PyPI - cartography - Versions diffs - 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl - Mend

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (642) hide show

cartography/_version.py +16 -3
cartography/cli.py +466 -5
cartography/client/aws/__init__.py +19 -0
cartography/client/aws/ecr.py +51 -0
cartography/client/core/tx.py +357 -8
cartography/config.py +153 -0
cartography/data/azure_permission_relationships.yaml +20 -0
cartography/data/gcp_permission_relationships.yaml +21 -0
cartography/data/indexes.cypher +0 -186
cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
cartography/data/jobs/cleanup/github_repos_cleanup.json +2 -0
cartography/driftdetect/cli.py +3 -2
cartography/graph/cleanupbuilder.py +198 -41
cartography/graph/job.py +54 -6
cartography/graph/querybuilder.py +528 -27
cartography/graph/statement.py +5 -1
cartography/intel/airbyte/__init__.py +105 -0
cartography/intel/airbyte/connections.py +120 -0
cartography/intel/airbyte/destinations.py +81 -0
cartography/intel/airbyte/organizations.py +59 -0
cartography/intel/airbyte/sources.py +78 -0
cartography/intel/airbyte/tags.py +64 -0
cartography/intel/airbyte/users.py +106 -0
cartography/intel/airbyte/util.py +122 -0
cartography/intel/airbyte/workspaces.py +63 -0
cartography/intel/aws/__init__.py +24 -9
cartography/intel/aws/acm.py +124 -0
cartography/intel/aws/apigateway.py +253 -22
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/cloudtrail.py +17 -39
cartography/intel/aws/cloudtrail_management_events.py +962 -0
cartography/intel/aws/cloudwatch.py +150 -4
cartography/intel/aws/codebuild.py +132 -0
cartography/intel/aws/cognito.py +201 -0
cartography/intel/aws/config.py +7 -3
cartography/intel/aws/ec2/elastic_ip_addresses.py +3 -1
cartography/intel/aws/ec2/instances.py +25 -1
cartography/intel/aws/ec2/internet_gateways.py +4 -2
cartography/intel/aws/ec2/load_balancer_v2s.py +11 -5
cartography/intel/aws/ec2/network_interfaces.py +5 -1
cartography/intel/aws/ec2/reserved_instances.py +3 -1
cartography/intel/aws/ec2/security_groups.py +140 -122
cartography/intel/aws/ec2/snapshots.py +47 -84
cartography/intel/aws/ec2/subnets.py +37 -63
cartography/intel/aws/ec2/tgw.py +11 -5
cartography/intel/aws/ec2/volumes.py +1 -1
cartography/intel/aws/ec2/vpc.py +140 -124
cartography/intel/aws/ec2/vpc_peerings.py +262 -125
cartography/intel/aws/ecr.py +269 -98
cartography/intel/aws/ecr_image_layers.py +923 -0
cartography/intel/aws/ecs.py +251 -380
cartography/intel/aws/efs.py +179 -11
cartography/intel/aws/elasticache.py +102 -79
cartography/intel/aws/elasticsearch.py +13 -4
cartography/intel/aws/eventbridge.py +164 -0
cartography/intel/aws/glue.py +181 -0
cartography/intel/aws/guardduty.py +443 -0
cartography/intel/aws/iam.py +750 -493
cartography/intel/aws/identitycenter.py +605 -83
cartography/intel/aws/inspector.py +221 -105
cartography/intel/aws/kms.py +173 -201
cartography/intel/aws/lambda_function.py +272 -189
cartography/intel/aws/organizations.py +10 -9
cartography/intel/aws/permission_relationships.py +10 -20
cartography/intel/aws/rds.py +337 -446
cartography/intel/aws/redshift.py +9 -4
cartography/intel/aws/resourcegroupstaggingapi.py +78 -19
cartography/intel/aws/resources.py +18 -0
cartography/intel/aws/route53.py +386 -332
cartography/intel/aws/s3.py +322 -14
cartography/intel/aws/secretsmanager.py +81 -49
cartography/intel/aws/securityhub.py +3 -1
cartography/intel/aws/sns.py +62 -2
cartography/intel/aws/sqs.py +36 -90
cartography/intel/aws/ssm.py +3 -5
cartography/intel/azure/__init__.py +202 -48
cartography/intel/azure/aks.py +175 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/compute.py +59 -112
cartography/intel/azure/container_instances.py +95 -0
cartography/intel/azure/cosmosdb.py +222 -361
cartography/intel/azure/data_factory.py +85 -0
cartography/intel/azure/data_factory_dataset.py +128 -0
cartography/intel/azure/data_factory_linked_service.py +119 -0
cartography/intel/azure/data_factory_pipeline.py +142 -0
cartography/intel/azure/data_lake.py +124 -0
cartography/intel/azure/event_grid.py +94 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/azure/load_balancers.py +263 -0
cartography/intel/azure/logic_apps.py +101 -0
cartography/intel/azure/monitor.py +105 -0
cartography/intel/azure/network.py +467 -0
cartography/intel/azure/permission_relationships.py +466 -0
cartography/intel/azure/rbac.py +309 -0
cartography/intel/azure/resource_groups.py +82 -0
cartography/intel/azure/security_center.py +106 -0
cartography/intel/azure/sql.py +145 -292
cartography/intel/azure/storage.py +185 -262
cartography/intel/azure/subscription.py +21 -43
cartography/intel/azure/tenant.py +39 -30
cartography/intel/azure/util/common.py +13 -0
cartography/intel/azure/util/credentials.py +49 -174
cartography/intel/azure/util/tag.py +41 -0
cartography/intel/create_indexes.py +2 -1
cartography/intel/crowdstrike/spotlight.py +5 -2
cartography/intel/dns.py +5 -2
cartography/intel/entra/__init__.py +100 -1
cartography/intel/entra/app_role_assignments.py +284 -0
cartography/intel/entra/applications.py +182 -0
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/groups.py +198 -0
cartography/intel/entra/ou.py +48 -24
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/entra/users.py +105 -57
cartography/intel/gcp/__init__.py +334 -396
cartography/intel/gcp/bigtable_app_profile.py +101 -0
cartography/intel/gcp/bigtable_backup.py +91 -0
cartography/intel/gcp/bigtable_cluster.py +93 -0
cartography/intel/gcp/bigtable_instance.py +86 -0
cartography/intel/gcp/bigtable_table.py +87 -0
cartography/intel/gcp/cai.py +292 -0
cartography/intel/gcp/clients.py +112 -0
cartography/intel/gcp/compute.py +128 -119
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +114 -0
cartography/intel/gcp/crm/orgs.py +70 -0
cartography/intel/gcp/crm/projects.py +120 -0
cartography/intel/gcp/dns.py +83 -169
cartography/intel/gcp/gke.py +72 -113
cartography/intel/gcp/iam.py +111 -91
cartography/intel/gcp/permission_relationships.py +394 -0
cartography/intel/gcp/policy_bindings.py +225 -0
cartography/intel/gcp/storage.py +75 -159
cartography/intel/github/__init__.py +62 -25
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +463 -85
cartography/intel/github/teams.py +3 -3
cartography/intel/github/users.py +5 -0
cartography/intel/github/util.py +12 -0
cartography/intel/googleworkspace/__init__.py +193 -0
cartography/intel/googleworkspace/devices.py +254 -0
cartography/intel/googleworkspace/groups.py +568 -0
cartography/intel/googleworkspace/oauth_apps.py +259 -0
cartography/intel/googleworkspace/tenant.py +85 -0
cartography/intel/googleworkspace/users.py +138 -0
cartography/intel/gsuite/__init__.py +17 -9
cartography/intel/gsuite/groups.py +291 -0
cartography/intel/gsuite/users.py +142 -0
cartography/intel/jamf/computers.py +7 -1
cartography/intel/keycloak/__init__.py +153 -0
cartography/intel/keycloak/authenticationexecutions.py +322 -0
cartography/intel/keycloak/authenticationflows.py +77 -0
cartography/intel/keycloak/clients.py +187 -0
cartography/intel/keycloak/groups.py +126 -0
cartography/intel/keycloak/identityproviders.py +94 -0
cartography/intel/keycloak/organizations.py +163 -0
cartography/intel/keycloak/realms.py +61 -0
cartography/intel/keycloak/roles.py +202 -0
cartography/intel/keycloak/scopes.py +73 -0
cartography/intel/keycloak/users.py +70 -0
cartography/intel/keycloak/util.py +47 -0
cartography/intel/kubernetes/__init__.py +60 -14
cartography/intel/kubernetes/clusters.py +86 -0
cartography/intel/kubernetes/eks.py +402 -0
cartography/intel/kubernetes/namespaces.py +59 -57
cartography/intel/kubernetes/pods.py +168 -75
cartography/intel/kubernetes/rbac.py +597 -0
cartography/intel/kubernetes/secrets.py +95 -45
cartography/intel/kubernetes/services.py +131 -67
cartography/intel/kubernetes/util.py +142 -14
cartography/intel/oci/iam.py +23 -9
cartography/intel/oci/organizations.py +3 -1
cartography/intel/oci/utils.py +28 -5
cartography/intel/okta/applications.py +15 -5
cartography/intel/okta/awssaml.py +14 -10
cartography/intel/okta/factors.py +3 -1
cartography/intel/okta/groups.py +5 -2
cartography/intel/okta/organization.py +3 -1
cartography/intel/okta/origins.py +3 -1
cartography/intel/okta/roles.py +5 -2
cartography/intel/okta/users.py +10 -2
cartography/intel/ontology/__init__.py +44 -0
cartography/intel/ontology/devices.py +54 -0
cartography/intel/ontology/users.py +54 -0
cartography/intel/ontology/utils.py +176 -0
cartography/intel/pagerduty/escalation_policies.py +13 -6
cartography/intel/pagerduty/schedules.py +9 -4
cartography/intel/pagerduty/services.py +7 -3
cartography/intel/pagerduty/teams.py +5 -2
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/scaleway/__init__.py +127 -0
cartography/intel/scaleway/iam/__init__.py +0 -0
cartography/intel/scaleway/iam/apikeys.py +71 -0
cartography/intel/scaleway/iam/applications.py +71 -0
cartography/intel/scaleway/iam/groups.py +71 -0
cartography/intel/scaleway/iam/users.py +71 -0
cartography/intel/scaleway/instances/__init__.py +0 -0
cartography/intel/scaleway/instances/flexibleips.py +86 -0
cartography/intel/scaleway/instances/instances.py +92 -0
cartography/intel/scaleway/projects.py +79 -0
cartography/intel/scaleway/storage/__init__.py +0 -0
cartography/intel/scaleway/storage/snapshots.py +86 -0
cartography/intel/scaleway/storage/volumes.py +84 -0
cartography/intel/scaleway/utils.py +37 -0
cartography/intel/sentinelone/__init__.py +75 -0
cartography/intel/sentinelone/account.py +140 -0
cartography/intel/sentinelone/agent.py +139 -0
cartography/intel/sentinelone/api.py +124 -0
cartography/intel/sentinelone/application.py +248 -0
cartography/intel/sentinelone/cve.py +119 -0
cartography/intel/sentinelone/utils.py +28 -0
cartography/intel/slack/__init__.py +78 -0
cartography/intel/slack/channels.py +80 -0
cartography/intel/slack/groups.py +90 -0
cartography/intel/slack/teams.py +65 -0
cartography/intel/slack/users.py +57 -0
cartography/intel/slack/utils.py +29 -0
cartography/intel/spacelift/__init__.py +161 -0
cartography/intel/spacelift/account.py +73 -0
cartography/intel/spacelift/ec2_ownership.py +280 -0
cartography/intel/spacelift/runs.py +463 -0
cartography/intel/spacelift/spaces.py +112 -0
cartography/intel/spacelift/stacks.py +119 -0
cartography/intel/spacelift/util.py +122 -0
cartography/intel/spacelift/workerpools.py +131 -0
cartography/intel/spacelift/workers.py +128 -0
cartography/intel/trivy/__init__.py +272 -0
cartography/intel/trivy/scanner.py +386 -0
cartography/models/airbyte/__init__.py +0 -0
cartography/models/airbyte/connection.py +138 -0
cartography/models/airbyte/destination.py +75 -0
cartography/models/airbyte/organization.py +19 -0
cartography/models/airbyte/source.py +75 -0
cartography/models/airbyte/stream.py +74 -0
cartography/models/airbyte/tag.py +69 -0
cartography/models/airbyte/user.py +115 -0
cartography/models/airbyte/workspace.py +46 -0
cartography/models/anthropic/apikey.py +4 -0
cartography/models/anthropic/user.py +4 -0
cartography/models/aws/acm/__init__.py +0 -0
cartography/models/aws/acm/certificate.py +75 -0
cartography/models/aws/apigateway/__init__.py +0 -0
cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/cloudtrail/management_events.py +153 -0
cartography/models/aws/cloudtrail/trail.py +45 -0
cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
cartography/models/aws/codebuild/__init__.py +0 -0
cartography/models/aws/codebuild/project.py +49 -0
cartography/models/aws/cognito/__init__.py +0 -0
cartography/models/aws/cognito/identity_pool.py +70 -0
cartography/models/aws/cognito/user_pool.py +47 -0
cartography/models/aws/dynamodb/tables.py +2 -0
cartography/models/aws/ec2/instances.py +25 -1
cartography/models/aws/ec2/networkinterfaces.py +4 -0
cartography/models/aws/ec2/security_group_rules.py +109 -0
cartography/models/aws/ec2/security_groups.py +90 -0
cartography/models/aws/ec2/snapshots.py +58 -0
cartography/models/aws/ec2/subnet_instance.py +2 -0
cartography/models/aws/ec2/subnet_networkinterface.py +2 -0
cartography/models/aws/ec2/subnets.py +65 -0
cartography/models/aws/ec2/volumes.py +20 -0
cartography/models/aws/ec2/vpc.py +46 -0
cartography/models/aws/ec2/vpc_cidr.py +102 -0
cartography/models/aws/ec2/vpc_peering.py +157 -0
cartography/models/aws/ecr/__init__.py +0 -0
cartography/models/aws/ecr/image.py +146 -0
cartography/models/aws/ecr/image_layer.py +107 -0
cartography/models/aws/ecr/repository.py +72 -0
cartography/models/aws/ecr/repository_image.py +95 -0
cartography/models/aws/ecs/__init__.py +0 -0
cartography/models/aws/ecs/clusters.py +64 -0
cartography/models/aws/ecs/container_definitions.py +93 -0
cartography/models/aws/ecs/container_instances.py +84 -0
cartography/models/aws/ecs/containers.py +101 -0
cartography/models/aws/ecs/services.py +134 -0
cartography/models/aws/ecs/task_definitions.py +135 -0
cartography/models/aws/ecs/tasks.py +134 -0
cartography/models/aws/efs/access_point.py +77 -0
cartography/models/aws/efs/file_system.py +60 -0
cartography/models/aws/efs/mount_target.py +29 -2
cartography/models/aws/elasticache/__init__.py +0 -0
cartography/models/aws/elasticache/cluster.py +65 -0
cartography/models/aws/elasticache/topic.py +67 -0
cartography/models/aws/eventbridge/__init__.py +0 -0
cartography/models/aws/eventbridge/rule.py +77 -0
cartography/models/aws/eventbridge/target.py +71 -0
cartography/models/aws/glue/__init__.py +0 -0
cartography/models/aws/glue/connection.py +51 -0
cartography/models/aws/glue/job.py +69 -0
cartography/models/aws/guardduty/__init__.py +1 -0
cartography/models/aws/guardduty/detectors.py +50 -0
cartography/models/aws/guardduty/findings.py +121 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +27 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +59 -0
cartography/models/aws/identitycenter/awsidentitycenter.py +1 -0
cartography/models/aws/identitycenter/awspermissionset.py +70 -0
cartography/models/aws/identitycenter/awssogroup.py +70 -0
cartography/models/aws/identitycenter/awsssouser.py +49 -9
cartography/models/aws/inspector/findings.py +37 -0
cartography/models/aws/inspector/packages.py +1 -31
cartography/models/aws/kms/__init__.py +0 -0
cartography/models/aws/kms/aliases.py +86 -0
cartography/models/aws/kms/grants.py +65 -0
cartography/models/aws/kms/keys.py +88 -0
cartography/models/aws/lambda_function/__init__.py +0 -0
cartography/models/aws/lambda_function/alias.py +74 -0
cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
cartography/models/aws/lambda_function/lambda_function.py +91 -0
cartography/models/aws/lambda_function/layer.py +72 -0
cartography/models/aws/rds/__init__.py +0 -0
cartography/models/aws/rds/cluster.py +91 -0
cartography/models/aws/rds/event_subscription.py +146 -0
cartography/models/aws/rds/instance.py +156 -0
cartography/models/aws/rds/snapshot.py +108 -0
cartography/models/aws/rds/subnet_group.py +101 -0
cartography/models/aws/route53/__init__.py +0 -0
cartography/models/aws/route53/dnsrecord.py +235 -0
cartography/models/aws/route53/nameserver.py +63 -0
cartography/models/aws/route53/subzone.py +40 -0
cartography/models/aws/route53/zone.py +47 -0
cartography/models/aws/s3/notification.py +24 -0
cartography/models/aws/secretsmanager/secret.py +106 -0
cartography/models/aws/secretsmanager/secret_version.py +0 -2
cartography/models/aws/sns/topic_subscription.py +74 -0
cartography/models/aws/sqs/__init__.py +0 -0
cartography/models/aws/sqs/queue.py +89 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/aks_cluster.py +54 -0
cartography/models/azure/aks_nodepool.py +54 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/container_instance.py +57 -0
cartography/models/azure/cosmosdb/__init__.py +0 -0
cartography/models/azure/cosmosdb/account.py +77 -0
cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
cartography/models/azure/cosmosdb/cassandratable.py +81 -0
cartography/models/azure/cosmosdb/corspolicy.py +74 -0
cartography/models/azure/cosmosdb/dblocation.py +120 -0
cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
cartography/models/azure/cosmosdb/tableresource.py +76 -0
cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
cartography/models/azure/data_factory/__init__.py +0 -0
cartography/models/azure/data_factory/data_factory.py +51 -0
cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
cartography/models/azure/data_lake_filesystem.py +51 -0
cartography/models/azure/event_grid_topic.py +57 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/azure/load_balancer/__init__.py +0 -0
cartography/models/azure/load_balancer/load_balancer.py +49 -0
cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
cartography/models/azure/logic_apps.py +56 -0
cartography/models/azure/monitor.py +54 -0
cartography/models/azure/network_interface.py +112 -0
cartography/models/azure/network_security_group.py +50 -0
cartography/models/azure/permission_relationships.py +60 -0
cartography/models/azure/principal.py +41 -0
cartography/models/azure/public_ip_address.py +50 -0
cartography/models/azure/rbac.py +268 -0
cartography/models/azure/resource_groups.py +52 -0
cartography/models/azure/security_center.py +50 -0
cartography/models/azure/sql/__init__.py +0 -0
cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
cartography/models/azure/sql/elasticpool.py +77 -0
cartography/models/azure/sql/failovergroup.py +73 -0
cartography/models/azure/sql/recoverabledatabase.py +75 -0
cartography/models/azure/sql/replicationlink.py +81 -0
cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
cartography/models/azure/sql/restorepoint.py +74 -0
cartography/models/azure/sql/serveradadministrator.py +74 -0
cartography/models/azure/sql/serverdnsalias.py +71 -0
cartography/models/azure/sql/sqldatabase.py +85 -0
cartography/models/azure/sql/sqlserver.py +50 -0
cartography/models/azure/sql/transparentdataencryption.py +76 -0
cartography/models/azure/storage/__init__.py +0 -0
cartography/models/azure/storage/account.py +59 -0
cartography/models/azure/storage/blobcontainer.py +85 -0
cartography/models/azure/storage/blobservice.py +71 -0
cartography/models/azure/storage/fileservice.py +71 -0
cartography/models/azure/storage/fileshare.py +82 -0
cartography/models/azure/storage/queue.py +71 -0
cartography/models/azure/storage/queueservice.py +73 -0
cartography/models/azure/storage/table.py +72 -0
cartography/models/azure/storage/tableservice.py +73 -0
cartography/models/azure/subnet.py +101 -0
cartography/models/azure/subscription.py +47 -0
cartography/models/azure/tags/__init__.py +0 -0
cartography/models/azure/tags/storage_tag.py +40 -0
cartography/models/azure/tags/tag.py +37 -0
cartography/models/azure/tenant.py +17 -0
cartography/models/azure/virtual_network.py +49 -0
cartography/models/azure/vm/__init__.py +0 -0
cartography/models/azure/vm/datadisk.py +80 -0
cartography/models/azure/vm/disk.py +55 -0
cartography/models/azure/vm/snapshot.py +56 -0
cartography/models/azure/vm/virtualmachine.py +59 -0
cartography/models/bigfix/bigfix_computer.py +1 -1
cartography/models/cloudflare/member.py +4 -0
cartography/models/core/common.py +1 -0
cartography/models/core/nodes.py +15 -2
cartography/models/core/relationships.py +44 -0
cartography/models/crowdstrike/hosts.py +1 -1
cartography/models/digitalocean/droplet.py +2 -0
cartography/models/duo/endpoint.py +1 -1
cartography/models/duo/phone.py +2 -2
cartography/models/duo/user.py +4 -0
cartography/models/entra/app_role_assignment.py +115 -0
cartography/models/entra/application.py +49 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/group.py +117 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/entra/user.py +42 -51
cartography/models/gcp/__init__.py +0 -0
cartography/models/gcp/bigtable/__init__.py +0 -0
cartography/models/gcp/bigtable/app_profile.py +94 -0
cartography/models/gcp/bigtable/backup.py +91 -0
cartography/models/gcp/bigtable/cluster.py +73 -0
cartography/models/gcp/bigtable/instance.py +52 -0
cartography/models/gcp/bigtable/table.py +69 -0
cartography/models/gcp/compute/__init__.py +0 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/compute/vpc.py +50 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +3 -0
cartography/models/gcp/permission_relationships.py +61 -0
cartography/models/gcp/policy_bindings.py +93 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
cartography/models/github/dependencies.py +73 -0
cartography/models/github/manifests.py +49 -0
cartography/models/github/users.py +10 -0
cartography/models/googleworkspace/__init__.py +0 -0
cartography/models/googleworkspace/device.py +132 -0
cartography/models/googleworkspace/group.py +382 -0
cartography/models/googleworkspace/oauth_app.py +124 -0
cartography/models/googleworkspace/tenant.py +30 -0
cartography/models/googleworkspace/user.py +113 -0
cartography/models/gsuite/__init__.py +0 -0
cartography/models/gsuite/group.py +218 -0
cartography/models/gsuite/tenant.py +29 -0
cartography/models/gsuite/user.py +107 -0
cartography/models/kandji/device.py +1 -2
cartography/models/keycloak/__init__.py +0 -0
cartography/models/keycloak/authenticationexecution.py +160 -0
cartography/models/keycloak/authenticationflow.py +54 -0
cartography/models/keycloak/client.py +179 -0
cartography/models/keycloak/group.py +101 -0
cartography/models/keycloak/identityprovider.py +89 -0
cartography/models/keycloak/organization.py +116 -0
cartography/models/keycloak/organizationdomain.py +73 -0
cartography/models/keycloak/realm.py +173 -0
cartography/models/keycloak/role.py +126 -0
cartography/models/keycloak/scope.py +73 -0
cartography/models/keycloak/user.py +55 -0
cartography/models/kubernetes/__init__.py +0 -0
cartography/models/kubernetes/clusterrolebindings.py +138 -0
cartography/models/kubernetes/clusterroles.py +52 -0
cartography/models/kubernetes/clusters.py +26 -0
cartography/models/kubernetes/containers.py +133 -0
cartography/models/kubernetes/groups.py +107 -0
cartography/models/kubernetes/namespaces.py +51 -0
cartography/models/kubernetes/oidc.py +51 -0
cartography/models/kubernetes/pods.py +80 -0
cartography/models/kubernetes/rolebindings.py +159 -0
cartography/models/kubernetes/roles.py +76 -0
cartography/models/kubernetes/secrets.py +79 -0
cartography/models/kubernetes/serviceaccounts.py +77 -0
cartography/models/kubernetes/services.py +108 -0
cartography/models/kubernetes/users.py +105 -0
cartography/models/lastpass/user.py +4 -0
cartography/models/ontology/__init__.py +0 -0
cartography/models/ontology/device.py +137 -0
cartography/models/ontology/mapping/__init__.py +76 -0
cartography/models/ontology/mapping/data/__init__.py +0 -0
cartography/models/ontology/mapping/data/apikeys.py +93 -0
cartography/models/ontology/mapping/data/computeinstance.py +95 -0
cartography/models/ontology/mapping/data/containers.py +88 -0
cartography/models/ontology/mapping/data/databases.py +182 -0
cartography/models/ontology/mapping/data/devices.py +194 -0
cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
cartography/models/ontology/mapping/data/useraccounts.py +416 -0
cartography/models/ontology/mapping/data/users.py +63 -0
cartography/models/ontology/mapping/specs.py +85 -0
cartography/models/ontology/user.py +51 -0
cartography/models/openai/adminapikey.py +4 -0
cartography/models/openai/apikey.py +4 -0
cartography/models/openai/user.py +4 -0
cartography/models/scaleway/__init__.py +0 -0
cartography/models/scaleway/iam/__init__.py +0 -0
cartography/models/scaleway/iam/apikey.py +100 -0
cartography/models/scaleway/iam/application.py +52 -0
cartography/models/scaleway/iam/group.py +95 -0
cartography/models/scaleway/iam/user.py +64 -0
cartography/models/scaleway/instance/__init__.py +0 -0
cartography/models/scaleway/instance/flexibleip.py +52 -0
cartography/models/scaleway/instance/instance.py +120 -0
cartography/models/scaleway/organization.py +19 -0
cartography/models/scaleway/project.py +48 -0
cartography/models/scaleway/storage/__init__.py +0 -0
cartography/models/scaleway/storage/snapshot.py +78 -0
cartography/models/scaleway/storage/volume.py +51 -0
cartography/models/sentinelone/__init__.py +1 -0
cartography/models/sentinelone/account.py +40 -0
cartography/models/sentinelone/agent.py +50 -0
cartography/models/sentinelone/application.py +44 -0
cartography/models/sentinelone/application_version.py +96 -0
cartography/models/sentinelone/cve.py +73 -0
cartography/models/slack/__init__.py +0 -0
cartography/models/slack/channels.py +92 -0
cartography/models/slack/group.py +129 -0
cartography/models/slack/team.py +22 -0
cartography/models/slack/user.py +62 -0
cartography/models/snipeit/asset.py +2 -0
cartography/models/snipeit/user.py +4 -0
cartography/models/spacelift/__init__.py +0 -0
cartography/models/spacelift/cloudtrailevent.py +120 -0
cartography/models/spacelift/run.py +162 -0
cartography/models/spacelift/space.py +131 -0
cartography/models/spacelift/spaceliftaccount.py +31 -0
cartography/models/spacelift/spaceliftgitcommit.py +157 -0
cartography/models/spacelift/stack.py +96 -0
cartography/models/spacelift/user.py +63 -0
cartography/models/spacelift/worker.py +97 -0
cartography/models/spacelift/workerpool.py +90 -0
cartography/models/tailscale/device.py +2 -1
cartography/models/tailscale/user.py +6 -1
cartography/models/trivy/__init__.py +0 -0
cartography/models/trivy/findings.py +66 -0
cartography/models/trivy/fix.py +66 -0
cartography/models/trivy/package.py +71 -0
cartography/rules/README.md +1 -0
cartography/rules/__init__.py +0 -0
cartography/rules/cli.py +261 -0
cartography/rules/data/__init__.py +0 -0
cartography/rules/data/rules/__init__.py +46 -0
cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
cartography/rules/data/rules/compute_instance_exposed.py +51 -0
cartography/rules/data/rules/database_instance_exposed.py +53 -0
cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
cartography/rules/data/rules/identity_administration_privileges.py +100 -0
cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
cartography/rules/data/rules/mfa_missing.py +46 -0
cartography/rules/data/rules/object_storage_public.py +100 -0
cartography/rules/data/rules/policy_administration_privileges.py +104 -0
cartography/rules/data/rules/unmanaged_accounts.py +43 -0
cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
cartography/rules/formatters.py +108 -0
cartography/rules/runners.py +216 -0
cartography/rules/spec/__init__.py +0 -0
cartography/rules/spec/model.py +267 -0
cartography/rules/spec/result.py +38 -0
cartography/sync.py +25 -5
cartography/util.py +101 -31
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/METADATA +61 -22
cartography-0.123.0.dist-info/RECORD +856 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
cartography/intel/gcp/crm.py +0 -355
cartography/intel/gsuite/api.py +0 -342
cartography-0.104.0rc2.dist-info/RECORD +0 -455
/cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
/cartography/models/aws/{apigateway.py → apigateway/apigateway.py} +0 -0
/cartography/models/aws/{apigatewaycertificate.py → apigateway/apigatewaycertificate.py} +0 -0
/cartography/models/aws/{apigatewayresource.py → apigateway/apigatewayresource.py} +0 -0
/cartography/models/aws/{apigatewaystage.py → apigateway/apigatewaystage.py} +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/WHEEL +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0

cartography/intel/gcp/crm/projects.py ADDED Viewed

@@ -0,0 +1,120 @@
+import logging
+from typing import Dict
+from typing import List
+from typing import Optional
+import neo4j
+from google.auth.credentials import Credentials as GoogleCredentials
+from google.cloud import resourcemanager_v3
+from cartography.client.core.tx import load
+from cartography.models.gcp.crm.projects import GCPProjectSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def get_gcp_projects(
+    org_resource_name: str,
+    folders: List[Dict],
+    credentials: Optional[GoogleCredentials] = None,
+) -> List[Dict]:
+    """
+    Return list of ACTIVE GCP projects under the specified organization
+    and within the specified folders.
+    :param org_resource_name: Full organization resource name (e.g., "organizations/123456789012")
+    :param folders: List of folder dictionaries containing 'name' field with full resource names
+    """
+    folder_names = [folder["name"] for folder in folders] if folders else []
+    # Build list of parent resources to check (org and all folders)
+    parents = set([org_resource_name] + folder_names)
+    results: List[Dict] = []
+    for parent in parents:
+        client = resourcemanager_v3.ProjectsClient(credentials=credentials)
+        for proj in client.list_projects(parent=parent):
+            # list_projects returns ACTIVE projects by default
+            name_field = proj.name  # "projects/<number>"
+            project_number = name_field.split("/")[-1] if name_field else None
+            project_parent = proj.parent
+            results.append(
+                {
+                    "projectId": getattr(proj, "project_id", None),
+                    "projectNumber": project_number,
+                    "name": getattr(proj, "display_name", None),
+                    "lifecycleState": proj.state.name,
+                    "parent": project_parent,
+                }
+            )
+    return results
+@timeit
+def transform_gcp_projects(data: List[Dict]) -> List[Dict]:
+    """
+    Transform GCP project data to add parent_org or parent_folder fields based on parent type.
+    :param data: List of project dicts
+    :return: List of transformed project dicts with parent_org and parent_folder fields
+    """
+    for project in data:
+        project["parent_org"] = None
+        project["parent_folder"] = None
+        # Set parent fields based on parent type
+        if project["parent"].startswith("organizations"):
+            project["parent_org"] = project["parent"]
+        elif project["parent"].startswith("folders"):
+            project["parent_folder"] = project["parent"]
+        else:
+            logger.warning(
+                f"Project {project['projectId']} has unexpected parent type: {project['parent']}"
+            )
+    return data
+@timeit
+def load_gcp_projects(
+    neo4j_session: neo4j.Session,
+    data: List[Dict],
+    gcp_update_tag: int,
+    org_resource_name: str,
+) -> None:
+    """
+    Load GCP projects into the graph.
+    :param org_resource_name: Full organization resource name (e.g., "organizations/123456789012")
+    """
+    transformed_data = transform_gcp_projects(data)
+    load(
+        neo4j_session,
+        GCPProjectSchema(),
+        transformed_data,
+        lastupdated=gcp_update_tag,
+        ORG_RESOURCE_NAME=org_resource_name,
+    )
+@timeit
+def sync_gcp_projects(
+    neo4j_session: neo4j.Session,
+    org_resource_name: str,
+    folders: List[Dict],
+    gcp_update_tag: int,
+    common_job_parameters: Dict,
+    credentials: Optional[GoogleCredentials] = None,
+) -> List[Dict]:
+    """
+    Get and sync GCP project data to Neo4j.
+    :param org_resource_name: Full organization resource name (e.g., "organizations/123456789012")
+    :param folders: List of folder dictionaries containing 'name' field with full resource names
+    :return: List of projects synced
+    """
+    logger.debug("Syncing GCP projects")
+    projects = get_gcp_projects(
+        org_resource_name,
+        folders,
+        credentials=credentials,
+    )
+    load_gcp_projects(neo4j_session, projects, gcp_update_tag, org_resource_name)
+    return projects

cartography/intel/gcp/dns.py CHANGED Viewed

@@ -7,28 +7,20 @@ import neo4j
 from googleapiclient.discovery import HttpError
 from googleapiclient.discovery import Resource
-from cartography.util import run_cleanup_job
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.gcp.dns import GCPDNSZoneSchema
+from cartography.models.gcp.dns import GCPRecordSetSchema
 from cartography.util import timeit
 logger = logging.getLogger(__name__)
 @timeit
-def get_dns_zones(dns: Resource, project_id: str) -> List[Resource]:
-    """
-    Returns a list of DNS zones within the given project.
-    :type dns: The GCP DNS resource object
-    :param dns: The DNS resource object created by googleapiclient.discovery.build()
-    :type project_id: str
-    :param project_id: Current Google Project Id
-    :rtype: list
-    :return: List of DNS zones
-    """
+def get_dns_zones(dns: Resource, project_id: str) -> List[Dict]:
+    """Returns a list of DNS zones within the given project."""
     try:
-        zones = []
+        zones: List[Dict] = []
         request = dns.managedZones().list(project=project_id)
         while request is not None:
             response = request.execute()
@@ -47,40 +39,22 @@ def get_dns_zones(dns: Resource, project_id: str) -> List[Resource]:
         ):
             logger.warning(
                 (
-                    "Could not retrieve DNS zones on project %s due to permissions issues. Code: %s, Message: %s"
+                    "Could not retrieve DNS zones on project %s due to permissions issues. "
+                    "Code: %s, Message: %s"
                 ),
                 project_id,
                 err["code"],
                 err["message"],
             )
             return []
-        else:
-            raise
+        raise
 @timeit
-def get_dns_rrs(
-    dns: Resource,
-    dns_zones: List[Dict],
-    project_id: str,
-) -> List[Resource]:
-    """
-    Returns a list of DNS Resource Record Sets within the given project.
-    :type dns: The GCP DNS resource object
-    :param dns: The DNS resource object created by googleapiclient.discovery.build()
-    :type dns_zones: list
-    :param dns_zones: List of DNS zones for the project
-    :type project_id: str
-    :param project_id: Current Google Project Id
-    :rtype: list
-    :return: List of Resource Record Sets
-    """
+def get_dns_rrs(dns: Resource, dns_zones: List[Dict], project_id: str) -> List[Dict]:
+    """Returns a list of DNS Resource Record Sets within the given project."""
     try:
-        rrs: List[Resource] = []
+        rrs: List[Dict] = []
         for zone in dns_zones:
             request = dns.resourceRecordSets().list(
                 project=project_id,
@@ -104,16 +78,54 @@ def get_dns_rrs(
         ):
             logger.warning(
                 (
-                    "Could not retrieve DNS RRS on project %s due to permissions issues. Code: %s, Message: %s"
+                    "Could not retrieve DNS RRS on project %s due to permissions issues. "
+                    "Code: %s, Message: %s"
                 ),
                 project_id,
                 err["code"],
                 err["message"],
             )
             return []
-        else:
-            raise
-        raise e
+        raise
+@timeit
+def transform_dns_zones(dns_zones: List[Dict]) -> List[Dict]:
+    """Transform raw DNS zone responses into Neo4j-ready dicts."""
+    zones: List[Dict] = []
+    for z in dns_zones:
+        zones.append(
+            {
+                "id": z["id"],
+                "name": z.get("name"),
+                "dns_name": z.get("dnsName"),
+                "description": z.get("description"),
+                "visibility": z.get("visibility"),
+                "kind": z.get("kind"),
+                "nameservers": z.get("nameServers"),
+                "created_at": z.get("creationTime"),
+            }
+        )
+    return zones
+@timeit
+def transform_dns_rrs(dns_rrs: List[Dict]) -> List[Dict]:
+    """Transform raw DNS record set responses into Neo4j-ready dicts."""
+    records: List[Dict] = []
+    for r in dns_rrs:
+        records.append(
+            {
+                # Compose a unique ID to avoid collisions across types and zones
+                "id": f"{r['name']}|{r.get('type')}|{r.get('zone')}",
+                "name": r["name"],
+                "type": r.get("type"),
+                "ttl": r.get("ttl"),
+                "data": r.get("rrdatas"),
+                "zone_id": r.get("zone"),
+            }
+        )
+    return records
 @timeit
@@ -123,102 +135,30 @@ def load_dns_zones(
     project_id: str,
     gcp_update_tag: int,
 ) -> None:
-    """
-    Ingest GCP DNS Zones into Neo4j
-    :type neo4j_session: Neo4j session object
-    :param neo4j session: The Neo4j session object
-    :type dns_resp: Dict
-    :param dns_resp: A DNS response object from the GKE API
-    :type project_id: str
-    :param project_id: Current Google Project Id
-    :type gcp_update_tag: timestamp
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :rtype: NoneType
-    :return: Nothing
-    """
-    ingest_records = """
-    UNWIND $records as record
-    MERGE(zone:GCPDNSZone{id:record.id})
-    ON CREATE SET
-        zone.firstseen = timestamp(),
-        zone.created_at = record.creationTime
-    SET
-        zone.name = record.name,
-        zone.dns_name = record.dnsName,
-        zone.description = record.description,
-        zone.visibility = record.visibility,
-        zone.kind = record.kind,
-        zone.nameservers = record.nameServers,
-        zone.lastupdated = $gcp_update_tag
-    WITH zone
-    MATCH (owner:GCPProject{id:$ProjectId})
-    MERGE (owner)-[r:RESOURCE]->(zone)
-    ON CREATE SET
-        r.firstseen = timestamp(),
-        r.lastupdated = $gcp_update_tag
-    """
-    neo4j_session.run(
-        ingest_records,
-        records=dns_zones,
-        ProjectId=project_id,
-        gcp_update_tag=gcp_update_tag,
+    """Ingest GCP DNS Zones into Neo4j."""
+    load(
+        neo4j_session,
+        GCPDNSZoneSchema(),
+        dns_zones,
+        lastupdated=gcp_update_tag,
+        PROJECT_ID=project_id,
     )
 @timeit
 def load_rrs(
     neo4j_session: neo4j.Session,
-    dns_rrs: List[Resource],
+    dns_rrs: List[Dict],
     project_id: str,
     gcp_update_tag: int,
 ) -> None:
-    """
-    Ingest GCP RRS into Neo4j
-    :type neo4j_session: Neo4j session object
-    :param neo4j session: The Neo4j session object
-    :type dns_rrs: list
-    :param dns_rrs: A list of RRS
-    :type project_id: str
-    :param project_id: Current Google Project Id
-    :type gcp_update_tag: timestamp
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :rtype: NoneType
-    :return: Nothing
-    """
-    ingest_records = """
-    UNWIND $records as record
-    MERGE(rrs:GCPRecordSet{id:record.name})
-    ON CREATE SET
-        rrs.firstseen = timestamp()
-    SET
-        rrs.name = record.name,
-        rrs.type = record.type,
-        rrs.ttl = record.ttl,
-        rrs.data = record.rrdatas,
-        rrs.lastupdated = $gcp_update_tag
-    WITH rrs, record
-    MATCH (zone:GCPDNSZone{id:record.zone})
-    MERGE (zone)-[r:HAS_RECORD]->(rrs)
-    ON CREATE SET
-        r.firstseen = timestamp(),
-        r.lastupdated = $gcp_update_tag
-    """
-    neo4j_session.run(
-        ingest_records,
-        records=dns_rrs,
-        gcp_update_tag=gcp_update_tag,
+    """Ingest GCP DNS Resource Record Sets into Neo4j."""
+    load(
+        neo4j_session,
+        GCPRecordSetSchema(),
+        dns_rrs,
+        lastupdated=gcp_update_tag,
+        PROJECT_ID=project_id,
     )
@@ -227,19 +167,14 @@ def cleanup_dns_records(
     neo4j_session: neo4j.Session,
     common_job_parameters: Dict,
 ) -> None:
-    """
-    Delete out-of-date GCP DNS Zones and RRS nodes and relationships
-    :type neo4j_session: The Neo4j session object
-    :param neo4j_session: The Neo4j session
-    :type common_job_parameters: dict
-    :param common_job_parameters: Dictionary of other job parameters to pass to Neo4j
-    :rtype: NoneType
-    :return: Nothing
-    """
-    run_cleanup_job("gcp_dns_cleanup.json", neo4j_session, common_job_parameters)
+    """Delete out-of-date GCP DNS Zones and Record Sets nodes and relationships."""
+    # Record sets depend on zones, so clean them up first.
+    GraphJob.from_node_schema(GCPRecordSetSchema(), common_job_parameters).run(
+        neo4j_session,
+    )
+    GraphJob.from_node_schema(GCPDNSZoneSchema(), common_job_parameters).run(
+        neo4j_session,
+    )
 @timeit
@@ -250,33 +185,12 @@ def sync(
     gcp_update_tag: int,
     common_job_parameters: Dict,
 ) -> None:
-    """
-    Get GCP DNS Zones and Resource Record Sets using the DNS resource object, ingest to Neo4j, and clean up old data.
-    :type neo4j_session: The Neo4j session object
-    :param neo4j_session: The Neo4j session
-    :type dns: The DNS resource object created by googleapiclient.discovery.build()
-    :param dns: The GCP DNS resource object
-    :type project_id: str
-    :param project_id: The project ID of the corresponding project
-    :type gcp_update_tag: timestamp
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :type common_job_parameters: dict
-    :param common_job_parameters: Dictionary of other job parameters to pass to Neo4j
-    :rtype: NoneType
-    :return: Nothing
-    """
+    """Get GCP DNS Zones and Record Sets, load them into Neo4j, and clean up old data."""
     logger.info("Syncing DNS records for project %s.", project_id)
-    # DNS ZONES
-    dns_zones = get_dns_zones(dns, project_id)
+    dns_zones_resp = get_dns_zones(dns, project_id)
+    dns_zones = transform_dns_zones(dns_zones_resp)
     load_dns_zones(neo4j_session, dns_zones, project_id, gcp_update_tag)
-    # RECORD SETS
-    dns_rrs = get_dns_rrs(dns, dns_zones, project_id)
+    dns_rrs_resp = get_dns_rrs(dns, dns_zones_resp, project_id)
+    dns_rrs = transform_dns_rrs(dns_rrs_resp)
     load_rrs(neo4j_session, dns_rrs, project_id, gcp_update_tag)
-    # TODO scope the cleanup to the current project - https://github.com/cartography-cncf/cartography/issues/381
     cleanup_dns_records(neo4j_session, common_job_parameters)

cartography/intel/gcp/gke.py CHANGED Viewed

@@ -1,12 +1,16 @@
 import json
 import logging
+from typing import Any
 from typing import Dict
+from typing import List
 import neo4j
 from googleapiclient.discovery import HttpError
 from googleapiclient.discovery import Resource
-from cartography.util import run_cleanup_job
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.gcp.gke import GCPGKEClusterSchema
 from cartography.util import timeit
 logger = logging.getLogger(__name__)
@@ -56,105 +60,20 @@ def load_gke_clusters(
     gcp_update_tag: int,
 ) -> None:
     """
-    Ingest GCP GKE Clusters to Neo4j
-    :type neo4j_session: Neo4j session object
-    :param neo4j session: The Neo4j session object
-    :type cluster_resp: Dict
-    :param cluster_resp: A cluster response object from the GKE API
-    :type gcp_update_tag: timestamp
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :rtype: NoneType
-    :return: Nothing
+    Ingest GCP GKE clusters using the data model loader.
     """
+    clusters: List[Dict[str, Any]] = transform_gke_clusters(cluster_resp)
-    query = """
-    MERGE(cluster:GKECluster{id:$ClusterSelfLink})
-    ON CREATE SET
-        cluster.firstseen = timestamp(),
-        cluster.created_at = $ClusterCreateTime
-    SET
-        cluster.name = $ClusterName,
-        cluster.self_link = $ClusterSelfLink,
-        cluster.description = $ClusterDescription,
-        cluster.logging_service = $ClusterLoggingService,
-        cluster.monitoring_service = $ClusterMonitoringService,
-        cluster.network = $ClusterNetwork,
-        cluster.subnetwork = $ClusterSubnetwork,
-        cluster.cluster_ipv4cidr = $ClusterIPv4Cidr,
-        cluster.zone = $ClusterZone,
-        cluster.location = $ClusterLocation,
-        cluster.endpoint = $ClusterEndpoint,
-        cluster.initial_version = $ClusterInitialVersion,
-        cluster.current_master_version = $ClusterMasterVersion,
-        cluster.status = $ClusterStatus,
-        cluster.services_ipv4cidr = $ClusterServicesIPv4Cidr,
-        cluster.database_encryption = $ClusterDatabaseEncryption,
-        cluster.network_policy = $ClusterNetworkPolicy,
-        cluster.master_authorized_networks = $ClusterMasterAuthorizedNetworks,
-        cluster.legacy_abac = $ClusterAbac,
-        cluster.shielded_nodes = $ClusterShieldedNodes,
-        cluster.private_nodes = $ClusterPrivateNodes,
-        cluster.private_endpoint_enabled = $ClusterPrivateEndpointEnabled,
-        cluster.private_endpoint = $ClusterPrivateEndpoint,
-        cluster.public_endpoint = $ClusterPublicEndpoint,
-        cluster.masterauth_username = $ClusterMasterUsername,
-        cluster.masterauth_password = $ClusterMasterPassword
-    WITH cluster
-    MATCH (owner:GCPProject{id:$ProjectId})
-    MERGE (owner)-[r:RESOURCE]->(cluster)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $gcp_update_tag
-    """
-    for cluster in cluster_resp.get("clusters", []):
-        neo4j_session.run(
-            query,
-            ProjectId=project_id,
-            ClusterSelfLink=cluster["selfLink"],
-            ClusterCreateTime=cluster["createTime"],
-            ClusterName=cluster["name"],
-            ClusterDescription=cluster.get("description"),
-            ClusterLoggingService=cluster.get("loggingService"),
-            ClusterMonitoringService=cluster.get("monitoringService"),
-            ClusterNetwork=cluster.get("network"),
-            ClusterSubnetwork=cluster.get("subnetwork"),
-            ClusterIPv4Cidr=cluster.get("clusterIpv4Cidr"),
-            ClusterZone=cluster.get("zone"),
-            ClusterLocation=cluster.get("location"),
-            ClusterEndpoint=cluster.get("endpoint"),
-            ClusterInitialVersion=cluster.get("initialClusterVersion"),
-            ClusterMasterVersion=cluster.get("currentMasterVersion"),
-            ClusterStatus=cluster.get("status"),
-            ClusterServicesIPv4Cidr=cluster.get("servicesIpv4Cidr"),
-            ClusterDatabaseEncryption=cluster.get("databaseEncryption", {}).get(
-                "state",
-            ),
-            ClusterNetworkPolicy=_process_network_policy(cluster),
-            ClusterMasterAuthorizedNetworks=cluster.get(
-                "masterAuthorizedNetworksConfig",
-                {},
-            ).get("enabled"),
-            ClusterAbac=cluster.get("legacyAbac", {}).get("enabled"),
-            ClusterShieldedNodes=cluster.get("shieldedNodes", {}).get("enabled"),
-            ClusterPrivateNodes=cluster.get("privateClusterConfig", {}).get(
-                "enablePrivateNodes",
-            ),
-            ClusterPrivateEndpointEnabled=cluster.get("privateClusterConfig", {}).get(
-                "enablePrivateEndpoint",
-            ),
-            ClusterPrivateEndpoint=cluster.get("privateClusterConfig", {}).get(
-                "privateEndpoint",
-            ),
-            ClusterPublicEndpoint=cluster.get("privateClusterConfig", {}).get(
-                "publicEndpoint",
-            ),
-            ClusterMasterUsername=cluster.get("masterAuth", {}).get("username"),
-            ClusterMasterPassword=cluster.get("masterAuth", {}).get("password"),
-            gcp_update_tag=gcp_update_tag,
-        )
+    if not clusters:
+        return
+    load(
+        neo4j_session,
+        GCPGKEClusterSchema(),
+        clusters,
+        lastupdated=gcp_update_tag,
+        PROJECT_ID=project_id,
+    )
 def _process_network_policy(cluster: Dict) -> bool:
@@ -175,21 +94,10 @@ def cleanup_gke_clusters(
     common_job_parameters: Dict,
 ) -> None:
     """
-    Delete out-of-date GCP GKE Clusters nodes and relationships
-    :type neo4j_session: The Neo4j session object
-    :param neo4j_session: The Neo4j session
-    :type common_job_parameters: dict
-    :param common_job_parameters: Dictionary of other job parameters to pass to Neo4j
-    :rtype: NoneType
-    :return: Nothing
+    Scoped cleanup for GKE clusters based on the project sub-resource relationship.
     """
-    run_cleanup_job(
-        "gcp_gke_cluster_cleanup.json",
+    GraphJob.from_node_schema(GCPGKEClusterSchema(), common_job_parameters).run(
         neo4j_session,
-        common_job_parameters,
     )
@@ -222,8 +130,59 @@ def sync_gke_clusters(
     :rtype: NoneType
     :return: Nothing
     """
-    logger.info("Syncing Compute objects for project %s.", project_id)
+    logger.info("Syncing GKE clusters for project %s.", project_id)
     gke_res = get_gke_clusters(container, project_id)
     load_gke_clusters(neo4j_session, gke_res, project_id, gcp_update_tag)
-    # TODO scope the cleanup to the current project - https://github.com/cartography-cncf/cartography/issues/381
     cleanup_gke_clusters(neo4j_session, common_job_parameters)
+def transform_gke_clusters(api_result: Dict[str, Any]) -> List[Dict[str, Any]]:
+    """
+    Transform GKE API response into a list of dicts suitable for the data model loader.
+    """
+    result: List[Dict[str, Any]] = []
+    for c in api_result.get("clusters", []):
+        transformed: Dict[str, Any] = {
+            # Required fields
+            "id": c["selfLink"],
+            "self_link": c["selfLink"],
+            "name": c["name"],
+            "created_at": c.get("createTime"),
+            # Optional fields
+            "description": c.get("description"),
+            "logging_service": c.get("loggingService"),
+            "monitoring_service": c.get("monitoringService"),
+            "network": c.get("network"),
+            "subnetwork": c.get("subnetwork"),
+            "cluster_ipv4cidr": c.get("clusterIpv4Cidr"),
+            "zone": c.get("zone"),
+            "location": c.get("location"),
+            "endpoint": c.get("endpoint"),
+            "initial_version": c.get("initialClusterVersion"),
+            "current_master_version": c.get("currentMasterVersion"),
+            "status": c.get("status"),
+            "services_ipv4cidr": c.get("servicesIpv4Cidr"),
+            "database_encryption": (c.get("databaseEncryption", {}) or {}).get("state"),
+            "network_policy": _process_network_policy(c),
+            "master_authorized_networks": (
+                c.get("masterAuthorizedNetworksConfig", {}) or {}
+            ).get("enabled"),
+            "legacy_abac": (c.get("legacyAbac", {}) or {}).get("enabled"),
+            "shielded_nodes": (c.get("shieldedNodes", {}) or {}).get("enabled"),
+            "private_nodes": (c.get("privateClusterConfig", {}) or {}).get(
+                "enablePrivateNodes"
+            ),
+            "private_endpoint_enabled": (c.get("privateClusterConfig", {}) or {}).get(
+                "enablePrivateEndpoint"
+            ),
+            "private_endpoint": (c.get("privateClusterConfig", {}) or {}).get(
+                "privateEndpoint"
+            ),
+            "public_endpoint": (c.get("privateClusterConfig", {}) or {}).get(
+                "publicEndpoint"
+            ),
+            "masterauth_username": (c.get("masterAuth", {}) or {}).get("username"),
+            "masterauth_password": (c.get("masterAuth", {}) or {}).get("password"),
+        }
+        result.append(transformed)
+    return result

cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl