feat(impersonated): add impersonated credentials auth

[bcoe]

Adds ImpersonatedCredentials. This credential type basically takes one source credential and exchanges it for another, different service account.

Fixes #535
Refs #779

---

@salrashid123 I've gone through the original #779 and made some edits to make the work more idiomatic for Node.js.

I'm leaving some review comments on this PR that would get it ready to land.

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[bcoe]

@salrashid123 sorry for screwing up your branch, I left some refactoring and recommendations in this PR, to act as a baseline.

One additional thought, we should probably add a blurb in the README about how to use the impersonated client?

[bcoe]

Likewise, perhaps we can get away with checking for just the 403 and 404 case?

[salrashid123]

thanks, i retested the code from this PR and it worked fine with the snippet below

1,2 wokred fine but ...how do you supply the impersonated client to a GCP library like @google-cloud/logging?

i do know in the original PR i showed 3 working below but ...i must've just had that as a place holder or somthing of a wishlist

is it possible to supply Impersonated to any nodejs library?

i looked at but those credentials and what not are something else like a keyfile
https://googleapis.dev/nodejs/logging/latest/global.html#ClientConfig
https://googleapis.dev/nodejs/google-auth-library/latest/interfaces/GoogleAuthOptions.html

const {Logging} = require('@google-cloud/logging');
const { GoogleAuth, JWT, Impersonated  } = require('google-auth-library');
const { Storage } = require('@google-cloud/storage');

var svcAccountFile = '/home/srashid/gcp_misc/certs/mineral-minutia-820-e9a7c8665867.json';
var project_id = 'fabled-ray-104117';
const keys = require(svcAccountFile);

// create a sourceCredential
let saclient = new JWT(
  keys.client_email,
  null,
  keys.private_key,
  ['https://www.googleapis.com/auth/cloud-platform', 'https://www.googleapis.com/auth/iam'],
);

// Use that to impersonate the targetPrincipal
let targetClient = new Impersonated({
  sourceClient: saclient,
  targetPrincipal: "impersonated-account@fabled-ray-104117.iam.gserviceaccount.com",
  lifetime: 30,
  delegates: [],
  targetScopes: ["https://www.googleapis.com/auth/cloud-platform"]
});


// At this point you can use the client as any other:

// 1. Acquire Headers
const authHeaders = await targetClient.getRequestHeaders();
console.log(authHeaders);

// 2. Use client in authorized session 
targetClient.getAccessToken().then(res => {
  let url = 'https://www.googleapis.com/storage/v1/b?project=' + project_id
  targetClient.requestAsync({ url }).then(resp => {
    console.log(resp.data.items[0]);
  }).catch(function (error) {
    console.error('Unable to list buckets: ' + error);
  });
});

// 3. Use client with GCP Service 

const logging = new Logging({projectId: project_id});
const log = logging.log('mylog');
const text = 'Hello, world!';
const metadata = {
  resource: {type: 'global'},
};
const entry = log.entry(metadata, text);
await log.write(entry);
console.log(`Logged: ${text}`);

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[salrashid123]

thanks. verified the last push works. here's a suggestion for the README.md

https://gist.github.com/salrashid123/6e3c2eaa0575d6c18632931cbf8cb496

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[generated-files-bot]

Warning: This pull request is touching the following templated files:

• README.md - README.md is managed by synthtool. However, a partials file can be used to update the README, e.g.: https://github.com/googleapis/nodejs-storage/blob/master/.readme-partials.yaml

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[bojeil-google]

Hey @bcoe thanks for addressing the comments. I noticed some comments may have been accidentally missed. Perhaps you forgot to commit those changes?
This includes: adding space between tests, 2021 copyright, using AuthClient instead of OAuth2Client for source AuthClient, updating ImpersonatedOptions param description and adding a test for Impersonated in test.index.ts.

This may be relevant but when I try to "show changes since my last review", I get an error message:

We went looking everywhere, but couldn’t find those commits.
Sometimes commits can disappear after a force-push. Head back to the latest changes here.

[bcoe]

@bojeil-google the push had just failed.

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[bojeil-google]

I don't think this exists in ImpersonatedOptions

[bojeil-google]

Missed this one: 2021

[google-cla]

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

[bcoe]

@bojeil-google thank you for the thorough review, this is much better than it would have been if landed earlier (also it identified a bug with refreshing token logic).