Comment 74 for bug 1496277

Reviewed: https://review.openstack.org/269692
Committed: https://git.openstack.org/cgit/openstack/heat/commit/?id=fa19a617a79fd1cb0d892bb8ea87c4b9f6398c34
Submitter: Jenkins
Branch: stable/kilo

commit fa19a617a79fd1cb0d892bb8ea87c4b9f6398c34
Author: Zane Bitter <email address hidden>
Date: Tue Nov 24 12:29:38 2015 -0500

    Load template files only from their known source

    Modify get_class to ensure that user-defined resources cannot result in
    reads from the local filesystem. Only resources defined by the operator
    in the global environment should read local files.

    To make this work, this patch also adds a separate
    get_class_to_instantiate() method to the Environment.

    We were previously using get_class for two different purposes - to get a
    resource plugin on which we could perform introspection to obtain the
    properties and attributes schema, and to get a resource plugin we could
    instantiate to create a Resource object. These are both the same except in
    the case of a TemplateResource, where having two different use cases for
    the same piece of code was adding considerable extra complexity. Combining
    the use cases in this way also made the error handling confusing (leading
    to bug 1518458).

    This change separates out the two cases.

    Change-Id: I845e7d23c73242a4a4c9c40599690ab705c75caa
    Closes-Bug: #1496277
    Related-Bug: #1447194
    Related-Bug: #1518458
    Related-Bug: #1508115
    (cherry picked from commit 06a713c4456203cd561f16721dc8ac3bcbb37a3
                           and 26e6d5f6d776c1027c4f27058767952a58d15e25)