Unable to use impersonated credentials with gcloud.aio.storage

[and3rson]

I need to impersonate a SA in order to be able to sign GCS URLs locally as follows:

gcloud auth application-default login --impersonate-service-account=EMAIL

However, instantiating gcloud.aio.storage.Client with such credentials fails:

  File "/REDACTED/google.py", line 163, in __init__
    self.client = Storage()
                  ^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/gcloud/aio/storage/storage.py", line 168, in __init__
    self.token = token or Token(
                          ^^^^^^
  File "/usr/local/lib/python3.11/site-packages/gcloud/aio/auth/token.py", line 265, in __init__
    super().__init__(service_file=service_file, session=session)
  File "/usr/local/lib/python3.11/site-packages/gcloud/aio/auth/token.py", line 166, in __init__
    self.token_type = Type(self.service_data['type'])
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/enum.py", line 712, in __call__
    return cls.__new__(cls, value)
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/enum.py", line 1128, in __new__
    raise ve_exc
ValueError: 'impersonated_service_account' is not a valid Type

[TheKevJames]

We currently support impersonation via the target_principal and delegates Token arguments (see docs), but I'm not familiar offhand with the workflow which leads to the service_data containing the impersonation details. Would you be able to upload a (redacted, of course) copy of the SA json key file you're attempting to load? I suspect we'll just need to parse out a few different fields in that case.