review controllers.py and core.py

Change-Id: Ia71986f174f6cbf92868f7535504523292472e25
Signed-off-by: WuKong <rebirthmonkey@gmail.com>

diff --git a/keystone-moon/keystone/contrib/moon/algorithms.py b/keystone-moon/keystone/contrib/moon/algorithms.py
index bfdfc5c..e43e922 100644 (file)
--- a/keystone-moon/keystone/contrib/moon/algorithms.py
+++ b/keystone-moon/keystone/contrib/moon/algorithms.py
@@ -34,7 +34,7 @@ rule_dict = [
 ]
 """
 
-def algo_inclusion(authz_buffer, sub_meta_rule_dict, rule_dict):
+def inclusion(authz_buffer, sub_meta_rule_dict, rule_dict):
     _cat = []
     for subject_cat in sub_meta_rule_dict['subject_categories']:
         if subject_cat in authz_buffer['subject_attributes']:
@@ -53,11 +53,11 @@ def algo_inclusion(authz_buffer, sub_meta_rule_dict, rule_dict):
     return False
 
 
-def algo_comparison(_authz_buffer, _sub_meta_rule_dict, _rule_dict):
+def comparison(_authz_buffer, _sub_meta_rule_dict, _rule_dict):
     return
 
 
-def aggr_all_true(decision_buffer):
+def all_true(decision_buffer):
     for _rule in decision_buffer:
         if decision_buffer[_rule] is False:
             return False

diff --git a/keystone-moon/keystone/contrib/moon/backends/memory.py b/keystone-moon/keystone/contrib/moon/backends/memory.py
new file mode 100644 (file)
index 0000000..d186a1a
--- /dev/null
+++ b/keystone-moon/keystone/contrib/moon/backends/memory.py
@@ -0,0 +1,64 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+from keystone import config
+from keystone.contrib.moon.core import ConfigurationDriver
+from keystone.contrib.moon.core import TenantDriver
+# from keystone.contrib.moon.core import SuperExtensionDriver
+
+
+
+CONF = config.CONF
+
+
+class ConfigurationConnector(ConfigurationDriver):
+
+    def __init__(self):
+        super(ConfigurationConnector, self).__init__()
+
+    def get_policy_templete_dict(self):
+        # TODO (dthom)
+        pass
+
+    def get_aggregation_algorithm_dict(self):
+        aggregation_algorithm_dict = dict()
+        aggregation_algorithm_dict[uuid4()] = "all_true"
+        return aggregation_algorithm_dict
+
+    def get_sub_meta_rule_algorithm_dict(self):
+        sub_meta_rule_algorithm_dict = dict()
+        sub_meta_rule_algorithm_dict[uuid4()] = "inclusion"
+        sub_meta_rule_algorithm_dict[uuid4()] = "comparison"
+        return sub_meta_rule_algorithm_dict
+
+
+class TenantConnector(TenantDriver):
+
+    def get_tenant_dict(self):
+        # TODO (dthom)
+        pass
+
+    def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id):
+        # TODO (dthom)
+        pass
+
+
+# class SuperExtensionConnector(SuperExtensionDriver):
+#
+#     def __init__(self):
+#         super(SuperExtensionConnector, self).__init__()
+#         # Super_Extension is loaded every time the server is started
+#         self.__uuid = uuid4().hex
+#         # self.__super_extension = Extension()
+#         _policy_abs_dir = os.path.join(CONF.moon.super_extension_directory, 'policy')
+#         # self.__super_extension.load_from_json(_policy_abs_dir)
+#
+#     def get_super_extensions(self):
+#         return None
+#
+#     def admin(self, sub, obj, act):
+#         # return self.__super_extension.authz(sub, obj, act)
+#         return True

diff --git a/keystone-moon/keystone/contrib/moon/controllers.py b/keystone-moon/keystone/contrib/moon/controllers.py
index d13ba2a..a514fcd 100644 (file)
--- a/keystone-moon/keystone/contrib/moon/controllers.py
+++ b/keystone-moon/keystone/contrib/moon/controllers.py
@@ -16,27 +16,7 @@ CONF = config.CONF
 LOG = log.getLogger(__name__)
 
 
-@dependency.requires('authz_api')
-class Authz_v3(controller.V3Controller):
-
-    def __init__(self):
-        super(Authz_v3, self).__init__()
-
-    @controller.protected()
-    def get_authz(self, context, tenant_name, subject_name, object_name, action_name):
-        try:
-            _authz = self.authz_api.authz(tenant_name, subject_name, object_name, action_name)
-        except TenantNotFound:
-            _authz = True
-        except:
-            _authz = False
-        return {"authz": _authz,
-                "tenant_name": tenant_name,
-                "subject_name": subject_name,
-                "object_name": object_name,
-                "action_name": action_name}
-
-
+@dependency.requires('configuration_api')
 class Configuration(controller.V3Controller):
     collection_name = 'configurations'
     member_name = 'configuration'
@@ -45,9 +25,10 @@ class Configuration(controller.V3Controller):
         super(Configuration, self).__init__()
 
     @controller.protected()
-    def get_templetes(self, context, **kw):
+    def get_policy_templetes(self, context, **kw):
         user_id = self._get_user_uuid_from_token(context["token_id"])
-        # TODO: belowing code should be move to core.py in the admin_api
+        # TODO: belowing code should be move to core.py
+        # TODO: return self.configuration_api_get_policy_templete_dict(user_id)
         nodes = glob.glob(os.path.join(CONF.moon.policy_directory, "*"))
         return {
             "authz_templetes":
@@ -62,7 +43,7 @@ class Configuration(controller.V3Controller):
         :return: {aggregation_algorithm_id: description}
         """
         user_id = self._get_user_uuid_from_token(context["token_id"])
-        return self.admin_api.get_aggregation_algorithm_dict(user_id)
+        return self.configuration_api.get_aggregation_algorithm_dict(user_id)
 
     @controller.protected()
     def get_sub_meta_rule_algorithms(self, context, **kw):
@@ -72,7 +53,75 @@ class Configuration(controller.V3Controller):
         :return: {sub_meta_rule_algorithm_id: description}
         """
         user_id = self._get_user_uuid_from_token(context["token_id"])
-        return self.admin_api.get_sub_meta_rule_algorithms(user_id)
+        return self.configuration_api.get_sub_meta_rule_algorithm_dict(user_id)
+
+
+@dependency.requires('tenant_api', 'resource_api')
+class Tenants(controller.V3Controller):
+
+    def __init__(self):
+        super(Tenants, self).__init__()
+
+    def _get_user_id_from_token(self, token_id):
+        response = self.token_provider_api.validate_token(token_id)
+        token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
+        return token_ref['user']
+
+    @controller.protected()
+    def get_tenants(self, context, **kw):
+        user_id = self._get_user_id_from_token(context["token_id"])
+        return self.tenant_api.get_tenant_dict(user_id)
+
+    @controller.protected()
+    def add_tenant(self, context, **kw):
+        user_id = self._get_user_id_from_token(context["token_id"])
+        # TODO: get tenant name from keystone
+        tenant_name = kw.get("tenant_name")
+        intra_authz_ext_id = kw.get("intra_authz_ext_id")
+        intra_admin_ext_id = kw.get("intra_admin_ext_id")
+        return self.tenant_api.add_tenant(user_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id)
+
+    @controller.protected()
+    def get_tenant(self, context, **kw):
+        user_id = self._get_user_id_from_token(context["token_id"])
+        tenant_id = kw.get("tenant_id")
+        return self.tenant_api.get_tenant(user_id, tenant_id)
+
+    @controller.protected()
+    def del_tenant(self, context, **kw):
+        user_id = self._get_user_id_from_token(context["token_id"])
+        tenant_id = kw.get("tenant_id")
+        return self.tenant_api.del_tenant(user_id, tenant_id)
+
+    """def load_tenant(self, context, **kw):
+        user_id = self._get_user_id_from_token(context["token_id"])
+        tenant_id = kw["tenant_id"]
+        tenant_name = self.resource_api.get_project(tenant_id)["name"]
+        intra_authz_ext_id = kw.get("intra_authz_ext_id")
+        intra_admin_ext_id = kw.get("intra_admin_ext_id")
+        self.tenant_api.add_tenant_dict(
+            user_id,
+            tenant_id,
+            tenant_name,
+            intra_authz_ext_id,
+            intra_admin_ext_id)
+    """
+
+
+@dependency.requires('authz_api')
+class Authz_v3(controller.V3Controller):
+
+    def __init__(self):
+        super(Authz_v3, self).__init__()
+
+    @controller.protected()
+    def get_authz(self, context, tenant_name, subject_name, object_name, action_name):
+        try:
+            return self.authz_api.authz(tenant_name, subject_name, object_name, action_name)
+        except TenantIDNotFound:
+            return True
+        except:
+            return False
 
 
 @dependency.requires('admin_api', 'authz_api')
@@ -651,58 +700,6 @@ class IntraExtensions(controller.V3Controller):
         return self.admin_api.del_rule(user_id, ie_id, sub_meta_rule_id, rule_id)
 
 
-@dependency.requires('tenant_api', 'resource_api')
-class Tenants(controller.V3Controller):
-
-    def __init__(self):
-        super(Tenants, self).__init__()
-
-    def _get_user_id_from_token(self, token_id):
-        response = self.token_provider_api.validate_token(token_id)
-        token_ref = token_model.KeystoneToken(token_id=token_id, token_data=response)
-        return token_ref['user']
-
-    @controller.protected()
-    def get_tenants(self, context, **kw):
-        user_id = self._get_user_id_from_token(context["token_id"])
-        return self.tenant_api.get_tenant_dict(user_id)
-
-    @controller.protected()
-    def add_tenant(self, context, **kw):
-        user_id = self._get_user_id_from_token(context["token_id"])
-        tenant_dict = dict()
-        # TODO: get tenant name from keystone
-        tenant_dict["tenant_name"] = kw.get("tenant_name")
-        tenant_dict["intra_authz_ext_id"] = kw.get("intra_authz_ext_id")
-        tenant_dict["intra_admin_ext_id"] = kw.get("intra_admin_ext_id")
-        return self.tenant_api.add_tenant_dict(user_id, tenant_dict)
-
-    @controller.protected()
-    def get_tenant(self, context, **kw):
-        user_id = self._get_user_id_from_token(context["token_id"])
-        tenant_id = kw.get("tenant_id")
-        return self.tenant_api.get_tenant_dict(user_id)[tenant_id]
-
-    @controller.protected()
-    def del_tenant(self, context, **kw):
-        user_id = self._get_user_id_from_token(context["token_id"])
-        tenant_id = kw.get("tenant_id")
-        return self.tenant_api.del_tenant(user_id, tenant_id)
-
-    """def load_tenant(self, context, **kw):
-        user_id = self._get_user_id_from_token(context["token_id"])
-        tenant_id = kw["tenant_id"]
-        tenant_name = self.resource_api.get_project(tenant_id)["name"]
-        intra_authz_ext_id = kw.get("intra_authz_ext_id")
-        intra_admin_ext_id = kw.get("intra_admin_ext_id")
-        self.tenant_api.add_tenant_dict(
-            user_id,
-            tenant_id,
-            tenant_name,
-            intra_authz_ext_id,
-            intra_admin_ext_id)
-    """
-
 @dependency.requires('authz_api')
 class InterExtensions(controller.V3Controller):
 

diff --git a/keystone-moon/keystone/contrib/moon/core.py b/keystone-moon/keystone/contrib/moon/core.py
index ad6bf93..d5d2e10 100644 (file)
--- a/keystone-moon/keystone/contrib/moon/core.py
+++ b/keystone-moon/keystone/contrib/moon/core.py
@@ -26,24 +26,27 @@ CONF = config.CONF
 LOG = log.getLogger(__name__)
 
 _OPTS = [
+    cfg.StrOpt('configuration_driver',
+               default='keystone.contrib.moon.backends.sql.ConfigurationConnector',
+               help='Configuration backend driver.'),
+    cfg.StrOpt('tenant_driver',
+               default='keystone.contrib.moon.backends.sql.TenantConnector',
+               help='Tenant backend driver.'),
     cfg.StrOpt('authz_driver',
                default='keystone.contrib.moon.backends.flat.SuperExtensionConnector',
                help='Authorisation backend driver.'),
-    cfg.StrOpt('log_driver',
-               default='keystone.contrib.moon.backends.flat.LogConnector',
-               help='Logs backend driver.'),
-    cfg.StrOpt('superextension_driver',
-               default='keystone.contrib.moon.backends.flat.SuperExtensionConnector',
-               help='SuperExtension backend driver.'),
     cfg.StrOpt('intraextension_driver',
                default='keystone.contrib.moon.backends.sql.IntraExtensionConnector',
                help='IntraExtension backend driver.'),
-    cfg.StrOpt('tenant_driver',
-               default='keystone.contrib.moon.backends.sql.TenantConnector',
-               help='Tenant backend driver.'),
     cfg.StrOpt('interextension_driver',
                default='keystone.contrib.moon.backends.sql.InterExtensionConnector',
                help='InterExtension backend driver.'),
+    cfg.StrOpt('superextension_driver',
+               default='keystone.contrib.moon.backends.flat.SuperExtensionConnector',
+               help='SuperExtension backend driver.'),
+    cfg.StrOpt('log_driver',
+               default='keystone.contrib.moon.backends.flat.LogConnector',
+               help='Logs backend driver.'),
     cfg.StrOpt('policy_directory',
                default='/etc/keystone/policies',
                help='Local directory where all policies are stored.'),
@@ -113,133 +116,167 @@ def filter_input(data):
         LOG.error("Error in filtering input data: {}".format(data))
 
 
-@dependency.provider('moonlog_api')
-class LogManager(manager.Manager):
+@dependency.provider('configuration_api')
+@dependency.requires('moonlog_api')
+class ConfigurationManager(manager.Manager):
 
     def __init__(self):
-        driver = CONF.moon.log_driver
-        super(LogManager, self).__init__(driver)
-
-    def get_logs(self, logger="authz", options="", event_number=None, time_from=None, time_to=None, filter_str=None):
-
-        if len(options) > 0:
-            options = options.split(",")
-            event_number = None
-            time_from = None
-            time_to = None
-            filter_str = None
-            for opt in options:
-                if "event_number" in opt:
-                    event_number = "".join(re.findall("\d*", opt.split("=")[-1]))
-                    try:
-                        event_number = int(event_number)
-                    except ValueError:
-                        event_number = None
-                elif "from" in opt:
-                    time_from = "".join(re.findall("[\w\-:]*", opt.split("=")[-1]))
-                    try:
-                        time_from = time.strptime(time_from, self.TIME_FORMAT)
-                    except ValueError:
-                        time_from = None
-                elif "to" in opt:
-                    time_to = "".join(re.findall("[\w\-:] *", opt.split("=")[-1]))
-                    try:
-                        time_to = time.strptime(time_to, self.TIME_FORMAT)
-                    except ValueError:
-                        time_to = None
-                elif "filter" in opt:
-                    filter_str = "".join(re.findall("\w*", opt.split("=")[-1]))
-        return self.driver.get_logs(logger, event_number, time_from, time_to, filter_str)
+        super(ConfigurationManager, self).__init__(CONF.moon.configuration_driver)
 
-    def get_authz_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None):
-        return self.get_logs(
-            logger="authz",
-            options="",
-            event_number=None,
-            time_from=None,
-            time_to=None,
-            filter_str=None)
-
-    def get_sys_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None):
-        return self.get_logs(
-            logger="sys",
-            options="",
-            event_number=None,
-            time_from=None,
-            time_to=None,
-            filter_str=None)
+    def get_policy_templete_dict(self, user_id):
+        """
+        Return a dictionary of all policy templetes
+        :return: {templete_id: templete_description, ...}
+        """
+        # TODO: check user right with user_id in SuperExtension
+        return self.driver.get_policy_templete_dict()
 
-    def authz(self, message):
-        return self.driver.authz(message)
+    def get_policy_templete_id_from_name(self, user_id, policy_templete_name):
+        # TODO: check user right with user_id in SuperExtension
+        policy_templete_dict = self.driver.get_policy_templete_dict()
+        for policy_templete_id in policy_templete_dict:
+            if policy_templete_dict[policy_templete_id] is policy_templete_name:
+                return policy_templete_id
+        return None
 
-    def debug(self, message):
-        return self.driver.debug(message)
-
-    def info(self, message):
-        return self.driver.info(message)
+    def get_aggregation_algorithm_dict(self, user_id):
+        """
+        Return a dictionary of all aggregation algorithm
+        :return: {aggre_algo_id: aggre_algo_description, ...}
+        """
+        # TODO: check user right with user_id in SuperExtension
+        return self.driver.get_aggregation_algorithm_dict()
 
-    def warning(self, message):
-        return self.driver.warning(message)
+    def get_aggregation_algorithm_id_from_name(self, user_id, aggregation_algorithm_name):
+        # TODO: check user right with user_id in SuperExtension
+        aggregation_algorithm_dict = self.driver.get_aggregation_algorithm_dict()
+        for aggregation_algorithm_id in aggregation_algorithm_dict:
+            if aggregation_algorithm_dict[aggregation_algorithm_id] is aggregation_algorithm_name:
+                return aggregation_algorithm_id
+        return None
 
-    def error(self, message):
-        return self.driver.error(message)
+    def get_sub_meta_rule_algorithm_dict(self, user_id):
+        """
+        Return a dictionary of sub_meta_rule algorithm
+        :return: {sub_meta_rule_id: sub_meta_rule_description, }
+        """
+        # TODO: check user right with user_id in SuperExtension
+        return self.driver.get_sub_meta_rule_algorithm_dict()
 
-    def critical(self, message):
-        return self.driver.critical(message)
+    def get_sub_meta_rule_algorithm_id_from_name(self, sub_meta_rule_algorithm_name):
+        # TODO: check user right with user_id in SuperExtension
+        sub_meta_rule_algorithm_dict = self.driver.get_sub_meta_rule_algorithm_dict()
+        for sub_meta_rule_algorithm_id in sub_meta_rule_algorithm_dict:
+            if sub_meta_rule_algorithm_dict[sub_meta_rule_algorithm_id] is sub_meta_rule_algorithm_name:
+                return sub_meta_rule_algorithm_id
+        return None
 
 
 @dependency.provider('tenant_api')
-@dependency.requires('moonlog_api')
+@dependency.requires('moonlog_api')  # TODO: log should be totally removed to exception.py
 class TenantManager(manager.Manager):
 
     def __init__(self):
         super(TenantManager, self).__init__(CONF.moon.tenant_driver)
 
-    def get_tenant_dict(self):
+    def __get_tenant_dict(self):
         """
-        Return a dictionnary with all tenants
+        Return a dictionary with all tenants
         :return: dict
         """
         try:
             return self.driver.get_tenant_dict()
         except TenantListEmpty:
+            # TODO: move log to Exception
             self.moonlog_api.error(_("Tenant Mapping list is empty."))
             return {}
 
-    def get_tenant_name(self, tenant_uuid):
-        _tenant_dict = self.get_tenant_dict()
-        if tenant_uuid not in _tenant_dict:
-            raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
-        return _tenant_dict[tenant_uuid]["name"]
+    def get_tenant_dict(self, user_id):
+        """
+        Return a dictionary with all tenants
+        :return: dict
+        """
+        # TODO: check user right with user_id in SuperExtension
+        return self.__get_tenant_dict()
+
+    def add_tenant(self, user_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id):
+        # TODO: check user right with user_id in SuperExtension
+        try:
+            return self.driver.set_tenant(uuid4().hex, tenant_name, intra_authz_ext_id, intra_admin_ext_id)
+        except AddedTenantNameExist:
+            return None
+
+    def get_tenant(self, user_id, tenant_id):
+        # TODO: check user right with user_id in SuperExtension
+        tenant_dict = self.__get_tenant_dict()
+        if tenant_id not in tenant_dict:
+            raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id)))
+        return tenant_dict[tenant_id]
+
+    def del_tenant(self, user_id, tenant_id):
+        # TODO: check user right with user_id in SuperExtension
+        tenant_dict = self.__get_tenant_dict()
+        try:
+            return tenant_dict.pop(tenant_id)
+        except KeyError:
+            raise TenantIDNotFound
+
+    def set_tenant_dict(self, user_id, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id):
+        # TODO: check user right with user_id in SuperExtension
+        # TODO (dthom): Tenant must be checked against Keystone database.
+        return self.driver.set_tenant(tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id)
+
+    def get_tenant_name(self, user_id, tenant_id):
+        # TODO: check user right with user_id in SuperExtension
+        tenant_dict = self.__get_tenant_dict()
+        if tenant_id not in tenant_dict:
+            raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id)))
+        return tenant_dict[tenant_id]["name"]
+
+    def set_tenant_name(self, user_id, tenant_id, tenant_name):
+        # TODO: check user right with user_id in SuperExtension
+        tenant_dict = self.__get_tenant_dict()
+        if tenant_id not in tenant_dict:
+            raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id)))
+        return self.driver.set_tenant(
+            self,
+            tenant_id,
+            tenant_name,
+            tenant_dict[tenant_id]['intra_authz_ext_id'],
+            tenant_dict[tenant_id]['intra_admin_ext_id']
+        )
 
-    def set_tenant_name(self, tenant_uuid, tenant_name):
-        _tenant_dict = self.get_tenant_dict()
-        if tenant_uuid not in _tenant_dict:
-            raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
-        _tenant_dict[tenant_uuid]['name'] = tenant_name
-        return self.driver.set_tenant_dict(_tenant_dict)
+    def get_tenant_id_from_name(self, user_id, tenant_name):
+        # TODO: check user right with user_id in SuperExtension
+        tenant_dict = self.__get_tenant_dict()
+        for tenant_id in tenant_dict:
+            if tenant_dict[tenant_id]["name"] is tenant_name:
+                return tenant_id
+        return None
 
-    def get_extension_uuid(self, tenant_uuid, scope="authz"):
+    def get_tenant_intra_extension_id(self, tenant_id, genre="authz"):
         """
         Return the UUID of the scoped extension for a particular tenant.
-        :param tenant_uuid: UUID of the tenant
-        :param scope: "admin" or "authz"
+        :param tenant_id: UUID of the tenant
+        :param genre: "admin" or "authz"
         :return (str): the UUID of the scoped extension
         """
         # 1 tenant only with 1 authz extension and 1 admin extension
-        _tenant_dict = self.get_tenant_dict()
-        if tenant_uuid not in _tenant_dict:
-            raise TenantNotFound(_("Tenant UUID ({}) was not found.".format(tenant_uuid)))
-        if not _tenant_dict[tenant_uuid][scope]:
-            raise IntraExtensionNotFound(_("No IntraExtension found for Tenant {}.".format(tenant_uuid)))
-        return _tenant_dict[tenant_uuid][scope]
-
+        tenant_dict = self.__get_tenant_dict()
+        if tenant_id not in tenant_dict:
+            raise TenantIDNotFound(_("Tenant UUID ({}) was not found.".format(tenant_id)))
+        if not tenant_dict[tenant_id][genre]:
+            raise IntraExtensionNotFound(_("No IntraExtension found for Tenant {}.".format(tenant_id)))
+        return tenant_dict[tenant_id][genre]
+
+    # TODO: check if we need the func
     def get_tenant_uuid(self, extension_uuid):
         for _tenant_uuid, _tenant_value in six.iteritems(self.get_tenant_dict()):
             if extension_uuid == _tenant_value["authz"] or extension_uuid == _tenant_value["admin"]:
                 return _tenant_uuid
-        raise TenantNotFound()
+        raise TenantIDNotFound()
 
+    # TODO: check if we need the func
     def get_admin_extension_uuid(self, authz_extension_uuid):
         _tenants = self.get_tenant_dict()
         for _tenant_uuid in _tenants:
@@ -251,6 +288,7 @@ class TenantManager(manager.Manager):
         # to allow or not the fact that Admin IntraExtension can be None
         # raise AdminIntraExtensionNotFound()
 
+    # TODO: check if we need the func
     def delete(self, authz_extension_uuid):
         _tenants = self.get_tenant_dict()
         for _tenant_uuid in _tenants:
@@ -259,42 +297,23 @@ class TenantManager(manager.Manager):
         raise AuthzIntraExtensionNotFound(_("No IntraExtension found mapping this Authz IntraExtension: {}.".format(
             authz_extension_uuid)))
 
-    def set_tenant_dict(self, tenant_uuid, name, authz_extension_uuid, admin_extension_uuid):
-        tenant = {
-            tenant_uuid: {
-                "name": name,
-                "authz": authz_extension_uuid,
-                "admin": admin_extension_uuid
-            }
-        }
-        # TODO (dthom): Tenant must be checked against Keystone database.
-        return self.driver.set_tenant_dict(tenant)
-
 
-class TenantDriver:
-
-    def get_tenant_dict(self):
-        raise exception.NotImplemented()  # pragma: no cover
-
-    def set_tenant_dict(self, tenant):
-        raise exception.NotImplemented()  # pragma: no cover
-
-
-@dependency.requires('identity_api', 'moonlog_api', 'tenant_api', 'authz_api', 'admin_api')
+@dependency.requires('identity_api', 'tenant_api', 'authz_api', 'admin_api', 'moonlog_api')
 class IntraExtensionManager(manager.Manager):
 
     __genre__ = None
+    __default_user = uuid4().hex()  # default user_id for internal invocation
 
     def __init__(self):
         driver = CONF.moon.intraextension_driver
         super(IntraExtensionManager, self).__init__(driver)
 
-    def __get_authz_buffer(self, intra_extension_uuid, subject_uuid, object_uuid, action_uuid):
+    def __get_authz_buffer(self, intra_extension_id, subject_id, object_id, action_id):
         """
-        :param intra_extension_uuid:
-        :param subject_uuid:
-        :param object_uuid:
-        :param action_uuid:
+        :param intra_extension_id:
+        :param subject_id:
+        :param object_id:
+        :param action_id:
         :return: authz_buffer = {
             'subject_uuid': xxx,
             'object_uuid': yyy,
@@ -310,33 +329,33 @@ class IntraExtensionManager(manager.Manager):
         }
         """
 
-        if not self.driver.get_intra_extension(intra_extension_uuid):
+        if not self.driver.get_intra_extension(intra_extension_id):
             raise IntraExtensionNotFound()
 
         _authz_buffer = dict()
-        _authz_buffer['subject_uuid'] = subject_uuid
-        _authz_buffer['object_uuid'] = object_uuid
-        _authz_buffer['action_uuid'] = action_uuid
+        _authz_buffer['subject_id'] = subject_id
+        _authz_buffer['object_id'] = object_id
+        _authz_buffer['action_id'] = action_id
 
         _meta_data_dict = {}
-        _meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_uuid)["subject_categories"]
-        _meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_uuid)["object_categories"]
-        _meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_uuid)["action_categories"]
+        _meta_data_dict["subject_categories"] = self.driver.get_subject_category_dict(intra_extension_id)["subject_categories"]
+        _meta_data_dict["object_categories"] = self.driver.get_object_category_dict(intra_extension_id)["object_categories"]
+        _meta_data_dict["action_categories"] = self.driver.get_action_category_dict(intra_extension_id)["action_categories"]
 
         _subject_assignment_dict = dict()
         for category in _meta_data_dict["subject_categories"]:
             _subject_assignment_dict[category] = self.driver.get_subject_category_assignment_dict(
-                intra_extension_uuid, category)["subject_category_assignments"]
+                intra_extension_id, category)["subject_category_assignments"]
 
         _object_assignment_dict = dict()
         for category in _meta_data_dict["object_categories"]:
             _object_assignment_dict[category] = self.driver.get_object_category_assignment_dict(
-                intra_extension_uuid, category)["object_category_assignments"]
+                intra_extension_id, category)["object_category_assignments"]
 
         _action_assignment_dict = dict()
         for category in _meta_data_dict["action_categories"]:
             _action_assignment_dict[category] = self.driver.get_action_category_assignment_dict(
-                intra_extension_uuid, category)["action_category_assignments"]
+                intra_extension_id, category)["action_category_assignments"]
 
         _authz_buffer['subject_attributes'] = dict()
         _authz_buffer['object_attributes'] = dict()
@@ -351,13 +370,13 @@ class IntraExtensionManager(manager.Manager):
 
         return _authz_buffer
 
-    def authz(self, intra_extension_uuid, subject_uuid, object_uuid, action_uuid):
+    def authz(self, intra_extension_id, subject_id, object_id, action_id):
         """Check authorization for a particular action.
 
-        :param intra_extension_uuid: UUID of an IntraExtension
-        :param subject_uuid: subject UUID of the request
-        :param object_uuid: object UUID of the request
-        :param action_uuid: action UUID of the request
+        :param intra_extension_id: UUID of an IntraExtension
+        :param subject_id: subject UUID of the request
+        :param object_id: object UUID of the request
+        :param action_id: action UUID of the request
         :return: True or False or raise an exception
         :raises: (in that order)
             IntraExtensionNotFound
@@ -369,11 +388,11 @@ class IntraExtensionManager(manager.Manager):
             ActionCategoryAssignmentUnknown
         """
 
-        _authz_buffer = self.__get_authz_buffer(intra_extension_uuid, subject_uuid, object_uuid, action_uuid)
+        _authz_buffer = self.__get_authz_buffer(intra_extension_id, subject_id, object_id, action_id)
         _decision_buffer = dict()
 
-        _meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_uuid)
-        _rule_dict = self.driver.get_rule_dict(intra_extension_uuid)
+        _meta_rule_dict = self.driver.get_meta_rule_dict(intra_extension_id)
+        _rule_dict = self.driver.get_rule_dict(intra_extension_id)
 
         for _rule in _meta_rule_dict['sub_meta_rules']:
             if _meta_rule_dict['sub_meta_rules'][_rule]['algorithm'] == 'inclusion':
@@ -508,15 +527,15 @@ class IntraExtensionManager(manager.Manager):
         for category_name, value in json_assignments['subject_assignments'].iteritems():
             category = self.driver.get_uuid_from_name(ie["id"], category_name, self.driver.SUBJECT_CATEGORY)
             for user_name in value:
-                user_uuid = self.driver.get_uuid_from_name(ie["id"], user_name, self.driver.SUBJECT)
-                if user_uuid not in subject_assignments:
-                    subject_assignments[user_uuid] = dict()
-                if category not in subject_assignments[user_uuid]:
-                    subject_assignments[user_uuid][category] = \
+                user_id = self.driver.get_uuid_from_name(ie["id"], user_name, self.driver.SUBJECT)
+                if user_id not in subject_assignments:
+                    subject_assignments[user_id] = dict()
+                if category not in subject_assignments[user_id]:
+                    subject_assignments[user_id][category] = \
                         map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name),
                             value[user_name])
                 else:
-                    subject_assignments[user_uuid][category].extend(
+                    subject_assignments[user_id][category].extend(
                         map(lambda x: self.driver.get_uuid_from_name(ie["id"], x, self.driver.SUBJECT_SCOPE, category_name),
                             value[user_name])
                     )
@@ -684,12 +703,12 @@ class IntraExtensionManager(manager.Manager):
 
     @filter_args
     @enforce("read", "subjects")
-    def get_subject_dict(self, user_uuid, intra_extension_uuid):
+    def get_subject_dict(self, user_id, intra_extension_uuid):
         return self.driver.get_subject_dict(intra_extension_uuid)
 
     @filter_args
     @enforce(("read", "write"), "subjects")
-    def set_subject_dict(self, user_uuid, intra_extension_uuid, subject_list):
+    def set_subject_dict(self, user_id, intra_extension_uuid, subject_list):
         subject_dict = {}
         for _user in subject_list:
             # Next line will raise an error if user is not present in Keystone database
@@ -701,7 +720,7 @@ class IntraExtensionManager(manager.Manager):
 
     @filter_args
     @enforce(("read", "write"), "subjects")
-    def add_subject_dict(self, user_uuid, intra_extension_uuid, subject_name):
+    def add_subject_dict(self, user_id, intra_extension_uuid, subject_name):
         # Next line will raise an error if user is not present in Keystone database
         user = self.identity_api.get_user_by_name(subject_name, "default")
         subjects = self.driver.add_subject(intra_extension_uuid, user["id"], user)
@@ -710,24 +729,24 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "subjects")
     @enforce("write", "subjects")
-    def del_subject(self, user_uuid, intra_extension_uuid, subject_uuid):
+    def del_subject(self, user_id, intra_extension_uuid, subject_uuid):
         self.driver.remove_subject(intra_extension_uuid, subject_uuid)
 
     @filter_args
     @enforce("read", "objects")
-    def get_object_dict(self, user_uuid, intra_extension_uuid):
+    def get_object_dict(self, user_id, intra_extension_uuid):
         return self.driver.get_object_dict(intra_extension_uuid)
 
     @filter_args
     @enforce(("read", "write"), "objects")
-    def set_object_dict(self, user_uuid, intra_extension_uuid, object_list):
+    def set_object_dict(self, user_id, intra_extension_uuid, object_list):
         # TODO (asteroide): we must check input here.
         object_dict = {uuid4().hex: item for item in object_list}
         return self.driver.set_object_dict(intra_extension_uuid, object_dict)
 
     @filter_args
     @enforce(("read", "write"), "objects")
-    def add_object_dict(self, user_uuid, intra_extension_uuid, object_dict):
+    def add_object_dict(self, user_id, intra_extension_uuid, object_dict):
         # TODO (asteroide): we must check input here.
         object_uuid = uuid4().hex
         return self.driver.add_object(intra_extension_uuid, object_uuid, object_dict)
@@ -735,24 +754,24 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "objects")
     @enforce("write", "objects")
-    def del_object(self, user_uuid, intra_extension_uuid, object_uuid):
+    def del_object(self, user_id, intra_extension_uuid, object_uuid):
         self.driver.remove_object(intra_extension_uuid, object_uuid)
 
     @filter_args
     @enforce("read", "actions")
-    def get_action_dict(self, user_uuid, intra_extension_uuid):
+    def get_action_dict(self, user_id, intra_extension_uuid):
         return self.driver.get_action_dict(intra_extension_uuid)
 
     @filter_args
     @enforce(("read", "write"), "actions")
-    def set_action_dict(self, user_uuid, intra_extension_uuid, action_list):
+    def set_action_dict(self, user_id, intra_extension_uuid, action_list):
         # TODO (asteroide): we must check input here.
         action_dict = {uuid4().hex: item for item in action_list}
         return self.driver.set_action_dict(intra_extension_uuid, action_dict)
 
     @filter_args
     @enforce(("read", "write"), "actions")
-    def add_action_dict(self, user_uuid, intra_extension_uuid, action_dict):
+    def add_action_dict(self, user_id, intra_extension_uuid, action_dict):
         # TODO (asteroide): we must check input here.
         action_uuid = uuid4().hex
         return self.driver.add_action(intra_extension_uuid, action_uuid, action_dict)
@@ -760,21 +779,21 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "actions")
     @enforce("write", "actions")
-    def del_action(self, user_uuid, intra_extension_uuid, action_uuid):
+    def del_action(self, user_id, intra_extension_uuid, action_uuid):
         self.driver.remove_action(intra_extension_uuid, action_uuid)
 
     # Metadata functions
 
     @filter_args
     @enforce("read", "subject_categories")
-    def get_subject_category_dict(self, user_uuid, intra_extension_uuid):
+    def get_subject_category_dict(self, user_id, intra_extension_uuid):
         return self.driver.get_subject_category_dict(intra_extension_uuid)
 
     @filter_args
     @enforce("read", "subject_categories")
     @enforce("read", "subject_category_scope")
     @enforce("write", "subject_category_scope")
-    def set_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_list):
+    def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_list):
         subject_category = {uuid4().hex: item for item in subject_category_list}
         subject_category_dict = self.driver.set_subject_category_dict(intra_extension_uuid, subject_category)
         # if we add a new category, we must add it to the subject_category_scope
@@ -788,7 +807,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "subject_categories")
     @enforce("write", "subject_categories")
-    def add_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_dict):
+    def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_dict):
         # TODO (asteroide): we must check input here.
         subject_category_uuid = uuid4().hex
         subject_categories = self.driver.add_subject_category_dict(
@@ -797,19 +816,19 @@ class IntraExtensionManager(manager.Manager):
 
     @filter_args
     @enforce("write", "subject_categories")
-    def del_subject_category(self, user_uuid, intra_extension_uuid, subject_uuid):
+    def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid):
         return self.driver.remove_subject_category(intra_extension_uuid, subject_uuid)
 
     @filter_args
     @enforce("read", "object_categories")
-    def get_object_category_dict(self, user_uuid, intra_extension_uuid):
+    def get_object_category_dict(self, user_id, intra_extension_uuid):
         return self.driver.get_object_category_dict(intra_extension_uuid)
 
     @filter_args
     @enforce("read", "object_categories")
     @enforce("read", "object_category_scope")
     @enforce("write", "object_category_scope")
-    def set_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_list):
+    def set_object_category_dict(self, user_id, intra_extension_uuid, object_category_list):
         # TODO (asteroide): we must check input here.
         object_category = {uuid4().hex: item for item in object_category_list}
         object_category_dict = self.driver.set_object_category_dict(intra_extension_uuid, object_category)
@@ -824,7 +843,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "object_categories")
     @enforce("write", "object_categories")
-    def add_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_dict):
+    def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_dict):
         # TODO (asteroide): we must check input here.
         object_category_uuid = uuid4().hex
         object_categories = self.driver.add_object_category_dict(
@@ -833,19 +852,19 @@ class IntraExtensionManager(manager.Manager):
 
     @filter_args
     @enforce("write", "object_categories")
-    def del_object_category(self, user_uuid, intra_extension_uuid, object_uuid):
+    def del_object_category(self, user_id, intra_extension_uuid, object_uuid):
         return self.driver.remove_object_category(intra_extension_uuid, object_uuid)
 
     @filter_args
     @enforce("read", "action_categories")
-    def get_action_category_dict(self, user_uuid, intra_extension_uuid):
+    def get_action_category_dict(self, user_id, intra_extension_uuid):
         return self.driver.get_action_category_dict(intra_extension_uuid)
 
     @filter_args
     @enforce("read", "action_categories")
     @enforce("read", "action_category_scope")
     @enforce("write", "action_category_scope")
-    def set_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_list):
+    def set_action_category_dict(self, user_id, intra_extension_uuid, action_category_list):
         # TODO (asteroide): we must check input here.
         action_category = {uuid4().hex: item for item in action_category_list}
         action_category_dict = self.driver.set_action_category_dict(intra_extension_uuid, action_category)
@@ -860,7 +879,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "action_categories")
     @enforce("write", "action_categories")
-    def add_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_dict):
+    def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_dict):
         # TODO (asteroide): we must check input here.
         action_category_uuid = uuid4().hex
         action_categories = self.driver.add_action_category_dict(
@@ -869,22 +888,22 @@ class IntraExtensionManager(manager.Manager):
 
     @filter_args
     @enforce("write", "action_categories")
-    def del_action_category(self, user_uuid, intra_extension_uuid, action_uuid):
+    def del_action_category(self, user_id, intra_extension_uuid, action_uuid):
         return self.driver.remove_action_category(intra_extension_uuid, action_uuid)
 
     # Scope functions
     @filter_args
     @enforce("read", "subject_category_scope")
     @enforce("read", "subject_category")
-    def get_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category):
-        if category not in self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]:
+    def get_subject_category_scope_dict(self, user_id, intra_extension_uuid, category):
+        if category not in self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"]:
             raise SubjectCategoryUnknown()
         return self.driver.get_subject_category_scope_dict(intra_extension_uuid, category)
 
     @filter_args
     @enforce("read", "subject_category_scope")
     @enforce("read", "subject_category")
-    def set_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_list):
+    def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list):
         # TODO (asteroide): we must check input here.
         scope_dict = {uuid4().hex: item for item in scope_list}
         return self.driver.set_subject_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict)
@@ -892,7 +911,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce(("read", "write"), "subject_category_scope")
     @enforce("read", "subject_category")
-    def add_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_dict):
+    def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict):
         # TODO (asteroide): we must check input here.
         scope_uuid = uuid4().hex
         return self.driver.add_subject_category_scope_dict(
@@ -904,7 +923,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("write", "subject_category_scope")
     @enforce("read", "subject_category")
-    def del_subject_category_scope(self, user_uuid, intra_extension_uuid, category_uuid, scope_uuid):
+    def del_subject_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid):
         self.driver.remove_subject_category_scope_dict(
             intra_extension_uuid,
             category_uuid,
@@ -913,13 +932,13 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "object_category_scope")
     @enforce("read", "object_category")
-    def get_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid):
+    def get_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid):
         return self.driver.get_object_category_scope_dict(intra_extension_uuid, category_uuid)
 
     @filter_args
     @enforce("read", "object_category_scope")
     @enforce("read", "object_category")
-    def set_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_list):
+    def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list):
         # TODO (asteroide): we must check input here.
         scope_dict = {uuid4().hex: item for item in scope_list}
         return self.driver.set_object_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict)
@@ -927,7 +946,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce(("read", "write"), "object_category_scope")
     @enforce("read", "object_category")
-    def add_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_dict):
+    def add_object_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict):
         # TODO (asteroide): we must check input here.
         scope_uuid = uuid4().hex
         return self.driver.add_subject_category_scope_dict(
@@ -939,7 +958,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("write", "object_category_scope")
     @enforce("read", "object_category")
-    def del_object_category_scope(self, user_uuid, intra_extension_uuid, category_uuid, scope_uuid):
+    def del_object_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid):
         self.driver.remove_object_category_scope_dict(
             intra_extension_uuid,
             category_uuid,
@@ -948,13 +967,13 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "action_category_scope")
     @enforce("read", "action_category")
-    def get_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid):
+    def get_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid):
         return self.driver.get_action_category_scope_dict(intra_extension_uuid, category_uuid)
 
     @filter_args
     @enforce(("read", "write"), "action_category_scope")
     @enforce("read", "action_category")
-    def set_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_list):
+    def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_list):
         # TODO (asteroide): we must check input here.
         scope_dict = {uuid4().hex: item for item in scope_list}
         return self.driver.set_action_category_scope_dict(intra_extension_uuid, category_uuid, scope_dict)
@@ -962,7 +981,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce(("read", "write"), "action_category_scope")
     @enforce("read", "action_category")
-    def add_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category_uuid, scope_dict):
+    def add_action_category_scope_dict(self, user_id, intra_extension_uuid, category_uuid, scope_dict):
         # TODO (asteroide): we must check input here.
         scope_uuid = uuid4().hex
         return self.driver.add_action_category_scope_dict(
@@ -974,7 +993,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("write", "action_category_scope")
     @enforce("read", "action_category")
-    def del_action_category_scope(self, user_uuid, intra_extension_uuid, category_uuid, scope_uuid):
+    def del_action_category_scope(self, user_id, intra_extension_uuid, category_uuid, scope_uuid):
         self.driver.remove_action_category_scope_dict(
             intra_extension_uuid,
             category_uuid,
@@ -985,14 +1004,14 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "subject_category_assignment")
     @enforce("read", "subjects")
-    def get_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid):
+    def get_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid):
         return self.driver.get_subject_category_assignment_dict(intra_extension_uuid, subject_uuid)
 
     @filter_args
     @enforce("read", "subject_category_assignment")
     @enforce("write", "subject_category_assignment")
     @enforce("read", "subjects")
-    def set_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, assignment_dict):
+    def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict):
         # TODO (asteroide): we must check input here.
         return self.driver.set_subject_category_assignment_dict(intra_extension_uuid, subject_uuid, assignment_dict)
 
@@ -1002,7 +1021,7 @@ class IntraExtensionManager(manager.Manager):
     @enforce("read", "subjects")
     @enforce("read", "subject_category")
     @enforce("read", "subject_scope")
-    def del_subject_category_assignment(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
+    def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
         self.driver.remove_subject_category_assignment(intra_extension_uuid, subject_uuid, category_uuid, scope_uuid)
 
     @filter_args
@@ -1010,7 +1029,7 @@ class IntraExtensionManager(manager.Manager):
     @enforce("read", "subjects")
     @enforce("read", "subject_category")
     def add_subject_category_assignment_dict(self,
-                                             user_uuid,
+                                             user_id,
                                              intra_extension_uuid,
                                              subject_uuid,
                                              category_uuid,
@@ -1021,14 +1040,14 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "object_category_assignment")
     @enforce("read", "objects")
-    def get_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid):
+    def get_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid):
         return self.driver.get_object_category_assignment_dict(intra_extension_uuid, object_uuid)
 
     @filter_args
     @enforce("read", "object_category_assignment")
     @enforce("write", "object_category_assignment")
     @enforce("read", "objects")
-    def set_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, assignment_dict):
+    def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict):
         # TODO (asteroide): we must check input here.
         return self.driver.set_object_category_assignment_dict(intra_extension_uuid, object_uuid, assignment_dict)
 
@@ -1037,7 +1056,7 @@ class IntraExtensionManager(manager.Manager):
     @enforce("write", "object_category_assignment")
     @enforce("read", "objects")
     @enforce("read", "object_category")
-    def del_object_category_assignment(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
+    def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
         self.driver.remove_object_category_assignment(intra_extension_uuid, object_uuid, category_uuid, scope_uuid)
 
     @filter_args
@@ -1045,7 +1064,7 @@ class IntraExtensionManager(manager.Manager):
     @enforce("read", "objects")
     @enforce("read", "object_category")
     def add_object_category_assignment_dict(self,
-                                            user_uuid,
+                                            user_id,
                                             intra_extension_uuid,
                                             object_uuid,
                                             category_uuid,
@@ -1056,14 +1075,14 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "action_category_assignment")
     @enforce("read", "actions")
-    def get_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid):
+    def get_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid):
         return self.driver.get_action_category_assignment_dict(intra_extension_uuid, action_uuid)
 
     @filter_args
     @enforce("read", "action_category_assignment")
     @enforce("write", "action_category_assignment")
     @enforce("read", "actions")
-    def set_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, assignment_dict):
+    def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict):
         # TODO (asteroide): we must check input here.
         return self.driver.set_action_category_assignment_dict(intra_extension_uuid, action_uuid, assignment_dict)
 
@@ -1072,7 +1091,7 @@ class IntraExtensionManager(manager.Manager):
     @enforce("write", "action_category_assignment")
     @enforce("read", "actions")
     @enforce("read", "action_category")
-    def del_action_category_assignment(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
+    def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
         self.driver.remove_action_category_assignment(intra_extension_uuid, action_uuid, category_uuid, scope_uuid)
 
     @filter_args
@@ -1080,7 +1099,7 @@ class IntraExtensionManager(manager.Manager):
     @enforce("read", "actions")
     @enforce("read", "action_category")
     def add_action_category_assignment_dict(self,
-                                            user_uuid,
+                                            user_id,
                                             intra_extension_uuid,
                                             action_uuid,
                                             category_uuid,
@@ -1093,22 +1112,17 @@ class IntraExtensionManager(manager.Manager):
         )
 
     # Metarule functions
-    @filter_args
-    def get_aggregation_algorithms(self, user_uuid, intra_extension_uuid):
-        # TODO: check which algorithms are really usable
-        return {"aggregation_algorithms": ["and_true_aggregation", "test_aggregation", "all_true"]}
-
     @filter_args
     @enforce("read", "aggregation_algorithms")
-    def get_aggregation_algorithm(self, user_uuid, intra_extension_uuid):
+    def get_aggregation_algorithm(self, user_id, intra_extension_uuid):
         return self.driver.get_meta_rule_dict(intra_extension_uuid)
 
     @filter_args
     @enforce("read", "aggregation_algorithms")
     @enforce("write", "aggregation_algorithms")
-    def set_aggregation_algorithm(self, user_uuid, intra_extension_uuid, aggregation_algorithm):
+    def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm):
         if aggregation_algorithm not in self.get_aggregation_algorithms(
-                user_uuid, intra_extension_uuid)["aggregation_algorithms"]:
+                user_id, intra_extension_uuid)["aggregation_algorithms"]:
             raise IntraExtensionError("Unknown aggregation_algorithm: {}".format(aggregation_algorithm))
         meta_rule = self.driver.get_meta_rule_dict(intra_extension_uuid)
         meta_rule["aggregation"] = aggregation_algorithm
@@ -1116,35 +1130,35 @@ class IntraExtensionManager(manager.Manager):
 
     @filter_args
     @enforce("read", "sub_meta_rule")
-    def get_sub_meta_rule(self, user_uuid, intra_extension_uuid):
+    def get_sub_meta_rule(self, user_id, intra_extension_uuid):
         return self.driver.get_meta_rule_dict(intra_extension_uuid)
 
     @filter_args
     @enforce("read", "sub_meta_rule")
     @enforce("write", "sub_meta_rule")
-    def set_sub_meta_rule(self, user_uuid, intra_extension_uuid, sub_meta_rules):
+    def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules):
         # TODO: check which algorithms are really usable
         # TODO (dthom): When sub_meta_rule is set, all rules must be dropped
         # because the previous rules cannot be mapped to the new sub_meta_rule.
         for relation in sub_meta_rules.keys():
-            if relation not in self.get_sub_meta_rule_relations(user_uuid, intra_extension_uuid)["sub_meta_rule_relations"]:
+            if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]:
                 raise IntraExtensionError("set_sub_meta_rule unknown MetaRule relation {}".format(relation))
             for cat in ("subject_categories", "object_categories", "action_categories"):
                 if cat not in sub_meta_rules[relation]:
                     raise IntraExtensionError("set_sub_meta_rule category {} missed".format(cat))
                 if type(sub_meta_rules[relation][cat]) is not list:
                     raise IntraExtensionError("set_sub_meta_rule category {} is not a list".format(cat))
-            subject_categories = self.get_subject_category_dict(user_uuid, intra_extension_uuid)["subject_categories"]
+            subject_categories = self.get_subject_category_dict(user_id, intra_extension_uuid)["subject_categories"]
             for data in list(sub_meta_rules[relation]["subject_categories"]):
                 if data not in subject_categories:
                     raise IntraExtensionError("set_sub_meta_rule category {} is not part of subject_categories {}".format(
                         data, subject_categories))
-            object_categories = self.get_object_category_dict(user_uuid, intra_extension_uuid)["object_categories"]
+            object_categories = self.get_object_category_dict(user_id, intra_extension_uuid)["object_categories"]
             for data in sub_meta_rules[relation]["object_categories"]:
                 if data not in object_categories:
                     raise IntraExtensionError("set_sub_meta_rule category {} is not part of object_categories {}".format(
                         data, object_categories))
-            action_categories = self.get_action_category_dict(user_uuid, intra_extension_uuid)["actions_categories"]
+            action_categories = self.get_action_category_dict(user_id, intra_extension_uuid)["actions_categories"]
             for data in sub_meta_rules[relation]["action_categories"]:
                 if data not in action_categories:
                     raise IntraExtensionError("set_sub_meta_rule category {} is not part of action_categories {}".format(
@@ -1160,24 +1174,24 @@ class IntraExtensionManager(manager.Manager):
     # Sub-rules functions
     @filter_args
     @enforce("read", "sub_rules")
-    def get_rules(self, user_uuid, intra_extension_uuid):
+    def get_rules(self, user_id, intra_extension_uuid):
         return self.driver.get_rules(intra_extension_uuid)
 
     @filter_args
     @enforce("read", "sub_rules")
     @enforce("write", "sub_rules")
-    def set_rule(self, user_uuid, intra_extension_uuid, relation, sub_rule):
+    def set_rule(self, user_id, intra_extension_uuid, relation, sub_rule):
         for item in sub_rule:
             if type(item) not in (str, unicode, bool):
                 raise IntraExtensionError("Bad input data (sub_rule).")
         ref_rules = self.driver.get_rules(intra_extension_uuid)
         _sub_rule = list(sub_rule)
-        if relation not in self.get_sub_meta_rule_relations(user_uuid, intra_extension_uuid)["sub_meta_rule_relations"]:
+        if relation not in self.get_sub_meta_rule_relations(user_id, intra_extension_uuid)["sub_meta_rule_relations"]:
             raise IntraExtensionError("Bad input data (rules).")
         # filter strings in sub_rule
         sub_rule = [filter_input(x) for x in sub_rule]
         # check if length of sub_rule is correct from metadata_sub_rule
-        metadata_sub_rule = self.get_sub_meta_rule(user_uuid, intra_extension_uuid)
+        metadata_sub_rule = self.get_sub_meta_rule(user_id, intra_extension_uuid)
         metadata_sub_rule_length = len(metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]) + \
                                    len(metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]) + \
                                    len(metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]) + 1
@@ -1188,12 +1202,12 @@ class IntraExtensionManager(manager.Manager):
         for category in metadata_sub_rule['sub_meta_rules'][relation]["subject_categories"]:
             item = _sub_rule.pop(0)
             if item not in self.get_subject_category_scope_dict(
-                    user_uuid,
+                    user_id,
                     intra_extension_uuid, category)["subject_category_scope"][category].keys():
                 raise IntraExtensionError("Bad subject value in sub_rule {}/{}".format(category, item))
         for category in metadata_sub_rule['sub_meta_rules'][relation]["action_categories"]:
             action_categories = self.get_action_category_scope_dict(
-                        user_uuid,
+                        user_id,
                         intra_extension_uuid, category)["action_category_scope"][category]
             item = _sub_rule.pop(0)
             if item not in action_categories.keys():
@@ -1202,7 +1216,7 @@ class IntraExtensionManager(manager.Manager):
         for category in metadata_sub_rule['sub_meta_rules'][relation]["object_categories"]:
             item = _sub_rule.pop(0)
             if item not in self.get_object_category_scope_dict(
-                    user_uuid,
+                    user_id,
                     intra_extension_uuid, category)["object_category_scope"][category].keys():
                 raise IntraExtensionError("Bad object value in sub_rule {}/{}".format(category, item))
         # check if relation is already there
@@ -1215,7 +1229,7 @@ class IntraExtensionManager(manager.Manager):
     @filter_args
     @enforce("read", "sub_rules")
     @enforce("write", "sub_rules")
-    def del_rule(self, user_uuid, intra_extension_uuid, relation_name, sub_rule):
+    def del_rule(self, user_id, intra_extension_uuid, relation_name, sub_rule):
         ref_rules = self.driver.get_rules(intra_extension_uuid)
         sub_rule = sub_rule.split("+")
         for index, _item in enumerate(sub_rule):
@@ -1234,148 +1248,161 @@ class IntraExtensionManager(manager.Manager):
 
 
 @dependency.provider('authz_api')
-@dependency.requires('identity_api', 'moonlog_api', 'tenant_api')
+@dependency.requires('identity_api', 'tenant_api', 'moonlog_api')
 class IntraExtensionAuthzManager(IntraExtensionManager):
 
     __genre__ = "authz"
 
-    def authz(self, tenant_uuid, sub, obj, act):
+    def authz(self, tenant_name, subject_name, object_name, action_name):
         """Check authorization for a particular action.
-
-        :param tenant_uuid: UUID of a tenant
-        :param sub: subject of the request
-        :param obj: object of the request
-        :param act: action of the request
         :return: True or False or raise an exception
         """
-        _intra_authz_extention_uuid = self.tenant_api.get_extension_uuid(tenant_uuid, "authz")
-        return super(IntraExtensionAuthzManager, self).authz(_intra_authz_extention_uuid, sub, obj, act)
+        tenant_id = self.tenant_api.get_tenant_id_from_name(self.__default_user, tenant_name)
+        intra_extension_id = self.tenant_api.get_extension_id(tenant_id, self.__genre__)
+        subject_dict = self.get_subject_dict(self.__default_user, intra_extension_id)
+        subject_id = None
+        for _subject_id in subject_dict:
+            if subject_dict[_subject_id] is subject_name:
+                subject_id = _subject_id
+        object_dict = self.get_object_dict(self.__default_user, intra_extension_id)
+        object_id = None
+        for _object_id in object_dict:
+            if object_dict[_object_id] is object_name:
+                object_id = _object_id
+        action_dict = self.get_action_dict(self.__default_user, intra_extension_id)
+        action_id = None
+        for _action_id in action_dict:
+            if action_dict[_action_id] is action_name:
+                action_id = _action_id
+
+        return super(IntraExtensionAuthzManager, self).authz(intra_extension_id, subject_id, object_id, action_id)
 
     def delete_intra_extension(self, intra_extension_id):
         raise AdminException()
 
-    def set_subject_dict(self, user_uuid, intra_extension_uuid, subject_dict):
+    def set_subject_dict(self, user_id, intra_extension_uuid, subject_dict):
         raise SubjectAddNotAuthorized()
 
-    def add_subject_dict(self, user_uuid, intra_extension_uuid, subject_name):
+    def add_subject_dict(self, user_id, intra_extension_uuid, subject_name):
         raise SubjectAddNotAuthorized()
 
-    def del_subject(self, user_uuid, intra_extension_uuid, subject_name):
+    def del_subject(self, user_id, intra_extension_uuid, subject_name):
         raise SubjectDelNotAuthorized()
 
-    def set_object_dict(self, user_uuid, intra_extension_uuid, object_dict):
+    def set_object_dict(self, user_id, intra_extension_uuid, object_dict):
         raise ObjectAddNotAuthorized()
 
-    def add_object_dict(self, user_uuid, intra_extension_uuid, object_name):
+    def add_object_dict(self, user_id, intra_extension_uuid, object_name):
         raise ObjectAddNotAuthorized()
 
-    def del_object(self, user_uuid, intra_extension_uuid, object_uuid):
+    def del_object(self, user_id, intra_extension_uuid, object_uuid):
         raise ObjectDelNotAuthorized()
 
-    def set_action_dict(self, user_uuid, intra_extension_uuid, action_dict):
+    def set_action_dict(self, user_id, intra_extension_uuid, action_dict):
         raise ActionAddNotAuthorized()
 
-    def add_action_dict(self, user_uuid, intra_extension_uuid, action_dict):
+    def add_action_dict(self, user_id, intra_extension_uuid, action_dict):
         raise ActionAddNotAuthorized()
 
-    def del_action(self, user_uuid, intra_extension_uuid, action_uuid):
+    def del_action(self, user_id, intra_extension_uuid, action_uuid):
         raise ActionDelNotAuthorized()
 
-    def set_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category):
+    def set_subject_category_dict(self, user_id, intra_extension_uuid, subject_category):
         raise SubjectCategoryAddNotAuthorized()
 
-    def add_subject_category_dict(self, user_uuid, intra_extension_uuid, subject_category_name):
+    def add_subject_category_dict(self, user_id, intra_extension_uuid, subject_category_name):
         raise SubjectCategoryAddNotAuthorized()
 
-    def del_subject_category(self, user_uuid, intra_extension_uuid, subject_uuid):
+    def del_subject_category(self, user_id, intra_extension_uuid, subject_uuid):
         raise SubjectCategoryDelNotAuthorized()
 
-    def set_object_category_dict(self, user_uuid, intra_extension_uuid, object_category):
+    def set_object_category_dict(self, user_id, intra_extension_uuid, object_category):
         raise ObjectCategoryAddNotAuthorized()
 
-    def add_object_category_dict(self, user_uuid, intra_extension_uuid, object_category_name):
+    def add_object_category_dict(self, user_id, intra_extension_uuid, object_category_name):
         raise ObjectCategoryAddNotAuthorized()
 
-    def del_object_category(self, user_uuid, intra_extension_uuid, object_uuid):
+    def del_object_category(self, user_id, intra_extension_uuid, object_uuid):
         raise ObjectCategoryDelNotAuthorized()
 
-    def set_action_category_dict(self, user_uuid, intra_extension_uuid, action_category):
+    def set_action_category_dict(self, user_id, intra_extension_uuid, action_category):
         raise ActionCategoryAddNotAuthorized()
 
-    def add_action_category_dict(self, user_uuid, intra_extension_uuid, action_category_name):
+    def add_action_category_dict(self, user_id, intra_extension_uuid, action_category_name):
         raise ActionCategoryAddNotAuthorized()
 
-    def del_action_category(self, user_uuid, intra_extension_uuid, action_uuid):
+    def del_action_category(self, user_id, intra_extension_uuid, action_uuid):
         raise ActionCategoryDelNotAuthorized()
 
-    def set_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope):
+    def set_subject_category_scope_dict(self, user_id, intra_extension_uuid, category, scope):
         raise SubjectCategoryScopeAddNotAuthorized()
 
-    def add_subject_category_scope_dict(self, user_uuid, intra_extension_uuid, subject_category, scope_name):
+    def add_subject_category_scope_dict(self, user_id, intra_extension_uuid, subject_category, scope_name):
         raise SubjectCategoryScopeAddNotAuthorized()
 
-    def del_subject_category_scope(self, user_uuid, intra_extension_uuid, subject_category, subject_category_scope):
+    def del_subject_category_scope(self, user_id, intra_extension_uuid, subject_category, subject_category_scope):
         raise SubjectCategoryScopeDelNotAuthorized()
 
-    def set_object_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope):
+    def set_object_category_scope_dict(self, user_id, intra_extension_uuid, category, scope):
         raise ObjectCategoryScopeAddNotAuthorized()
 
-    def add_object_category_scope_dict(self, user_uuid, intra_extension_uuid, object_category, scope_name):
+    def add_object_category_scope_dict(self, user_id, intra_extension_uuid, object_category, scope_name):
         raise ObjectCategoryScopeAddNotAuthorized()
 
-    def del_object_category_scope(self, user_uuid, intra_extension_uuid, object_category, object_category_scope):
+    def del_object_category_scope(self, user_id, intra_extension_uuid, object_category, object_category_scope):
         raise ObjectCategoryScopeDelNotAuthorized()
 
-    def set_action_category_scope_dict(self, user_uuid, intra_extension_uuid, category, scope):
+    def set_action_category_scope_dict(self, user_id, intra_extension_uuid, category, scope):
         raise ActionCategoryScopeAddNotAuthorized()
 
-    def add_action_category_scope_dict(self, user_uuid, intra_extension_uuid, action_category, scope_name):
+    def add_action_category_scope_dict(self, user_id, intra_extension_uuid, action_category, scope_name):
         raise ActionCategoryScopeAddNotAuthorized()
 
-    def del_action_category_scope(self, user_uuid, intra_extension_uuid, action_category, action_category_scope):
+    def del_action_category_scope(self, user_id, intra_extension_uuid, action_category, action_category_scope):
         raise ActionCategoryScopeDelNotAuthorized()
 
-    def set_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, assignment_dict):
+    def set_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, assignment_dict):
         raise SubjectCategoryAssignmentAddNotAuthorized()
 
-    def del_subject_category_assignment(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
+    def del_subject_category_assignment(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
         raise SubjectCategoryAssignmentAddNotAuthorized()
 
-    def add_subject_category_assignment_dict(self, user_uuid, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
+    def add_subject_category_assignment_dict(self, user_id, intra_extension_uuid, subject_uuid, category_uuid, scope_uuid):
         raise SubjectCategoryAssignmentDelNotAuthorized()
 
-    def set_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, assignment_dict):
+    def set_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, assignment_dict):
         raise ObjectCategoryAssignmentAddNotAuthorized()
 
-    def del_object_category_assignment(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
+    def del_object_category_assignment(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
         raise ObjectCategoryAssignmentAddNotAuthorized()
 
-    def add_object_category_assignment_dict(self, user_uuid, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
+    def add_object_category_assignment_dict(self, user_id, intra_extension_uuid, object_uuid, category_uuid, scope_uuid):
         raise ObjectCategoryAssignmentDelNotAuthorized()
 
-    def set_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, assignment_dict):
+    def set_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, assignment_dict):
         raise ActionCategoryAssignmentAddNotAuthorized()
 
-    def del_action_category_assignment(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
+    def del_action_category_assignment(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
         raise ActionCategoryAssignmentAddNotAuthorized()
 
-    def add_action_category_assignment_dict(self, user_uuid, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
+    def add_action_category_assignment_dict(self, user_id, intra_extension_uuid, action_uuid, category_uuid, scope_uuid):
         raise ActionCategoryAssignmentDelNotAuthorized()
 
-    def set_aggregation_algorithm(self, user_uuid, intra_extension_uuid, aggregation_algorithm):
+    def set_aggregation_algorithm(self, user_id, intra_extension_uuid, aggregation_algorithm):
         raise MetaRuleAddNotAuthorized()
 
-    def set_sub_meta_rule(self, user_uuid, intra_extension_uuid, sub_meta_rules):
+    def set_sub_meta_rule(self, user_id, intra_extension_uuid, sub_meta_rules):
         raise MetaRuleAddNotAuthorized()
 
-    def set_sub_rule(self, user_uuid, intra_extension_uuid, relation, sub_rule):
+    def set_sub_rule(self, user_id, intra_extension_uuid, relation, sub_rule):
         raise RuleAddNotAuthorized()
 
-    def del_sub_rule(self, user_uuid, intra_extension_uuid, relation_name, rule):
+    def del_sub_rule(self, user_id, intra_extension_uuid, relation_name, rule):
         raise RuleAddNotAuthorized()
 
+
 @dependency.provider('admin_api')
-@dependency.requires('identity_api', 'moonlog_api', 'tenant_api')
+@dependency.requires('identity_api', 'tenant_api', 'moonlog_api')
 class IntraExtensionAdminManager(IntraExtensionManager):
 
     __genre__ = "admin"
@@ -1401,85 +1428,129 @@ class IntraExtensionAdminManager(IntraExtensionManager):
     #     raise AdminIntraExtensionModificationNotAuthorized()
 
 
-class AuthzDriver(object):
+@dependency.provider('moonlog_api')
+class LogManager(manager.Manager):
 
-    def get_subject_category_list(self, extension_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def __init__(self):
+        driver = CONF.moon.log_driver
+        super(LogManager, self).__init__(driver)
 
-    def get_object_category_list(self, extension_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def get_logs(self, logger="authz", options="", event_number=None, time_from=None, time_to=None, filter_str=None):
 
-    def get_action_category_list(self, extension_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+        if len(options) > 0:
+            options = options.split(",")
+            event_number = None
+            time_from = None
+            time_to = None
+            filter_str = None
+            for opt in options:
+                if "event_number" in opt:
+                    event_number = "".join(re.findall("\d*", opt.split("=")[-1]))
+                    try:
+                        event_number = int(event_number)
+                    except ValueError:
+                        event_number = None
+                elif "from" in opt:
+                    time_from = "".join(re.findall("[\w\-:]*", opt.split("=")[-1]))
+                    try:
+                        time_from = time.strptime(time_from, self.TIME_FORMAT)
+                    except ValueError:
+                        time_from = None
+                elif "to" in opt:
+                    time_to = "".join(re.findall("[\w\-:] *", opt.split("=")[-1]))
+                    try:
+                        time_to = time.strptime(time_to, self.TIME_FORMAT)
+                    except ValueError:
+                        time_to = None
+                elif "filter" in opt:
+                    filter_str = "".join(re.findall("\w*", opt.split("=")[-1]))
+        return self.driver.get_logs(logger, event_number, time_from, time_to, filter_str)
 
-    def get_subject_category_value_dict(self, extension_uuid, subject_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def get_authz_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None):
+        return self.get_logs(
+            logger="authz",
+            options="",
+            event_number=None,
+            time_from=None,
+            time_to=None,
+            filter_str=None)
 
-    def get_object_category_value_dict(self, extension_uuid, object_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def get_sys_logs(self, options="", event_number=None, time_from=None, time_to=None, filter_str=None):
+        return self.get_logs(
+            logger="sys",
+            options="",
+            event_number=None,
+            time_from=None,
+            time_to=None,
+            filter_str=None)
 
-    def get_action_category_value_dict(self, extension_uuid, action_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def authz(self, message):
+        return self.driver.authz(message)
 
-    def get_meta_rule(self, extension_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def debug(self, message):
+        return self.driver.debug(message)
 
-    def get_rules(self, extension_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
+    def info(self, message):
+        return self.driver.info(message)
 
+    def warning(self, message):
+        return self.driver.warning(message)
 
-class UpdateDriver(object):
+    def error(self, message):
+        return self.driver.error(message)
 
-    def get_intra_extensions(self):
-        raise exception.NotImplemented()  # pragma: no cover
+    def critical(self, message):
+        return self.driver.critical(message)
 
-    def get_intra_extension(self, extension_uuid):
-        raise exception.NotImplemented()  # pragma: no cover
 
-    def create_intra_extensions(self, extension_uuid, intra_extension):
-        raise exception.NotImplemented()  # pragma: no cover
+class ConfigurationDriver(object):
 
-    def delete_intra_extensions(self, extension_uuid):
+    def get_policy_templete_dict(self):
         raise exception.NotImplemented()  # pragma: no cover
 
-    # Getter and setter for tenant
-
-    def get_tenant(self, uuid):
+    def get_aggregation_algorithm_dict(self):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def set_tenant(self, uuid, tenant_id):
+    def get_sub_meta_rule_algorithm_dict(self):
         raise exception.NotImplemented()  # pragma: no cover
 
-    # Getter and setter for name
 
-    def get_name(self, uuid):
+class TenantDriver(object):
+
+    def get_tenant_dict(self):
+        # TODO: should implement TenantListEmpty exception
         raise exception.NotImplemented()  # pragma: no cover
 
-    def set_name(self, uuid, name):
+    def set_tenant(self, tenant_id, tenant_name, intra_authz_ext_id, intra_admin_ext_id):
+        # if tenant_id exists, then modify; if the tenant_id not exists, then add the tenant
+        # TODO: should implement AddedTenantNameExist exception
         raise exception.NotImplemented()  # pragma: no cover
 
-    # Getter and setter for model
 
-    def get_model(self, uuid):
+class AuthzDriver(object):
+
+    def get_subject_category_list(self, extension_uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def set_model(self, uuid, model):
+    def get_object_category_list(self, extension_uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    # Getter and setter for genre
+    def get_action_category_list(self, extension_uuid):
+        raise exception.NotImplemented()  # pragma: no cover
 
-    def get_genre(self, uuid):
+    def get_subject_category_value_dict(self, extension_uuid, subject_uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def set_genre(self, uuid, genre):
+    def get_object_category_value_dict(self, extension_uuid, object_uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    # Getter and setter for description
+    def get_action_category_value_dict(self, extension_uuid, action_uuid):
+        raise exception.NotImplemented()  # pragma: no cover
 
-    def get_description(self, uuid):
+    def get_meta_rule(self, extension_uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def set_description(self, uuid, args):
+    def get_rules(self, extension_uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
 
@@ -1570,7 +1641,7 @@ class IntraExtensionDriver(object):
         if category_uuid:
             return data_values[category_uuid]
         return data_values
-
+    # zzzzzzzzzzzzzzzzzz
     def get_uuid_from_name(self, intra_extension_uuid, name, data_name, category_name=None, category_uuid=None):
         data_values = self.__get_data_from_type(
             intra_extension_uuid=intra_extension_uuid,
@@ -1591,6 +1662,47 @@ class IntraExtensionDriver(object):
         )
         return data_values[uuid]
 
+    # Getter and Setter for intra_extension
+
+    def get_intra_extension_list(self):
+        """Get a list of IntraExtension UUIDs
+        :return: a list of IntraExtension UUIDs ["uuid1", "uuid2"]
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    def get_intra_extension_dict(self, intra_extension_id):
+        """Get a description of an IntraExtension
+        :param intra_extension_id: the IntraExtension UUID
+        :return: {intra_extension_id: intra_extension_name, ...}
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    def set_intra_extension(self, extension_uuid, extension_dict):
+        """Set a new IntraExtension
+
+        :param extension_uuid: IntraExtension UUID
+        :type extension_uuid: string
+        :param extension_dict: a dictionary withe the description of the IntraExtension (see below)
+        :type extension_dict: dict
+        :return: the IntraExtension dictionary, example:
+        {
+            "id": "uuid1",
+            "name": "Name of the intra_extension",
+            "model": "Model of te intra_extension (admin or authz)"
+            "description": "a description of the intra_extension"
+        }
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    def delete_intra_extension(self, extension_uuid):
+        """Delete an IntraExtension
+
+        :param extension_uuid: IntraExtension UUID
+        :type extension_uuid: string
+        :return: None
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
     # Getter ad Setter for subjects
 
     def get_subject_dict(self, extension_uuid):
@@ -2281,53 +2393,60 @@ class IntraExtensionDriver(object):
         """
         raise exception.NotImplemented()  # pragma: no cover
 
-    # Getter and Setter for intra_extension
 
-    def get_intra_extension_list(self):
-        """Get a list of IntraExtension UUIDs
+class UpdateDriver(object):
 
-        :return: a list of IntraExtension UUIDs ["uuid1", "uuid2"]
-        """
+    def get_intra_extensions(self):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def get_intra_extension_dict(self, extension_uuid):
-        """Get a description of an IntraExtension
+    def get_intra_extension(self, extension_uuid):
+        raise exception.NotImplemented()  # pragma: no cover
 
-        :param extension_uuid: the UUID of the IntraExtension
-        :type extension_uuid: string
-        :return:
-        """
+    def create_intra_extensions(self, extension_uuid, intra_extension):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def set_intra_extension(self, extension_uuid, extension_dict):
-        """Set a new IntraExtension
+    def delete_intra_extensions(self, extension_uuid):
+        raise exception.NotImplemented()  # pragma: no cover
 
-        :param extension_uuid: IntraExtension UUID
-        :type extension_uuid: string
-        :param extension_dict: a dictionary withe the description of the IntraExtension (see below)
-        :type extension_dict: dict
-        :return: the IntraExtension dictionary, example:
-        {
-            "id": "uuid1",
-            "name": "Name of the intra_extension",
-            "model": "Model of te intra_extension (admin or authz)"
-            "description": "a description of the intra_extension"
-        }
-        """
+    # Getter and setter for tenant
+
+    def get_tenant(self, uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def delete_intra_extension(self, extension_uuid):
-        """Delete an IntraExtension
+    def set_tenant(self, uuid, tenant_id):
+        raise exception.NotImplemented()  # pragma: no cover
 
-        :param extension_uuid: IntraExtension UUID
-        :type extension_uuid: string
-        :return: None
-        """
+    # Getter and setter for name
+
+    def get_name(self, uuid):
         raise exception.NotImplemented()  # pragma: no cover
 
-    def get_sub_meta_rule_relations(self, username, uuid):
-        # TODO: check which relations are really usable
-        return {"sub_meta_rule_relations": ["relation_super", "relation_test"]}
+    def set_name(self, uuid, name):
+        raise exception.NotImplemented()  # pragma: no cover
+
+    # Getter and setter for model
+
+    def get_model(self, uuid):
+        raise exception.NotImplemented()  # pragma: no cover
+
+    def set_model(self, uuid, model):
+        raise exception.NotImplemented()  # pragma: no cover
+
+    # Getter and setter for genre
+
+    def get_genre(self, uuid):
+        raise exception.NotImplemented()  # pragma: no cover
+
+    def set_genre(self, uuid, genre):
+        raise exception.NotImplemented()  # pragma: no cover
+
+    # Getter and setter for description
+
+    def get_description(self, uuid):
+        raise exception.NotImplemented()  # pragma: no cover
+
+    def set_description(self, uuid, args):
+        raise exception.NotImplemented()  # pragma: no cover
 
 
 class LogDriver(object):
@@ -2397,6 +2516,7 @@ class LogDriver(object):
         """
         raise exception.NotImplemented()  # pragma: no cover
 
+
 # @dependency.provider('superextension_api')
 # class SuperExtensionManager(manager.Manager):
 #

diff --git a/keystone-moon/keystone/contrib/moon/exception.py b/keystone-moon/keystone/contrib/moon/exception.py
index 47b9c2f..21cf666 100644 (file)
--- a/keystone-moon/keystone/contrib/moon/exception.py
+++ b/keystone-moon/keystone/contrib/moon/exception.py
@@ -56,12 +56,17 @@ class TenantListEmpty(TenantException):
     logger = "WARNING"
 
 
-class TenantNotFound(TenantException):
+class TenantIDNotFound(TenantException):
     message_format = _("The tenant UUID was not found.")
     code = 400
     title = 'Tenant UUID Not Found Error'
 
 
+class AddedTenantNameExist(TenantException):
+    message_format = _("The tenant name exists already.")
+    code = 400
+    title = 'Added Tenant Name Exist'
+
 # Exceptions for IntraExtension
 
 

diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
index e2e151e..b07b4c1 100644 (file)
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_intra_extension_authz.py
@@ -99,22 +99,22 @@ class TestIntraExtensionAuthzManagerAuthz(tests.TestCase):
             self.manager.get_tenant_dict
         )
         self.assertRaises(
-            TenantNotFound,
+            TenantIDNotFound,
             self.manager.get_tenant_name,
             uuid.uuid4().hex
         )
         self.assertRaises(
-            TenantNotFound,
+            TenantIDNotFound,
             self.manager.set_tenant_name,
             uuid.uuid4().hex, uuid.uuid4().hex
         )
         self.assertRaises(
-            TenantNotFound,
+            TenantIDNotFound,
             self.manager.get_extension_uuid,
             uuid.uuid4().hex, "authz"
         )
         self.assertRaises(
-            TenantNotFound,
+            TenantIDNotFound,
             self.manager.get_extension_uuid,
             uuid.uuid4().hex, "admin"
         )

diff --git a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
index 0762f37..615b8bb 100644 (file)
--- a/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
+++ b/keystone-moon/keystone/tests/moon/unit/test_unit_core_tenant.py
@@ -47,10 +47,10 @@ class TestTenantManager(tests.TestCase):
             }
         }
         data = self.manager.set_tenant_dict(
-            tenant_uuid=_uuid,
-            name=new_mapping[_uuid]["name"],
-            authz_extension_uuid=new_mapping[_uuid]["authz"],
-            admin_extension_uuid=new_mapping[_uuid]["admin"]
+            tenant_id=_uuid,
+            tenant_name=new_mapping[_uuid]["name"],
+            intra_authz_ext_id=new_mapping[_uuid]["authz"],
+            intra_admin_ext_id=new_mapping[_uuid]["admin"]
         )
         self.assertEquals(_uuid, data["id"])
         self.assertEquals(data["name"], new_mapping[_uuid]["name"])
@@ -79,10 +79,10 @@ class TestTenantManager(tests.TestCase):
             }
         }
         data = self.manager.set_tenant_dict(
-            tenant_uuid=_uuid,
-            name=new_mapping[_uuid]["name"],
-            authz_extension_uuid=new_mapping[_uuid]["authz"],
-            admin_extension_uuid=new_mapping[_uuid]["admin"]
+            tenant_id=_uuid,
+            tenant_name=new_mapping[_uuid]["name"],
+            intra_authz_ext_id=new_mapping[_uuid]["authz"],
+            intra_admin_ext_id=new_mapping[_uuid]["admin"]
         )
         self.assertEquals(_uuid, data["id"])
         self.assertEquals(data["name"], new_mapping[_uuid]["name"])
@@ -102,10 +102,10 @@ class TestTenantManager(tests.TestCase):
             }
         }
         data = self.manager.set_tenant_dict(
-            tenant_uuid=_uuid,
-            name=new_mapping[_uuid]["name"],
-            authz_extension_uuid=new_mapping[_uuid]["authz"],
-            admin_extension_uuid=new_mapping[_uuid]["admin"]
+            tenant_id=_uuid,
+            tenant_name=new_mapping[_uuid]["name"],
+            intra_authz_ext_id=new_mapping[_uuid]["authz"],
+            intra_admin_ext_id=new_mapping[_uuid]["admin"]
         )
         self.assertEquals(_uuid, data["id"])
         self.assertEquals(data["name"], new_mapping[_uuid]["name"])
@@ -127,21 +127,21 @@ class TestTenantManager(tests.TestCase):
             }
         }
         data = self.manager.set_tenant_dict(
-            tenant_uuid=_uuid,
-            name=new_mapping[_uuid]["name"],
-            authz_extension_uuid=new_mapping[_uuid]["authz"],
-            admin_extension_uuid=new_mapping[_uuid]["admin"]
+            tenant_id=_uuid,
+            tenant_name=new_mapping[_uuid]["name"],
+            intra_authz_ext_id=new_mapping[_uuid]["authz"],
+            intra_admin_ext_id=new_mapping[_uuid]["admin"]
         )
         self.assertEquals(_uuid, data["id"])
-        data = self.manager.get_extension_uuid(_uuid)
+        data = self.manager.get_extension_id(_uuid)
         self.assertEqual(data, new_mapping[_uuid]["authz"])
-        data = self.manager.get_extension_uuid(_uuid, "admin")
+        data = self.manager.get_extension_id(_uuid, "admin")
         self.assertEqual(data, new_mapping[_uuid]["admin"])
 
     def test_unkown_tenant_uuid(self):
-        self.assertRaises(TenantNotFound, self.manager.get_tenant_name, uuid.uuid4().hex)
-        self.assertRaises(TenantNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name")
-        self.assertRaises(TenantNotFound, self.manager.get_extension_uuid, uuid.uuid4().hex)
+        self.assertRaises(TenantIDNotFound, self.manager.get_tenant_name, uuid.uuid4().hex)
+        self.assertRaises(TenantIDNotFound, self.manager.set_tenant_name, uuid.uuid4().hex, "new name")
+        self.assertRaises(TenantIDNotFound, self.manager.get_extension_id, uuid.uuid4().hex)
         _uuid = uuid.uuid4().hex
         new_mapping = {
             _uuid: {
@@ -151,12 +151,12 @@ class TestTenantManager(tests.TestCase):
             }
         }
         data = self.manager.set_tenant_dict(
-            tenant_uuid=_uuid,
-            name=new_mapping[_uuid]["name"],
-            authz_extension_uuid=new_mapping[_uuid]["authz"],
-            admin_extension_uuid=""
+            tenant_id=_uuid,
+            tenant_name=new_mapping[_uuid]["name"],
+            intra_authz_ext_id=new_mapping[_uuid]["authz"],
+            intra_admin_ext_id=""
         )
         self.assertEquals(_uuid, data["id"])
-        self.assertRaises(IntraExtensionNotFound, self.manager.get_extension_uuid, _uuid, "admin")
-        self.assertRaises(TenantNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex)
+        self.assertRaises(IntraExtensionNotFound, self.manager.get_extension_id, _uuid, "admin")
+        self.assertRaises(TenantIDNotFound, self.manager.get_tenant_uuid, uuid.uuid4().hex)
         # self.assertRaises(AdminIntraExtensionNotFound, self.manager.get_admin_extension_uuid, uuid.uuid4().hex)