Creating new model for the firewall rules

core/src/com/cloud/agent/resource/virtualnetwork/ConfigHelper.java

@@ -61,6 +61,8 @@ import com.cloud.agent.resource.virtualnetwork.model.AllAclRule;
 import com.cloud.agent.resource.virtualnetwork.model.ConfigBase;
 import com.cloud.agent.resource.virtualnetwork.model.DhcpConfig;
 import com.cloud.agent.resource.virtualnetwork.model.DhcpConfigEntry;
+import com.cloud.agent.resource.virtualnetwork.model.FirewallRule;
+import com.cloud.agent.resource.virtualnetwork.model.FirewallRules;
 import com.cloud.agent.resource.virtualnetwork.model.ForwardingRule;
 import com.cloud.agent.resource.virtualnetwork.model.ForwardingRules;
 import com.cloud.agent.resource.virtualnetwork.model.GuestNetwork;
@@ -87,7 +89,6 @@ import com.cloud.agent.resource.virtualnetwork.model.VpnUser;
 import com.cloud.agent.resource.virtualnetwork.model.VpnUserList;
 import com.cloud.network.HAProxyConfigurator;
 import com.cloud.network.LoadBalancerConfigurator;
-import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.vpc.StaticRouteProfile;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.net.NetUtils;
@@ -126,7 +127,7 @@ public class ConfigHelper {
         } else if (cmd instanceof SetFirewallRulesCommand) {
             cfg = generateConfig((SetFirewallRulesCommand)cmd);
         } else if (cmd instanceof BumpUpPriorityCommand) {
-            cfg = generateConfig((BumpUpPriorityCommand)cmd);
+            cfg = generateConfig((BumpUpPriorityCommand)cmd);   // Migrated (SB, TBT)
         } else if (cmd instanceof RemoteAccessVpnCfgCommand) {
             cfg = generateConfig((RemoteAccessVpnCfgCommand)cmd); // Migrated (SB, TBT)
         } else if (cmd instanceof VpnUsersCfgCommand) {
@@ -169,43 +170,17 @@ public class ConfigHelper {
 
 
     private static List<ConfigItem> generateConfig(SetFirewallRulesCommand cmd) {
-        LinkedList<ConfigItem> cfg = new LinkedList<>();
-
-        String egressDefault = cmd.getAccessDetail(NetworkElementCommand.FIREWALL_EGRESS_DEFAULT);
-
-        FirewallRuleTO[] allrules = cmd.getRules();
-        FirewallRule.TrafficType trafficType = allrules[0].getTrafficType();
-
-        String[][] rules = cmd.generateFwRules();
-        String args = " -F";
-
-        if (trafficType == FirewallRule.TrafficType.Egress) {
-            args += " -E";
-            if (egressDefault.equals("true")) {
-                args += " -P 1";
-            } else if (egressDefault.equals("System")) {
-                args += " -P 2";
-            } else {
-                args += " -P 0";
-            }
+        List<FirewallRule> rules = new ArrayList<FirewallRule>();
+        for (FirewallRuleTO rule : cmd.getRules()) {
+            FirewallRule fwRule = new FirewallRule(rule.getId(), rule.getSrcVlanTag(), rule.getSrcIp(), rule.getProtocol(), rule.getSrcPortRange(), rule.revoked(),
+                    rule.isAlreadyAdded(), rule.getSourceCidrList(), rule.getPurpose().toString(), rule.getIcmpType(), rule.getIcmpCode(), rule.getTrafficType().toString(),
+                    rule.getGuestCidr(), rule.isDefaultEgressPolicy(), rule.getType().toString());
+            rules.add(fwRule);
         }
 
-        StringBuilder sb = new StringBuilder();
-        String[] fwRules = rules[0];
-        if (fwRules.length > 0) {
-            for (int i = 0; i < fwRules.length; i++) {
-                sb.append(fwRules[i]).append(',');
-            }
-            args += " -a " + sb.toString();
-        }
+        FirewallRules ruleSet = new FirewallRules(rules.toArray(new FirewallRule[rules.size()]));
+        return generateConfigItems(ruleSet);
 
-        if (trafficType == FirewallRule.TrafficType.Egress) {
-            cfg.add(new ScriptConfigItem(VRScripts.FIREWALL_EGRESS, args));
-        } else {
-            cfg.add(new ScriptConfigItem(VRScripts.FIREWALL_INGRESS, args));
-        }
-
-        return cfg;
     }
 
     private static List<ConfigItem> generateConfig(SetPortForwardingRulesCommand cmd) {
@@ -498,6 +473,9 @@ public class ConfigHelper {
         case ConfigBase.FORWARDING_RULES:
             destinationFile = VRScripts.FORWARDING_RULES_CONFIG;
             break;
+        case ConfigBase.FIREWALL_RULES:
+            destinationFile = VRScripts.FIREWALL_RULES_CONFIG;
+            break;
         case ConfigBase.GUEST_NETWORK:
             destinationFile = VRScripts.GUEST_NETWORK_CONFIG;
             break;

core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java

@@ -28,6 +28,7 @@ public class VRScripts {
     protected final static String VM_DHCP_CONFIG = "vm_dhcp_entry.json";
     protected final static String VM_PASSWORD_CONFIG = "vm_password.json";
     protected static final String FORWARDING_RULES_CONFIG = "forwarding_rules.json";
+    protected static final String FIREWALL_RULES_CONFIG = "firewall_rules.json";
     protected static final String VPN_USER_LIST_CONFIG = "vpn_user_list.json";
     protected static final String STATICNAT_RULES_CONFIG = "staticnat_rules.json";
     protected static final String SITE_2_SITE_VPN_CONFIG = "site_2_site_vpn.json";

core/src/com/cloud/agent/resource/virtualnetwork/model/ConfigBase.java

@@ -28,6 +28,7 @@ public abstract class ConfigBase {
     public static final String VM_METADATA = "vmdata";
     public static final String VM_PASSWORD = "vmpassword";
     public static final String FORWARDING_RULES = "forwardrules";
+    public static final String FIREWALL_RULES = "firewallrules";
     public static final String VPN_USER_LIST = "vpnuserlist";
     public static final String STATICNAT_RULES = "staticnatrules";
     public static final String IP_ALIAS_CONFIG = "ipaliases";

core/src/com/cloud/agent/resource/virtualnetwork/model/FirewallRule.java

@@ -0,0 +1,184 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.cloud.agent.resource.virtualnetwork.model;
+
+import java.util.List;
+
+public class FirewallRule {
+    private long id;
+    private String srcVlanTag;
+    private String srcIp;
+    private String protocol;
+    private int[] srcPortRange;
+    private boolean revoked;
+    private boolean alreadyAdded;
+    private List<String> sourceCidrList;
+    private String purpose;
+    private Integer icmpType;
+    private Integer icmpCode;
+    private String trafficType;
+    private String guestCidr;
+    private boolean defaultEgressPolicy;
+    private String type;
+
+    public FirewallRule() {
+        // Empty constructor for (de)serialization
+    }
+
+    public FirewallRule(long id, String srcVlanTag, String srcIp, String protocol, int[] srcPortRange, boolean revoked, boolean alreadyAdded, List<String> sourceCidrList,
+            String purpose, Integer icmpType, Integer icmpCode, String trafficType, String guestCidr, boolean defaultEgressPolicy, String type) {
+        this.id = id;
+        this.srcVlanTag = srcVlanTag;
+        this.srcIp = srcIp;
+        this.protocol = protocol;
+        this.srcPortRange = srcPortRange;
+        this.revoked = revoked;
+        this.alreadyAdded = alreadyAdded;
+        this.sourceCidrList = sourceCidrList;
+        this.purpose = purpose;
+        this.icmpType = icmpType;
+        this.icmpCode = icmpCode;
+        this.trafficType = trafficType;
+        this.guestCidr = guestCidr;
+        this.defaultEgressPolicy = defaultEgressPolicy;
+        this.type = type;
+    }
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(long id) {
+        this.id = id;
+    }
+
+    public String getSrcVlanTag() {
+        return srcVlanTag;
+    }
+
+    public void setSrcVlanTag(String srcVlanTag) {
+        this.srcVlanTag = srcVlanTag;
+    }
+
+    public String getSrcIp() {
+        return srcIp;
+    }
+
+    public void setSrcIp(String srcIp) {
+        this.srcIp = srcIp;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    public int[] getSrcPortRange() {
+        return srcPortRange;
+    }
+
+    public void setSrcPortRange(int[] srcPortRange) {
+        this.srcPortRange = srcPortRange;
+    }
+
+    public boolean isRevoked() {
+        return revoked;
+    }
+
+    public void setRevoked(boolean revoked) {
+        this.revoked = revoked;
+    }
+
+    public boolean isAlreadyAdded() {
+        return alreadyAdded;
+    }
+
+    public void setAlreadyAdded(boolean alreadyAdded) {
+        this.alreadyAdded = alreadyAdded;
+    }
+
+    public List<String> getSourceCidrList() {
+        return sourceCidrList;
+    }
+
+    public void setSourceCidrList(List<String> sourceCidrList) {
+        this.sourceCidrList = sourceCidrList;
+    }
+
+    public String getPurpose() {
+        return purpose;
+    }
+
+    public void setPurpose(String purpose) {
+        this.purpose = purpose;
+    }
+
+    public Integer getIcmpType() {
+        return icmpType;
+    }
+
+    public void setIcmpType(Integer icmpType) {
+        this.icmpType = icmpType;
+    }
+
+    public Integer getIcmpCode() {
+        return icmpCode;
+    }
+
+    public void setIcmpCode(Integer icmpCode) {
+        this.icmpCode = icmpCode;
+    }
+
+    public String getTrafficType() {
+        return trafficType;
+    }
+
+    public void setTrafficType(String trafficType) {
+        this.trafficType = trafficType;
+    }
+
+    public String getGuestCidr() {
+        return guestCidr;
+    }
+
+    public void setGuestCidr(String guestCidr) {
+        this.guestCidr = guestCidr;
+    }
+
+    public boolean isDefaultEgressPolicy() {
+        return defaultEgressPolicy;
+    }
+
+    public void setDefaultEgressPolicy(boolean defaultEgressPolicy) {
+        this.defaultEgressPolicy = defaultEgressPolicy;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+}

core/src/com/cloud/agent/resource/virtualnetwork/model/FirewallRules.java

@@ -0,0 +1,42 @@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+
+package com.cloud.agent.resource.virtualnetwork.model;
+
+public class FirewallRules extends ConfigBase {
+    FirewallRule[] rules;
+
+    public FirewallRules() {
+        super(ConfigBase.FIREWALL_RULES);
+    }
+
+    public FirewallRules(FirewallRule[] rules) {
+        super(ConfigBase.FIREWALL_RULES);
+        this.rules = rules;
+    }
+
+    public FirewallRule[] getRules() {
+        return rules;
+    }
+
+    public void setRules(FirewallRule[] rules) {
+        this.rules = rules;
+    }
+
+}