Support policies for VMs and fix a few issues

[loulecrivain]

Closes: #314 (and also #296, #315, #321)

⚠️ this is based on top of #308 ⚠️, will be rebased once #308 is merged.

Motivation for this PR: as explained in #314, some hypervisor platforms with integrated firewalls (Proxmox VE) now support setting firewall policies directly in front of Virtual Machines. We'd like to leverage Nautobot Firewall App capabilities in order to also be able to model this, and to directly generate firewall configuration from there.

What's Changed

New feature: attach virtual machines to policies

The user is now able to attach virtual machines to policies. Same also goes for NATPolicies. Here's a summary of the changes for this feature:

• NatPolicy model changed + new M2M field for virtual machines
• SecurityPolicy model changed + new M2M field for virtual machines
• Tables changed to account for VM support in policies
• New inc templates for nautobot virtual machine view
• New templates for dynamic groups
• Renamed device_policies.html to object_policies.html (now in common with VMs)
• Forms and filters have been expanded to account for changes
• Migrations (see 0024)
• Tests changed/expanded to account for changes

And some views:

New feature: support for generating AerleonPolicies for VirtualMachine

We modified the generation job logic to also be able to generate firewall configurations for Virtual Machines. The job form has also been changed to be able to select Virtual Machines and Devices for which the job should be carried.

Summary of changes:

• We've modified AerleonPolicy model relationships to use a GenericForeignKey instead of OneToOne.
• This is also taken into accounts in the migrations (backwards migration is lossy since we have to drop VirtualMachines with AerleonPolicy attached). See migration 0024. Forward and Backward migrartions have been tested with some generated AerleonPolicies for both VMs and Devices.
• Filters and forms for AerleonPolicy have also been changed.
• Tests have also been expanded.

Fix #296 generation with DynamicGroups

See previous screenshots for dynamic group attachment and generation without errors.
Summary of changes:

• switch from dyn.get_queryset() to dyn.members.all().

Fix #315 cannot search for Aerleon/Capirca Policies (q parameter not taken into account)

See screenshot below for working search.
Summary of changes:

• New SearchFilter + dedicated search method for q in AerleonPolicyFilterSet

To Do

• Rebase on top of develop once Replace Capirca dependency with latest Aerleon (new PR) #308 is merged
• Explanation of Change(s)
• Added change log fragment(s) (for more information see the documentation)
• Attached Screenshots, Payload Example
• Unit, Integration Tests
• Documentation Updates (when adding/changing features)
• Outline Remaining Work, Constraints from Design

[loulecrivain]

Many thanks to my colleague @johannwagner who helped with this work 😊

[loulecrivain]

Following some testing,

Seems like generated Aerleon Policies are not saved properly whenever an already existing one is updated. I have yet to check if it also happens upstream. Edit: issue is #321

cc @johannwagner

[johannwagner]

Fixed in 3d5e59c

[loulecrivain]

rebased following changes to #308

[gsnider2195]

Hi @loulecrivain we've added this PR and #308 to our backlog and we're going to get them reviewed as soon as we can.