From be00b1ca963779717cabe8e20df2463400a2012a Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Mon, 13 Nov 2017 13:01:56 -0500
Subject: [PATCH] render survey_spec for display purposes in a safe manner

survey_spec is a nested dict, so if we don't `deepcopy()` it, updates
to the individual fields could corrupt the original data structure;
this was causing a bug whereby activity stream updates converted
encrypted survey password defaults -> `$encrypted$`, but inadvertently
modified the originating model due to shared references

see: https://github.com/ansible/ansible-tower/issues/7769
---
 awx/main/models/mixins.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/awx/main/models/mixins.py b/awx/main/models/mixins.py
index 82cbeca5de..8d234d0b97 100644
--- a/awx/main/models/mixins.py
+++ b/awx/main/models/mixins.py
@@ -1,6 +1,6 @@
 # Python
 import json
-from copy import copy
+from copy import copy, deepcopy
 
 # Django
 from django.db import models
@@ -257,7 +257,7 @@ class SurveyJobTemplateMixin(models.Model):
         '''
         Hide encrypted default passwords in survey specs
         '''
-        survey_spec = self.survey_spec.copy() if self.survey_spec else {}
+        survey_spec = deepcopy(self.survey_spec) if self.survey_spec else {}
         for field in survey_spec.get('spec', []):
             if field.get('type') == 'password':
                 if 'default' in field and field['default']: