Beta - unrestricted Databricks ACL

Ce produit n'est pas pris en charge par le site Datadog que vous avez sélectionné. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: 2c4fe4a9-f44b-4c70-b09b-5b75cd251805

Cloud Provider: Databricks

Platform: Terraform

Severity: High

Category: Networking and Firewall

Learn More

Description

Flags databricks_ip_access_list resources where the ip_addresses attribute includes 0.0.0.0/0 or ::/0. These CIDRs allow unrestricted ingress, which is insecure and exposes the workspace.

Compliant Code Examples

resource "databricks_workspace_conf" "negative" {
  custom_config = {
    "enableIpAccessLists" : true
  }
}

resource "databricks_ip_access_list" "negative" {
  label     = "allow_in"
  list_type = "ALLOW"
  ip_addresses = [
    "1.2.3.0/24",
    "1.2.5.0/24"
  ]
  depends_on = [databricks_workspace_conf.negative]
}

Non-Compliant Code Examples

resource "databricks_workspace_conf" "positive2" {
  custom_config = {
    "enableIpAccessLists" : true
  }
}

resource "databricks_ip_access_list" "positive2" {
  label     = "allow_in"
  list_type = "ALLOW"
  ip_addresses = [
    "::/0",
    "1.2.5.0/24"
  ]
  depends_on = [databricks_workspace_conf.positive2]
}

resource "databricks_workspace_conf" "positive1" {
  custom_config = {
    "enableIpAccessLists" : true
  }
}

resource "databricks_ip_access_list" "positive1" {
  label     = "allow_in"
  list_type = "ALLOW"
  ip_addresses = [
    "0.0.0.0/0",
    "1.2.5.0/24"
  ]
  depends_on = [databricks_workspace_conf.positive1]
}