Beta - Databricks Group Without User Or Instance Profile
- Query id: 23c3067a-8cc9-480c-b645-7c1e0ad4bf60
- Query name: Beta - Databricks Group Without User Or Instance Profile
- Platform: Terraform
- Severity: Low
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
Databricks Group should have at least one user or one instance profile associated
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "databricks_group" "positive_group" {
display_name = "Some Group"
allow_cluster_create = true
allow_instance_pool_create = true
}
resource "databricks_user" "positive_user" {
user_name = "someone@example.com"
}
resource "databricks_group_member" "positive_member" {
group_id = databricks_group.positive_group.id
member_id = databricks_user.positive_user.id
}
resource "databricks_group" "positive_group_2" {
display_name = "Some Group"
allow_cluster_create = true
allow_instance_pool_create = true
}
Positive test num. 2 - tf file
resource "databricks_instance_profile" "positive_instance_profile" {
instance_profile_arn = "my_instance_profile_arn"
}
resource "databricks_group" "positive_group" {
display_name = "my_group_name"
}
resource "databricks_group_instance_profile" "my_group_instance_profile" {
group_id = databricks_group.positive_group.id
instance_profile_id = databricks_instance_profile.positive_instance_profile.id
}
resource "databricks_group" "positive_group2" {
display_name = "my_group_name"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "databricks_group" "negative1_group" {
display_name = "Some Group"
allow_cluster_create = true
allow_instance_pool_create = true
}
resource "databricks_user" "negative1_user" {
user_name = "someone@example.com"
}
resource "databricks_group_member" "negative1_member" {
group_id = databricks_group.negative1_group.id
member_id = databricks_user.negative1_user.id
}
Negative test num. 2 - tf file
resource "databricks_instance_profile" "negative2_instance_profile" {
instance_profile_arn = "my_instance_profile_arn"
}
resource "databricks_group" "negative2_group" {
display_name = "my_group_name"
}
resource "databricks_group_instance_profile" "negative2_group_instance_profile" {
group_id = databricks_group.negative2_group.id
instance_profile_id = databricks_instance_profile.negative2_instance_profile.id
}