cartography 0.102.0rc2__py3-none-any.whl → 0.103.0__py3-none-any.whl

cartography/intel/okta/applications.py

@@ -15,7 +15,6 @@ from cartography.intel.okta.utils import create_api_client
 from cartography.intel.okta.utils import is_last_page
 from cartography.util import timeit
 
-
 logger = logging.getLogger(__name__)
 
 
@@ -36,9 +35,9 @@ def _get_okta_applications(api_client: ApiClient) -> List[Dict]:
                 paged_response = api_client.get(next_url)
             else:
                 params = {
-                    'limit': 500,
+                    "limit": 500,
                 }
-                paged_response = api_client.get_path('/', params)
+                paged_response = api_client.get_path("/", params)
         except OktaError as okta_error:
             logger.debug(f"Got error while listing applications {okta_error}")
             break
@@ -73,11 +72,13 @@ def _get_application_assigned_users(api_client: ApiClient, app_id: str) -> List[
                 paged_response = api_client.get(next_url)
             else:
                 params = {
-                    'limit': 500,
+                    "limit": 500,
                 }
-                paged_response = api_client.get_path(f'/{app_id}/users', params)
+                paged_response = api_client.get_path(f"/{app_id}/users", params)
         except OktaError as okta_error:
-            logger.debug(f"Got error while going through list application assigned users {okta_error}")
+            logger.debug(
+                f"Got error while going through list application assigned users {okta_error}",
+            )
             break
 
         app_users.append(paged_response.text)
@@ -110,11 +111,13 @@ def _get_application_assigned_groups(api_client: ApiClient, app_id: str) -> List
                 paged_response = api_client.get(next_url)
             else:
                 params = {
-                    'limit': 500,
+                    "limit": 500,
                 }
-                paged_response = api_client.get_path(f'/{app_id}/groups', params)
+                paged_response = api_client.get_path(f"/{app_id}/groups", params)
         except OktaError as okta_error:
-            logger.debug(f"Got error while going through list application assigned groups {okta_error}")
+            logger.debug(
+                f"Got error while going through list application assigned groups {okta_error}",
+            )
             break
 
         app_groups.append(paged_response.text)
@@ -130,7 +133,9 @@ def _get_application_assigned_groups(api_client: ApiClient, app_id: str) -> List
 
 
 @timeit
-def transform_application_assigned_users_list(assigned_user_list: List[str]) -> List[str]:
+def transform_application_assigned_users_list(
+    assigned_user_list: List[str],
+) -> List[str]:
     """
     Transform application users Okta data
     :param assigned_user_list: Okta data on assigned users
@@ -161,7 +166,9 @@ def transform_application_assigned_users(json_app_data: str) -> List[str]:
 
 
 @timeit
-def transform_application_assigned_groups_list(assigned_group_list: List[str]) -> List[Dict]:
+def transform_application_assigned_groups_list(
+    assigned_group_list: List[str],
+) -> List[Dict]:
     group_list: List[Dict] = []
 
     for current in assigned_group_list:
@@ -206,14 +213,16 @@ def transform_okta_application(okta_application: Dict) -> Dict:
     app_props["label"] = okta_application["label"]
     if "created" in okta_application and okta_application["created"]:
         app_props["created"] = datetime.strptime(
-            okta_application["created"], "%Y-%m-%dT%H:%M:%S.%fZ",
+            okta_application["created"],
+            "%Y-%m-%dT%H:%M:%S.%fZ",
         ).strftime("%m/%d/%Y, %H:%M:%S")
     else:
         app_props["created"] = None
 
     if "lastUpdated" in okta_application and okta_application["lastUpdated"]:
         app_props["okta_last_updated"] = datetime.strptime(
-            okta_application["lastUpdated"], "%Y-%m-%dT%H:%M:%S.%fZ",
+            okta_application["lastUpdated"],
+            "%Y-%m-%dT%H:%M:%S.%fZ",
         ).strftime("%m/%d/%Y, %H:%M:%S")
     else:
         app_props["okta_last_updated"] = None
@@ -222,7 +231,8 @@ def transform_okta_application(okta_application: Dict) -> Dict:
 
     if "activated" in okta_application and okta_application["activated"]:
         app_props["activated"] = datetime.strptime(
-            okta_application["activated"], "%Y-%m-%dT%H:%M:%S.%fZ",
+            okta_application["activated"],
+            "%Y-%m-%dT%H:%M:%S.%fZ",
         ).strftime("%m/%d/%Y, %H:%M:%S")
     else:
         app_props["activated"] = None
@@ -234,7 +244,9 @@ def transform_okta_application(okta_application: Dict) -> Dict:
 
 
 @timeit
-def transform_okta_application_extract_replyurls(okta_application: Dict) -> Optional[str]:
+def transform_okta_application_extract_replyurls(
+    okta_application: Dict,
+) -> Optional[str]:
     """
     Extracts the reply uri information from an okta app
     """
@@ -247,7 +259,9 @@ def transform_okta_application_extract_replyurls(okta_application: Dict) -> Opti
 
 @timeit
 def _load_okta_applications(
-    neo4j_session: neo4j.Session, okta_org_id: str, app_list: List[Dict],
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    app_list: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -289,7 +303,9 @@ def _load_okta_applications(
 
 @timeit
 def _load_application_user(
-    neo4j_session: neo4j.Session, app_id: str, user_list: List[str],
+    neo4j_session: neo4j.Session,
+    app_id: str,
+    user_list: List[str],
     okta_update_tag: int,
 ) -> None:
     """
@@ -321,7 +337,9 @@ def _load_application_user(
 
 @timeit
 def _load_application_group(
-    neo4j_session: neo4j.Session, app_id: str, group_list: List[str],
+    neo4j_session: neo4j.Session,
+    app_id: str,
+    group_list: List[str],
     okta_update_tag: int,
 ) -> None:
     """
@@ -353,7 +371,9 @@ def _load_application_group(
 
 @timeit
 def _load_application_reply_urls(
-    neo4j_session: neo4j.Session, app_id: str, reply_urls: List[str],
+    neo4j_session: neo4j.Session,
+    app_id: str,
+    reply_urls: List[str],
     okta_update_tag: int,
 ) -> None:
     """
@@ -390,7 +410,9 @@ def _load_application_reply_urls(
 
 @timeit
 def sync_okta_applications(
-    neo4j_session: neo4j.Session, okta_org_id: str, okta_update_tag: int,
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    okta_update_tag: int,
     okta_api_key: str,
 ) -> None:
     """

cartography/intel/okta/awssaml.py

@@ -12,19 +12,25 @@ from cartography.client.core.tx import read_list_of_dicts_tx
 from cartography.client.core.tx import read_single_value_tx
 from cartography.util import timeit
 
-
-AccountRole = namedtuple('AccountRole', ['account_id', 'role_name'])
-OktaGroup = namedtuple('OktaGroup', ['group_id', 'group_name'])
-GroupRole = namedtuple('GroupRole', ['okta_group_id', 'aws_role_arn'])
+AccountRole = namedtuple("AccountRole", ["account_id", "role_name"])
+OktaGroup = namedtuple("OktaGroup", ["group_id", "group_name"])
+GroupRole = namedtuple("GroupRole", ["okta_group_id", "aws_role_arn"])
 
 logger = logging.getLogger(__name__)
 
 
 def _parse_regex(regex_string: str) -> str:
-    return regex_string.replace("{{accountid}}", "P<accountid>").replace("{{role}}", "P<role>").strip()
+    return (
+        regex_string.replace("{{accountid}}", "P<accountid>")
+        .replace("{{role}}", "P<role>")
+        .strip()
+    )
 
 
-def _parse_okta_group_name(okta_group_name: str, mapping_regex: str) -> AccountRole | None:
+def _parse_okta_group_name(
+    okta_group_name: str,
+    mapping_regex: str,
+) -> AccountRole | None:
     """
     Extract AWS account id and AWS role name from the given Okta group name using the given mapping regex.
     """
@@ -37,16 +43,25 @@ def _parse_okta_group_name(okta_group_name: str, mapping_regex: str) -> AccountR
     return None
 
 
-def transform_okta_group_to_aws_role(group_id: str, group_name: str, mapping_regex: str) -> Optional[Dict]:
+def transform_okta_group_to_aws_role(
+    group_id: str,
+    group_name: str,
+    mapping_regex: str,
+) -> Optional[Dict]:
     account_role = _parse_okta_group_name(group_name, mapping_regex)
     if account_role:
-        role_arn = f"arn:aws:iam::{account_role.account_id}:role/{account_role.role_name}"
+        role_arn = (
+            f"arn:aws:iam::{account_role.account_id}:role/{account_role.role_name}"
+        )
         return {"groupid": group_id, "role": role_arn}
     return None
 
 
 @timeit
-def query_for_okta_to_aws_role_mapping(neo4j_session: neo4j.Session, mapping_regex: str) -> List[Dict]:
+def query_for_okta_to_aws_role_mapping(
+    neo4j_session: neo4j.Session,
+    mapping_regex: str,
+) -> List[Dict]:
     """
     Query the graph for all groups associated with the amazon_aws application and map them to AWSRoles
     :param neo4j_session: session from the Neo4j server
@@ -61,12 +76,16 @@ def query_for_okta_to_aws_role_mapping(neo4j_session: neo4j.Session, mapping_reg
     for res in results:
         has_results = True
         # input: okta group id, okta group name. output: aws role arn.
-        mapping = transform_okta_group_to_aws_role(res["group.id"], res["group.name"], mapping_regex)
+        mapping = transform_okta_group_to_aws_role(
+            res["group.id"],
+            res["group.name"],
+            mapping_regex,
+        )
         if mapping:
             group_to_role_mapping.append(mapping)
 
     if has_results and not group_to_role_mapping:
-        logger.warn(
+        logger.warning(
             "AWS Okta Application present, but no mappings were found. "
             "Please verify the mapping regex is correct",
         )
@@ -76,7 +95,8 @@ def query_for_okta_to_aws_role_mapping(neo4j_session: neo4j.Session, mapping_reg
 
 @timeit
 def _load_okta_group_to_aws_roles(
-    neo4j_session: neo4j.Session, group_to_role: List[Dict],
+    neo4j_session: neo4j.Session,
+    group_to_role: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -104,7 +124,10 @@ def _load_okta_group_to_aws_roles(
 
 
 @timeit
-def _load_human_can_assume_role(neo4j_session: neo4j.Session, okta_update_tag: int) -> None:
+def _load_human_can_assume_role(
+    neo4j_session: neo4j.Session,
+    okta_update_tag: int,
+) -> None:
     """
     Add the CAN_ASSUME_ROLE relationship between Humans and the AWSRoles they can assume
     :param neo4j_session: session with the Neo4j server
@@ -123,7 +146,10 @@ def _load_human_can_assume_role(neo4j_session: neo4j.Session, okta_update_tag: i
     )
 
 
-def get_awssso_okta_groups(neo4j_session: neo4j.Session, okta_org_id: str) -> list[OktaGroup]:
+def get_awssso_okta_groups(
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+) -> list[OktaGroup]:
     """
     Return list of all Okta group ids in the current Okta organization tied to Okta Applications with name
     "amazon_aws_sso".
@@ -133,11 +159,21 @@ def get_awssso_okta_groups(neo4j_session: neo4j.Session, okta_org_id: str) -> li
            <-[:RESOURCE]-(:OktaOrganization{id: $okta_org_id})
     RETURN g.id as group_id, g.name as group_name
     """
-    result = neo4j_session.read_transaction(read_list_of_dicts_tx, query, okta_org_id=okta_org_id)
-    return [OktaGroup(group_name=og['group_name'], group_id=og['group_id']) for og in result]
+    result = neo4j_session.read_transaction(
+        read_list_of_dicts_tx,
+        query,
+        okta_org_id=okta_org_id,
+    )
+    return [
+        OktaGroup(group_name=og["group_name"], group_id=og["group_id"]) for og in result
+    ]
 
 
-def get_awssso_role_arn(account_id: str, role_hint: str, neo4j_session: neo4j.Session) -> str | None:
+def get_awssso_role_arn(
+    account_id: str,
+    role_hint: str,
+    neo4j_session: neo4j.Session,
+) -> str | None:
     """
     Attempt to return the AWS role ARN for the given AWS account ID and role hint string.
     This function exists to handle that AWS SSO roles have a 'AWSReservedSSO' prefix and a hashed suffix
@@ -153,13 +189,18 @@ def get_awssso_role_arn(account_id: str, role_hint: str, neo4j_session: neo4j.Se
     WHERE SPLIT(role.name, '_')[1..-1][0] = $role_hint
     RETURN role.arn AS role_arn
     """
-    return neo4j_session.read_transaction(read_single_value_tx, query, account_id=account_id, role_hint=role_hint)
+    return neo4j_session.read_transaction(
+        read_single_value_tx,
+        query,
+        account_id=account_id,
+        role_hint=role_hint,
+    )
 
 
 def query_for_okta_to_awssso_role_mapping(
-        neo4j_session: neo4j.Session,
-        awssso_okta_groups: list[OktaGroup],
-        mapping_regex: str,
+    neo4j_session: neo4j.Session,
+    awssso_okta_groups: list[OktaGroup],
+    mapping_regex: str,
 ) -> list[GroupRole]:
     """
     Input:
@@ -176,13 +217,21 @@ def query_for_okta_to_awssso_role_mapping(
             logger.info(f"Okta group {group.group_name} has no associated AWS SSO role")
             continue
 
-        role_arn = get_awssso_role_arn(account_role.account_id, account_role.role_name, neo4j_session)
+        role_arn = get_awssso_role_arn(
+            account_role.account_id,
+            account_role.role_name,
+            neo4j_session,
+        )
         if role_arn:
             result.append(GroupRole(group.group_id, role_arn))
     return result
 
 
-def _load_awssso_tx(tx: neo4j.Transaction, group_to_role: list[GroupRole], okta_update_tag: int) -> None:
+def _load_awssso_tx(
+    tx: neo4j.Transaction,
+    group_to_role: list[GroupRole],
+    okta_update_tag: int,
+) -> None:
     ingest_statement = """
     UNWIND $GROUP_TO_ROLE as app_data
         MATCH (role:AWSRole{arn: app_data.aws_role_arn})
@@ -199,19 +248,19 @@ def _load_awssso_tx(tx: neo4j.Transaction, group_to_role: list[GroupRole], okta_
 
 
 def _load_okta_group_to_awssso_roles(
-        neo4j_session: neo4j.Session,
-        group_to_role: list[GroupRole],
-        okta_update_tag: int,
+    neo4j_session: neo4j.Session,
+    group_to_role: list[GroupRole],
+    okta_update_tag: int,
 ) -> None:
     neo4j_session.write_transaction(_load_awssso_tx, group_to_role, okta_update_tag)
 
 
 @timeit
 def sync_okta_aws_saml(
-        neo4j_session: neo4j.Session,
-        mapping_regex: str,
-        okta_update_tag: int,
-        okta_org_id: str,
+    neo4j_session: neo4j.Session,
+    mapping_regex: str,
+    okta_update_tag: int,
+    okta_org_id: str,
 ) -> None:
     """
     Sync okta integration with saml. This will link OktaGroups to the AWSRoles they enable.
@@ -228,10 +277,21 @@ def sync_okta_aws_saml(
     logger.info("Syncing Okta SAML Integration")
 
     # Query for the aws application and its associated groups
-    group_to_role_mapping = query_for_okta_to_aws_role_mapping(neo4j_session, mapping_regex)
+    group_to_role_mapping = query_for_okta_to_aws_role_mapping(
+        neo4j_session,
+        mapping_regex,
+    )
     _load_okta_group_to_aws_roles(neo4j_session, group_to_role_mapping, okta_update_tag)
     _load_human_can_assume_role(neo4j_session, okta_update_tag)
 
     sso_okta_groups = get_awssso_okta_groups(neo4j_session, okta_org_id)
-    group_to_ssorole_mapping = query_for_okta_to_awssso_role_mapping(neo4j_session, sso_okta_groups, mapping_regex)
-    _load_okta_group_to_awssso_roles(neo4j_session, group_to_ssorole_mapping, okta_update_tag)
+    group_to_ssorole_mapping = query_for_okta_to_awssso_role_mapping(
+        neo4j_session,
+        sso_okta_groups,
+        mapping_regex,
+    )
+    _load_okta_group_to_awssso_roles(
+        neo4j_session,
+        group_to_ssorole_mapping,
+        okta_update_tag,
+    )

cartography/intel/okta/factors.py

@@ -79,12 +79,16 @@ def transform_okta_user_factor(okta_factor_info: Factor) -> Dict:
     factor_props["provider"] = okta_factor_info.provider
     factor_props["status"] = okta_factor_info.status
     if okta_factor_info.created:
-        factor_props["created"] = okta_factor_info.created.strftime("%m/%d/%Y, %H:%M:%S")
+        factor_props["created"] = okta_factor_info.created.strftime(
+            "%m/%d/%Y, %H:%M:%S",
+        )
     else:
         factor_props["created"] = None
 
     if okta_factor_info.lastUpdated:
-        factor_props["okta_last_updated"] = okta_factor_info.lastUpdated.strftime("%m/%d/%Y, %H:%M:%S")
+        factor_props["okta_last_updated"] = okta_factor_info.lastUpdated.strftime(
+            "%m/%d/%Y, %H:%M:%S",
+        )
     else:
         factor_props["okta_last_updated"] = None
 
@@ -93,7 +97,12 @@ def transform_okta_user_factor(okta_factor_info: Factor) -> Dict:
 
 
 @timeit
-def _load_user_factors(neo4j_session: neo4j.Session, user_id: str, factors: List[Dict], okta_update_tag: int) -> None:
+def _load_user_factors(
+    neo4j_session: neo4j.Session,
+    user_id: str,
+    factors: List[Dict],
+    okta_update_tag: int,
+) -> None:
     """
     Add user factors into the graph
     :param neo4j_session: session with the Neo4j server
@@ -131,7 +140,10 @@ def _load_user_factors(neo4j_session: neo4j.Session, user_id: str, factors: List
 
 @timeit
 def sync_users_factors(
-    neo4j_session: neo4j.Session, okta_org_id: str, okta_update_tag: int, okta_api_key: str,
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    okta_update_tag: int,
+    okta_api_key: str,
     sync_state: OktaSyncState,
 ) -> None:
     """

cartography/intel/okta/groups.py

@@ -39,9 +39,9 @@ def _get_okta_groups(api_client: ApiClient) -> List[str]:
             paged_response = api_client.get(next_url)
         else:
             params = {
-                'limit': 10000,
+                "limit": 10000,
             }
-            paged_response = api_client.get_path('/', params)
+            paged_response = api_client.get_path("/", params)
 
         paged_results = PagedResults(paged_response, UserGroup)
 
@@ -75,9 +75,9 @@ def get_okta_group_members(api_client: ApiClient, group_id: str) -> List[Dict]:
                 paged_response = api_client.get(next_url)
             else:
                 params = {
-                    'limit': 1000,
+                    "limit": 1000,
                 }
-                paged_response = api_client.get_path(f'/{group_id}/users', params)
+                paged_response = api_client.get_path(f"/{group_id}/users", params)
         except OktaError:
             logger.error(f"OktaError while listing members of group {group_id}")
             raise
@@ -95,7 +95,9 @@ def get_okta_group_members(api_client: ApiClient, group_id: str) -> List[Dict]:
 
 
 @timeit
-def transform_okta_group_list(okta_group_list: List[UserGroup]) -> Tuple[List[Dict], List[str]]:
+def transform_okta_group_list(
+    okta_group_list: List[UserGroup],
+) -> Tuple[List[Dict], List[str]]:
     groups: List[Dict] = []
     groups_id: List[str] = []
 
@@ -128,7 +130,9 @@ def transform_okta_group(okta_group: UserGroup) -> Dict:
         group_props["dn"] = None
 
     if okta_group.profile.windowsDomainQualifiedName:
-        group_props["windows_domain_qualified_name"] = okta_group.profile.windowsDomainQualifiedName
+        group_props["windows_domain_qualified_name"] = (
+            okta_group.profile.windowsDomainQualifiedName
+        )
     else:
         group_props["windows_domain_qualified_name"] = None
 
@@ -146,27 +150,31 @@ def transform_okta_group_member_list(okta_member_list: List[Dict]) -> List[Dict]
     """
     transformed_member_list: List[Dict] = []
     for user in okta_member_list:
-        transformed_member_list.append({
-            'first_name': user['profile']['firstName'],
-            'last_name': user['profile']['lastName'],
-            'login': user['profile']['login'],
-            'email': user['profile']['email'],
-            'second_email': user['profile'].get('secondEmail'),
-            'id': user['id'],
-            'created': user['created'],
-            'activated': user.get('activated'),
-            'status_changed': user.get('status_changed'),
-            'last_login': user.get('last_login'),
-            'okta_last_updated': user.get('okta_last_updated'),
-            'password_changed': user.get('password_changed'),
-            'transition_to_status': user.get('transitioningToStatus'),
-        })
+        transformed_member_list.append(
+            {
+                "first_name": user["profile"]["firstName"],
+                "last_name": user["profile"]["lastName"],
+                "login": user["profile"]["login"],
+                "email": user["profile"]["email"],
+                "second_email": user["profile"].get("secondEmail"),
+                "id": user["id"],
+                "created": user["created"],
+                "activated": user.get("activated"),
+                "status_changed": user.get("status_changed"),
+                "last_login": user.get("last_login"),
+                "okta_last_updated": user.get("okta_last_updated"),
+                "password_changed": user.get("password_changed"),
+                "transition_to_status": user.get("transitioningToStatus"),
+            },
+        )
     return transformed_member_list
 
 
 @timeit
 def _load_okta_groups(
-    neo4j_session: neo4j.Session, okta_org_id: str, group_list: List[Dict],
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    group_list: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -206,7 +214,9 @@ def _load_okta_groups(
 
 @timeit
 def load_okta_group_members(
-    neo4j_session: neo4j.Session, group_id: str, member_list: List[Dict],
+    neo4j_session: neo4j.Session,
+    group_id: str,
+    member_list: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -240,7 +250,7 @@ def load_okta_group_members(
         ON CREATE SET r.firstseen = timestamp()
         SET r.lastupdated = $okta_update_tag
     """
-    logging.info(f'Loading {len(member_list)} members of group {group_id}')
+    logging.info(f"Loading {len(member_list)} members of group {group_id}")
     neo4j_session.run(
         ingest,
         GROUP_ID=group_id,
@@ -251,7 +261,9 @@ def load_okta_group_members(
 
 @timeit
 def sync_okta_group_membership(
-    neo4j_session: neo4j.Session, api_client: ApiClient, group_list_info: List[Dict],
+    neo4j_session: neo4j.Session,
+    api_client: ApiClient,
+    group_list_info: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -266,13 +278,23 @@ def sync_okta_group_membership(
     for group_info in group_list_info:
         group_id = group_info["id"]
         members_data: List[Dict] = get_okta_group_members(api_client, group_id)
-        transformed_member_data: List[Dict] = transform_okta_group_member_list(members_data)
-        load_okta_group_members(neo4j_session, group_id, transformed_member_data, okta_update_tag)
+        transformed_member_data: List[Dict] = transform_okta_group_member_list(
+            members_data,
+        )
+        load_okta_group_members(
+            neo4j_session,
+            group_id,
+            transformed_member_data,
+            okta_update_tag,
+        )
 
 
 @timeit
 def sync_okta_groups(
-    neo4_session: neo4j.Session, okta_org_id: str, okta_update_tag: int, okta_api_key: str,
+    neo4_session: neo4j.Session,
+    okta_org_id: str,
+    okta_update_tag: int,
+    okta_api_key: str,
     sync_state: OktaSyncState,
 ) -> None:
     """
@@ -295,4 +317,9 @@ def sync_okta_groups(
 
     _load_okta_groups(neo4_session, okta_org_id, group_list_info, okta_update_tag)
 
-    sync_okta_group_membership(neo4_session, api_client, group_list_info, okta_update_tag)
+    sync_okta_group_membership(
+        neo4_session,
+        api_client,
+        group_list_info,
+        okta_update_tag,
+    )

cartography/intel/okta/organization.py

@@ -9,7 +9,11 @@ logger = logging.getLogger(__name__)
 
 
 @timeit
-def create_okta_organization(neo4j_session: neo4j.Session, organization: str, okta_update_tag: int) -> None:
+def create_okta_organization(
+    neo4j_session: neo4j.Session,
+    organization: str,
+    okta_update_tag: int,
+) -> None:
     """
     Create Okta organization in the graph
     :param neo4_session: session with the Neo4j server

cartography/intel/okta/origins.py

@@ -61,7 +61,9 @@ def transform_trusted_origins(data: str) -> List[Dict]:
 
 @timeit
 def _load_trusted_origins(
-    neo4j_session: neo4j.Session, okta_org_id: str, trusted_list: List[Dict],
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    trusted_list: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -104,7 +106,9 @@ def _load_trusted_origins(
 
 @timeit
 def sync_trusted_origins(
-    neo4j_session: neo4j.Session, okta_org_id: str, okta_update_tag: int,
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    okta_update_tag: int,
     okta_api_key: str,
 ) -> None:
     """