I'd like to have many storage buckets, each with its own password or key for read & write access for use by end users.
Some options I've discovered:
- ACLs: These work on a per-OpenStack-user basis. I don't think it makes sense to create a new OpenStack user for each end user.
- Application credentials: These can't be set on a per-container basis, but rather on a class of operations. So you can restrict to containers, but that's for all containers, not a specific one.
Cloud-A announced Container Specific API Keys (documented elsewhere), but this appears to be non-standard. I'd like something that will be compatible with upstream OpenStack.
After further research, it seems as though this isn't possible currently. However, there are plans to fix this eventually: