cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- cartography/_version.py +16 -3
- cartography/cli.py +466 -5
- cartography/client/aws/__init__.py +19 -0
- cartography/client/aws/ecr.py +51 -0
- cartography/client/core/tx.py +357 -8
- cartography/config.py +153 -0
- cartography/data/azure_permission_relationships.yaml +20 -0
- cartography/data/gcp_permission_relationships.yaml +21 -0
- cartography/data/indexes.cypher +0 -186
- cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
- cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
- cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
- cartography/data/jobs/cleanup/github_repos_cleanup.json +2 -0
- cartography/driftdetect/cli.py +3 -2
- cartography/graph/cleanupbuilder.py +198 -41
- cartography/graph/job.py +54 -6
- cartography/graph/querybuilder.py +528 -27
- cartography/graph/statement.py +5 -1
- cartography/intel/airbyte/__init__.py +105 -0
- cartography/intel/airbyte/connections.py +120 -0
- cartography/intel/airbyte/destinations.py +81 -0
- cartography/intel/airbyte/organizations.py +59 -0
- cartography/intel/airbyte/sources.py +78 -0
- cartography/intel/airbyte/tags.py +64 -0
- cartography/intel/airbyte/users.py +106 -0
- cartography/intel/airbyte/util.py +122 -0
- cartography/intel/airbyte/workspaces.py +63 -0
- cartography/intel/aws/__init__.py +24 -9
- cartography/intel/aws/acm.py +124 -0
- cartography/intel/aws/apigateway.py +253 -22
- cartography/intel/aws/apigatewayv2.py +116 -0
- cartography/intel/aws/cloudtrail.py +17 -39
- cartography/intel/aws/cloudtrail_management_events.py +962 -0
- cartography/intel/aws/cloudwatch.py +150 -4
- cartography/intel/aws/codebuild.py +132 -0
- cartography/intel/aws/cognito.py +201 -0
- cartography/intel/aws/config.py +7 -3
- cartography/intel/aws/ec2/elastic_ip_addresses.py +3 -1
- cartography/intel/aws/ec2/instances.py +25 -1
- cartography/intel/aws/ec2/internet_gateways.py +4 -2
- cartography/intel/aws/ec2/load_balancer_v2s.py +11 -5
- cartography/intel/aws/ec2/network_interfaces.py +5 -1
- cartography/intel/aws/ec2/reserved_instances.py +3 -1
- cartography/intel/aws/ec2/security_groups.py +140 -122
- cartography/intel/aws/ec2/snapshots.py +47 -84
- cartography/intel/aws/ec2/subnets.py +37 -63
- cartography/intel/aws/ec2/tgw.py +11 -5
- cartography/intel/aws/ec2/volumes.py +1 -1
- cartography/intel/aws/ec2/vpc.py +140 -124
- cartography/intel/aws/ec2/vpc_peerings.py +262 -125
- cartography/intel/aws/ecr.py +269 -98
- cartography/intel/aws/ecr_image_layers.py +923 -0
- cartography/intel/aws/ecs.py +251 -380
- cartography/intel/aws/efs.py +179 -11
- cartography/intel/aws/elasticache.py +102 -79
- cartography/intel/aws/elasticsearch.py +13 -4
- cartography/intel/aws/eventbridge.py +164 -0
- cartography/intel/aws/glue.py +181 -0
- cartography/intel/aws/guardduty.py +443 -0
- cartography/intel/aws/iam.py +750 -493
- cartography/intel/aws/identitycenter.py +605 -83
- cartography/intel/aws/inspector.py +221 -105
- cartography/intel/aws/kms.py +173 -201
- cartography/intel/aws/lambda_function.py +272 -189
- cartography/intel/aws/organizations.py +10 -9
- cartography/intel/aws/permission_relationships.py +10 -20
- cartography/intel/aws/rds.py +337 -446
- cartography/intel/aws/redshift.py +9 -4
- cartography/intel/aws/resourcegroupstaggingapi.py +78 -19
- cartography/intel/aws/resources.py +18 -0
- cartography/intel/aws/route53.py +386 -332
- cartography/intel/aws/s3.py +322 -14
- cartography/intel/aws/secretsmanager.py +81 -49
- cartography/intel/aws/securityhub.py +3 -1
- cartography/intel/aws/sns.py +62 -2
- cartography/intel/aws/sqs.py +36 -90
- cartography/intel/aws/ssm.py +3 -5
- cartography/intel/azure/__init__.py +202 -48
- cartography/intel/azure/aks.py +175 -0
- cartography/intel/azure/app_service.py +105 -0
- cartography/intel/azure/compute.py +59 -112
- cartography/intel/azure/container_instances.py +95 -0
- cartography/intel/azure/cosmosdb.py +222 -361
- cartography/intel/azure/data_factory.py +85 -0
- cartography/intel/azure/data_factory_dataset.py +128 -0
- cartography/intel/azure/data_factory_linked_service.py +119 -0
- cartography/intel/azure/data_factory_pipeline.py +142 -0
- cartography/intel/azure/data_lake.py +124 -0
- cartography/intel/azure/event_grid.py +94 -0
- cartography/intel/azure/functions.py +124 -0
- cartography/intel/azure/load_balancers.py +263 -0
- cartography/intel/azure/logic_apps.py +101 -0
- cartography/intel/azure/monitor.py +105 -0
- cartography/intel/azure/network.py +467 -0
- cartography/intel/azure/permission_relationships.py +466 -0
- cartography/intel/azure/rbac.py +309 -0
- cartography/intel/azure/resource_groups.py +82 -0
- cartography/intel/azure/security_center.py +106 -0
- cartography/intel/azure/sql.py +145 -292
- cartography/intel/azure/storage.py +185 -262
- cartography/intel/azure/subscription.py +21 -43
- cartography/intel/azure/tenant.py +39 -30
- cartography/intel/azure/util/common.py +13 -0
- cartography/intel/azure/util/credentials.py +49 -174
- cartography/intel/azure/util/tag.py +41 -0
- cartography/intel/create_indexes.py +2 -1
- cartography/intel/crowdstrike/spotlight.py +5 -2
- cartography/intel/dns.py +5 -2
- cartography/intel/entra/__init__.py +100 -1
- cartography/intel/entra/app_role_assignments.py +284 -0
- cartography/intel/entra/applications.py +182 -0
- cartography/intel/entra/federation/__init__.py +0 -0
- cartography/intel/entra/federation/aws_identity_center.py +77 -0
- cartography/intel/entra/groups.py +198 -0
- cartography/intel/entra/ou.py +48 -24
- cartography/intel/entra/service_principals.py +217 -0
- cartography/intel/entra/users.py +105 -57
- cartography/intel/gcp/__init__.py +334 -396
- cartography/intel/gcp/bigtable_app_profile.py +101 -0
- cartography/intel/gcp/bigtable_backup.py +91 -0
- cartography/intel/gcp/bigtable_cluster.py +93 -0
- cartography/intel/gcp/bigtable_instance.py +86 -0
- cartography/intel/gcp/bigtable_table.py +87 -0
- cartography/intel/gcp/cai.py +292 -0
- cartography/intel/gcp/clients.py +112 -0
- cartography/intel/gcp/compute.py +128 -119
- cartography/intel/gcp/crm/__init__.py +0 -0
- cartography/intel/gcp/crm/folders.py +114 -0
- cartography/intel/gcp/crm/orgs.py +70 -0
- cartography/intel/gcp/crm/projects.py +120 -0
- cartography/intel/gcp/dns.py +83 -169
- cartography/intel/gcp/gke.py +72 -113
- cartography/intel/gcp/iam.py +111 -91
- cartography/intel/gcp/permission_relationships.py +394 -0
- cartography/intel/gcp/policy_bindings.py +225 -0
- cartography/intel/gcp/storage.py +75 -159
- cartography/intel/github/__init__.py +62 -25
- cartography/intel/github/commits.py +423 -0
- cartography/intel/github/repos.py +463 -85
- cartography/intel/github/teams.py +3 -3
- cartography/intel/github/users.py +5 -0
- cartography/intel/github/util.py +12 -0
- cartography/intel/googleworkspace/__init__.py +193 -0
- cartography/intel/googleworkspace/devices.py +254 -0
- cartography/intel/googleworkspace/groups.py +568 -0
- cartography/intel/googleworkspace/oauth_apps.py +259 -0
- cartography/intel/googleworkspace/tenant.py +85 -0
- cartography/intel/googleworkspace/users.py +138 -0
- cartography/intel/gsuite/__init__.py +17 -9
- cartography/intel/gsuite/groups.py +291 -0
- cartography/intel/gsuite/users.py +142 -0
- cartography/intel/jamf/computers.py +7 -1
- cartography/intel/keycloak/__init__.py +153 -0
- cartography/intel/keycloak/authenticationexecutions.py +322 -0
- cartography/intel/keycloak/authenticationflows.py +77 -0
- cartography/intel/keycloak/clients.py +187 -0
- cartography/intel/keycloak/groups.py +126 -0
- cartography/intel/keycloak/identityproviders.py +94 -0
- cartography/intel/keycloak/organizations.py +163 -0
- cartography/intel/keycloak/realms.py +61 -0
- cartography/intel/keycloak/roles.py +202 -0
- cartography/intel/keycloak/scopes.py +73 -0
- cartography/intel/keycloak/users.py +70 -0
- cartography/intel/keycloak/util.py +47 -0
- cartography/intel/kubernetes/__init__.py +60 -14
- cartography/intel/kubernetes/clusters.py +86 -0
- cartography/intel/kubernetes/eks.py +402 -0
- cartography/intel/kubernetes/namespaces.py +59 -57
- cartography/intel/kubernetes/pods.py +168 -75
- cartography/intel/kubernetes/rbac.py +597 -0
- cartography/intel/kubernetes/secrets.py +95 -45
- cartography/intel/kubernetes/services.py +131 -67
- cartography/intel/kubernetes/util.py +142 -14
- cartography/intel/oci/iam.py +23 -9
- cartography/intel/oci/organizations.py +3 -1
- cartography/intel/oci/utils.py +28 -5
- cartography/intel/okta/applications.py +15 -5
- cartography/intel/okta/awssaml.py +14 -10
- cartography/intel/okta/factors.py +3 -1
- cartography/intel/okta/groups.py +5 -2
- cartography/intel/okta/organization.py +3 -1
- cartography/intel/okta/origins.py +3 -1
- cartography/intel/okta/roles.py +5 -2
- cartography/intel/okta/users.py +10 -2
- cartography/intel/ontology/__init__.py +44 -0
- cartography/intel/ontology/devices.py +54 -0
- cartography/intel/ontology/users.py +54 -0
- cartography/intel/ontology/utils.py +176 -0
- cartography/intel/pagerduty/escalation_policies.py +13 -6
- cartography/intel/pagerduty/schedules.py +9 -4
- cartography/intel/pagerduty/services.py +7 -3
- cartography/intel/pagerduty/teams.py +5 -2
- cartography/intel/pagerduty/users.py +3 -1
- cartography/intel/pagerduty/vendors.py +3 -1
- cartography/intel/scaleway/__init__.py +127 -0
- cartography/intel/scaleway/iam/__init__.py +0 -0
- cartography/intel/scaleway/iam/apikeys.py +71 -0
- cartography/intel/scaleway/iam/applications.py +71 -0
- cartography/intel/scaleway/iam/groups.py +71 -0
- cartography/intel/scaleway/iam/users.py +71 -0
- cartography/intel/scaleway/instances/__init__.py +0 -0
- cartography/intel/scaleway/instances/flexibleips.py +86 -0
- cartography/intel/scaleway/instances/instances.py +92 -0
- cartography/intel/scaleway/projects.py +79 -0
- cartography/intel/scaleway/storage/__init__.py +0 -0
- cartography/intel/scaleway/storage/snapshots.py +86 -0
- cartography/intel/scaleway/storage/volumes.py +84 -0
- cartography/intel/scaleway/utils.py +37 -0
- cartography/intel/sentinelone/__init__.py +75 -0
- cartography/intel/sentinelone/account.py +140 -0
- cartography/intel/sentinelone/agent.py +139 -0
- cartography/intel/sentinelone/api.py +124 -0
- cartography/intel/sentinelone/application.py +248 -0
- cartography/intel/sentinelone/cve.py +119 -0
- cartography/intel/sentinelone/utils.py +28 -0
- cartography/intel/slack/__init__.py +78 -0
- cartography/intel/slack/channels.py +80 -0
- cartography/intel/slack/groups.py +90 -0
- cartography/intel/slack/teams.py +65 -0
- cartography/intel/slack/users.py +57 -0
- cartography/intel/slack/utils.py +29 -0
- cartography/intel/spacelift/__init__.py +161 -0
- cartography/intel/spacelift/account.py +73 -0
- cartography/intel/spacelift/ec2_ownership.py +280 -0
- cartography/intel/spacelift/runs.py +463 -0
- cartography/intel/spacelift/spaces.py +112 -0
- cartography/intel/spacelift/stacks.py +119 -0
- cartography/intel/spacelift/util.py +122 -0
- cartography/intel/spacelift/workerpools.py +131 -0
- cartography/intel/spacelift/workers.py +128 -0
- cartography/intel/trivy/__init__.py +272 -0
- cartography/intel/trivy/scanner.py +386 -0
- cartography/models/airbyte/__init__.py +0 -0
- cartography/models/airbyte/connection.py +138 -0
- cartography/models/airbyte/destination.py +75 -0
- cartography/models/airbyte/organization.py +19 -0
- cartography/models/airbyte/source.py +75 -0
- cartography/models/airbyte/stream.py +74 -0
- cartography/models/airbyte/tag.py +69 -0
- cartography/models/airbyte/user.py +115 -0
- cartography/models/airbyte/workspace.py +46 -0
- cartography/models/anthropic/apikey.py +4 -0
- cartography/models/anthropic/user.py +4 -0
- cartography/models/aws/acm/__init__.py +0 -0
- cartography/models/aws/acm/certificate.py +75 -0
- cartography/models/aws/apigateway/__init__.py +0 -0
- cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
- cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
- cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
- cartography/models/aws/apigatewayv2/__init__.py +0 -0
- cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
- cartography/models/aws/cloudtrail/management_events.py +153 -0
- cartography/models/aws/cloudtrail/trail.py +45 -0
- cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
- cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
- cartography/models/aws/codebuild/__init__.py +0 -0
- cartography/models/aws/codebuild/project.py +49 -0
- cartography/models/aws/cognito/__init__.py +0 -0
- cartography/models/aws/cognito/identity_pool.py +70 -0
- cartography/models/aws/cognito/user_pool.py +47 -0
- cartography/models/aws/dynamodb/tables.py +2 -0
- cartography/models/aws/ec2/instances.py +25 -1
- cartography/models/aws/ec2/networkinterfaces.py +4 -0
- cartography/models/aws/ec2/security_group_rules.py +109 -0
- cartography/models/aws/ec2/security_groups.py +90 -0
- cartography/models/aws/ec2/snapshots.py +58 -0
- cartography/models/aws/ec2/subnet_instance.py +2 -0
- cartography/models/aws/ec2/subnet_networkinterface.py +2 -0
- cartography/models/aws/ec2/subnets.py +65 -0
- cartography/models/aws/ec2/volumes.py +20 -0
- cartography/models/aws/ec2/vpc.py +46 -0
- cartography/models/aws/ec2/vpc_cidr.py +102 -0
- cartography/models/aws/ec2/vpc_peering.py +157 -0
- cartography/models/aws/ecr/__init__.py +0 -0
- cartography/models/aws/ecr/image.py +146 -0
- cartography/models/aws/ecr/image_layer.py +107 -0
- cartography/models/aws/ecr/repository.py +72 -0
- cartography/models/aws/ecr/repository_image.py +95 -0
- cartography/models/aws/ecs/__init__.py +0 -0
- cartography/models/aws/ecs/clusters.py +64 -0
- cartography/models/aws/ecs/container_definitions.py +93 -0
- cartography/models/aws/ecs/container_instances.py +84 -0
- cartography/models/aws/ecs/containers.py +101 -0
- cartography/models/aws/ecs/services.py +134 -0
- cartography/models/aws/ecs/task_definitions.py +135 -0
- cartography/models/aws/ecs/tasks.py +134 -0
- cartography/models/aws/efs/access_point.py +77 -0
- cartography/models/aws/efs/file_system.py +60 -0
- cartography/models/aws/efs/mount_target.py +29 -2
- cartography/models/aws/elasticache/__init__.py +0 -0
- cartography/models/aws/elasticache/cluster.py +65 -0
- cartography/models/aws/elasticache/topic.py +67 -0
- cartography/models/aws/eventbridge/__init__.py +0 -0
- cartography/models/aws/eventbridge/rule.py +77 -0
- cartography/models/aws/eventbridge/target.py +71 -0
- cartography/models/aws/glue/__init__.py +0 -0
- cartography/models/aws/glue/connection.py +51 -0
- cartography/models/aws/glue/job.py +69 -0
- cartography/models/aws/guardduty/__init__.py +1 -0
- cartography/models/aws/guardduty/detectors.py +50 -0
- cartography/models/aws/guardduty/findings.py +121 -0
- cartography/models/aws/iam/access_key.py +103 -0
- cartography/models/aws/iam/account_role.py +24 -0
- cartography/models/aws/iam/federated_principal.py +60 -0
- cartography/models/aws/iam/group.py +60 -0
- cartography/models/aws/iam/group_membership.py +27 -0
- cartography/models/aws/iam/inline_policy.py +78 -0
- cartography/models/aws/iam/managed_policy.py +51 -0
- cartography/models/aws/iam/policy_statement.py +57 -0
- cartography/models/aws/iam/role.py +83 -0
- cartography/models/aws/iam/root_principal.py +52 -0
- cartography/models/aws/iam/service_principal.py +30 -0
- cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
- cartography/models/aws/iam/user.py +59 -0
- cartography/models/aws/identitycenter/awsidentitycenter.py +1 -0
- cartography/models/aws/identitycenter/awspermissionset.py +70 -0
- cartography/models/aws/identitycenter/awssogroup.py +70 -0
- cartography/models/aws/identitycenter/awsssouser.py +49 -9
- cartography/models/aws/inspector/findings.py +37 -0
- cartography/models/aws/inspector/packages.py +1 -31
- cartography/models/aws/kms/__init__.py +0 -0
- cartography/models/aws/kms/aliases.py +86 -0
- cartography/models/aws/kms/grants.py +65 -0
- cartography/models/aws/kms/keys.py +88 -0
- cartography/models/aws/lambda_function/__init__.py +0 -0
- cartography/models/aws/lambda_function/alias.py +74 -0
- cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
- cartography/models/aws/lambda_function/lambda_function.py +91 -0
- cartography/models/aws/lambda_function/layer.py +72 -0
- cartography/models/aws/rds/__init__.py +0 -0
- cartography/models/aws/rds/cluster.py +91 -0
- cartography/models/aws/rds/event_subscription.py +146 -0
- cartography/models/aws/rds/instance.py +156 -0
- cartography/models/aws/rds/snapshot.py +108 -0
- cartography/models/aws/rds/subnet_group.py +101 -0
- cartography/models/aws/route53/__init__.py +0 -0
- cartography/models/aws/route53/dnsrecord.py +235 -0
- cartography/models/aws/route53/nameserver.py +63 -0
- cartography/models/aws/route53/subzone.py +40 -0
- cartography/models/aws/route53/zone.py +47 -0
- cartography/models/aws/s3/notification.py +24 -0
- cartography/models/aws/secretsmanager/secret.py +106 -0
- cartography/models/aws/secretsmanager/secret_version.py +0 -2
- cartography/models/aws/sns/topic_subscription.py +74 -0
- cartography/models/aws/sqs/__init__.py +0 -0
- cartography/models/aws/sqs/queue.py +89 -0
- cartography/models/azure/__init__.py +0 -0
- cartography/models/azure/aks_cluster.py +54 -0
- cartography/models/azure/aks_nodepool.py +54 -0
- cartography/models/azure/app_service.py +59 -0
- cartography/models/azure/container_instance.py +57 -0
- cartography/models/azure/cosmosdb/__init__.py +0 -0
- cartography/models/azure/cosmosdb/account.py +77 -0
- cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
- cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
- cartography/models/azure/cosmosdb/cassandratable.py +81 -0
- cartography/models/azure/cosmosdb/corspolicy.py +74 -0
- cartography/models/azure/cosmosdb/dblocation.py +120 -0
- cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
- cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
- cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
- cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
- cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
- cartography/models/azure/cosmosdb/tableresource.py +76 -0
- cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
- cartography/models/azure/data_factory/__init__.py +0 -0
- cartography/models/azure/data_factory/data_factory.py +51 -0
- cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
- cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
- cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
- cartography/models/azure/data_lake_filesystem.py +51 -0
- cartography/models/azure/event_grid_topic.py +57 -0
- cartography/models/azure/function_app.py +59 -0
- cartography/models/azure/load_balancer/__init__.py +0 -0
- cartography/models/azure/load_balancer/load_balancer.py +49 -0
- cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
- cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
- cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
- cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
- cartography/models/azure/logic_apps.py +56 -0
- cartography/models/azure/monitor.py +54 -0
- cartography/models/azure/network_interface.py +112 -0
- cartography/models/azure/network_security_group.py +50 -0
- cartography/models/azure/permission_relationships.py +60 -0
- cartography/models/azure/principal.py +41 -0
- cartography/models/azure/public_ip_address.py +50 -0
- cartography/models/azure/rbac.py +268 -0
- cartography/models/azure/resource_groups.py +52 -0
- cartography/models/azure/security_center.py +50 -0
- cartography/models/azure/sql/__init__.py +0 -0
- cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
- cartography/models/azure/sql/elasticpool.py +77 -0
- cartography/models/azure/sql/failovergroup.py +73 -0
- cartography/models/azure/sql/recoverabledatabase.py +75 -0
- cartography/models/azure/sql/replicationlink.py +81 -0
- cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
- cartography/models/azure/sql/restorepoint.py +74 -0
- cartography/models/azure/sql/serveradadministrator.py +74 -0
- cartography/models/azure/sql/serverdnsalias.py +71 -0
- cartography/models/azure/sql/sqldatabase.py +85 -0
- cartography/models/azure/sql/sqlserver.py +50 -0
- cartography/models/azure/sql/transparentdataencryption.py +76 -0
- cartography/models/azure/storage/__init__.py +0 -0
- cartography/models/azure/storage/account.py +59 -0
- cartography/models/azure/storage/blobcontainer.py +85 -0
- cartography/models/azure/storage/blobservice.py +71 -0
- cartography/models/azure/storage/fileservice.py +71 -0
- cartography/models/azure/storage/fileshare.py +82 -0
- cartography/models/azure/storage/queue.py +71 -0
- cartography/models/azure/storage/queueservice.py +73 -0
- cartography/models/azure/storage/table.py +72 -0
- cartography/models/azure/storage/tableservice.py +73 -0
- cartography/models/azure/subnet.py +101 -0
- cartography/models/azure/subscription.py +47 -0
- cartography/models/azure/tags/__init__.py +0 -0
- cartography/models/azure/tags/storage_tag.py +40 -0
- cartography/models/azure/tags/tag.py +37 -0
- cartography/models/azure/tenant.py +17 -0
- cartography/models/azure/virtual_network.py +49 -0
- cartography/models/azure/vm/__init__.py +0 -0
- cartography/models/azure/vm/datadisk.py +80 -0
- cartography/models/azure/vm/disk.py +55 -0
- cartography/models/azure/vm/snapshot.py +56 -0
- cartography/models/azure/vm/virtualmachine.py +59 -0
- cartography/models/bigfix/bigfix_computer.py +1 -1
- cartography/models/cloudflare/member.py +4 -0
- cartography/models/core/common.py +1 -0
- cartography/models/core/nodes.py +15 -2
- cartography/models/core/relationships.py +44 -0
- cartography/models/crowdstrike/hosts.py +1 -1
- cartography/models/digitalocean/droplet.py +2 -0
- cartography/models/duo/endpoint.py +1 -1
- cartography/models/duo/phone.py +2 -2
- cartography/models/duo/user.py +4 -0
- cartography/models/entra/app_role_assignment.py +115 -0
- cartography/models/entra/application.py +49 -0
- cartography/models/entra/entra_user_to_aws_sso.py +41 -0
- cartography/models/entra/group.py +117 -0
- cartography/models/entra/service_principal.py +104 -0
- cartography/models/entra/user.py +42 -51
- cartography/models/gcp/__init__.py +0 -0
- cartography/models/gcp/bigtable/__init__.py +0 -0
- cartography/models/gcp/bigtable/app_profile.py +94 -0
- cartography/models/gcp/bigtable/backup.py +91 -0
- cartography/models/gcp/bigtable/cluster.py +73 -0
- cartography/models/gcp/bigtable/instance.py +52 -0
- cartography/models/gcp/bigtable/table.py +69 -0
- cartography/models/gcp/compute/__init__.py +0 -0
- cartography/models/gcp/compute/subnet.py +74 -0
- cartography/models/gcp/compute/vpc.py +50 -0
- cartography/models/gcp/crm/__init__.py +0 -0
- cartography/models/gcp/crm/folders.py +98 -0
- cartography/models/gcp/crm/organizations.py +21 -0
- cartography/models/gcp/crm/projects.py +100 -0
- cartography/models/gcp/dns.py +109 -0
- cartography/models/gcp/gke.py +69 -0
- cartography/models/gcp/iam.py +3 -0
- cartography/models/gcp/permission_relationships.py +61 -0
- cartography/models/gcp/policy_bindings.py +93 -0
- cartography/models/gcp/storage/__init__.py +0 -0
- cartography/models/gcp/storage/bucket.py +119 -0
- cartography/models/github/commits.py +63 -0
- cartography/models/github/dependencies.py +73 -0
- cartography/models/github/manifests.py +49 -0
- cartography/models/github/users.py +10 -0
- cartography/models/googleworkspace/__init__.py +0 -0
- cartography/models/googleworkspace/device.py +132 -0
- cartography/models/googleworkspace/group.py +382 -0
- cartography/models/googleworkspace/oauth_app.py +124 -0
- cartography/models/googleworkspace/tenant.py +30 -0
- cartography/models/googleworkspace/user.py +113 -0
- cartography/models/gsuite/__init__.py +0 -0
- cartography/models/gsuite/group.py +218 -0
- cartography/models/gsuite/tenant.py +29 -0
- cartography/models/gsuite/user.py +107 -0
- cartography/models/kandji/device.py +1 -2
- cartography/models/keycloak/__init__.py +0 -0
- cartography/models/keycloak/authenticationexecution.py +160 -0
- cartography/models/keycloak/authenticationflow.py +54 -0
- cartography/models/keycloak/client.py +179 -0
- cartography/models/keycloak/group.py +101 -0
- cartography/models/keycloak/identityprovider.py +89 -0
- cartography/models/keycloak/organization.py +116 -0
- cartography/models/keycloak/organizationdomain.py +73 -0
- cartography/models/keycloak/realm.py +173 -0
- cartography/models/keycloak/role.py +126 -0
- cartography/models/keycloak/scope.py +73 -0
- cartography/models/keycloak/user.py +55 -0
- cartography/models/kubernetes/__init__.py +0 -0
- cartography/models/kubernetes/clusterrolebindings.py +138 -0
- cartography/models/kubernetes/clusterroles.py +52 -0
- cartography/models/kubernetes/clusters.py +26 -0
- cartography/models/kubernetes/containers.py +133 -0
- cartography/models/kubernetes/groups.py +107 -0
- cartography/models/kubernetes/namespaces.py +51 -0
- cartography/models/kubernetes/oidc.py +51 -0
- cartography/models/kubernetes/pods.py +80 -0
- cartography/models/kubernetes/rolebindings.py +159 -0
- cartography/models/kubernetes/roles.py +76 -0
- cartography/models/kubernetes/secrets.py +79 -0
- cartography/models/kubernetes/serviceaccounts.py +77 -0
- cartography/models/kubernetes/services.py +108 -0
- cartography/models/kubernetes/users.py +105 -0
- cartography/models/lastpass/user.py +4 -0
- cartography/models/ontology/__init__.py +0 -0
- cartography/models/ontology/device.py +137 -0
- cartography/models/ontology/mapping/__init__.py +76 -0
- cartography/models/ontology/mapping/data/__init__.py +0 -0
- cartography/models/ontology/mapping/data/apikeys.py +93 -0
- cartography/models/ontology/mapping/data/computeinstance.py +95 -0
- cartography/models/ontology/mapping/data/containers.py +88 -0
- cartography/models/ontology/mapping/data/databases.py +182 -0
- cartography/models/ontology/mapping/data/devices.py +194 -0
- cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
- cartography/models/ontology/mapping/data/useraccounts.py +416 -0
- cartography/models/ontology/mapping/data/users.py +63 -0
- cartography/models/ontology/mapping/specs.py +85 -0
- cartography/models/ontology/user.py +51 -0
- cartography/models/openai/adminapikey.py +4 -0
- cartography/models/openai/apikey.py +4 -0
- cartography/models/openai/user.py +4 -0
- cartography/models/scaleway/__init__.py +0 -0
- cartography/models/scaleway/iam/__init__.py +0 -0
- cartography/models/scaleway/iam/apikey.py +100 -0
- cartography/models/scaleway/iam/application.py +52 -0
- cartography/models/scaleway/iam/group.py +95 -0
- cartography/models/scaleway/iam/user.py +64 -0
- cartography/models/scaleway/instance/__init__.py +0 -0
- cartography/models/scaleway/instance/flexibleip.py +52 -0
- cartography/models/scaleway/instance/instance.py +120 -0
- cartography/models/scaleway/organization.py +19 -0
- cartography/models/scaleway/project.py +48 -0
- cartography/models/scaleway/storage/__init__.py +0 -0
- cartography/models/scaleway/storage/snapshot.py +78 -0
- cartography/models/scaleway/storage/volume.py +51 -0
- cartography/models/sentinelone/__init__.py +1 -0
- cartography/models/sentinelone/account.py +40 -0
- cartography/models/sentinelone/agent.py +50 -0
- cartography/models/sentinelone/application.py +44 -0
- cartography/models/sentinelone/application_version.py +96 -0
- cartography/models/sentinelone/cve.py +73 -0
- cartography/models/slack/__init__.py +0 -0
- cartography/models/slack/channels.py +92 -0
- cartography/models/slack/group.py +129 -0
- cartography/models/slack/team.py +22 -0
- cartography/models/slack/user.py +62 -0
- cartography/models/snipeit/asset.py +2 -0
- cartography/models/snipeit/user.py +4 -0
- cartography/models/spacelift/__init__.py +0 -0
- cartography/models/spacelift/cloudtrailevent.py +120 -0
- cartography/models/spacelift/run.py +162 -0
- cartography/models/spacelift/space.py +131 -0
- cartography/models/spacelift/spaceliftaccount.py +31 -0
- cartography/models/spacelift/spaceliftgitcommit.py +157 -0
- cartography/models/spacelift/stack.py +96 -0
- cartography/models/spacelift/user.py +63 -0
- cartography/models/spacelift/worker.py +97 -0
- cartography/models/spacelift/workerpool.py +90 -0
- cartography/models/tailscale/device.py +2 -1
- cartography/models/tailscale/user.py +6 -1
- cartography/models/trivy/__init__.py +0 -0
- cartography/models/trivy/findings.py +66 -0
- cartography/models/trivy/fix.py +66 -0
- cartography/models/trivy/package.py +71 -0
- cartography/rules/README.md +1 -0
- cartography/rules/__init__.py +0 -0
- cartography/rules/cli.py +261 -0
- cartography/rules/data/__init__.py +0 -0
- cartography/rules/data/rules/__init__.py +46 -0
- cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
- cartography/rules/data/rules/compute_instance_exposed.py +51 -0
- cartography/rules/data/rules/database_instance_exposed.py +53 -0
- cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
- cartography/rules/data/rules/identity_administration_privileges.py +100 -0
- cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
- cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
- cartography/rules/data/rules/mfa_missing.py +46 -0
- cartography/rules/data/rules/object_storage_public.py +100 -0
- cartography/rules/data/rules/policy_administration_privileges.py +104 -0
- cartography/rules/data/rules/unmanaged_accounts.py +43 -0
- cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
- cartography/rules/formatters.py +108 -0
- cartography/rules/runners.py +216 -0
- cartography/rules/spec/__init__.py +0 -0
- cartography/rules/spec/model.py +267 -0
- cartography/rules/spec/result.py +38 -0
- cartography/sync.py +25 -5
- cartography/util.py +101 -31
- {cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/METADATA +61 -22
- cartography-0.123.0.dist-info/RECORD +856 -0
- {cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
- cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
- cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
- cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
- cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
- cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
- cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
- cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
- cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
- cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
- cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
- cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
- cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
- cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
- cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
- cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
- cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
- cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
- cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
- cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
- cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
- cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
- cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
- cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
- cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
- cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
- cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
- cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
- cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
- cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
- cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
- cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
- cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
- cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
- cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
- cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
- cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
- cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
- cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
- cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
- cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
- cartography/intel/gcp/crm.py +0 -355
- cartography/intel/gsuite/api.py +0 -342
- cartography-0.104.0rc2.dist-info/RECORD +0 -455
- /cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
- /cartography/models/aws/{apigateway.py → apigateway/apigateway.py} +0 -0
- /cartography/models/aws/{apigatewaycertificate.py → apigateway/apigatewaycertificate.py} +0 -0
- /cartography/models/aws/{apigatewayresource.py → apigateway/apigatewayresource.py} +0 -0
- /cartography/models/aws/{apigatewaystage.py → apigateway/apigatewaystage.py} +0 -0
- {cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/WHEEL +0 -0
- {cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/licenses/LICENSE +0 -0
- {cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0
cartography/_version.py
CHANGED
|
@@ -1,7 +1,14 @@
|
|
|
1
1
|
# file generated by setuptools-scm
|
|
2
2
|
# don't change, don't track in version control
|
|
3
3
|
|
|
4
|
-
__all__ = [
|
|
4
|
+
__all__ = [
|
|
5
|
+
"__version__",
|
|
6
|
+
"__version_tuple__",
|
|
7
|
+
"version",
|
|
8
|
+
"version_tuple",
|
|
9
|
+
"__commit_id__",
|
|
10
|
+
"commit_id",
|
|
11
|
+
]
|
|
5
12
|
|
|
6
13
|
TYPE_CHECKING = False
|
|
7
14
|
if TYPE_CHECKING:
|
|
@@ -9,13 +16,19 @@ if TYPE_CHECKING:
|
|
|
9
16
|
from typing import Union
|
|
10
17
|
|
|
11
18
|
VERSION_TUPLE = Tuple[Union[int, str], ...]
|
|
19
|
+
COMMIT_ID = Union[str, None]
|
|
12
20
|
else:
|
|
13
21
|
VERSION_TUPLE = object
|
|
22
|
+
COMMIT_ID = object
|
|
14
23
|
|
|
15
24
|
version: str
|
|
16
25
|
__version__: str
|
|
17
26
|
__version_tuple__: VERSION_TUPLE
|
|
18
27
|
version_tuple: VERSION_TUPLE
|
|
28
|
+
commit_id: COMMIT_ID
|
|
29
|
+
__commit_id__: COMMIT_ID
|
|
19
30
|
|
|
20
|
-
__version__ = version = '0.
|
|
21
|
-
__version_tuple__ = version_tuple = (0,
|
|
31
|
+
__version__ = version = '0.123.0'
|
|
32
|
+
__version_tuple__ = version_tuple = (0, 123, 0)
|
|
33
|
+
|
|
34
|
+
__commit_id__ = commit_id = None
|
cartography/cli.py
CHANGED
|
@@ -71,8 +71,8 @@ class CLI:
|
|
|
71
71
|
default="bolt://localhost:7687",
|
|
72
72
|
help=(
|
|
73
73
|
"A valid Neo4j URI to sync against. See "
|
|
74
|
-
"https://neo4j.com/docs/
|
|
75
|
-
"structure of a Neo4j URI."
|
|
74
|
+
"https://neo4j.com/docs/browser-manual/current/operations/dbms-connection/#uri-scheme for complete "
|
|
75
|
+
"documentation on the structure of a Neo4j URI."
|
|
76
76
|
),
|
|
77
77
|
)
|
|
78
78
|
parser.add_argument(
|
|
@@ -182,6 +182,14 @@ class CLI:
|
|
|
182
182
|
"syncing other accounts and delay raising an exception until the very end."
|
|
183
183
|
),
|
|
184
184
|
)
|
|
185
|
+
parser.add_argument(
|
|
186
|
+
"--aws-cloudtrail-management-events-lookback-hours",
|
|
187
|
+
type=int,
|
|
188
|
+
default=None,
|
|
189
|
+
help=(
|
|
190
|
+
"Number of hours back to retrieve CloudTrail management events from. If not specified, CloudTrail management events will not be retrieved."
|
|
191
|
+
),
|
|
192
|
+
)
|
|
185
193
|
parser.add_argument(
|
|
186
194
|
"--oci-sync-all-profiles",
|
|
187
195
|
action="store_true",
|
|
@@ -226,6 +234,11 @@ class CLI:
|
|
|
226
234
|
"The name of environment variable containing Azure Client Secret for Service Principal Authentication."
|
|
227
235
|
),
|
|
228
236
|
)
|
|
237
|
+
parser.add_argument(
|
|
238
|
+
"--azure-subscription-id",
|
|
239
|
+
type=str,
|
|
240
|
+
help="The Azure Subscription ID to sync.",
|
|
241
|
+
)
|
|
229
242
|
parser.add_argument(
|
|
230
243
|
"--entra-tenant-id",
|
|
231
244
|
type=str,
|
|
@@ -256,6 +269,27 @@ class CLI:
|
|
|
256
269
|
" If not specified, cartography by default will run all AWS sync modules available."
|
|
257
270
|
),
|
|
258
271
|
)
|
|
272
|
+
parser.add_argument(
|
|
273
|
+
"--aws-guardduty-severity-threshold",
|
|
274
|
+
type=str,
|
|
275
|
+
default=None,
|
|
276
|
+
help=(
|
|
277
|
+
"GuardDuty severity threshold filter. Only findings at or above this severity level will be synced. "
|
|
278
|
+
"Valid values: LOW, MEDIUM, HIGH, CRITICAL. If not specified, all findings (except archived) will be synced. "
|
|
279
|
+
"Example: 'HIGH' will sync only HIGH and CRITICAL findings, filtering out LOW and MEDIUM severity findings."
|
|
280
|
+
),
|
|
281
|
+
)
|
|
282
|
+
parser.add_argument(
|
|
283
|
+
"--experimental-aws-inspector-batch",
|
|
284
|
+
type=int,
|
|
285
|
+
default=1000,
|
|
286
|
+
help=(
|
|
287
|
+
"EXPERIMENTAL: This feature is experimental and may be removed in the future. "
|
|
288
|
+
"Batch size for AWS Inspector findings sync. Controls how many findings are fetched, processed and cleaned up at a time. "
|
|
289
|
+
"Default is 1000. Increase this value if you have a large number of findings and want to reduce API calls, "
|
|
290
|
+
"or decrease it if you're experiencing memory issues."
|
|
291
|
+
),
|
|
292
|
+
)
|
|
259
293
|
parser.add_argument(
|
|
260
294
|
"--analysis-job-directory",
|
|
261
295
|
type=str,
|
|
@@ -305,6 +339,14 @@ class CLI:
|
|
|
305
339
|
"Required if you are using the GitHub intel module. Ignored otherwise."
|
|
306
340
|
),
|
|
307
341
|
)
|
|
342
|
+
parser.add_argument(
|
|
343
|
+
"--github-commit-lookback-days",
|
|
344
|
+
type=int,
|
|
345
|
+
default=30,
|
|
346
|
+
help=(
|
|
347
|
+
"Number of days to look back for tracking GitHub users committing to repositories. Defaults to 30 days."
|
|
348
|
+
),
|
|
349
|
+
)
|
|
308
350
|
parser.add_argument(
|
|
309
351
|
"--digitalocean-token-env-var",
|
|
310
352
|
type=str,
|
|
@@ -323,6 +365,24 @@ class CLI:
|
|
|
323
365
|
"If omitted the default permission relationships will be created"
|
|
324
366
|
),
|
|
325
367
|
)
|
|
368
|
+
parser.add_argument(
|
|
369
|
+
"--azure-permission-relationships-file",
|
|
370
|
+
type=str,
|
|
371
|
+
default="cartography/data/azure_permission_relationships.yaml",
|
|
372
|
+
help=(
|
|
373
|
+
"The path to the Azure permission relationships mapping file."
|
|
374
|
+
"If omitted the default Azure permission relationships will be created"
|
|
375
|
+
),
|
|
376
|
+
)
|
|
377
|
+
parser.add_argument(
|
|
378
|
+
"--gcp-permission-relationships-file",
|
|
379
|
+
type=str,
|
|
380
|
+
default="cartography/data/gcp_permission_relationships.yaml",
|
|
381
|
+
help=(
|
|
382
|
+
"The path to the GCP permission relationships mapping file. "
|
|
383
|
+
"If omitted the default GCP permission relationships will be used"
|
|
384
|
+
),
|
|
385
|
+
)
|
|
326
386
|
parser.add_argument(
|
|
327
387
|
"--jamf-base-uri",
|
|
328
388
|
type=str,
|
|
@@ -376,6 +436,12 @@ class CLI:
|
|
|
376
436
|
"The path to kubeconfig file specifying context to access K8s cluster(s)."
|
|
377
437
|
),
|
|
378
438
|
)
|
|
439
|
+
parser.add_argument(
|
|
440
|
+
"--managed-kubernetes",
|
|
441
|
+
default=None,
|
|
442
|
+
type=str,
|
|
443
|
+
help=("Type of managed Kubernetes service (e.g., 'eks'). Optional."),
|
|
444
|
+
)
|
|
379
445
|
parser.add_argument(
|
|
380
446
|
"--nist-cve-url",
|
|
381
447
|
type=str,
|
|
@@ -482,6 +548,24 @@ class CLI:
|
|
|
482
548
|
"The name of environment variable containing secrets for GSuite authentication."
|
|
483
549
|
),
|
|
484
550
|
)
|
|
551
|
+
parser.add_argument(
|
|
552
|
+
"--googleworkspace-auth-method",
|
|
553
|
+
type=str,
|
|
554
|
+
default="delegated",
|
|
555
|
+
choices=["delegated", "oauth", "default"],
|
|
556
|
+
help=(
|
|
557
|
+
'Google Workspace authentication method. Can be "delegated" for service account or "oauth" for OAuth. '
|
|
558
|
+
'"Default" best if using gcloud CLI.'
|
|
559
|
+
),
|
|
560
|
+
)
|
|
561
|
+
parser.add_argument(
|
|
562
|
+
"--googleworkspace-tokens-env-var",
|
|
563
|
+
type=str,
|
|
564
|
+
default="GOOGLEWORKSPACE_GOOGLE_APPLICATION_CREDENTIALS",
|
|
565
|
+
help=(
|
|
566
|
+
"The name of environment variable containing secrets for Google Workspace authentication."
|
|
567
|
+
),
|
|
568
|
+
)
|
|
485
569
|
parser.add_argument(
|
|
486
570
|
"--lastpass-cid-env-var",
|
|
487
571
|
type=str,
|
|
@@ -637,6 +721,257 @@ class CLI:
|
|
|
637
721
|
"Required if you are using the Anthropic intel module. Ignored otherwise."
|
|
638
722
|
),
|
|
639
723
|
)
|
|
724
|
+
parser.add_argument(
|
|
725
|
+
"--airbyte-client-id",
|
|
726
|
+
type=str,
|
|
727
|
+
default=None,
|
|
728
|
+
help=(
|
|
729
|
+
"The Airbyte client ID to use for authentication. "
|
|
730
|
+
"Required if you are using the Airbyte intel module. Ignored otherwise."
|
|
731
|
+
),
|
|
732
|
+
)
|
|
733
|
+
parser.add_argument(
|
|
734
|
+
"--airbyte-client-secret-env-var",
|
|
735
|
+
type=str,
|
|
736
|
+
default=None,
|
|
737
|
+
help=(
|
|
738
|
+
"The name of an environment variable containing the Airbyte client secret for authentication. "
|
|
739
|
+
"Required if you are using the Airbyte intel module. Ignored otherwise."
|
|
740
|
+
),
|
|
741
|
+
)
|
|
742
|
+
parser.add_argument(
|
|
743
|
+
"--airbyte-api-url",
|
|
744
|
+
type=str,
|
|
745
|
+
default="https://api.airbyte.com/v1",
|
|
746
|
+
help=(
|
|
747
|
+
"The base URL for the Airbyte API (default is the public Airbyte Cloud API). "
|
|
748
|
+
"Required if you are using the Airbyte intel module. Ignored otherwise."
|
|
749
|
+
),
|
|
750
|
+
)
|
|
751
|
+
parser.add_argument(
|
|
752
|
+
"--trivy-s3-bucket",
|
|
753
|
+
type=str,
|
|
754
|
+
default=None,
|
|
755
|
+
help=(
|
|
756
|
+
"The S3 bucket name containing Trivy scan results. "
|
|
757
|
+
"Required if you are using the Trivy module. Ignored otherwise."
|
|
758
|
+
),
|
|
759
|
+
)
|
|
760
|
+
parser.add_argument(
|
|
761
|
+
"--trivy-s3-prefix",
|
|
762
|
+
type=str,
|
|
763
|
+
default=None,
|
|
764
|
+
help=(
|
|
765
|
+
"The S3 prefix path containing Trivy scan results. "
|
|
766
|
+
"Required if you are using the Trivy module. Ignored otherwise."
|
|
767
|
+
),
|
|
768
|
+
)
|
|
769
|
+
parser.add_argument(
|
|
770
|
+
"--ontology-users-source",
|
|
771
|
+
type=str,
|
|
772
|
+
default=None,
|
|
773
|
+
help=(
|
|
774
|
+
"Comma-separated list of sources of truth for user data in the ontology. "
|
|
775
|
+
"'User' nodes will only be created for users that exist in one of the sources. "
|
|
776
|
+
"Required if you are using the ontology module. Ignored otherwise."
|
|
777
|
+
),
|
|
778
|
+
)
|
|
779
|
+
parser.add_argument(
|
|
780
|
+
"--ontology-devices-source",
|
|
781
|
+
type=str,
|
|
782
|
+
default=None,
|
|
783
|
+
help=(
|
|
784
|
+
"Comma-separated list of sources of truth for client computer data in the ontology. "
|
|
785
|
+
"'Device' nodes will only be created for groups that exist in one of the sources. "
|
|
786
|
+
"Required if you are using the ontology module. Ignored otherwise."
|
|
787
|
+
),
|
|
788
|
+
)
|
|
789
|
+
parser.add_argument(
|
|
790
|
+
"--trivy-results-dir",
|
|
791
|
+
type=str,
|
|
792
|
+
default=None,
|
|
793
|
+
help=(
|
|
794
|
+
"Path to a directory containing Trivy JSON results on disk. "
|
|
795
|
+
"Required if you are using the Trivy module with local results."
|
|
796
|
+
),
|
|
797
|
+
)
|
|
798
|
+
parser.add_argument(
|
|
799
|
+
"--scaleway-org",
|
|
800
|
+
type=str,
|
|
801
|
+
default=None,
|
|
802
|
+
help=(
|
|
803
|
+
"The Scaleway organization ID to sync. "
|
|
804
|
+
"Required if you are using the Scaleway intel module. Ignored otherwise."
|
|
805
|
+
),
|
|
806
|
+
)
|
|
807
|
+
parser.add_argument(
|
|
808
|
+
"--scaleway-access-key",
|
|
809
|
+
type=str,
|
|
810
|
+
default=None,
|
|
811
|
+
help=(
|
|
812
|
+
"The Scaleway access key to use for authentication. "
|
|
813
|
+
"Required if you are using the Scaleway intel module. Ignored otherwise."
|
|
814
|
+
),
|
|
815
|
+
)
|
|
816
|
+
parser.add_argument(
|
|
817
|
+
"--scaleway-secret-key-env-var",
|
|
818
|
+
type=str,
|
|
819
|
+
default=None,
|
|
820
|
+
help=(
|
|
821
|
+
"The name of an environment variable containing the Scaleway secret key for authentication. "
|
|
822
|
+
"Required if you are using the Scaleway intel module. Ignored otherwise."
|
|
823
|
+
),
|
|
824
|
+
)
|
|
825
|
+
parser.add_argument(
|
|
826
|
+
"--sentinelone-account-ids",
|
|
827
|
+
type=str,
|
|
828
|
+
default=None,
|
|
829
|
+
help=(
|
|
830
|
+
"Comma-separated list of SentinelOne account IDs to sync. "
|
|
831
|
+
"If not specified, all accessible accounts will be synced."
|
|
832
|
+
),
|
|
833
|
+
)
|
|
834
|
+
parser.add_argument(
|
|
835
|
+
"--sentinelone-api-url",
|
|
836
|
+
type=str,
|
|
837
|
+
default=None,
|
|
838
|
+
help=(
|
|
839
|
+
"SentinelOne API URL. Required if you are using the SentinelOne intel module. Ignored otherwise."
|
|
840
|
+
),
|
|
841
|
+
)
|
|
842
|
+
parser.add_argument(
|
|
843
|
+
"--sentinelone-api-token-env-var",
|
|
844
|
+
type=str,
|
|
845
|
+
default="SENTINELONE_API_TOKEN",
|
|
846
|
+
help=(
|
|
847
|
+
"The name of an environment variable containing the SentinelOne API token. "
|
|
848
|
+
"Required if you are using the SentinelOne intel module. Ignored otherwise."
|
|
849
|
+
),
|
|
850
|
+
)
|
|
851
|
+
parser.add_argument(
|
|
852
|
+
"--keycloak-client-id",
|
|
853
|
+
type=str,
|
|
854
|
+
default=None,
|
|
855
|
+
help=(
|
|
856
|
+
"The Keycloak client ID to sync. "
|
|
857
|
+
"Required if you are using the Keycloak intel module. Ignored otherwise."
|
|
858
|
+
),
|
|
859
|
+
)
|
|
860
|
+
parser.add_argument(
|
|
861
|
+
"--keycloak-client-secret-env-var",
|
|
862
|
+
type=str,
|
|
863
|
+
default="KEYCLOAK_CLIENT_SECRET",
|
|
864
|
+
help=(
|
|
865
|
+
"The name of an environment variable containing the Keycloak client secret. "
|
|
866
|
+
"Required if you are using the Keycloak intel module. Ignored otherwise."
|
|
867
|
+
),
|
|
868
|
+
)
|
|
869
|
+
parser.add_argument(
|
|
870
|
+
"--keycloak-url",
|
|
871
|
+
type=str,
|
|
872
|
+
help=(
|
|
873
|
+
"The base URL for the Keycloak instance. "
|
|
874
|
+
"Required if you are using the Keycloak intel module. Ignored otherwise. "
|
|
875
|
+
),
|
|
876
|
+
)
|
|
877
|
+
parser.add_argument(
|
|
878
|
+
"--keycloak-realm",
|
|
879
|
+
type=str,
|
|
880
|
+
default="master",
|
|
881
|
+
help=(
|
|
882
|
+
"The Keycloak realm used for authentication (note: all available realms will be synced). "
|
|
883
|
+
"Should be `master` (default value) in most of the cases. "
|
|
884
|
+
"Required if you are using the Keycloak intel module. Ignored otherwise. "
|
|
885
|
+
),
|
|
886
|
+
)
|
|
887
|
+
parser.add_argument(
|
|
888
|
+
"--slack-token-env-var",
|
|
889
|
+
type=str,
|
|
890
|
+
default=None,
|
|
891
|
+
help=(
|
|
892
|
+
"The name of environment variable containing the Slack Token. "
|
|
893
|
+
"Required if you are using the Slack intel module. Ignored otherwise."
|
|
894
|
+
),
|
|
895
|
+
)
|
|
896
|
+
parser.add_argument(
|
|
897
|
+
"--slack-teams",
|
|
898
|
+
type=str,
|
|
899
|
+
default=None,
|
|
900
|
+
help=(
|
|
901
|
+
"The Slack Team ID to sync, comma separated. If not provided, all accessible teams will be synced. "
|
|
902
|
+
),
|
|
903
|
+
)
|
|
904
|
+
parser.add_argument(
|
|
905
|
+
"--slack-channels-memberships",
|
|
906
|
+
action="store_true",
|
|
907
|
+
help=("Pull memberships for Slack Channels (can be time consuming)."),
|
|
908
|
+
)
|
|
909
|
+
parser.add_argument(
|
|
910
|
+
"--spacelift-api-endpoint",
|
|
911
|
+
type=str,
|
|
912
|
+
default=None,
|
|
913
|
+
help=(
|
|
914
|
+
"Spacelift GraphQL API endpoint (e.g., https://yourorg.app.spacelift.io/graphql). "
|
|
915
|
+
"Required if you are using the Spacelift intel module. Ignored otherwise."
|
|
916
|
+
),
|
|
917
|
+
)
|
|
918
|
+
parser.add_argument(
|
|
919
|
+
"--spacelift-api-token-env-var",
|
|
920
|
+
type=str,
|
|
921
|
+
default="SPACELIFT_API_TOKEN",
|
|
922
|
+
help=(
|
|
923
|
+
"The name of an environment variable containing the Spacelift API token. "
|
|
924
|
+
"Alternative to using API key ID/secret. Ignored if API key credentials are provided."
|
|
925
|
+
),
|
|
926
|
+
)
|
|
927
|
+
parser.add_argument(
|
|
928
|
+
"--spacelift-api-key-id-env-var",
|
|
929
|
+
type=str,
|
|
930
|
+
default="SPACELIFT_API_KEY_ID",
|
|
931
|
+
help=(
|
|
932
|
+
"The name of an environment variable containing the Spacelift API key ID. "
|
|
933
|
+
"Use with --spacelift-api-key-secret-env-var for automatic token exchange. "
|
|
934
|
+
"Alternative to providing a pre-generated token."
|
|
935
|
+
),
|
|
936
|
+
)
|
|
937
|
+
parser.add_argument(
|
|
938
|
+
"--spacelift-api-key-secret-env-var",
|
|
939
|
+
type=str,
|
|
940
|
+
default="SPACELIFT_API_KEY_SECRET",
|
|
941
|
+
help=(
|
|
942
|
+
"The name of an environment variable containing the Spacelift API key secret. "
|
|
943
|
+
"Use with --spacelift-api-key-id-env-var for automatic token exchange. "
|
|
944
|
+
"Alternative to providing a pre-generated token."
|
|
945
|
+
),
|
|
946
|
+
)
|
|
947
|
+
parser.add_argument(
|
|
948
|
+
"--spacelift-ec2-ownership-aws-profile",
|
|
949
|
+
type=str,
|
|
950
|
+
default=None,
|
|
951
|
+
help=(
|
|
952
|
+
"AWS profile name to use for fetching EC2 ownership data from S3. "
|
|
953
|
+
"Optional. If not provided, uses default AWS credentials. "
|
|
954
|
+
),
|
|
955
|
+
)
|
|
956
|
+
parser.add_argument(
|
|
957
|
+
"--spacelift-ec2-ownership-s3-bucket",
|
|
958
|
+
type=str,
|
|
959
|
+
default=None,
|
|
960
|
+
help=(
|
|
961
|
+
"S3 bucket name containing CloudTrail data for EC2 ownership relationships. "
|
|
962
|
+
"Required for EC2 ownership sync (along with --spacelift-ec2-ownership-s3-prefix)."
|
|
963
|
+
),
|
|
964
|
+
)
|
|
965
|
+
parser.add_argument(
|
|
966
|
+
"--spacelift-ec2-ownership-s3-prefix",
|
|
967
|
+
type=str,
|
|
968
|
+
default=None,
|
|
969
|
+
help=(
|
|
970
|
+
"S3 prefix for CloudTrail data for EC2 ownership relationships. "
|
|
971
|
+
"All JSON files under this prefix will be processed. "
|
|
972
|
+
"Required for EC2 ownership sync (along with --spacelift-ec2-ownership-s3-bucket)."
|
|
973
|
+
),
|
|
974
|
+
)
|
|
640
975
|
|
|
641
976
|
return parser
|
|
642
977
|
|
|
@@ -787,8 +1122,8 @@ class CLI:
|
|
|
787
1122
|
logger.warning("A Kandji base URI was provided but a token was not.")
|
|
788
1123
|
config.kandji_token = None
|
|
789
1124
|
else:
|
|
790
|
-
logger.warning("A Kandji base URI was not provided.")
|
|
791
1125
|
config.kandji_base_uri = None
|
|
1126
|
+
config.kandji_token = None
|
|
792
1127
|
|
|
793
1128
|
if config.statsd_enabled:
|
|
794
1129
|
logger.debug(
|
|
@@ -835,6 +1170,17 @@ class CLI:
|
|
|
835
1170
|
else:
|
|
836
1171
|
config.gsuite_tokens_env_var = None
|
|
837
1172
|
|
|
1173
|
+
# Google Workspace config
|
|
1174
|
+
if config.googleworkspace_tokens_env_var:
|
|
1175
|
+
logger.debug(
|
|
1176
|
+
f"Reading config string for Google Workspace from environment variable {config.googleworkspace_tokens_env_var}",
|
|
1177
|
+
)
|
|
1178
|
+
config.googleworkspace_config = os.environ.get(
|
|
1179
|
+
config.googleworkspace_tokens_env_var
|
|
1180
|
+
)
|
|
1181
|
+
else:
|
|
1182
|
+
config.googleworkspace_tokens_env_var = None
|
|
1183
|
+
|
|
838
1184
|
# Lastpass config
|
|
839
1185
|
if config.lastpass_cid_env_var:
|
|
840
1186
|
logger.debug(
|
|
@@ -914,10 +1260,10 @@ class CLI:
|
|
|
914
1260
|
config.snipeit_token = os.environ.get("SNIPEIT_TOKEN")
|
|
915
1261
|
else:
|
|
916
1262
|
logger.warning("A SnipeIT base URI was provided but a token was not.")
|
|
917
|
-
config.
|
|
1263
|
+
config.snipeit_token = None
|
|
918
1264
|
else:
|
|
919
|
-
logger.warning("A SnipeIT base URI was not provided.")
|
|
920
1265
|
config.snipeit_base_uri = None
|
|
1266
|
+
config.snipeit_token = None
|
|
921
1267
|
|
|
922
1268
|
# Tailscale config
|
|
923
1269
|
if config.tailscale_token_env_var:
|
|
@@ -955,6 +1301,121 @@ class CLI:
|
|
|
955
1301
|
else:
|
|
956
1302
|
config.anthropic_apikey = None
|
|
957
1303
|
|
|
1304
|
+
# Airbyte config
|
|
1305
|
+
if config.airbyte_client_id and config.airbyte_client_secret_env_var:
|
|
1306
|
+
logger.debug(
|
|
1307
|
+
f"Reading Airbyte client secret from environment variable {config.airbyte_client_secret_env_var}",
|
|
1308
|
+
)
|
|
1309
|
+
config.airbyte_client_secret = os.environ.get(
|
|
1310
|
+
config.airbyte_client_secret_env_var,
|
|
1311
|
+
)
|
|
1312
|
+
else:
|
|
1313
|
+
config.airbyte_client_secret = None
|
|
1314
|
+
|
|
1315
|
+
# Trivy config
|
|
1316
|
+
if config.trivy_s3_bucket:
|
|
1317
|
+
logger.debug(f"Trivy S3 bucket: {config.trivy_s3_bucket}")
|
|
1318
|
+
|
|
1319
|
+
if config.trivy_s3_prefix:
|
|
1320
|
+
logger.debug(f"Trivy S3 prefix: {config.trivy_s3_prefix}")
|
|
1321
|
+
|
|
1322
|
+
if config.trivy_results_dir:
|
|
1323
|
+
logger.debug(f"Trivy results dir: {config.trivy_results_dir}")
|
|
1324
|
+
|
|
1325
|
+
# Scaleway config
|
|
1326
|
+
if config.scaleway_secret_key_env_var:
|
|
1327
|
+
logger.debug(
|
|
1328
|
+
f"Reading Scaleway secret key from environment variable {config.scaleway_secret_key_env_var}",
|
|
1329
|
+
)
|
|
1330
|
+
config.scaleway_secret_key = os.environ.get(
|
|
1331
|
+
config.scaleway_secret_key_env_var,
|
|
1332
|
+
)
|
|
1333
|
+
else:
|
|
1334
|
+
config.scaleway_secret_key = None
|
|
1335
|
+
|
|
1336
|
+
# SentinelOne config
|
|
1337
|
+
if config.sentinelone_account_ids:
|
|
1338
|
+
config.sentinelone_account_ids = [
|
|
1339
|
+
id.strip() for id in config.sentinelone_account_ids.split(",")
|
|
1340
|
+
]
|
|
1341
|
+
logger.debug(
|
|
1342
|
+
f"Parsed {len(config.sentinelone_account_ids)} SentinelOne account IDs to sync"
|
|
1343
|
+
)
|
|
1344
|
+
else:
|
|
1345
|
+
config.sentinelone_account_ids = None
|
|
1346
|
+
|
|
1347
|
+
if config.sentinelone_api_url and config.sentinelone_api_token_env_var:
|
|
1348
|
+
logger.debug(
|
|
1349
|
+
f"Reading API token for SentinelOne from environment variable {config.sentinelone_api_token_env_var}",
|
|
1350
|
+
)
|
|
1351
|
+
config.sentinelone_api_token = os.environ.get(
|
|
1352
|
+
config.sentinelone_api_token_env_var
|
|
1353
|
+
)
|
|
1354
|
+
else:
|
|
1355
|
+
config.sentinelone_api_token = None
|
|
1356
|
+
|
|
1357
|
+
# Keycloak config
|
|
1358
|
+
if config.keycloak_client_secret_env_var:
|
|
1359
|
+
logger.debug(
|
|
1360
|
+
f"Reading Client Secret for Keycloak from environment variable {config.keycloak_client_secret_env_var}",
|
|
1361
|
+
)
|
|
1362
|
+
config.keycloak_client_secret = os.environ.get(
|
|
1363
|
+
config.keycloak_client_secret_env_var
|
|
1364
|
+
)
|
|
1365
|
+
else:
|
|
1366
|
+
config.keycloak_client_secret = None
|
|
1367
|
+
|
|
1368
|
+
# Slack config
|
|
1369
|
+
if config.slack_token_env_var:
|
|
1370
|
+
logger.debug(
|
|
1371
|
+
f"Reading Slack token from environment variable {config.slack_token_env_var}",
|
|
1372
|
+
)
|
|
1373
|
+
config.slack_token = os.environ.get(config.slack_token_env_var)
|
|
1374
|
+
else:
|
|
1375
|
+
config.slack_token = None
|
|
1376
|
+
|
|
1377
|
+
# Spacelift config
|
|
1378
|
+
# Read endpoint from CLI arg or env var
|
|
1379
|
+
if not config.spacelift_api_endpoint:
|
|
1380
|
+
config.spacelift_api_endpoint = os.environ.get("SPACELIFT_API_ENDPOINT")
|
|
1381
|
+
|
|
1382
|
+
if config.spacelift_api_endpoint:
|
|
1383
|
+
# Try to read API token
|
|
1384
|
+
if config.spacelift_api_token_env_var:
|
|
1385
|
+
logger.debug(
|
|
1386
|
+
f"Reading API token for Spacelift from environment variable {config.spacelift_api_token_env_var}",
|
|
1387
|
+
)
|
|
1388
|
+
config.spacelift_api_token = os.environ.get(
|
|
1389
|
+
config.spacelift_api_token_env_var
|
|
1390
|
+
)
|
|
1391
|
+
else:
|
|
1392
|
+
config.spacelift_api_token = None
|
|
1393
|
+
|
|
1394
|
+
# Try to read API key ID and secret
|
|
1395
|
+
if config.spacelift_api_key_id_env_var:
|
|
1396
|
+
logger.debug(
|
|
1397
|
+
f"Reading API key ID for Spacelift from environment variable {config.spacelift_api_key_id_env_var}",
|
|
1398
|
+
)
|
|
1399
|
+
config.spacelift_api_key_id = os.environ.get(
|
|
1400
|
+
config.spacelift_api_key_id_env_var
|
|
1401
|
+
)
|
|
1402
|
+
else:
|
|
1403
|
+
config.spacelift_api_key_id = None
|
|
1404
|
+
|
|
1405
|
+
if config.spacelift_api_key_secret_env_var:
|
|
1406
|
+
logger.debug(
|
|
1407
|
+
f"Reading API key secret for Spacelift from environment variable {config.spacelift_api_key_secret_env_var}",
|
|
1408
|
+
)
|
|
1409
|
+
config.spacelift_api_key_secret = os.environ.get(
|
|
1410
|
+
config.spacelift_api_key_secret_env_var
|
|
1411
|
+
)
|
|
1412
|
+
else:
|
|
1413
|
+
config.spacelift_api_key_secret = None
|
|
1414
|
+
else:
|
|
1415
|
+
config.spacelift_api_token = None
|
|
1416
|
+
config.spacelift_api_key_id = None
|
|
1417
|
+
config.spacelift_api_key_secret = None
|
|
1418
|
+
|
|
958
1419
|
# Run cartography
|
|
959
1420
|
try:
|
|
960
1421
|
return cartography.sync.run_with_config(self.sync, config)
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
from typing import List
|
|
2
|
+
|
|
3
|
+
import neo4j
|
|
4
|
+
|
|
5
|
+
from cartography.client.core.tx import read_list_of_values_tx
|
|
6
|
+
from cartography.util import timeit
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
@timeit
|
|
10
|
+
def list_accounts(neo4j_session: neo4j.Session) -> List[str]:
|
|
11
|
+
"""
|
|
12
|
+
:param neo4j_session: The neo4j session object.
|
|
13
|
+
:return: A list of all AWS account IDs in the graph
|
|
14
|
+
"""
|
|
15
|
+
# See https://community.neo4j.com/t/extract-list-of-nodes-and-labels-from-path/13665/4
|
|
16
|
+
query = """
|
|
17
|
+
MATCH (a:AWSAccount) RETURN a.id
|
|
18
|
+
"""
|
|
19
|
+
return neo4j_session.read_transaction(read_list_of_values_tx, query)
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
from typing import Set
|
|
2
|
+
from typing import Tuple
|
|
3
|
+
|
|
4
|
+
import neo4j
|
|
5
|
+
|
|
6
|
+
from cartography.client.core.tx import read_list_of_tuples_tx
|
|
7
|
+
from cartography.util import timeit
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
@timeit
|
|
11
|
+
def get_ecr_images(
|
|
12
|
+
neo4j_session: neo4j.Session, aws_account_id: str
|
|
13
|
+
) -> Set[Tuple[str, str, str, str, str]]:
|
|
14
|
+
"""
|
|
15
|
+
Queries the graph for all ECR images and their parent images.
|
|
16
|
+
Returns 5-tuples of ECR repository regions, tags, URIs, names, and binary digests. This is used to identify which
|
|
17
|
+
images to scan.
|
|
18
|
+
:param neo4j_session: The neo4j session object.
|
|
19
|
+
:param aws_account_id: The AWS account ID to get ECR repo data for.
|
|
20
|
+
:return: 5-tuples of repo region, image tag, image URI, repo_name, and image_digest.
|
|
21
|
+
"""
|
|
22
|
+
# See https://community.neo4j.com/t/extract-list-of-nodes-and-labels-from-path/13665/4
|
|
23
|
+
query = """
|
|
24
|
+
MATCH (e1:ECRRepositoryImage)<-[:REPO_IMAGE]-(repo:ECRRepository)
|
|
25
|
+
MATCH (repo)<-[:RESOURCE]-(:AWSAccount {id: $AWS_ID})
|
|
26
|
+
|
|
27
|
+
// OPTIONAL traversal of parent hierarchy
|
|
28
|
+
OPTIONAL MATCH path = (e1)-[:PARENT*1..]->(ancestor:ECRRepositoryImage)
|
|
29
|
+
WITH e1,
|
|
30
|
+
CASE
|
|
31
|
+
WHEN path IS NULL THEN [e1]
|
|
32
|
+
ELSE [n IN nodes(path) | n] + [e1]
|
|
33
|
+
END AS repo_img_collection_unflattened
|
|
34
|
+
|
|
35
|
+
// Flatten and dedupe
|
|
36
|
+
UNWIND repo_img_collection_unflattened AS repo_img
|
|
37
|
+
WITH DISTINCT repo_img
|
|
38
|
+
|
|
39
|
+
// Match image metadata
|
|
40
|
+
MATCH (er:ECRRepository)-[:REPO_IMAGE]->(repo_img)-[:IMAGE]->(img:ECRImage)
|
|
41
|
+
|
|
42
|
+
RETURN DISTINCT
|
|
43
|
+
er.region AS region,
|
|
44
|
+
repo_img.tag AS tag,
|
|
45
|
+
repo_img.id AS uri,
|
|
46
|
+
er.name AS repo_name,
|
|
47
|
+
img.digest AS digest
|
|
48
|
+
"""
|
|
49
|
+
return neo4j_session.read_transaction(
|
|
50
|
+
read_list_of_tuples_tx, query, AWS_ID=aws_account_id
|
|
51
|
+
)
|