Connect to GCP CloudSQL by impersonating a service account

[josh-thisisbud]

Hey there,

It appears this provider is expecting to be able to use the environmental GCP credentials to access the project directly, however I need to either:

• Provide it with the name of a service account to impersonate
• Provide it with an already resolved oauth token for the service account I wish for it to use

The reason I can't use the existing setup is because TF is given a service account with only the permissions to impersonate other service accounts. The impersonated service accounts are the ones with the permissions to perform tasks in the projects on the DB instances.

[petoju]

Ok, that makes sense - please send a pull request and preserve also current functionality.