add moonv4

Change-Id: I247af788d0b0fb961fbc85416486b241eb1d807c
Signed-off-by: WuKong <rebirthmonkey@gmail.com>

29 files changed, 4328 insertions, 0 deletions

diff --git a/moonv4/moon_db/Changelog b/moonv4/moon_db/Changelog
new file mode 100644
index 00000000..47e3c5f7
--- /dev/null
+++ b/moonv4/moon_db/Changelog
@@ -0,0 +1,12 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+CHANGES
+=======
+
+0.1.0
+-----
+- First version of the moon_db library.
diff --git a/moonv4/moon_db/LICENSE b/moonv4/moon_db/LICENSE
new file mode 100644
index 00000000..4143aac2
--- /dev/null
+++ b/moonv4/moon_db/LICENSE
@@ -0,0 +1,204 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+--- License for python-keystoneclient versions prior to 2.1 ---
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    1. Redistributions of source code must retain the above copyright notice,
+       this list of conditions and the following disclaimer.
+
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+
+    3. Neither the name of this project nor the names of its contributors may
+    be used to endorse or promote products derived from this software without
+    specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/moonv4/moon_db/MANIFEST.in b/moonv4/moon_db/MANIFEST.in
new file mode 100644
index 00000000..24ccc449
--- /dev/null
+++ b/moonv4/moon_db/MANIFEST.in
@@ -0,0 +1,11 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+include README.rst
+include LICENSE
+include setup.py
+include requirements.txt
+graft tests
+graft bin
\ No newline at end of file
diff --git a/moonv4/moon_db/README.rst b/moonv4/moon_db/README.rst
new file mode 100644
index 00000000..afee9be5
--- /dev/null
+++ b/moonv4/moon_db/README.rst
@@ -0,0 +1,9 @@
+DB module for the Moon project
+==============================
+
+This package contains the database module for the Moon project
+It is designed to provide a driver to access the Moon database.
+
+For any other information, refer to the parent project:
+
+    https://git.opnfv.org/moon
diff --git a/moonv4/moon_db/Vagrantfile b/moonv4/moon_db/Vagrantfile
new file mode 100644
index 00000000..488d8aef
--- /dev/null
+++ b/moonv4/moon_db/Vagrantfile
@@ -0,0 +1,71 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://atlas.hashicorp.com/search.
+  config.vm.box = "gbarbieru/xenial"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
+  # such as FTP and Heroku are also available. See the documentation at
+  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
+  # config.push.define "atlas" do |push|
+  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
+  # end
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   apt-get update
+  #   apt-get install -y apache2
+  # SHELL
+end
diff --git a/moonv4/moon_db/bin/drop_tables.sql b/moonv4/moon_db/bin/drop_tables.sql
new file mode 100644
index 00000000..f5f65ea7
--- /dev/null
+++ b/moonv4/moon_db/bin/drop_tables.sql
@@ -0,0 +1,18 @@
+use moon;
+drop table action_assignments;
+drop table object_assignments;
+drop table subject_assignments;
+drop table subject_scopes;
+drop table action_scopes;
+drop table object_scopes;
+drop table action_categories;
+drop table subject_categories;
+drop table object_categories;
+drop table rules;
+drop table sub_meta_rules;
+drop table actions;
+drop table objects;
+drop table subjects;
+drop table tenants;
+drop table intra_extensions;
+show tables;
diff --git a/moonv4/moon_db/moon_db/__init__.py b/moonv4/moon_db/moon_db/__init__.py
new file mode 100644
index 00000000..64e88e23
--- /dev/null
+++ b/moonv4/moon_db/moon_db/__init__.py
@@ -0,0 +1,23 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+# try:
+#     from moon_utilities import options  # noqa
+# except ImportError:
+#     # mandatory when we just want to execute the setup.py
+#     options = None
+
+# try:
+#     from moon_db.core import IntraExtensionRootManager, IntraExtensionAdminManager, IntraExtensionAuthzManager  # noqa
+# except ImportError:
+#     # mandatory when we just want to execute the setup.py
+#     IntraExtensionRootManager, IntraExtensionAdminManager, IntraExtensionAuthzManager = None, None, None
+
+# from moon_utilities import options  # noqa
+# from moon_db.core import IntraExtensionRootManager, IntraExtensionAdminManager, IntraExtensionAuthzManager  # noqa
+
+__version__ = "0.1.0"
+
diff --git a/moonv4/moon_db/moon_db/api/__init__.py b/moonv4/moon_db/moon_db/api/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/__init__.py
diff --git a/moonv4/moon_db/moon_db/api/keystone.py b/moonv4/moon_db/moon_db/api/keystone.py
new file mode 100644
index 00000000..b5d7e3a6
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/keystone.py
@@ -0,0 +1,106 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import requests
+import json
+from uuid import uuid4
+from oslo_log import log as logging
+from oslo_config import cfg
+from moon_utilities import exceptions
+from moon_db.api.managers import Managers
+from moon_utilities.security_functions import filter_input, login, logout
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+
+class KeystoneManager(Managers):
+
+    def __init__(self, connector=None):
+        self.driver = connector.driver
+        Managers.KeystoneManager = self
+        self.__url = CONF.keystone.url
+        self.__user = CONF.keystone.user
+        self.__password = CONF.keystone.password
+        self.__domain = CONF.keystone.domain
+        self.__project = CONF.keystone.project
+        try:
+            os.environ.pop("http_proxy")
+            os.environ.pop("https_proxy")
+        except KeyError:
+            pass
+
+    def __get(self, endpoint, _exception=exceptions.KeystoneError):
+        _headers = login()
+        req = requests.get("{}{}".format(self.__url, endpoint), headers=_headers, verify=False)
+        if req.status_code not in (200, 201):
+            LOG.error(req.text)
+            raise _exception
+        data = req.json()
+        logout(_headers)
+        return data
+
+    def __post(self, endpoint, data=None, _exception=exceptions.KeystoneError):
+        _headers = login()
+        req = requests.post("{}{}".format(self.__url, endpoint),
+                            data=json.dumps(data),
+                            headers=_headers, verify=False)
+        if req.status_code == 409:
+            LOG.warning(req.text)
+            raise exceptions.KeystoneUserConflict
+        if req.status_code not in (200, 201):
+            LOG.error(req.text)
+            raise _exception
+        data = req.json()
+        logout(_headers)
+        return data
+
+    def list_projects(self):
+        return self.__get(endpoint="/projects/", _exception=exceptions.KeystoneProjectError)
+
+    @filter_input
+    def create_project(self, tenant_dict):
+        if "name" not in tenant_dict:
+            raise exceptions.KeystoneProjectError("Cannot get the project name.")
+        _project = {
+            "project": {
+                "description": tenant_dict['description'] if 'description' in tenant_dict else "",
+                "domain_id": tenant_dict['domain'] if 'domain' in tenant_dict else "default",
+                "enabled": True,
+                "is_domain": False,
+                "name": tenant_dict['name']
+            }
+        }
+        return self.__post(endpoint="/projects/",
+                           data=_project,
+                           _exception=exceptions.KeystoneProjectError)
+
+    @filter_input
+    def get_user_by_name(self, username, domain_id="default"):
+        return self.__get(endpoint="/users?name={}&domain_id={}".format(username, domain_id),
+                          _exception=exceptions.KeystoneUserError)
+
+    @filter_input
+    def create_user(self, subject_dict):
+        _user = {
+            "user": {
+                "enabled": True,
+                "name": subject_dict['name'] if 'name' in subject_dict else uuid4().hex,
+            }
+        }
+        if 'project' in subject_dict:
+            _user['user']['default_project_id'] = subject_dict['project']
+        if 'domain' in subject_dict:
+            _user['user']['domain_id'] = subject_dict['domain']
+        if 'password' in subject_dict:
+            _user['user']['password'] = subject_dict['password']
+        try:
+            return self.__post(endpoint="/users/",
+                               data=_user,
+                               _exception=exceptions.KeystoneUserError)
+        except exceptions.KeystoneUserConflict:
+            return True
+
diff --git a/moonv4/moon_db/moon_db/api/managers.py b/moonv4/moon_db/moon_db/api/managers.py
new file mode 100644
index 00000000..48ac9ce1
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/managers.py
@@ -0,0 +1,15 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from oslo_log import log as logging
+LOG = logging.getLogger(__name__)
+
+
+class Managers(object):
+    """Object that links managers together"""
+    ModelManager = None
+    KeystoneManager = None
+    PDPManager = None
+    PolicyManager = None
diff --git a/moonv4/moon_db/moon_db/api/model.py b/moonv4/moon_db/moon_db/api/model.py
new file mode 100644
index 00000000..c1620da3
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/model.py
@@ -0,0 +1,141 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import re
+import types
+import json
+import copy
+from uuid import uuid4
+from oslo_config import cfg
+from oslo_log import log as logging
+import requests
+from moon_utilities import exceptions
+from moon_utilities.security_functions import filter_input, enforce
+# from moon_db.api import algorithms
+from moon_db.api.managers import Managers
+
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+
+class ModelManager(Managers):
+
+    def __init__(self, connector=None):
+        self.driver = connector.driver
+        Managers.ModelManager = self
+
+    @enforce(("read", "write"), "models")
+    def update_model(self, user_id, model_id, value):
+        if model_id not in self.driver.get_models(model_id=model_id):
+            raise exceptions.ModelUnknown
+        return self.driver.update_model(model_id=model_id, value=value)
+
+    @enforce(("read", "write"), "models")
+    def delete_model(self, user_id, model_id):
+        if model_id not in self.driver.get_models(model_id=model_id):
+            raise exceptions.ModelUnknown
+        # TODO (asteroide): check that no policy is connected to this model
+        return self.driver.delete_model(model_id=model_id)
+
+    @enforce(("read", "write"), "models")
+    def add_model(self, user_id, model_id=None, value=None):
+        if model_id in self.driver.get_models(model_id=model_id):
+            raise exceptions.ModelExisting
+        if not model_id:
+            model_id = uuid4().hex
+        return self.driver.add_model(model_id=model_id, value=value)
+
+    @enforce("read", "models")
+    def get_models(self, user_id, model_id=None):
+        return self.driver.get_models(model_id=model_id)
+
+    @enforce(("read", "write"), "meta_rules")
+    def set_meta_rule(self, user_id, meta_rule_id, value):
+        if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+            raise exceptions.MetaRuleUnknown
+        return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
+
+    @enforce("read", "meta_rules")
+    def get_meta_rules(self, user_id, meta_rule_id=None):
+        return self.driver.get_meta_rules(meta_rule_id=meta_rule_id)
+
+    @enforce(("read", "write"), "meta_rules")
+    def add_meta_rule(self, user_id, meta_rule_id=None, value=None):
+        if meta_rule_id in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+            raise exceptions.MetaRuleExisting
+        if not meta_rule_id:
+            meta_rule_id = uuid4().hex
+            LOG.info("add_meta_rule {}".format(value))
+        return self.driver.set_meta_rule(meta_rule_id=meta_rule_id, value=value)
+
+    @enforce(("read", "write"), "meta_rules")
+    def delete_meta_rule(self, user_id, meta_rule_id=None):
+        if meta_rule_id not in self.driver.get_meta_rules(meta_rule_id=meta_rule_id):
+            raise exceptions.MetaRuleUnknown
+        # TODO (asteroide): check and/or delete data and assignments and rules linked to that meta_rule
+        return self.driver.delete_meta_rule(meta_rule_id=meta_rule_id)
+
+    @enforce("read", "meta_data")
+    def get_subject_categories(self, user_id, category_id=None):
+        return self.driver.get_subject_categories(category_id=category_id)
+
+    @enforce(("read", "write"), "meta_data")
+    def add_subject_category(self, user_id, category_id=None, value=None):
+        if category_id in self.driver.get_subject_categories(category_id=category_id):
+            raise exceptions.SubjectCategoryExisting
+        # if not category_id:
+        #     category_id = uuid4().hex
+        return self.driver.add_subject_category(name=value["name"], description=value["description"])
+
+    @enforce(("read", "write"), "meta_data")
+    def delete_subject_category(self, user_id, category_id):
+        # TODO (asteroide): delete all data linked to that category
+        # TODO (asteroide): delete all meta_rules linked to that category
+        if category_id not in self.driver.get_subject_categories(category_id=category_id):
+            raise exceptions.SubjectCategoryUnknown
+        return self.driver.delete_subject_category(category_id=category_id)
+
+    @enforce("read", "meta_data")
+    def get_object_categories(self, user_id, category_id):
+        return self.driver.get_object_categories(category_id)
+
+    @enforce(("read", "write"), "meta_data")
+    def add_object_category(self, user_id, category_id=None, value=None):
+        if category_id in self.driver.get_object_categories(category_id=category_id):
+            raise exceptions.ObjectCategoryExisting
+        # if not category_id:
+        #     category_id = uuid4().hex
+        return self.driver.add_object_category(name=value["name"], description=value["description"])
+
+    @enforce(("read", "write"), "meta_data")
+    def delete_object_category(self, user_id, category_id):
+        # TODO (asteroide): delete all data linked to that category
+        # TODO (asteroide): delete all meta_rules linked to that category
+        if category_id not in self.driver.get_object_categories(category_id=category_id):
+            raise exceptions.ObjectCategoryUnknown
+        return self.driver.delete_object_category(category_id=category_id)
+
+    @enforce("read", "meta_data")
+    def get_action_categories(self, user_id, category_id):
+        return self.driver.get_action_categories(category_id=category_id)
+
+    @enforce(("read", "write"), "meta_data")
+    def add_action_category(self, user_id, category_id=None, value=None):
+        if category_id in self.driver.get_action_categories(category_id=category_id):
+            raise exceptions.ActionCategoryExisting
+        # if not category_id:
+        #     category_id = uuid4().hex
+        return self.driver.add_action_category(name=value["name"], description=value["description"])
+
+    @enforce(("read", "write"), "meta_data")
+    def delete_action_category(self, user_id, category_id):
+        # TODO (asteroide): delete all data linked to that category
+        # TODO (asteroide): delete all meta_rules linked to that category
+        if category_id not in self.driver.get_action_categories(category_id=category_id):
+            raise exceptions.ActionCategoryExisting
+        return self.driver.delete_action_category(category_id=category_id)
+
diff --git a/moonv4/moon_db/moon_db/api/pdp.py b/moonv4/moon_db/moon_db/api/pdp.py
new file mode 100644
index 00000000..f84c7a85
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/pdp.py
@@ -0,0 +1,48 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import re
+import types
+import json
+import copy
+from uuid import uuid4
+from oslo_config import cfg
+from oslo_log import log as logging
+import requests
+from moon_utilities import exceptions
+from moon_utilities.security_functions import filter_input, enforce
+# from moon_db.api import algorithms
+from moon_db.api.managers import Managers
+
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+
+class PDPManager(Managers):
+
+    def __init__(self, connector=None):
+        self.driver = connector.driver
+        Managers.PDPManager = self
+
+    @enforce(("read", "write"), "pdp")
+    def update_pdp(self, user_id, pdp_id, value):
+        return self.driver.update_pdp(pdp_id=pdp_id, value=value)
+
+    @enforce(("read", "write"), "pdp")
+    def delete_pdp(self, user_id, pdp_id):
+        return self.driver.delete_pdp(pdp_id=pdp_id)
+
+    @enforce(("read", "write"), "pdp")
+    def add_pdp(self, user_id, pdp_id=None, value=None):
+        if not pdp_id:
+            pdp_id = uuid4().hex
+        return self.driver.add_pdp(pdp_id=pdp_id, value=value)
+
+    @enforce("read", "pdp")
+    def get_pdp(self, user_id, pdp_id=None):
+        return self.driver.get_pdp(pdp_id=pdp_id)
+
diff --git a/moonv4/moon_db/moon_db/api/policy.py b/moonv4/moon_db/moon_db/api/policy.py
new file mode 100644
index 00000000..73889b85
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/policy.py
@@ -0,0 +1,237 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import re
+import types
+import json
+import copy
+from uuid import uuid4
+from oslo_config import cfg
+from oslo_log import log as logging
+import requests
+from moon_utilities import exceptions
+from moon_utilities.security_functions import filter_input, enforce
+# from moon_db.api import algorithms
+from moon_db.api.managers import Managers
+
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+
+class PolicyManager(Managers):
+
+    def __init__(self, connector=None):
+        self.driver = connector.driver
+        Managers.PolicyManager = self
+
+    @enforce(("read", "write"), "policies")
+    def update_policy(self, user_id, policy_id, value):
+        return self.driver.update_policy(policy_id=policy_id, value=value)
+
+    @enforce(("read", "write"), "policies")
+    def delete_policy(self, user_id, policy_id):
+        # TODO (asteroide): unmap PDP linked to that policy
+        return self.driver.delete_policy(policy_id=policy_id)
+
+    @enforce(("read", "write"), "policies")
+    def add_policy(self, user_id, policy_id=None, value=None):
+        if not policy_id:
+            policy_id = uuid4().hex
+        return self.driver.add_policy(policy_id=policy_id, value=value)
+
+    @enforce("read", "policies")
+    def get_policies(self, user_id, policy_id=None):
+        return self.driver.get_policies(policy_id=policy_id)
+
+    @enforce("read", "perimeter")
+    def get_subjects(self, user_id, policy_id, perimeter_id=None):
+        return self.driver.get_subjects(policy_id=policy_id, perimeter_id=perimeter_id)
+
+    @enforce(("read", "write"), "perimeter")
+    def add_subject(self, user_id, policy_id, perimeter_id=None, value=None):
+        if not perimeter_id:
+            perimeter_id = uuid4().hex
+        # TODO (asteroide): must check and add Keystone ID here
+        return self.driver.set_subject(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+    @enforce(("read", "write"), "perimeter")
+    def delete_subject(self, user_id, policy_id, perimeter_id):
+        return self.driver.delete_subject(policy_id=policy_id, perimeter_id=perimeter_id)
+
+    @enforce("read", "perimeter")
+    def get_objects(self, user_id, policy_id, perimeter_id=None):
+        return self.driver.get_objects(policy_id=policy_id, perimeter_id=perimeter_id)
+
+    @enforce(("read", "write"), "perimeter")
+    def add_object(self, user_id, policy_id, perimeter_id=None, value=None):
+        if not perimeter_id:
+            perimeter_id = uuid4().hex
+        return self.driver.set_object(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+    @enforce(("read", "write"), "perimeter")
+    def delete_object(self, user_id, policy_id, perimeter_id):
+        return self.driver.delete_object(policy_id=policy_id, perimeter_id=perimeter_id)
+
+    @enforce("read", "perimeter")
+    def get_actions(self, user_id, policy_id, perimeter_id=None):
+        return self.driver.get_actions(policy_id=policy_id, perimeter_id=perimeter_id)
+
+    @enforce(("read", "write"), "perimeter")
+    def add_action(self, user_id, policy_id, perimeter_id=None, value=None):
+        if not perimeter_id:
+            perimeter_id = uuid4().hex
+        return self.driver.set_action(policy_id=policy_id, perimeter_id=perimeter_id, value=value)
+
+    @enforce(("read", "write"), "perimeter")
+    def delete_action(self, user_id, policy_id, perimeter_id):
+        return self.driver.delete_action(policy_id=policy_id, perimeter_id=perimeter_id)
+
+    @enforce("read", "data")
+    def get_subject_data(self, user_id, policy_id, data_id=None, category_id=None):
+        available_metadata = self.get_available_metadata(user_id, policy_id)
+        results = []
+        if not category_id:
+            for cat in available_metadata["subject"]:
+                results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
+                                                            category_id=cat))
+        if category_id and category_id in available_metadata["subject"]:
+            results.append(self.driver.get_subject_data(policy_id=policy_id, data_id=data_id,
+                                                        category_id=category_id))
+        return results
+
+    @enforce(("read", "write"), "data")
+    def set_subject_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+        if not data_id:
+            data_id = uuid4().hex
+        return self.driver.set_subject_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value)
+
+    @enforce(("read", "write"), "data")
+    def delete_subject_data(self, user_id, policy_id, data_id):
+        # TODO (asteroide): check and/or delete assignments linked to that data
+        return self.driver.delete_subject_data(policy_id=policy_id, data_id=data_id)
+
+    @enforce("read", "data")
+    def get_object_data(self, user_id, policy_id, data_id=None, category_id=None):
+        available_metadata = self.get_available_metadata(user_id, policy_id)
+        results = []
+        if not category_id:
+            for cat in available_metadata["object"]:
+                results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
+                                                           category_id=cat))
+        if category_id and category_id in available_metadata["object"]:
+            results.append(self.driver.get_object_data(policy_id=policy_id, data_id=data_id,
+                                                       category_id=category_id))
+        return results
+
+    @enforce(("read", "write"), "data")
+    def add_object_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+        if not data_id:
+            data_id = uuid4().hex
+        return self.driver.set_object_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value)
+
+    @enforce(("read", "write"), "data")
+    def delete_object_data(self, user_id, policy_id, data_id):
+        # TODO (asteroide): check and/or delete assignments linked to that data
+        return self.driver.delete_object_data(policy_id=policy_id, data_id=data_id)
+
+    @enforce("read", "data")
+    def get_action_data(self, user_id, policy_id, data_id=None, category_id=None):
+        available_metadata = self.get_available_metadata(user_id, policy_id)
+        results = []
+        if not category_id:
+            for cat in available_metadata["action"]:
+                results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
+                                                            category_id=cat))
+        if category_id and category_id in available_metadata["action"]:
+            results.append(self.driver.get_action_data(policy_id=policy_id, data_id=data_id,
+                                                        category_id=category_id))
+        return results
+
+    @enforce(("read", "write"), "data")
+    def add_action_data(self, user_id, policy_id, data_id=None, category_id=None, value=None):
+        if not data_id:
+            data_id = uuid4().hex
+        return self.driver.set_action_data(policy_id=policy_id, data_id=data_id, category_id=category_id, value=value)
+
+    @enforce(("read", "write"), "data")
+    def delete_action_data(self, user_id, policy_id, data_id):
+        # TODO (asteroide): check and/or delete assignments linked to that data
+        return self.driver.delete_action_data(policy_id=policy_id, data_id=data_id)
+
+    @enforce("read", "assignments")
+    def get_subject_assignments(self, user_id, policy_id, subject_id=None, category_id=None):
+        return self.driver.get_subject_assignments(policy_id=policy_id, subject_id=subject_id, category_id=category_id)
+
+    @enforce(("read", "write"), "assignments")
+    def add_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
+        return self.driver.add_subject_assignment(policy_id=policy_id, subject_id=subject_id,
+                                                  category_id=category_id, data_id=data_id)
+
+    @enforce(("read", "write"), "assignments")
+    def delete_subject_assignment(self, user_id, policy_id, subject_id, category_id, data_id):
+        return self.driver.delete_subject_assignment(policy_id=policy_id, subject_id=subject_id,
+                                                     category_id=category_id, data_id=data_id)
+
+    @enforce("read", "assignments")
+    def get_object_assignments(self, user_id, policy_id, object_id=None, category_id=None):
+        return self.driver.get_object_assignments(policy_id=policy_id, object_id=object_id, category_id=category_id)
+
+    @enforce(("read", "write"), "assignments")
+    def add_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
+        return self.driver.add_object_assignment(policy_id=policy_id, object_id=object_id,
+                                                 category_id=category_id, data_id=data_id)
+
+    @enforce(("read", "write"), "assignments")
+    def delete_object_assignment(self, user_id, policy_id, object_id, category_id, data_id):
+        return self.driver.delete_object_assignment(policy_id=policy_id, object_id=object_id,
+                                                    category_id=category_id, data_id=data_id)
+
+    @enforce("read", "assignments")
+    def get_action_assignments(self, user_id, policy_id, action_id=None, category_id=None):
+        return self.driver.get_action_assignments(policy_id=policy_id, action_id=action_id, category_id=category_id)
+
+    @enforce(("read", "write"), "assignments")
+    def add_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
+        return self.driver.add_action_assignment(policy_id=policy_id, action_id=action_id,
+                                                 category_id=category_id, data_id=data_id)
+
+    @enforce(("read", "write"), "assignments")
+    def delete_action_assignment(self, user_id, policy_id, action_id, category_id, data_id):
+        return self.driver.delete_action_assignment(policy_id=policy_id, action_id=action_id,
+                                                    category_id=category_id, data_id=data_id)
+
+    @enforce("read", "rules")
+    def get_rules(self, user_id, policy_id, meta_rule_id=None, rule_id=None):
+        return self.driver.get_rules(policy_id=policy_id, meta_rule_id=meta_rule_id, rule_id=rule_id)
+
+    @enforce(("read", "write"), "rules")
+    def add_rule(self, user_id, policy_id, meta_rule_id, value):
+        return self.driver.add_rule(policy_id=policy_id, meta_rule_id=meta_rule_id, value=value)
+
+    @enforce(("read", "write"), "rules")
+    def delete_rule(self, user_id, policy_id, rule_id):
+        return self.driver.delete_rule(policy_id=policy_id, rule_id=rule_id)
+
+    @enforce("read", "meta_data")
+    def get_available_metadata(self, user_id, policy_id):
+        categories = {
+            "subject": [],
+            "object": [],
+            "action": []
+        }
+        policy = self.driver.get_policies(policy_id=policy_id)
+        model_id = policy[policy_id]["model_id"]
+        model = Managers.ModelManager.get_models(user_id=user_id, model_id=model_id)
+        try:
+            meta_rule_list = model[model_id]["meta_rules"]
+            for meta_rule_id in meta_rule_list:
+                meta_rule = Managers.ModelManager.get_meta_rules(user_id=user_id, meta_rule_id=meta_rule_id)
+                categories["subject"].extend(meta_rule[meta_rule_id]["subject_categories"])
+                categories["object"].extend(meta_rule[meta_rule_id]["object_categories"])
+                categories["action"].extend(meta_rule[meta_rule_id]["action_categories"])
+        finally:
+            return categories
diff --git a/moonv4/moon_db/moon_db/api/tenants.py b/moonv4/moon_db/moon_db/api/tenants.py
new file mode 100644
index 00000000..dd7c4ec5
--- /dev/null
+++ b/moonv4/moon_db/moon_db/api/tenants.py
@@ -0,0 +1,137 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from uuid import uuid4
+from moon_utilities import exceptions
+from moon_db.api.managers import Managers
+from moon_utilities.security_functions import filter_input, enforce
+from oslo_log import log as logging
+
+LOG = logging.getLogger(__name__)
+
+
+class TenantManager(Managers):
+
+    def __init__(self, connector=None):
+        self.driver = connector.driver
+        Managers.TenantManager = self
+
+    @filter_input
+    @enforce("read", "tenants")
+    def get_tenants_dict(self, user_id):
+        """
+        Return a dictionary with all tenants
+        :return: {
+            tenant_id1: {
+                name: xxx,
+                description: yyy,
+                intra_authz_extension_id: zzz,
+                intra_admin_extension_id: zzz,
+                },
+            tenant_id2: {...},
+            ...
+            }
+        """
+        return self.driver.get_tenants_dict()
+
+    def __get_keystone_tenant_dict(self, tenant_id="", tenant_name=""):
+        tenants = Managers.KeystoneManager.list_projects()
+        for tenant in tenants:
+            if tenant_id and tenant_id == tenant['id']:
+                return tenant
+            if tenant_name and tenant_name == tenant['name']:
+                return tenant
+        if not tenant_id:
+            tenant_id = uuid4().hex
+        if not tenant_name:
+            tenant_name = tenant_id
+        tenant = {
+            "id": tenant_id,
+            "name": tenant_name,
+            "description": "Auto generated tenant from Moon platform",
+            "enabled": True,
+            "domain_id": "default"
+        }
+        keystone_tenant = Managers.KeystoneManager.create_project(tenant["id"], tenant)
+        return keystone_tenant
+
+    @filter_input
+    @enforce(("read", "write"), "tenants")
+    def add_tenant_dict(self, user_id, tenant_id, tenant_dict):
+        tenants_dict = self.driver.get_tenants_dict()
+        for tenant_id in tenants_dict:
+            if tenants_dict[tenant_id]['name'] == tenant_dict['name']:
+                raise exceptions.TenantAddedNameExisting()
+
+        # Check (and eventually sync) Keystone tenant
+        if 'id' not in tenant_dict:
+            tenant_dict['id'] = None
+        keystone_tenant = self.__get_keystone_tenant_dict(tenant_dict['id'], tenant_dict['name'])
+        for att in keystone_tenant:
+            if keystone_tenant[att]:
+                tenant_dict[att] = keystone_tenant[att]
+        # Sync users between intra_authz_extension and intra_admin_extension
+        LOG.debug("add_tenant_dict {}".format(tenant_dict))
+        if 'intra_admin_extension_id' in tenant_dict and tenant_dict['intra_admin_extension_id']:
+            if 'intra_authz_extension_id' in tenant_dict and tenant_dict['intra_authz_extension_id']:
+                authz_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
+                    Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'])
+                authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+                admin_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
+                    Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'])
+                admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+                for _subject_id in authz_subjects_dict:
+                    if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+                        Managers.IntraExtensionAdminManager.add_subject_dict(
+                            Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+                for _subject_id in admin_subjects_dict:
+                    if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+                        Managers.IntraExtensionAdminManager.add_subject_dict(
+                            Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+
+        return self.driver.add_tenant_dict(tenant_dict['id'], tenant_dict)
+
+    @filter_input
+    @enforce("read", "tenants")
+    def get_tenant_dict(self, user_id, tenant_id):
+        tenants_dict = self.driver.get_tenants_dict()
+        if tenant_id not in tenants_dict:
+            raise exceptions.TenantUnknown()
+        return tenants_dict[tenant_id]
+
+    @filter_input
+    @enforce(("read", "write"), "tenants")
+    def del_tenant(self, user_id, tenant_id):
+        if tenant_id not in self.driver.get_tenants_dict():
+            raise exceptions.TenantUnknown()
+        self.driver.del_tenant(tenant_id)
+
+    @filter_input
+    @enforce(("read", "write"), "tenants")
+    def set_tenant_dict(self, user_id, tenant_id, tenant_dict):
+        tenants_dict = self.driver.get_tenants_dict()
+        if tenant_id not in tenants_dict:
+            raise exceptions.TenantUnknown()
+
+        # Sync users between intra_authz_extension and intra_admin_extension
+        if 'intra_admin_extension_id' in tenant_dict:
+            if 'intra_authz_extension_id' in tenant_dict:
+                authz_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
+                    Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'])
+                authz_subject_names_list = [authz_subjects_dict[subject_id]["name"] for subject_id in authz_subjects_dict]
+                admin_subjects_dict = Managers.IntraExtensionAdminManager.get_subjects_dict(
+                    Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'])
+                admin_subject_names_list = [admin_subjects_dict[subject_id]["name"] for subject_id in admin_subjects_dict]
+                for _subject_id in authz_subjects_dict:
+                    if authz_subjects_dict[_subject_id]["name"] not in admin_subject_names_list:
+                        Managers.IntraExtensionAdminManager.add_subject_dict(
+                            Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_admin_extension_id'], authz_subjects_dict[_subject_id])
+                for _subject_id in admin_subjects_dict:
+                    if admin_subjects_dict[_subject_id]["name"] not in authz_subject_names_list:
+                        Managers.IntraExtensionAdminManager.add_subject_dict(
+                            Managers.IntraExtensionRootManager.root_admin_id, tenant_dict['intra_authz_extension_id'], admin_subjects_dict[_subject_id])
+
+        return self.driver.set_tenant_dict(tenant_id, tenant_dict)
+
diff --git a/moonv4/moon_db/moon_db/backends/__init__.py b/moonv4/moon_db/moon_db/backends/__init__.py
new file mode 100644
index 00000000..237bdc3e
--- /dev/null
+++ b/moonv4/moon_db/moon_db/backends/__init__.py
@@ -0,0 +1,97 @@
+
+"""
+intra_extensions = {
+    intra_extension_id1: {
+        name: xxx,
+        model: yyy,
+        description: zzz},
+    intra_extension_id2: {...},
+    ...
+}
+
+tenants = {
+    tenant_id1: {
+        name: xxx,
+        description: yyy,
+        intra_authz_extension_id: zzz,
+        intra_admin_extension_id: zzz,
+        },
+    tenant_id2: {...},
+    ...
+}
+
+--------------- for each intra-extension -----------------
+
+subject_categories = {
+    subject_category_id1: {
+        name: xxx,
+        description: yyy},
+    subject_category_id2: {...},
+    ...
+}
+
+subjects = {
+    subject_id1: {
+        name: xxx,
+        description: yyy,
+         ...},
+    subject_id2: {...},
+    ...
+}
+
+subject_scopes = {
+    subject_category_id1: {
+        subject_scope_id1: {
+            name: xxx,
+            description: aaa},
+        subject_scope_id2: {
+            name: yyy,
+            description: bbb},
+        ...},
+        subject_scope_id3: {
+        ...}
+    subject_category_id2: {...},
+    ...
+}
+
+subject_assignments = {
+    subject_id1: {
+        subject_category_id1: [subject_scope_id1, subject_scope_id2, ...],
+        subject_category_id2: [subject_scope_id3, subject_scope_id4, ...],
+        ...
+    },
+    subject_id2: {
+        subject_category_id1: [subject_scope_id1, subject_scope_id2, ...],
+        subject_category_id2: [subject_scope_id3, subject_scope_id4, ...],
+        ...
+    },
+    ...
+}
+
+aggregation_algorithm = {
+    aggregation_algorithm_id: {
+         name: xxx,
+         description: yyy
+         }
+    }
+
+sub_meta_rules = {
+    sub_meta_rule_id_1: {
+        "name": xxx,
+        "algorithm": yyy,
+        "subject_categories": [subject_category_id1, subject_category_id2,...],
+        "object_categories": [object_category_id1, object_category_id2,...],
+        "action_categories": [action_category_id1, action_category_id2,...]
+    sub_meta_rule_id_2: {...},
+    ...
+}
+
+rules = {
+    sub_meta_rule_id1: {
+        rule_id1: [subject_scope1, subject_scope2, ..., action_scope1, ..., object_scope1, ... ],
+        rule_id2: [subject_scope3, subject_scope4, ..., action_scope3, ..., object_scope3, ... ],
+        rule_id3: [thomas, write, admin.subjects]
+        ...},
+    sub_meta_rule_id2: { },
+    ...}
+"""
\ No newline at end of file
diff --git a/moonv4/moon_db/moon_db/backends/flat.py b/moonv4/moon_db/moon_db/backends/flat.py
new file mode 100644
index 00000000..820a4146
--- /dev/null
+++ b/moonv4/moon_db/moon_db/backends/flat.py
@@ -0,0 +1,89 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import logging
+import time
+from moon_db.core import LogDriver
+
+
+class LogConnector(LogDriver):
+
+    AUTHZ_FILE = '/var/log/moon/authz.log'
+    SYS_FILE = '/var/log/moon/system.log'
+    TIME_FORMAT = '%Y-%m-%d-%H:%M:%S'
+
+    def __init__(self):
+        # Fixme (dthom): when logging from an other class, the %appname% in the event
+        # is always keystone.contrib.moon.backends.flat
+        super(LogConnector, self).__init__()
+
+        self.SYS_LOG = logging.getLogger(__name__)
+        if not len(self.SYS_LOG.handlers):
+            fh = logging.FileHandler(self.SYS_FILE)
+            fh.setLevel(logging.DEBUG)
+            formatter = logging.Formatter('%(asctime)s ------ %(message)s', self.TIME_FORMAT)
+            fh.setFormatter(formatter)
+            self.SYS_LOG.addHandler(fh)
+
+        self.AUTHZ_LOG = logging.getLogger("authz")
+        if not len(self.AUTHZ_LOG.handlers):
+            fh = logging.FileHandler(self.AUTHZ_FILE)
+            fh.setLevel(logging.WARNING)
+            formatter = logging.Formatter('%(asctime)s ------ %(message)s', self.TIME_FORMAT)
+            fh.setFormatter(formatter)
+            self.AUTHZ_LOG.addHandler(fh)
+
+    def authz(self, message):
+        self.AUTHZ_LOG.warn(message)
+
+    def debug(self, message):
+        self.SYS_LOG.debug(message)
+
+    def info(self, message):
+        self.SYS_LOG.info(message)
+
+    def warning(self, message):
+        self.SYS_LOG.warning(message)
+
+    def error(self, message):
+        self.SYS_LOG.error(message)
+
+    def critical(self, message):
+        self.SYS_LOG.critical(message)
+
+    def get_logs(self, logger="authz", event_number=None, time_from=None, time_to=None, filter_str=None):
+        if logger == "authz":
+            _logs = open(self.AUTHZ_FILE).readlines()
+        else:
+            _logs = open(self.SYS_FILE).readlines()
+        if filter_str:
+            _logs = filter(lambda x: filter_str in x, _logs)
+        if time_from:
+            if isinstance(time_from, str):
+                time_from = time.strptime(time_from.split(" ")[0], self.TIME_FORMAT)
+            try:
+                __logs = []
+                for log in _logs:
+                    _log = time.strptime(log.split(" ")[0], self.TIME_FORMAT)
+                    if time_from <= _log:
+                        __logs.append(log)
+                _logs = __logs
+            except ValueError:
+                self.error("Time format error")
+        if time_to:
+            try:
+                if isinstance(time_to, str):
+                    time_to = time.strptime(time_to.split(" ")[0], self.TIME_FORMAT)
+                __logs = []
+                for log in _logs:
+                    _log = time.strptime(log.split(" ")[0], self.TIME_FORMAT)
+                    if time_to >= _log:
+                        __logs.append(log)
+                _logs = __logs
+            except ValueError:
+                self.error("Time format error")
+        if event_number:
+            _logs = _logs[-event_number:]
+        return list(_logs)
diff --git a/moonv4/moon_db/moon_db/backends/memory.py b/moonv4/moon_db/moon_db/backends/memory.py
new file mode 100644
index 00000000..06de99eb
--- /dev/null
+++ b/moonv4/moon_db/moon_db/backends/memory.py
@@ -0,0 +1,60 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import os
+import json
+import logging
+import hashlib
+from glob import glob
+from oslo_config import cfg
+from moon_db.core import ConfigurationDriver
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+
+class ConfigurationConnector(object):
+
+    def __init__(self, engine):
+        super(ConfigurationConnector, self).__init__()
+        self.policy_directory = CONF.policy_directory
+        self.aggregation_algorithms_dict = dict()
+        self.aggregation_algorithms_dict[hashlib.sha224("all_true".encode("utf-8")).hexdigest()[:32]] = \
+            {'name': 'all_true', 'description': 'all rules must match'}
+        self.aggregation_algorithms_dict[hashlib.sha224("one_true".encode("utf-8")).hexdigest()[:32]] = \
+            {'name': 'one_true', 'description': 'only one rule has to match'}
+        self.sub_meta_rule_algorithms_dict = dict()
+        self.sub_meta_rule_algorithms_dict[hashlib.sha224("inclusion".encode("utf-8")).hexdigest()[:32]] = \
+            {'name': 'inclusion', 'description': 'inclusion'}
+        self.sub_meta_rule_algorithms_dict[hashlib.sha224("comparison".encode("utf-8")).hexdigest()[:32]] = \
+            {'name': 'comparison', 'description': 'comparison'}
+
+    def get_policy_templates_dict(self):
+        """
+        :return: {
+            template_id1: {name: template_name, description: template_description},
+            template_id2: {name: template_name, description: template_description},
+            ...
+            }
+        """
+        nodes = glob(os.path.join(self.policy_directory, "*"))
+        LOG.info("get_policy_templates_dict {} {}".format(self.policy_directory, nodes))
+        templates = dict()
+        for node in nodes:
+            try:
+                metadata = json.load(open(os.path.join(node, "metadata.json")))
+            except IOError:
+                # Note (asteroide): it's not a true policy directory, so we forgive it
+                continue
+            templates[os.path.basename(node)] = dict()
+            templates[os.path.basename(node)]["name"] = metadata["name"]
+            templates[os.path.basename(node)]["description"] = metadata["description"]
+        return templates
+
+    def get_aggregation_algorithms_dict(self):
+        return self.aggregation_algorithms_dict
+
+    def get_sub_meta_rule_algorithms_dict(self):
+        return self.sub_meta_rule_algorithms_dict
diff --git a/moonv4/moon_db/moon_db/backends/sql.py b/moonv4/moon_db/moon_db/backends/sql.py
new file mode 100644
index 00000000..69132116
--- /dev/null
+++ b/moonv4/moon_db/moon_db/backends/sql.py
@@ -0,0 +1,1877 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import copy
+import json
+from uuid import uuid4
+from moon_db.exception import *
+from moon_db.core import PDPDriver, PolicyDriver, ModelDriver
+import sqlalchemy as sql
+import logging
+from sqlalchemy.orm import sessionmaker
+from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy import create_engine
+from contextlib import contextmanager
+from sqlalchemy import types as sql_types
+from oslo_config import cfg
+# from moon_utilities.exceptions import IntraExtensionUnknown
+
+# from sqlalchemy.orm.exc import UnmappedInstanceError
+# from keystone.contrib.moon import InterExtensionDriver
+
+CONF = cfg.CONF
+LOG = logging.getLogger(__name__)
+Base = declarative_base()
+
+
+class DictBase:
+    attributes = []
+
+    @classmethod
+    def from_dict(cls, d):
+        new_d = d.copy()
+        return cls(**new_d)
+        # new_d = d.copy()
+        #
+        # new_d['extra'] = {k: new_d.pop(k) for k in six.iterkeys(d)
+        #                   if k not in cls.attributes and k != 'extra'}
+        #
+        # return cls(**new_d)
+
+    def to_dict(self):
+        d = dict()
+        for attr in self.__class__.attributes:
+            d[attr] = getattr(self, attr)
+        return d
+
+    def __getitem__(self, key):
+        # if "extra" in dir(self) and key in self.extra:
+        #     return self.extra[key]
+        return getattr(self, key)
+
+
+class JsonBlob(sql_types.TypeDecorator):
+
+    impl = sql.Text
+
+    def process_bind_param(self, value, dialect):
+        return json.dumps(value)
+
+    def process_result_value(self, value, dialect):
+        return json.loads(value)
+
+
+class Model(Base, DictBase):
+    __tablename__ = 'models'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def to_dict(self):
+        return {
+            "name": self.value.get("name"),
+            "description": self.value.get("description", ""),
+            "meta_rules": self.value.get("meta_rules", list()),
+        }
+
+
+class Policy(Base, DictBase):
+    __tablename__ = 'policies'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def to_dict(self):
+        return {
+            "name": self.value.get("name"),
+            "description": self.value.get("description", ""),
+            "model_id": self.value.get("model_id", ""),
+            "genre": self.value.get("genre", ""),
+        }
+
+
+class PDP(Base, DictBase):
+    __tablename__ = 'pdp'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def to_dict(self):
+        return {
+            "name": self.value.get("name"),
+            "description": self.value.get("description", ""),
+            "keystone_project_id": self.value.get("keystone_project_id", ""),
+            "security_pipeline": self.value.get("security_pipeline", []),
+        }
+
+
+class SubjectCategory(Base, DictBase):
+    __tablename__ = 'subject_categories'
+    attributes = ['id', 'name', 'description']
+    id = sql.Column(sql.String(64), primary_key=True)
+    name = sql.Column(sql.String(256), nullable=False)
+    description = sql.Column(sql.String(256), nullable=True)
+
+
+class ObjectCategory(Base, DictBase):
+    __tablename__ = 'object_categories'
+    attributes = ['id', 'name', 'description']
+    id = sql.Column(sql.String(64), primary_key=True)
+    name = sql.Column(sql.String(256), nullable=False)
+    description = sql.Column(sql.String(256), nullable=True)
+
+
+class ActionCategory(Base, DictBase):
+    __tablename__ = 'action_categories'
+    attributes = ['id', 'name', 'description']
+    id = sql.Column(sql.String(64), primary_key=True)
+    name = sql.Column(sql.String(256), nullable=False)
+    description = sql.Column(sql.String(256), nullable=True)
+
+
+class Subject(Base, DictBase):
+    __tablename__ = 'subjects'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def __repr__(self):
+        return "{}: {}".format(self.id, json.dumps(self.value))
+
+    def to_return(self):
+        return {
+            'id': self.id,
+            'name': self.value.get("name", ""),
+            'description': self.value.get("description", ""),
+            'email': self.value.get("email", ""),
+            'partner_id': self.value.get("partner_id", ""),
+            'policy_list': self.value.get("policy_list", [])
+        }
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'value': self.value
+        }
+
+
+class Object(Base, DictBase):
+    __tablename__ = 'objects'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def __repr__(self):
+        return "{}: {}".format(self.id, json.dumps(self.value))
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'value': self.value
+        }
+
+    def to_return(self):
+        return {
+            'id': self.id,
+            'name': self.value.get("name", ""),
+            'description': self.value.get("description", ""),
+            'partner_id': self.value.get("partner_id", ""),
+            'policy_list': self.value.get("policy_list", [])
+        }
+
+
+class Action(Base, DictBase):
+    __tablename__ = 'actions'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def __repr__(self):
+        return "{}: {}".format(self.id, json.dumps(self.value))
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'value': self.value
+        }
+
+    def to_return(self):
+        return {
+            'id': self.id,
+            'name': self.value.get("name", ""),
+            'description': self.value.get("description", ""),
+            'partner_id': self.value.get("partner_id", ""),
+            'policy_list': self.value.get("policy_list", [])
+        }
+
+
+class SubjectData(Base, DictBase):
+    __tablename__ = 'subject_data'
+    attributes = ['id', 'value', 'category_id', 'policy_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+    category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'name': self.value.get("name", ""),
+            'description': self.value.get("description", ""),
+            'category_id': self.category_id,
+            'policy_id': self.policy_id
+        }
+
+
+class ObjectData(Base, DictBase):
+    __tablename__ = 'object_data'
+    attributes = ['id', 'value', 'category_id', 'policy_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+    category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+
+
+class ActionData(Base, DictBase):
+    __tablename__ = 'action_data'
+    attributes = ['id', 'value', 'category_id', 'policy_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+    category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+
+
+class SubjectAssignment(Base, DictBase):
+    __tablename__ = 'subject_assignments'
+    attributes = ['id', 'assignments', 'policy_id', 'subject_id', 'category_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    assignments = sql.Column(JsonBlob(), nullable=True)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+    subject_id = sql.Column(sql.ForeignKey("subjects.id"), nullable=False)
+    category_id = sql.Column(sql.ForeignKey("subject_categories.id"), nullable=False)
+
+    def to_dict(self):
+        return {
+            "id": self.id,
+            "policy_id": self.policy_id,
+            "subject_id": self.subject_id,
+            "category_id": self.category_id,
+            "assignments": self.assignments,
+        }
+
+
+class ObjectAssignment(Base, DictBase):
+    __tablename__ = 'object_assignments'
+    attributes = ['id', 'assignments', 'policy_id', 'object_id', 'category_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    assignments = sql.Column(JsonBlob(), nullable=True)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+    object_id = sql.Column(sql.ForeignKey("objects.id"), nullable=False)
+    category_id = sql.Column(sql.ForeignKey("object_categories.id"), nullable=False)
+
+    def to_dict(self):
+        return {
+            "id": self.id,
+            "policy_id": self.policy_id,
+            "object_id": self.object_id,
+            "category_id": self.category_id,
+            "assignments": self.assignments,
+        }
+
+
+class ActionAssignment(Base, DictBase):
+    __tablename__ = 'action_assignments'
+    attributes = ['id', 'assignments', 'policy_id', 'action_id', 'category_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    assignments = sql.Column(JsonBlob(), nullable=True)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+    action_id = sql.Column(sql.ForeignKey("actions.id"), nullable=False)
+    category_id = sql.Column(sql.ForeignKey("action_categories.id"), nullable=False)
+
+    def to_dict(self):
+        return {
+            "id": self.id,
+            "policy_id": self.policy_id,
+            "action_id": self.action_id,
+            "category_id": self.category_id,
+            "assignments": self.assignments,
+        }
+
+
+class MetaRule(Base, DictBase):
+    __tablename__ = 'meta_rules'
+    attributes = ['id', 'value']
+    id = sql.Column(sql.String(64), primary_key=True)
+    value = sql.Column(JsonBlob(), nullable=True)
+
+    def to_dict(self):
+        return {
+            "name": self.value["name"],
+            "description": self.value.get("description", ""),
+            "subject_categories": self.value.get("subject_categories", list()),
+            "object_categories": self.value.get("object_categories", list()),
+            "action_categories": self.value.get("action_categories", list()),
+        }
+
+
+class Rule(Base, DictBase):
+    __tablename__ = 'rules'
+    attributes = ['id', 'rule', 'policy_id', 'meta_rule_id']
+    id = sql.Column(sql.String(64), primary_key=True)
+    rule = sql.Column(JsonBlob(), nullable=True)
+    policy_id = sql.Column(sql.ForeignKey("policies.id"), nullable=False)
+    meta_rule_id = sql.Column(sql.ForeignKey("meta_rules.id"), nullable=False)
+
+    def to_dict(self):
+        return {
+            'id': self.id,
+            'rule': self.rule["rule"],
+            'enabled': self.rule["enabled"],
+            'policy_id': self.policy_id,
+            'meta_rule_id': self.meta_rule_id
+        }
+
+    def __repr__(self):
+        return "{}".format(self.rule)
+
+
+@contextmanager
+def session_scope(engine):
+    """Provide a transactional scope around a series of operations."""
+    if type(engine) is str:
+        echo = True if CONF.debug else False
+        engine = create_engine(engine, echo=echo)
+    session = sessionmaker(bind=engine)()
+    try:
+        yield session
+        session.commit()
+    except:
+        session.rollback()
+        raise
+    finally:
+        session.close()
+
+
+class BaseConnector(object):
+    """Provide a base connector to connect them all"""
+    engine = ""
+
+    def __init__(self, engine_name):
+        echo = True if CONF.debug else False
+        self.engine = create_engine(engine_name, echo=echo)
+
+    def init_db(self):
+        Base.metadata.create_all(self.engine)
+
+    def set_engine(self, engine_name):
+        self.engine = engine_name
+
+    def get_session(self):
+        return session_scope(self.engine)
+
+    def get_session_for_read(self):
+        return self.get_session()
+
+    def get_session_for_write(self):
+        return self.get_session()
+
+
+class PDPConnector(BaseConnector, PDPDriver):
+
+    def update_pdp(self, pdp_id, value):
+        with self.get_session_for_write() as session:
+            query = session.query(PDP)
+            query = query.filter_by(id=pdp_id)
+            ref = query.first()
+            if ref:
+                d = dict(ref.value)
+                d.update(value)
+                setattr(ref, "value", d)
+            return {ref.id: ref.to_dict()}
+
+    def delete_pdp(self, pdp_id):
+        with self.get_session_for_write() as session:
+            ref = session.query(PDP).get(pdp_id)
+            session.delete(ref)
+
+    def add_pdp(self, pdp_id=None, value=None):
+        with self.get_session_for_write() as session:
+            new = PDP.from_dict({
+                "id": pdp_id if pdp_id else uuid4().hex,
+                "value": value
+            })
+            session.add(new)
+            return {new.id: new.to_dict()}
+
+    def get_pdp(self, pdp_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(PDP)
+            if pdp_id:
+                query = query.filter_by(id=pdp_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+
+class PolicyConnector(BaseConnector, PolicyDriver):
+
+    def update_policy(self, policy_id, value):
+        with self.get_session_for_write() as session:
+            query = session.query(Policy)
+            query = query.filter_by(id=policy_id)
+            ref = query.first()
+            if ref:
+                d = dict(ref.value)
+                d.update(value)
+                setattr(ref, "value", d)
+            return {ref.id: ref.to_dict()}
+
+    def delete_policy(self, policy_id):
+        with self.get_session_for_write() as session:
+            ref = session.query(Policy).get(policy_id)
+            session.delete(ref)
+
+    def add_policy(self, policy_id=None, value=None):
+        with self.get_session_for_write() as session:
+            new = Policy.from_dict({
+                "id": policy_id if policy_id else uuid4().hex,
+                "value": value
+            })
+            session.add(new)
+            return {new.id: new.to_dict()}
+
+    def get_policies(self, policy_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(Policy)
+            if policy_id:
+                query = query.filter_by(id=policy_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def get_subjects(self, policy_id, perimeter_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(Subject)
+            ref_list = copy.deepcopy(query.all())
+            if perimeter_id:
+                for _ref in ref_list:
+                    _ref_value = _ref.to_return()
+                    if perimeter_id == _ref.id:
+                        if policy_id and policy_id in _ref_value["policy_list"]:
+                            return {_ref.id: _ref_value}
+                        else:
+                            return {}
+            elif policy_id:
+                results = []
+                for _ref in ref_list:
+                    _ref_value = _ref.to_return()
+                    if policy_id in _ref_value["policy_list"]:
+                        results.append(_ref)
+                return {_ref.id: _ref.to_return() for _ref in results}
+            return {_ref.id: _ref.to_return() for _ref in ref_list}
+
+    def set_subject(self, policy_id, perimeter_id=None, value=None):
+        _subject = None
+        with self.get_session_for_write() as session:
+            if perimeter_id:
+                query = session.query(Subject)
+                query = query.filter_by(id=perimeter_id)
+                _subject = query.first()
+            if not _subject:
+                if "policy_list" not in value or type(value["policy_list"]) is not list:
+                    value["policy_list"] = []
+                if policy_id and policy_id not in value["policy_list"]:
+                    value["policy_list"] = [policy_id, ]
+                new = Subject.from_dict({
+                    "id": perimeter_id if perimeter_id else uuid4().hex,
+                    "value": value
+                })
+                session.add(new)
+                return {new.id: new.to_return()}
+            else:
+                _value = copy.deepcopy(_subject.to_dict())
+                if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list:
+                    _value["value"]["policy_list"] = []
+                if policy_id and policy_id not in _value["value"]["policy_list"]:
+                    _value["value"]["policy_list"] = [policy_id, ]
+                new_subject = Subject.from_dict(_value)
+                # setattr(_subject, "value", _value["value"])
+                setattr(_subject, "value", getattr(new_subject, "value"))
+                return {_subject.id: _subject.to_return()}
+
+    def delete_subject(self, policy_id, perimeter_id):
+        with self.get_session_for_write() as session:
+            query = session.query(Subject)
+            query = query.filter_by(id=perimeter_id)
+            _subject = query.first()
+            if not _subject:
+                raise SubjectUnknown
+            old_subject = copy.deepcopy(_subject.to_dict())
+            # value = _subject.to_dict()
+            try:
+                old_subject["value"]["policy_list"].remove(policy_id)
+                new_user = Subject.from_dict(old_subject)
+                setattr(_subject, "value", getattr(new_user, "value"))
+            except ValueError:
+                if not _subject.value["policy_list"]:
+                    session.delete(_subject)
+
+    def get_objects(self, policy_id, perimeter_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(Object)
+            ref_list = copy.deepcopy(query.all())
+            if perimeter_id:
+                for _ref in ref_list:
+                    _ref_value = _ref.to_return()
+                    if perimeter_id == _ref.id:
+                        if policy_id and policy_id in _ref_value["policy_list"]:
+                            return {_ref.id: _ref_value}
+                        else:
+                            return {}
+            elif policy_id:
+                results = []
+                for _ref in ref_list:
+                    _ref_value = _ref.to_return()
+                    if policy_id in _ref_value["policy_list"]:
+                        results.append(_ref)
+                return {_ref.id: _ref.to_return() for _ref in results}
+            return {_ref.id: _ref.to_return() for _ref in ref_list}
+
+    def set_object(self, policy_id, perimeter_id=None, value=None):
+        _object = None
+        with self.get_session_for_write() as session:
+            if perimeter_id:
+                query = session.query(Object)
+                query = query.filter_by(id=perimeter_id)
+                _object = query.first()
+            if not _object:
+                if "policy_list" not in value or type(value["policy_list"]) is not list:
+                    value["policy_list"] = []
+                if policy_id and policy_id not in value["policy_list"]:
+                    value["policy_list"] = [policy_id, ]
+                new = Object.from_dict({
+                    "id": perimeter_id if perimeter_id else uuid4().hex,
+                    "value": value
+                })
+                session.add(new)
+                return {new.id: new.to_return()}
+            else:
+                _value = copy.deepcopy(_object.to_dict())
+                if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list:
+                    _value["value"]["policy_list"] = []
+                if policy_id and policy_id not in _value["value"]["policy_list"]:
+                    _value["value"]["policy_list"] = [policy_id, ]
+                new_object = Object.from_dict(_value)
+                # setattr(_object, "value", _value["value"])
+                setattr(_object, "value", getattr(new_object, "value"))
+                return {_object.id: _object.to_return()}
+
+    def delete_object(self, policy_id, perimeter_id):
+        with self.get_session_for_write() as session:
+            query = session.query(Object)
+            query = query.filter_by(id=perimeter_id)
+            _object = query.first()
+            if not _object:
+                raise ObjectUnknown
+            old_object = copy.deepcopy(_object.to_dict())
+            # value = _object.to_dict()
+            try:
+                old_object["value"]["policy_list"].remove(policy_id)
+                new_user = Object.from_dict(old_object)
+                setattr(_object, "value", getattr(new_user, "value"))
+            except ValueError:
+                if not _object.value["policy_list"]:
+                    session.delete(_object)
+
+    def get_actions(self, policy_id, perimeter_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(Action)
+            ref_list = copy.deepcopy(query.all())
+            if perimeter_id:
+                for _ref in ref_list:
+                    _ref_value = _ref.to_return()
+                    if perimeter_id == _ref.id:
+                        if policy_id and policy_id in _ref_value["policy_list"]:
+                            return {_ref.id: _ref_value}
+                        else:
+                            return {}
+            elif policy_id:
+                results = []
+                for _ref in ref_list:
+                    _ref_value = _ref.to_return()
+                    if policy_id in _ref_value["policy_list"]:
+                        results.append(_ref)
+                return {_ref.id: _ref.to_return() for _ref in results}
+            return {_ref.id: _ref.to_return() for _ref in ref_list}
+
+    def set_action(self, policy_id, perimeter_id=None, value=None):
+        _action = None
+        with self.get_session_for_write() as session:
+            if perimeter_id:
+                query = session.query(Action)
+                query = query.filter_by(id=perimeter_id)
+                _action = query.first()
+            if not _action:
+                if "policy_list" not in value or type(value["policy_list"]) is not list:
+                    value["policy_list"] = []
+                if policy_id and policy_id not in value["policy_list"]:
+                    value["policy_list"] = [policy_id, ]
+                new = Action.from_dict({
+                    "id": perimeter_id if perimeter_id else uuid4().hex,
+                    "value": value
+                })
+                session.add(new)
+                return {new.id: new.to_return()}
+            else:
+                _value = copy.deepcopy(_action.to_dict())
+                if "policy_list" not in _value["value"] or type(_value["value"]["policy_list"]) is not list:
+                    _value["value"]["policy_list"] = []
+                if policy_id and policy_id not in _value["value"]["policy_list"]:
+                    _value["value"]["policy_list"] = [policy_id, ]
+                new_action = Action.from_dict(_value)
+                # setattr(_action, "value", _value["value"])
+                setattr(_action, "value", getattr(new_action, "value"))
+                return {_action.id: _action.to_return()}
+
+    def delete_action(self, policy_id, perimeter_id):
+        with self.get_session_for_write() as session:
+            query = session.query(Action)
+            query = query.filter_by(id=perimeter_id)
+            _action = query.first()
+            if not _action:
+                raise ActionUnknown
+            old_action = copy.deepcopy(_action.to_dict())
+            # value = _action.to_dict()
+            try:
+                old_action["value"]["policy_list"].remove(policy_id)
+                new_user = Action.from_dict(old_action)
+                setattr(_action, "value", getattr(new_user, "value"))
+            except ValueError:
+                if not _action.value["policy_list"]:
+                    session.delete(_action)
+
+    def get_subject_data(self, policy_id, data_id=None, category_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(SubjectData)
+            if data_id:
+                query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+            else:
+                query = query.filter_by(policy_id=policy_id, category_id=category_id)
+            ref_list = query.all()
+            return {
+                "policy_id": policy_id,
+                "category_id": category_id,
+                "data": {_ref.id: _ref.to_dict() for _ref in ref_list}
+            }
+
+    def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectData)
+            query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+            ref = query.first()
+            if not ref:
+                new_ref = SubjectData.from_dict(
+                    {
+                        "id": data_id if data_id else uuid4().hex,
+                        'value': value,
+                        'category_id': category_id,
+                        'policy_id': policy_id,
+                    }
+                )
+                session.add(new_ref)
+                ref = new_ref
+            else:
+                for attr in Subject.attributes:
+                    if attr != 'id':
+                        setattr(ref, attr, getattr(ref, attr))
+            # session.flush()
+            return {
+                "policy_id": policy_id,
+                "category_id": category_id,
+                "data": {ref.id: ref.to_dict()}
+            }
+
+    def delete_subject_data(self, policy_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectData)
+            query = query.filter_by(policy_id=policy_id, id=data_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+    def get_object_data(self, policy_id, data_id=None, category_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(ObjectData)
+            if data_id:
+                query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+            else:
+                query = query.filter_by(policy_id=policy_id, category_id=category_id)
+            ref_list = query.all()
+            return {
+                "policy_id": policy_id,
+                "category_id": category_id,
+                "data": {_ref.id: _ref.to_dict() for _ref in ref_list}
+            }
+
+    def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectData)
+            query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+            ref = query.first()
+            if not ref:
+                new_ref = ObjectData.from_dict(
+                    {
+                        "id": data_id if data_id else uuid4().hex,
+                        'value': value,
+                        'category_id': category_id,
+                        'policy_id': policy_id,
+                    }
+                )
+                session.add(new_ref)
+                ref = new_ref
+            else:
+                for attr in Object.attributes:
+                    if attr != 'id':
+                        setattr(ref, attr, getattr(ref, attr))
+            # session.flush()
+            return {
+                "policy_id": policy_id,
+                "category_id": category_id,
+                "data": {ref.id: ref.to_dict()}
+            }
+
+    def delete_object_data(self, policy_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectData)
+            query = query.filter_by(policy_id=policy_id, id=data_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+    def get_action_data(self, policy_id, data_id=None, category_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(ActionData)
+            if data_id:
+                query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+            else:
+                query = query.filter_by(policy_id=policy_id, category_id=category_id)
+            ref_list = query.all()
+            return {
+                "policy_id": policy_id,
+                "category_id": category_id,
+                "data": {_ref.id: _ref.to_dict() for _ref in ref_list}
+            }
+
+    def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionData)
+            query = query.filter_by(policy_id=policy_id, id=data_id, category_id=category_id)
+            ref = query.first()
+            if not ref:
+                new_ref = ActionData.from_dict(
+                    {
+                        "id": data_id if data_id else uuid4().hex,
+                        'value': value,
+                        'category_id': category_id,
+                        'policy_id': policy_id,
+                    }
+                )
+                session.add(new_ref)
+                ref = new_ref
+            else:
+                for attr in Action.attributes:
+                    if attr != 'id':
+                        setattr(ref, attr, getattr(ref, attr))
+            # session.flush()
+            return {
+                "policy_id": policy_id,
+                "category_id": category_id,
+                "data": {ref.id: ref.to_dict()}
+            }
+
+    def delete_action_data(self, policy_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionData)
+            query = query.filter_by(policy_id=policy_id, id=data_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+    def get_subject_assignments(self, policy_id, subject_id=None, category_id=None):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectAssignment)
+            if subject_id and category_id:
+                query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id)
+            elif subject_id:
+                query = query.filter_by(policy_id=policy_id, subject_id=subject_id)
+            else:
+                query = query.filter_by(policy_id=policy_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def add_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectAssignment)
+            query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id)
+            ref = query.first()
+            if ref:
+                old_ref = copy.deepcopy(ref.to_dict())
+                assignments = old_ref["assignments"]
+                assignments.append(data_id)
+                setattr(ref, "assignments", assignments)
+            else:
+                ref = SubjectAssignment.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "policy_id": policy_id,
+                        "subject_id": subject_id,
+                        "category_id": category_id,
+                        "assignments": [data_id, ],
+                    }
+                )
+                session.add(ref)
+            return {ref.id: ref.to_dict()}
+
+    def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectAssignment)
+            query = query.filter_by(policy_id=policy_id, subject_id=subject_id, category_id=category_id)
+            ref = query.first()
+            if ref:
+                old_ref = copy.deepcopy(ref.to_dict())
+                assignments = old_ref["assignments"]
+                # TODO (asteroide): if data_id is None, delete all
+                if data_id in assignments:
+                    assignments.remove(data_id)
+                    # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+                    setattr(ref, "assignments", assignments)
+                if not assignments:
+                    session.delete(ref)
+
+    def get_object_assignments(self, policy_id, object_id=None, category_id=None):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectAssignment)
+            if object_id and category_id:
+                query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id)
+            elif object_id:
+                query = query.filter_by(policy_id=policy_id, object_id=object_id)
+            else:
+                query = query.filter_by(policy_id=policy_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def add_object_assignment(self, policy_id, object_id, category_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectAssignment)
+            query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id)
+            ref = query.first()
+            if ref:
+                old_ref = copy.deepcopy(ref.to_dict())
+                assignments = old_ref["assignments"]
+                assignments.append(data_id)
+                setattr(ref, "assignments", assignments)
+            else:
+                ref = ObjectAssignment.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "policy_id": policy_id,
+                        "object_id": object_id,
+                        "category_id": category_id,
+                        "assignments": [data_id, ],
+                    }
+                )
+                session.add(ref)
+            return {ref.id: ref.to_dict()}
+
+    def delete_object_assignment(self, policy_id, object_id, category_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectAssignment)
+            query = query.filter_by(policy_id=policy_id, object_id=object_id, category_id=category_id)
+            ref = query.first()
+            if ref:
+                old_ref = copy.deepcopy(ref.to_dict())
+                assignments = old_ref["assignments"]
+                # TODO (asteroide): if data_id is None, delete all
+                if data_id in assignments:
+                    assignments.remove(data_id)
+                    # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+                    setattr(ref, "assignments", assignments)
+                if not assignments:
+                    session.delete(ref)
+
+    def get_action_assignments(self, policy_id, action_id=None, category_id=None):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionAssignment)
+            if action_id and category_id:
+                query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id)
+            elif action_id:
+                query = query.filter_by(policy_id=policy_id, action_id=action_id)
+            else:
+                query = query.filter_by(policy_id=policy_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def add_action_assignment(self, policy_id, action_id, category_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionAssignment)
+            query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id)
+            ref = query.first()
+            if ref:
+                old_ref = copy.deepcopy(ref.to_dict())
+                assignments = old_ref["assignments"]
+                assignments.append(data_id)
+                # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+                setattr(ref, "assignments", assignments)
+            else:
+                ref = ActionAssignment.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "policy_id": policy_id,
+                        "action_id": action_id,
+                        "category_id": category_id,
+                        "assignments": [data_id, ],
+                    }
+                )
+                session.add(ref)
+            return {ref.id: ref.to_dict()}
+
+    def delete_action_assignment(self, policy_id, action_id, category_id, data_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionAssignment)
+            query = query.filter_by(policy_id=policy_id, action_id=action_id, category_id=category_id)
+            ref = query.first()
+            if ref:
+                old_ref = copy.deepcopy(ref.to_dict())
+                assignments = old_ref["assignments"]
+                # TODO (asteroide): if data_id is None, delete all
+                if data_id in assignments:
+                    assignments.remove(data_id)
+                    # FIXME (asteroide): the setattr doesn't work here ; the assignments is not updated in the database
+                    setattr(ref, "assignments", assignments)
+                if not assignments:
+                    session.delete(ref)
+
+    def get_rules(self, policy_id, rule_id=None, meta_rule_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(Rule)
+            if rule_id:
+                query = query.filter_by(policy_id=policy_id, rule_id=rule_id)
+                ref = query.first()
+                return {ref.id: ref.to_dict()}
+            elif meta_rule_id:
+                query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id)
+                ref_list = query.all()
+                return {
+                    "meta_rule_id": meta_rule_id,
+                    "policy_id": policy_id,
+                    "rules": list(map(lambda x: x.to_dict(), ref_list))
+                }
+            else:
+                query = query.filter_by(policy_id=policy_id)
+                ref_list = query.all()
+                return {
+                    "policy_id": policy_id,
+                    "rules": list(map(lambda x: x.to_dict(), ref_list))
+                }
+
+    def add_rule(self, policy_id, meta_rule_id, value):
+        with self.get_session_for_write() as session:
+            query = session.query(Rule)
+            query = query.filter_by(policy_id=policy_id, meta_rule_id=meta_rule_id)
+            ref_list = query.all()
+            LOG.info("add_rule {}".format(ref_list))
+            LOG.info("add_rule {}".format(value))
+            rules = list(map(lambda x: x.rule, ref_list))
+            LOG.info("add_rule rules={}".format(rules))
+            if not rules or value not in rules:
+                LOG.info("add_rule IN IF")
+                ref = Rule.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "policy_id": policy_id,
+                        "meta_rule_id": meta_rule_id,
+                        "rule": value
+                    }
+                )
+                session.add(ref)
+                return {ref.id: ref.to_dict()}
+            return {}
+
+    def delete_rule(self, policy_id, rule_id):
+        with self.get_session_for_write() as session:
+            query = session.query(Rule)
+            query = query.filter_by(policy_id=policy_id, id=rule_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+
+class ModelConnector(BaseConnector, ModelDriver):
+
+    def update_model(self, model_id, value):
+        with self.get_session_for_write() as session:
+            query = session.query(Model)
+            if model_id:
+                query = query.filter_by(id=model_id)
+            ref = query.first()
+            if ref:
+                d = dict(ref.value)
+                d.update(value)
+                setattr(ref, "value", d)
+            return {ref.id: ref.to_dict()}
+
+    def delete_model(self, model_id):
+        with self.get_session_for_write() as session:
+            ref = session.query(Model).get(model_id)
+            session.delete(ref)
+
+    def add_model(self, model_id=None, value=None):
+        with self.get_session_for_write() as session:
+            new = Model.from_dict({
+                "id": model_id if model_id else uuid4().hex,
+                "value": value
+            })
+            session.add(new)
+            return {new.id: new.to_dict()}
+
+    def get_models(self, model_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(Model)
+            if model_id:
+                ref_list = query.filter(Model.id == model_id)
+            else:
+                ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def set_meta_rule(self, meta_rule_id, value):
+        with self.get_session_for_write() as session:
+            query = session.query(MetaRule)
+            query = query.filter_by(id=meta_rule_id)
+            ref = query.first()
+            if not ref:
+                ref = MetaRule.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "value": value
+                    }
+                )
+                session.add(ref)
+            else:
+                setattr(ref, "value", value)
+            return {ref.id: ref.to_dict()}
+
+    def get_meta_rules(self, meta_rule_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(MetaRule)
+            if meta_rule_id:
+                query = query.filter_by(id=meta_rule_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def delete_meta_rule(self, meta_rule_id=None):
+        with self.get_session_for_write() as session:
+            query = session.query(MetaRule)
+            query = query.filter_by(id=meta_rule_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+    def get_subject_categories(self, category_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(SubjectCategory)
+            if category_id:
+                query = query.filter_by(id=category_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def add_subject_category(self, name, description):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectCategory)
+            query = query.filter_by(name=name)
+            ref = query.first()
+            if not ref:
+                ref = SubjectCategory.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "name": name,
+                        "description": description
+                    }
+                )
+                session.add(ref)
+            return {ref.id: ref.to_dict()}
+
+    def delete_subject_category(self, category_id):
+        with self.get_session_for_write() as session:
+            query = session.query(SubjectCategory)
+            query = query.filter_by(id=category_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+    def get_object_categories(self, category_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(ObjectCategory)
+            if category_id:
+                query = query.filter_by(id=category_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def add_object_category(self, name, description):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectCategory)
+            query = query.filter_by(name=name)
+            ref = query.first()
+            if not ref:
+                ref = ObjectCategory.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "name": name,
+                        "description": description
+                    }
+                )
+                session.add(ref)
+            return {ref.id: ref.to_dict()}
+
+    def delete_object_category(self, category_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ObjectCategory)
+            query = query.filter_by(id=category_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+
+    def get_action_categories(self, category_id=None):
+        with self.get_session_for_read() as session:
+            query = session.query(ActionCategory)
+            if category_id:
+                query = query.filter_by(id=category_id)
+            ref_list = query.all()
+            return {_ref.id: _ref.to_dict() for _ref in ref_list}
+
+    def add_action_category(self, name, description):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionCategory)
+            query = query.filter_by(name=name)
+            ref = query.first()
+            if not ref:
+                ref = ActionCategory.from_dict(
+                    {
+                        "id": uuid4().hex,
+                        "name": name,
+                        "description": description
+                    }
+                )
+                session.add(ref)
+            return {ref.id: ref.to_dict()}
+
+    def delete_action_category(self, category_id):
+        with self.get_session_for_write() as session:
+            query = session.query(ActionCategory)
+            query = query.filter_by(id=category_id)
+            ref = query.first()
+            if ref:
+                session.delete(ref)
+    # Getter and Setter for subject_category
+
+    # def get_subject_categories_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(SubjectCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.subject_category for _ref in ref_list}
+    #
+    # def set_subject_category_dict(self, intra_extension_id, subject_category_id, subject_category_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubjectCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id)
+    #         ref = query.first()
+    #         new_ref = SubjectCategory.from_dict(
+    #             {
+    #                 "id": subject_category_id,
+    #                 'subject_category': subject_category_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in SubjectCategory.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # # session.flush()
+    #         return {subject_category_id: SubjectCategory.to_dict(ref)['subject_category']}
+    #
+    # def del_subject_category(self, intra_extension_id, subject_category_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubjectCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_category_id)
+    #         ref = query.first()
+    #         self.del_subject_assignment(intra_extension_id, None, None, None)
+    #         session.delete(ref)
+    #
+    # # Getter and Setter for object_category
+    #
+    # def get_object_categories_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(ObjectCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.object_category for _ref in ref_list}
+    #
+    # def set_object_category_dict(self, intra_extension_id, object_category_id, object_category_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ObjectCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id)
+    #         ref = query.first()
+    #         new_ref = ObjectCategory.from_dict(
+    #             {
+    #                 "id": object_category_id,
+    #                 'object_category': object_category_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in ObjectCategory.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {object_category_id: ObjectCategory.to_dict(ref)['object_category']}
+    #
+    # def del_object_category(self, intra_extension_id, object_category_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ObjectCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=object_category_id)
+    #         ref = query.first()
+    #         self.del_object_assignment(intra_extension_id, None, None, None)
+    #         session.delete(ref)
+    #
+    # # Getter and Setter for action_category
+    #
+    # def get_action_categories_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(ActionCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.action_category for _ref in ref_list}
+    #
+    # def set_action_category_dict(self, intra_extension_id, action_category_id, action_category_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ActionCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id)
+    #         ref = query.first()
+    #         new_ref = ActionCategory.from_dict(
+    #             {
+    #                 "id": action_category_id,
+    #                 'action_category': action_category_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in ActionCategory.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {action_category_id: ActionCategory.to_dict(ref)['action_category']}
+    #
+    # def del_action_category(self, intra_extension_id, action_category_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ActionCategory)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=action_category_id)
+    #         ref = query.first()
+    #         self.del_action_assignment(intra_extension_id, None, None, None)
+    #         session.delete(ref)
+
+    # Perimeter
+
+    # def get_subjects_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(Subject)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.subject for _ref in ref_list}
+    #
+    # def set_subject_dict(self, intra_extension_id, subject_id, subject_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Subject)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id)
+    #         ref = query.first()
+    #         # if 'id' in subject_dict:
+    #         #     subject_dict['id'] = subject_id
+    #         new_ref = Subject.from_dict(
+    #             {
+    #                 "id": subject_id,
+    #                 'subject': subject_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Subject.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {subject_id: Subject.to_dict(ref)['subject']}
+    #
+    # def del_subject(self, intra_extension_id, subject_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Subject)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=subject_id)
+    #         ref = query.first()
+    #         session.delete(ref)
+    #
+    # def get_objects_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(Object)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.object for _ref in ref_list}
+    #
+    # def set_object_dict(self, intra_extension_id, object_id, object_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Object)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id)
+    #         ref = query.first()
+    #         new_ref = Object.from_dict(
+    #             {
+    #                 "id": object_id,
+    #                 'object': object_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Object.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {object_id: Object.to_dict(ref)['object']}
+    #
+    # def del_object(self, intra_extension_id, object_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Object)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=object_id)
+    #         ref = query.first()
+    #         session.delete(ref)
+    #
+    # def get_actions_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(Action)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.action for _ref in ref_list}
+    #
+    # def set_action_dict(self, intra_extension_id, action_id, action_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Action)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id)
+    #         ref = query.first()
+    #         new_ref = Action.from_dict(
+    #             {
+    #                 "id": action_id,
+    #                 'action': action_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Action.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {action_id: Action.to_dict(ref)['action']}
+    #
+    # def del_action(self, intra_extension_id, action_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Action)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=action_id)
+    #         ref = query.first()
+    #         session.delete(ref)
+
+    # Getter and Setter for subject_scope
+
+    # def get_subject_scopes_dict(self, intra_extension_id, subject_category_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(SubjectScope)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.subject_scope for _ref in ref_list}
+    #
+    # def set_subject_scope_dict(self, intra_extension_id, subject_category_id, subject_scope_id, subject_scope_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubjectScope)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id)
+    #         ref = query.first()
+    #         new_ref = SubjectScope.from_dict(
+    #             {
+    #                 "id": subject_scope_id,
+    #                 'subject_scope': subject_scope_dict,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'subject_category_id': subject_category_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Subject.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {subject_scope_id: SubjectScope.to_dict(ref)['subject_scope']}
+    #
+    # def del_subject_scope(self, intra_extension_id, subject_category_id, subject_scope_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubjectScope)
+    #         if not subject_category_id or not subject_scope_id:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id)
+    #             for ref in query.all():
+    #                 session.delete(ref)
+    #         else:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id, subject_category_id=subject_category_id, id=subject_scope_id)
+    #             ref = query.first()
+    #             session.delete(ref)
+    #
+    # # Getter and Setter for object_category_scope
+    #
+    # def get_object_scopes_dict(self, intra_extension_id, object_category_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(ObjectScope)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.object_scope for _ref in ref_list}
+    #
+    # def set_object_scope_dict(self, intra_extension_id, object_category_id, object_scope_id, object_scope_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ObjectScope)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id)
+    #         ref = query.first()
+    #         new_ref = ObjectScope.from_dict(
+    #             {
+    #                 "id": object_scope_id,
+    #                 'object_scope': object_scope_dict,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'object_category_id': object_category_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Object.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {object_scope_id: ObjectScope.to_dict(ref)['object_scope']}
+    #
+    # def del_object_scope(self, intra_extension_id, object_category_id, object_scope_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ObjectScope)
+    #         if not object_category_id or not object_scope_id:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id)
+    #             for ref in query.all():
+    #                 session.delete(ref)
+    #         else:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id, object_category_id=object_category_id, id=object_scope_id)
+    #             ref = query.first()
+    #             session.delete(ref)
+    #
+    # # Getter and Setter for action_scope
+    #
+    # def get_action_scopes_dict(self, intra_extension_id, action_category_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(ActionScope)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.action_scope for _ref in ref_list}
+    #
+    # def set_action_scope_dict(self, intra_extension_id, action_category_id, action_scope_id, action_scope_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ActionScope)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id)
+    #         ref = query.first()
+    #         new_ref = ActionScope.from_dict(
+    #             {
+    #                 "id": action_scope_id,
+    #                 'action_scope': action_scope_dict,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'action_category_id': action_category_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Action.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {action_scope_id: ActionScope.to_dict(ref)['action_scope']}
+    #
+    # def del_action_scope(self, intra_extension_id, action_category_id, action_scope_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ActionScope)
+    #         if not action_category_id or not action_scope_id:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id)
+    #             for ref in query.all():
+    #                 session.delete(ref)
+    #         else:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id, action_category_id=action_category_id, id=action_scope_id)
+    #             ref = query.first()
+    #             session.delete(ref)
+    #
+    # # Getter and Setter for subject_category_assignment
+    #
+    # def get_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(SubjectAssignment)
+    #         if not subject_id or not subject_category_id or not subject_category_id:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id)
+    #             ref = query.all()
+    #             return ref
+    #         else:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id)
+    #             ref = query.first()
+    #         if not ref:
+    #             return list()
+    #         LOG.info("get_subject_assignment_list {}".format(ref.subject_assignment))
+    #         return list(ref.subject_assignment)
+    #
+    # def set_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_assignment_list=[]):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubjectAssignment)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, subject_id=subject_id, subject_category_id=subject_category_id)
+    #         ref = query.first()
+    #         new_ref = SubjectAssignment.from_dict(
+    #             {
+    #                 "id": uuid4().hex,
+    #                 'subject_assignment': subject_assignment_list,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'subject_id': subject_id,
+    #                 'subject_category_id': subject_category_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in SubjectAssignment.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return subject_assignment_list
+    #
+    # def add_subject_assignment_list(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+    #     new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id)
+    #     if subject_scope_id not in new_subject_assignment_list:
+    #         new_subject_assignment_list.append(subject_scope_id)
+    #     return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list)
+    #
+    # def del_subject_assignment(self, intra_extension_id, subject_id, subject_category_id, subject_scope_id):
+    #     if not subject_id or not subject_category_id or not subject_category_id:
+    #         with self.get_session_for_write() as session:
+    #             for ref in self.get_subject_assignment_list(intra_extension_id, None, None):
+    #                 session.delete(ref)
+    #             session.flush()
+    #             return
+    #     new_subject_assignment_list = self.get_subject_assignment_list(intra_extension_id, subject_id, subject_category_id)
+    #     new_subject_assignment_list.remove(subject_scope_id)
+    #     return self.set_subject_assignment_list(intra_extension_id, subject_id, subject_category_id, new_subject_assignment_list)
+    #
+    # # Getter and Setter for object_category_assignment
+    #
+    # def get_object_assignment_list(self, intra_extension_id, object_id, object_category_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(ObjectAssignment)
+    #         if not object_id or not object_category_id or not object_category_id:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id)
+    #             ref = query.all()
+    #             return ref
+    #         else:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id)
+    #             ref = query.first()
+    #         if not ref:
+    #             return list()
+    #         return list(ref.object_assignment)
+    #
+    # def set_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_assignment_list=[]):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ObjectAssignment)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, object_id=object_id, object_category_id=object_category_id)
+    #         ref = query.first()
+    #         new_ref = ObjectAssignment.from_dict(
+    #             {
+    #                 "id": uuid4().hex,
+    #                 'object_assignment': object_assignment_list,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'object_id': object_id,
+    #                 'object_category_id': object_category_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #         else:
+    #             for attr in ObjectAssignment.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
+    #
+    # def add_object_assignment_list(self, intra_extension_id, object_id, object_category_id, object_scope_id):
+    #     new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
+    #     if object_scope_id not in new_object_assignment_list:
+    #         new_object_assignment_list.append(object_scope_id)
+    #     return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list)
+    #
+    # def del_object_assignment(self, intra_extension_id, object_id, object_category_id, object_scope_id):
+    #     if not object_id or not object_category_id or not object_category_id:
+    #         with self.get_session_for_write() as session:
+    #             for ref in self.get_object_assignment_list(intra_extension_id, None, None):
+    #                 session.delete(ref)
+    #             session.flush()
+    #             return
+    #     new_object_assignment_list = self.get_object_assignment_list(intra_extension_id, object_id, object_category_id)
+    #     new_object_assignment_list.remove(object_scope_id)
+    #     return self.set_object_assignment_list(intra_extension_id, object_id, object_category_id, new_object_assignment_list)
+    #
+    # # Getter and Setter for action_category_assignment
+    #
+    # def get_action_assignment_list(self, intra_extension_id, action_id, action_category_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(ActionAssignment)
+    #         if not action_id or not action_category_id or not action_category_id:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id)
+    #             ref = query.all()
+    #             return ref
+    #         else:
+    #             query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id)
+    #             ref = query.first()
+    #         if not ref:
+    #             return list()
+    #         return list(ref.action_assignment)
+    #
+    # def set_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_assignment_list=[]):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(ActionAssignment)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, action_id=action_id, action_category_id=action_category_id)
+    #         ref = query.first()
+    #         new_ref = ActionAssignment.from_dict(
+    #             {
+    #                 "id": uuid4().hex,
+    #                 'action_assignment': action_assignment_list,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'action_id': action_id,
+    #                 'action_category_id': action_category_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #         else:
+    #             for attr in ActionAssignment.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
+    #
+    # def add_action_assignment_list(self, intra_extension_id, action_id, action_category_id, action_scope_id):
+    #     new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
+    #     if action_scope_id not in new_action_assignment_list:
+    #         new_action_assignment_list.append(action_scope_id)
+    #     return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list)
+    #
+    # def del_action_assignment(self, intra_extension_id, action_id, action_category_id, action_scope_id):
+    #     if not action_id or not action_category_id or not action_category_id:
+    #         with self.get_session_for_write() as session:
+    #             for ref in self.get_action_assignment_list(intra_extension_id, None, None):
+    #                 session.delete(ref)
+    #             session.flush()
+    #             return
+    #     new_action_assignment_list = self.get_action_assignment_list(intra_extension_id, action_id, action_category_id)
+    #     new_action_assignment_list.remove(action_scope_id)
+    #     return self.set_action_assignment_list(intra_extension_id, action_id, action_category_id, new_action_assignment_list)
+    #
+    # # Getter and Setter for sub_meta_rule
+    #
+    # def get_aggregation_algorithm_id(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(IntraExtension)
+    #         query = query.filter_by(id=intra_extension_id)
+    #         ref = query.first()
+    #         try:
+    #             return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
+    #         except KeyError:
+    #             return ""
+    #
+    # def set_aggregation_algorithm_id(self, intra_extension_id, aggregation_algorithm_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(IntraExtension)
+    #         query = query.filter_by(id=intra_extension_id)
+    #         ref = query.first()
+    #         intra_extension_dict = dict(ref.intra_extension)
+    #         intra_extension_dict["aggregation_algorithm"] = aggregation_algorithm_id
+    #         setattr(ref, "intra_extension", intra_extension_dict)
+    #         # session.flush()
+    #         return {"aggregation_algorithm": ref.intra_extension["aggregation_algorithm"]}
+    #
+    # def del_aggregation_algorithm(self, intra_extension_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(IntraExtension)
+    #         query = query.filter_by(id=intra_extension_id)
+    #         ref = query.first()
+    #         intra_extension_dict = dict(ref.intra_extension)
+    #         intra_extension_dict["aggregation_algorithm"] = ""
+    #         setattr(ref, "intra_extension", intra_extension_dict)
+    #         return self.get_aggregation_algorithm_id(intra_extension_id)
+    #
+    # # Getter and Setter for sub_meta_rule
+    #
+    # def get_sub_meta_rules_dict(self, intra_extension_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(SubMetaRule)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.sub_meta_rule for _ref in ref_list}
+    #
+    # def set_sub_meta_rule_dict(self, intra_extension_id, sub_meta_rule_id, sub_meta_rule_dict):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubMetaRule)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
+    #         ref = query.first()
+    #         new_ref = SubMetaRule.from_dict(
+    #             {
+    #                 "id": sub_meta_rule_id,
+    #                 'sub_meta_rule': sub_meta_rule_dict,
+    #                 'intra_extension_id': intra_extension_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #         else:
+    #             _sub_meta_rule_dict = dict(ref.sub_meta_rule)
+    #             _sub_meta_rule_dict.update(sub_meta_rule_dict)
+    #             setattr(new_ref, "sub_meta_rule", _sub_meta_rule_dict)
+    #             for attr in SubMetaRule.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return self.get_sub_meta_rules_dict(intra_extension_id)
+    #
+    # def del_sub_meta_rule(self, intra_extension_id, sub_meta_rule_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(SubMetaRule)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, id=sub_meta_rule_id)
+    #         ref = query.first()
+    #         session.delete(ref)
+    #
+    # # Getter and Setter for rules
+    #
+    # def get_rules_dict(self, intra_extension_id, sub_meta_rule_id):
+    #     with self.get_session_for_read() as session:
+    #         query = session.query(Rule)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id)
+    #         ref_list = query.all()
+    #         return {_ref.id: _ref.rule for _ref in ref_list}
+    #
+    # def set_rule_dict(self, intra_extension_id, sub_meta_rule_id, rule_id, rule_list):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Rule)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id)
+    #         ref = query.first()
+    #         new_ref = Rule.from_dict(
+    #             {
+    #                 "id": rule_id,
+    #                 'rule': rule_list,
+    #                 'intra_extension_id': intra_extension_id,
+    #                 'sub_meta_rule_id': sub_meta_rule_id
+    #             }
+    #         )
+    #         if not ref:
+    #             session.add(new_ref)
+    #             ref = new_ref
+    #         else:
+    #             for attr in Rule.attributes:
+    #                 if attr != 'id':
+    #                     setattr(ref, attr, getattr(new_ref, attr))
+    #         # session.flush()
+    #         return {rule_id: ref.rule}
+    #
+    # def del_rule(self, intra_extension_id, sub_meta_rule_id, rule_id):
+    #     with self.get_session_for_write() as session:
+    #         query = session.query(Rule)
+    #         query = query.filter_by(intra_extension_id=intra_extension_id, sub_meta_rule_id=sub_meta_rule_id, id=rule_id)
+    #         ref = query.first()
+    #         session.delete(ref)
+
+
+class SQLConnector(PDPConnector, PolicyConnector, ModelConnector):
+    pass
+
+# class InterExtension(Base):
+#     __tablename__ = 'inter_extension'
+#     attributes = [
+#         'id',
+#         'requesting_intra_extension_id',
+#         'requested_intra_extension_id',
+#         'virtual_entity_uuid',
+#         'genre',
+#         'description',
+#     ]
+#     id = sql.Column(sql.String(64), primary_key=True)
+#     requesting_intra_extension_id = sql.Column(sql.String(64))
+#     requested_intra_extension_id = sql.Column(sql.String(64))
+#     virtual_entity_uuid = sql.Column(sql.String(64))
+#     genre = sql.Column(sql.String(64))
+#     description = sql.Column(sql.Text())
+#
+#     @classmethod
+#     def from_dict(cls, d):
+#         """Override parent from_dict() method with a simpler implementation.
+#         """
+#         new_d = d.copy()
+#         return cls(**new_d)
+#
+#     def to_dict(self):
+#         """Override parent to_dict() method with a simpler implementation.
+#         """
+#         return dict(six.iteritems(self))
+#
+#
+# class InterExtensionBaseConnector(InterExtensionDriver):
+#
+#     def get_inter_extensions(self):
+#         with self.get_session_for_read() as session:
+#             query = session.query(InterExtension.id)
+#             interextensions = query.all()
+#             return [interextension.id for interextension in interextensions]
+#
+#     def create_inter_extensions(self, inter_id, inter_extension):
+#         with self.get_session_for_read() as session:
+#             ie_ref = InterExtension.from_dict(inter_extension)
+#             session.add(ie_ref)
+#         return InterExtension.to_dict(ie_ref)
+#
+#     def get_inter_extension(self, uuid):
+#         with self.get_session_for_read() as session:
+#             query = session.query(InterExtension)
+#             query = query.filter_by(id=uuid)
+#             ref = query.first()
+#             if not ref:
+#                 raise exception.NotFound
+#             return ref.to_dict()
+#
+#     def delete_inter_extensions(self, inter_extension_id):
+#         with self.get_session_for_read() as session:
+#             ref = session.query(InterExtension).get(inter_extension_id)
+#             session.delete(ref)
diff --git a/moonv4/moon_db/moon_db/core.py b/moonv4/moon_db/moon_db/core.py
new file mode 100644
index 00000000..09c87e0b
--- /dev/null
+++ b/moonv4/moon_db/moon_db/core.py
@@ -0,0 +1,303 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from moon_db.exception import *
+from oslo_log import log as logging
+from oslo_config import cfg
+from stevedore.driver import DriverManager
+from moon_utilities import options  # noqa
+from moon_db.api import model, policy, pdp, tenants, keystone
+
+CONF = cfg.CONF
+LOG = logging.getLogger(__name__)
+
+
+class Driver(DriverManager):
+
+    def __init__(self, driver_name, engine_name):
+        LOG.info("initialization of Driver {}".format(driver_name))
+        super(Driver, self).__init__(
+            namespace='moon_db.driver',
+            name=driver_name,
+            invoke_on_load=True,
+            invoke_args=(engine_name, ),
+        )
+
+
+class ModelDriver(Driver):
+
+    def __init__(self, driver_name, engine_name):
+        super(ModelDriver, self).__init__(driver_name, engine_name)
+
+    def update_model(self, model_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_model(self, model_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_model(self, model_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_models(self, model_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_meta_rule(self, meta_rule_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_meta_rules(self, meta_rule_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_meta_rule(self, meta_rule_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_subject_categories(self, category_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_subject_category(self, name, description):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_subject_category(self, category_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_object_categories(self, category_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_object_category(self, category_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_object_category(self, category_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_action_categories(self, category_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_action_category(self, category_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_action_category(self, category_id):
+        raise NotImplementedError()  # pragma: no cover
+
+
+class PolicyDriver(Driver):
+
+    def __init__(self, driver_name, engine_name):
+        super(PolicyDriver, self).__init__(driver_name, engine_name)
+
+    def update_policy(self, policy_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_policy(self, policy_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_policy(self, policy_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_policies(self, policy_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_subjects(self, policy_id, perimeter_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_subject(self, policy_id, perimeter_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_subject(self, policy_id, perimeter_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_objects(self, policy_id, perimeter_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_object(self, policy_id, perimeter_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_object(self, policy_id, perimeter_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_actions(self, policy_id, perimeter_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_action(self, policy_id, perimeter_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_action(self, policy_id, perimeter_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_subject_data(self, policy_id, data_id=None, category_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_subject_data(self, policy_id, data_id=None, category_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_subject_data(self, policy_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_object_data(self, policy_id, data_id=None, category_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_object_data(self, policy_id, data_id=None, category_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_object_data(self, policy_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_action_data(self, policy_id, data_id=None, category_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def set_action_data(self, policy_id, data_id=None, category_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_action_data(self, policy_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_subject_assignments(self, policy_id, subject_id=None, category_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_subject_assignment(self, policy_id, subject_id, category_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_object_assignments(self, policy_id, assignment_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_object_assignment(self, policy_id, subject_id, category_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_object_assignment(self, policy_id, object_id, category_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_action_assignments(self, policy_id, assignment_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_action_assignment(self, policy_id, action_id, category_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_action_assignment(self, policy_id, action_id, category_id, data_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_rules(self, policy_id, rule_id=None, meta_rule_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_rule(self, policy_id, meta_rule_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_rule(self, policy_id, rule_id):
+        raise NotImplementedError()  # pragma: no cover
+
+
+class PDPDriver(Driver):
+
+    def __init__(self, driver_name, engine_name):
+        super(PDPDriver, self).__init__(driver_name, engine_name)
+
+    def update_pdp(self, pdp_id, value):
+        raise NotImplementedError()  # pragma: no cover
+
+    def delete_pdp(self, pdp_id):
+        raise NotImplementedError()  # pragma: no cover
+
+    def add_pdp(self, pdp_id=None, value=None):
+        raise NotImplementedError()  # pragma: no cover
+
+    def get_pdp(self, pdp_id=None):
+        raise NotImplementedError()  # pragma: no cover
+
+
+class KeystoneDriver(Driver):
+
+    def __init__(self, driver_name, engine_name):
+        super(KeystoneDriver, self).__init__(driver_name, engine_name)
+
+
+# TODO (asteroide): we may use an other driver like the SQL driver
+# so we can change the driver to directly interrogate the Keystone database.
+KeystoneManager = keystone.KeystoneManager(
+    KeystoneDriver(CONF.database.driver, CONF.database.url)
+)
+
+# ConfigurationManager = configuration.ConfigurationManager(
+#     ConfigurationDriver(CONF.database_configuration.driver, CONF.database_configuration.url)
+# )
+
+ModelManager = model.ModelManager(
+    ModelDriver(CONF.database.driver, CONF.database.url)
+)
+
+PolicyManager = policy.PolicyManager(
+    PolicyDriver(CONF.database.driver, CONF.database.url)
+)
+
+PDPManager = pdp.PDPManager(
+    PDPDriver(CONF.database.driver, CONF.database.url)
+)
+
+
+# class LogDriver(object):
+#
+#     def authz(self, message):
+#         """Log authorization message
+#
+#         :param message: the message to log
+#         :type message: string
+#         :return: None
+#         """
+#         raise NotImplementedError()  # pragma: no cover
+#
+#     def debug(self, message):
+#         """Log debug message
+#
+#         :param message: the message to log
+#         :type message: string
+#         :return: None
+#         """
+#         raise NotImplementedError()  # pragma: no cover
+#
+#     def info(self, message):
+#         """Log informational message
+#
+#         :param message: the message to log
+#         :type message: string
+#         :return: None
+#         """
+#         raise NotImplementedError()  # pragma: no cover
+#
+#     def warning(self, message):
+#         """Log warning message
+#
+#         :param message: the message to log
+#         :type message: string
+#         :return: None
+#         """
+#         raise NotImplementedError()  # pragma: no cover
+#
+#     def error(self, message):
+#         """Log error message
+#
+#         :param message: the message to log
+#         :type message: string
+#         :return: None
+#         """
+#         raise NotImplementedError()  # pragma: no cover
+#
+#     def critical(self, message):
+#         """Log critical message
+#
+#         :param message: the message to log
+#         :type message: string
+#         :return: None
+#         """
+#         raise NotImplementedError()  # pragma: no cover
+#
+#     def get_logs(self, options):
+#         """Get logs
+#
+#         :param options: options to filter log events
+#         :type options: string eg: "event_number=10,from=2014-01-01-10:10:10,to=2014-01-01-12:10:10,filter=expression"
+#         :return: a list of log events
+#
+#         TIME_FORMAT is '%Y-%m-%d-%H:%M:%S'
+#         """
+#         raise NotImplementedError()  # pragma: no cover
diff --git a/moonv4/moon_db/moon_db/db_manager.py b/moonv4/moon_db/moon_db/db_manager.py
new file mode 100644
index 00000000..1b0034ee
--- /dev/null
+++ b/moonv4/moon_db/moon_db/db_manager.py
@@ -0,0 +1,47 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+"""
+"""
+
+import os
+import sys
+import glob
+import argparse
+import importlib
+from oslo_config import cfg
+from oslo_log import log as logging
+from sqlalchemy import create_engine
+from moon_db.migrate_repo import versions
+
+# Note (dthom): The next line must be called before the next import
+# aka before registering all the options
+cfg.CONF.register_cli_opt(cfg.StrOpt('command', positional=True,
+                                     help="The command to execute (upgrade, downgrade)"))
+from moon_utilities import options  # noqa
+
+LOG = logging.getLogger(__name__)
+CONF = cfg.CONF
+
+engine = create_engine(CONF.database.url)
+
+
+def format_data(ext):
+    return ext.name, ext.obj.upgrade()
+
+
+def run():
+    files = glob.glob(versions.__path__[0] + "/[0-9][0-9][0-9]*.py")
+    # args = set_options()
+    for filename in files:
+        filename = os.path.basename(filename).replace(".py", "")
+        o = importlib.import_module("moon_db.migrate_repo.versions.{}".format(filename))
+        LOG.info("Command is {}".format(CONF.command))
+        if CONF.command in ("upgrade", "u", "up"):
+            LOG.info("upgrading moon_db.migrate_repo.versions.{}".format(filename))
+            o.upgrade(engine)
+        elif CONF.command in ("downgrade", "d", "down"):
+            LOG.info("downgrading moon_db.migrate_repo.versions.{}".format(filename))
+            o.downgrade(engine)
+        LOG.info("Done!")
diff --git a/moonv4/moon_db/moon_db/exception.py b/moonv4/moon_db/moon_db/exception.py
new file mode 100644
index 00000000..21b6dd62
--- /dev/null
+++ b/moonv4/moon_db/moon_db/exception.py
@@ -0,0 +1,410 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+# from keystone.common import dependency
+# from keystone.exception import Error
+# from keystone.i18n import _, _LW
+import logging
+# from oslo_log import log
+import logging
+
+LOG = logging.getLogger(__name__)
+_ = str
+
+
+class Error(Exception):
+    pass
+
+
+class MoonErrorMetaClass(type):
+
+    def __init__(cls, name, bases, dct):
+        super(MoonErrorMetaClass, cls).__init__(name, bases, dct)
+        cls.hierarchy += "/"+str(name)
+
+
+class MoonError(Error):
+    __metaclass__ = MoonErrorMetaClass
+    hierarchy = ""
+    message_format = _("There is an error requesting the Moon platform.")
+    code = 400
+    title = 'Moon Error'
+    logger = "ERROR"
+
+    def __init__(self, message=""):
+        if message:
+            self.message_format = message
+        super(MoonError, self).__init__()
+
+    def __del__(self):
+        message = "{} ({})".format(self.hierarchy, self.message_format)
+        if self.logger == "ERROR":
+            LOG.error(message)
+        elif self.logger == "WARNING":
+            LOG.warning(message)
+        elif self.logger == "CRITICAL":
+            LOG.critical(message)
+        elif self.logger == "AUTHZ":
+            LOG.error(message)
+        else:
+            LOG.info(message)
+
+
+# Exceptions for Tenant
+
+class TenantException(MoonError):
+    message_format = _("There is an error requesting this tenant.")
+    code = 400
+    title = 'Tenant Error'
+    logger = "ERROR"
+
+
+class TenantUnknown(TenantException):
+    message_format = _("The tenant is unknown.")
+    code = 400
+    title = 'Tenant Unknown'
+    logger = "ERROR"
+
+
+class TenantAddedNameExisting(TenantException):
+    message_format = _("The tenant name is existing.")
+    code = 400
+    title = 'Added Tenant Name Existing'
+    logger = "ERROR"
+
+
+class TenantNoIntraExtension(TenantException):
+    message_format = _("The tenant has not intra_extension.")
+    code = 400
+    title = 'Tenant No Intra_Extension'
+    logger = "ERROR"
+
+
+class TenantNoIntraAuthzExtension(TenantNoIntraExtension):
+    message_format = _("The tenant has not intra_admin_extension.")
+    code = 400
+    title = 'Tenant No Intra_Admin_Extension'
+    logger = "ERROR"
+
+# Exceptions for IntraExtension
+
+
+class IntraExtensionException(MoonError):
+    message_format = _("There is an error requesting this IntraExtension.")
+    code = 400
+    title = 'Extension Error'
+
+
+class IntraExtensionUnknown(IntraExtensionException):
+    message_format = _("The intra_extension is unknown.")
+    code = 400
+    title = 'Intra Extension Unknown'
+    logger = "Error"
+
+
+class RootExtensionUnknown(IntraExtensionUnknown):
+    message_format = _("The root_extension is unknown.")
+    code = 400
+    title = 'Root Extension Unknown'
+    logger = "Error"
+
+
+class RootExtensionNotInitialized(IntraExtensionException):
+    message_format = _("The root_extension is not initialized.")
+    code = 400
+    title = 'Root Extension Not Initialized'
+    logger = "Error"
+
+
+class IntraExtensionCreationError(IntraExtensionException):
+    message_format = _("The arguments for the creation of this Extension were malformed.")
+    code = 400
+    title = 'Intra Extension Creation Error'
+
+
+# Authz exceptions
+
+class AuthzException(MoonError):
+    message_format = _("There is an authorization error requesting this IntraExtension.")
+    code = 403
+    title = 'Authz Exception'
+    logger = "AUTHZ"
+
+
+# Admin exceptions
+
+class AdminException(MoonError):
+    message_format = _("There is an error requesting this Authz IntraExtension.")
+    code = 400
+    title = 'Authz Exception'
+    logger = "AUTHZ"
+
+
+class AdminMetaData(AdminException):
+    code = 400
+    title = 'Metadata Exception'
+
+
+class AdminPerimeter(AdminException):
+    code = 400
+    title = 'Perimeter Exception'
+
+
+class AdminScope(AdminException):
+    code = 400
+    title = 'Scope Exception'
+
+
+class AdminAssignment(AdminException):
+    code = 400
+    title = 'Assignment Exception'
+
+
+class AdminMetaRule(AdminException):
+    code = 400
+    title = 'Aggregation Algorithm Exception'
+
+
+class AdminRule(AdminException):
+    code = 400
+    title = 'Rule Exception'
+
+
+class SubjectCategoryNameExisting(AdminMetaData):
+    message_format = _("The given subject category name is existing.")
+    code = 400
+    title = 'Subject Category Name Existing'
+    logger = "ERROR"
+
+
+class ObjectCategoryNameExisting(AdminMetaData):
+    message_format = _("The given object category name is existing.")
+    code = 400
+    title = 'Object Category Name Existing'
+    logger = "ERROR"
+
+
+class ActionCategoryNameExisting(AdminMetaData):
+    message_format = _("The given action category name is existing.")
+    code = 400
+    title = 'Action Category Name Existing'
+    logger = "ERROR"
+
+
+class SubjectCategoryUnknown(AdminMetaData):
+    message_format = _("The given subject category is unknown.")
+    code = 400
+    title = 'Subject Category Unknown'
+    logger = "ERROR"
+
+
+class ObjectCategoryUnknown(AdminMetaData):
+    message_format = _("The given object category is unknown.")
+    code = 400
+    title = 'Object Category Unknown'
+    logger = "ERROR"
+
+
+class ActionCategoryUnknown(AdminMetaData):
+    message_format = _("The given action category is unknown.")
+    code = 400
+    title = 'Action Category Unknown'
+    logger = "ERROR"
+
+
+class SubjectUnknown(AdminPerimeter):
+    message_format = _("The given subject is unknown.")
+    code = 400
+    title = 'Subject Unknown'
+    logger = "ERROR"
+
+
+class ObjectUnknown(AdminPerimeter):
+    message_format = _("The given object is unknown.")
+    code = 400
+    title = 'Object Unknown'
+    logger = "ERROR"
+
+
+class ActionUnknown(AdminPerimeter):
+    message_format = _("The given action is unknown.")
+    code = 400
+    title = 'Action Unknown'
+    logger = "ERROR"
+
+
+class SubjectNameExisting(AdminPerimeter):
+    message_format = _("The given subject name is existing.")
+    code = 400
+    title = 'Subject Name Existing'
+    logger = "ERROR"
+
+
+class ObjectNameExisting(AdminPerimeter):
+    message_format = _("The given object name is existing.")
+    code = 400
+    title = 'Object Name Existing'
+    logger = "ERROR"
+
+
+class ActionNameExisting(AdminPerimeter):
+    message_format = _("The given action name is existing.")
+    code = 400
+    title = 'Action Name Existing'
+    logger = "ERROR"
+
+
+class ObjectsWriteNoAuthorized(AdminPerimeter):
+    message_format = _("The modification on Objects is not authorized.")
+    code = 400
+    title = 'Objects Write No Authorized'
+    logger = "AUTHZ"
+
+
+class ActionsWriteNoAuthorized(AdminPerimeter):
+    message_format = _("The modification on Actions is not authorized.")
+    code = 400
+    title = 'Actions Write No Authorized'
+    logger = "AUTHZ"
+
+
+class SubjectScopeUnknown(AdminScope):
+    message_format = _("The given subject scope is unknown.")
+    code = 400
+    title = 'Subject Scope Unknown'
+    logger = "ERROR"
+
+
+class ObjectScopeUnknown(AdminScope):
+    message_format = _("The given object scope is unknown.")
+    code = 400
+    title = 'Object Scope Unknown'
+    logger = "ERROR"
+
+
+class ActionScopeUnknown(AdminScope):
+    message_format = _("The given action scope is unknown.")
+    code = 400
+    title = 'Action Scope Unknown'
+    logger = "ERROR"
+
+
+class SubjectScopeNameExisting(AdminScope):
+    message_format = _("The given subject scope name is existing.")
+    code = 400
+    title = 'Subject Scope Name Existing'
+    logger = "ERROR"
+
+
+class ObjectScopeNameExisting(AdminScope):
+    message_format = _("The given object scope name is existing.")
+    code = 400
+    title = 'Object Scope Name Existing'
+    logger = "ERROR"
+
+
+class ActionScopeNameExisting(AdminScope):
+    message_format = _("The given action scope name is existing.")
+    code = 400
+    title = 'Action Scope Name Existing'
+    logger = "ERROR"
+
+
+class SubjectAssignmentUnknown(AdminAssignment):
+    message_format = _("The given subject assignment value is unknown.")
+    code = 400
+    title = 'Subject Assignment Unknown'
+    logger = "ERROR"
+
+
+class ObjectAssignmentUnknown(AdminAssignment):
+    message_format = _("The given object assignment value is unknown.")
+    code = 400
+    title = 'Object Assignment Unknown'
+    logger = "ERROR"
+
+
+class ActionAssignmentUnknown(AdminAssignment):
+    message_format = _("The given action assignment value is unknown.")
+    code = 400
+    title = 'Action Assignment Unknown'
+    logger = "ERROR"
+
+
+class SubjectAssignmentExisting(AdminAssignment):
+    message_format = _("The given subject assignment value is existing.")
+    code = 400
+    title = 'Subject Assignment Existing'
+    logger = "ERROR"
+
+
+class ObjectAssignmentExisting(AdminAssignment):
+    message_format = _("The given object assignment value is existing.")
+    code = 400
+    title = 'Object Assignment Existing'
+    logger = "ERROR"
+
+
+class ActionAssignmentExisting(AdminAssignment):
+    message_format = _("The given action assignment value is existing.")
+    code = 400
+    title = 'Action Assignment Existing'
+    logger = "ERROR"
+
+
+class AggregationAlgorithmNotExisting(AdminMetaRule):
+    message_format = _("The given aggregation algorithm is not existing.")
+    code = 400
+    title = 'Aggregation Algorithm Not Existing'
+    logger = "ERROR"
+
+
+class AggregationAlgorithmUnknown(AdminMetaRule):
+    message_format = _("The given aggregation algorithm is unknown.")
+    code = 400
+    title = 'Aggregation Algorithm Unknown'
+    logger = "ERROR"
+
+
+class SubMetaRuleAlgorithmNotExisting(AdminMetaRule):
+    message_format = _("The given sub_meta_rule algorithm is unknown.")
+    code = 400
+    title = 'Sub_meta_rule Algorithm Unknown'
+    logger = "ERROR"
+
+
+class SubMetaRuleUnknown(AdminMetaRule):
+    message_format = _("The given sub meta rule is unknown.")
+    code = 400
+    title = 'Sub Meta Rule Unknown'
+    logger = "ERROR"
+
+
+class SubMetaRuleNameExisting(AdminMetaRule):
+    message_format = _("The sub meta rule name already exists.")
+    code = 400
+    title = 'Sub Meta Rule Name Existing'
+    logger = "ERROR"
+
+
+class SubMetaRuleExisting(AdminMetaRule):
+    message_format = _("The sub meta rule already exists.")
+    code = 400
+    title = 'Sub Meta Rule Existing'
+    logger = "ERROR"
+
+
+class RuleExisting(AdminRule):
+    message_format = _("The rule already exists.")
+    code = 400
+    title = 'Rule Existing'
+    logger = "ERROR"
+
+
+class RuleUnknown(AdminRule):
+    message_format = _("The rule for that request doesn't exist.")
+    code = 400
+    title = 'Rule Unknown'
+    logger = "ERROR"
diff --git a/moonv4/moon_db/moon_db/migrate_repo/__init__.py b/moonv4/moon_db/moon_db/migrate_repo/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/moonv4/moon_db/moon_db/migrate_repo/__init__.py
diff --git a/moonv4/moon_db/moon_db/migrate_repo/versions/001_moon.py b/moonv4/moon_db/moon_db/migrate_repo/versions/001_moon.py
new file mode 100644
index 00000000..73170ef0
--- /dev/null
+++ b/moonv4/moon_db/moon_db/migrate_repo/versions/001_moon.py
@@ -0,0 +1,216 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import sqlalchemy as sql
+
+
+def upgrade(migrate_engine):
+    meta = sql.MetaData()
+    meta.bind = migrate_engine
+
+    table = sql.Table(
+        'pdp',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    table.create(migrate_engine, checkfirst=True)
+
+    table = sql.Table(
+        'policies',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    table.create(migrate_engine, checkfirst=True)
+
+    table = sql.Table(
+        'models',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    table.create(migrate_engine, checkfirst=True)
+
+    subject_categories_table = sql.Table(
+        'subject_categories',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('name', sql.String(256), nullable=False),
+        sql.Column('description', sql.String(256), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    subject_categories_table.create(migrate_engine, checkfirst=True)
+
+    object_categories_table = sql.Table(
+        'object_categories',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('name', sql.String(256), nullable=False),
+        sql.Column('description', sql.String(256), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    object_categories_table.create(migrate_engine, checkfirst=True)
+
+    action_categories_table = sql.Table(
+        'action_categories',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('name', sql.String(256), nullable=False),
+        sql.Column('description', sql.String(256), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    action_categories_table.create(migrate_engine, checkfirst=True)
+
+    subjects_table = sql.Table(
+        'subjects',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    subjects_table.create(migrate_engine, checkfirst=True)
+
+    objects_table = sql.Table(
+        'objects',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    objects_table.create(migrate_engine, checkfirst=True)
+
+    actions_table = sql.Table(
+        'actions',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    actions_table.create(migrate_engine, checkfirst=True)
+
+    subject_data_table = sql.Table(
+        'subject_data',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    subject_data_table.create(migrate_engine, checkfirst=True)
+
+    object_data_table = sql.Table(
+        'object_data',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    object_data_table.create(migrate_engine, checkfirst=True)
+
+    action_data_table = sql.Table(
+        'action_data',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    action_data_table.create(migrate_engine, checkfirst=True)
+
+    subject_assignments_table = sql.Table(
+        'subject_assignments',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('assignments', sql.Text(), nullable=True),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        sql.Column('subject_id', sql.ForeignKey("subjects.id"), nullable=False),
+        sql.Column('category_id', sql.ForeignKey("subject_categories.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    subject_assignments_table.create(migrate_engine, checkfirst=True)
+
+    object_assignments_table = sql.Table(
+        'object_assignments',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('assignments', sql.Text(), nullable=True),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        sql.Column('object_id', sql.ForeignKey("objects.id"), nullable=False),
+        sql.Column('category_id', sql.ForeignKey("object_categories.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    object_assignments_table.create(migrate_engine, checkfirst=True)
+
+    action_assignments_table = sql.Table(
+        'action_assignments',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('assignments', sql.Text(), nullable=True),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        sql.Column('action_id', sql.ForeignKey("actions.id"), nullable=False),
+        sql.Column('category_id', sql.ForeignKey("action_categories.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    action_assignments_table.create(migrate_engine, checkfirst=True)
+
+    meta_rules_table = sql.Table(
+        'meta_rules',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('value', sql.Text(), nullable=True),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    meta_rules_table.create(migrate_engine, checkfirst=True)
+
+    rules_table = sql.Table(
+        'rules',
+        meta,
+        sql.Column('id', sql.String(64), primary_key=True),
+        sql.Column('rule', sql.Text(), nullable=True),
+        sql.Column('policy_id', sql.ForeignKey("policies.id"), nullable=False),
+        sql.Column('meta_rule_id', sql.ForeignKey("meta_rules.id"), nullable=False),
+        mysql_engine='InnoDB',
+        mysql_charset='utf8')
+    rules_table.create(migrate_engine, checkfirst=True)
+
+
+def downgrade(migrate_engine):
+    meta = sql.MetaData()
+    meta.bind = migrate_engine
+
+    for _table in (
+        'rules',
+        'meta_rules',
+        'action_assignments',
+        'object_assignments',
+        'subject_assignments',
+        'action_data',
+        'object_data',
+        'subject_data',
+        'actions',
+        'objects',
+        'subjects',
+        'action_categories',
+        'object_categories',
+        'subject_categories',
+        'models',
+        'policies',
+        'pdp'
+    ):
+        try:
+            table = sql.Table(_table, meta, autoload=True)
+            table.drop(migrate_engine, checkfirst=True)
+        except Exception as e:
+            print(e.message)
+
+
diff --git a/moonv4/moon_db/moon_db/migrate_repo/versions/__init__.py b/moonv4/moon_db/moon_db/migrate_repo/versions/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/moonv4/moon_db/moon_db/migrate_repo/versions/__init__.py
diff --git a/moonv4/moon_db/requirements.txt b/moonv4/moon_db/requirements.txt
new file mode 100644
index 00000000..aa15e35d
--- /dev/null
+++ b/moonv4/moon_db/requirements.txt
@@ -0,0 +1,5 @@
+stevedore
+sqlalchemy
+pymysql
+requests
+oslo.log
diff --git a/moonv4/moon_db/setup.py b/moonv4/moon_db/setup.py
new file mode 100644
index 00000000..51bb4539
--- /dev/null
+++ b/moonv4/moon_db/setup.py
@@ -0,0 +1,53 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+from setuptools import setup, find_packages
+import moon_db
+
+
+setup(
+
+    name='moon_db',
+
+    version=moon_db.__version__,
+
+    packages=find_packages(),
+
+    author="Thomas Duval",
+
+    author_email="thomas.duval@orange.com",
+
+    description="This library is a helper to interact with the Moon database.",
+
+    long_description=open('README.rst').read(),
+
+    # install_requires= ,
+
+    include_package_data=True,
+
+    url='https://git.opnfv.org/cgit/moon/',
+
+    classifiers=[
+        "Programming Language :: Python",
+        "Development Status :: 1 - Planning",
+        "License :: OSI Approved",
+        "Natural Language :: English",
+        "Operating System :: OS Independent",
+        "Programming Language :: Python :: 3",
+    ],
+
+    entry_points={
+        "moon_db.driver":
+            [
+                "sql = moon_db.backends.sql:SQLConnector",
+                "flat = moon_db.backends.flat:LogConnector",
+                "memory = moon_db.backends.memory:ConfigurationConnector",
+            ],
+        'console_scripts': [
+            'moon_db_manager = moon_db.db_manager:run',
+        ],
+    }
+
+)
diff --git a/moonv4/moon_db/tests/configure_db.sh b/moonv4/moon_db/tests/configure_db.sh
new file mode 100644
index 00000000..bdc259fe
--- /dev/null
+++ b/moonv4/moon_db/tests/configure_db.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+apt-get install mysql-server python-mysqldb python-pymysql
+
+mysql -uroot -ppassword <<EOF
+CREATE DATABASE moon DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
+GRANT ALL ON moon.* TO 'moonuser'@'%' IDENTIFIED BY 'password';
+GRANT ALL ON moon.* TO 'moonuser'@'localhost' IDENTIFIED BY 'password';
+EOF
diff --git a/moonv4/moon_db/tests/test_intraextension.py b/moonv4/moon_db/tests/test_intraextension.py
new file mode 100644
index 00000000..a2267214
--- /dev/null
+++ b/moonv4/moon_db/tests/test_intraextension.py
@@ -0,0 +1,44 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+
+import moon_db
+import uuid
+
+Connector = moon_db.Driver("sql", "mysql+pymysql://moonuser:password@localhost/moon")
+Connector.driver.init_db()
+
+
+def create_intra_extension(policy_model="policy_authz"):
+    ie = dict()
+    ie['id'] = uuid.uuid4().hex
+    ie["name"] = "test IE " + uuid.uuid4().hex
+    ie["policymodel"] = "policy_authz"
+    ie["description"] = "a simple description."
+    ie["model"] = policy_model
+    genre = "admin"
+    if "authz" in policy_model:
+        genre = "authz"
+    ie["genre"] = genre
+    # ref = self.admin_api.load_intra_extension_dict(self.root_api.root_admin_id,
+    #                                                intra_extension_dict=ie)
+    # self.admin_api.populate_default_data(ref)
+    return ie
+
+
+def test_get_intraextension():
+    t = Connector.driver.get_intra_extensions_dict()
+    assert type(t) == dict
+
+
+def test_set_intra_extension():
+    number_of_ie = len(Connector.driver.get_intra_extensions_dict())
+    ie = create_intra_extension()
+    data = Connector.driver.set_intra_extension_dict(ie['id'], ie)
+    assert type(data) == dict
+    assert len(Connector.driver.get_intra_extensions_dict()) == number_of_ie+1
+
+
+# TODO (dthom): all tests can be got from keystone-moon
diff --git a/moonv4/moon_db/tests/test_tenant.py b/moonv4/moon_db/tests/test_tenant.py
new file mode 100644
index 00000000..7e6cfa82
--- /dev/null
+++ b/moonv4/moon_db/tests/test_tenant.py
@@ -0,0 +1,86 @@
+# Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+# This software is distributed under the terms and conditions of the 'Apache-2.0'
+# license which can be found in the file 'LICENSE' in this package distribution
+# or at 'http://www.apache.org/licenses/LICENSE-2.0'.
+
+import moon_db
+import uuid
+
+Connector = moon_db.Driver("sql", "mysql+pymysql://moonuser:password@localhost/moon")
+Connector.driver.init_db()
+
+
+def test_get_tenants():
+    t = Connector.driver.get_tenants_dict()
+    print(t)
+    assert type(t) == dict
+
+
+def test_add_tenant():
+    new_tenant = {
+        "id": uuid.uuid4().hex,
+        "name": "demo",
+        "description": uuid.uuid4().hex,
+        "intra_authz_extension_id": "",
+        "intra_admin_extension_id": "",
+    }
+    data = Connector.driver.add_tenant_dict(tenant_id=new_tenant['id'],
+                                            tenant_dict=new_tenant)
+    data_id = list(data.keys())[0]
+    assert new_tenant["id"] == data_id
+    assert new_tenant["name"] == data[data_id]["name"]
+    assert new_tenant["intra_authz_extension_id"] == data[data_id]["intra_authz_extension_id"]
+    assert new_tenant["intra_admin_extension_id"] == data[data_id]["intra_admin_extension_id"]
+    data = Connector.driver.get_tenants_dict()
+    assert data != {}
+
+
+def test_del_tenant():
+    new_tenant = {
+        "id": uuid.uuid4().hex,
+        "name": "demo",
+        "description": uuid.uuid4().hex,
+        "intra_authz_extension_id": "",
+        "intra_admin_extension_id": "",
+    }
+    data = Connector.driver.get_tenants_dict()
+    number_of_tenant = len(data.keys())
+    data = Connector.driver.add_tenant_dict(tenant_id=new_tenant['id'],
+                                            tenant_dict=new_tenant)
+    data_id = list(data.keys())[0]
+    assert new_tenant["name"] == data[data_id]["name"]
+    assert new_tenant["intra_authz_extension_id"] == data[data_id]["intra_authz_extension_id"]
+    assert new_tenant["intra_admin_extension_id"] == data[data_id]["intra_admin_extension_id"]
+    data = Connector.driver.get_tenants_dict()
+    assert len(data.keys()) == number_of_tenant+1
+    Connector.driver.del_tenant(data_id)
+    data = Connector.driver.get_tenants_dict()
+    assert len(data.keys()) == number_of_tenant
+
+
+def test_set_tenant():
+    new_tenant = {
+        "id": uuid.uuid4().hex,
+        "name": "demo",
+        "description": uuid.uuid4().hex,
+        "intra_authz_extension_id": "123456",
+        "intra_admin_extension_id": "0987654",
+    }
+    data = Connector.driver.get_tenants_dict()
+    number_of_tenant = len(data.keys())
+    data = Connector.driver.add_tenant_dict(tenant_id=new_tenant['id'],
+                                            tenant_dict=new_tenant)
+    data_id = list(data.keys())[0]
+    assert new_tenant["name"] == data[data_id]["name"]
+    assert new_tenant["intra_authz_extension_id"] == data[data_id]["intra_authz_extension_id"]
+    assert new_tenant["intra_admin_extension_id"] == data[data_id]["intra_admin_extension_id"]
+    data = Connector.driver.get_tenants_dict()
+    assert len(data.keys()) == number_of_tenant+1
+
+    new_tenant["name"] = "demo2"
+    data = Connector.driver.set_tenant_dict(tenant_id=data_id, tenant_dict=new_tenant)
+    data_id = list(data.keys())[0]
+    assert new_tenant["name"] == data[data_id]["name"]
+    assert new_tenant["intra_authz_extension_id"] == data[data_id]["intra_authz_extension_id"]
+    assert new_tenant["intra_admin_extension_id"] == data[data_id]["intra_admin_extension_id"]
+