PyPI - cartography - Versions diffs - 0.102.0rc1__py3-none-any.whl → 0.103.0__py3-none-any.whl - Mend

cartography 0.102.0rc1py3-none-any.whl → 0.103.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cartography might be problematic. Click here for more details.

Files changed (297) hide show

cartography/__main__.py +1 -2
cartography/_version.py +2 -2
cartography/cli.py +376 -249
cartography/client/core/tx.py +39 -18
cartography/config.py +28 -0
cartography/driftdetect/__main__.py +1 -2
cartography/driftdetect/add_shortcut.py +10 -2
cartography/driftdetect/cli.py +71 -75
cartography/driftdetect/detect_deviations.py +7 -3
cartography/driftdetect/get_states.py +20 -8
cartography/driftdetect/model.py +5 -5
cartography/driftdetect/serializers.py +8 -6
cartography/driftdetect/storage.py +2 -2
cartography/graph/cleanupbuilder.py +35 -15
cartography/graph/job.py +46 -17
cartography/graph/querybuilder.py +165 -80
cartography/graph/statement.py +35 -26
cartography/intel/analysis.py +4 -1
cartography/intel/aws/__init__.py +114 -55
cartography/intel/aws/apigateway.py +134 -63
cartography/intel/aws/cloudtrail.py +127 -0
cartography/intel/aws/cloudwatch.py +93 -0
cartography/intel/aws/config.py +56 -20
cartography/intel/aws/dynamodb.py +108 -40
cartography/intel/aws/ec2/__init__.py +2 -2
cartography/intel/aws/ec2/auto_scaling_groups.py +181 -78
cartography/intel/aws/ec2/elastic_ip_addresses.py +41 -13
cartography/intel/aws/ec2/images.py +49 -20
cartography/intel/aws/ec2/instances.py +234 -136
cartography/intel/aws/ec2/internet_gateways.py +40 -11
cartography/intel/aws/ec2/key_pairs.py +44 -20
cartography/intel/aws/ec2/launch_templates.py +101 -59
cartography/intel/aws/ec2/load_balancer_v2s.py +104 -39
cartography/intel/aws/ec2/load_balancers.py +82 -42
cartography/intel/aws/ec2/network_acls.py +89 -65
cartography/intel/aws/ec2/network_interfaces.py +146 -87
cartography/intel/aws/ec2/reserved_instances.py +45 -16
cartography/intel/aws/ec2/route_tables.py +327 -0
cartography/intel/aws/ec2/security_groups.py +71 -21
cartography/intel/aws/ec2/snapshots.py +61 -22
cartography/intel/aws/ec2/subnets.py +54 -18
cartography/intel/aws/ec2/tgw.py +100 -34
cartography/intel/aws/ec2/util.py +1 -1
cartography/intel/aws/ec2/volumes.py +69 -41
cartography/intel/aws/ec2/vpc.py +37 -12
cartography/intel/aws/ec2/vpc_peerings.py +83 -24
cartography/intel/aws/ecr.py +88 -32
cartography/intel/aws/ecs.py +83 -47
cartography/intel/aws/efs.py +93 -0
cartography/intel/aws/eks.py +55 -29
cartography/intel/aws/elasticache.py +42 -18
cartography/intel/aws/elasticsearch.py +57 -20
cartography/intel/aws/emr.py +61 -23
cartography/intel/aws/iam.py +401 -145
cartography/intel/aws/iam_instance_profiles.py +22 -22
cartography/intel/aws/identitycenter.py +71 -37
cartography/intel/aws/inspector.py +159 -89
cartography/intel/aws/kms.py +92 -38
cartography/intel/aws/lambda_function.py +103 -34
cartography/intel/aws/organizations.py +30 -10
cartography/intel/aws/permission_relationships.py +133 -51
cartography/intel/aws/rds.py +249 -85
cartography/intel/aws/redshift.py +107 -46
cartography/intel/aws/resourcegroupstaggingapi.py +120 -66
cartography/intel/aws/resources.py +57 -44
cartography/intel/aws/route53.py +108 -61
cartography/intel/aws/s3.py +168 -83
cartography/intel/aws/s3accountpublicaccessblock.py +157 -0
cartography/intel/aws/secretsmanager.py +24 -12
cartography/intel/aws/securityhub.py +20 -9
cartography/intel/aws/sns.py +166 -0
cartography/intel/aws/sqs.py +60 -28
cartography/intel/aws/ssm.py +70 -30
cartography/intel/aws/util/arns.py +7 -7
cartography/intel/aws/util/common.py +31 -4
cartography/intel/azure/__init__.py +78 -19
cartography/intel/azure/compute.py +101 -27
cartography/intel/azure/cosmosdb.py +496 -170
cartography/intel/azure/sql.py +296 -105
cartography/intel/azure/storage.py +322 -113
cartography/intel/azure/subscription.py +39 -23
cartography/intel/azure/tenant.py +13 -4
cartography/intel/azure/util/credentials.py +95 -55
cartography/intel/bigfix/__init__.py +2 -2
cartography/intel/bigfix/computers.py +93 -65
cartography/intel/cloudflare/__init__.py +74 -0
cartography/intel/cloudflare/accounts.py +57 -0
cartography/intel/cloudflare/dnsrecords.py +64 -0
cartography/intel/cloudflare/members.py +75 -0
cartography/intel/cloudflare/roles.py +65 -0
cartography/intel/cloudflare/zones.py +64 -0
cartography/intel/create_indexes.py +3 -2
cartography/intel/crowdstrike/__init__.py +11 -9
cartography/intel/crowdstrike/endpoints.py +5 -1
cartography/intel/crowdstrike/spotlight.py +8 -3
cartography/intel/cve/__init__.py +46 -13
cartography/intel/cve/feed.py +48 -12
cartography/intel/digitalocean/__init__.py +22 -13
cartography/intel/digitalocean/compute.py +75 -108
cartography/intel/digitalocean/management.py +44 -80
cartography/intel/digitalocean/platform.py +48 -43
cartography/intel/dns.py +36 -10
cartography/intel/duo/__init__.py +21 -16
cartography/intel/duo/api_host.py +14 -9
cartography/intel/duo/endpoints.py +50 -45
cartography/intel/duo/groups.py +18 -14
cartography/intel/duo/phones.py +37 -34
cartography/intel/duo/tokens.py +26 -23
cartography/intel/duo/users.py +54 -50
cartography/intel/duo/web_authn_credentials.py +30 -25
cartography/intel/entra/__init__.py +25 -7
cartography/intel/entra/ou.py +112 -0
cartography/intel/entra/users.py +69 -63
cartography/intel/gcp/__init__.py +185 -49
cartography/intel/gcp/compute.py +418 -231
cartography/intel/gcp/crm.py +96 -43
cartography/intel/gcp/dns.py +60 -19
cartography/intel/gcp/gke.py +72 -38
cartography/intel/gcp/iam.py +61 -41
cartography/intel/gcp/storage.py +84 -55
cartography/intel/github/__init__.py +13 -11
cartography/intel/github/repos.py +270 -137
cartography/intel/github/teams.py +170 -88
cartography/intel/github/users.py +70 -39
cartography/intel/github/util.py +36 -34
cartography/intel/gsuite/__init__.py +47 -26
cartography/intel/gsuite/api.py +73 -30
cartography/intel/jamf/__init__.py +19 -1
cartography/intel/jamf/computers.py +30 -7
cartography/intel/jamf/util.py +7 -2
cartography/intel/kandji/__init__.py +6 -3
cartography/intel/kandji/devices.py +14 -8
cartography/intel/kubernetes/namespaces.py +7 -4
cartography/intel/kubernetes/pods.py +7 -4
cartography/intel/kubernetes/services.py +8 -4
cartography/intel/lastpass/__init__.py +2 -2
cartography/intel/lastpass/users.py +23 -12
cartography/intel/oci/__init__.py +44 -11
cartography/intel/oci/iam.py +134 -38
cartography/intel/oci/organizations.py +13 -6
cartography/intel/oci/utils.py +43 -20
cartography/intel/okta/__init__.py +66 -15
cartography/intel/okta/applications.py +42 -20
cartography/intel/okta/awssaml.py +93 -33
cartography/intel/okta/factors.py +16 -4
cartography/intel/okta/groups.py +56 -29
cartography/intel/okta/organization.py +5 -1
cartography/intel/okta/origins.py +6 -2
cartography/intel/okta/roles.py +15 -5
cartography/intel/okta/users.py +20 -8
cartography/intel/okta/utils.py +6 -4
cartography/intel/openai/__init__.py +86 -0
cartography/intel/openai/adminapikeys.py +90 -0
cartography/intel/openai/apikeys.py +96 -0
cartography/intel/openai/projects.py +94 -0
cartography/intel/openai/serviceaccounts.py +82 -0
cartography/intel/openai/users.py +78 -0
cartography/intel/openai/util.py +29 -0
cartography/intel/pagerduty/__init__.py +8 -7
cartography/intel/pagerduty/escalation_policies.py +18 -6
cartography/intel/pagerduty/schedules.py +12 -4
cartography/intel/pagerduty/services.py +11 -4
cartography/intel/pagerduty/teams.py +8 -3
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/semgrep/__init__.py +24 -6
cartography/intel/semgrep/dependencies.py +50 -28
cartography/intel/semgrep/deployment.py +3 -1
cartography/intel/semgrep/findings.py +42 -18
cartography/intel/snipeit/__init__.py +17 -3
cartography/intel/snipeit/asset.py +12 -6
cartography/intel/snipeit/user.py +8 -5
cartography/intel/snipeit/util.py +9 -4
cartography/intel/tailscale/__init__.py +77 -0
cartography/intel/tailscale/acls.py +146 -0
cartography/intel/tailscale/devices.py +127 -0
cartography/intel/tailscale/postureintegrations.py +81 -0
cartography/intel/tailscale/tailnets.py +76 -0
cartography/intel/tailscale/users.py +80 -0
cartography/intel/tailscale/utils.py +132 -0
cartography/models/aws/apigateway.py +21 -17
cartography/models/aws/apigatewaycertificate.py +28 -22
cartography/models/aws/apigatewayresource.py +28 -20
cartography/models/aws/apigatewaystage.py +33 -25
cartography/models/aws/cloudtrail/__init__.py +0 -0
cartography/models/aws/cloudtrail/trail.py +61 -0
cartography/models/aws/cloudwatch/__init__.py +0 -0
cartography/models/aws/cloudwatch/loggroup.py +52 -0
cartography/models/aws/dynamodb/gsi.py +30 -22
cartography/models/aws/dynamodb/tables.py +25 -17
cartography/models/aws/ec2/auto_scaling_groups.py +102 -82
cartography/models/aws/ec2/images.py +36 -34
cartography/models/aws/ec2/instances.py +51 -45
cartography/models/aws/ec2/keypair.py +21 -16
cartography/models/aws/ec2/keypair_instance.py +28 -21
cartography/models/aws/ec2/launch_configurations.py +30 -26
cartography/models/aws/ec2/launch_template_versions.py +48 -38
cartography/models/aws/ec2/launch_templates.py +21 -17
cartography/models/aws/ec2/load_balancer_listeners.py +27 -23
cartography/models/aws/ec2/load_balancers.py +47 -37
cartography/models/aws/ec2/network_acl_rules.py +38 -30
cartography/models/aws/ec2/network_acls.py +38 -29
cartography/models/aws/ec2/networkinterface_instance.py +52 -39
cartography/models/aws/ec2/networkinterfaces.py +53 -37
cartography/models/aws/ec2/privateip_networkinterface.py +32 -22
cartography/models/aws/ec2/reservations.py +18 -14
cartography/models/aws/ec2/route_table_associations.py +97 -0
cartography/models/aws/ec2/route_tables.py +128 -0
cartography/models/aws/ec2/routes.py +85 -0
cartography/models/aws/ec2/securitygroup_instance.py +29 -20
cartography/models/aws/ec2/securitygroup_networkinterface.py +24 -15
cartography/models/aws/ec2/subnet_instance.py +24 -19
cartography/models/aws/ec2/subnet_networkinterface.py +40 -31
cartography/models/aws/ec2/volumes.py +47 -40
cartography/models/aws/efs/__init__.py +0 -0
cartography/models/aws/efs/mount_target.py +52 -0
cartography/models/aws/eks/clusters.py +23 -21
cartography/models/aws/emr.py +32 -30
cartography/models/aws/iam/instanceprofile.py +33 -24
cartography/models/aws/identitycenter/awsidentitycenter.py +18 -14
cartography/models/aws/identitycenter/awspermissionset.py +37 -29
cartography/models/aws/identitycenter/awsssouser.py +23 -21
cartography/models/aws/inspector/findings.py +77 -65
cartography/models/aws/inspector/packages.py +35 -29
cartography/models/aws/s3/__init__.py +0 -0
cartography/models/aws/s3/account_public_access_block.py +51 -0
cartography/models/aws/sns/__init__.py +0 -0
cartography/models/aws/sns/topic.py +50 -0
cartography/models/aws/ssm/instance_information.py +51 -39
cartography/models/aws/ssm/instance_patch.py +32 -26
cartography/models/bigfix/bigfix_computer.py +42 -38
cartography/models/bigfix/bigfix_root.py +3 -3
cartography/models/cloudflare/__init__.py +0 -0
cartography/models/cloudflare/account.py +25 -0
cartography/models/cloudflare/dnsrecord.py +55 -0
cartography/models/cloudflare/member.py +82 -0
cartography/models/cloudflare/role.py +44 -0
cartography/models/cloudflare/zone.py +59 -0
cartography/models/core/common.py +12 -10
cartography/models/core/nodes.py +5 -2
cartography/models/core/relationships.py +14 -6
cartography/models/crowdstrike/hosts.py +37 -35
cartography/models/cve/cve.py +34 -32
cartography/models/cve/cve_feed.py +6 -6
cartography/models/digitalocean/__init__.py +0 -0
cartography/models/digitalocean/account.py +21 -0
cartography/models/digitalocean/droplet.py +56 -0
cartography/models/digitalocean/project.py +48 -0
cartography/models/duo/api_host.py +3 -3
cartography/models/duo/endpoint.py +43 -41
cartography/models/duo/group.py +14 -14
cartography/models/duo/phone.py +27 -27
cartography/models/duo/token.py +16 -16
cartography/models/duo/user.py +46 -44
cartography/models/duo/web_authn_credential.py +27 -19
cartography/models/entra/ou.py +48 -0
cartography/models/entra/tenant.py +24 -18
cartography/models/entra/user.py +64 -48
cartography/models/gcp/iam.py +23 -23
cartography/models/github/orgs.py +5 -4
cartography/models/github/teams.py +37 -31
cartography/models/github/users.py +34 -23
cartography/models/kandji/device.py +22 -16
cartography/models/kandji/tenant.py +6 -4
cartography/models/lastpass/tenant.py +3 -3
cartography/models/lastpass/user.py +32 -28
cartography/models/openai/__init__.py +0 -0
cartography/models/openai/adminapikey.py +90 -0
cartography/models/openai/apikey.py +84 -0
cartography/models/openai/organization.py +17 -0
cartography/models/openai/project.py +70 -0
cartography/models/openai/serviceaccount.py +50 -0
cartography/models/openai/user.py +49 -0
cartography/models/semgrep/dependencies.py +36 -24
cartography/models/semgrep/deployment.py +5 -5
cartography/models/semgrep/findings.py +58 -42
cartography/models/semgrep/locations.py +27 -21
cartography/models/snipeit/asset.py +30 -21
cartography/models/snipeit/tenant.py +6 -4
cartography/models/snipeit/user.py +19 -12
cartography/models/tailscale/__init__.py +0 -0
cartography/models/tailscale/device.py +95 -0
cartography/models/tailscale/group.py +86 -0
cartography/models/tailscale/postureintegration.py +58 -0
cartography/models/tailscale/tag.py +102 -0
cartography/models/tailscale/tailnet.py +29 -0
cartography/models/tailscale/user.py +52 -0
cartography/stats.py +3 -3
cartography/sync.py +113 -31
cartography/util.py +84 -62
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/METADATA +8 -15
cartography-0.103.0.dist-info/RECORD +442 -0
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/WHEEL +1 -1
cartography-0.102.0rc1.dist-info/RECORD +0 -377
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/entry_points.txt +0 -0
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/top_level.txt +0 -0

cartography/intel/aws/ec2/route_tables.py ADDED Viewed

@@ -0,0 +1,327 @@
+import logging
+from typing import Any
+import boto3
+import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.aws.ec2.util import get_botocore_config
+from cartography.models.aws.ec2.route_table_associations import (
+    RouteTableAssociationSchema,
+)
+from cartography.models.aws.ec2.route_tables import RouteTableSchema
+from cartography.models.aws.ec2.routes import RouteSchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+def _get_route_id_and_target(
+    route_table_id: str, route: dict[str, Any]
+) -> tuple[str, str | None]:
+    """
+    Generate a unique identifier for an AWS EC2 route and return the target of the route
+    regardless of its type.
+    Args:
+        route_table_id: The ID of the route table this route belongs to
+        route: The route data from AWS API
+    Returns:
+        A tuple containing the unique identifier for the route and the target of the route
+    """
+    route_target_keys = [
+        "DestinationCidrBlock",
+        "DestinationIpv6CidrBlock",
+        "GatewayId",
+        "InstanceId",
+        "NatGatewayId",
+        "TransitGatewayId",
+        "LocalGatewayId",
+        "CarrierGatewayId",
+        "NetworkInterfaceId",
+        "VpcPeeringConnectionId",
+        "EgressOnlyInternetGatewayId",
+        "CoreNetworkArn",
+    ]
+    # Start with the route table ID
+    parts = [route_table_id]
+    target = None
+    found_target = False
+    for key in route_target_keys:
+        # Each route is a "union"-like data structure, so only one of the keys will be present.
+        if key in route:
+            parts.append(route[key])
+            target = route[key]
+            found_target = True
+            break
+    if not found_target:
+        logger.warning(
+            f"No target found for route in {route_table_id}. Please review the route and file an issue to "
+            "https://github.com/cartography-cncf/cartography/issues sharing what the route table looks like "
+            "so that we can update the available keys.",
+        )
+    return "|".join(parts), target
+@timeit
+@aws_handle_regions
+def get_route_tables(
+    boto3_session: boto3.session.Session, region: str
+) -> list[dict[str, Any]]:
+    client = boto3_session.client(
+        "ec2", region_name=region, config=get_botocore_config()
+    )
+    paginator = client.get_paginator("describe_route_tables")
+    route_tables: list[dict[str, Any]] = []
+    for page in paginator.paginate():
+        route_tables.extend(page["RouteTables"])
+    return route_tables
+def _transform_route_table_associations(
+    route_table_id: str,
+    associations: list[dict[str, Any]],
+) -> tuple[list[dict[str, Any]], bool]:
+    """
+    Transform route table association data into a format suitable for cartography ingestion.
+    Args:
+        route_table_id: The ID of the route table
+        associations: List of association data from AWS API
+    Returns:
+        1. List of transformed association data
+        2. Boolean indicating if the association is the main association, meaning that the route table is the main
+        route table for the VPC
+    """
+    transformed = []
+    is_main = False
+    for association in associations:
+        if association.get("SubnetId"):
+            target = association["SubnetId"]
+        elif association.get("GatewayId"):
+            target = association["GatewayId"]
+        else:
+            is_main = True
+            target = "main"
+        transformed_association = {
+            "id": association["RouteTableAssociationId"],
+            "route_table_id": route_table_id,
+            "subnet_id": association.get("SubnetId"),
+            "gateway_id": association.get("GatewayId"),
+            "main": association.get("Main", False),
+            "association_state": association.get("AssociationState", {}).get("State"),
+            "association_state_message": association.get("AssociationState", {}).get(
+                "Message"
+            ),
+            "_target": target,
+        }
+        transformed.append(transformed_association)
+    return transformed, is_main
+def _transform_route_table_routes(
+    route_table_id: str, routes: list[dict[str, Any]]
+) -> list[dict[str, Any]]:
+    """
+    Transform route table route data into a format suitable for cartography ingestion.
+    Args:
+        route_table_id: The ID of the route table
+        routes: List of route data from AWS API
+    Returns:
+        List of transformed route data
+    """
+    transformed = []
+    for route in routes:
+        route_id, target = _get_route_id_and_target(route_table_id, route)
+        transformed_route = {
+            "id": route_id,
+            "route_table_id": route_table_id,
+            "destination_cidr_block": route.get("DestinationCidrBlock"),
+            "destination_ipv6_cidr_block": route.get("DestinationIpv6CidrBlock"),
+            "gateway_id": route.get("GatewayId"),
+            "instance_id": route.get("InstanceId"),
+            "instance_owner_id": route.get("InstanceOwnerId"),
+            "nat_gateway_id": route.get("NatGatewayId"),
+            "transit_gateway_id": route.get("TransitGatewayId"),
+            "local_gateway_id": route.get("LocalGatewayId"),
+            "carrier_gateway_id": route.get("CarrierGatewayId"),
+            "network_interface_id": route.get("NetworkInterfaceId"),
+            "vpc_peering_connection_id": route.get("VpcPeeringConnectionId"),
+            "state": route.get("State"),
+            "origin": route.get("Origin"),
+            "core_network_arn": route.get("CoreNetworkArn"),
+            "destination_prefix_list_id": route.get("DestinationPrefixListId"),
+            "egress_only_internet_gateway_id": route.get("EgressOnlyInternetGatewayId"),
+            "_target": target,
+        }
+        transformed.append(transformed_route)
+    return transformed
+def transform_route_table_data(
+    route_tables: list[dict[str, Any]],
+) -> tuple[list[dict[str, Any]], list[dict[str, Any]], list[dict[str, Any]]]:
+    """
+    Transform route table data into a format suitable for cartography ingestion.
+    Args:
+        route_tables: List of route table data from AWS API
+    Returns:
+        Tuple of (transformed route table data, transformed association data, transformed route data)
+    """
+    transformed_tables = []
+    association_data = []
+    route_data = []
+    for rt in route_tables:
+        route_table_id = rt["RouteTableId"]
+        # Transform routes
+        current_routes = []
+        if rt.get("Routes"):
+            current_routes = _transform_route_table_routes(route_table_id, rt["Routes"])
+            route_data.extend(current_routes)
+        # If the rt has a association marked with main=True, then it is the main route table for the VPC.
+        is_main = False
+        # Transform associations
+        if rt.get("Associations"):
+            associations, is_main = _transform_route_table_associations(
+                route_table_id, rt["Associations"]
+            )
+            association_data.extend(associations)
+        transformed_rt = {
+            "id": route_table_id,
+            "route_table_id": route_table_id,
+            "owner_id": rt.get("OwnerId"),
+            "vpc_id": rt.get("VpcId"),
+            "VpnGatewayIds": [
+                vgw["GatewayId"] for vgw in rt.get("PropagatingVgws", [])
+            ],
+            "RouteTableAssociationIds": [
+                assoc["RouteTableAssociationId"] for assoc in rt.get("Associations", [])
+            ],
+            "RouteIds": [route["id"] for route in current_routes],
+            "tags": rt.get("Tags", []),
+            "main": is_main,
+        }
+        transformed_tables.append(transformed_rt)
+    return transformed_tables, association_data, route_data
+@timeit
+def load_route_tables(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        RouteTableSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
+@timeit
+def load_route_table_associations(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        RouteTableAssociationSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
+@timeit
+def load_routes(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        RouteSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    logger.debug("Running EC2 route tables cleanup")
+    GraphJob.from_node_schema(RouteTableSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+    GraphJob.from_node_schema(RouteSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(RouteTableAssociationSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def sync_route_tables(
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: list[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    for region in regions:
+        logger.info(
+            "Syncing EC2 route tables for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
+        route_tables = get_route_tables(boto3_session, region)
+        transformed_tables, association_data, route_data = transform_route_table_data(
+            route_tables
+        )
+        load_routes(
+            neo4j_session, route_data, region, current_aws_account_id, update_tag
+        )
+        load_route_table_associations(
+            neo4j_session, association_data, region, current_aws_account_id, update_tag
+        )
+        load_route_tables(
+            neo4j_session,
+            transformed_tables,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/security_groups.py CHANGED Viewed

@@ -6,30 +6,46 @@ from typing import List
 import boto3
 import neo4j
-from .util import get_botocore_config
 from cartography.graph.job import GraphJob
-from cartography.models.aws.ec2.securitygroup_instance import EC2SecurityGroupInstanceSchema
+from cartography.models.aws.ec2.securitygroup_instance import (
+    EC2SecurityGroupInstanceSchema,
+)
 from cartography.util import aws_handle_regions
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
+from .util import get_botocore_config
 logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
-def get_ec2_security_group_data(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
-    paginator = client.get_paginator('describe_security_groups')
+def get_ec2_security_group_data(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> List[Dict]:
+    client = boto3_session.client(
+        "ec2",
+        region_name=region,
+        config=get_botocore_config(),
+    )
+    paginator = client.get_paginator("describe_security_groups")
     security_groups: List[Dict] = []
     for page in paginator.paginate():
-        security_groups.extend(page['SecurityGroups'])
+        security_groups.extend(page["SecurityGroups"])
     return security_groups
 @timeit
-def load_ec2_security_group_rule(neo4j_session: neo4j.Session, group: Dict, rule_type: str, update_tag: int) -> None:
-    INGEST_RULE_TEMPLATE = Template("""
+def load_ec2_security_group_rule(
+    neo4j_session: neo4j.Session,
+    group: Dict,
+    rule_type: str,
+    update_tag: int,
+) -> None:
+    INGEST_RULE_TEMPLATE = Template(
+        """
     MERGE (rule:$rule_label{ruleid: $RuleId})
     ON CREATE SET rule :IpRule, rule.firstseen = timestamp(), rule.fromport = $FromPort, rule.toport = $ToPort,
     rule.protocol = $Protocol
@@ -39,7 +55,8 @@ def load_ec2_security_group_rule(neo4j_session: neo4j.Session, group: Dict, rule
     MERGE (group)<-[r:MEMBER_OF_EC2_SECURITY_GROUP]-(rule)
     ON CREATE SET r.firstseen = timestamp()
     SET r.lastupdated = $update_tag;
-    """)
+    """,
+    )
     ingest_rule_group_pair = """
     MERGE (group:EC2SecurityGroup{id: $GroupId})
@@ -64,7 +81,10 @@ def load_ec2_security_group_rule(neo4j_session: neo4j.Session, group: Dict, rule
     """
     group_id = group["GroupId"]
-    rule_type_map = {"IpPermissions": "IpPermissionInbound", "IpPermissionsEgress": "IpPermissionEgress"}
+    rule_type_map = {
+        "IpPermissions": "IpPermissionInbound",
+        "IpPermissionsEgress": "IpPermissionEgress",
+    }
     if group.get(rule_type):
         for rule in group[rule_type]:
@@ -76,7 +96,9 @@ def load_ec2_security_group_rule(neo4j_session: neo4j.Session, group: Dict, rule
             # NOTE Cypher query syntax is incompatible with Python string formatting, so we have to do this awkward
             # NOTE manual formatting instead.
             neo4j_session.run(
-                INGEST_RULE_TEMPLATE.safe_substitute(rule_label=rule_type_map[rule_type]),
+                INGEST_RULE_TEMPLATE.safe_substitute(
+                    rule_label=rule_type_map[rule_type],
+                ),
                 RuleId=ruleid,
                 FromPort=from_port,
                 ToPort=to_port,
@@ -104,8 +126,11 @@ def load_ec2_security_group_rule(neo4j_session: neo4j.Session, group: Dict, rule
 @timeit
 def load_ec2_security_groupinfo(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str,
-    current_aws_account_id: str, update_tag: int,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
 ) -> None:
     ingest_security_group = """
     MERGE (group:EC2SecurityGroup{id: $GroupId})
@@ -138,26 +163,51 @@ def load_ec2_security_groupinfo(
         )
         load_ec2_security_group_rule(neo4j_session, group, "IpPermissions", update_tag)
-        load_ec2_security_group_rule(neo4j_session, group, "IpPermissionsEgress", update_tag)
+        load_ec2_security_group_rule(
+            neo4j_session,
+            group,
+            "IpPermissionsEgress",
+            update_tag,
+        )
 @timeit
-def cleanup_ec2_security_groupinfo(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
+def cleanup_ec2_security_groupinfo(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: Dict,
+) -> None:
     run_cleanup_job(
-        'aws_import_ec2_security_groupinfo_cleanup.json',
+        "aws_import_ec2_security_groupinfo_cleanup.json",
         neo4j_session,
         common_job_parameters,
     )
-    GraphJob.from_node_schema(EC2SecurityGroupInstanceSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(
+        EC2SecurityGroupInstanceSchema(),
+        common_job_parameters,
+    ).run(neo4j_session)
 @timeit
 def sync_ec2_security_groupinfo(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict,
 ) -> None:
     for region in regions:
-        logger.info("Syncing EC2 security groups for region '%s' in account '%s'.", region, current_aws_account_id)
+        logger.info(
+            "Syncing EC2 security groups for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
         data = get_ec2_security_group_data(boto3_session, region)
-        load_ec2_security_groupinfo(neo4j_session, data, region, current_aws_account_id, update_tag)
+        load_ec2_security_groupinfo(
+            neo4j_session,
+            data,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
     cleanup_ec2_security_groupinfo(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/snapshots.py CHANGED Viewed

@@ -14,34 +14,46 @@ logger = logging.getLogger(__name__)
 @timeit
-def get_snapshots_in_use(neo4j_session: neo4j.Session, region: str, current_aws_account_id: str) -> List[str]:
+def get_snapshots_in_use(
+    neo4j_session: neo4j.Session,
+    region: str,
+    current_aws_account_id: str,
+) -> List[str]:
     query = """
     MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(v:EBSVolume)
     WHERE v.region = $Region
     RETURN v.snapshotid as snapshot
     """
-    results = neo4j_session.run(query, AWS_ACCOUNT_ID=current_aws_account_id, Region=region)
-    return [r['snapshot'] for r in results if r['snapshot']]
+    results = neo4j_session.run(
+        query,
+        AWS_ACCOUNT_ID=current_aws_account_id,
+        Region=region,
+    )
+    return [r["snapshot"] for r in results if r["snapshot"]]
 @timeit
 @aws_handle_regions
-def get_snapshots(boto3_session: boto3.session.Session, region: str, in_use_snapshot_ids: List[str]) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region)
-    paginator = client.get_paginator('describe_snapshots')
+def get_snapshots(
+    boto3_session: boto3.session.Session,
+    region: str,
+    in_use_snapshot_ids: List[str],
+) -> List[Dict]:
+    client = boto3_session.client("ec2", region_name=region)
+    paginator = client.get_paginator("describe_snapshots")
     snapshots: List[Dict] = []
-    for page in paginator.paginate(OwnerIds=['self']):
-        snapshots.extend(page['Snapshots'])
+    for page in paginator.paginate(OwnerIds=["self"]):
+        snapshots.extend(page["Snapshots"])
     # fetch in-use snapshots not in self_owned snapshots
-    self_owned_snapshot_ids = {s['SnapshotId'] for s in snapshots}
+    self_owned_snapshot_ids = {s["SnapshotId"] for s in snapshots}
     other_snapshot_ids = set(in_use_snapshot_ids) - self_owned_snapshot_ids
     if other_snapshot_ids:
         try:
             for page in paginator.paginate(SnapshotIds=list(other_snapshot_ids)):
-                snapshots.extend(page['Snapshots'])
+                snapshots.extend(page["Snapshots"])
         except ClientError as e:
-            if e.response['Error']['Code'] == 'InvalidSnapshot.NotFound':
+            if e.response["Error"]["Code"] == "InvalidSnapshot.NotFound":
                 logger.warning(
                     f"Failed to retrieve page of in-use, \
                     not owned snapshots. Continuing anyway. Error - {e}",
@@ -54,7 +66,11 @@ def get_snapshots(boto3_session: boto3.session.Session, region: str, in_use_snap
 @timeit
 def load_snapshots(
-        neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str, update_tag: int,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
 ) -> None:
     ingest_snapshots = """
     UNWIND $snapshots_list as snapshot
@@ -73,7 +89,7 @@ def load_snapshots(
     """
     for snapshot in data:
-        snapshot['StartTime'] = str(snapshot['StartTime'])
+        snapshot["StartTime"] = str(snapshot["StartTime"])
     neo4j_session.run(
         ingest_snapshots,
@@ -88,7 +104,7 @@ def load_snapshots(
 def get_snapshot_volumes(snapshots: List[Dict]) -> List[Dict]:
     snapshot_volumes: List[Dict] = []
     for snapshot in snapshots:
-        if snapshot.get('VolumeId'):
+        if snapshot.get("VolumeId"):
             snapshot_volumes.append(snapshot)
     return snapshot_volumes
@@ -96,7 +112,10 @@ def get_snapshot_volumes(snapshots: List[Dict]) -> List[Dict]:
 @timeit
 def load_snapshot_volume_relations(
-        neo4j_session: neo4j.Session, data: List[Dict], current_aws_account_id: str, update_tag: int,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    current_aws_account_id: str,
+    update_tag: int,
 ) -> None:
     ingest_volumes = """
     UNWIND $snapshot_volumes_list as volume
@@ -124,9 +143,12 @@ def load_snapshot_volume_relations(
 @timeit
-def cleanup_snapshots(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
+def cleanup_snapshots(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: Dict,
+) -> None:
     run_cleanup_job(
-        'aws_import_snapshots_cleanup.json',
+        "aws_import_snapshots_cleanup.json",
         neo4j_session,
         common_job_parameters,
     )
@@ -134,14 +156,31 @@ def cleanup_snapshots(neo4j_session: neo4j.Session, common_job_parameters: Dict)
 @timeit
 def sync_ebs_snapshots(
-        neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str],
-        current_aws_account_id: str, update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict,
 ) -> None:
     for region in regions:
-        logger.debug("Syncing snapshots for region '%s' in account '%s'.", region, current_aws_account_id)
-        snapshots_in_use = get_snapshots_in_use(neo4j_session, region, current_aws_account_id)
+        logger.debug(
+            "Syncing snapshots for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
+        snapshots_in_use = get_snapshots_in_use(
+            neo4j_session,
+            region,
+            current_aws_account_id,
+        )
         data = get_snapshots(boto3_session, region, snapshots_in_use)
         load_snapshots(neo4j_session, data, region, current_aws_account_id, update_tag)
         snapshot_volumes = get_snapshot_volumes(data)
-        load_snapshot_volume_relations(neo4j_session, snapshot_volumes, current_aws_account_id, update_tag)
+        load_snapshot_volume_relations(
+            neo4j_session,
+            snapshot_volumes,
+            current_aws_account_id,
+            update_tag,
+        )
     cleanup_snapshots(neo4j_session, common_job_parameters)

cartography 0.102.0rc1__py3-none-any.whl → 0.103.0__py3-none-any.whl

Potentially problematic release.

cartography 0.102.0rc1py3-none-any.whl → 0.103.0py3-none-any.whl