Skip to content

Commit

Permalink
Merge pull request #957 from Azure/create-pull-request/patch
Browse files Browse the repository at this point in the history 
Automatic translation of checklists/databricks_checklist.en.json
  • Loading branch information
@erjosito
erjosito authored Oct 21, 2024
2 parents 87be6f9 + c3d2951 commit 27eec73
Show file tree
Hide file tree
Showing 37 changed files with 13,806 additions and 11,067 deletions.
166 changes: 166 additions & 0 deletions checklists-ext/fullwaf_checklist.en.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8050,6 +8050,17 @@
"text": "Store passwords, secerts and keys in Azure key vault",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.",
"guid": "a3aec2c4-e243-46b0-936d-b55e17960eee",
"link": "https://learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities",
"service": "Data Factory",
"severity": "Medium",
"text": "Use Azure Key Vault secrets in pipeline activities",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
Expand Down Expand Up @@ -8081,6 +8092,15 @@
"text": "Separate and limit highly privileged/administrative users and enable MFA and conditional policies",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"guid": "4e4f1854-287d-45cd-a126-cc032af5b1fc",
"service": "Data Factory",
"severity": "Medium",
"text": "Disable access over public internet and configure either firewall rules or trusted services rules",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
Expand Down Expand Up @@ -8111,6 +8131,17 @@
"text": "Configure managed private endpoints to connect to resources using managed azure IR",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"description": "By using Azure Private Link, you can connect to various platform as a service (PaaS) deployments in Azure via a private endpoint. A private endpoint is a private IP address within a specific virtual network and subnet",
"guid": "b47a393a-0804-4272-a479-8b1578b219a4",
"link": "https://learn.microsoft.com/azure/data-factory/data-factory-private-link",
"service": "Data Factory",
"severity": "Medium",
"text": "Configure Private Links to connect to sources in customer Vnet and data factory",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
Expand Down Expand Up @@ -8152,6 +8183,28 @@
"text": "Store passwords, secrets in Azure Key Vault",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"description": "You can store credentials or secret values in an Azure Key Vault and use them during pipeline execution to pass to your activities.",
"guid": "6f4a1652-bddd-4ea8-a487-cdec4861bc3b",
"link": "https://learn.microsoft.com/azure/data-factory/how-to-use-azure-key-vault-secrets-pipeline-activities",
"service": "Data Factory",
"severity": "Medium",
"text": "Use Azure Key Vault secrets in pipeline activities",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"description": "You can encrypt and store credentials for any of your on-premises data stores (linked services with sensitive information) on a machine with self-hosted integration runtime.",
"guid": "c14aeb7e-66e8-4d9a-9bec-218e6436b173",
"link": "https://learn.microsoft.com/azure/data-factory/encrypt-credentials-self-hosted-integration-runtime",
"service": "Data Factory",
"severity": "Medium",
"text": "Encrypt credentials for on-premises using SHIR data stores in Azure Data Factory",
"waf": "Reliability"
},
{
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"guid": "6db55f57-9603-4334-adf9-cc23418db612",
Expand Down Expand Up @@ -8416,6 +8469,17 @@
"text": "Limit cluster creation rights.",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.Databricks/workspaces",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
"description": "Account admins can configure a workspace setting called RestrictWorkspaceAdmins to restrict workspace admins to only change a job owner to themselves and the job run as setting to a service principal that they have the Service Principal User role on.",
"guid": "6b57dfc6-5546-41e1-a3e3-453a3c863964",
"link": "https://learn.microsoft.com/azure/databricks/admin/workspace-settings/restrict-workspace-admins",
"service": "Databricks",
"severity": "High",
"text": "Restrict workspace admins",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.Databricks/workspaces",
"checklist": "Use the 'Import latest checklist' button to get the latest version of a review checklist",
Expand Down Expand Up @@ -11666,6 +11730,108 @@
"text": "If deploying to an Isolated environment, use or migrate to App Service Environment (ASE) v3",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "65285269-440c-44be-9d3e-0844276d4bdc",
"link": "https://github.com/Azure/fta-resiliencyplaybooks/blob/main/pass-foudations-playbooks-ADB_v1.docx",
"service": "Data Factory",
"severity": "High",
"text": "Reference Databricks HA/DR playbook",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "a0e6c465-89d5-458b-a37d-3974d1112dbd",
"link": "https://github.com/databrickslabs/databricks-sync",
"service": "Data Factory",
"severity": "Low",
"text": "Use Databricks Sync",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "89d558b9-37d3-4974-b111-2dbd7aaf12e6",
"link": "https://learn.microsoft.com/azure/databricks/security/secrets/secret-scopes",
"service": "Data Factory",
"severity": "Medium",
"text": "Backup your workspace configuration including ARM templates and secret scopes",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "b94ee5ef-47d2-4d92-a81b-1cd6d1f54b29",
"link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/sharing-metadata-across-different-databricks-workspaces-using/ba-p/3679757",
"service": "Data Factory",
"severity": "Medium",
"text": "Share metaData across different Databricks workspaces using Hive external metastore",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "769e3969-0e78-428a-a936-657d03b0f466",
"link": "https://techcommunity.microsoft.com/t5/fasttrack-for-azure/disaster-recovery-strategy-in-azure-databricks-using-the-hive/ba-p/3684581",
"service": "Data Factory",
"severity": "Medium",
"text": "Plan Disaster Recovery strategy in Databricks using the Hive External Metastore",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "4b1d944a-3598-437e-b79d-6c6d3a364a5b",
"link": "https://www.databricks.com/blog/2021/04/20/attack-of-the-delta-clones-against-disaster-recovery-availability-complexity.html",
"service": "Data Factory",
"severity": "Medium",
"text": "Backup your data with deep and shallow clones",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"description": "Download the blob using the secondary endpoint in RAGRS storage account",
"guid": "7abae48a-bd54-4cd7-ae2e-86768357c559",
"link": "https://techcommunity.microsoft.com/t5/azure-paas-blog/download-the-blob-using-secondary-endpoint-in-ragrs-storage/ba-p/2403750",
"service": "Data Factory",
"severity": "Medium",
"text": "Backup your data to Azure Storage RA-GRS",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "675c5ee8-5b85-49c7-944c-e3b1a28b875a",
"link": "https://learn.microsoft.com/azure/databricks/dev-tools/index-ci-cd",
"service": "Data Factory",
"severity": "High",
"text": "Backup your code with DevOps",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"guid": "a1bf1038-9f03-4a4d-8ce4-63dbbbc8682a",
"link": "https://learn.microsoft.com/azure/databricks/administration-guide/disaster-recovery",
"service": "Data Factory",
"severity": "High",
"text": "Plan for Disaster recovery using Active/Active or Active/Passive Configuration",
"waf": "Reliability"
},
{
"arm-service": "Microsoft.DataFactory/datafactories",
"checklist": "DataBricks Review Checklist",
"description": "Migration package to log all Databricks resources for backup and/or migrating to another Databricks workspace",
"guid": "5abc92a4-eda1-4dae-8cc8-5c47c6b781cc",
"link": "https://github.com/databrickslabs/migrate",
"service": "Data Factory",
"severity": "Medium",
"text": "Use Databricks Migration tools",
"waf": "Reliability"
},
{
"checklist": "Identity Review Checklist",
"guid": "bb235c70-5e17-496f-bedf-a8a4c8cdec4c",
Expand Down
Loading

0 comments on commit 27eec73

Please sign in to comment.