From: Jay S. Bryant Date: Thu, 20 Nov 2014 17:06:48 +0000 (-0600) Subject: context.elevated() should use copy.deepcopy() X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=285cfaf0954d4c3e320b205c288240c1828476fe;p=openstack-build%2Fcinder-build.git context.elevated() should use copy.deepcopy() Currently context.elevated is just doing a copy.copy(self). This needs to be changed to use copy.deepcopy so that the list reference is not shared between objects which leaves the possibility of an admin role leak. This fix changes context.elevated use copy.deepcopy. Change-Id: I349c53ccbe9e02ad2a3e84ae897424db9785a170 Closes-bug: 1386932 --- diff --git a/cinder/context.py b/cinder/context.py index 5a826891f..4942c9f3a 100644 --- a/cinder/context.py +++ b/cinder/context.py @@ -148,7 +148,7 @@ class RequestContext(object): def elevated(self, read_deleted=None, overwrite=False): """Return a version of this context with admin flag set.""" - context = copy.copy(self) + context = self.deepcopy() context.is_admin = True if 'admin' not in context.roles: diff --git a/cinder/tests/test_context.py b/cinder/tests/test_context.py index bcb25859b..4ae9b4b52 100644 --- a/cinder/tests/test_context.py +++ b/cinder/tests/test_context.py @@ -54,6 +54,16 @@ class ContextTestCase(test.TestCase): 'read_deleted', True) + def test_request_context_elevated(self): + user_context = context.RequestContext( + 'fake_user', 'fake_project', admin=False) + self.assertFalse(user_context.is_admin) + admin_context = user_context.elevated() + self.assertFalse(user_context.is_admin) + self.assertTrue(admin_context.is_admin) + self.assertFalse('admin' in user_context.roles) + self.assertTrue('admin' in admin_context.roles) + def test_service_catalog_nova_and_swift(self): service_catalog = [ {u'type': u'compute', u'name': u'nova'},