PyPI - cartography - Versions diffs - 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl - Mend

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (642) hide show

cartography/_version.py +16 -3
cartography/cli.py +466 -5
cartography/client/aws/__init__.py +19 -0
cartography/client/aws/ecr.py +51 -0
cartography/client/core/tx.py +357 -8
cartography/config.py +153 -0
cartography/data/azure_permission_relationships.yaml +20 -0
cartography/data/gcp_permission_relationships.yaml +21 -0
cartography/data/indexes.cypher +0 -186
cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
cartography/data/jobs/cleanup/github_repos_cleanup.json +2 -0
cartography/driftdetect/cli.py +3 -2
cartography/graph/cleanupbuilder.py +198 -41
cartography/graph/job.py +54 -6
cartography/graph/querybuilder.py +528 -27
cartography/graph/statement.py +5 -1
cartography/intel/airbyte/__init__.py +105 -0
cartography/intel/airbyte/connections.py +120 -0
cartography/intel/airbyte/destinations.py +81 -0
cartography/intel/airbyte/organizations.py +59 -0
cartography/intel/airbyte/sources.py +78 -0
cartography/intel/airbyte/tags.py +64 -0
cartography/intel/airbyte/users.py +106 -0
cartography/intel/airbyte/util.py +122 -0
cartography/intel/airbyte/workspaces.py +63 -0
cartography/intel/aws/__init__.py +24 -9
cartography/intel/aws/acm.py +124 -0
cartography/intel/aws/apigateway.py +253 -22
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/cloudtrail.py +17 -39
cartography/intel/aws/cloudtrail_management_events.py +962 -0
cartography/intel/aws/cloudwatch.py +150 -4
cartography/intel/aws/codebuild.py +132 -0
cartography/intel/aws/cognito.py +201 -0
cartography/intel/aws/config.py +7 -3
cartography/intel/aws/ec2/elastic_ip_addresses.py +3 -1
cartography/intel/aws/ec2/instances.py +25 -1
cartography/intel/aws/ec2/internet_gateways.py +4 -2
cartography/intel/aws/ec2/load_balancer_v2s.py +11 -5
cartography/intel/aws/ec2/network_interfaces.py +5 -1
cartography/intel/aws/ec2/reserved_instances.py +3 -1
cartography/intel/aws/ec2/security_groups.py +140 -122
cartography/intel/aws/ec2/snapshots.py +47 -84
cartography/intel/aws/ec2/subnets.py +37 -63
cartography/intel/aws/ec2/tgw.py +11 -5
cartography/intel/aws/ec2/volumes.py +1 -1
cartography/intel/aws/ec2/vpc.py +140 -124
cartography/intel/aws/ec2/vpc_peerings.py +262 -125
cartography/intel/aws/ecr.py +269 -98
cartography/intel/aws/ecr_image_layers.py +923 -0
cartography/intel/aws/ecs.py +251 -380
cartography/intel/aws/efs.py +179 -11
cartography/intel/aws/elasticache.py +102 -79
cartography/intel/aws/elasticsearch.py +13 -4
cartography/intel/aws/eventbridge.py +164 -0
cartography/intel/aws/glue.py +181 -0
cartography/intel/aws/guardduty.py +443 -0
cartography/intel/aws/iam.py +750 -493
cartography/intel/aws/identitycenter.py +605 -83
cartography/intel/aws/inspector.py +221 -105
cartography/intel/aws/kms.py +173 -201
cartography/intel/aws/lambda_function.py +272 -189
cartography/intel/aws/organizations.py +10 -9
cartography/intel/aws/permission_relationships.py +10 -20
cartography/intel/aws/rds.py +337 -446
cartography/intel/aws/redshift.py +9 -4
cartography/intel/aws/resourcegroupstaggingapi.py +78 -19
cartography/intel/aws/resources.py +18 -0
cartography/intel/aws/route53.py +386 -332
cartography/intel/aws/s3.py +322 -14
cartography/intel/aws/secretsmanager.py +81 -49
cartography/intel/aws/securityhub.py +3 -1
cartography/intel/aws/sns.py +62 -2
cartography/intel/aws/sqs.py +36 -90
cartography/intel/aws/ssm.py +3 -5
cartography/intel/azure/__init__.py +202 -48
cartography/intel/azure/aks.py +175 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/compute.py +59 -112
cartography/intel/azure/container_instances.py +95 -0
cartography/intel/azure/cosmosdb.py +222 -361
cartography/intel/azure/data_factory.py +85 -0
cartography/intel/azure/data_factory_dataset.py +128 -0
cartography/intel/azure/data_factory_linked_service.py +119 -0
cartography/intel/azure/data_factory_pipeline.py +142 -0
cartography/intel/azure/data_lake.py +124 -0
cartography/intel/azure/event_grid.py +94 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/azure/load_balancers.py +263 -0
cartography/intel/azure/logic_apps.py +101 -0
cartography/intel/azure/monitor.py +105 -0
cartography/intel/azure/network.py +467 -0
cartography/intel/azure/permission_relationships.py +466 -0
cartography/intel/azure/rbac.py +309 -0
cartography/intel/azure/resource_groups.py +82 -0
cartography/intel/azure/security_center.py +106 -0
cartography/intel/azure/sql.py +145 -292
cartography/intel/azure/storage.py +185 -262
cartography/intel/azure/subscription.py +21 -43
cartography/intel/azure/tenant.py +39 -30
cartography/intel/azure/util/common.py +13 -0
cartography/intel/azure/util/credentials.py +49 -174
cartography/intel/azure/util/tag.py +41 -0
cartography/intel/create_indexes.py +2 -1
cartography/intel/crowdstrike/spotlight.py +5 -2
cartography/intel/dns.py +5 -2
cartography/intel/entra/__init__.py +100 -1
cartography/intel/entra/app_role_assignments.py +284 -0
cartography/intel/entra/applications.py +182 -0
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/groups.py +198 -0
cartography/intel/entra/ou.py +48 -24
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/entra/users.py +105 -57
cartography/intel/gcp/__init__.py +334 -396
cartography/intel/gcp/bigtable_app_profile.py +101 -0
cartography/intel/gcp/bigtable_backup.py +91 -0
cartography/intel/gcp/bigtable_cluster.py +93 -0
cartography/intel/gcp/bigtable_instance.py +86 -0
cartography/intel/gcp/bigtable_table.py +87 -0
cartography/intel/gcp/cai.py +292 -0
cartography/intel/gcp/clients.py +112 -0
cartography/intel/gcp/compute.py +128 -119
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +114 -0
cartography/intel/gcp/crm/orgs.py +70 -0
cartography/intel/gcp/crm/projects.py +120 -0
cartography/intel/gcp/dns.py +83 -169
cartography/intel/gcp/gke.py +72 -113
cartography/intel/gcp/iam.py +111 -91
cartography/intel/gcp/permission_relationships.py +394 -0
cartography/intel/gcp/policy_bindings.py +225 -0
cartography/intel/gcp/storage.py +75 -159
cartography/intel/github/__init__.py +62 -25
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +463 -85
cartography/intel/github/teams.py +3 -3
cartography/intel/github/users.py +5 -0
cartography/intel/github/util.py +12 -0
cartography/intel/googleworkspace/__init__.py +193 -0
cartography/intel/googleworkspace/devices.py +254 -0
cartography/intel/googleworkspace/groups.py +568 -0
cartography/intel/googleworkspace/oauth_apps.py +259 -0
cartography/intel/googleworkspace/tenant.py +85 -0
cartography/intel/googleworkspace/users.py +138 -0
cartography/intel/gsuite/__init__.py +17 -9
cartography/intel/gsuite/groups.py +291 -0
cartography/intel/gsuite/users.py +142 -0
cartography/intel/jamf/computers.py +7 -1
cartography/intel/keycloak/__init__.py +153 -0
cartography/intel/keycloak/authenticationexecutions.py +322 -0
cartography/intel/keycloak/authenticationflows.py +77 -0
cartography/intel/keycloak/clients.py +187 -0
cartography/intel/keycloak/groups.py +126 -0
cartography/intel/keycloak/identityproviders.py +94 -0
cartography/intel/keycloak/organizations.py +163 -0
cartography/intel/keycloak/realms.py +61 -0
cartography/intel/keycloak/roles.py +202 -0
cartography/intel/keycloak/scopes.py +73 -0
cartography/intel/keycloak/users.py +70 -0
cartography/intel/keycloak/util.py +47 -0
cartography/intel/kubernetes/__init__.py +60 -14
cartography/intel/kubernetes/clusters.py +86 -0
cartography/intel/kubernetes/eks.py +402 -0
cartography/intel/kubernetes/namespaces.py +59 -57
cartography/intel/kubernetes/pods.py +168 -75
cartography/intel/kubernetes/rbac.py +597 -0
cartography/intel/kubernetes/secrets.py +95 -45
cartography/intel/kubernetes/services.py +131 -67
cartography/intel/kubernetes/util.py +142 -14
cartography/intel/oci/iam.py +23 -9
cartography/intel/oci/organizations.py +3 -1
cartography/intel/oci/utils.py +28 -5
cartography/intel/okta/applications.py +15 -5
cartography/intel/okta/awssaml.py +14 -10
cartography/intel/okta/factors.py +3 -1
cartography/intel/okta/groups.py +5 -2
cartography/intel/okta/organization.py +3 -1
cartography/intel/okta/origins.py +3 -1
cartography/intel/okta/roles.py +5 -2
cartography/intel/okta/users.py +10 -2
cartography/intel/ontology/__init__.py +44 -0
cartography/intel/ontology/devices.py +54 -0
cartography/intel/ontology/users.py +54 -0
cartography/intel/ontology/utils.py +176 -0
cartography/intel/pagerduty/escalation_policies.py +13 -6
cartography/intel/pagerduty/schedules.py +9 -4
cartography/intel/pagerduty/services.py +7 -3
cartography/intel/pagerduty/teams.py +5 -2
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/scaleway/__init__.py +127 -0
cartography/intel/scaleway/iam/__init__.py +0 -0
cartography/intel/scaleway/iam/apikeys.py +71 -0
cartography/intel/scaleway/iam/applications.py +71 -0
cartography/intel/scaleway/iam/groups.py +71 -0
cartography/intel/scaleway/iam/users.py +71 -0
cartography/intel/scaleway/instances/__init__.py +0 -0
cartography/intel/scaleway/instances/flexibleips.py +86 -0
cartography/intel/scaleway/instances/instances.py +92 -0
cartography/intel/scaleway/projects.py +79 -0
cartography/intel/scaleway/storage/__init__.py +0 -0
cartography/intel/scaleway/storage/snapshots.py +86 -0
cartography/intel/scaleway/storage/volumes.py +84 -0
cartography/intel/scaleway/utils.py +37 -0
cartography/intel/sentinelone/__init__.py +75 -0
cartography/intel/sentinelone/account.py +140 -0
cartography/intel/sentinelone/agent.py +139 -0
cartography/intel/sentinelone/api.py +124 -0
cartography/intel/sentinelone/application.py +248 -0
cartography/intel/sentinelone/cve.py +119 -0
cartography/intel/sentinelone/utils.py +28 -0
cartography/intel/slack/__init__.py +78 -0
cartography/intel/slack/channels.py +80 -0
cartography/intel/slack/groups.py +90 -0
cartography/intel/slack/teams.py +65 -0
cartography/intel/slack/users.py +57 -0
cartography/intel/slack/utils.py +29 -0
cartography/intel/spacelift/__init__.py +161 -0
cartography/intel/spacelift/account.py +73 -0
cartography/intel/spacelift/ec2_ownership.py +280 -0
cartography/intel/spacelift/runs.py +463 -0
cartography/intel/spacelift/spaces.py +112 -0
cartography/intel/spacelift/stacks.py +119 -0
cartography/intel/spacelift/util.py +122 -0
cartography/intel/spacelift/workerpools.py +131 -0
cartography/intel/spacelift/workers.py +128 -0
cartography/intel/trivy/__init__.py +272 -0
cartography/intel/trivy/scanner.py +386 -0
cartography/models/airbyte/__init__.py +0 -0
cartography/models/airbyte/connection.py +138 -0
cartography/models/airbyte/destination.py +75 -0
cartography/models/airbyte/organization.py +19 -0
cartography/models/airbyte/source.py +75 -0
cartography/models/airbyte/stream.py +74 -0
cartography/models/airbyte/tag.py +69 -0
cartography/models/airbyte/user.py +115 -0
cartography/models/airbyte/workspace.py +46 -0
cartography/models/anthropic/apikey.py +4 -0
cartography/models/anthropic/user.py +4 -0
cartography/models/aws/acm/__init__.py +0 -0
cartography/models/aws/acm/certificate.py +75 -0
cartography/models/aws/apigateway/__init__.py +0 -0
cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/cloudtrail/management_events.py +153 -0
cartography/models/aws/cloudtrail/trail.py +45 -0
cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
cartography/models/aws/codebuild/__init__.py +0 -0
cartography/models/aws/codebuild/project.py +49 -0
cartography/models/aws/cognito/__init__.py +0 -0
cartography/models/aws/cognito/identity_pool.py +70 -0
cartography/models/aws/cognito/user_pool.py +47 -0
cartography/models/aws/dynamodb/tables.py +2 -0
cartography/models/aws/ec2/instances.py +25 -1
cartography/models/aws/ec2/networkinterfaces.py +4 -0
cartography/models/aws/ec2/security_group_rules.py +109 -0
cartography/models/aws/ec2/security_groups.py +90 -0
cartography/models/aws/ec2/snapshots.py +58 -0
cartography/models/aws/ec2/subnet_instance.py +2 -0
cartography/models/aws/ec2/subnet_networkinterface.py +2 -0
cartography/models/aws/ec2/subnets.py +65 -0
cartography/models/aws/ec2/volumes.py +20 -0
cartography/models/aws/ec2/vpc.py +46 -0
cartography/models/aws/ec2/vpc_cidr.py +102 -0
cartography/models/aws/ec2/vpc_peering.py +157 -0
cartography/models/aws/ecr/__init__.py +0 -0
cartography/models/aws/ecr/image.py +146 -0
cartography/models/aws/ecr/image_layer.py +107 -0
cartography/models/aws/ecr/repository.py +72 -0
cartography/models/aws/ecr/repository_image.py +95 -0
cartography/models/aws/ecs/__init__.py +0 -0
cartography/models/aws/ecs/clusters.py +64 -0
cartography/models/aws/ecs/container_definitions.py +93 -0
cartography/models/aws/ecs/container_instances.py +84 -0
cartography/models/aws/ecs/containers.py +101 -0
cartography/models/aws/ecs/services.py +134 -0
cartography/models/aws/ecs/task_definitions.py +135 -0
cartography/models/aws/ecs/tasks.py +134 -0
cartography/models/aws/efs/access_point.py +77 -0
cartography/models/aws/efs/file_system.py +60 -0
cartography/models/aws/efs/mount_target.py +29 -2
cartography/models/aws/elasticache/__init__.py +0 -0
cartography/models/aws/elasticache/cluster.py +65 -0
cartography/models/aws/elasticache/topic.py +67 -0
cartography/models/aws/eventbridge/__init__.py +0 -0
cartography/models/aws/eventbridge/rule.py +77 -0
cartography/models/aws/eventbridge/target.py +71 -0
cartography/models/aws/glue/__init__.py +0 -0
cartography/models/aws/glue/connection.py +51 -0
cartography/models/aws/glue/job.py +69 -0
cartography/models/aws/guardduty/__init__.py +1 -0
cartography/models/aws/guardduty/detectors.py +50 -0
cartography/models/aws/guardduty/findings.py +121 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +27 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +59 -0
cartography/models/aws/identitycenter/awsidentitycenter.py +1 -0
cartography/models/aws/identitycenter/awspermissionset.py +70 -0
cartography/models/aws/identitycenter/awssogroup.py +70 -0
cartography/models/aws/identitycenter/awsssouser.py +49 -9
cartography/models/aws/inspector/findings.py +37 -0
cartography/models/aws/inspector/packages.py +1 -31
cartography/models/aws/kms/__init__.py +0 -0
cartography/models/aws/kms/aliases.py +86 -0
cartography/models/aws/kms/grants.py +65 -0
cartography/models/aws/kms/keys.py +88 -0
cartography/models/aws/lambda_function/__init__.py +0 -0
cartography/models/aws/lambda_function/alias.py +74 -0
cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
cartography/models/aws/lambda_function/lambda_function.py +91 -0
cartography/models/aws/lambda_function/layer.py +72 -0
cartography/models/aws/rds/__init__.py +0 -0
cartography/models/aws/rds/cluster.py +91 -0
cartography/models/aws/rds/event_subscription.py +146 -0
cartography/models/aws/rds/instance.py +156 -0
cartography/models/aws/rds/snapshot.py +108 -0
cartography/models/aws/rds/subnet_group.py +101 -0
cartography/models/aws/route53/__init__.py +0 -0
cartography/models/aws/route53/dnsrecord.py +235 -0
cartography/models/aws/route53/nameserver.py +63 -0
cartography/models/aws/route53/subzone.py +40 -0
cartography/models/aws/route53/zone.py +47 -0
cartography/models/aws/s3/notification.py +24 -0
cartography/models/aws/secretsmanager/secret.py +106 -0
cartography/models/aws/secretsmanager/secret_version.py +0 -2
cartography/models/aws/sns/topic_subscription.py +74 -0
cartography/models/aws/sqs/__init__.py +0 -0
cartography/models/aws/sqs/queue.py +89 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/aks_cluster.py +54 -0
cartography/models/azure/aks_nodepool.py +54 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/container_instance.py +57 -0
cartography/models/azure/cosmosdb/__init__.py +0 -0
cartography/models/azure/cosmosdb/account.py +77 -0
cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
cartography/models/azure/cosmosdb/cassandratable.py +81 -0
cartography/models/azure/cosmosdb/corspolicy.py +74 -0
cartography/models/azure/cosmosdb/dblocation.py +120 -0
cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
cartography/models/azure/cosmosdb/tableresource.py +76 -0
cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
cartography/models/azure/data_factory/__init__.py +0 -0
cartography/models/azure/data_factory/data_factory.py +51 -0
cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
cartography/models/azure/data_lake_filesystem.py +51 -0
cartography/models/azure/event_grid_topic.py +57 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/azure/load_balancer/__init__.py +0 -0
cartography/models/azure/load_balancer/load_balancer.py +49 -0
cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
cartography/models/azure/logic_apps.py +56 -0
cartography/models/azure/monitor.py +54 -0
cartography/models/azure/network_interface.py +112 -0
cartography/models/azure/network_security_group.py +50 -0
cartography/models/azure/permission_relationships.py +60 -0
cartography/models/azure/principal.py +41 -0
cartography/models/azure/public_ip_address.py +50 -0
cartography/models/azure/rbac.py +268 -0
cartography/models/azure/resource_groups.py +52 -0
cartography/models/azure/security_center.py +50 -0
cartography/models/azure/sql/__init__.py +0 -0
cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
cartography/models/azure/sql/elasticpool.py +77 -0
cartography/models/azure/sql/failovergroup.py +73 -0
cartography/models/azure/sql/recoverabledatabase.py +75 -0
cartography/models/azure/sql/replicationlink.py +81 -0
cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
cartography/models/azure/sql/restorepoint.py +74 -0
cartography/models/azure/sql/serveradadministrator.py +74 -0
cartography/models/azure/sql/serverdnsalias.py +71 -0
cartography/models/azure/sql/sqldatabase.py +85 -0
cartography/models/azure/sql/sqlserver.py +50 -0
cartography/models/azure/sql/transparentdataencryption.py +76 -0
cartography/models/azure/storage/__init__.py +0 -0
cartography/models/azure/storage/account.py +59 -0
cartography/models/azure/storage/blobcontainer.py +85 -0
cartography/models/azure/storage/blobservice.py +71 -0
cartography/models/azure/storage/fileservice.py +71 -0
cartography/models/azure/storage/fileshare.py +82 -0
cartography/models/azure/storage/queue.py +71 -0
cartography/models/azure/storage/queueservice.py +73 -0
cartography/models/azure/storage/table.py +72 -0
cartography/models/azure/storage/tableservice.py +73 -0
cartography/models/azure/subnet.py +101 -0
cartography/models/azure/subscription.py +47 -0
cartography/models/azure/tags/__init__.py +0 -0
cartography/models/azure/tags/storage_tag.py +40 -0
cartography/models/azure/tags/tag.py +37 -0
cartography/models/azure/tenant.py +17 -0
cartography/models/azure/virtual_network.py +49 -0
cartography/models/azure/vm/__init__.py +0 -0
cartography/models/azure/vm/datadisk.py +80 -0
cartography/models/azure/vm/disk.py +55 -0
cartography/models/azure/vm/snapshot.py +56 -0
cartography/models/azure/vm/virtualmachine.py +59 -0
cartography/models/bigfix/bigfix_computer.py +1 -1
cartography/models/cloudflare/member.py +4 -0
cartography/models/core/common.py +1 -0
cartography/models/core/nodes.py +15 -2
cartography/models/core/relationships.py +44 -0
cartography/models/crowdstrike/hosts.py +1 -1
cartography/models/digitalocean/droplet.py +2 -0
cartography/models/duo/endpoint.py +1 -1
cartography/models/duo/phone.py +2 -2
cartography/models/duo/user.py +4 -0
cartography/models/entra/app_role_assignment.py +115 -0
cartography/models/entra/application.py +49 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/group.py +117 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/entra/user.py +42 -51
cartography/models/gcp/__init__.py +0 -0
cartography/models/gcp/bigtable/__init__.py +0 -0
cartography/models/gcp/bigtable/app_profile.py +94 -0
cartography/models/gcp/bigtable/backup.py +91 -0
cartography/models/gcp/bigtable/cluster.py +73 -0
cartography/models/gcp/bigtable/instance.py +52 -0
cartography/models/gcp/bigtable/table.py +69 -0
cartography/models/gcp/compute/__init__.py +0 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/compute/vpc.py +50 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +3 -0
cartography/models/gcp/permission_relationships.py +61 -0
cartography/models/gcp/policy_bindings.py +93 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
cartography/models/github/dependencies.py +73 -0
cartography/models/github/manifests.py +49 -0
cartography/models/github/users.py +10 -0
cartography/models/googleworkspace/__init__.py +0 -0
cartography/models/googleworkspace/device.py +132 -0
cartography/models/googleworkspace/group.py +382 -0
cartography/models/googleworkspace/oauth_app.py +124 -0
cartography/models/googleworkspace/tenant.py +30 -0
cartography/models/googleworkspace/user.py +113 -0
cartography/models/gsuite/__init__.py +0 -0
cartography/models/gsuite/group.py +218 -0
cartography/models/gsuite/tenant.py +29 -0
cartography/models/gsuite/user.py +107 -0
cartography/models/kandji/device.py +1 -2
cartography/models/keycloak/__init__.py +0 -0
cartography/models/keycloak/authenticationexecution.py +160 -0
cartography/models/keycloak/authenticationflow.py +54 -0
cartography/models/keycloak/client.py +179 -0
cartography/models/keycloak/group.py +101 -0
cartography/models/keycloak/identityprovider.py +89 -0
cartography/models/keycloak/organization.py +116 -0
cartography/models/keycloak/organizationdomain.py +73 -0
cartography/models/keycloak/realm.py +173 -0
cartography/models/keycloak/role.py +126 -0
cartography/models/keycloak/scope.py +73 -0
cartography/models/keycloak/user.py +55 -0
cartography/models/kubernetes/__init__.py +0 -0
cartography/models/kubernetes/clusterrolebindings.py +138 -0
cartography/models/kubernetes/clusterroles.py +52 -0
cartography/models/kubernetes/clusters.py +26 -0
cartography/models/kubernetes/containers.py +133 -0
cartography/models/kubernetes/groups.py +107 -0
cartography/models/kubernetes/namespaces.py +51 -0
cartography/models/kubernetes/oidc.py +51 -0
cartography/models/kubernetes/pods.py +80 -0
cartography/models/kubernetes/rolebindings.py +159 -0
cartography/models/kubernetes/roles.py +76 -0
cartography/models/kubernetes/secrets.py +79 -0
cartography/models/kubernetes/serviceaccounts.py +77 -0
cartography/models/kubernetes/services.py +108 -0
cartography/models/kubernetes/users.py +105 -0
cartography/models/lastpass/user.py +4 -0
cartography/models/ontology/__init__.py +0 -0
cartography/models/ontology/device.py +137 -0
cartography/models/ontology/mapping/__init__.py +76 -0
cartography/models/ontology/mapping/data/__init__.py +0 -0
cartography/models/ontology/mapping/data/apikeys.py +93 -0
cartography/models/ontology/mapping/data/computeinstance.py +95 -0
cartography/models/ontology/mapping/data/containers.py +88 -0
cartography/models/ontology/mapping/data/databases.py +182 -0
cartography/models/ontology/mapping/data/devices.py +194 -0
cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
cartography/models/ontology/mapping/data/useraccounts.py +416 -0
cartography/models/ontology/mapping/data/users.py +63 -0
cartography/models/ontology/mapping/specs.py +85 -0
cartography/models/ontology/user.py +51 -0
cartography/models/openai/adminapikey.py +4 -0
cartography/models/openai/apikey.py +4 -0
cartography/models/openai/user.py +4 -0
cartography/models/scaleway/__init__.py +0 -0
cartography/models/scaleway/iam/__init__.py +0 -0
cartography/models/scaleway/iam/apikey.py +100 -0
cartography/models/scaleway/iam/application.py +52 -0
cartography/models/scaleway/iam/group.py +95 -0
cartography/models/scaleway/iam/user.py +64 -0
cartography/models/scaleway/instance/__init__.py +0 -0
cartography/models/scaleway/instance/flexibleip.py +52 -0
cartography/models/scaleway/instance/instance.py +120 -0
cartography/models/scaleway/organization.py +19 -0
cartography/models/scaleway/project.py +48 -0
cartography/models/scaleway/storage/__init__.py +0 -0
cartography/models/scaleway/storage/snapshot.py +78 -0
cartography/models/scaleway/storage/volume.py +51 -0
cartography/models/sentinelone/__init__.py +1 -0
cartography/models/sentinelone/account.py +40 -0
cartography/models/sentinelone/agent.py +50 -0
cartography/models/sentinelone/application.py +44 -0
cartography/models/sentinelone/application_version.py +96 -0
cartography/models/sentinelone/cve.py +73 -0
cartography/models/slack/__init__.py +0 -0
cartography/models/slack/channels.py +92 -0
cartography/models/slack/group.py +129 -0
cartography/models/slack/team.py +22 -0
cartography/models/slack/user.py +62 -0
cartography/models/snipeit/asset.py +2 -0
cartography/models/snipeit/user.py +4 -0
cartography/models/spacelift/__init__.py +0 -0
cartography/models/spacelift/cloudtrailevent.py +120 -0
cartography/models/spacelift/run.py +162 -0
cartography/models/spacelift/space.py +131 -0
cartography/models/spacelift/spaceliftaccount.py +31 -0
cartography/models/spacelift/spaceliftgitcommit.py +157 -0
cartography/models/spacelift/stack.py +96 -0
cartography/models/spacelift/user.py +63 -0
cartography/models/spacelift/worker.py +97 -0
cartography/models/spacelift/workerpool.py +90 -0
cartography/models/tailscale/device.py +2 -1
cartography/models/tailscale/user.py +6 -1
cartography/models/trivy/__init__.py +0 -0
cartography/models/trivy/findings.py +66 -0
cartography/models/trivy/fix.py +66 -0
cartography/models/trivy/package.py +71 -0
cartography/rules/README.md +1 -0
cartography/rules/__init__.py +0 -0
cartography/rules/cli.py +261 -0
cartography/rules/data/__init__.py +0 -0
cartography/rules/data/rules/__init__.py +46 -0
cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
cartography/rules/data/rules/compute_instance_exposed.py +51 -0
cartography/rules/data/rules/database_instance_exposed.py +53 -0
cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
cartography/rules/data/rules/identity_administration_privileges.py +100 -0
cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
cartography/rules/data/rules/mfa_missing.py +46 -0
cartography/rules/data/rules/object_storage_public.py +100 -0
cartography/rules/data/rules/policy_administration_privileges.py +104 -0
cartography/rules/data/rules/unmanaged_accounts.py +43 -0
cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
cartography/rules/formatters.py +108 -0
cartography/rules/runners.py +216 -0
cartography/rules/spec/__init__.py +0 -0
cartography/rules/spec/model.py +267 -0
cartography/rules/spec/result.py +38 -0
cartography/sync.py +25 -5
cartography/util.py +101 -31
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/METADATA +61 -22
cartography-0.123.0.dist-info/RECORD +856 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
cartography/intel/gcp/crm.py +0 -355
cartography/intel/gsuite/api.py +0 -342
cartography-0.104.0rc2.dist-info/RECORD +0 -455
/cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
/cartography/models/aws/{apigateway.py → apigateway/apigateway.py} +0 -0
/cartography/models/aws/{apigatewaycertificate.py → apigateway/apigatewaycertificate.py} +0 -0
/cartography/models/aws/{apigatewayresource.py → apigateway/apigatewayresource.py} +0 -0
/cartography/models/aws/{apigatewaystage.py → apigateway/apigatewaystage.py} +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/WHEEL +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0

cartography/data/jobs/cleanup/github_repos_cleanup.json CHANGED Viewed

@@ -19,6 +19,7 @@
     "iterative": true,
     "iterationsize": 100
   },
   {
     "query": "MATCH (:GitHubBranch)-[r:BRANCH]->(:GitHubRepository) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
     "iterative": true,
@@ -39,6 +40,7 @@
     "iterative": true,
     "iterationsize": 100
   },
   {
     "query": "MATCH (:GitHubUser)-[r:OUTSIDE_COLLAB_ADMIN]->(:GitHubRepository) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
     "iterative": true,

cartography/driftdetect/cli.py CHANGED Viewed

@@ -63,8 +63,9 @@ class CLI:
             default="bolt://localhost:7687",
             help=(
                 "A valid Neo4j URI to sync against. See "
-                "https://neo4j.com/docs/api/python-driver/current/driver.html#uri for complete documentation on the "
-                "structure of a Neo4j URI."
+                "https://neo4j.com/docs/browser-manual/current/operations/dbms-connection/#uri-scheme for "
+                "documentation on the structure of a Neo4j URI, and "
+                "https://neo4j.com/docs/api/python-driver/current/ for complete documentation on the Python driver."
             ),
         )
         parser_get_state.add_argument(

cartography/graph/cleanupbuilder.py CHANGED Viewed

@@ -3,6 +3,7 @@ from string import Template
 from typing import Dict
 from typing import List
+from cartography.graph.querybuilder import _asdict_with_validate_relprops
 from cartography.graph.querybuilder import _build_match_clause
 from cartography.graph.querybuilder import rel_present_on_node_schema
 from cartography.models.core.common import PropertyRef
@@ -15,33 +16,40 @@ from cartography.models.core.relationships import TargetNodeMatcher
 def build_cleanup_queries(node_schema: CartographyNodeSchema) -> List[str]:
     """
     Generates queries to clean up stale nodes and relationships from the given CartographyNodeSchema.
+    Properly handles cases where a node schema has a scoped cleanup or not.
     Note that auto-cleanups for a node with no relationships is not currently supported.
-    Algorithm:
-    1. If node_schema has no relationships at all, return empty.
-    Otherwise,
-    1. If node_schema doesn't have a sub_resource relationship, generate queries only to clean up its other
-    relationships. No nodes will be cleaned up.
-    Otherwise,
-    1. First delete all stale nodes attached to the node_schema's sub resource
-    2. Delete all stale node to sub resource relationships
-        - We don't expect this to be very common (never for AWS resources, at least), but in case it is possible for an
-          asset to change sub resources, we want to handle it properly.
-    3. For all relationships defined on the node schema, delete all stale ones.
     :param node_schema: The given CartographyNodeSchema
     :return: A list of Neo4j queries to clean up nodes and relationships.
     """
+    # If the node has no relationships, do not delete the node. Leave this behind for the user to manage.
+    # Oftentimes these are SyncMetadata nodes.
     if (
         not node_schema.sub_resource_relationship
         and not node_schema.other_relationships
     ):
         return []
-    if not node_schema.sub_resource_relationship:
+    # Case 1 [Standard]: the node has a sub resource and scoped cleanup is true => clean up stale nodes
+    # of this type, scoped to the sub resource. Continue on to clean up the other_relationships too.
+    if node_schema.sub_resource_relationship and node_schema.scoped_cleanup:
+        queries = _build_cleanup_node_and_rel_queries(
+            node_schema,
+            node_schema.sub_resource_relationship,
+        )
+    # Case 2: The node has a sub resource but scoped cleanup is false => this does not make sense
+    # because if have a sub resource, we are implying that we are doing scoped cleanup.
+    elif node_schema.sub_resource_relationship and not node_schema.scoped_cleanup:
+        raise ValueError(
+            f"This is not expected: {node_schema.label} has a sub_resource_relationship but scoped_cleanup=False."
+            "Please check the class definition for this node schema. It doesn't make sense for a node to have a "
+            "sub resource relationship and an unscoped cleanup. Doing this will cause all stale nodes of this type "
+            "to be deleted regardless of the sub resource they are attached to."
+        )
+    # Case 3: The node has no sub resource but scoped cleanup is true => do not delete any nodes, but clean up stale relationships.
+    # Return early.
+    elif not node_schema.sub_resource_relationship and node_schema.scoped_cleanup:
         queries = []
         other_rels = (
             node_schema.other_relationships.rels
@@ -53,17 +61,20 @@ def build_cleanup_queries(node_schema: CartographyNodeSchema) -> List[str]:
             queries.append(query)
         return queries
-    result = _build_cleanup_node_and_rel_queries(
-        node_schema,
-        node_schema.sub_resource_relationship,
-    )
+    # Case 4: The node has no sub resource and scoped cleanup is false => clean up the stale nodes. Continue on to clean up the other_relationships too.
+    else:
+        queries = [_build_cleanup_node_query_unscoped(node_schema)]
     if node_schema.other_relationships:
         for rel in node_schema.other_relationships.rels:
-            # [0] is the delete node query, [1] is the delete relationship query. We only want the latter.
-            _, rel_query = _build_cleanup_node_and_rel_queries(node_schema, rel)
-            result.append(rel_query)
+            if node_schema.scoped_cleanup:
+                # [0] is the delete node query, [1] is the delete relationship query. We only want the latter.
+                _, rel_query = _build_cleanup_node_and_rel_queries(node_schema, rel)
+                queries.append(rel_query)
+            else:
+                queries.append(_build_cleanup_rel_queries_unscoped(node_schema, rel))
-    return result
+    return queries
 def _build_cleanup_rel_query_no_sub_resource(
@@ -94,6 +105,46 @@ def _build_cleanup_rel_query_no_sub_resource(
     )
+def _build_match_statement_for_cleanup(node_schema: CartographyNodeSchema) -> str:
+    """
+    Helper function to build a MATCH statement for a given node schema for cleanup.
+    """
+    if not node_schema.sub_resource_relationship and not node_schema.scoped_cleanup:
+        template = Template("MATCH (n:$node_label)")
+        return template.safe_substitute(
+            node_label=node_schema.label,
+        )
+    # if it has a sub resource relationship defined, we need to match on the sub resource to make sure we only delete
+    # nodes that are attached to the sub resource.
+    template = Template(
+        "MATCH (n:$node_label)$sub_resource_link(:$sub_resource_label{$match_sub_res_clause})"
+    )
+    sub_resource_link = ""
+    sub_resource_label = ""
+    match_sub_res_clause = ""
+    if node_schema.sub_resource_relationship:
+        # Draw sub resource rel with correct direction
+        if node_schema.sub_resource_relationship.direction == LinkDirection.INWARD:
+            sub_resource_link_template = Template("<-[s:$SubResourceRelLabel]-")
+        else:
+            sub_resource_link_template = Template("-[s:$SubResourceRelLabel]->")
+        sub_resource_link = sub_resource_link_template.safe_substitute(
+            SubResourceRelLabel=node_schema.sub_resource_relationship.rel_label,
+        )
+        sub_resource_label = node_schema.sub_resource_relationship.target_node_label
+        match_sub_res_clause = _build_match_clause(
+            node_schema.sub_resource_relationship.target_node_matcher,
+        )
+    return template.safe_substitute(
+        node_label=node_schema.label,
+        sub_resource_link=sub_resource_link,
+        sub_resource_label=sub_resource_label,
+        match_sub_res_clause=match_sub_res_clause,
+    )
 def _build_cleanup_node_and_rel_queries(
     node_schema: CartographyNodeSchema,
     selected_relationship: CartographyRelSchema,
@@ -120,15 +171,6 @@ def _build_cleanup_node_and_rel_queries(
             "verify the node class definition for the relationships that it has.",
         )
-    # Draw sub resource rel with correct direction
-    if node_schema.sub_resource_relationship.direction == LinkDirection.INWARD:
-        sub_resource_link_template = Template("<-[s:$SubResourceRelLabel]-")
-    else:
-        sub_resource_link_template = Template("-[s:$SubResourceRelLabel]->")
-    sub_resource_link = sub_resource_link_template.safe_substitute(
-        SubResourceRelLabel=node_schema.sub_resource_relationship.rel_label,
-    )
     # The cleanup node query must always be before the cleanup rel query
     delete_action_clauses = [
         """
@@ -161,19 +203,14 @@ def _build_cleanup_node_and_rel_queries(
     # Ensure the node is attached to the sub resource and delete the node
     query_template = Template(
         """
-        MATCH (n:$node_label)$sub_resource_link(:$sub_resource_label{$match_sub_res_clause})
+        $match_statement
         $selected_rel_clause
         $delete_action_clause
         """,
     )
     return [
         query_template.safe_substitute(
-            node_label=node_schema.label,
-            sub_resource_link=sub_resource_link,
-            sub_resource_label=node_schema.sub_resource_relationship.target_node_label,
-            match_sub_res_clause=_build_match_clause(
-                node_schema.sub_resource_relationship.target_node_matcher,
-            ),
+            match_statement=_build_match_statement_for_cleanup(node_schema),
             selected_rel_clause=(
                 ""
                 if selected_relationship == node_schema.sub_resource_relationship
@@ -185,6 +222,80 @@ def _build_cleanup_node_and_rel_queries(
     ]
+def _build_cleanup_node_query_unscoped(
+    node_schema: CartographyNodeSchema,
+) -> str:
+    """
+    Generates a cleanup query for a node_schema to allow unscoped cleanup.
+    """
+    if node_schema.scoped_cleanup:
+        raise ValueError(
+            f"_build_cleanup_node_query_for_unscoped_cleanup() failed: '{node_schema.label}' does not have "
+            "scoped_cleanup=False, so we cannot generate a query to clean it up. Please verify that the class "
+            "definition is what you expect.",
+        )
+    # The cleanup node query must always be before the cleanup rel query
+    delete_action_clause = """
+        WHERE n.lastupdated <> $UPDATE_TAG
+        WITH n LIMIT $LIMIT_SIZE
+        DETACH DELETE n;
+    """
+    # Ensure the node is attached to the sub resource and delete the node
+    query_template = Template(
+        """
+        $match_statement
+        $delete_action_clause
+        """,
+    )
+    return query_template.safe_substitute(
+        match_statement=_build_match_statement_for_cleanup(node_schema),
+        delete_action_clause=delete_action_clause,
+    )
+def _build_cleanup_rel_queries_unscoped(
+    node_schema: CartographyNodeSchema,
+    selected_relationship: CartographyRelSchema,
+) -> str:
+    """
+    Generates relationship cleanup query for a node_schema with scoped_cleanup=False.
+    """
+    if node_schema.scoped_cleanup:
+        raise ValueError(
+            f"_build_cleanup_node_and_rel_queries_unscoped() failed: '{node_schema.label}' does not have "
+            "scoped_cleanup=False, so we cannot generate a query to clean it up. Please verify that the class "
+            "definition is what you expect.",
+        )
+    if not rel_present_on_node_schema(node_schema, selected_relationship):
+        raise ValueError(
+            f"_build_cleanup_node_query(): Attempted to build cleanup query for node '{node_schema.label}' and "
+            f"relationship {selected_relationship.rel_label} but that relationship is not present on the node. Please "
+            "verify the node class definition for the relationships that it has.",
+        )
+    # The cleanup node query must always be before the cleanup rel query
+    delete_action_clause = """WHERE r.lastupdated <> $UPDATE_TAG
+        WITH r LIMIT $LIMIT_SIZE
+        DELETE r;
+        """
+    # Ensure the node is attached to the sub resource and delete the node
+    query_template = Template(
+        """
+        $match_statement
+        $selected_rel_clause
+        $delete_action_clause
+        """,
+    )
+    return query_template.safe_substitute(
+        match_statement=_build_match_statement_for_cleanup(node_schema),
+        selected_rel_clause=_build_selected_rel_clause(selected_relationship),
+        delete_action_clause=delete_action_clause,
+    )
 def _build_selected_rel_clause(selected_relationship: CartographyRelSchema) -> str:
     """
     Draw selected relationship with correct direction. Returns a string that looks like either
@@ -224,3 +335,49 @@ def _validate_target_node_matcher_for_cleanup_job(tgm: TargetNodeMatcher):
                 f"{key} has set_in_kwargs=False, please check by reviewing the full stack trace to know which object"
                 f"this message was raised from. Debug information: PropertyRef name = {prop_ref.name}.",
             )
+def build_cleanup_query_for_matchlink(rel_schema: CartographyRelSchema) -> str:
+    """
+    Generates a cleanup query for a matchlink relationship.
+    :param rel_schema: The CartographyRelSchema object to generate a query. This CartographyRelSchema object
+    - Must have a source_node_matcher and source_node_label defined
+    - Must have a CartographyRelProperties object where _sub_resource_label and _sub_resource_id are defined
+    :return: A Neo4j query used to clean up stale matchlink relationships.
+    """
+    if not rel_schema.source_node_matcher:
+        raise ValueError(
+            f"No source node matcher found for {rel_schema.rel_label}; returning empty list."
+        )
+    query_template = Template(
+        """
+        MATCH (from:$source_node_label)$rel_direction[r:$rel_label]$rel_direction_end(to:$target_node_label)
+        WHERE r.lastupdated <> $UPDATE_TAG
+            AND r._sub_resource_label = $sub_resource_label
+            AND r._sub_resource_id = $sub_resource_id
+        WITH r LIMIT $LIMIT_SIZE
+        DELETE r;
+        """
+    )
+    # Determine which way to point the arrow. INWARD is toward the source, otherwise we go toward the target.
+    if rel_schema.direction == LinkDirection.INWARD:
+        rel_direction = "<-"
+        rel_direction_end = "-"
+    else:
+        rel_direction = "-"
+        rel_direction_end = "->"
+    # Small hack: avoid type-checking errors by converting the rel_schema to a dict.
+    rel_props_as_dict = _asdict_with_validate_relprops(rel_schema)
+    return query_template.safe_substitute(
+        source_node_label=rel_schema.source_node_label,
+        target_node_label=rel_schema.target_node_label,
+        rel_label=rel_schema.rel_label,
+        rel_direction=rel_direction,
+        rel_direction_end=rel_direction_end,
+        sub_resource_label=rel_props_as_dict["_sub_resource_label"],
+        sub_resource_id=rel_props_as_dict["_sub_resource_id"],
+    )

cartography/graph/job.py CHANGED Viewed

@@ -13,9 +13,11 @@ from typing import Union
 import neo4j
 from cartography.graph.cleanupbuilder import build_cleanup_queries
+from cartography.graph.cleanupbuilder import build_cleanup_query_for_matchlink
 from cartography.graph.statement import get_job_shortname
 from cartography.graph.statement import GraphStatement
 from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelSchema
 logger = logging.getLogger(__name__)
@@ -123,11 +125,13 @@ class GraphJob:
         }
     @classmethod
-    def from_json(cls, blob: str, short_name: Optional[str] = None) -> "GraphJob":
+    def from_json(
+        cls, blob: Union[str, dict], short_name: Optional[str] = None
+    ) -> "GraphJob":
         """
-        Create a job from a JSON blob.
+        Create a job from a JSON dict or blob.
         """
-        data: Dict = json.loads(blob)
+        data = json.loads(blob) if isinstance(blob, str) else blob
         statements = _get_statements_from_json(data, short_name)
         name = data["name"]
         return cls(name, statements, short_name)
@@ -137,11 +141,13 @@ class GraphJob:
         cls,
         node_schema: CartographyNodeSchema,
         parameters: Dict[str, Any],
+        iterationsize: int = 100,
     ) -> "GraphJob":
         """
         Create a cleanup job from a CartographyNodeSchema object.
         For a given node, the fields used in the node_schema.sub_resource_relationship.target_node_node_matcher.keys()
         must be provided as keys and values in the params dict.
+        :param iterationsize: The number of items to process in each iteration. Defaults to 100.
         """
         queries: List[str] = build_cleanup_queries(node_schema)
@@ -163,7 +169,7 @@ class GraphJob:
                 query,
                 parameters=parameters,
                 iterative=True,
-                iterationsize=100,
+                iterationsize=iterationsize,
                 parent_job_name=node_schema.label,
                 parent_job_sequence_num=idx,
             )
@@ -176,6 +182,48 @@ class GraphJob:
             node_schema.label,
         )
+    @classmethod
+    def from_matchlink(
+        cls,
+        rel_schema: CartographyRelSchema,
+        sub_resource_label: str,
+        sub_resource_id: str,
+        update_tag: int,
+        iterationsize: int = 100,
+    ) -> "GraphJob":
+        """
+        Create a cleanup job from a CartographyRelSchema object (specifically, a MatchLink).
+        This is used for cleaning up stale links between nodes created by load_rels(). Do not use for other purposes.
+        Other notes:
+        - For a given rel_schema, the fields used in the rel_schema.properties._sub_resource_label.name and
+        rel_schema.properties._sub_resource_id.name must be provided as keys and values in the params dict.
+        - The rel_schema must have a source_node_matcher and target_node_matcher.
+        :param iterationsize: The number of items to process in each iteration. Defaults to 100.
+        """
+        cleanup_link_query = build_cleanup_query_for_matchlink(rel_schema)
+        logger.debug(f"Cleanup query: {cleanup_link_query}")
+        parameters = {
+            "UPDATE_TAG": update_tag,
+            "_sub_resource_label": sub_resource_label,
+            "_sub_resource_id": sub_resource_id,
+        }
+        statement = GraphStatement(
+            cleanup_link_query,
+            parameters=parameters,
+            iterative=True,
+            iterationsize=iterationsize,
+            parent_job_name=rel_schema.rel_label,
+        )
+        return cls(
+            f"Cleanup {rel_schema.rel_label} between {rel_schema.source_node_label} and {rel_schema.target_node_label}",
+            [statement],
+            rel_schema.rel_label,
+        )
     @classmethod
     def from_json_file(cls, file_path: Union[str, Path]) -> "GraphJob":
         """
@@ -196,12 +244,12 @@ class GraphJob:
     def run_from_json(
         cls,
         neo4j_session: neo4j.Session,
-        blob: str,
+        blob: Union[str, dict],
         parameters: Dict,
         short_name: Optional[str] = None,
     ) -> None:
         """
-        Run a job from a JSON blob. This will deserialize the job and execute all statements sequentially.
+        Run a job from a JSON dict or blob. This will deserialize the job and execute all statements sequentially.
         """
         if not parameters:
             parameters = {}

cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl