k-orc
diff --git a/‎internal/osclients/applicationcredential.go‎
Lines changed: 65 additions & 4 deletions b/‎internal/osclients/applicationcredential.go‎
Lines changed: 65 additions & 4 deletions
diff --git a/‎internal/osclients/mock/applicationcredential.go‎
Lines changed: 2 additions & 2 deletions b/‎internal/osclients/mock/applicationcredential.go‎
Lines changed: 2 additions & 2 deletions
@@ -18,20 +18,24 @@ package osclients
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"iter"
 
+	tokens3 "github.com/gophercloud/gophercloud/v2/openstack/identity/v3/tokens"
+
 	"github.com/gophercloud/gophercloud/v2"
 	"github.com/gophercloud/gophercloud/v2/openstack"
 	"github.com/gophercloud/gophercloud/v2/openstack/identity/v3/applicationcredentials"
+	"github.com/gophercloud/gophercloud/v2/openstack/identity/v3/users"
 	"github.com/gophercloud/utils/v2/openstack/clientconfig"
 )
 
 type ApplicationCredentialClient interface {
 	ListApplicationCredentials(ctx context.Context, userID string, listOpts applicationcredentials.ListOptsBuilder) iter.Seq2[*applicationcredentials.ApplicationCredential, error]
 	CreateApplicationCredential(ctx context.Context, userID string, opts applicationcredentials.CreateOptsBuilder) (*applicationcredentials.ApplicationCredential, error)
 	DeleteApplicationCredential(ctx context.Context, userID string, resourceID string) error
-	GetApplicationCredential(ctx context.Context, userID string, resourceID string) (*applicationcredentials.ApplicationCredential, error)
+	GetApplicationCredential(ctx context.Context, resourceID string) (*applicationcredentials.ApplicationCredential, error)
 }
 
 type applicationcredentialClient struct{ client *gophercloud.ServiceClient }
@@ -65,8 +69,65 @@ func (c applicationcredentialClient) DeleteApplicationCredential(ctx context.Con
 	return applicationcredentials.Delete(ctx, c.client, userID, resourceID).ExtractErr()
 }
 
-func (c applicationcredentialClient) GetApplicationCredential(ctx context.Context, userID string, resourceID string) (*applicationcredentials.ApplicationCredential, error) {
-	return applicationcredentials.Get(ctx, c.client, userID, resourceID).Extract()
+func (c applicationcredentialClient) GetApplicationCredential(ctx context.Context, resourceID string) (*applicationcredentials.ApplicationCredential, error) {
+	// The unique ID of an application credential is not enough to query it from OpenStack
+	// OpenStack actually also requires a unique user ID.
+	// We can not provide the user ID here, as the function signatures of ORC interfaces
+	// expect us to return an OpenStack resource based on a single string.
+
+	// To work around this, we first query ApplicationCredentials for the currently
+	// authenticated user which ORC is connected as. If that fails, we iterate over
+	// all users we have access to and query their ApplicationCredentials.
+
+	// Currently authenticated user
+	userID, err := GetAuthenticatedUserID(c.client.ProviderClient)
+	if err == nil {
+		appCred, appCredErr := applicationcredentials.Get(ctx, c.client, userID, resourceID).Extract()
+
+		if appCred != nil {
+			return appCred, appCredErr
+		}
+	}
+
+	// If not found in currently authenticated user, try iterating over all users
+	userPager := users.List(c.client, nil)
+	userIterator := func(yield func(*users.User, error) bool) {
+		_ = userPager.EachPage(ctx, yieldPage(users.ExtractUsers, yield))
+	}
+
+	for user, userErr := range userIterator {
+		if userErr != nil {
+			continue
+		}
+
+		appCred, appCredErr := applicationcredentials.Get(ctx, c.client, user.ID, resourceID).Extract()
+
+		if appCred != nil {
+			return appCred, appCredErr
+		}
+	}
+
+	return nil, gophercloud.ErrResourceNotFound{
+		Name:         resourceID,
+		ResourceType: "ApplicationCredential",
+	}
+}
+
+func GetAuthenticatedUserID(providerClient *gophercloud.ProviderClient) (string, error) {
+	r := providerClient.GetAuthResult()
+	if r == nil {
+		return "", errors.New("no AuthResult available")
+	}
+	switch r := r.(type) {
+	case tokens3.CreateResult:
+		u, err := r.ExtractUser()
+		if err != nil {
+			return "", err
+		}
+		return u.ID, nil
+	default:
+		return "", errors.New("wrong AuthResult version")
+	}
 }
 
 type applicationcredentialErrorClient struct{ error }
@@ -90,6 +151,6 @@ func (e applicationcredentialErrorClient) DeleteApplicationCredential(_ context.
 	return e.error
 }
 
-func (e applicationcredentialErrorClient) GetApplicationCredential(_ context.Context, _ string, _ string) (*applicationcredentials.ApplicationCredential, error) {
+func (e applicationcredentialErrorClient) GetApplicationCredential(_ context.Context, _ string) (*applicationcredentials.ApplicationCredential, error) {
 	return nil, e.error
 }