All committers have signed the CLA.

@dnephin Sorry for the ping but it seems this repo doesn't have a whole lot of traffic and I wanted to try and get some attention to this PR. Not having Application Credentials support is the only thing keeping our shop from being able to use auto-join in both Consul and Vault now so I'm hoping to get this incorporated so it can trickle down into those products!

@rigrassm Thank you for the PR! I am not super familiar with these providers, but I'll see what we can do about getting this PR merged and integrated into Consul.

If you have a moment, I would love to hear your thoughts about hashicorp/consul#9100 (as comments on that issue). If that solution seems viable to you I think it would solve this problem by removing the need to update providers and get them integrated into multiple tools.

@dnephin Appreciate the response!

FWIW, the changes in this PR look more substantial then they actually are and it benefits from using the well maintained package used by terraform. I was able to successfully test the changes on our internal Openstack and all the different auth methods worked without any issues.

I like the concept proposed in hashicorp/consul#9100 and will definitely drop a comment there. Vault recently integrated go-discover for it's Auto Join functionality as well so I'm curious how this may effect keeping the functionality synced up between the two?

Just quickly thinking about the problem I'm wondering if it may be worth investigating how difficult it would be to make each individual cloud provider in this project able to be compiled into individual binaries that could be loaded via the mechanism proposed in the Consul issue you have open?

This would have a couple of benefits I can think of off the top of my head:

1. Updating and adding new providers is simplified since they are decoupled from the mechanism that uses them.
2. We don't have to redo all the work for the existing cloud providers

In my head, I can see these being compiled and released to https://releases.hashicorp.com (and possibly even packaged for distribution via deb/rpm) which would allow Consul/Vault to load them from the file system if they already exist and if not download them automatically.

@dnephin Hello again! Wanted to revisit this PR as it doesn't seem like there has been any movement one way or the other around the discussions in hashicorp/consul#9100.

Getting this openstack functionality fixed/implemented would greatly improve the QoL around our consul cluster deployments.

Would you have any thoughts on this? It would be helpful and safer if anyone can use application credentials instead of a user/password.

Sorry for pinging you @mkeeler and @boxofrad but can you help us with that guys? 🙏

Would also love to see this PR being merged. I could test this PR and report back if OpenStack Auth works fine using application credentials, if that helps this getting merged :)