Add enable_security_group option

Using noop driver to disable security group is confusing.
In this commit, we introduce enable_security_group in server side.

DocImpact
UpgradeImpact

Implements bp: security-group-config-cleanup
Related-Bug: 1112912
Change-Id: Ice44a4e2a519c64e613eeb24372de46726473339

neutron/tests/unit/linuxbridge/test_lb_neutron_agent.py

@@ -98,6 +98,9 @@ class TestLinuxBridgeAgent(base.BaseTestCase):
         super(TestLinuxBridgeAgent, self).setUp()
         cfg.CONF.set_override('rpc_backend',
                               'neutron.openstack.common.rpc.impl_fake')
+        cfg.CONF.set_default('firewall_driver',
+                             'neutron.agent.firewall.NoopFirewallDriver',
+                             group='SECURITYGROUP')
         self.execute_p = mock.patch.object(ip_lib.IPWrapper, '_execute')
         self.execute = self.execute_p.start()
         self.addCleanup(self.execute_p.stop)

neutron/tests/unit/linuxbridge/test_linuxbridge_plugin.py

@@ -16,6 +16,7 @@
 import contextlib
 
 import mock
+from oslo.config import cfg
 
 from neutron.common import constants as q_const
 from neutron.extensions import portbindings
@@ -65,15 +66,20 @@ class TestLinuxBridgePortBinding(LinuxBridgePluginV2TestCase,
                                  test_bindings.PortBindingsTestCase):
     VIF_TYPE = portbindings.VIF_TYPE_BRIDGE
     HAS_PORT_FILTER = True
+    ENABLE_SG = True
     FIREWALL_DRIVER = test_sg_rpc.FIREWALL_IPTABLES_DRIVER
 
     def setUp(self):
         test_sg_rpc.set_firewall_driver(self.FIREWALL_DRIVER)
+        cfg.CONF.set_override(
+            'enable_security_group', self.ENABLE_SG,
+            group='SECURITYGROUP')
         super(TestLinuxBridgePortBinding, self).setUp()
 
 
 class TestLinuxBridgePortBindingNoSG(TestLinuxBridgePortBinding):
     HAS_PORT_FILTER = False
+    ENABLE_SG = False
     FIREWALL_DRIVER = test_sg_rpc.FIREWALL_NOOP_DRIVER