Offer a rule policy existence checker
chadell opened this issue · comments
Christian Adell commented
Environment
- nautobot-plugin-firewall-model version: 1.2.1
Proposed Functionality
Expose a method to check if a rule to be created already exists
Use Case
Before creating a new rule with the same source and destination params, I would like to check if it already exists (and avoid creating it) in a very efficient way.
Christian Adell commented
please @dnewood , add any extra considerations
Donnie Wood commented
I am currently doing this with annotations but the solution has already proven to not be scalable:
# TODO Add better filter instead of using .all() to increase performance
rule_match = PolicyRule.objects.all().\
annotate(
source_matches=Count("source_addresses", filter=Q(source_addresses__in=sources)),
destination_matches=Count("destination_addresses", filter=Q(destination_addresses__in=destinations)),
dst_service_matches=Count("destination_services", filter=Q(destination_services__in=services))
).\
filter(
Q(source_matches=Count('source_addresses')) &\
Q(destination_matches=Count('destination_addresses')) &\
Q(dst_service_matches=Count('destination_services'))
)
At ~3500 Policy Rules this function takes 35-40 seconds to execute for each rule we test against.