hi all. is it possible to run a pulumi command and impersonate a service account in GCP?

It is possible with Google Auth services, but I don't think the provider allows that

hmhm.. sounds good. I have a try.

Take the token from the provider, the email of another service account from somewhere (a resource or config) get the new token and make a new provider with that token

ok for getting the token but I miss something on the provider. Maybe I can tell pulumi to use the token?

You need to create a provider passing the access token