Do not allow create limits for domain

Keystone now doesn't support domain-level limits. When creating
limits, if the input project_id is a domain id, it should not be
allowed.

Change-Id: Ifafd96113499d533341870960f294dd5fada477d
Closes-Bug: #1785164

keystone/limit/core.py

@@ -54,7 +54,11 @@ class Manager(manager.Manager):
                 PROVIDERS.catalog_api.get_region(region_id)
             project_id = unified_limit.get('project_id')
             if project_id is not None:
-                PROVIDERS.resource_api.get_project(project_id)
+                project = PROVIDERS.resource_api.get_project(project_id)
+                # Keystone now does not support domain-level limits. This
+                # check can be removed if it'll be supported in the future.
+                if project['is_domain']:
+                    raise exception.ProjectNotFound(project_id=project_id)
         except exception.ServiceNotFound:
             raise exception.ValidationError(attribute='service_id',
                                             target=target)

keystone/tests/unit/test_limits.py

@@ -525,6 +525,16 @@ class LimitsTestCase(test_v3.RestfulTestCase):
             self.assertEqual(limits[0][key], ref[key])
         self.assertIsNone(limits[0]['description'])
 
+    def test_create_limit_with_domain_as_project(self):
+        ref = unit.new_limit_ref(project_id=self.domain_id,
+                                 service_id=self.service_id,
+                                 region_id=self.region_id,
+                                 resource_name='volume')
+        self.post(
+            '/limits',
+            body={'limits': [ref]},
+            expected_status=http_client.BAD_REQUEST)
+
     def test_create_multi_limit(self):
         ref1 = unit.new_limit_ref(project_id=self.project_id,
                                   service_id=self.service_id,