Service account permissions error when launching gddo-server

[jen-obyrne]

I'm setting up a private version of gddo, initially we didn't enable the search functionality so I am currently adding it. I have deployed the gae-service-proxy to App Engine, and I am setting the remoteapi-endpoint flag with its address.

I am using a service account which has the App Engine Admin, Cloud Datastore Owner, and Storage Admin roles, however I still get the following error when trying to launch my gddo-server: error creating server:open database: unable to contact server: bad response 401; body: "You must be logged in as an administrator to access this.

If I use my own account that has the same roles, then it works fine, the server starts, and search works. 🤔

Is there something that I am missing? Or is this an issue?

[urandom2]

This seems like a duplicate of #531, see my comment there.

[jen-obyrne]

The service account had all the permissions. After investigating some more I found that there were some scopes missing. After testing with these added the service account now works: https://github.com/golang/gddo/pull/634