cartography 0.100.0rc1__py3-none-any.whl → 0.100.0rc2__py3-none-any.whl

cartography/_version.py

@@ -1,8 +1,13 @@
-# file generated by setuptools_scm
+# file generated by setuptools-scm
 # don't change, don't track in version control
+
+__all__ = ["__version__", "__version_tuple__", "version", "version_tuple"]
+
 TYPE_CHECKING = False
 if TYPE_CHECKING:
-    from typing import Tuple, Union
+    from typing import Tuple
+    from typing import Union
+
     VERSION_TUPLE = Tuple[Union[int, str], ...]
 else:
     VERSION_TUPLE = object
@@ -12,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '0.100.0rc1'
+__version__ = version = '0.100.0rc2'
 __version_tuple__ = version_tuple = (0, 100, 0)

cartography/cli.py

@@ -439,9 +439,10 @@ class CLI:
             '--gsuite-auth-method',
             type=str,
             default='delegated',
-            choices=['delegated', 'oauth'],
+            choices=['delegated', 'oauth', 'default'],
             help=(
-                'The method used by GSuite to authenticate. delegated is the legacy one.'
+                'GSuite authentication method. Can be "delegated" for service account or "oauth" for OAuth. '
+                '"Default" best if using gcloud CLI.'
             ),
         )
         parser.add_argument(

cartography/intel/aws/ecr.py

@@ -36,7 +36,10 @@ def get_ecr_repository_images(boto3_session: boto3.session.Session, region: str,
     paginator = client.get_paginator('list_images')
     ecr_repository_images: List[Dict] = []
     for page in paginator.paginate(repositoryName=repository_name):
-        ecr_repository_images.extend(page['imageIds'])
+        image_ids = page['imageIds']
+        if image_ids:
+            response = client.describe_images(repositoryName=repository_name, imageIds=image_ids)
+            ecr_repository_images.extend(response['imageDetails'])
     return ecr_repository_images
 
 
@@ -103,7 +106,12 @@ def _load_ecr_repo_img_tx(
         ON CREATE SET ri.firstseen = timestamp()
         SET ri.lastupdated = $aws_update_tag,
             ri.tag = repo_img.imageTag,
-            ri.uri = repo_img.repo_uri + COALESCE(":" + repo_img.imageTag, '')
+            ri.uri = repo_img.repo_uri + COALESCE(":" + repo_img.imageTag, ''),
+            ri.image_size_bytes = repo_img.imageSizeInBytes,
+            ri.image_pushed_at = repo_img.imagePushedAt,
+            ri.image_manifest_media_type = repo_img.imageManifestMediaType,
+            ri.artifact_media_type = repo_img.artifactMediaType,
+            ri.last_recorded_pull_time = repo_img.lastRecordedPullTime
         WITH ri, repo_img
 
         MERGE (img:ECRImage{id: repo_img.imageDigest})

cartography/intel/gcp/__init__.py

@@ -17,21 +17,23 @@ from cartography.intel.gcp import compute
 from cartography.intel.gcp import crm
 from cartography.intel.gcp import dns
 from cartography.intel.gcp import gke
+from cartography.intel.gcp import iam
 from cartography.intel.gcp import storage
 from cartography.util import run_analysis_job
 from cartography.util import timeit
 
 logger = logging.getLogger(__name__)
-Resources = namedtuple('Resources', 'compute container crm_v1 crm_v2 dns storage serviceusage')
+Resources = namedtuple('Resources', 'compute container crm_v1 crm_v2 dns storage serviceusage iam')
 
 # Mapping of service short names to their full names as in docs. See https://developers.google.com/apis-explorer,
 # and https://cloud.google.com/service-usage/docs/reference/rest/v1/services#ServiceConfig
-Services = namedtuple('Services', 'compute storage gke dns')
+Services = namedtuple('Services', 'compute storage gke dns iam')
 service_names = Services(
     compute='compute.googleapis.com',
     storage='storage.googleapis.com',
     gke='container.googleapis.com',
     dns='dns.googleapis.com',
+    iam='iam.googleapis.com',
 )
 
 
@@ -112,6 +114,13 @@ def _get_serviceusage_resource(credentials: GoogleCredentials) -> Resource:
     return googleapiclient.discovery.build('serviceusage', 'v1', credentials=credentials, cache_discovery=False)
 
 
+def _get_iam_resource(credentials: GoogleCredentials) -> Resource:
+    """
+    Instantiates a Google IAM resource object to call the IAM API.
+    """
+    return googleapiclient.discovery.build('iam', 'v1', credentials=credentials, cache_discovery=False)
+
+
 def _initialize_resources(credentials: GoogleCredentials) -> Resource:
     """
     Create namedtuple of all resource objects necessary for GCP data gathering.
@@ -126,6 +135,7 @@ def _initialize_resources(credentials: GoogleCredentials) -> Resource:
         container=None,
         dns=None,
         storage=None,
+        iam=_get_iam_resource(credentials),
     )
 
 
@@ -286,6 +296,18 @@ def _sync_multiple_projects(
         logger.info("Syncing GCP project %s for DNS", project_id)
         _sync_single_project_dns(neo4j_session, resources, project_id, gcp_update_tag, common_job_parameters)
 
+    # IAM data sync
+    for project in projects:
+        project_id = project['projectId']
+        logger.info("Syncing GCP project %s for IAM", project_id)
+        iam.sync(
+            neo4j_session,
+            resources.iam,
+            project_id,
+            gcp_update_tag,
+            common_job_parameters,
+        )
+
 
 @timeit
 def get_gcp_credentials() -> GoogleCredentials:

cartography/intel/gcp/iam.py

@@ -0,0 +1,222 @@
+import logging
+from typing import Any
+from typing import Dict
+from typing import List
+
+import neo4j
+from googleapiclient.discovery import Resource
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.gcp.iam import GCPRoleSchema
+from cartography.models.gcp.iam import GCPServiceAccountSchema
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+# GCP API can be subject to rate limiting, so add small delays between calls
+LIST_SLEEP = 1
+DESCRIBE_SLEEP = 1
+
+
+@timeit
+def get_gcp_service_accounts(iam_client: Resource, project_id: str) -> List[Dict[str, Any]]:
+    """
+    Retrieve a list of GCP service accounts for a given project.
+
+    :param iam_client: The IAM resource object created by googleapiclient.discovery.build().
+    :param project_id: The GCP Project ID to retrieve service accounts from.
+    :return: A list of dictionaries representing GCP service accounts.
+    """
+    service_accounts: List[Dict[str, Any]] = []
+    try:
+        request = iam_client.projects().serviceAccounts().list(
+            name=f'projects/{project_id}',
+        )
+        while request is not None:
+            response = request.execute()
+            if 'accounts' in response:
+                service_accounts.extend(response['accounts'])
+            request = iam_client.projects().serviceAccounts().list_next(
+                previous_request=request,
+                previous_response=response,
+            )
+    except Exception as e:
+        logger.warning(f"Error retrieving service accounts for project {project_id}: {e}")
+    return service_accounts
+
+
+@timeit
+def get_gcp_roles(iam_client: Resource, project_id: str) -> List[Dict]:
+    """
+    Retrieve custom and predefined roles from GCP for a given project.
+
+    :param iam_client: The IAM resource object created by googleapiclient.discovery.build().
+    :param project_id: The GCP Project ID to retrieve roles from.
+    :return: A list of dictionaries representing GCP roles.
+    """
+    try:
+        roles = []
+
+        # Get custom roles
+        custom_req = iam_client.projects().roles().list(parent=f'projects/{project_id}')
+        while custom_req is not None:
+            resp = custom_req.execute()
+            roles.extend(resp.get('roles', []))
+            custom_req = iam_client.projects().roles().list_next(custom_req, resp)
+
+        # Get predefined roles
+        predefined_req = iam_client.roles().list(view='FULL')
+        while predefined_req is not None:
+            resp = predefined_req.execute()
+            roles.extend(resp.get('roles', []))
+            predefined_req = iam_client.roles().list_next(predefined_req, resp)
+
+        return roles
+    except Exception as e:
+        logger.warning(f"Error getting GCP roles - {e}")
+        return []
+
+
+@timeit
+def load_gcp_service_accounts(
+    neo4j_session: neo4j.Session,
+    service_accounts: List[Dict[str, Any]],
+    project_id: str,
+    gcp_update_tag: int,
+) -> None:
+    """
+    Load GCP service account data into Neo4j.
+
+    :param neo4j_session: The Neo4j session.
+    :param service_accounts: A list of service account data to load.
+    :param project_id: The GCP Project ID associated with the service accounts.
+    :param gcp_update_tag: The timestamp of the current sync run.
+    """
+    logger.debug(f"Loading {len(service_accounts)} service accounts for project {project_id}")
+    transformed_service_accounts = []
+    for sa in service_accounts:
+        transformed_sa = {
+            'id': sa['uniqueId'],
+            'email': sa.get('email'),
+            'displayName': sa.get('displayName'),
+            'oauth2ClientId': sa.get('oauth2ClientId'),
+            'uniqueId': sa.get('uniqueId'),
+            'disabled': sa.get('disabled', False),
+            'projectId': project_id,
+        }
+        transformed_service_accounts.append(transformed_sa)
+
+    load(
+        neo4j_session,
+        GCPServiceAccountSchema(),
+        transformed_service_accounts,
+        lastupdated=gcp_update_tag,
+        projectId=project_id,
+        additional_labels=['GCPPrincipal'],
+    )
+
+
+@timeit
+def load_gcp_roles(
+    neo4j_session: neo4j.Session,
+    roles: List[Dict[str, Any]],
+    project_id: str,
+    gcp_update_tag: int,
+) -> None:
+    """
+    Load GCP role data into Neo4j.
+
+    :param neo4j_session: The Neo4j session.
+    :param roles: A list of role data to load.
+    :param project_id: The GCP Project ID associated with the roles.
+    :param gcp_update_tag: The timestamp of the current sync run.
+    """
+    logger.debug(f"Loading {len(roles)} roles for project {project_id}")
+    transformed_roles = []
+    for role in roles:
+        role_name = role['name']
+        if role_name.startswith('roles/'):
+            if role_name in ['roles/owner', 'roles/editor', 'roles/viewer']:
+                role_type = 'BASIC'
+            else:
+                role_type = 'PREDEFINED'
+        else:
+            role_type = 'CUSTOM'
+
+        transformed_role = {
+            'id': role_name,
+            'name': role_name,
+            'title': role.get('title'),
+            'description': role.get('description'),
+            'deleted': role.get('deleted', False),
+            'etag': role.get('etag'),
+            'includedPermissions': role.get('includedPermissions', []),
+            'roleType': role_type,
+            'projectId': project_id,
+        }
+        transformed_roles.append(transformed_role)
+
+    load(
+        neo4j_session,
+        GCPRoleSchema(),
+        transformed_roles,
+        lastupdated=gcp_update_tag,
+        projectId=project_id,
+    )
+
+
+@timeit
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
+    """
+    Run cleanup jobs for GCP IAM data in Neo4j.
+
+    :param neo4j_session: The Neo4j session.
+    :param common_job_parameters: Common job parameters for cleanup.
+    """
+    logger.debug("Running GCP IAM cleanup job")
+    job_params = {
+        **common_job_parameters,
+        'projectId': common_job_parameters.get('PROJECT_ID'),
+    }
+
+    cleanup_jobs = [
+        GraphJob.from_node_schema(GCPServiceAccountSchema(), job_params),
+        GraphJob.from_node_schema(GCPRoleSchema(), job_params),
+    ]
+
+    for cleanup_job in cleanup_jobs:
+        cleanup_job.run(neo4j_session)
+
+
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    iam_client: Resource,
+    project_id: str,
+    gcp_update_tag: int,
+    common_job_parameters: Dict[str, Any],
+) -> None:
+    """
+    Sync GCP IAM resources for a given project.
+
+    :param neo4j_session: The Neo4j session.
+    :param iam_client: The IAM resource object created by googleapiclient.discovery.build().
+    :param project_id: The GCP Project ID to sync.
+    :param gcp_update_tag: The timestamp of the current sync run.
+    :param common_job_parameters: Common job parameters for the sync.
+    """
+    logger.info(f"Syncing GCP IAM for project {project_id}")
+
+    # Get and load service accounts
+    service_accounts = get_gcp_service_accounts(iam_client, project_id)
+    logger.info(f"Found {len(service_accounts)} service accounts in project {project_id}")
+    load_gcp_service_accounts(neo4j_session, service_accounts, project_id, gcp_update_tag)
+
+    # Get and load roles
+    roles = get_gcp_roles(iam_client, project_id)
+    logger.info(f"Found {len(roles)} roles in project {project_id}")
+    load_gcp_roles(neo4j_session, roles, project_id, gcp_update_tag)
+
+    # Run cleanup
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/gsuite/__init__.py

@@ -6,6 +6,7 @@ from collections import namedtuple
 
 import googleapiclient.discovery
 import neo4j
+from google.auth import default
 from google.auth.exceptions import DefaultCredentialsError
 from google.auth.transport.requests import Request
 from google.oauth2 import credentials
@@ -18,10 +19,11 @@ from cartography.config import Config
 from cartography.intel.gsuite import api
 from cartography.util import timeit
 
-OAUTH_SCOPE = [
+OAUTH_SCOPES = [
     'https://www.googleapis.com/auth/admin.directory.user.readonly',
     'https://www.googleapis.com/auth/admin.directory.group.readonly',
     'https://www.googleapis.com/auth/admin.directory.group.member',
+    'https://www.googleapis.com/auth/cloud-platform',
 ]
 
 logger = logging.getLogger(__name__)
@@ -70,7 +72,7 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None
         try:
             creds = service_account.Credentials.from_service_account_file(
                 config.gsuite_config,
-                scopes=OAUTH_SCOPE,
+                scopes=OAUTH_SCOPES,
             )
             creds = creds.with_subject(os.environ.get('GSUITE_DELEGATED_ADMIN'))
 
@@ -96,10 +98,10 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None
                 refresh_token=auth_tokens['refresh_token'],
                 expiry=None,
                 token_uri=auth_tokens['token_uri'],
-                scopes=OAUTH_SCOPE,
+                scopes=OAUTH_SCOPES,
             )
             creds.refresh(Request())
-            creds = creds.create_scoped(OAUTH_SCOPE)
+            creds = creds.create_scoped(OAUTH_SCOPES)
         except DefaultCredentialsError as e:
             logger.error(
                 (
@@ -111,6 +113,21 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None
                 e,
             )
             return
+    elif config.gsuite_auth_method == 'default':
+        logger.info('Attempting to authenticate to GSuite using default credentials')
+        try:
+            creds, _ = default(scopes=OAUTH_SCOPES)
+        except DefaultCredentialsError as e:
+            logger.error(
+                (
+                    "Unable to initialize GSuite creds using default credentials. If you don't have GSuite data or "
+                    "don't want to load GSuite data then you can ignore this message. Otherwise, the error code is: %s "
+                    "Make sure you have valid application default credentials configured. "
+                    "For more details see README"
+                ),
+                e,
+            )
+            return
 
     resources = _initialize_resources(creds)
     api.sync_gsuite_users(neo4j_session, resources.admin, config.update_tag, common_job_parameters)

cartography/intel/gsuite/api.py

@@ -4,6 +4,7 @@ from typing import List
 
 import neo4j
 from googleapiclient.discovery import Resource
+from googleapiclient.errors import HttpError
 
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
@@ -30,9 +31,21 @@ def get_all_groups(admin: Resource) -> List[Dict]:
     request = admin.groups().list(customer='my_customer', maxResults=20, orderBy='email')
     response_objects = []
     while request is not None:
-        resp = request.execute(num_retries=GOOGLE_API_NUM_RETRIES)
-        response_objects.append(resp)
-        request = admin.groups().list_next(request, resp)
+        try:
+            resp = request.execute(num_retries=GOOGLE_API_NUM_RETRIES)
+            response_objects.append(resp)
+            request = admin.groups().list_next(request, resp)
+        except HttpError as e:
+            if e.resp.status == 403 and "Request had insufficient authentication scopes" in str(e):
+                logger.error(
+                    "Missing required GSuite scopes. If using the gcloud CLI, ",
+                    "run: gcloud auth application-default login --scopes="
+                    '"https://www.googleapis.com/auth/admin.directory.user.readonly,'
+                    'https://www.googleapis.com/auth/admin.directory.group.readonly,'
+                    'https://www.googleapis.com/auth/admin.directory.group.member.readonly,'
+                    'https://www.googleapis.com/auth/cloud-platform"',
+                )
+            raise
     return response_objects
 
 
@@ -140,6 +153,7 @@ def load_gsuite_groups(neo4j_session: neo4j.Session, groups: List[Dict], gsuite_
         g.etag = group.etag,
         g.kind = group.kind,
         g.name = group.name,
+        g:GCPPrincipal,
         g.lastupdated = $UpdateTag
     """
     logger.info(f'Ingesting {len(groups)} gsuite groups')
@@ -179,6 +193,7 @@ def load_gsuite_users(neo4j_session: neo4j.Session, users: List[Dict], gsuite_up
         u.suspended = user.suspended,
         u.thumbnail_photo_etag = user.thumbnailPhotoEtag,
         u.thumbnail_photo_url = user.thumbnailPhotoUrl,
+        u:GCPPrincipal,
         u.lastupdated = $UpdateTag
     """
     logger.info(f'Ingesting {len(users)} gsuite users')

cartography/models/gcp/iam.py

@@ -0,0 +1,70 @@
+import logging
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass(frozen=True)
+class GCPServiceAccountNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id', extra_index=True)
+    email: PropertyRef = PropertyRef('email', extra_index=True)
+    display_name: PropertyRef = PropertyRef('displayName')
+    oauth2_client_id: PropertyRef = PropertyRef('oauth2ClientId')
+    unique_id: PropertyRef = PropertyRef('uniqueId')
+    disabled: PropertyRef = PropertyRef('disabled')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    project_id: PropertyRef = PropertyRef('projectId', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class GCPRoleNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('name', extra_index=True)
+    name: PropertyRef = PropertyRef('name', extra_index=True)
+    title: PropertyRef = PropertyRef('title')
+    description: PropertyRef = PropertyRef('description')
+    deleted: PropertyRef = PropertyRef('deleted')
+    etag: PropertyRef = PropertyRef('etag')
+    permissions: PropertyRef = PropertyRef('includedPermissions')
+    role_type: PropertyRef = PropertyRef('roleType')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    project_id: PropertyRef = PropertyRef('projectId', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class GCPIAMToProjectRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:GCPUser|GCPServiceAccount|GCPRole)<-[:RESOURCE]-(:GCPProject)
+class GCPPrincipalToProject(CartographyRelSchema):
+    target_node_label: str = 'GCPProject'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('projectId', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: GCPIAMToProjectRelProperties = GCPIAMToProjectRelProperties()
+
+
+@dataclass(frozen=True)
+class GCPServiceAccountSchema(CartographyNodeSchema):
+    label: str = 'GCPServiceAccount'
+    properties: GCPServiceAccountNodeProperties = GCPServiceAccountNodeProperties()
+    sub_resource_relationship: GCPPrincipalToProject = GCPPrincipalToProject()
+
+
+@dataclass(frozen=True)
+class GCPRoleSchema(CartographyNodeSchema):
+    label: str = 'GCPRole'
+    properties: GCPRoleNodeProperties = GCPRoleNodeProperties()
+    sub_resource_relationship: GCPPrincipalToProject = GCPPrincipalToProject()

{cartography-0.100.0rc1.dist-info → cartography-0.100.0rc2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: cartography
-Version: 0.100.0rc1
+Version: 0.100.0rc2
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2

{cartography-0.100.0rc1.dist-info → cartography-0.100.0rc2.dist-info}/RECORD

@@ -1,7 +1,7 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=JftXT_nUPkqcEh8uxCCT4n-OyHYqbldEgrDS-4ygy0U,101
-cartography/_version.py,sha256=m60nwdmRfNS_e1bH0LUuweYWYEmDYMPRcAZovFm1Lq4,418
-cartography/cli.py,sha256=LPjeOkx-cKhRkuhqMicB-0X3SHOjLXxEeGqsp2FtpC0,33285
+cartography/_version.py,sha256=2FDGHtBkuReawM6vCrLyVJwLyBFc1Fmf92-cRLEKxt0,518
+cartography/cli.py,sha256=-77DOKUQn3N-TDIi55V4RHLb3k36ZGZ64o1XgiT0qmE,33370
 cartography/config.py,sha256=ZcadsKmooAkti9Kv0eDl8Ec1PcZDu3lWobtNaCnwY3k,11872
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/stats.py,sha256=dbybb9V2FuvSuHjjNwz6Vjwnd1hap2C7h960rLoKcl8,4406
@@ -144,7 +144,7 @@ cartography/intel/aws/__init__.py,sha256=siRhVNypfGxMPNIXHSjfYbLX9qlB6RYyN6aWX64
 cartography/intel/aws/apigateway.py,sha256=w4QdxlwnVegKKsZFfoI36i-FGlIUjzxzaayZyz9oQvM,11654
 cartography/intel/aws/config.py,sha256=wrZbz7bc8vImLmRvTLkPcWnjjPzk3tOG4bB_BFS2lq8,7329
 cartography/intel/aws/dynamodb.py,sha256=LZ6LGNThLi0zC3eLMq2JN3mwiSwZeaH58YQQHvsXMGE,5013
-cartography/intel/aws/ecr.py,sha256=9yK8bXnXBJHW_AOalATjqfC4GTpR9pilpDScla4EFuY,6624
+cartography/intel/aws/ecr.py,sha256=Tkm_H2cJ2wW24FJE3rBsT-Rli2FU9gNEGo6eEk7jBFM,7124
 cartography/intel/aws/ecs.py,sha256=gulrIZ--iEFLpkkPH58MJIkctsxWeWdO2ofM9amDNZA,23654
 cartography/intel/aws/eks.py,sha256=OerAX7qT2uGPbqliPvuy8JZUIgle_KMlnkkHxk8O5fk,3546
 cartography/intel/aws/elasticache.py,sha256=fCI47aDFmIDyE26GiReKYb6XIZUwrzcvsXBQ4ruFhuI,4427
@@ -220,19 +220,20 @@ cartography/intel/duo/phones.py,sha256=ueJheqSLD2xYcMus5eOiixPYS3_xVjgQzeomjV2a6
 cartography/intel/duo/tokens.py,sha256=bEEnjfc4waQnkRHVSnZLAeGE8wHOOZL7FA9m80GGQdQ,2396
 cartography/intel/duo/users.py,sha256=lc7ly_XKeUjJ50szw31WT_GiCrZfGKJv1zVUpmTchh4,4097
 cartography/intel/duo/web_authn_credentials.py,sha256=IbDf3CWqfEyI7f9zJugUvoDd6vZOECfb_7ANZaRYzuk,2636
-cartography/intel/gcp/__init__.py,sha256=raPnE8b4WAwLfWJwU2D3JJwSnENHBRi_Bv9x-pMavdQ,15813
+cartography/intel/gcp/__init__.py,sha256=csFnE0_lznp3UfJZZSCCWF0gzdf_qz7sXuMzzZs_NvY,16516
 cartography/intel/gcp/compute.py,sha256=CH2cBdOwbLZCAbkfRJkkI-sFybXVKRWEUGDJANQmvyA,48333
 cartography/intel/gcp/crm.py,sha256=Uw5PILhVFhpM8gq7uu2v7F_YikDW3gsTZ3d7-e8Z1_k,12324
 cartography/intel/gcp/dns.py,sha256=y2pvbmV04cnrMyuu_nbW3oc7uwHX6yEzn1n7veCsjmk,7748
 cartography/intel/gcp/gke.py,sha256=qaTwsVaxkwNhW5_Mw4bedOk7fgJK8y0LwwcYlUABXDg,7966
+cartography/intel/gcp/iam.py,sha256=S2IHbq2YwtQs51EqcpoRPpWpB6PcVGI06GiBjdyYvuo,7482
 cartography/intel/gcp/storage.py,sha256=oO_ayEhkXlj2Gn7T5MU41ZXiqwRwe6Ud4wzqyRTsyf4,9075
 cartography/intel/github/__init__.py,sha256=y876JJGTDJZEOFCDiNCJfcLNxN24pVj4s2N0YmuuoaE,1914
 cartography/intel/github/repos.py,sha256=MmpxZASDJFQxDeSMxX3pZcpxCHFPos4_uYC_cX9KjOg,29865
 cartography/intel/github/teams.py,sha256=AltQSmBHHmyzBtnRkez9Bo5yChEKBSt3wwzhGcfqmX4,14180
 cartography/intel/github/users.py,sha256=MCLE0V0UCzQm3k3KmrNe6PYkI6usRQZYy2rCN3mT8o0,8948
 cartography/intel/github/util.py,sha256=K0cXOPuhnGvN-aqcSUBO3vTuKQLjufVal9kn2HwOpbo,8110
-cartography/intel/gsuite/__init__.py,sha256=Ed5Lab8E_OpRY1JM7NBaQwajfbG2MCACU21xKS9_ETY,4636
-cartography/intel/gsuite/api.py,sha256=qgEnAcajYGsgC5XNKMnYxOli8Su9wooaEnBBEpsk2EY,10336
+cartography/intel/gsuite/__init__.py,sha256=FZS4WVCjOCvGqrq2E-yhZ_dtViQSy1srs_YEohibpWU,5466
+cartography/intel/gsuite/api.py,sha256=bx0mPn6x6fgssxgm343NHdwjbtFkO6SZTucOsoW0Hgk,11143
 cartography/intel/jamf/__init__.py,sha256=Nof-LrUeevoieo6oP2GyfTwx8k5TUIgreW6hSj53YjQ,419
 cartography/intel/jamf/computers.py,sha256=EfjlupQ-9HYTjOrmuwrGuJDy9ApAnJvk8WrYcp6_Jkk,1673
 cartography/intel/jamf/util.py,sha256=EAyP8VpOY2uAvW3HtX6r7qORNjGa1Tr3fuqezuLQ0j4,1017
@@ -337,6 +338,7 @@ cartography/models/duo/phone.py,sha256=oxgMmwKLRiCWbAhqrTKE4ILseu0j96GugEIV_hchR
 cartography/models/duo/token.py,sha256=BS_AvF-TAGzCY9Owtqxr8g_s6716dnzFOO1IwkckmVA,2668
 cartography/models/duo/user.py,sha256=ih3DH_QveAve4cX9dmIwC5gVN6_RNnuLK3bfJ5I9u6g,6554
 cartography/models/duo/web_authn_credential.py,sha256=OcZnfG5zCMlphxSltRcAXQ12hHYJjxrBt6A9L28g7Vk,2920
+cartography/models/gcp/iam.py,sha256=N7OGmnRlkIFZOv0rh3QGGBmYV7WYy3-xeE4Wv7StGOE,3071
 cartography/models/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/github/orgs.py,sha256=EcUmkeyoCJmkmzLsfKdUwwTE0N2IIwyaUrIK32dQybo,1106
 cartography/models/github/teams.py,sha256=qFyFAKKsiiHqFZkMM7Fd9My16dgXgylcFy3BbXHhzng,6069
@@ -356,9 +358,9 @@ cartography/models/snipeit/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 cartography/models/snipeit/asset.py,sha256=FyRAaeXuZjMy0eUQcSDFcgEAF5lbLMlvqp1Tv9d3Lv4,3238
 cartography/models/snipeit/tenant.py,sha256=p4rFnpNNuF1W5ilGBbexDaETWTwavfb38RcQGoImkQI,679
 cartography/models/snipeit/user.py,sha256=MsB4MiCVNTH6JpESime7cOkB89autZOXQpL6Z0l7L6o,2113
-cartography-0.100.0rc1.dist-info/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
-cartography-0.100.0rc1.dist-info/METADATA,sha256=go8iGhWQYwh93GnkZX-Ut4_epIBTQL7e1Xrpz7Y8k-o,11860
-cartography-0.100.0rc1.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-cartography-0.100.0rc1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.100.0rc1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.100.0rc1.dist-info/RECORD,,
+cartography-0.100.0rc2.dist-info/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
+cartography-0.100.0rc2.dist-info/METADATA,sha256=EvL6jAQNNIVLpRwiNxSRZUANFrXX6RORGzbJk4U4Et0,11860
+cartography-0.100.0rc2.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
+cartography-0.100.0rc2.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.100.0rc2.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.100.0rc2.dist-info/RECORD,,

{cartography-0.100.0rc1.dist-info → cartography-0.100.0rc2.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.8.0)
+Generator: setuptools (75.8.2)
 Root-Is-Purelib: true
 Tag: py3-none-any