'"}

The user needs to take an additional step to provide the newly-created service account permission to list the compute zones. I don't know if there are other ways to achieve this, but one way is to go to IAM & Admin -> IAM (on the left menu panel) -> ADD. Fill in your new service account in the Members field and then select the role Compute Engine -> Compute Network Viewer.

[1] http://libcloud.readthedocs.io/en/latest/compute/drivers/gce.html