From c0b9b93ea27e8c7f6d178ecc05ea4a37c349dcca Mon Sep 17 00:00:00 2001 From: Michal Charemza Date: Tue, 14 Feb 2023 13:13:11 +0000 Subject: [PATCH] feat: perform quicksight embedding actions just as the django admin role It was already borderline overcomplicated before - there wasn't and isn't a need for this since view permissions for dashboards are all managed from inside Data Workspace --- .../dataworkspace/apps/applications/utils.py | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/dataworkspace/dataworkspace/apps/applications/utils.py b/dataworkspace/dataworkspace/apps/applications/utils.py index e22d03d434..0ba804bdef 100644 --- a/dataworkspace/dataworkspace/apps/applications/utils.py +++ b/dataworkspace/dataworkspace/apps/applications/utils.py @@ -633,22 +633,10 @@ def get_quicksight_dashboard_name_url(dashboard_id, user): embed_role_arn = settings.QUICKSIGHT_DASHBOARD_EMBEDDING_ROLE_ARN embed_role_name = embed_role_arn.rsplit("/", 1)[1] - sts = boto3.client("sts") - account_id = sts.get_caller_identity().get("Account") - - role_credentials = sts.assume_role(RoleArn=embed_role_arn, RoleSessionName=user.email)[ - "Credentials" - ] - - session = boto3.Session( - aws_access_key_id=role_credentials["AccessKeyId"], - aws_secret_access_key=role_credentials["SecretAccessKey"], - aws_session_token=role_credentials["SessionToken"], - ) - # QuickSight manages users in a separate region to our data/dashboards. - qs_user_client = session.client("quicksight", region_name=user_region) - qs_dashboard_client = session.client("quicksight") + qs_user_client = boto3.client("quicksight", region_name=user_region) + qs_dashboard_client = boto3.client("quicksight") + account_id = qs_dashboard_client.get_caller_identity().get("Account") reader_email = "reader@dataworkspace" try: