feat: perform quicksight embedding actions just as the django admin role

It was already borderline overcomplicated before - there wasn't and isn't a need for this since view permissions for dashboards are all managed from inside Data Workspace
uktrade · Feb 14, 2023 · c0b9b93 · c0b9b93
1 parent b0995e0
commit c0b9b93
Showing 1 changed file with 3 additions and 15 deletions.
diff --git a/dataworkspace/dataworkspace/apps/applications/utils.py b/dataworkspace/dataworkspace/apps/applications/utils.py
@@ -633,22 +633,10 @@ def get_quicksight_dashboard_name_url(dashboard_id, user):
     embed_role_arn = settings.QUICKSIGHT_DASHBOARD_EMBEDDING_ROLE_ARN
     embed_role_name = embed_role_arn.rsplit("/", 1)[1]
 
-    sts = boto3.client("sts")
-    account_id = sts.get_caller_identity().get("Account")
-
-    role_credentials = sts.assume_role(RoleArn=embed_role_arn, RoleSessionName=user.email)[
-        "Credentials"
-    ]
-
-    session = boto3.Session(
-        aws_access_key_id=role_credentials["AccessKeyId"],
-        aws_secret_access_key=role_credentials["SecretAccessKey"],
-        aws_session_token=role_credentials["SessionToken"],
-    )
-
     # QuickSight manages users in a separate region to our data/dashboards.
-    qs_user_client = session.client("quicksight", region_name=user_region)
-    qs_dashboard_client = session.client("quicksight")
+    qs_user_client = boto3.client("quicksight", region_name=user_region)
+    qs_dashboard_client = boto3.client("quicksight")
+    account_id = qs_dashboard_client.get_caller_identity().get("Account")
     reader_email = "reader@dataworkspace"
 
     try: