Evaluate using dynamic groups inside of AddressObject
#101
Comments
|
At this time the performance limitations with dynamic groups makes this a non-starter at scale. We should keep the issue and reevaluate pending performance improvements for dynamic groups. Dynamic Groups start having performance degradation over the 500 groups count on a single content type. |
whitej6
added
status: action required
|
I feel like the development and added functionality this would bring to this plugin would be worth it to keep moving forward, even if there is a warning or a opt in configuration parameter to enable this. Hopefully when the feature is ready in this plugin Nautobot Core would have an update... Because I really want this feature |
|
I have some work on logical grouping which is solving this from a different PoV. I see this really relevant when it comes to controller based systems and how each group is treated as unique and how the group has access to certain items depending on where it's at within the tree. From a firewall object modeling perspective some of the patterns in dynamic groups does not solve this problem case and introduces a level of complexity in managing uniqueness. I'm open to discussions around the topic and personally would love to swap out |
Environment
Proposed Functionality
Allow
AddressObjectGroupto source its members from a dynamic group. This could for example be a newForeignKeyfield on the model pointing toDynamicGroup.Use Case
All prefixes with the role
user-lanshould have access to a set of services. Instead of manually updating the policy rule (or NAT policy rule) whenever there are changes, we could instead use dynamic groups to automatically accomplish that.The text was updated successfully, but these errors were encountered: