feat: Add initial Tenant traits and data structures

harmony/src/domain/topology/tenant/mod.rs

@@ -0,0 +1,186 @@
+use std::collections::HashMap;
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] // Assuming serde for Scores
+pub struct TenantConfig {
+    /// A unique, human-readable name for the tenant (e.g., "client-alpha", "project-phoenix").
+    /// This will be used as the primary identifier for management operations.
+    pub name: String,
+
+    /// An optional description for the tenant.
+    pub description: Option<String>,
+
+    /// Desired resource allocations and limits for the tenant.
+    pub resource_limits: ResourceLimits,
+
+    /// High-level network isolation policies for the tenant.
+    pub network_policy: TenantNetworkPolicy,
+
+    /// Key-value pairs for provider-specific tagging, labeling, or metadata.
+    /// Useful for billing, organization, or filtering within the provider's console.
+    pub labels_or_tags: HashMap<String, String>,
+    // Note: User/group management for the tenant is deferred to a future ADR.
+    // For now, the TenantManager sets up the space; how it's accessed internally
+    // by the tenant's own users is a separate concern.
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub struct TenantContext {
+    /// The provider-specific internal identifier for the tenant's primary isolation unit
+    /// (e.g., Kubernetes namespace name, OpenStack project ID, AWS Account ID).
+    pub provider_internal_id: String,
+
+    /// The logical name of the tenant, matching `TenantConfig.name`.
+    pub name: String,
+
+    /// Current operational status of the tenant.
+    pub status: TenantStatus,
+
+    /// Effective resource limits currently applied to the tenant.
+    /// This might differ slightly from requested if the provider adjusted them.
+    pub effective_resource_limits: ResourceLimits,
+
+    /// Effective network policy currently applied.
+    pub effective_network_policy: TenantNetworkPolicy,
+
+    /// Additional provider-specific data or endpoints relevant to the tenant.
+    /// (e.g., K8s API server endpoint scoped to the namespace, if applicable).
+    pub provider_specific_data: HashMap<String, String>,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub enum TenantStatus {
+    Provisioning,
+    Active,
+    Updating,
+    Deleting,
+    Error(String),
+    Unknown,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, Default)]
+pub struct ResourceLimits {
+    /// Requested/guaranteed CPU cores (e.g., 2.0).
+    pub cpu_request_cores: Option<f32>,
+    /// Maximum CPU cores the tenant can burst to (e.g., 4.0).
+    pub cpu_limit_cores: Option<f32>,
+
+    /// Requested/guaranteed memory in Gigabytes (e.g., 8.0).
+    pub memory_request_gb: Option<f32>,
+    /// Maximum memory in Gigabytes tenant can burst to (e.g., 16.0).
+    pub memory_limit_gb: Option<f32>,
+
+    /// Total persistent storage allocation in Gigabytes across all volumes.
+    pub storage_total_gb: Option<u64>,
+    /// Maximum number of distinct persistent volumes/claims.
+    pub persistent_volume_claim_count: Option<u32>,
+    // /// Optional: Storage limits per class, if needed for more granular control.
+    // pub storage_gb_per_class: Option<HashMap<String, u64>>,
+
+    /// Maximum number of load balancers.
+    pub load_balancer_count: Option<u32>,
+    /// Maximum number of public IP addresses.
+    pub public_ip_count: Option<u32>,
+
+    /// Provider-specific or custom quotas (e.g., "gpu_count:2", "snapshot_count:10").
+    /// Values are strings to accommodate various provider formats.
+    pub custom_quotas: HashMap<String, String>,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub struct TenantNetworkPolicy {
+    /// Policy for ingress traffic originating from other tenants within the same Harmony-managed environment.
+    pub default_inter_tenant_ingress: InterTenantIngressPolicy,
+
+    /// Policy for egress traffic destined for the public internet.
+    pub default_internet_egress: InternetEgressPolicy,
+
+    /// List of common cluster-internal services this tenant should be ableto access.
+    pub allowed_cluster_services: Vec<ClusterServiceType>,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub enum InterTenantIngressPolicy {
+    /// Deny all traffic from other tenants by default.
+    DenyAll,
+    // Future: AllowFromSameGroup (if tenants can be logically grouped)
+    // Future: AllowLabeled (if tenants can specify labels for selective inter-tenant comms)
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub enum InternetEgressPolicy {
+    /// Allow all outbound traffic to the internet.
+    AllowAll,
+    /// Deny all outbound traffic to the internet by default.
+    DenyAll,
+}
+
+#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
+pub enum ClusterServiceType {
+    /// e.g., kube-dns, CoreDNS.
+    Dns,
+    /// Access to an internal image registry.
+    InternalImageRegistry,
+    /// Access to centralized monitoring endpoints (e.g., Prometheus federation).
+    MonitoringService,
+}
+
+use async_trait::async_trait;
+use serde::{Deserialize, Serialize};
+
+use crate::executors::ExecutorError;
+
+#[async_trait]
+pub trait TenantManager: Send + Sync + std::fmt::Debug {
+    /// Provisions a new tenant based on the provided configuration.
+    /// This operation should be idempotent; if a tenant with the same `config.name`
+    /// already exists and matches the config, it may succeed without changes.
+    /// If it exists but differs, it might return an error or attempt to update (TBD by implementer).
+    ///
+    /// # Arguments
+    /// * `config`: The desired configuration for the new tenant.
+    ///
+    /// # Returns
+    /// A `TenantContext` representing the provisioned tenant.
+    async fn provision_tenant(&self, config: &TenantConfig) -> Result<TenantContext, ExecutorError>;
+
+    /// Retrieves the current details and context of an existing tenant.
+    ///
+    /// # Arguments
+    /// * `tenant_name`: The logical name of the tenant to retrieve.
+    ///
+    /// # Returns
+    /// An `Option<TenantContext>`, which is `None` if the tenant does not exist.
+    async fn get_tenant_details(&self, tenant_name: &str) -> Result<Option<TenantContext>, ExecutorError>;
+
+    /// Updates the resource limits for an existing tenant.
+    ///
+    /// # Arguments
+    /// * `tenant_name`: The logical name of the tenant to update.
+    /// * `new_limits`: The new set of resource limits to apply.
+    async fn update_tenant_resource_limits(
+        &self,
+        tenant_name: &str,
+        new_limits: &ResourceLimits,
+    ) -> Result<(), ExecutorError>;
+
+    /// Updates the high-level network isolation policy for an existing tenant.
+    ///
+    /// # Arguments
+    /// * `tenant_name`: The logical name of the tenant to update.
+    /// * `new_policy`: The new network policy to apply.
+    async fn update_tenant_network_policy(
+        &self,
+        tenant_name: &str,
+        new_policy: &TenantNetworkPolicy,
+    ) -> Result<(), ExecutorError>;
+
+    /// Decommissions an existing tenant, removing its isolated context and associated resources.
+    /// This operation should be idempotent.
+    ///
+    /// # Arguments
+    /// * `tenant_name`: The logical name of the tenant to deprovision.
+    async fn deprovision_tenant(&self, tenant_name: &str) -> Result<(), ExecutorError>;
+
+    /// Lists the logical names of all tenants currently managed by this `TenantManager` instance.
+    async fn list_tenant_names(&self) -> Result<Vec<String>, ExecutorError>;
+}