PyPI - cartography - Versions diffs - 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl - Mend

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (642) hide show

cartography/_version.py +16 -3
cartography/cli.py +466 -5
cartography/client/aws/__init__.py +19 -0
cartography/client/aws/ecr.py +51 -0
cartography/client/core/tx.py +357 -8
cartography/config.py +153 -0
cartography/data/azure_permission_relationships.yaml +20 -0
cartography/data/gcp_permission_relationships.yaml +21 -0
cartography/data/indexes.cypher +0 -186
cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
cartography/data/jobs/cleanup/github_repos_cleanup.json +2 -0
cartography/driftdetect/cli.py +3 -2
cartography/graph/cleanupbuilder.py +198 -41
cartography/graph/job.py +54 -6
cartography/graph/querybuilder.py +528 -27
cartography/graph/statement.py +5 -1
cartography/intel/airbyte/__init__.py +105 -0
cartography/intel/airbyte/connections.py +120 -0
cartography/intel/airbyte/destinations.py +81 -0
cartography/intel/airbyte/organizations.py +59 -0
cartography/intel/airbyte/sources.py +78 -0
cartography/intel/airbyte/tags.py +64 -0
cartography/intel/airbyte/users.py +106 -0
cartography/intel/airbyte/util.py +122 -0
cartography/intel/airbyte/workspaces.py +63 -0
cartography/intel/aws/__init__.py +24 -9
cartography/intel/aws/acm.py +124 -0
cartography/intel/aws/apigateway.py +253 -22
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/cloudtrail.py +17 -39
cartography/intel/aws/cloudtrail_management_events.py +962 -0
cartography/intel/aws/cloudwatch.py +150 -4
cartography/intel/aws/codebuild.py +132 -0
cartography/intel/aws/cognito.py +201 -0
cartography/intel/aws/config.py +7 -3
cartography/intel/aws/ec2/elastic_ip_addresses.py +3 -1
cartography/intel/aws/ec2/instances.py +25 -1
cartography/intel/aws/ec2/internet_gateways.py +4 -2
cartography/intel/aws/ec2/load_balancer_v2s.py +11 -5
cartography/intel/aws/ec2/network_interfaces.py +5 -1
cartography/intel/aws/ec2/reserved_instances.py +3 -1
cartography/intel/aws/ec2/security_groups.py +140 -122
cartography/intel/aws/ec2/snapshots.py +47 -84
cartography/intel/aws/ec2/subnets.py +37 -63
cartography/intel/aws/ec2/tgw.py +11 -5
cartography/intel/aws/ec2/volumes.py +1 -1
cartography/intel/aws/ec2/vpc.py +140 -124
cartography/intel/aws/ec2/vpc_peerings.py +262 -125
cartography/intel/aws/ecr.py +269 -98
cartography/intel/aws/ecr_image_layers.py +923 -0
cartography/intel/aws/ecs.py +251 -380
cartography/intel/aws/efs.py +179 -11
cartography/intel/aws/elasticache.py +102 -79
cartography/intel/aws/elasticsearch.py +13 -4
cartography/intel/aws/eventbridge.py +164 -0
cartography/intel/aws/glue.py +181 -0
cartography/intel/aws/guardduty.py +443 -0
cartography/intel/aws/iam.py +750 -493
cartography/intel/aws/identitycenter.py +605 -83
cartography/intel/aws/inspector.py +221 -105
cartography/intel/aws/kms.py +173 -201
cartography/intel/aws/lambda_function.py +272 -189
cartography/intel/aws/organizations.py +10 -9
cartography/intel/aws/permission_relationships.py +10 -20
cartography/intel/aws/rds.py +337 -446
cartography/intel/aws/redshift.py +9 -4
cartography/intel/aws/resourcegroupstaggingapi.py +78 -19
cartography/intel/aws/resources.py +18 -0
cartography/intel/aws/route53.py +386 -332
cartography/intel/aws/s3.py +322 -14
cartography/intel/aws/secretsmanager.py +81 -49
cartography/intel/aws/securityhub.py +3 -1
cartography/intel/aws/sns.py +62 -2
cartography/intel/aws/sqs.py +36 -90
cartography/intel/aws/ssm.py +3 -5
cartography/intel/azure/__init__.py +202 -48
cartography/intel/azure/aks.py +175 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/compute.py +59 -112
cartography/intel/azure/container_instances.py +95 -0
cartography/intel/azure/cosmosdb.py +222 -361
cartography/intel/azure/data_factory.py +85 -0
cartography/intel/azure/data_factory_dataset.py +128 -0
cartography/intel/azure/data_factory_linked_service.py +119 -0
cartography/intel/azure/data_factory_pipeline.py +142 -0
cartography/intel/azure/data_lake.py +124 -0
cartography/intel/azure/event_grid.py +94 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/azure/load_balancers.py +263 -0
cartography/intel/azure/logic_apps.py +101 -0
cartography/intel/azure/monitor.py +105 -0
cartography/intel/azure/network.py +467 -0
cartography/intel/azure/permission_relationships.py +466 -0
cartography/intel/azure/rbac.py +309 -0
cartography/intel/azure/resource_groups.py +82 -0
cartography/intel/azure/security_center.py +106 -0
cartography/intel/azure/sql.py +145 -292
cartography/intel/azure/storage.py +185 -262
cartography/intel/azure/subscription.py +21 -43
cartography/intel/azure/tenant.py +39 -30
cartography/intel/azure/util/common.py +13 -0
cartography/intel/azure/util/credentials.py +49 -174
cartography/intel/azure/util/tag.py +41 -0
cartography/intel/create_indexes.py +2 -1
cartography/intel/crowdstrike/spotlight.py +5 -2
cartography/intel/dns.py +5 -2
cartography/intel/entra/__init__.py +100 -1
cartography/intel/entra/app_role_assignments.py +284 -0
cartography/intel/entra/applications.py +182 -0
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/groups.py +198 -0
cartography/intel/entra/ou.py +48 -24
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/entra/users.py +105 -57
cartography/intel/gcp/__init__.py +334 -396
cartography/intel/gcp/bigtable_app_profile.py +101 -0
cartography/intel/gcp/bigtable_backup.py +91 -0
cartography/intel/gcp/bigtable_cluster.py +93 -0
cartography/intel/gcp/bigtable_instance.py +86 -0
cartography/intel/gcp/bigtable_table.py +87 -0
cartography/intel/gcp/cai.py +292 -0
cartography/intel/gcp/clients.py +112 -0
cartography/intel/gcp/compute.py +128 -119
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +114 -0
cartography/intel/gcp/crm/orgs.py +70 -0
cartography/intel/gcp/crm/projects.py +120 -0
cartography/intel/gcp/dns.py +83 -169
cartography/intel/gcp/gke.py +72 -113
cartography/intel/gcp/iam.py +111 -91
cartography/intel/gcp/permission_relationships.py +394 -0
cartography/intel/gcp/policy_bindings.py +225 -0
cartography/intel/gcp/storage.py +75 -159
cartography/intel/github/__init__.py +62 -25
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +463 -85
cartography/intel/github/teams.py +3 -3
cartography/intel/github/users.py +5 -0
cartography/intel/github/util.py +12 -0
cartography/intel/googleworkspace/__init__.py +193 -0
cartography/intel/googleworkspace/devices.py +254 -0
cartography/intel/googleworkspace/groups.py +568 -0
cartography/intel/googleworkspace/oauth_apps.py +259 -0
cartography/intel/googleworkspace/tenant.py +85 -0
cartography/intel/googleworkspace/users.py +138 -0
cartography/intel/gsuite/__init__.py +17 -9
cartography/intel/gsuite/groups.py +291 -0
cartography/intel/gsuite/users.py +142 -0
cartography/intel/jamf/computers.py +7 -1
cartography/intel/keycloak/__init__.py +153 -0
cartography/intel/keycloak/authenticationexecutions.py +322 -0
cartography/intel/keycloak/authenticationflows.py +77 -0
cartography/intel/keycloak/clients.py +187 -0
cartography/intel/keycloak/groups.py +126 -0
cartography/intel/keycloak/identityproviders.py +94 -0
cartography/intel/keycloak/organizations.py +163 -0
cartography/intel/keycloak/realms.py +61 -0
cartography/intel/keycloak/roles.py +202 -0
cartography/intel/keycloak/scopes.py +73 -0
cartography/intel/keycloak/users.py +70 -0
cartography/intel/keycloak/util.py +47 -0
cartography/intel/kubernetes/__init__.py +60 -14
cartography/intel/kubernetes/clusters.py +86 -0
cartography/intel/kubernetes/eks.py +402 -0
cartography/intel/kubernetes/namespaces.py +59 -57
cartography/intel/kubernetes/pods.py +168 -75
cartography/intel/kubernetes/rbac.py +597 -0
cartography/intel/kubernetes/secrets.py +95 -45
cartography/intel/kubernetes/services.py +131 -67
cartography/intel/kubernetes/util.py +142 -14
cartography/intel/oci/iam.py +23 -9
cartography/intel/oci/organizations.py +3 -1
cartography/intel/oci/utils.py +28 -5
cartography/intel/okta/applications.py +15 -5
cartography/intel/okta/awssaml.py +14 -10
cartography/intel/okta/factors.py +3 -1
cartography/intel/okta/groups.py +5 -2
cartography/intel/okta/organization.py +3 -1
cartography/intel/okta/origins.py +3 -1
cartography/intel/okta/roles.py +5 -2
cartography/intel/okta/users.py +10 -2
cartography/intel/ontology/__init__.py +44 -0
cartography/intel/ontology/devices.py +54 -0
cartography/intel/ontology/users.py +54 -0
cartography/intel/ontology/utils.py +176 -0
cartography/intel/pagerduty/escalation_policies.py +13 -6
cartography/intel/pagerduty/schedules.py +9 -4
cartography/intel/pagerduty/services.py +7 -3
cartography/intel/pagerduty/teams.py +5 -2
cartography/intel/pagerduty/users.py +3 -1
cartography/intel/pagerduty/vendors.py +3 -1
cartography/intel/scaleway/__init__.py +127 -0
cartography/intel/scaleway/iam/__init__.py +0 -0
cartography/intel/scaleway/iam/apikeys.py +71 -0
cartography/intel/scaleway/iam/applications.py +71 -0
cartography/intel/scaleway/iam/groups.py +71 -0
cartography/intel/scaleway/iam/users.py +71 -0
cartography/intel/scaleway/instances/__init__.py +0 -0
cartography/intel/scaleway/instances/flexibleips.py +86 -0
cartography/intel/scaleway/instances/instances.py +92 -0
cartography/intel/scaleway/projects.py +79 -0
cartography/intel/scaleway/storage/__init__.py +0 -0
cartography/intel/scaleway/storage/snapshots.py +86 -0
cartography/intel/scaleway/storage/volumes.py +84 -0
cartography/intel/scaleway/utils.py +37 -0
cartography/intel/sentinelone/__init__.py +75 -0
cartography/intel/sentinelone/account.py +140 -0
cartography/intel/sentinelone/agent.py +139 -0
cartography/intel/sentinelone/api.py +124 -0
cartography/intel/sentinelone/application.py +248 -0
cartography/intel/sentinelone/cve.py +119 -0
cartography/intel/sentinelone/utils.py +28 -0
cartography/intel/slack/__init__.py +78 -0
cartography/intel/slack/channels.py +80 -0
cartography/intel/slack/groups.py +90 -0
cartography/intel/slack/teams.py +65 -0
cartography/intel/slack/users.py +57 -0
cartography/intel/slack/utils.py +29 -0
cartography/intel/spacelift/__init__.py +161 -0
cartography/intel/spacelift/account.py +73 -0
cartography/intel/spacelift/ec2_ownership.py +280 -0
cartography/intel/spacelift/runs.py +463 -0
cartography/intel/spacelift/spaces.py +112 -0
cartography/intel/spacelift/stacks.py +119 -0
cartography/intel/spacelift/util.py +122 -0
cartography/intel/spacelift/workerpools.py +131 -0
cartography/intel/spacelift/workers.py +128 -0
cartography/intel/trivy/__init__.py +272 -0
cartography/intel/trivy/scanner.py +386 -0
cartography/models/airbyte/__init__.py +0 -0
cartography/models/airbyte/connection.py +138 -0
cartography/models/airbyte/destination.py +75 -0
cartography/models/airbyte/organization.py +19 -0
cartography/models/airbyte/source.py +75 -0
cartography/models/airbyte/stream.py +74 -0
cartography/models/airbyte/tag.py +69 -0
cartography/models/airbyte/user.py +115 -0
cartography/models/airbyte/workspace.py +46 -0
cartography/models/anthropic/apikey.py +4 -0
cartography/models/anthropic/user.py +4 -0
cartography/models/aws/acm/__init__.py +0 -0
cartography/models/aws/acm/certificate.py +75 -0
cartography/models/aws/apigateway/__init__.py +0 -0
cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/cloudtrail/management_events.py +153 -0
cartography/models/aws/cloudtrail/trail.py +45 -0
cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
cartography/models/aws/codebuild/__init__.py +0 -0
cartography/models/aws/codebuild/project.py +49 -0
cartography/models/aws/cognito/__init__.py +0 -0
cartography/models/aws/cognito/identity_pool.py +70 -0
cartography/models/aws/cognito/user_pool.py +47 -0
cartography/models/aws/dynamodb/tables.py +2 -0
cartography/models/aws/ec2/instances.py +25 -1
cartography/models/aws/ec2/networkinterfaces.py +4 -0
cartography/models/aws/ec2/security_group_rules.py +109 -0
cartography/models/aws/ec2/security_groups.py +90 -0
cartography/models/aws/ec2/snapshots.py +58 -0
cartography/models/aws/ec2/subnet_instance.py +2 -0
cartography/models/aws/ec2/subnet_networkinterface.py +2 -0
cartography/models/aws/ec2/subnets.py +65 -0
cartography/models/aws/ec2/volumes.py +20 -0
cartography/models/aws/ec2/vpc.py +46 -0
cartography/models/aws/ec2/vpc_cidr.py +102 -0
cartography/models/aws/ec2/vpc_peering.py +157 -0
cartography/models/aws/ecr/__init__.py +0 -0
cartography/models/aws/ecr/image.py +146 -0
cartography/models/aws/ecr/image_layer.py +107 -0
cartography/models/aws/ecr/repository.py +72 -0
cartography/models/aws/ecr/repository_image.py +95 -0
cartography/models/aws/ecs/__init__.py +0 -0
cartography/models/aws/ecs/clusters.py +64 -0
cartography/models/aws/ecs/container_definitions.py +93 -0
cartography/models/aws/ecs/container_instances.py +84 -0
cartography/models/aws/ecs/containers.py +101 -0
cartography/models/aws/ecs/services.py +134 -0
cartography/models/aws/ecs/task_definitions.py +135 -0
cartography/models/aws/ecs/tasks.py +134 -0
cartography/models/aws/efs/access_point.py +77 -0
cartography/models/aws/efs/file_system.py +60 -0
cartography/models/aws/efs/mount_target.py +29 -2
cartography/models/aws/elasticache/__init__.py +0 -0
cartography/models/aws/elasticache/cluster.py +65 -0
cartography/models/aws/elasticache/topic.py +67 -0
cartography/models/aws/eventbridge/__init__.py +0 -0
cartography/models/aws/eventbridge/rule.py +77 -0
cartography/models/aws/eventbridge/target.py +71 -0
cartography/models/aws/glue/__init__.py +0 -0
cartography/models/aws/glue/connection.py +51 -0
cartography/models/aws/glue/job.py +69 -0
cartography/models/aws/guardduty/__init__.py +1 -0
cartography/models/aws/guardduty/detectors.py +50 -0
cartography/models/aws/guardduty/findings.py +121 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +27 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +59 -0
cartography/models/aws/identitycenter/awsidentitycenter.py +1 -0
cartography/models/aws/identitycenter/awspermissionset.py +70 -0
cartography/models/aws/identitycenter/awssogroup.py +70 -0
cartography/models/aws/identitycenter/awsssouser.py +49 -9
cartography/models/aws/inspector/findings.py +37 -0
cartography/models/aws/inspector/packages.py +1 -31
cartography/models/aws/kms/__init__.py +0 -0
cartography/models/aws/kms/aliases.py +86 -0
cartography/models/aws/kms/grants.py +65 -0
cartography/models/aws/kms/keys.py +88 -0
cartography/models/aws/lambda_function/__init__.py +0 -0
cartography/models/aws/lambda_function/alias.py +74 -0
cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
cartography/models/aws/lambda_function/lambda_function.py +91 -0
cartography/models/aws/lambda_function/layer.py +72 -0
cartography/models/aws/rds/__init__.py +0 -0
cartography/models/aws/rds/cluster.py +91 -0
cartography/models/aws/rds/event_subscription.py +146 -0
cartography/models/aws/rds/instance.py +156 -0
cartography/models/aws/rds/snapshot.py +108 -0
cartography/models/aws/rds/subnet_group.py +101 -0
cartography/models/aws/route53/__init__.py +0 -0
cartography/models/aws/route53/dnsrecord.py +235 -0
cartography/models/aws/route53/nameserver.py +63 -0
cartography/models/aws/route53/subzone.py +40 -0
cartography/models/aws/route53/zone.py +47 -0
cartography/models/aws/s3/notification.py +24 -0
cartography/models/aws/secretsmanager/secret.py +106 -0
cartography/models/aws/secretsmanager/secret_version.py +0 -2
cartography/models/aws/sns/topic_subscription.py +74 -0
cartography/models/aws/sqs/__init__.py +0 -0
cartography/models/aws/sqs/queue.py +89 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/aks_cluster.py +54 -0
cartography/models/azure/aks_nodepool.py +54 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/container_instance.py +57 -0
cartography/models/azure/cosmosdb/__init__.py +0 -0
cartography/models/azure/cosmosdb/account.py +77 -0
cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
cartography/models/azure/cosmosdb/cassandratable.py +81 -0
cartography/models/azure/cosmosdb/corspolicy.py +74 -0
cartography/models/azure/cosmosdb/dblocation.py +120 -0
cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
cartography/models/azure/cosmosdb/tableresource.py +76 -0
cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
cartography/models/azure/data_factory/__init__.py +0 -0
cartography/models/azure/data_factory/data_factory.py +51 -0
cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
cartography/models/azure/data_lake_filesystem.py +51 -0
cartography/models/azure/event_grid_topic.py +57 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/azure/load_balancer/__init__.py +0 -0
cartography/models/azure/load_balancer/load_balancer.py +49 -0
cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
cartography/models/azure/logic_apps.py +56 -0
cartography/models/azure/monitor.py +54 -0
cartography/models/azure/network_interface.py +112 -0
cartography/models/azure/network_security_group.py +50 -0
cartography/models/azure/permission_relationships.py +60 -0
cartography/models/azure/principal.py +41 -0
cartography/models/azure/public_ip_address.py +50 -0
cartography/models/azure/rbac.py +268 -0
cartography/models/azure/resource_groups.py +52 -0
cartography/models/azure/security_center.py +50 -0
cartography/models/azure/sql/__init__.py +0 -0
cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
cartography/models/azure/sql/elasticpool.py +77 -0
cartography/models/azure/sql/failovergroup.py +73 -0
cartography/models/azure/sql/recoverabledatabase.py +75 -0
cartography/models/azure/sql/replicationlink.py +81 -0
cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
cartography/models/azure/sql/restorepoint.py +74 -0
cartography/models/azure/sql/serveradadministrator.py +74 -0
cartography/models/azure/sql/serverdnsalias.py +71 -0
cartography/models/azure/sql/sqldatabase.py +85 -0
cartography/models/azure/sql/sqlserver.py +50 -0
cartography/models/azure/sql/transparentdataencryption.py +76 -0
cartography/models/azure/storage/__init__.py +0 -0
cartography/models/azure/storage/account.py +59 -0
cartography/models/azure/storage/blobcontainer.py +85 -0
cartography/models/azure/storage/blobservice.py +71 -0
cartography/models/azure/storage/fileservice.py +71 -0
cartography/models/azure/storage/fileshare.py +82 -0
cartography/models/azure/storage/queue.py +71 -0
cartography/models/azure/storage/queueservice.py +73 -0
cartography/models/azure/storage/table.py +72 -0
cartography/models/azure/storage/tableservice.py +73 -0
cartography/models/azure/subnet.py +101 -0
cartography/models/azure/subscription.py +47 -0
cartography/models/azure/tags/__init__.py +0 -0
cartography/models/azure/tags/storage_tag.py +40 -0
cartography/models/azure/tags/tag.py +37 -0
cartography/models/azure/tenant.py +17 -0
cartography/models/azure/virtual_network.py +49 -0
cartography/models/azure/vm/__init__.py +0 -0
cartography/models/azure/vm/datadisk.py +80 -0
cartography/models/azure/vm/disk.py +55 -0
cartography/models/azure/vm/snapshot.py +56 -0
cartography/models/azure/vm/virtualmachine.py +59 -0
cartography/models/bigfix/bigfix_computer.py +1 -1
cartography/models/cloudflare/member.py +4 -0
cartography/models/core/common.py +1 -0
cartography/models/core/nodes.py +15 -2
cartography/models/core/relationships.py +44 -0
cartography/models/crowdstrike/hosts.py +1 -1
cartography/models/digitalocean/droplet.py +2 -0
cartography/models/duo/endpoint.py +1 -1
cartography/models/duo/phone.py +2 -2
cartography/models/duo/user.py +4 -0
cartography/models/entra/app_role_assignment.py +115 -0
cartography/models/entra/application.py +49 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/group.py +117 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/entra/user.py +42 -51
cartography/models/gcp/__init__.py +0 -0
cartography/models/gcp/bigtable/__init__.py +0 -0
cartography/models/gcp/bigtable/app_profile.py +94 -0
cartography/models/gcp/bigtable/backup.py +91 -0
cartography/models/gcp/bigtable/cluster.py +73 -0
cartography/models/gcp/bigtable/instance.py +52 -0
cartography/models/gcp/bigtable/table.py +69 -0
cartography/models/gcp/compute/__init__.py +0 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/compute/vpc.py +50 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +3 -0
cartography/models/gcp/permission_relationships.py +61 -0
cartography/models/gcp/policy_bindings.py +93 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
cartography/models/github/dependencies.py +73 -0
cartography/models/github/manifests.py +49 -0
cartography/models/github/users.py +10 -0
cartography/models/googleworkspace/__init__.py +0 -0
cartography/models/googleworkspace/device.py +132 -0
cartography/models/googleworkspace/group.py +382 -0
cartography/models/googleworkspace/oauth_app.py +124 -0
cartography/models/googleworkspace/tenant.py +30 -0
cartography/models/googleworkspace/user.py +113 -0
cartography/models/gsuite/__init__.py +0 -0
cartography/models/gsuite/group.py +218 -0
cartography/models/gsuite/tenant.py +29 -0
cartography/models/gsuite/user.py +107 -0
cartography/models/kandji/device.py +1 -2
cartography/models/keycloak/__init__.py +0 -0
cartography/models/keycloak/authenticationexecution.py +160 -0
cartography/models/keycloak/authenticationflow.py +54 -0
cartography/models/keycloak/client.py +179 -0
cartography/models/keycloak/group.py +101 -0
cartography/models/keycloak/identityprovider.py +89 -0
cartography/models/keycloak/organization.py +116 -0
cartography/models/keycloak/organizationdomain.py +73 -0
cartography/models/keycloak/realm.py +173 -0
cartography/models/keycloak/role.py +126 -0
cartography/models/keycloak/scope.py +73 -0
cartography/models/keycloak/user.py +55 -0
cartography/models/kubernetes/__init__.py +0 -0
cartography/models/kubernetes/clusterrolebindings.py +138 -0
cartography/models/kubernetes/clusterroles.py +52 -0
cartography/models/kubernetes/clusters.py +26 -0
cartography/models/kubernetes/containers.py +133 -0
cartography/models/kubernetes/groups.py +107 -0
cartography/models/kubernetes/namespaces.py +51 -0
cartography/models/kubernetes/oidc.py +51 -0
cartography/models/kubernetes/pods.py +80 -0
cartography/models/kubernetes/rolebindings.py +159 -0
cartography/models/kubernetes/roles.py +76 -0
cartography/models/kubernetes/secrets.py +79 -0
cartography/models/kubernetes/serviceaccounts.py +77 -0
cartography/models/kubernetes/services.py +108 -0
cartography/models/kubernetes/users.py +105 -0
cartography/models/lastpass/user.py +4 -0
cartography/models/ontology/__init__.py +0 -0
cartography/models/ontology/device.py +137 -0
cartography/models/ontology/mapping/__init__.py +76 -0
cartography/models/ontology/mapping/data/__init__.py +0 -0
cartography/models/ontology/mapping/data/apikeys.py +93 -0
cartography/models/ontology/mapping/data/computeinstance.py +95 -0
cartography/models/ontology/mapping/data/containers.py +88 -0
cartography/models/ontology/mapping/data/databases.py +182 -0
cartography/models/ontology/mapping/data/devices.py +194 -0
cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
cartography/models/ontology/mapping/data/useraccounts.py +416 -0
cartography/models/ontology/mapping/data/users.py +63 -0
cartography/models/ontology/mapping/specs.py +85 -0
cartography/models/ontology/user.py +51 -0
cartography/models/openai/adminapikey.py +4 -0
cartography/models/openai/apikey.py +4 -0
cartography/models/openai/user.py +4 -0
cartography/models/scaleway/__init__.py +0 -0
cartography/models/scaleway/iam/__init__.py +0 -0
cartography/models/scaleway/iam/apikey.py +100 -0
cartography/models/scaleway/iam/application.py +52 -0
cartography/models/scaleway/iam/group.py +95 -0
cartography/models/scaleway/iam/user.py +64 -0
cartography/models/scaleway/instance/__init__.py +0 -0
cartography/models/scaleway/instance/flexibleip.py +52 -0
cartography/models/scaleway/instance/instance.py +120 -0
cartography/models/scaleway/organization.py +19 -0
cartography/models/scaleway/project.py +48 -0
cartography/models/scaleway/storage/__init__.py +0 -0
cartography/models/scaleway/storage/snapshot.py +78 -0
cartography/models/scaleway/storage/volume.py +51 -0
cartography/models/sentinelone/__init__.py +1 -0
cartography/models/sentinelone/account.py +40 -0
cartography/models/sentinelone/agent.py +50 -0
cartography/models/sentinelone/application.py +44 -0
cartography/models/sentinelone/application_version.py +96 -0
cartography/models/sentinelone/cve.py +73 -0
cartography/models/slack/__init__.py +0 -0
cartography/models/slack/channels.py +92 -0
cartography/models/slack/group.py +129 -0
cartography/models/slack/team.py +22 -0
cartography/models/slack/user.py +62 -0
cartography/models/snipeit/asset.py +2 -0
cartography/models/snipeit/user.py +4 -0
cartography/models/spacelift/__init__.py +0 -0
cartography/models/spacelift/cloudtrailevent.py +120 -0
cartography/models/spacelift/run.py +162 -0
cartography/models/spacelift/space.py +131 -0
cartography/models/spacelift/spaceliftaccount.py +31 -0
cartography/models/spacelift/spaceliftgitcommit.py +157 -0
cartography/models/spacelift/stack.py +96 -0
cartography/models/spacelift/user.py +63 -0
cartography/models/spacelift/worker.py +97 -0
cartography/models/spacelift/workerpool.py +90 -0
cartography/models/tailscale/device.py +2 -1
cartography/models/tailscale/user.py +6 -1
cartography/models/trivy/__init__.py +0 -0
cartography/models/trivy/findings.py +66 -0
cartography/models/trivy/fix.py +66 -0
cartography/models/trivy/package.py +71 -0
cartography/rules/README.md +1 -0
cartography/rules/__init__.py +0 -0
cartography/rules/cli.py +261 -0
cartography/rules/data/__init__.py +0 -0
cartography/rules/data/rules/__init__.py +46 -0
cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
cartography/rules/data/rules/compute_instance_exposed.py +51 -0
cartography/rules/data/rules/database_instance_exposed.py +53 -0
cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
cartography/rules/data/rules/identity_administration_privileges.py +100 -0
cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
cartography/rules/data/rules/mfa_missing.py +46 -0
cartography/rules/data/rules/object_storage_public.py +100 -0
cartography/rules/data/rules/policy_administration_privileges.py +104 -0
cartography/rules/data/rules/unmanaged_accounts.py +43 -0
cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
cartography/rules/formatters.py +108 -0
cartography/rules/runners.py +216 -0
cartography/rules/spec/__init__.py +0 -0
cartography/rules/spec/model.py +267 -0
cartography/rules/spec/result.py +38 -0
cartography/sync.py +25 -5
cartography/util.py +101 -31
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/METADATA +61 -22
cartography-0.123.0.dist-info/RECORD +856 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_identity_center_cleanup.json +0 -16
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
cartography/intel/gcp/crm.py +0 -355
cartography/intel/gsuite/api.py +0 -342
cartography-0.104.0rc2.dist-info/RECORD +0 -455
/cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
/cartography/models/aws/{apigateway.py → apigateway/apigateway.py} +0 -0
/cartography/models/aws/{apigatewaycertificate.py → apigateway/apigatewaycertificate.py} +0 -0
/cartography/models/aws/{apigatewayresource.py → apigateway/apigatewayresource.py} +0 -0
/cartography/models/aws/{apigatewaystage.py → apigateway/apigatewaystage.py} +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/WHEEL +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.104.0rc2.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0

cartography/intel/spacelift/runs.py ADDED Viewed

@@ -0,0 +1,463 @@
+import json
+import logging
+from typing import Any
+import neo4j
+import requests
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.spacelift.util import call_spacelift_api
+from cartography.models.spacelift.run import SpaceliftRunSchema
+from cartography.models.spacelift.spaceliftgitcommit import SpaceliftGitCommitSchema
+from cartography.models.spacelift.user import SpaceliftUserSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+# GraphQL query to fetch all managed entities from all stacks
+GET_ENTITIES_QUERY = """
+query {
+    stacks {
+        entities {
+            type
+            creator {
+                id
+            }
+            updater {
+                id
+            }
+            vendor {
+                __typename
+                ... on EntityVendorTerraform {
+                    terraform {
+                        __typename
+                        ... on TerraformResource {
+                            values
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+"""
+# GraphQL query to fetch runs nested under stacks
+# Note: Runs don't have a top-level query, they're nested under stacks
+GET_RUNS_QUERY = """
+query {
+    stacks {
+        id
+        runs {
+            id
+            type
+            state
+            commit {
+                hash
+                authorLogin
+                authorName
+                message
+                timestamp
+                url
+            }
+            branch
+            createdAt
+            finished
+            triggeredBy
+        }
+    }
+}
+"""
+@timeit
+def get_entities(session: requests.Session, api_endpoint: str) -> list[dict[str, Any]]:
+    logger.info("Fetching Spacelift entities")
+    response = call_spacelift_api(session, api_endpoint, GET_ENTITIES_QUERY)
+    stacks = response.get("data", {}).get("stacks", [])
+    # Flatten entities from all stacks into a single list
+    all_entities = []
+    for stack in stacks:
+        all_entities.extend(stack.get("entities", []))
+    logger.info(
+        f"Retrieved {len(all_entities)} Spacelift entities from {len(stacks)} stacks"
+    )
+    return all_entities
+def transform_entities_to_run_map(
+    entities_data: list[dict[str, Any]],
+) -> dict[str, list[dict[str, str]]]:
+    """
+    This function processes entities to extract EC2 instance IDs and maps them to
+    the runs that created or updated them.
+    """
+    logger.info(f"Transforming {len(entities_data)} entities into run-to-instances map")
+    run_to_instances: dict[str, list[dict[str, str]]] = {}
+    for entity in entities_data:
+        # Right now we just cover ec2
+        entity_type = entity.get("type")
+        if entity_type != "aws_instance":
+            continue
+        #  NOTE: Right now we only cover terraform resources but we can extend this to cover other vendors in the future.
+        vendor = entity.get("vendor", {})
+        if vendor.get("__typename") != "EntityVendorTerraform":
+            continue
+        terraform_data = vendor.get("terraform", {})
+        if terraform_data.get("__typename") != "TerraformResource":
+            continue
+        values_json = terraform_data.get("values")
+        try:
+            values = json.loads(values_json)
+            instance_id = values["id"]
+        except (json.JSONDecodeError, KeyError) as e:
+            logger.warning(f"Failed to parse entity values:{e}")
+            continue
+        logger.info(f"Found EC2 instance from entity: {instance_id}")
+        # Map to creator run
+        creator = entity.get("creator")
+        if creator and creator.get("id"):
+            creator_run_id = creator["id"]
+            if creator_run_id not in run_to_instances:
+                run_to_instances[creator_run_id] = []
+            run_to_instances[creator_run_id].append(
+                {
+                    "instance_id": instance_id,
+                    "action": "create",
+                }
+            )
+            logger.info(
+                f"Mapped instance {instance_id} to creator run {creator_run_id}"
+            )
+        # Map to updater run
+        updater = entity.get("updater")
+        if updater and updater.get("id"):
+            updater_run_id = updater["id"]
+            # Don't duplicate if updater is same as creator
+            if updater_run_id != creator.get("id") if creator else True:
+                if updater_run_id not in run_to_instances:
+                    run_to_instances[updater_run_id] = []
+                run_to_instances[updater_run_id].append(
+                    {
+                        "instance_id": instance_id,
+                        "action": "update",
+                    }
+                )
+                logger.info(
+                    f"Mapped instance {instance_id} to updater run {updater_run_id}"
+                )
+    logger.info(
+        f"Built run-to-instances map with {len(run_to_instances)} runs affecting EC2 instances"
+    )
+    return run_to_instances
+@timeit
+def get_runs(session: requests.Session, api_endpoint: str) -> list[dict[str, Any]]:
+    logger.info("Fetching Spacelift runs")
+    response = call_spacelift_api(session, api_endpoint, GET_RUNS_QUERY)
+    stacks = response.get("data", {}).get("stacks", [])
+    # Flatten runs from all stacks and add the stack ID to each run
+    all_runs = []
+    for stack in stacks:
+        stack_id = stack["id"]
+        for run in stack.get("runs", []):
+            # Add the stack ID to each run
+            run["stack"] = stack_id
+            all_runs.append(run)
+    logger.info(f"Retrieved {len(all_runs)} Spacelift runs from {len(stacks)} stacks")
+    return all_runs
+def transform_runs(
+    runs_data: list[dict[str, Any]],
+    run_to_instances_map: dict[str, list[dict[str, str]]],
+    account_id: str,
+) -> list[dict[str, Any]]:
+    logger.info(f"Transforming {len(runs_data)} runs")
+    result: list[dict[str, Any]] = []
+    for run in runs_data:
+        run_id = run["id"]
+        # Look up affected EC2 instances for this run
+        affected_instances = run_to_instances_map.get(run_id, [])
+        affected_instance_ids = [inst["instance_id"] for inst in affected_instances]
+        if affected_instance_ids:
+            logger.info(f"Run {run_id} affects instances: {affected_instance_ids}")
+        # Extract commit hash from nested commit object
+        commit = run.get("commit", {})
+        commit_hash = commit.get("hash") if commit else None
+        transformed_run = {
+            "id": run_id,
+            "run_type": run.get("type"),
+            "state": run.get("state"),
+            "commit_sha": commit_hash,
+            "branch": run.get("branch"),
+            "created_at": run.get("createdAt"),
+            "stack_id": run.get("stack"),
+            "triggered_by_user_id": run.get("triggeredBy"),
+            "affected_instance_ids": affected_instance_ids,
+            "spacelift_account_id": account_id,
+        }
+        result.append(transformed_run)
+    logger.info(
+        f"Transformed {len(result)} runs ({sum(1 for r in result if r['affected_instance_ids'])} affecting EC2 instances)"
+    )
+    return result
+def extract_users_from_runs(runs_data: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    """
+    Extract unique user information from runs' triggeredBy field.
+    """
+    logger.info("Extracting users from runs")
+    user_emails = set()
+    for run in runs_data:
+        triggered_by = run.get("triggeredBy")
+        if triggered_by:
+            user_emails.add(triggered_by)
+    # Create user dictionaries with appropriate user_type
+    users = []
+    for user_id in sorted(user_emails):
+        is_email = "@" in user_id
+        users.append(
+            {
+                "id": user_id,
+                "username": user_id,
+                "email": user_id if is_email else None,
+                "name": user_id.split("@")[0] if is_email else user_id,
+                "user_type": "human" if is_email else "system",
+            }
+        )
+    logger.info(f"Extracted {len(users)} unique users from {len(runs_data)} runs")
+    return users
+def extract_commits_from_runs(
+    runs_data: list[dict[str, Any]], account_id: str
+) -> list[dict[str, Any]]:
+    """
+    Extract unique commit information from runs.
+    Links commits to the users/systems that triggered runs using those commits.
+    """
+    logger.info("Extracting commits from runs")
+    # Use dict to deduplicate by SHA
+    commits_by_sha: dict[str, dict[str, Any]] = {}
+    for run in runs_data:
+        commit = run.get("commit")
+        # Skip runs without commit data
+        if not commit or not commit.get("hash"):
+            continue
+        sha = commit["hash"]
+        triggered_by = run.get("triggeredBy")
+        # Skip if we've already seen this commit (first triggeredBy wins)
+        if sha in commits_by_sha:
+            continue
+        commits_by_sha[sha] = {
+            "sha": sha,
+            "message": commit.get("message"),
+            "timestamp": commit.get("timestamp"),
+            "url": commit.get("url"),
+            "author_login": commit.get("authorLogin"),
+            "author_name": commit.get("authorName"),
+            "author_user_id": triggered_by,
+            "spacelift_account_id": account_id,
+        }
+        logger.debug(
+            f"Extracted commit {sha} (by {commit.get('authorLogin')}) confirmed by {triggered_by}"
+        )
+    commits = list(commits_by_sha.values())
+    logger.info(f"Extracted {len(commits)} unique commits from {len(runs_data)} runs")
+    return commits
+def load_users(
+    neo4j_session: neo4j.Session,
+    users_data: list[dict[str, Any]],
+    update_tag: int,
+    account_id: str,
+) -> None:
+    """
+    Load Spacelift users data into Neo4j using the data model.
+    """
+    # Add spacelift_account_id to each user for the relationship
+    for user in users_data:
+        user["spacelift_account_id"] = account_id
+    load(
+        neo4j_session,
+        SpaceliftUserSchema(),
+        users_data,
+        lastupdated=update_tag,
+        spacelift_account_id=account_id,
+    )
+    logger.info(f"Loaded {len(users_data)} Spacelift users")
+def load_runs(
+    neo4j_session: neo4j.Session,
+    runs_data: list[dict[str, Any]],
+    update_tag: int,
+    account_id: str,
+) -> None:
+    """
+    Load Spacelift runs data into Neo4j using the data model.
+    """
+    load(
+        neo4j_session,
+        SpaceliftRunSchema(),
+        runs_data,
+        lastupdated=update_tag,
+        spacelift_account_id=account_id,
+    )
+    logger.info(f"Loaded {len(runs_data)} Spacelift runs")
+def load_commits(
+    neo4j_session: neo4j.Session,
+    commits_data: list[dict[str, Any]],
+    update_tag: int,
+    account_id: str,
+) -> None:
+    """
+    Load Git commit data into Neo4j using the data model.
+    """
+    load(
+        neo4j_session,
+        SpaceliftGitCommitSchema(),
+        commits_data,
+        lastupdated=update_tag,
+        spacelift_account_id=account_id,
+    )
+    logger.info(f"Loaded {len(commits_data)} Git commits")
+@timeit
+def cleanup_users(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Remove stale Spacelift user data from Neo4j.
+    """
+    from cartography.models.spacelift.user import SpaceliftUserSchema
+    logger.debug("Running SpaceliftUser cleanup job")
+    GraphJob.from_node_schema(SpaceliftUserSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def cleanup_runs(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    logger.debug("Running SpaceliftRun cleanup job")
+    GraphJob.from_node_schema(SpaceliftRunSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def cleanup_commits(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    logger.debug("Running GitCommit cleanup job")
+    GraphJob.from_node_schema(SpaceliftGitCommitSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def sync_runs(
+    neo4j_session: neo4j.Session,
+    spacelift_session: requests.Session,
+    api_endpoint: str,
+    account_id: str,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    """
+    Sync Spacelift runs, commits, and users to Neo4j.
+    Users are extracted from runs' triggeredBy field.
+    Commits are linked to the users who triggered deployments using those commits.
+    """
+    entities_raw_data = get_entities(spacelift_session, api_endpoint)
+    runs_raw_data = get_runs(spacelift_session, api_endpoint)
+    run_to_instances_map = transform_entities_to_run_map(entities_raw_data)
+    transformed_runs = transform_runs(runs_raw_data, run_to_instances_map, account_id)
+    extracted_users = extract_users_from_runs(runs_raw_data)
+    extracted_commits = extract_commits_from_runs(runs_raw_data, account_id)
+    load_users(
+        neo4j_session, extracted_users, common_job_parameters["UPDATE_TAG"], account_id
+    )
+    load_commits(
+        neo4j_session,
+        extracted_commits,
+        common_job_parameters["UPDATE_TAG"],
+        account_id,
+    )
+    load_runs(
+        neo4j_session, transformed_runs, common_job_parameters["UPDATE_TAG"], account_id
+    )
+    cleanup_users(neo4j_session, common_job_parameters)
+    cleanup_commits(neo4j_session, common_job_parameters)
+    cleanup_runs(neo4j_session, common_job_parameters)
+    logger.info(
+        f"Synced {len(extracted_users)} users, {len(extracted_commits)} commits, "
+        f"and {len(transformed_runs)} Spacelift runs"
+    )

cartography/intel/spacelift/spaces.py ADDED Viewed

@@ -0,0 +1,112 @@
+import logging
+from typing import Any
+import neo4j
+import requests
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.spacelift.util import call_spacelift_api
+from cartography.models.spacelift.space import SpaceliftSpaceSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+# GraphQL query to fetch all spaces (direct array, no pagination)
+GET_SPACES_QUERY = """
+query {
+    spaces {
+        id
+        name
+        description
+        parentSpace
+    }
+}
+"""
+@timeit
+def get_spaces(session: requests.Session, api_endpoint: str) -> list[dict[str, Any]]:
+    logger.info("Fetching Spacelift spaces")
+    response = call_spacelift_api(session, api_endpoint, GET_SPACES_QUERY)
+    spaces_data = response.get("data", {}).get("spaces", [])
+    logger.info(f"Retrieved {len(spaces_data)} Spacelift spaces")
+    return spaces_data
+def transform_spaces(
+    spaces_data: list[dict[str, Any]], account_id: str
+) -> list[dict[str, Any]]:
+    result: list[dict[str, Any]] = []
+    for space in spaces_data:
+        parent_space = space.get("parentSpace")
+        # A space is root if it has no parent space
+        is_root = parent_space is None
+        transformed_space = {
+            "id": space["id"],
+            "name": space.get("name"),
+            "description": space.get("description"),
+            "is_root": is_root,
+            "spacelift_account_id": account_id,
+            "parent_spacelift_account_id": account_id if is_root else None,
+            "parent_space_id": parent_space,
+        }
+        result.append(transformed_space)
+    logger.info(f"Transformed {len(result)} spaces")
+    return result
+def load_spaces(
+    neo4j_session: neo4j.Session,
+    spaces_data: list[dict[str, Any]],
+    update_tag: int,
+    account_id: str,
+) -> None:
+    load(
+        neo4j_session,
+        SpaceliftSpaceSchema(),
+        spaces_data,
+        lastupdated=update_tag,
+        spacelift_account_id=account_id,
+    )
+    logger.info(f"Loaded {len(spaces_data)} Spacelift spaces")
+@timeit
+def cleanup_spaces(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    logger.debug("Running SpaceliftSpace cleanup job")
+    GraphJob.from_node_schema(SpaceliftSpaceSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def sync_spaces(
+    neo4j_session: neo4j.Session,
+    spacelift_session: requests.Session,
+    api_endpoint: str,
+    account_id: str,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    spaces_raw_data = get_spaces(spacelift_session, api_endpoint)
+    transformed_spaces = transform_spaces(spaces_raw_data, account_id)
+    load_spaces(
+        neo4j_session,
+        transformed_spaces,
+        common_job_parameters["UPDATE_TAG"],
+        account_id,
+    )
+    cleanup_spaces(neo4j_session, common_job_parameters)
+    logger.info(f"Synced {len(transformed_spaces)} Spacelift spaces")

cartography/intel/spacelift/stacks.py ADDED Viewed

@@ -0,0 +1,119 @@
+import logging
+from typing import Any
+import neo4j
+import requests
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.spacelift.util import call_spacelift_api
+from cartography.models.spacelift.stack import SpaceliftStackSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+# GraphQL query to fetch all stacks (direct array, no pagination)
+GET_STACKS_QUERY = """
+query {
+    stacks {
+        id
+        name
+        description
+        state
+        administrative
+        repository
+        branch
+        projectRoot
+        space
+    }
+}
+"""
+@timeit
+def get_stacks(session: requests.Session, api_endpoint: str) -> list[dict[str, Any]]:
+    logger.info("Fetching Spacelift stacks")
+    response = call_spacelift_api(session, api_endpoint, GET_STACKS_QUERY)
+    stacks_data = response.get("data", {}).get("stacks", [])
+    logger.info(f"Retrieved {len(stacks_data)} Spacelift stacks")
+    return stacks_data
+def transform_stacks(
+    stacks_data: list[dict[str, Any]], account_id: str
+) -> list[dict[str, Any]]:
+    result: list[dict[str, Any]] = []
+    for stack in stacks_data:
+        transformed_stack = {
+            "id": stack["id"],
+            "name": stack.get("name"),
+            "description": stack.get("description"),
+            "state": stack.get("state"),
+            "administrative": stack.get("administrative"),
+            "repository": stack.get("repository"),
+            "branch": stack.get("branch"),
+            "project_root": stack.get("projectRoot"),
+            "space_id": stack.get("space"),
+            "spacelift_account_id": account_id,
+        }
+        result.append(transformed_stack)
+    logger.info(f"Transformed {len(result)} stacks")
+    return result
+def load_stacks(
+    neo4j_session: neo4j.Session,
+    stacks_data: list[dict[str, Any]],
+    update_tag: int,
+    account_id: str,
+) -> None:
+    load(
+        neo4j_session,
+        SpaceliftStackSchema(),
+        stacks_data,
+        lastupdated=update_tag,
+        spacelift_account_id=account_id,
+    )
+    logger.info(f"Loaded {len(stacks_data)} Spacelift stacks")
+@timeit
+def cleanup_stacks(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    logger.debug("Running SpaceliftStack cleanup job")
+    GraphJob.from_node_schema(SpaceliftStackSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+@timeit
+def sync_stacks(
+    neo4j_session: neo4j.Session,
+    spacelift_session: requests.Session,
+    api_endpoint: str,
+    account_id: str,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    stacks_raw_data = get_stacks(spacelift_session, api_endpoint)
+    transformed_stacks = transform_stacks(stacks_raw_data, account_id)
+    load_stacks(
+        neo4j_session,
+        transformed_stacks,
+        common_job_parameters["UPDATE_TAG"],
+        account_id,
+    )
+    cleanup_stacks(neo4j_session, common_job_parameters)
+    logger.info(f"Synced {len(transformed_stacks)} Spacelift stacks")

cartography 0.104.0rc2__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography 0.104.0rc2py3-none-any.whl → 0.123.0py3-none-any.whl