designate: support for Openstack Application Credentials (#1360)

2021-02-28 00:45:58 +01:00 · 2021-02-28 00:45:58 +01:00 · 31158bc58c
commit 31158bc58c
parent 2871fd3938
7 changed files with 134 additions and 44 deletions
--- a/cmd/zz_gen_cmd_dnshelp.go
+++ b/cmd/zz_gen_cmd_dnshelp.go
@ -462,11 +462,15 @@ func displayDNSHelp(name string) error {
 		ew.writeln()

 		ew.writeln(`Credentials:`)
+		ew.writeln(`	- "OS_APPLICATION_CREDENTIAL_ID":	Application credential ID`)
+		ew.writeln(`	- "OS_APPLICATION_CREDENTIAL_NAME":	Application credential name`)
+		ew.writeln(`	- "OS_APPLICATION_CREDENTIAL_SECRET":	Application credential secret`)
 		ew.writeln(`	- "OS_AUTH_URL":	Identity endpoint URL`)
 		ew.writeln(`	- "OS_PASSWORD":	Password`)
 		ew.writeln(`	- "OS_PROJECT_NAME":	Project name`)
 		ew.writeln(`	- "OS_REGION_NAME":	Region name`)
 		ew.writeln(`	- "OS_USERNAME":	Username`)
+		ew.writeln(`	- "OS_USER_ID":	User ID`)
 		ew.writeln()

 		ew.writeln(`Additional Configuration:`)
--- a/docs/content/dns/zz_gen_designate.md
+++ b/docs/content/dns/zz_gen_designate.md
@ -18,9 +18,31 @@ Configuration for [Designate DNSaaS for Openstack](https://docs.openstack.org/de

 - Code: `designate`

-{{% notice note %}}
-_Please contribute by adding a CLI example._
-{{% /notice %}}
+Here is an example bash command using the Designate DNSaaS for Openstack provider:
+
+```bash
+# With a `clouds.yaml`
+OS_CLOUD=my_openstack \
+lego --email myemail@example.com --dns designate --domains my.example.org run
+
+# or
+
+OS_AUTH_URL=https://openstack.example.org \
+OS_REGION_NAME=RegionOne \
+OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846
+OS_USERNAME=myuser \
+OS_PASSWORD=passw0rd \
+lego --email myemail@example.com --dns designate --domains my.example.org run
+
+# or
+
+OS_AUTH_URL=https://openstack.example.org \
+OS_REGION_NAME=RegionOne \
+OS_AUTH_TYPE=v3applicationcredential \
+OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \
+OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \
+lego --email myemail@example.com --dns designate --domains my.example.org run
+```



@ -29,11 +51,15 @@ _Please contribute by adding a CLI example._

 | Environment Variable Name | Description |
 |-----------------------|-------------|
+| `OS_APPLICATION_CREDENTIAL_ID` | Application credential ID |
+| `OS_APPLICATION_CREDENTIAL_NAME` | Application credential name |
+| `OS_APPLICATION_CREDENTIAL_SECRET` | Application credential secret |
 | `OS_AUTH_URL` | Identity endpoint URL |
 | `OS_PASSWORD` | Password |
 | `OS_PROJECT_NAME` | Project name |
 | `OS_REGION_NAME` | Region name |
 | `OS_USERNAME` | Username |
+| `OS_USER_ID` | User ID |

 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here](/lego/dns/#configuration-and-credentials).
@ -52,6 +78,20 @@ More information [here](/lego/dns/#configuration-and-credentials).
 The environment variable names can be suffixed by `_FILE` to reference a file instead of a value.
 More information [here](/lego/dns/#configuration-and-credentials).

+## Description
+
+There are three main ways of authenticating with Designate:
+
+1. The first one is by using the `OS_CLOUD` environment variable and a `clouds.yaml` file.
+2. The second one is using your username and password, via the `OS_USERNAME`, `OS_PASSWORD` and `OS_PROJECT_NAME` environment variables.
+3. The third one is by using an application credential, via the `OS_APPLICATION_CREDENTIAL_*` and `OS_USER_ID` environment variables.
+
+For the username/password and application methods, the `OS_AUTH_URL` and `OS_REGION_NAME` environment variables are required.
+
+For more information, you can read about the different methods of authentication with OpenStack in the Keystone's documentation and the gophercloud documentation:
+
+- [Keystone username/password](https://docs.openstack.org/keystone/latest/user/supported_clients.html)
+- [Keystone application credentials](https://docs.openstack.org/keystone/latest/user/application_credentials.html)



--- a/go.mod
+++ b/go.mod
@ -20,8 +20,8 @@ require (
 	github.com/dnsimple/dnsimple-go v0.63.0
 	github.com/exoscale/egoscale v0.23.0
 	github.com/google/go-querystring v1.0.0
-	github.com/gophercloud/gophercloud v0.7.0
-	github.com/gophercloud/utils v0.0.0-20200508015959-b0167b94122c
+	github.com/gophercloud/gophercloud v0.16.0
+	github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae
 	github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
 	github.com/labbsr0x/bindman-dns-webhook v1.0.2
@ -43,11 +43,12 @@ require (
 	github.com/transip/gotransip/v6 v6.2.0
 	github.com/urfave/cli v1.22.4
 	github.com/vultr/govultr/v2 v2.0.0
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
+	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
 	golang.org/x/net v0.0.0-20200822124328-c89045814202
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	google.golang.org/api v0.20.0
+	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/ns1/ns1-go.v2 v2.4.2
 	gopkg.in/square/go-jose.v2 v2.5.1
-	gopkg.in/yaml.v2 v2.3.0
+	gopkg.in/yaml.v2 v2.4.0
 )
--- a/go.sum
+++ b/go.sum
@ -162,11 +162,11 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gophercloud/gophercloud v0.6.1-0.20191122030953-d8ac278c1c9d/go.mod h1:ozGNgr9KYOVATV5jsgHl/ceCDXGuguqOZAzoQ/2vcNM=
-github.com/gophercloud/gophercloud v0.7.0 h1:vhmQQEM2SbnGCg2/3EzQnQZ3V7+UCGy9s8exQCprNYg=
-github.com/gophercloud/gophercloud v0.7.0/go.mod h1:gmC5oQqMDOMO1t1gq5DquX/yAU808e/4mzjjDA76+Ss=
-github.com/gophercloud/utils v0.0.0-20200508015959-b0167b94122c h1:iawx2ojEQA7c+GmkaVO5sN+k8YONibXyDO8RlsC+1bs=
-github.com/gophercloud/utils v0.0.0-20200508015959-b0167b94122c/go.mod h1:ehWUbLQJPqS0Ep+CxeD559hsm9pthPXadJNKwZkp43w=
+github.com/gophercloud/gophercloud v0.15.1-0.20210202035223-633d73521055/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4=
+github.com/gophercloud/gophercloud v0.16.0 h1:sWjPfypuzxRxjVbk3/MsU4H8jS0NNlyauZtIUl78BPU=
+github.com/gophercloud/gophercloud v0.16.0/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4=
+github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae h1:Hi3IgB9RQDE15Kfovd8MTZrcana+UlQqNbOif8dLpA0=
+github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae/go.mod h1:wx8HMD8oQD0Ryhz6+6ykq75PJ79iPyEqYHfwZ4l7OsA=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
@ -182,7 +182,7 @@ github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxC
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM=
 github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@ -346,9 +346,9 @@ golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaE
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad h1:DN0cp81fZ3njFcrLCytUHRSUkqBjfTo4Tx9RJTWs0EY=
+golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -396,7 +396,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@ -438,7 +437,7 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -447,8 +446,11 @@ golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuFiOQWj1Fs7T3VrH4Pjw=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@ -481,7 +483,6 @@ golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191203134012-c197fd4bf371/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@ -566,11 +567,10 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/providers/dns/designate/designate.go
+++ b/providers/dns/designate/designate.go
@ -28,13 +28,17 @@ const (

 	envNamespaceClient = "OS_"

-	EnvAuthURL    = envNamespaceClient + "AUTH_URL"
-	EnvUsername   = envNamespaceClient + "USERNAME"
-	EnvPassword   = envNamespaceClient + "PASSWORD"
-	EnvTenantName = envNamespaceClient + "TENANT_NAME"
-	EnvRegionName = envNamespaceClient + "REGION_NAME"
-	EnvProjectID  = envNamespaceClient + "PROJECT_ID"
-	EnvCloud      = envNamespaceClient + "CLOUD"
+	EnvAuthURL       = envNamespaceClient + "AUTH_URL"
+	EnvUsername      = envNamespaceClient + "USERNAME"
+	EnvPassword      = envNamespaceClient + "PASSWORD"
+	EnvUserID        = envNamespaceClient + "USER_ID"
+	EnvAppCredID     = envNamespaceClient + "APPLICATION_CREDENTIAL_ID"
+	EnvAppCredName   = envNamespaceClient + "APPLICATION_CREDENTIAL_NAME"
+	EnvAppCredSecret = envNamespaceClient + "APPLICATION_CREDENTIAL_SECRET"
+	EnvTenantName    = envNamespaceClient + "TENANT_NAME"
+	EnvRegionName    = envNamespaceClient + "REGION_NAME"
+	EnvProjectID     = envNamespaceClient + "PROJECT_ID"
+	EnvCloud         = envNamespaceClient + "CLOUD"
 )

 // Config is used to configure the creation of the DNSProvider.
@ -80,11 +84,6 @@ func NewDNSProvider() (*DNSProvider, error) {

 		config.opts = *opts
 	} else {
-		_, err = env.Get(EnvAuthURL, EnvUsername, EnvPassword, EnvRegionName)
-		if err != nil {
-			return nil, fmt.Errorf("designate: %w", err)
-		}
-
 		opts, err := openstack.AuthOptionsFromEnv()
 		if err != nil {
 			return nil, fmt.Errorf("designate: %w", err)
--- a/providers/dns/designate/designate.toml
+++ b/providers/dns/designate/designate.toml
@ -4,13 +4,56 @@ URL = "https://docs.openstack.org/designate/latest/"
 Code = "designate"
 Since = "v2.2.0"

-Example = ''''''
+Example = '''
+# With a `clouds.yaml`
+OS_CLOUD=my_openstack \
+lego --email myemail@example.com --dns designate --domains my.example.org run
+
+# or
+
+OS_AUTH_URL=https://openstack.example.org \
+OS_REGION_NAME=RegionOne \
+OS_PROJECT_ID=23d4522a987d4ab529f722a007c27846
+OS_USERNAME=myuser \
+OS_PASSWORD=passw0rd \
+lego --email myemail@example.com --dns designate --domains my.example.org run
+
+# or
+
+OS_AUTH_URL=https://openstack.example.org \
+OS_REGION_NAME=RegionOne \
+OS_AUTH_TYPE=v3applicationcredential \
+OS_APPLICATION_CREDENTIAL_ID=imn74uq0or7dyzz20dwo1ytls4me8dry \
+OS_APPLICATION_CREDENTIAL_SECRET=68FuSPSdQqkFQYH5X1OoriEIJOwyLtQ8QSqXZOc9XxFK1A9tzZT6He2PfPw0OMja \
+lego --email myemail@example.com --dns designate --domains my.example.org run
+'''
+
+Additional = '''
+## Description
+
+There are three main ways of authenticating with Designate:
+
+1. The first one is by using the `OS_CLOUD` environment variable and a `clouds.yaml` file.
+2. The second one is using your username and password, via the `OS_USERNAME`, `OS_PASSWORD` and `OS_PROJECT_NAME` environment variables.
+3. The third one is by using an application credential, via the `OS_APPLICATION_CREDENTIAL_*` and `OS_USER_ID` environment variables.
+
+For the username/password and application methods, the `OS_AUTH_URL` and `OS_REGION_NAME` environment variables are required.
+
+For more information, you can read about the different methods of authentication with OpenStack in the Keystone's documentation and the gophercloud documentation:
+
+- [Keystone username/password](https://docs.openstack.org/keystone/latest/user/supported_clients.html)
+- [Keystone application credentials](https://docs.openstack.org/keystone/latest/user/application_credentials.html)
+'''

 [Configuration]
  [Configuration.Credentials]
    OS_AUTH_URL = "Identity endpoint URL"
    OS_USERNAME = "Username"
    OS_PASSWORD = "Password"
+    OS_USER_ID = "User ID"
+    OS_APPLICATION_CREDENTIAL_ID = "Application credential ID"
+    OS_APPLICATION_CREDENTIAL_NAME = "Application credential name"
+    OS_APPLICATION_CREDENTIAL_SECRET = "Application credential secret"
    OS_PROJECT_NAME = "Project name"
    OS_REGION_NAME = "Region name"
  [Configuration.Additional]
--- a/providers/dns/designate/designate_test.go
+++ b/providers/dns/designate/designate_test.go
@ -24,6 +24,10 @@ var envTest = tester.NewEnvTest(
 	EnvAuthURL,
 	EnvUsername,
 	EnvPassword,
+	EnvUserID,
+	EnvAppCredID,
+	EnvAppCredName,
+	EnvAppCredSecret,
 	EnvTenantName,
 	EnvRegionName,
 	EnvProjectID,
@ -56,7 +60,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) {
 				EnvPassword:   "",
 				EnvRegionName: "",
 			},
-			expected: "designate: some credentials information are missing: OS_AUTH_URL,OS_USERNAME,OS_PASSWORD,OS_REGION_NAME",
+			expected: "designate: Missing environment variable [OS_AUTH_URL]",
 		},
 		{
 			desc: "missing auth url",
@ -66,7 +70,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) {
 				EnvPassword:   "C",
 				EnvRegionName: "D",
 			},
-			expected: "designate: some credentials information are missing: OS_AUTH_URL",
+			expected: "designate: Missing environment variable [OS_AUTH_URL]",
 		},
 		{
 			desc: "missing username",
@ -76,7 +80,7 @@ func TestNewDNSProvider_fromEnv(t *testing.T) {
 				EnvPassword:   "C",
 				EnvRegionName: "D",
 			},
-			expected: "designate: some credentials information are missing: OS_USERNAME",
+			expected: "designate: Missing one of the following environment variables [OS_USERID, OS_USERNAME]",
 		},
 		{
 			desc: "missing password",
@ -86,17 +90,16 @@ func TestNewDNSProvider_fromEnv(t *testing.T) {
 				EnvPassword:   "",
 				EnvRegionName: "D",
 			},
-			expected: "designate: some credentials information are missing: OS_PASSWORD",
+			expected: "designate: Missing environment variable [OS_PASSWORD]",
 		},
 		{
-			desc: "missing region name",
+			desc: "missing application credential secret",
 			envVars: map[string]string{
 				EnvAuthURL:    serverURL + "/v2.0/",
-				EnvUsername:   "B",
-				EnvPassword:   "C",
-				EnvRegionName: "",
+				EnvRegionName: "D",
+				EnvAppCredID:  "F",
 			},
-			expected: "designate: some credentials information are missing: OS_REGION_NAME",
+			expected: "designate: Missing environment variable [OS_APPLICATION_CREDENTIAL_SECRET]",
 		},
 	}