PyPI - cartography - Versions diffs - 0.102.0rc1__py3-none-any.whl → 0.103.0__py3-none-any.whl - Mend

cartography 0.102.0rc1py3-none-any.whl → 0.103.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cartography might be problematic. Click here for more details.

Files changed (297) hide show

cartography/__main__.py +1 -2
cartography/_version.py +2 -2
cartography/cli.py +376 -249
cartography/client/core/tx.py +39 -18
cartography/config.py +28 -0
cartography/driftdetect/__main__.py +1 -2
cartography/driftdetect/add_shortcut.py +10 -2
cartography/driftdetect/cli.py +71 -75
cartography/driftdetect/detect_deviations.py +7 -3
cartography/driftdetect/get_states.py +20 -8
cartography/driftdetect/model.py +5 -5
cartography/driftdetect/serializers.py +8 -6
cartography/driftdetect/storage.py +2 -2
cartography/graph/cleanupbuilder.py +35 -15
cartography/graph/job.py +46 -17
cartography/graph/querybuilder.py +165 -80
cartography/graph/statement.py +35 -26
cartography/intel/analysis.py +4 -1
cartography/intel/aws/__init__.py +114 -55
cartography/intel/aws/apigateway.py +134 -63
cartography/intel/aws/cloudtrail.py +127 -0
cartography/intel/aws/cloudwatch.py +93 -0
cartography/intel/aws/config.py +56 -20
cartography/intel/aws/dynamodb.py +108 -40
cartography/intel/aws/ec2/__init__.py +2 -2
cartography/intel/aws/ec2/auto_scaling_groups.py +181 -78
cartography/intel/aws/ec2/elastic_ip_addresses.py +41 -13
cartography/intel/aws/ec2/images.py +49 -20
cartography/intel/aws/ec2/instances.py +234 -136
cartography/intel/aws/ec2/internet_gateways.py +40 -11
cartography/intel/aws/ec2/key_pairs.py +44 -20
cartography/intel/aws/ec2/launch_templates.py +101 -59
cartography/intel/aws/ec2/load_balancer_v2s.py +104 -39
cartography/intel/aws/ec2/load_balancers.py +82 -42
cartography/intel/aws/ec2/network_acls.py +89 -65
cartography/intel/aws/ec2/network_interfaces.py +146 -87
cartography/intel/aws/ec2/reserved_instances.py +45 -16
cartography/intel/aws/ec2/route_tables.py +327 -0
cartography/intel/aws/ec2/security_groups.py +71 -21
cartography/intel/aws/ec2/snapshots.py +61 -22
cartography/intel/aws/ec2/subnets.py +54 -18
cartography/intel/aws/ec2/tgw.py +100 -34
cartography/intel/aws/ec2/util.py +1 -1
cartography/intel/aws/ec2/volumes.py +69 -41
cartography/intel/aws/ec2/vpc.py +37 -12
cartography/intel/aws/ec2/vpc_peerings.py +83 -24
cartography/intel/aws/ecr.py +88 -32
cartography/intel/aws/ecs.py +83 -47
cartography/intel/aws/efs.py +93 -0
cartography/intel/aws/eks.py +55 -29
cartography/intel/aws/elasticache.py +42 -18
cartography/intel/aws/elasticsearch.py +57 -20
cartography/intel/aws/emr.py +61 -23
cartography/intel/aws/iam.py +401 -145
cartography/intel/aws/iam_instance_profiles.py +22 -22
cartography/intel/aws/identitycenter.py +71 -37
cartography/intel/aws/inspector.py +159 -89
cartography/intel/aws/kms.py +92 -38
cartography/intel/aws/lambda_function.py +103 -34
cartography/intel/aws/organizations.py +30 -10
cartography/intel/aws/permission_relationships.py +133 -51
cartography/intel/aws/rds.py +249 -85
cartography/intel/aws/redshift.py +107 -46
cartography/intel/aws/resourcegroupstaggingapi.py +120 -66
cartography/intel/aws/resources.py +57 -44
cartography/intel/aws/route53.py +108 -61
cartography/intel/aws/s3.py +168 -83
cartography/intel/aws/s3accountpublicaccessblock.py +157 -0
cartography/intel/aws/secretsmanager.py +24 -12
cartography/intel/aws/securityhub.py +20 -9
cartography/intel/aws/sns.py +166 -0
cartography/intel/aws/sqs.py +60 -28
cartography/intel/aws/ssm.py +70 -30
cartography/intel/aws/util/arns.py +7 -7
cartography/intel/aws/util/common.py +31 -4
cartography/intel/azure/__init__.py +78 -19
cartography/intel/azure/compute.py +101 -27
cartography/intel/azure/cosmosdb.py +496 -170
cartography/intel/azure/sql.py +296 -105
cartography/intel/azure/storage.py +322 -113
cartography/intel/azure/subscription.py +39 -23
cartography/intel/azure/tenant.py +13 -4
cartography/intel/azure/util/credentials.py +95 -55
cartography/intel/bigfix/__init__.py +2 -2
cartography/intel/bigfix/computers.py +93 -65
cartography/intel/cloudflare/__init__.py +74 -0
cartography/intel/cloudflare/accounts.py +57 -0
cartography/intel/cloudflare/dnsrecords.py +64 -0
cartography/intel/cloudflare/members.py +75 -0
cartography/intel/cloudflare/roles.py +65 -0
cartography/intel/cloudflare/zones.py +64 -0
cartography/intel/create_indexes.py +3 -2
cartography/intel/crowdstrike/__init__.py +11 -9
cartography/intel/crowdstrike/endpoints.py +5 -1
cartography/intel/crowdstrike/spotlight.py +8 -3
cartography/intel/cve/__init__.py +46 -13
cartography/intel/cve/feed.py +48 -12
cartography/intel/digitalocean/__init__.py +22 -13
cartography/intel/digitalocean/compute.py +75 -108
cartography/intel/digitalocean/management.py +44 -80
cartography/intel/digitalocean/platform.py +48 -43
cartography/intel/dns.py +36 -10
cartography/intel/duo/__init__.py +21 -16
cartography/intel/duo/api_host.py +14 -9
cartography/intel/duo/endpoints.py +50 -45
cartography/intel/duo/groups.py +18 -14
cartography/intel/duo/phones.py +37 -34
cartography/intel/duo/tokens.py +26 -23
cartography/intel/duo/users.py +54 -50
cartography/intel/duo/web_authn_credentials.py +30 -25
cartography/intel/entra/__init__.py +25 -7
cartography/intel/entra/ou.py +112 -0
cartography/intel/entra/users.py +69 -63
cartography/intel/gcp/__init__.py +185 -49
cartography/intel/gcp/compute.py +418 -231
cartography/intel/gcp/crm.py +96 -43
cartography/intel/gcp/dns.py +60 -19
cartography/intel/gcp/gke.py +72 -38
cartography/intel/gcp/iam.py +61 -41
cartography/intel/gcp/storage.py +84 -55
cartography/intel/github/__init__.py +13 -11
cartography/intel/github/repos.py +270 -137
cartography/intel/github/teams.py +170 -88
cartography/intel/github/users.py +70 -39
cartography/intel/github/util.py +36 -34
cartography/intel/gsuite/__init__.py +47 -26
cartography/intel/gsuite/api.py +73 -30
cartography/intel/jamf/__init__.py +19 -1
cartography/intel/jamf/computers.py +30 -7
cartography/intel/jamf/util.py +7 -2
cartography/intel/kandji/__init__.py +6 -3
cartography/intel/kandji/devices.py +14 -8
cartography/intel/kubernetes/namespaces.py +7 -4
cartography/intel/kubernetes/pods.py +7 -4
cartography/intel/kubernetes/services.py +8 -4
cartography/intel/lastpass/__init__.py +2 -2
cartography/intel/lastpass/users.py +23 -12
cartography/intel/oci/__init__.py +44 -11
cartography/intel/oci/iam.py +134 -38
cartography/intel/oci/organizations.py +13 -6
cartography/intel/oci/utils.py +43 -20
cartography/intel/okta/__init__.py +66 -15
cartography/intel/okta/applications.py +42 -20
cartography/intel/okta/awssaml.py +93 -33
cartography/intel/okta/factors.py +16 -4
cartography/intel/okta/groups.py +56 -29
cartography/intel/okta/organization.py +5 -1
cartography/intel/okta/origins.py +6 -2
cartography/intel/okta/roles.py +15 -5
cartography/intel/okta/users.py +20 -8
cartography/intel/okta/utils.py +6 -4
cartography/intel/openai/__init__.py +86 -0
cartography/intel/openai/adminapikeys.py +90 -0
cartography/intel/openai/apikeys.py +96 -0
cartography/intel/openai/projects.py +94 -0
cartography/intel/openai/serviceaccounts.py +82 -0
cartography/intel/openai/users.py +78 -0
cartography/intel/openai/util.py +29 -0
cartography/intel/pagerduty/__init__.py +8 -7
cartography/intel/pagerduty/escalation_policies.py +18 -6
cartography/intel/pagerduty/schedules.py +12 -4
cartography/intel/pagerduty/services.py +11 -4
cartography/intel/pagerduty/teams.py +8 -3
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/semgrep/__init__.py +24 -6
cartography/intel/semgrep/dependencies.py +50 -28
cartography/intel/semgrep/deployment.py +3 -1
cartography/intel/semgrep/findings.py +42 -18
cartography/intel/snipeit/__init__.py +17 -3
cartography/intel/snipeit/asset.py +12 -6
cartography/intel/snipeit/user.py +8 -5
cartography/intel/snipeit/util.py +9 -4
cartography/intel/tailscale/__init__.py +77 -0
cartography/intel/tailscale/acls.py +146 -0
cartography/intel/tailscale/devices.py +127 -0
cartography/intel/tailscale/postureintegrations.py +81 -0
cartography/intel/tailscale/tailnets.py +76 -0
cartography/intel/tailscale/users.py +80 -0
cartography/intel/tailscale/utils.py +132 -0
cartography/models/aws/apigateway.py +21 -17
cartography/models/aws/apigatewaycertificate.py +28 -22
cartography/models/aws/apigatewayresource.py +28 -20
cartography/models/aws/apigatewaystage.py +33 -25
cartography/models/aws/cloudtrail/__init__.py +0 -0
cartography/models/aws/cloudtrail/trail.py +61 -0
cartography/models/aws/cloudwatch/__init__.py +0 -0
cartography/models/aws/cloudwatch/loggroup.py +52 -0
cartography/models/aws/dynamodb/gsi.py +30 -22
cartography/models/aws/dynamodb/tables.py +25 -17
cartography/models/aws/ec2/auto_scaling_groups.py +102 -82
cartography/models/aws/ec2/images.py +36 -34
cartography/models/aws/ec2/instances.py +51 -45
cartography/models/aws/ec2/keypair.py +21 -16
cartography/models/aws/ec2/keypair_instance.py +28 -21
cartography/models/aws/ec2/launch_configurations.py +30 -26
cartography/models/aws/ec2/launch_template_versions.py +48 -38
cartography/models/aws/ec2/launch_templates.py +21 -17
cartography/models/aws/ec2/load_balancer_listeners.py +27 -23
cartography/models/aws/ec2/load_balancers.py +47 -37
cartography/models/aws/ec2/network_acl_rules.py +38 -30
cartography/models/aws/ec2/network_acls.py +38 -29
cartography/models/aws/ec2/networkinterface_instance.py +52 -39
cartography/models/aws/ec2/networkinterfaces.py +53 -37
cartography/models/aws/ec2/privateip_networkinterface.py +32 -22
cartography/models/aws/ec2/reservations.py +18 -14
cartography/models/aws/ec2/route_table_associations.py +97 -0
cartography/models/aws/ec2/route_tables.py +128 -0
cartography/models/aws/ec2/routes.py +85 -0
cartography/models/aws/ec2/securitygroup_instance.py +29 -20
cartography/models/aws/ec2/securitygroup_networkinterface.py +24 -15
cartography/models/aws/ec2/subnet_instance.py +24 -19
cartography/models/aws/ec2/subnet_networkinterface.py +40 -31
cartography/models/aws/ec2/volumes.py +47 -40
cartography/models/aws/efs/__init__.py +0 -0
cartography/models/aws/efs/mount_target.py +52 -0
cartography/models/aws/eks/clusters.py +23 -21
cartography/models/aws/emr.py +32 -30
cartography/models/aws/iam/instanceprofile.py +33 -24
cartography/models/aws/identitycenter/awsidentitycenter.py +18 -14
cartography/models/aws/identitycenter/awspermissionset.py +37 -29
cartography/models/aws/identitycenter/awsssouser.py +23 -21
cartography/models/aws/inspector/findings.py +77 -65
cartography/models/aws/inspector/packages.py +35 -29
cartography/models/aws/s3/__init__.py +0 -0
cartography/models/aws/s3/account_public_access_block.py +51 -0
cartography/models/aws/sns/__init__.py +0 -0
cartography/models/aws/sns/topic.py +50 -0
cartography/models/aws/ssm/instance_information.py +51 -39
cartography/models/aws/ssm/instance_patch.py +32 -26
cartography/models/bigfix/bigfix_computer.py +42 -38
cartography/models/bigfix/bigfix_root.py +3 -3
cartography/models/cloudflare/__init__.py +0 -0
cartography/models/cloudflare/account.py +25 -0
cartography/models/cloudflare/dnsrecord.py +55 -0
cartography/models/cloudflare/member.py +82 -0
cartography/models/cloudflare/role.py +44 -0
cartography/models/cloudflare/zone.py +59 -0
cartography/models/core/common.py +12 -10
cartography/models/core/nodes.py +5 -2
cartography/models/core/relationships.py +14 -6
cartography/models/crowdstrike/hosts.py +37 -35
cartography/models/cve/cve.py +34 -32
cartography/models/cve/cve_feed.py +6 -6
cartography/models/digitalocean/__init__.py +0 -0
cartography/models/digitalocean/account.py +21 -0
cartography/models/digitalocean/droplet.py +56 -0
cartography/models/digitalocean/project.py +48 -0
cartography/models/duo/api_host.py +3 -3
cartography/models/duo/endpoint.py +43 -41
cartography/models/duo/group.py +14 -14
cartography/models/duo/phone.py +27 -27
cartography/models/duo/token.py +16 -16
cartography/models/duo/user.py +46 -44
cartography/models/duo/web_authn_credential.py +27 -19
cartography/models/entra/ou.py +48 -0
cartography/models/entra/tenant.py +24 -18
cartography/models/entra/user.py +64 -48
cartography/models/gcp/iam.py +23 -23
cartography/models/github/orgs.py +5 -4
cartography/models/github/teams.py +37 -31
cartography/models/github/users.py +34 -23
cartography/models/kandji/device.py +22 -16
cartography/models/kandji/tenant.py +6 -4
cartography/models/lastpass/tenant.py +3 -3
cartography/models/lastpass/user.py +32 -28
cartography/models/openai/__init__.py +0 -0
cartography/models/openai/adminapikey.py +90 -0
cartography/models/openai/apikey.py +84 -0
cartography/models/openai/organization.py +17 -0
cartography/models/openai/project.py +70 -0
cartography/models/openai/serviceaccount.py +50 -0
cartography/models/openai/user.py +49 -0
cartography/models/semgrep/dependencies.py +36 -24
cartography/models/semgrep/deployment.py +5 -5
cartography/models/semgrep/findings.py +58 -42
cartography/models/semgrep/locations.py +27 -21
cartography/models/snipeit/asset.py +30 -21
cartography/models/snipeit/tenant.py +6 -4
cartography/models/snipeit/user.py +19 -12
cartography/models/tailscale/__init__.py +0 -0
cartography/models/tailscale/device.py +95 -0
cartography/models/tailscale/group.py +86 -0
cartography/models/tailscale/postureintegration.py +58 -0
cartography/models/tailscale/tag.py +102 -0
cartography/models/tailscale/tailnet.py +29 -0
cartography/models/tailscale/user.py +52 -0
cartography/stats.py +3 -3
cartography/sync.py +113 -31
cartography/util.py +84 -62
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/METADATA +8 -15
cartography-0.103.0.dist-info/RECORD +442 -0
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/WHEEL +1 -1
cartography-0.102.0rc1.dist-info/RECORD +0 -377
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/entry_points.txt +0 -0
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.102.0rc1.dist-info → cartography-0.103.0.dist-info}/top_level.txt +0 -0

cartography/intel/aws/ec2/subnets.py CHANGED Viewed

@@ -5,31 +5,41 @@ from typing import List
 import boto3
 import neo4j
-from .util import get_botocore_config
 from cartography.graph.job import GraphJob
-from cartography.models.aws.ec2.auto_scaling_groups import EC2SubnetAutoScalingGroupSchema
+from cartography.models.aws.ec2.auto_scaling_groups import (
+    EC2SubnetAutoScalingGroupSchema,
+)
 from cartography.models.aws.ec2.subnet_instance import EC2SubnetInstanceSchema
 from cartography.util import aws_handle_regions
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
+from .util import get_botocore_config
 logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
 def get_subnet_data(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
-    paginator = client.get_paginator('describe_subnets')
+    client = boto3_session.client(
+        "ec2",
+        region_name=region,
+        config=get_botocore_config(),
+    )
+    paginator = client.get_paginator("describe_subnets")
     subnets: List[Dict] = []
     for page in paginator.paginate():
-        subnets.extend(page['Subnets'])
+        subnets.extend(page["Subnets"])
     return subnets
 @timeit
 def load_subnets(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, aws_account_id: str,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    region: str,
+    aws_account_id: str,
     aws_update_tag: int,
 ) -> None:
@@ -63,33 +73,59 @@ def load_subnets(
     """
     neo4j_session.run(
-        ingest_subnets, subnets=data, aws_update_tag=aws_update_tag,
-        region=region, aws_account_id=aws_account_id,
+        ingest_subnets,
+        subnets=data,
+        aws_update_tag=aws_update_tag,
+        region=region,
+        aws_account_id=aws_account_id,
     )
     neo4j_session.run(
-        ingest_subnet_vpc_relations, subnets=data, aws_update_tag=aws_update_tag,
-        region=region, aws_account_id=aws_account_id,
+        ingest_subnet_vpc_relations,
+        subnets=data,
+        aws_update_tag=aws_update_tag,
+        region=region,
+        aws_account_id=aws_account_id,
     )
     neo4j_session.run(
-        ingest_subnet_aws_account_relations, subnets=data, aws_update_tag=aws_update_tag,
-        region=region, aws_account_id=aws_account_id,
+        ingest_subnet_aws_account_relations,
+        subnets=data,
+        aws_update_tag=aws_update_tag,
+        region=region,
+        aws_account_id=aws_account_id,
     )
 @timeit
 def cleanup_subnets(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_ingest_subnets_cleanup.json', neo4j_session, common_job_parameters)
-    GraphJob.from_node_schema(EC2SubnetInstanceSchema(), common_job_parameters).run(neo4j_session)
-    GraphJob.from_node_schema(EC2SubnetAutoScalingGroupSchema(), common_job_parameters).run(neo4j_session)
+    run_cleanup_job(
+        "aws_ingest_subnets_cleanup.json",
+        neo4j_session,
+        common_job_parameters,
+    )
+    GraphJob.from_node_schema(EC2SubnetInstanceSchema(), common_job_parameters).run(
+        neo4j_session,
+    )
+    GraphJob.from_node_schema(
+        EC2SubnetAutoScalingGroupSchema(),
+        common_job_parameters,
+    ).run(neo4j_session)
 @timeit
 def sync_subnets(
-        neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str],
-        current_aws_account_id: str, update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict,
 ) -> None:
     for region in regions:
-        logger.info("Syncing EC2 subnets for region '%s' in account '%s'.", region, current_aws_account_id)
+        logger.info(
+            "Syncing EC2 subnets for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
         data = get_subnet_data(boto3_session, region)
         load_subnets(neo4j_session, data, region, current_aws_account_id, update_tag)
     cleanup_subnets(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/tgw.py CHANGED Viewed

@@ -6,18 +6,26 @@ import boto3
 import botocore.exceptions
 import neo4j
-from .util import get_botocore_config
 from cartography.util import aws_handle_regions
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
+from .util import get_botocore_config
 logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
-def get_transit_gateways(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
+def get_transit_gateways(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> List[Dict]:
+    client = boto3_session.client(
+        "ec2",
+        region_name=region,
+        config=get_botocore_config(),
+    )
     data: List[Dict] = []
     try:
         data = client.describe_transit_gateways()["TransitGateways"]
@@ -25,51 +33,68 @@ def get_transit_gateways(boto3_session: boto3.session.Session, region: str) -> L
         # https://boto3.amazonaws.com/v1/documentation/api/latest/guide/error-handling.html#parsing-error-responses-and-catching-exceptions-from-aws-services
         logger.warning(
             "Could not retrieve Transit Gateways due to boto3 error %s: %s. Skipping.",
-            e.response['Error']['Code'],
-            e.response['Error']['Message'],
+            e.response["Error"]["Code"],
+            e.response["Error"]["Message"],
         )
     return data
 @timeit
 @aws_handle_regions
-def get_tgw_attachments(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
+def get_tgw_attachments(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> List[Dict]:
+    client = boto3_session.client(
+        "ec2",
+        region_name=region,
+        config=get_botocore_config(),
+    )
     tgw_attachments: List[Dict] = []
     try:
-        paginator = client.get_paginator('describe_transit_gateway_attachments')
+        paginator = client.get_paginator("describe_transit_gateway_attachments")
         for page in paginator.paginate():
-            tgw_attachments.extend(page['TransitGatewayAttachments'])
+            tgw_attachments.extend(page["TransitGatewayAttachments"])
     except botocore.exceptions.ClientError as e:
         logger.warning(
             "Could not retrieve Transit Gateway Attachments due to boto3 error %s: %s. Skipping.",
-            e.response['Error']['Code'],
-            e.response['Error']['Message'],
+            e.response["Error"]["Code"],
+            e.response["Error"]["Message"],
         )
     return tgw_attachments
 @timeit
 @aws_handle_regions
-def get_tgw_vpc_attachments(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
+def get_tgw_vpc_attachments(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> List[Dict]:
+    client = boto3_session.client(
+        "ec2",
+        region_name=region,
+        config=get_botocore_config(),
+    )
     tgw_vpc_attachments: List[Dict] = []
     try:
-        paginator = client.get_paginator('describe_transit_gateway_vpc_attachments')
+        paginator = client.get_paginator("describe_transit_gateway_vpc_attachments")
         for page in paginator.paginate():
-            tgw_vpc_attachments.extend(page['TransitGatewayVpcAttachments'])
+            tgw_vpc_attachments.extend(page["TransitGatewayVpcAttachments"])
     except botocore.exceptions.ClientError as e:
         logger.warning(
             "Could not retrieve Transit Gateway VPC Attachments due to boto3 error %s: %s. Skipping.",
-            e.response['Error']['Code'],
-            e.response['Error']['Message'],
+            e.response["Error"]["Code"],
+            e.response["Error"]["Message"],
         )
     return tgw_vpc_attachments
 @timeit
 def load_transit_gateways(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    region: str,
+    current_aws_account_id: str,
     update_tag: int,
 ) -> None:
     ingest_transit_gateway = """
@@ -107,13 +132,21 @@ def load_transit_gateways(
             update_tag=update_tag,
         )
         _attach_shared_transit_gateway(
-            neo4j_session, tgw, region, current_aws_account_id, update_tag,
+            neo4j_session,
+            tgw,
+            region,
+            current_aws_account_id,
+            update_tag,
         )
 @timeit
 def _attach_shared_transit_gateway(
-    neo4j_session: neo4j.Session, tgw: Dict, region: str, current_aws_account_id: str, update_tag: int,
+    neo4j_session: neo4j.Session,
+    tgw: Dict,
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
 ) -> None:
     attach_tgw = """
     MERGE (tgw:AWSTransitGateway {id: $ARN})
@@ -139,7 +172,10 @@ def _attach_shared_transit_gateway(
 @timeit
 def load_tgw_attachments(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    region: str,
+    current_aws_account_id: str,
     update_tag: int,
 ) -> None:
     ingest_transit_gateway = """
@@ -178,16 +214,25 @@ def load_tgw_attachments(
             update_tag=update_tag,
         )
-        if tgwa.get("VpcId"):  # only attach if the TGW attachment is a VPC TGW attachment
+        if tgwa.get(
+            "VpcId",
+        ):  # only attach if the TGW attachment is a VPC TGW attachment
             _attach_tgw_vpc_attachment_to_vpc_subnets(
-                neo4j_session, tgwa, region, current_aws_account_id, update_tag,
+                neo4j_session,
+                tgwa,
+                region,
+                current_aws_account_id,
+                update_tag,
             )
 @timeit
 def _attach_tgw_vpc_attachment_to_vpc_subnets(
-    neo4j_session: neo4j.Session, tgw_vpc_attachment: Dict, region: str,
-    current_aws_account_id: str, update_tag: int,
+    neo4j_session: neo4j.Session,
+    tgw_vpc_attachment: Dict,
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
 ) -> None:
     """
     Attach a VPC Transit Gateway Attachment to the VPC and and subnets
@@ -233,27 +278,48 @@ def _attach_tgw_vpc_attachment_to_vpc_subnets(
 @timeit
-def cleanup_transit_gateways(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_import_tgw_cleanup.json', neo4j_session, common_job_parameters)
+def cleanup_transit_gateways(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: Dict,
+) -> None:
+    run_cleanup_job("aws_import_tgw_cleanup.json", neo4j_session, common_job_parameters)
 def sync_transit_gateways(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict,
 ) -> None:
     for region in regions:
-        logger.info("Syncing AWS Transit Gateways for region '%s' in account '%s'.", region, current_aws_account_id)
+        logger.info(
+            "Syncing AWS Transit Gateways for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
         tgws = get_transit_gateways(boto3_session, region)
-        load_transit_gateways(neo4j_session, tgws, region, current_aws_account_id, update_tag)
+        load_transit_gateways(
+            neo4j_session,
+            tgws,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
         logger.debug(
             "Syncing AWS Transit Gateway Attachments for region '%s' in account '%s'.",
-            region, current_aws_account_id,
+            region,
+            current_aws_account_id,
         )
         tgw_attachments = get_tgw_attachments(boto3_session, region)
         tgw_vpc_attachments = get_tgw_vpc_attachments(boto3_session, region)
         load_tgw_attachments(
-            neo4j_session, tgw_attachments + tgw_vpc_attachments,
-            region, current_aws_account_id, update_tag,
+            neo4j_session,
+            tgw_attachments + tgw_vpc_attachments,
+            region,
+            current_aws_account_id,
+            update_tag,
         )
     cleanup_transit_gateways(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/util.py CHANGED Viewed

@@ -6,6 +6,6 @@ def get_botocore_config() -> botocore.config.Config:
     return botocore.config.Config(
         read_timeout=360,
         retries={
-            'max_attempts': 10,
+            "max_attempts": 10,
         },
     )

cartography/intel/aws/ec2/volumes.py CHANGED Viewed

@@ -18,38 +18,51 @@ logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
-def get_volumes(boto3_session: boto3.session.Session, region: str) -> List[Dict[str, Any]]:
-    client = boto3_session.client('ec2', region_name=region)
-    paginator = client.get_paginator('describe_volumes')
+def get_volumes(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> List[Dict[str, Any]]:
+    client = boto3_session.client("ec2", region_name=region)
+    paginator = client.get_paginator("describe_volumes")
     volumes: List[Dict] = []
     for page in paginator.paginate():
-        volumes.extend(page['Volumes'])
+        volumes.extend(page["Volumes"])
     return volumes
-def transform_volumes(volumes: List[Dict[str, Any]], region: str, current_aws_account_id: str) -> List[Dict[str, Any]]:
+def transform_volumes(
+    volumes: List[Dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+) -> List[Dict[str, Any]]:
     result = []
     for volume in volumes:
-        attachments = volume.get('Attachments', [])
-        active_attachments = [a for a in attachments if a['State'] == 'attached']
-        volume_id = volume['VolumeId']
-        raw_vol = ({
-            'Arn': build_arn('ec2', current_aws_account_id, 'volume', volume_id, region),
-            'AvailabilityZone': volume.get('AvailabilityZone'),
-            'CreateTime': volume.get('CreateTime'),
-            'Encrypted': volume.get('Encrypted'),
-            'Size': volume.get('Size'),
-            'State': volume.get('State'),
-            'OutpostArn': volume.get('OutpostArn'),
-            'SnapshotId': volume.get('SnapshotId'),
-            'Iops': volume.get('Iops'),
-            'FastRestored': volume.get('FastRestored'),
-            'MultiAttachEnabled': volume.get('MultiAttachEnabled'),
-            'VolumeType': volume.get('VolumeType'),
-            'VolumeId': volume_id,
-            'KmsKeyId': volume.get('KmsKeyId'),
-        })
+        attachments = volume.get("Attachments", [])
+        active_attachments = [a for a in attachments if a["State"] == "attached"]
+        volume_id = volume["VolumeId"]
+        raw_vol = {
+            "Arn": build_arn(
+                "ec2",
+                current_aws_account_id,
+                "volume",
+                volume_id,
+                region,
+            ),
+            "AvailabilityZone": volume.get("AvailabilityZone"),
+            "CreateTime": volume.get("CreateTime"),
+            "Encrypted": volume.get("Encrypted"),
+            "Size": volume.get("Size"),
+            "State": volume.get("State"),
+            "OutpostArn": volume.get("OutpostArn"),
+            "SnapshotId": volume.get("SnapshotId"),
+            "Iops": volume.get("Iops"),
+            "FastRestored": volume.get("FastRestored"),
+            "MultiAttachEnabled": volume.get("MultiAttachEnabled"),
+            "VolumeType": volume.get("VolumeType"),
+            "VolumeId": volume_id,
+            "KmsKeyId": volume.get("KmsKeyId"),
+        }
         if not active_attachments:
             result.append(raw_vol)
@@ -57,7 +70,7 @@ def transform_volumes(volumes: List[Dict[str, Any]], region: str, current_aws_ac
         for attachment in active_attachments:
             vol_with_attachment = raw_vol.copy()
-            vol_with_attachment['InstanceId'] = attachment['InstanceId']
+            vol_with_attachment["InstanceId"] = attachment["InstanceId"]
             result.append(vol_with_attachment)
     return result
@@ -65,11 +78,11 @@ def transform_volumes(volumes: List[Dict[str, Any]], region: str, current_aws_ac
 @timeit
 def load_volumes(
-        neo4j_session: neo4j.Session,
-        ebs_data: List[Dict[str, Any]],
-        region: str,
-        current_aws_account_id: str,
-        update_tag: int,
+    neo4j_session: neo4j.Session,
+    ebs_data: List[Dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
 ) -> None:
     load(
         neo4j_session,
@@ -82,22 +95,37 @@ def load_volumes(
 @timeit
-def cleanup_volumes(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
-    GraphJob.from_node_schema(EBSVolumeSchema(), common_job_parameters).run(neo4j_session)
+def cleanup_volumes(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: Dict[str, Any],
+) -> None:
+    GraphJob.from_node_schema(EBSVolumeSchema(), common_job_parameters).run(
+        neo4j_session,
+    )
 @timeit
 def sync_ebs_volumes(
-        neo4j_session: neo4j.Session,
-        boto3_session: boto3.session.Session,
-        regions: List[str],
-        current_aws_account_id: str,
-        update_tag: int,
-        common_job_parameters: Dict[str, Any],
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict[str, Any],
 ) -> None:
     for region in regions:
-        logger.debug("Syncing volumes for region '%s' in account '%s'.", region, current_aws_account_id)
+        logger.debug(
+            "Syncing volumes for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
         data = get_volumes(boto3_session, region)
         transformed_data = transform_volumes(data, region, current_aws_account_id)
-        load_volumes(neo4j_session, transformed_data, region, current_aws_account_id, update_tag)
+        load_volumes(
+            neo4j_session,
+            transformed_data,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
     cleanup_volumes(neo4j_session, common_job_parameters)

cartography/intel/aws/ec2/vpc.py CHANGED Viewed

@@ -6,23 +6,29 @@ from typing import List
 import boto3
 import neo4j
-from .util import get_botocore_config
 from cartography.util import aws_handle_regions
 from cartography.util import run_cleanup_job
 from cartography.util import timeit
+from .util import get_botocore_config
 logger = logging.getLogger(__name__)
 @timeit
 @aws_handle_regions
 def get_ec2_vpcs(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
-    client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
-    return client.describe_vpcs()['Vpcs']
+    client = boto3_session.client(
+        "ec2",
+        region_name=region,
+        config=get_botocore_config(),
+    )
+    return client.describe_vpcs()["Vpcs"]
 def _get_cidr_association_statement(block_type: str) -> str:
-    INGEST_CIDR_TEMPLATE = Template("""
+    INGEST_CIDR_TEMPLATE = Template(
+        """
     MATCH (vpc:AWSVpc{id: $VpcId})
     WITH vpc
     UNWIND $CidrBlock as block_data
@@ -36,7 +42,8 @@ def _get_cidr_association_statement(block_type: str) -> str:
         WITH vpc, new_block
         MERGE (vpc)-[r:BLOCK_ASSOCIATION]->(new_block)
         ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $update_tag""")
+        SET r.lastupdated = $update_tag""",
+    )
     BLOCK_CIDR = "CidrBlock"
     STATE_NAME = "CidrBlockState"
@@ -53,12 +60,19 @@ def _get_cidr_association_statement(block_type: str) -> str:
     else:
         raise ValueError(f"Unsupported block type specified - {block_type}")
-    return INGEST_CIDR_TEMPLATE.safe_substitute(block_label=BLOCK_TYPE, block_cidr=BLOCK_CIDR, state_name=STATE_NAME)
+    return INGEST_CIDR_TEMPLATE.safe_substitute(
+        block_label=BLOCK_TYPE,
+        block_cidr=BLOCK_CIDR,
+        state_name=STATE_NAME,
+    )
 @timeit
 def load_cidr_association_set(
-    neo4j_session: neo4j.Session, vpc_id: str, vpc_data: Dict, block_type: str,
+    neo4j_session: neo4j.Session,
+    vpc_id: str,
+    vpc_data: Dict,
+    block_type: str,
     update_tag: int,
 ) -> None:
     ingest_statement = _get_cidr_association_statement(block_type)
@@ -78,7 +92,10 @@ def load_cidr_association_set(
 @timeit
 def load_ec2_vpcs(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str,
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    region: str,
+    current_aws_account_id: str,
     update_tag: int,
 ) -> None:
     # https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpcs.html
@@ -161,16 +178,24 @@ def load_ec2_vpcs(
 @timeit
 def cleanup_ec2_vpcs(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job('aws_import_vpc_cleanup.json', neo4j_session, common_job_parameters)
+    run_cleanup_job("aws_import_vpc_cleanup.json", neo4j_session, common_job_parameters)
 @timeit
 def sync_vpc(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: List[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: Dict,
 ) -> None:
     for region in regions:
-        logger.info("Syncing EC2 VPC for region '%s' in account '%s'.", region, current_aws_account_id)
+        logger.info(
+            "Syncing EC2 VPC for region '%s' in account '%s'.",
+            region,
+            current_aws_account_id,
+        )
         data = get_ec2_vpcs(boto3_session, region)
         load_ec2_vpcs(neo4j_session, data, region, current_aws_account_id, update_tag)
     cleanup_ec2_vpcs(neo4j_session, common_job_parameters)

cartography 0.102.0rc1__py3-none-any.whl → 0.103.0__py3-none-any.whl

Potentially problematic release.

cartography 0.102.0rc1py3-none-any.whl → 0.103.0py3-none-any.whl