From 3ddc9e865ca63a96555dc731ea8a931e146fb79c Mon Sep 17 00:00:00 2001
From: asarfaty <asarfaty@vmware.com>
Date: Tue, 23 Jun 2020 12:54:23 +0200
Subject: [PATCH] Improve security policy update rules with transactions

Use the policy 'rules' attribute instead of adding child rules.
This is expected to have better performance on the NSX side.

Change-Id: I213616a8b47f11adb1a897568746885f3e77078c
---
 vmware_nsxlib/tests/unit/v3/policy/test_transaction.py | 5 +----
 vmware_nsxlib/v3/policy/core_resources.py              | 8 +++++++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py b/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
index 8cd29a42..75a532c9 100644
--- a/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
+++ b/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
@@ -456,10 +456,7 @@ class TestPolicyTransaction(policy_testcase.TestPolicyApi):
 
         dfw_rule1['display_name'] = new_rule_name
         dfw_rule1['direction'] = new_direction
-        child_rules = [{'resource_type': 'ChildRule', 'Rule': dfw_rule1},
-                       {'resource_type': 'ChildRule', 'Rule': dfw_rule2,
-                        'marked_for_delete': True}]
-        security_policy.update({'children': child_rules})
+        security_policy['rules'] = copy.deepcopy([dfw_rule1, dfw_rule2])
         child_security_policies = [{
             'resource_type': 'ChildSecurityPolicy',
             'SecurityPolicy': security_policy
diff --git a/vmware_nsxlib/v3/policy/core_resources.py b/vmware_nsxlib/v3/policy/core_resources.py
index bff658ee..af25ac4e 100644
--- a/vmware_nsxlib/v3/policy/core_resources.py
+++ b/vmware_nsxlib/v3/policy/core_resources.py
@@ -3626,7 +3626,13 @@ class NsxPolicySecurityPolicyBaseApi(NsxPolicyResourceBase):
             map_def.set_obj_dict(comm_map)
             # Update the entire map at the NSX
             if transaction:
-                self._create_or_store(map_def, replaced_entries)
+                if not ignore_entries:
+                    # Add the rules under the map and not as ChileRules for
+                    # improved performance on the NSX side
+                    comm_map['rules'] = [rule.get_obj_dict() for rule in
+                                         replaced_entries]
+                    map_def.set_obj_dict(comm_map)
+                self._create_or_store(map_def)
             else:
                 body = map_def.get_obj_dict()
                 if not ignore_entries: