Beta - Databricks Workspace Using Default Virtual Network

• Query id: 05d6b52e-11ca-453d-bb3a-21c7c853ee92
• Query name: Beta - Databricks Workspace Using Default Virtual Network
• Platform: Terraform
• Severity: Medium
• Category: Networking and Firewall
• CWE: 602
• Risk score: 6.0
• URL: Github

Description

Resources of type 'azurerm_databricks_workspace' should use a custom virtual network
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "azurerm_databricks_workspace" "example_1" {
  name                        = "example-dbw"
  location                    = azurerm_resource_group.example.location
  resource_group_name         = azurerm_resource_group.example.name
  sku                         = "premium"
  managed_resource_group_name = "example-managed-rg"

  # Missing "custom_parameters"
}

resource "azurerm_databricks_workspace" "example_2" {
  name                        = "example-dbw"
  location                    = azurerm_resource_group.example.location
  resource_group_name         = azurerm_resource_group.example.name
  sku                         = "premium"
  managed_resource_group_name = "example-managed-rg"

  custom_parameters { # Empty "custom_parameters"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "azurerm_databricks_workspace" "negative" {
  name                        = "example-dbw"
  location                    = azurerm_resource_group.example.location
  resource_group_name         = azurerm_resource_group.example.name
  sku                         = "premium"
  managed_resource_group_name = "example-managed-rg"

  custom_parameters {
    virtual_network_id                             = azurerm_virtual_network.example.id
  }
}