From 06e2319806c618898071eba662d5bf9773be4d39 Mon Sep 17 00:00:00 2001
From: Matthew Gilliard <matthew.gilliard@hp.com>
Date: Fri, 21 Nov 2014 08:55:56 +0000
Subject: [PATCH] Prevent admin role leak in context.elevated

context.elevated was creating a copy of the current context then adding
'admin' to the roles of that context. This should be a deepcopy, otherwise
'admin' is added to the original context too.

Change-Id: I8ab00c88a8e76a14fb9f4ae96dfdb5f018fc2d0f
Closes-bug: 1386932
---
 nova/context.py                 |  2 +-
 nova/tests/unit/test_context.py | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/nova/context.py b/nova/context.py
index 9815bf3c9dc..e78636cdde7 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -179,7 +179,7 @@ def from_dict(cls, values):
 
     def elevated(self, read_deleted=None, overwrite=False):
         """Return a version of this context with admin flag set."""
-        context = copy.copy(self)
+        context = copy.deepcopy(self)
         context.is_admin = True
 
         if 'admin' not in context.roles:
diff --git a/nova/tests/unit/test_context.py b/nova/tests/unit/test_context.py
index 1c28f7f6b6b..c5881ee266d 100644
--- a/nova/tests/unit/test_context.py
+++ b/nova/tests/unit/test_context.py
@@ -18,6 +18,17 @@
 
 class ContextTestCase(test.NoDBTestCase):
 
+    def test_request_context_elevated(self):
+        user_ctxt = context.RequestContext('111',
+                                           '222',
+                                           admin=False)
+        self.assertFalse(user_ctxt.is_admin)
+        admin_ctxt = user_ctxt.elevated()
+        self.assertTrue(admin_ctxt.is_admin)
+        self.assertIn('admin', admin_ctxt.roles)
+        self.assertFalse(user_ctxt.is_admin)
+        self.assertNotIn('admin', user_ctxt.roles)
+
     def test_request_context_sets_is_admin(self):
         ctxt = context.RequestContext('111',
                                       '222',