fix: Adjust impersonateServiceAccount structure to match other providers

Author: kostyaplis

package/crds/kubernetes.crossplane.io_providerconfigs.yaml

@@ -141,7 +141,13 @@ spec:
                     description: |-
                       ImpersonateServiceAccount is the email address of the Google Service Account to impersonate.
                       This is only valid when the identity type is GoogleApplicationCredentials.
-                    type: string
+                    properties:
+                      name:
+                        description: Name of the service account to impersonate.
+                        type: string
+                    required:
+                    - name
+                    type: object
                   secretRef:
                     description: |-
                       A SecretRef is a reference to a secret key that contains the credentials

pkg/kube/client/client.go

@@ -114,9 +114,13 @@ func (b *IdentityAwareBuilder) restForProviderConfig(ctx context.Context, pc kco
 	if id := pc.Identity; id != nil {
 		switch id.Type {
 		case kconfig.IdentityTypeGoogleApplicationCredentials:
+			impersonateSA := ""
+			if id.ImpersonateServiceAccount != nil {
+				impersonateSA = id.ImpersonateServiceAccount.Name
+			}
 			switch id.Source { //nolint:exhaustive
 			case xpv1.CredentialsSourceInjectedIdentity:
-				if err := gke.WrapRESTConfig(ctx, rc, nil, id.ImpersonateServiceAccount, gke.DefaultScopes...); err != nil {
+				if err := gke.WrapRESTConfig(ctx, rc, nil, impersonateSA, gke.DefaultScopes...); err != nil {
 					return nil, errors.Wrap(err, errInjectGoogleCredentials)
 				}
 			default:
@@ -125,7 +129,7 @@ func (b *IdentityAwareBuilder) restForProviderConfig(ctx context.Context, pc kco
 					return nil, errors.Wrap(err, errExtractGoogleCredentials)
 				}
 
-				if err := gke.WrapRESTConfig(ctx, rc, creds, id.ImpersonateServiceAccount, gke.DefaultScopes...); err != nil {
+				if err := gke.WrapRESTConfig(ctx, rc, creds, impersonateSA, gke.DefaultScopes...); err != nil {
 					return nil, errors.Wrap(err, errInjectGoogleCredentials)
 				}
 			}

pkg/kube/config/config.go

@@ -53,11 +53,17 @@ type Identity struct {
 	// ImpersonateServiceAccount is the email address of the Google Service Account to impersonate.
 	// This is only valid when the identity type is GoogleApplicationCredentials.
 	// +optional
-	ImpersonateServiceAccount string `json:"impersonateServiceAccount,omitempty"`
+	ImpersonateServiceAccount *ImpersonateServiceAccountConfig `json:"impersonateServiceAccount,omitempty"`
 
 	ProviderCredentials `json:",inline"`
 }
 
+// ImpersonateServiceAccountConfig contains the configuration for impersonating a service account.
+type ImpersonateServiceAccountConfig struct {
+	// Name of the service account to impersonate.
+	Name string `json:"name"`
+}
+
 // A ProviderConfigSpec defines the desired state of a ProviderConfig.
 type ProviderConfigSpec struct {
 	// Credentials used to connect to the Kubernetes API. Typically a