Beta - Indefinitely Databricks OBO Token Lifetime

• Query id: 23e1f5f0-12b7-4d7e-9087-f60f42ccd514
• Query name: Beta - Indefinitely Databricks OBO Token Lifetime
• Platform: Terraform
• Severity: Medium
• Category: Insecure Defaults
• CWE: 307
• URL: Github

Description

OBO Token has an indefinitely lifetime
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "databricks_obo_token" "positive" {
  depends_on       = [databricks_group_member.this]
  application_id   = databricks_service_principal.this.application_id
  comment          = "PAT on behalf of ${databricks_service_principal.this.display_name}"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "databricks_obo_token" "negative" {
  depends_on       = [databricks_group_member.this]
  application_id   = databricks_service_principal.this.application_id
  comment          = "PAT on behalf of ${databricks_service_principal.this.display_name}"
  lifetime_seconds = 3600
}