From 82457f2462621b6a9c653dce2baf38d0623e25ee Mon Sep 17 00:00:00 2001
From: Marian Horban <mhorban@mirantis.com>
Date: Mon, 7 Dec 2015 07:30:11 -0500
Subject: [PATCH] Replace copy.deepcopy of RequestContext with copy.copy

Instance of RequestContext contains many objects and some of them like
mutexes could not be copied. Also a deepcopy of the entire
RequestContext wastes CPU time.

To avoid problems with deepcopy and avoid performance overhead this
patch changes deepcopy of RequestContext to shallow copy and makes
deepcopy of only the 'roles' member because of security issue
LP #1386932.

Closes-Bug: #1506958
Related-Bug: #1386932
Change-Id: I1e2c00e95e1c4bcd0ec7bf075458789d6fb06e99
---
 nova/context.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nova/context.py b/nova/context.py
index 3ddbe6cbf8c8..f37952f1bae6 100644
--- a/nova/context.py
+++ b/nova/context.py
@@ -197,7 +197,10 @@ class RequestContext(context.RequestContext):
 
     def elevated(self, read_deleted=None):
         """Return a version of this context with admin flag set."""
-        context = copy.deepcopy(self)
+        context = copy.copy(self)
+        # context.roles must be deepcopied to leave original roles
+        # without changes
+        context.roles = copy.deepcopy(self.roles)
         context.is_admin = True
 
         if 'admin' not in context.roles: