Browse Source

Improve security policy update rules with transactions

Use the policy 'rules' attribute instead of adding child rules.
This is expected to have better performance on the NSX side.

Change-Id: I213616a8b47f11adb1a897568746885f3e77078c
tags/16.0.5
asarfaty 2 weeks ago
committed by Adit Sarfaty
parent
commit
a1c689b418
2 changed files with 8 additions and 5 deletions
  1. +1
    -4
      vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
  2. +7
    -1
      vmware_nsxlib/v3/policy/core_resources.py

+ 1
- 4
vmware_nsxlib/tests/unit/v3/policy/test_transaction.py View File

@@ -456,10 +456,7 @@ class TestPolicyTransaction(policy_testcase.TestPolicyApi):

dfw_rule1['display_name'] = new_rule_name
dfw_rule1['direction'] = new_direction
child_rules = [{'resource_type': 'ChildRule', 'Rule': dfw_rule1},
{'resource_type': 'ChildRule', 'Rule': dfw_rule2,
'marked_for_delete': True}]
security_policy.update({'children': child_rules})
security_policy['rules'] = copy.deepcopy([dfw_rule1, dfw_rule2])
child_security_policies = [{
'resource_type': 'ChildSecurityPolicy',
'SecurityPolicy': security_policy


+ 7
- 1
vmware_nsxlib/v3/policy/core_resources.py View File

@@ -3625,7 +3625,13 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
map_def.set_obj_dict(comm_map)
# Update the entire map at the NSX
if transaction:
self._create_or_store(map_def, replaced_entries)
if not ignore_entries:
# Add the rules under the map and not as ChileRules for
# improved performance on the NSX side
comm_map['rules'] = [rule.get_obj_dict() for rule in
replaced_entries]
map_def.set_obj_dict(comm_map)
self._create_or_store(map_def)
else:
body = map_def.get_obj_dict()
if not ignore_entries:


Loading…
Cancel
Save