Need the flexibility to support "<tenant_
Looking at the Swift keystoneauth middleware code, only way “<tenant ID>:<username>” and “<tenant name>:<username>” are applicable is the given account matches “<reseller>
This means users must shared the same tenant and account. This is not flexible enough to support use cases such as userA of tenantA wants to grant read-only access to his container UserAContainer to userB of tenantB, where userB does not have/need any role association with TenantA. UserA should be able to just create an ACL “X-Container-Read: TenantB:userB”.
Furthermore, we need cross-tenant ACLs, sharing container with users regardless of their tenant association. For example, “*:<username>”. The benefit with cross-tenant ACLs is improved usability as there’s no need to lookup tenant ID/name when creating ACLs.
Addressed by: https:/