Auth issue when using service account credentials file

[jadenlemmon]

trafficstars

Following the docs here, I've enabled this add on while using the GOOGLE_APPLICATION_CREDENTIALS env var to point to a local service account credentials file.

Inside the gcp-auth pod that gets created in the cluster I see the error Response: {"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}.

After a little digging it seems to be related to this line where a scope is not being passed.

If I update the line to google.FindDefaultCredentials(ctx, "https://www.googleapis.com/auth/cloud-platform") to include a scope then I believe it works.

I'm not sure why it works for a regular users application default credentials but not the service account credentials file though?

I'm happy to open a PR for this if that would be helpful or if you know of something else I can do to make this work please let me know.