From ca1c17e0bb596ef03b286c283907586cb1225df7 Mon Sep 17 00:00:00 2001
From: Kiall Mac Innes <kiall@hp.com>
Date: Thu, 11 Apr 2013 15:27:27 +0100
Subject: [PATCH] Add a "force" option to context sudo.

Change-Id: I6da29e005616b51cb4e2b1ae388f648808610c70
---
 moniker/context.py | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/moniker/context.py b/moniker/context.py
index d06815806..716559306 100644
--- a/moniker/context.py
+++ b/moniker/context.py
@@ -37,12 +37,15 @@ class MonikerContext(context.RequestContext):
         self._original_tenant_id = None
         self.roles = roles
 
-    def sudo(self, tenant_id):
-        # We use exc=None here since the context is built early in the request
-        # lifecycle, outside of our ordinary error handling.
-        # For now, we silently ignore failed sudo requests.
-        allowed_sudo = policy.check('use_sudo', self, {'tenant_id': tenant_id},
-                                    exc=None)
+    def sudo(self, tenant_id, force=False):
+        if force:
+            allowed_sudo = True
+        else:
+            # We use exc=None here since the context is built early in the
+            # request lifecycle, outside of our ordinary error handling.
+            # For now, we silently ignore failed sudo requests.
+            target = {'tenant_id': tenant_id}
+            allowed_sudo = policy.check('use_sudo', self, target, exc=None)
 
         if allowed_sudo:
             LOG.warn('Accepted sudo from user_id %s for tenant_id %s'