From 7d29c09d672b968b9c7fbff753678a5ce88fe39a Mon Sep 17 00:00:00 2001
From: Enhao Cui <ecui@vmware.com>
Date: Tue, 19 May 2020 16:58:18 -0700
Subject: [PATCH] Set firewall_match in Policy NAT Rule to Bypass by Default

This is to align with NAT Rule behavior in Manager API

Change-Id: Ic1bfafbf9b1a74cd51e55f1b603ea145dadee01d
---
 vmware_nsxlib/tests/unit/v3/policy/test_transaction.py | 6 ++++--
 vmware_nsxlib/v3/policy/core_resources.py              | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py b/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
index 26640c66..8cd29a42 100644
--- a/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
+++ b/vmware_nsxlib/tests/unit/v3/policy/test_transaction.py
@@ -260,11 +260,13 @@ class TestPolicyTransaction(policy_testcase.TestPolicyApi):
         nat_rule1 = {"action": constants.NAT_ACTION_SNAT,
                      "display_name": "snat rule",
                      "id": nat_rule_id1,
-                     "resource_type": "PolicyNatRule"}
+                     "resource_type": "PolicyNatRule",
+                     "firewall_match": constants.NAT_FIREWALL_MATCH_BYPASS}
         nat_rule2 = {"action": constants.NAT_ACTION_DNAT,
                      "display_name": "dnat rule",
                      "id": nat_rule_id2,
-                     "resource_type": "PolicyNatRule"}
+                     "resource_type": "PolicyNatRule",
+                     "firewall_match": constants.NAT_FIREWALL_MATCH_BYPASS}
 
         policy_nat = {"id": "USER",
                       "resource_type": "PolicyNat",
diff --git a/vmware_nsxlib/v3/policy/core_resources.py b/vmware_nsxlib/v3/policy/core_resources.py
index ba49f915..38cba13d 100644
--- a/vmware_nsxlib/v3/policy/core_resources.py
+++ b/vmware_nsxlib/v3/policy/core_resources.py
@@ -1610,7 +1610,7 @@ class NsxPolicyTier0NatRuleApi(NsxPolicyResourceBase):
                             source_network=IGNORE,
                             destination_network=IGNORE,
                             translated_network=IGNORE,
-                            firewall_match=IGNORE,
+                            firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
                             action=IGNORE,
                             sequence_number=IGNORE,
                             log=IGNORE,
@@ -1700,7 +1700,7 @@ class NsxPolicyTier1NatRuleApi(NsxPolicyResourceBase):
                             source_network=IGNORE,
                             destination_network=IGNORE,
                             translated_network=IGNORE,
-                            firewall_match=IGNORE,
+                            firewall_match=constants.NAT_FIREWALL_MATCH_BYPASS,
                             action=IGNORE,
                             sequence_number=IGNORE,
                             log=IGNORE,