AWS SecurityGroup use is_using_neutron()

Allow for better decision on what networking backend to use when working
with AWS::EC2::SecurityGroup.

Change-Id: I6c887e76d4852d298ae8537486665291739c1f99

heat/engine/resources/security_group.py

@@ -70,7 +70,7 @@ class SecurityGroup(resource.Resource):
         ),
         VPC_ID: properties.Schema(
             properties.Schema.STRING,
-            _('Physical ID of the VPC.')
+            _('Physical ID of the VPC. Not implemented.')
         ),
         SECURITY_GROUP_INGRESS: properties.Schema(
             properties.Schema.LIST,
@@ -91,7 +91,7 @@ class SecurityGroup(resource.Resource):
     }
 
     def handle_create(self):
-        if self.properties[self.VPC_ID]:
+        if self.is_using_neutron():
             self._handle_create_neutron()
         else:
             self._handle_create_nova()
@@ -214,7 +214,7 @@ class SecurityGroup(resource.Resource):
                         raise
 
     def handle_delete(self):
-        if self.properties[self.VPC_ID]:
+        if self.is_using_neutron():
             self._handle_delete_neutron()
         else:
             self._handle_delete_nova()
@@ -256,7 +256,7 @@ class SecurityGroup(resource.Resource):
                     self.client_plugin('neutron').ignore_not_found(ex)
 
     def FnGetRefId(self):
-        if self.properties[self.VPC_ID]:
+        if self.is_using_neutron():
             return super(SecurityGroup, self).FnGetRefId()
         else:
             return self.physical_resource_name()
@@ -266,8 +266,8 @@ class SecurityGroup(resource.Resource):
         if res:
             return res
 
-        if self.properties[self.SECURITY_GROUP_EGRESS] and not \
-                self.properties[self.VPC_ID]:
+        if (self.properties[self.SECURITY_GROUP_EGRESS] and
+                not self.is_using_neutron()):
             raise exception.EgressRuleNotAllowed()
 
 

heat/tests/test_security_group.py

@@ -17,6 +17,7 @@ from neutronclient.common.exceptions import NeutronClientException
 from neutronclient.v2_0 import client as neutronclient
 from novaclient.v1_1 import security_group_rules as nova_sgr
 from novaclient.v1_1 import security_groups as nova_sg
+from oslo.config import cfg
 
 from heat.common import exception
 from heat.common import template_format
@@ -436,6 +437,7 @@ Resources:
         self.assertRaises(exception.EgressRuleNotAllowed, sg.validate)
 
     def test_security_group_neutron(self):
+        cfg.CONF.set_override('networking_service', 'neutron')
         #create script
         sg_name = utils.PhysName('test_stack', 'the_sg')
         neutronclient.Client.create_security_group({
@@ -681,6 +683,7 @@ Resources:
         self.m.VerifyAll()
 
     def test_security_group_neutron_exception(self):
+        cfg.CONF.set_override('networking_service', 'neutron')
         #create script
         sg_name = utils.PhysName('test_stack', 'the_sg')
         neutronclient.Client.create_security_group({

heat/tests/test_vpc.py

@@ -11,6 +11,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+from oslo.config import cfg
+
 from heat.common import exception
 from heat.common import template_format
 from heat.engine import parser
@@ -574,6 +576,7 @@ Resources:
         neutronclient.Client.delete_port('dddd').AndReturn(None)
 
     def test_network_interface(self):
+        cfg.CONF.set_override('networking_service', 'neutron')
         self.mock_create_security_group()
         self.mock_create_network()
         self.mock_create_subnet()
@@ -599,6 +602,7 @@ Resources:
         self.m.VerifyAll()
 
     def test_network_interface_existing_groupset(self):
+        cfg.CONF.set_override('networking_service', 'neutron')
         self.m.StubOutWithMock(parser.Stack, 'resource_by_refid')
 
         self.mock_create_security_group()