Pulp is going to gain the concept of a domain (similar to a namespace) to enable true multi-tenancy. Most all Pulp models except User, Group and Role would gain a foreign key to a domain, and add it to all their uniqueness constraints. See  for all models gaining or not gaining a foreign key to a domain. Roles will now be assigned on the global, domain and object level. Since most objects will be apart of a domain, object permissions will be scoped to that domain. Storage will become configurable on the domain level with two different domains being able to store the same artifact twice, each in their own storage bucket. Domains will be isolated from each other and cross-domain object usage will not be allowed. This feature will be opt-in with a new settings flag and should not break existing plugins. However, plugins will be required to make changes if they want to support this feature. Behind the scenes a default domain (named “default”) will be created and added to all current Pulp objects. With this feature disabled objects and actions will be scoped to the default domain with the current API urls staying the same. With the feature enabled all scoped objects & actions will require the domain name in the url.
The current pulpcore & pulp_file implementation of this feature can be found at  . Please have a look and leave comments and questions.