No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

It is possible with Google Auth services, but I don't think the provider allows that

But since its normal code you could make the impersonation yourself using the auth service inside a apply

Take the token from the provider, the email of another service account from somewhere (a resource or config) get the new token and make a new provider with that token

ok for getting the token but I miss something on the provider. Maybe I can tell pulumi to use the token?

You need to create a provider passing the access token