Comment 1 for bug 1802111

Yup, this is a known limitation, and also that the AggregateMultiTenancyIsolation filter doesn't allow scoping to keystone domains. I think there is a Public Cloud SIG bug related to this as well.

The good news is once you get to Rocky, you can use the placement request filter to filter aggregates per tenant which supersedes the AggregateMultiTenancyIsolation filter:

https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html#tenant-isolation-with-placement

The docs don't mention it (I don't think), but that placement request filter does allow namespacing the aggregate metadata so you can add as many tenants as you want:

https://github.com/openstack/nova/blob/e27905f482ba26d2bbf3ae5d948dee37523042d5/nova/scheduler/request_filter.py#L46