From f619da2405f8bb510a8ae2a88f6e4fcddb424ada Mon Sep 17 00:00:00 2001
From: Belmiro Moreira <moreira.belmiro.email.lists@gmail.com>
Date: Sun, 27 Jan 2013 17:57:31 +0100
Subject: Multi-tenancy isolation with aggregates

A new scheduler filter that allows the creation of instances from
specific tenants in selected aggregates.
With this filter is possible to isolate tenants in a specific set
of compute nodes (aggregates).

If a host is in an aggregate that has the metadata key
"filter_tenant_id" it can only create instances from that tenant(s).
A host can be in different aggregates.
If a host doesn't belong to an aggregate with the metadata key
"filter_tenant_id" it can create instances from all tenants.

Implements: blueprint multi-tenancy-aggregates
DocImpact

Change-Id: I119c809c54da9e9dc3ac506c02203d2d4422b06e
---
 nova/tests/scheduler/test_host_filters.py | 39 +++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

(limited to 'nova/tests')

diff --git a/nova/tests/scheduler/test_host_filters.py b/nova/tests/scheduler/test_host_filters.py
index 53e51668c..0a5f0da40 100644
--- a/nova/tests/scheduler/test_host_filters.py
+++ b/nova/tests/scheduler/test_host_filters.py
@@ -1414,3 +1414,42 @@ class HostFiltersTestCase(test.TestCase):
         host = fakes.FakeHostState('host1', 'node1', {})
         filter_properties = {'group_hosts': ['host1']}
         self.assertFalse(filt_cls.host_passes(host, filter_properties))
+
+    def test_aggregate_multi_tenancy_isolation_with_meta_passes(self):
+        self._stub_service_is_up(True)
+        filt_cls = self.class_map['AggregateMultiTenancyIsolation']()
+        aggr_meta = {'filter_tenant_id': 'my_tenantid'}
+        self._create_aggregate_with_host(name='fake1', metadata=aggr_meta,
+                                         hosts=['host1'])
+        filter_properties = {'context': self.context,
+                             'request_spec': {
+                                 'instance_properties': {
+                                     'project_id': 'my_tenantid'}}}
+        host = fakes.FakeHostState('host1', 'compute', {})
+        self.assertTrue(filt_cls.host_passes(host, filter_properties))
+
+    def test_aggregate_multi_tenancy_isolation_fails(self):
+        self._stub_service_is_up(True)
+        filt_cls = self.class_map['AggregateMultiTenancyIsolation']()
+        aggr_meta = {'filter_tenant_id': 'other_tenantid'}
+        self._create_aggregate_with_host(name='fake1', metadata=aggr_meta,
+                                         hosts=['host1'])
+        filter_properties = {'context': self.context,
+                             'request_spec': {
+                                 'instance_properties': {
+                                     'project_id': 'my_tenantid'}}}
+        host = fakes.FakeHostState('host1', 'compute', {})
+        self.assertFalse(filt_cls.host_passes(host, filter_properties))
+
+    def test_aggregate_multi_tenancy_isolation_no_meta_passes(self):
+        self._stub_service_is_up(True)
+        filt_cls = self.class_map['AggregateMultiTenancyIsolation']()
+        aggr_meta = {}
+        self._create_aggregate_with_host(name='fake1', metadata=aggr_meta,
+                                         hosts=['host1'])
+        filter_properties = {'context': self.context,
+                             'request_spec': {
+                                 'instance_properties': {
+                                     'project_id': 'my_tenantid'}}}
+        host = fakes.FakeHostState('host1', 'compute', {})
+        self.assertTrue(filt_cls.host_passes(host, filter_properties))
-- 
cgit