Prevent admin role leak in context.elevated

context.elevated was creating a copy of the current context then adding
'admin' to the roles of that context. This should be a deepcopy, otherwise
'admin' is added to the original context too.

Change-Id: I8ab00c88a8e76a14fb9f4ae96dfdb5f018fc2d0f
Closes-bug: 1386932

2 files changed, 12 insertions, 1 deletions

diff --git a/nova/context.py b/nova/context.py
index 9815bf3c9d..e78636cdde 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -179,7 +179,7 @@ class RequestContext(object):
 
     def elevated(self, read_deleted=None, overwrite=False):
         """Return a version of this context with admin flag set."""
-        context = copy.copy(self)
+        context = copy.deepcopy(self)
         context.is_admin = True
 
         if 'admin' not in context.roles:
diff --git a/nova/tests/unit/test_context.py b/nova/tests/unit/test_context.py
index 1c28f7f6b6..c5881ee266 100644
--- a/nova/tests/unit/test_context.py
+++ b/nova/tests/unit/test_context.py
@@ -18,6 +18,17 @@ from nova import test
 
 class ContextTestCase(test.NoDBTestCase):
 
+    def test_request_context_elevated(self):
+        user_ctxt = context.RequestContext('111',
+                                           '222',
+                                           admin=False)
+        self.assertFalse(user_ctxt.is_admin)
+        admin_ctxt = user_ctxt.elevated()
+        self.assertTrue(admin_ctxt.is_admin)
+        self.assertIn('admin', admin_ctxt.roles)
+        self.assertFalse(user_ctxt.is_admin)
+        self.assertNotIn('admin', user_ctxt.roles)
+
     def test_request_context_sets_is_admin(self):
         ctxt = context.RequestContext('111',
                                       '222',