Improve security policy update rules with transactions

Use the policy 'rules' attribute instead of adding child rules. This is expected to have better performance on the NSX side. Change-Id: I213616a8b47f11adb1a897568746885f3e77078c
2020-06-23 12:54:23 +02:00 · 2020-06-23 12:54:23 +02:00 · 650d58064f
parent 9620aa4303
commit 650d58064f
2 changed files with 8 additions and 5 deletions
--- a/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
+++ b/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
@ -454,10 +454,7 @@ class TestPolicyTransaction(policy_testcase.TestPolicyApi):

        dfw_rule1['display_name'] = new_rule_name
        dfw_rule1['direction'] = new_direction
-        child_rules = [{'resource_type': 'ChildRule', 'Rule': dfw_rule1},
-                       {'resource_type': 'ChildRule', 'Rule': dfw_rule2,
-                        'marked_for_delete': True}]
-        security_policy.update({'children': child_rules})
+        security_policy['rules'] = copy.deepcopy([dfw_rule1, dfw_rule2])
        child_security_policies = [{
            'resource_type': 'ChildSecurityPolicy',
            'SecurityPolicy': security_policy
--- a/vmware_nsxlib/v3/policy/core_resources.py
+++ b/vmware_nsxlib/v3/policy/core_resources.py
@ -3535,7 +3535,13 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
            map_def.set_obj_dict(comm_map)
            # Update the entire map at the NSX
            if transaction:
-                self._create_or_store(map_def, replaced_entries)
+                if not ignore_entries:
+                    # Add the rules under the map and not as ChileRules for
+                    # improved performance on the NSX side
+                    comm_map['rules'] = [rule.get_obj_dict() for rule in
+                                         replaced_entries]
+                    map_def.set_obj_dict(comm_map)
+                self._create_or_store(map_def)
            else:
                body = map_def.get_obj_dict()
                if not ignore_entries: