fix(bqjdbc): support Service Account Impersonation in ADC

Author: Neenu1995

java-bigquery/google-cloud-bigquery-jdbc/src/main/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtility.java

@@ -232,7 +232,8 @@ static Map<String, String> parseOAuthProperties(DataSource ds, String callerClas
 
     if (authType == AuthType.GOOGLE_SERVICE_ACCOUNT
         || authType == AuthType.GOOGLE_USER_ACCOUNT
-        || authType == AuthType.PRE_GENERATED_TOKEN) {
+        || authType == AuthType.PRE_GENERATED_TOKEN
+        || authType == AuthType.APPLICATION_DEFAULT_CREDENTIALS) {
       oauthProperties.put(
           BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME,
           ds.getOAuthSAImpersonationEmail());
@@ -284,8 +285,6 @@ static GoogleCredentials getCredentials(
             getPreGeneratedTokensCredentials(authProperties, overrideProperties, callerClassName);
         break;
       case APPLICATION_DEFAULT_CREDENTIALS:
-        // This auth method doesn't support service account impersonation
-
         credentials = getApplicationDefaultCredentials(callerClassName);
         break;
       case EXTERNAL_ACCOUNT_AUTH:

java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/BigQueryJdbcOAuthUtilityTest.java

@@ -377,6 +377,39 @@ public void testParseUserImpersonationNonDefault() {
         result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_TOKEN_LIFETIME_PROPERTY_NAME));
   }
 
+  @Test
+  public void testParseUserImpersonationForADC() {
+    Map<String, String> result =
+        BigQueryJdbcOAuthUtility.parseOAuthProperties(
+            DataSource.fromUrl(
+                "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;"
+                    + "OAuthType=3;ProjectId=MyBigQueryProject;"
+                    + "ServiceAccountImpersonationEmail=impersonated@email.com;"),
+            "");
+
+    assertEquals("APPLICATION_DEFAULT_CREDENTIALS", result.get("OAuthType"));
+    assertEquals(
+        "impersonated@email.com",
+        result.get(BigQueryJdbcUrlUtility.OAUTH_SA_IMPERSONATION_EMAIL_PROPERTY_NAME));
+  }
+
+  @Test
+  public void testGetServiceAccountImpersonatedCredentialsForADC() {
+    Map<String, String> authProperties =
+        BigQueryJdbcOAuthUtility.parseOAuthProperties(
+            DataSource.fromUrl(
+                "jdbc:bigquery://https://www.googleapis.com/bigquery/v2:443;"
+                    + "OAuthType=3;ProjectId=MyBigQueryProject;"
+                    + "ServiceAccountImpersonationEmail=impersonated@email.com;"),
+            "");
+
+    GoogleCredentials credentials =
+        BigQueryJdbcOAuthUtility.getCredentials(
+            authProperties, java.util.Collections.EMPTY_MAP, false, null);
+
+    assertThat(credentials).isInstanceOf(ImpersonatedCredentials.class);
+  }
+
   @Test
   public void testGetServiceAccountImpersonatedCredentials() {
     Map<String, String> authProperties =

java-bigquery/google-cloud-bigquery-jdbc/src/test/java/com/google/cloud/bigquery/jdbc/it/ITAuthTests.java

@@ -371,4 +371,15 @@ public void testServiceAccountAuthenticationWithChainedImpersonation()
             .toString();
     validateConnection(connection_uri);
   }
+
+  @Test
+  public void testADCAuthenticationWithImpersonation() throws IOException, SQLException {
+    final JsonObject authJson = getAuthJson();
+
+    String connection_uri =
+        getBaseUri(3, authJson.get("project_id").getAsString())
+            .append("ServiceAccountImpersonationEmail", authJson.get("client_email").getAsString())
+            .toString();
+    validateConnection(connection_uri);
+  }
 }