Is anyone seeing this issue in production, or is it just me:

Forbidden: 403 Request had insufficient authentication scopes.

I am using the gcloud-python (version 0.13.0) library (datastore v1beta3). The client is a container in a pod within GKE. I do not set any environ params, and simply initiate the client with:
datastore_client = datastore.Client() #uses project default creds

The trace when running a query is:

Forbidden: 403 Request had insufficient authentication scopes.
at _request():98 (connection.py:98 in /usr/local/lib/python2.7/dist-packages/gcloud/datastore)
at _rpc():121 (connection.py:121 in /usr/local/lib/python2.7/dist-packages/gcloud/datastore)
at run_query():275 (connection.py:275 in /usr/local/lib/python2.7/dist-packages/gcloud/datastore)
at next_page():424 (query.py:424 in /usr/local/lib/python2.7/dist-packages/gcloud/datastore)

From my understanding, the oauth2client which the datastore lib uses, should be getting default project creds from the GCE production environment. The type of error (insufficient scopes) leads me to think the issue is not that the lib cannot find or use gce creds, but that the scopes being requested is not what datastore expects.

Anyone seeing this issue too? I'm wondering if it's a general issue related to scopes or something in my project setup and affecting just me.