Beta - Databricks OBO token has indefinite lifetime

문서 > Datadog 보안 > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Beta - Databricks OBO token has indefinite lifetime

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 23e1f5f0-12b7-4d7e-9087-f60f42ccd514

Cloud Provider: Databricks

Platform: Terraform

Severity: Medium

Category: Insecure Defaults

Learn More

Provider Reference

Description

databricks_obo_token has an indefinite lifetime. OBO tokens must include a lifetime_seconds attribute to enforce a finite validity period. This rule flags any databricks_obo_token resource that does not set lifetime_seconds.

Compliant Code Examples

resource "databricks_obo_token" "negative" {
  depends_on       = [databricks_group_member.this]
  application_id   = databricks_service_principal.this.application_id
  comment          = "PAT on behalf of ${databricks_service_principal.this.display_name}"
  lifetime_seconds = 3600
}

Non-Compliant Code Examples

resource "databricks_obo_token" "positive" {
  depends_on       = [databricks_group_member.this]
  application_id   = databricks_service_principal.this.application_id
  comment          = "PAT on behalf of ${databricks_service_principal.this.display_name}"
}