cartography 0.102.0rc1__py3-none-any.whl → 0.103.0rc1__py3-none-any.whl

cartography/intel/entra/ou.py

@@ -0,0 +1,112 @@
+# cartography/intel/entra/ou.py
+import logging
+from typing import Any
+
+import neo4j
+from azure.identity import ClientSecretCredential
+from msgraph import GraphServiceClient
+from msgraph.generated.models.administrative_unit import AdministrativeUnit
+
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.entra.users import load_tenant
+from cartography.models.entra.ou import EntraOUSchema
+from cartography.util import timeit
+
+logger = logging.getLogger(__name__)
+
+
+@timeit
+async def get_entra_ous(client: GraphServiceClient) -> list[AdministrativeUnit]:
+    """
+    Get all OUs from Microsoft Graph API with pagination support
+    """
+    all_units: list[AdministrativeUnit] = []
+    request = client.directory.administrative_units.request()
+
+    while request:
+        response = await request.get()
+        all_units.extend(response.value)
+        request = response.odata_next_link if response.odata_next_link else None
+
+    return all_units
+
+
+def transform_ous(
+    units: list[AdministrativeUnit], tenant_id: str
+) -> list[dict[str, Any]]:
+    """
+    Transform the API response into the format expected by our schema
+    """
+    result: list[dict[str, Any]] = []
+    for unit in units:
+        transformed_unit = {
+            "id": unit.id,
+            "display_name": unit.display_name,
+            "description": unit.description,
+            "visibility": unit.visibility,
+            "membership_type": unit.membership_type,
+            "is_member_management_restricted": unit.is_member_management_restricted,
+            "deleted_date_time": unit.deleted_date_time,
+            "tenant_id": tenant_id,
+        }
+        result.append(transformed_unit)
+    return result
+
+
+@timeit
+def load_ous(
+    neo4j_session: neo4j.Session,
+    units: list[dict[str, Any]],
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    logger.info(f"Loading {len(units)} Entra OUs")
+    load(
+        neo4j_session,
+        EntraOUSchema(),
+        units,
+        lastupdated=update_tag,
+        TENANT_ID=common_job_parameters["TENANT_ID"],
+        UPDATE_TAG=common_job_parameters["UPDATE_TAG"],
+    )
+
+
+def cleanup_ous(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    GraphJob.from_node_schema(EntraOUSchema(), common_job_parameters).run(neo4j_session)
+
+
+@timeit
+async def sync_entra_ous(
+    neo4j_session: neo4j.Session,
+    tenant_id: str,
+    client_id: str,
+    client_secret: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync Entra OUs
+    """
+    # Initialize Graph client
+    credential = ClientSecretCredential(
+        tenant_id=tenant_id,
+        client_id=client_id,
+        client_secret=client_secret,
+    )
+    client = GraphServiceClient(
+        credential, scopes=["https://graph.microsoft.com/.default"]
+    )
+
+    # Get OUs
+    units = await get_entra_ous(client)
+    transformed_units = transform_ous(units, tenant_id)
+
+    # Load data
+    load_tenant(neo4j_session, {"id": tenant_id}, update_tag)
+    load_ous(neo4j_session, transformed_units, update_tag, common_job_parameters)
+
+    # Cleanup stale data
+    cleanup_ous(neo4j_session, common_job_parameters)

cartography/intel/entra/users.py

@@ -56,51 +56,51 @@ def transform_users(users: list[User]) -> list[dict[str, Any]]:
     result: list[dict[str, Any]] = []
     for user in users:
         transformed_user = {
-            'id': user.id,
-            'user_principal_name': user.user_principal_name,
-            'display_name': user.display_name,
-            'given_name': user.given_name,
-            'surname': user.surname,
-            'mail': user.mail,
-            'other_mails': user.other_mails,
-            'preferred_language': user.preferred_language,
-            'preferred_name': user.preferred_name,
-            'state': user.state,
-            'usage_location': user.usage_location,
-            'user_type': user.user_type,
-            'show_in_address_list': user.show_in_address_list,
-            'sign_in_sessions_valid_from_date_time': user.sign_in_sessions_valid_from_date_time,
-            'security_identifier': user.on_premises_security_identifier,
-            'account_enabled': user.account_enabled,
-            'age_group': user.age_group,
-            'business_phones': user.business_phones,
-            'city': user.city,
-            'company_name': user.company_name,
-            'consent_provided_for_minor': user.consent_provided_for_minor,
-            'country': user.country,
-            'created_date_time': user.created_date_time,
-            'creation_type': user.creation_type,
-            'deleted_date_time': user.deleted_date_time,
-            'department': user.department,
-            'employee_id': user.employee_id,
-            'employee_type': user.employee_type,
-            'external_user_state': user.external_user_state,
-            'external_user_state_change_date_time': user.external_user_state_change_date_time,
-            'hire_date': user.hire_date,
-            'is_management_restricted': user.is_management_restricted,
-            'is_resource_account': user.is_resource_account,
-            'job_title': user.job_title,
-            'last_password_change_date_time': user.last_password_change_date_time,
-            'mail_nickname': user.mail_nickname,
-            'office_location': user.office_location,
-            'on_premises_distinguished_name': user.on_premises_distinguished_name,
-            'on_premises_domain_name': user.on_premises_domain_name,
-            'on_premises_immutable_id': user.on_premises_immutable_id,
-            'on_premises_last_sync_date_time': user.on_premises_last_sync_date_time,
-            'on_premises_sam_account_name': user.on_premises_sam_account_name,
-            'on_premises_security_identifier': user.on_premises_security_identifier,
-            'on_premises_sync_enabled': user.on_premises_sync_enabled,
-            'on_premises_user_principal_name': user.on_premises_user_principal_name,
+            "id": user.id,
+            "user_principal_name": user.user_principal_name,
+            "display_name": user.display_name,
+            "given_name": user.given_name,
+            "surname": user.surname,
+            "mail": user.mail,
+            "other_mails": user.other_mails,
+            "preferred_language": user.preferred_language,
+            "preferred_name": user.preferred_name,
+            "state": user.state,
+            "usage_location": user.usage_location,
+            "user_type": user.user_type,
+            "show_in_address_list": user.show_in_address_list,
+            "sign_in_sessions_valid_from_date_time": user.sign_in_sessions_valid_from_date_time,
+            "security_identifier": user.on_premises_security_identifier,
+            "account_enabled": user.account_enabled,
+            "age_group": user.age_group,
+            "business_phones": user.business_phones,
+            "city": user.city,
+            "company_name": user.company_name,
+            "consent_provided_for_minor": user.consent_provided_for_minor,
+            "country": user.country,
+            "created_date_time": user.created_date_time,
+            "creation_type": user.creation_type,
+            "deleted_date_time": user.deleted_date_time,
+            "department": user.department,
+            "employee_id": user.employee_id,
+            "employee_type": user.employee_type,
+            "external_user_state": user.external_user_state,
+            "external_user_state_change_date_time": user.external_user_state_change_date_time,
+            "hire_date": user.hire_date,
+            "is_management_restricted": user.is_management_restricted,
+            "is_resource_account": user.is_resource_account,
+            "job_title": user.job_title,
+            "last_password_change_date_time": user.last_password_change_date_time,
+            "mail_nickname": user.mail_nickname,
+            "office_location": user.office_location,
+            "on_premises_distinguished_name": user.on_premises_distinguished_name,
+            "on_premises_domain_name": user.on_premises_domain_name,
+            "on_premises_immutable_id": user.on_premises_immutable_id,
+            "on_premises_last_sync_date_time": user.on_premises_last_sync_date_time,
+            "on_premises_sam_account_name": user.on_premises_sam_account_name,
+            "on_premises_security_identifier": user.on_premises_security_identifier,
+            "on_premises_sync_enabled": user.on_premises_sync_enabled,
+            "on_premises_user_principal_name": user.on_premises_user_principal_name,
         }
         result.append(transformed_user)
     return result
@@ -112,21 +112,21 @@ def transform_tenant(tenant: Organization, tenant_id: str) -> dict[str, Any]:
     Transform the tenant data into the format expected by our schema
     """
     return {
-        'id': tenant_id,
-        'created_date_time': tenant.created_date_time,
-        'default_usage_location': tenant.default_usage_location,
-        'deleted_date_time': tenant.deleted_date_time,
-        'display_name': tenant.display_name,
-        'marketing_notification_emails': tenant.marketing_notification_emails,
-        'mobile_device_management_authority': tenant.mobile_device_management_authority,
-        'on_premises_last_sync_date_time': tenant.on_premises_last_sync_date_time,
-        'on_premises_sync_enabled': tenant.on_premises_sync_enabled,
-        'partner_tenant_type': tenant.partner_tenant_type,
-        'postal_code': tenant.postal_code,
-        'preferred_language': tenant.preferred_language,
-        'state': tenant.state,
-        'street': tenant.street,
-        'tenant_type': tenant.tenant_type,
+        "id": tenant_id,
+        "created_date_time": tenant.created_date_time,
+        "default_usage_location": tenant.default_usage_location,
+        "deleted_date_time": tenant.deleted_date_time,
+        "display_name": tenant.display_name,
+        "marketing_notification_emails": tenant.marketing_notification_emails,
+        "mobile_device_management_authority": tenant.mobile_device_management_authority,
+        "on_premises_last_sync_date_time": tenant.on_premises_last_sync_date_time,
+        "on_premises_sync_enabled": tenant.on_premises_sync_enabled,
+        "partner_tenant_type": tenant.partner_tenant_type,
+        "postal_code": tenant.postal_code,
+        "preferred_language": tenant.preferred_language,
+        "state": tenant.state,
+        "street": tenant.street,
+        "tenant_type": tenant.tenant_type,
     }
 
 
@@ -161,8 +161,12 @@ def load_users(
     )
 
 
-def cleanup(neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]) -> None:
-    GraphJob.from_node_schema(EntraUserSchema(), common_job_parameters).run(neo4j_session)
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    GraphJob.from_node_schema(EntraUserSchema(), common_job_parameters).run(
+        neo4j_session
+    )
 
 
 @timeit
@@ -190,7 +194,9 @@ async def sync_entra_users(
         client_id=client_id,
         client_secret=client_secret,
     )
-    client = GraphServiceClient(credential, scopes=['https://graph.microsoft.com/.default'])
+    client = GraphServiceClient(
+        credential, scopes=["https://graph.microsoft.com/.default"]
+    )
 
     # Get tenant information
     tenant = await get_tenant(client)