google-cloud-storage: Cannot create signed url with ImpersonatedCredentials

[salrashid123]

a Storage client using ImpersonatedCredentials does not support creation of SignedURL.

In the sample below thatuses impersonated credentials,

ServiceAccountCredentials sourceCredentials = ServiceAccountCredentials
			     .fromStream(new FileInputStream("/path/to/svc.json"));
sourceCredentials = (ServiceAccountCredentials) sourceCredentials
		 .createScoped(Arrays.asList("https://www.googleapis.com/auth/iam"));
	
 ImpersonatedCredentials targetCredentials = 
                       ImpersonatedCredentials.create(sourceCredentials,
			     "impersonated-account@projectB.iam.gserviceaccount.com", null,
			     Arrays.asList("https://www.googleapis.com/auth/devstorage.read_only"), 300);

Storage storage_service = StorageOptions.newBuilder()
    .setCredentials(targetCredentials)
    .build().getService();

String BUCKET_NAME1= "fabled-ray-104117";
String BLOB_NAME1 = "signed_url_file.txt";

BlobInfo BLOB_INFO1 = BlobInfo.newBuilder(BUCKET_NAME1, BLOB_NAME1).build();

URL url =
	storage_service.signUrl(
            BLOB_INFO1,
            14,
            TimeUnit.MINUTES,
	    Storage.SignUrlOption.httpMethod(HttpMethod.GET), 
	    Storage.SignUrlOption.withV4Signature());
System.out.println(url);

the error is "Signing key was not provided and could not be derived"

---

one solution is to just implement ServiceAccountSigner in ImpersonatedCredentials

public class ImpersonatedCredentials extends GoogleCredentials implements ServiceAccountSigner

Here is a working sample that successfully impersonates and produces a signed url:

https://gist.github.com/salrashid123/394f1dfee4d7b16049acc6cca772dd43
(see line 145)