From 8f35da22c453fc6f6e48612229eef02ea9c75c5a Mon Sep 17 00:00:00 2001 From: Michal Charemza Date: Fri, 29 Nov 2024 10:09:28 +0000 Subject: [PATCH] feat: lower risk of undoing user changes when getting credentials Using a plain "user.save()" runs the risk of undoing recent changes made by other parts of the application. So we change this to use "update_fields" to only change the field we are interested in, in this case tools_access_role_arn that is used when a user access AWS resources directly. This does not address a reported issue, just something I noticed. --- dataworkspace/dataworkspace/apps/core/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dataworkspace/dataworkspace/apps/core/utils.py b/dataworkspace/dataworkspace/apps/core/utils.py index 21b858072..b69a7a2de 100644 --- a/dataworkspace/dataworkspace/apps/core/utils.py +++ b/dataworkspace/dataworkspace/apps/core/utils.py @@ -1289,7 +1289,7 @@ def create_tools_access_iam_role(user_id, user_email_address, access_point_id): # Cache the role_arn so it can be retrieved in the future without calling AWS user.profile.tools_access_role_arn = role_arn - user.save() + user.profile.save(update_fields=['tools_access_role_arn']) return role_arn, s3_prefixes