Environment

• Nautobot version: 1.3
• nautobot-plugin-firewall-model version: 0.1

Proposed Functionality

There are currently both Assigned Devices and Assigned dynamic groups, I am proposing to consolidate down to just dynamic groups. This will continue to be used in the Nautobot ecosystem, with more reliance and knowledge of it moving forward.

Use Case

There is complication in that both have weight. Let's explore an issue.

• A Policy Deny-Bogons is assigned to device=nyc-fw01 with weight 100 and dynamic_group={site: nyc} with weight 1000
• Another Policy Allow-Internet is applied to the device with weight 500
• What should the order of policy be?

Conceptually, this will not work, and while I understand that we can simply document "operator beware", not to do such a thing, it is still odd.

As a developer of a job or creating configuration management from the system, it is not clear what the intention should be, for either prefer assigned devices or dynamic groups

As a developer, there is an increased complication to always determine given a set of Policies, which Device's are actually in scope.

As a developer, there is an increased complication to always determine given a set of Devices, which Policy's are actually in scope.

As an alternate, I believe that the assigned devices and dynamic groups should at a minimum be mutually exclusive, but would prefer to aggregate down to dynamic groups.

In speaking with @whitej6 go with "As an alternate, I believe that the assigned devices and dynamic groups should at a minimum be mutually exclusive, but would prefer to aggregate down to dynamic groups."

Accepted as validation to pre-vent assigning both attrs AND creating a connivence method to return a device queryset via #70 to return relevant devices to a policy.