cartography 0.106.0rc1__py3-none-any.whl → 0.107.0__py3-none-any.whl

cartography/models/aws/ec2/networkinterfaces.py

@@ -44,7 +44,9 @@ class EC2NetworkInterfaceNodeProperties(CartographyNodeProperties):
     requester_id: PropertyRef = PropertyRef("RequesterId", extra_index=True)
     requester_managed: PropertyRef = PropertyRef("RequesterManaged")
     source_dest_check: PropertyRef = PropertyRef("SourceDestCheck")
+    # TODO: remove subnetid once we have migrated to subnet_id
     subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
 
 
 @dataclass(frozen=True)

cartography/models/aws/ec2/subnet_instance.py

@@ -15,7 +15,9 @@ from cartography.models.core.relationships import TargetNodeMatcher
 class EC2SubnetInstanceNodeProperties(CartographyNodeProperties):
     # arn: PropertyRef = PropertyRef('Arn', extra_index=True) TODO use arn; issue #1024
     id: PropertyRef = PropertyRef("SubnetId")
+    # TODO: remove subnetid once we have migrated to subnet_id
     subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
+    subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
     region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 

cartography/models/aws/ec2/subnet_networkinterface.py

@@ -16,6 +16,8 @@ from cartography.models.core.relationships import TargetNodeMatcher
 @dataclass(frozen=True)
 class EC2SubnetNetworkInterfaceNodeProperties(CartographyNodeProperties):
     id: PropertyRef = PropertyRef("SubnetId")
+    # TODO: remove subnetid once we have migrated to subnet_id
+    subnetid: PropertyRef = PropertyRef("SubnetId", extra_index=True)
     subnet_id: PropertyRef = PropertyRef("SubnetId", extra_index=True)
     region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)

cartography/models/aws/ecs/containers.py

@@ -66,6 +66,24 @@ class ECSContainerToTaskRel(CartographyRelSchema):
     properties: ECSContainerToTaskRelProperties = ECSContainerToTaskRelProperties()
 
 
+@dataclass(frozen=True)
+class ECSContainerToECRImageRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECSContainerToECRImageRel(CartographyRelSchema):
+    target_node_label: str = "ECRImage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"digest": PropertyRef("imageDigest")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_IMAGE"
+    properties: ECSContainerToECRImageRelProperties = (
+        ECSContainerToECRImageRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class ECSContainerSchema(CartographyNodeSchema):
     label: str = "ECSContainer"
@@ -76,5 +94,6 @@ class ECSContainerSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             ECSContainerToTaskRel(),
+            ECSContainerToECRImageRel(),
         ]
     )

cartography/models/aws/ecs/task_definitions.py

@@ -83,6 +83,42 @@ class ECSTaskDefinitionToECSTaskRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class ECSTaskDefinitionToTaskRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECSTaskDefinitionToTaskRoleRel(CartographyRelSchema):
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("taskRoleArn")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_TASK_ROLE"
+    properties: ECSTaskDefinitionToTaskRoleRelProperties = (
+        ECSTaskDefinitionToTaskRoleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ECSTaskDefinitionToExecutionRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECSTaskDefinitionToExecutionRoleRel(CartographyRelSchema):
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("executionRoleArn")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_EXECUTION_ROLE"
+    properties: ECSTaskDefinitionToExecutionRoleRelProperties = (
+        ECSTaskDefinitionToExecutionRoleRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class ECSTaskDefinitionSchema(CartographyNodeSchema):
     label: str = "ECSTaskDefinition"
@@ -93,5 +129,7 @@ class ECSTaskDefinitionSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             ECSTaskDefinitionToECSTaskRel(),
+            ECSTaskDefinitionToTaskRoleRel(),
+            ECSTaskDefinitionToExecutionRoleRel(),
         ]
     )

cartography/models/aws/ecs/tasks.py

@@ -46,6 +46,7 @@ class ECSTaskNodeProperties(CartographyNodeProperties):
     ephemeral_storage_size_in_gib: PropertyRef = PropertyRef(
         "ephemeralStorage.sizeInGiB"
     )
+    network_interface_id: PropertyRef = PropertyRef("networkInterfaceId")
     region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
@@ -100,11 +101,33 @@ class ECSTaskToAWSAccountRel(CartographyRelSchema):
     properties: ECSTaskToAWSAccountRelProperties = ECSTaskToAWSAccountRelProperties()
 
 
+@dataclass(frozen=True)
+class ECSTaskToNetworkInterfaceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class ECSTaskToNetworkInterfaceRel(CartographyRelSchema):
+    target_node_label: str = "NetworkInterface"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("networkInterfaceId")}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "NETWORK_INTERFACE"
+    properties: ECSTaskToNetworkInterfaceRelProperties = (
+        ECSTaskToNetworkInterfaceRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class ECSTaskSchema(CartographyNodeSchema):
     label: str = "ECSTask"
     properties: ECSTaskNodeProperties = ECSTaskNodeProperties()
     sub_resource_relationship: ECSTaskToAWSAccountRel = ECSTaskToAWSAccountRel()
     other_relationships: OtherRelationships = OtherRelationships(
-        [ECSTaskToContainerInstanceRel(), ECSTaskToECSClusterRel()]
+        [
+            ECSTaskToContainerInstanceRel(),
+            ECSTaskToECSClusterRel(),
+            ECSTaskToNetworkInterfaceRel(),
+        ]
     )

cartography/models/aws/efs/access_point.py

@@ -0,0 +1,77 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EfsAccessPointNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("AccessPointArn")
+    arn: PropertyRef = PropertyRef("AccessPointArn", extra_index=True)
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    access_point_id: PropertyRef = PropertyRef("AccessPointId")
+    file_system_id: PropertyRef = PropertyRef("FileSystemId")
+    lifecycle_state: PropertyRef = PropertyRef("LifeCycleState")
+    name: PropertyRef = PropertyRef("Name")
+    owner_id: PropertyRef = PropertyRef("OwnerId")
+    posix_gid: PropertyRef = PropertyRef("Gid")
+    posix_uid: PropertyRef = PropertyRef("Uid")
+    root_directory_path: PropertyRef = PropertyRef("RootDirectoryPath")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EfsAccessPointToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EfsAccessPointToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EfsAccessPointToAwsAccountRelProperties = (
+        EfsAccessPointToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EfsAccessPointToEfsFileSystemRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EfsAccessPointToEfsFileSystemRel(CartographyRelSchema):
+    target_node_label: str = "EfsFileSystem"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("FileSystemId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ACCESS_POINT_OF"
+    properties: EfsAccessPointToEfsFileSystemRelProperties = (
+        EfsAccessPointToEfsFileSystemRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EfsAccessPointSchema(CartographyNodeSchema):
+    label: str = "EfsAccessPoint"
+    properties: EfsAccessPointNodeProperties = EfsAccessPointNodeProperties()
+    sub_resource_relationship: EfsAccessPointToAWSAccountRel = (
+        EfsAccessPointToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EfsAccessPointToEfsFileSystemRel(),
+        ]
+    )

cartography/models/aws/inspector/findings.py

@@ -7,8 +7,10 @@ from cartography.models.core.nodes import ExtraNodeLabels
 from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
 from cartography.models.core.relationships import make_target_node_matcher
 from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import SourceNodeMatcher
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
@@ -135,6 +137,40 @@ class InspectorFindingToECRImageRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class InspectorFindingToPackageRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+    # The following properties live in vulnerablePackages from AWS API
+    # Adding them here to avoid multiple repetion of packages
+    filepath: PropertyRef = PropertyRef("filePath")
+    fixedinversion: PropertyRef = PropertyRef("fixedInVersion")
+    remediation: PropertyRef = PropertyRef("remediation")
+    sourcelayerhash: PropertyRef = PropertyRef("sourceLayerHash")
+    sourcelambdalayerarn: PropertyRef = PropertyRef("sourceLambdaLayerArn")
+
+
+@dataclass(frozen=True)
+# (:AWSInspectorFinding)-[:HAS]->(:AWSInspectorPackage)
+class InspectorFindingToPackageMatchLink(CartographyRelSchema):
+    target_node_label: str = "AWSInspectorPackage"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("packageid")},
+    )
+    source_node_label: str = "AWSInspectorFinding"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"id": PropertyRef("findingarn")},
+    )
+    properties: InspectorFindingToPackageRelRelProperties = (
+        InspectorFindingToPackageRelRelProperties()
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS"
+
+
 @dataclass(frozen=True)
 class AWSInspectorFindingSchema(CartographyNodeSchema):
     label: str = "AWSInspectorFinding"
@@ -146,6 +182,7 @@ class AWSInspectorFindingSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             InspectorFindingToEC2InstanceRel(),
+            # TODO: Fix ECRRepository and ECRImage relationships
             InspectorFindingToECRRepositoryRel(),
             InspectorFindingToECRImageRel(),
             InspectorFindingToAWSAccountRelDelegateRel(),

cartography/models/aws/inspector/packages.py

@@ -7,25 +7,18 @@ from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
 from cartography.models.core.relationships import make_target_node_matcher
-from cartography.models.core.relationships import OtherRelationships
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
 @dataclass(frozen=True)
 class AWSInspectorPackageNodeProperties(CartographyNodeProperties):
     id: PropertyRef = PropertyRef("id")
-    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
-    awsaccount: PropertyRef = PropertyRef("AWS_ID", set_in_kwargs=True)
-    findingarn: PropertyRef = PropertyRef("findingarn", extra_index=True)
     name: PropertyRef = PropertyRef("name", extra_index=True)
-    arch: PropertyRef = PropertyRef("arch")
     version: PropertyRef = PropertyRef("version", extra_index=True)
     release: PropertyRef = PropertyRef("release", extra_index=True)
+    arch: PropertyRef = PropertyRef("arch")
     epoch: PropertyRef = PropertyRef("epoch")
     manager: PropertyRef = PropertyRef("packageManager")
-    filepath: PropertyRef = PropertyRef("filePath")
-    fixedinversion: PropertyRef = PropertyRef("fixedInVersion")
-    sourcelayerhash: PropertyRef = PropertyRef("sourceLayerHash")
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
 
@@ -47,24 +40,6 @@ class InspectorPackageToAWSAccountRel(CartographyRelSchema):
     )
 
 
-@dataclass(frozen=True)
-class InspectorPackageToFindingRelRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
-
-
-@dataclass(frozen=True)
-class InspectorPackageToFindingRel(CartographyRelSchema):
-    target_node_label: str = "AWSInspectorFinding"
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {"id": PropertyRef("findingarn")},
-    )
-    direction: LinkDirection = LinkDirection.INWARD
-    rel_label: str = "HAS"
-    properties: InspectorPackageToFindingRelRelProperties = (
-        InspectorPackageToFindingRelRelProperties()
-    )
-
-
 @dataclass(frozen=True)
 class AWSInspectorPackageSchema(CartographyNodeSchema):
     label: str = "AWSInspectorPackage"
@@ -72,8 +47,3 @@ class AWSInspectorPackageSchema(CartographyNodeSchema):
     sub_resource_relationship: InspectorPackageToAWSAccountRel = (
         InspectorPackageToAWSAccountRel()
     )
-    other_relationships: OtherRelationships = OtherRelationships(
-        [
-            InspectorPackageToFindingRel(),
-        ],
-    )

cartography/models/aws/sns/topic_subscription.py

@@ -0,0 +1,74 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SNSTopicSubscriptionNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("SubscriptionArn")
+    arn: PropertyRef = PropertyRef("SubscriptionArn", extra_index=True)
+    topic_arn: PropertyRef = PropertyRef("TopicArn")
+    endpoint: PropertyRef = PropertyRef("Endpoint")
+    owner: PropertyRef = PropertyRef("Owner")
+    protocol: PropertyRef = PropertyRef("Protocol")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SNSTopicSubscriptionToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SNSTopicSubscriptionToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: SNSTopicSubscriptionToAwsAccountRelProperties = (
+        SNSTopicSubscriptionToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class SNSTopicSubscriptionToSNSTopicRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class SNSTopicSubscriptionToSNSTopicRel(CartographyRelSchema):
+    target_node_label: str = "SNSTopic"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("TopicArn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_SUBSCRIPTION"
+    properties: SNSTopicSubscriptionToSNSTopicRelProperties = (
+        SNSTopicSubscriptionToSNSTopicRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class SNSTopicSubscriptionSchema(CartographyNodeSchema):
+    label: str = "SNSTopicSubscription"
+    properties: SNSTopicSubscriptionNodeProperties = (
+        SNSTopicSubscriptionNodeProperties()
+    )
+    sub_resource_relationship: SNSTopicSubscriptionToAWSAccountRel = (
+        SNSTopicSubscriptionToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            SNSTopicSubscriptionToSNSTopicRel(),
+        ]
+    )

cartography/models/core/common.py

@@ -63,6 +63,7 @@ class PropertyRef:
             ```
             This means that as we create AWSInstanceProfile nodes, we will search for AWSRoles to attach to, and we do
             this by checking if each role's `arn` field is in the `Roles` list of the data dict.
+        Note that one_to_many has no effect on matchlinks.
         """
         self.name = name
         self.set_in_kwargs = set_in_kwargs

cartography/models/core/relationships.py

@@ -42,6 +42,11 @@ class CartographyRelProperties(abc.ABC):
     Abstract class that represents the properties on a CartographyRelSchema. This is intended to enforce that all
     subclasses will have a lastupdated field defined on their resulting relationships. These fields are assigned to the
     relationship in the `SET` clause.
+
+    If the CartographyRelSchema is used as a MatchLink, the following properties are required to be defined here:
+    - lastupdated: A PropertyRef to the update tag of the relationship.
+    - _sub_resource_label: A PropertyRef to the label of the sub-resource that the relationship is associated with.
+    - _sub_resource_id: A PropertyRef to the id of the sub-resource that the relationship is associated with.
     """
 
     lastupdated: PropertyRef = field(init=False)
@@ -90,6 +95,29 @@ def make_target_node_matcher(key_ref_dict: Dict[str, PropertyRef]) -> TargetNode
     return make_dataclass(TargetNodeMatcher.__name__, fields, frozen=True)()
 
 
+@dataclass(frozen=True)
+class SourceNodeMatcher:
+    """
+    Same as TargetNodeMatcher, but for the source node; see `make_source_node_matcher()`.
+    This object is used only for load_matchlinks() where we match on and connect existing nodes.
+    This has no effect on CartographyRelSchema objects that are included in CartographyNodeSchema.
+    """
+
+    pass
+
+
+def make_source_node_matcher(key_ref_dict: Dict[str, PropertyRef]) -> SourceNodeMatcher:
+    """
+    :param key_ref_dict: A Dict mapping keys present on the node to PropertyRef objects.
+    :return: A SourceNodeMatcher used for CartographyRelSchema to match with other nodes.
+    """
+    fields = [
+        (key, PropertyRef, field(default=prop_ref))
+        for key, prop_ref in key_ref_dict.items()
+    ]
+    return make_dataclass(SourceNodeMatcher.__name__, fields, frozen=True)()
+
+
 @dataclass(frozen=True)
 class CartographyRelSchema(abc.ABC):
     """
@@ -139,6 +167,22 @@ class CartographyRelSchema(abc.ABC):
         """
         pass
 
+    @property
+    def source_node_label(self) -> str | None:
+        """
+        :return: Optional. Only used for load_matchlinks(). The source node label to use for the relationship.
+        This does not affect CartographyRelSchema that are included in CartographyNodeSchema objects.
+        """
+        return None
+
+    @property
+    def source_node_matcher(self) -> SourceNodeMatcher | None:
+        """
+        :return: Optional. Only used for load_matchlinks(). A SourceNodeMatcher object used to find what node(s) to attach the relationship to.
+        This does not affect CartographyRelSchema that are included in CartographyNodeSchema objects.
+        """
+        return None
+
 
 @dataclass(frozen=True)
 class OtherRelationships:

cartography/models/entra/user.py

@@ -9,6 +9,10 @@ from cartography.models.core.relationships import LinkDirection
 from cartography.models.core.relationships import make_target_node_matcher
 from cartography.models.core.relationships import TargetNodeMatcher
 
+# The user resource in Microsoft Graph exposes hundreds of properties but, in
+# practice, only a small subset is populated in most tenants.  We deliberately
+# model *just* the commonly-used attributes to keep the graph lean.
+
 
 @dataclass(frozen=True)
 class EntraUserNodeProperties(CartographyNodeProperties):
@@ -17,61 +21,23 @@ class EntraUserNodeProperties(CartographyNodeProperties):
     display_name: PropertyRef = PropertyRef("display_name")
     given_name: PropertyRef = PropertyRef("given_name")
     surname: PropertyRef = PropertyRef("surname")
-    # The underlying datatype calls this 'mail' but everything else in cartography uses 'email'
+    # The SDK calls this `mail`; we surface it as `email` like the rest of Cartography
     email: PropertyRef = PropertyRef("mail", extra_index=True)
-    other_mails: PropertyRef = PropertyRef("other_mails")
-    preferred_language: PropertyRef = PropertyRef("preferred_language")
-    preferred_name: PropertyRef = PropertyRef("preferred_name")
-    state: PropertyRef = PropertyRef("state")
-    usage_location: PropertyRef = PropertyRef("usage_location")
-    user_type: PropertyRef = PropertyRef("user_type")
-    show_in_address_list: PropertyRef = PropertyRef("show_in_address_list")
-    sign_in_sessions_valid_from_date_time: PropertyRef = PropertyRef(
-        "sign_in_sessions_valid_from_date_time"
-    )
-    security_identifier: PropertyRef = PropertyRef("security_identifier")
-    account_enabled: PropertyRef = PropertyRef("account_enabled")
-    city: PropertyRef = PropertyRef("city")
-    company_name: PropertyRef = PropertyRef("company_name")
-    consent_provided_for_minor: PropertyRef = PropertyRef("consent_provided_for_minor")
-    country: PropertyRef = PropertyRef("country")
-    created_date_time: PropertyRef = PropertyRef("created_date_time")
-    creation_type: PropertyRef = PropertyRef("creation_type")
-    deleted_date_time: PropertyRef = PropertyRef("deleted_date_time")
+    mobile_phone: PropertyRef = PropertyRef("mobile_phone")
+    business_phones: PropertyRef = PropertyRef("business_phones")
+    job_title: PropertyRef = PropertyRef("job_title")
     department: PropertyRef = PropertyRef("department")
+    company_name: PropertyRef = PropertyRef("company_name")
+    office_location: PropertyRef = PropertyRef("office_location")
     employee_id: PropertyRef = PropertyRef("employee_id")
     employee_type: PropertyRef = PropertyRef("employee_type")
-    external_user_state: PropertyRef = PropertyRef("external_user_state")
-    external_user_state_change_date_time: PropertyRef = PropertyRef(
-        "external_user_state_change_date_time"
-    )
-    hire_date: PropertyRef = PropertyRef("hire_date")
-    is_management_restricted: PropertyRef = PropertyRef("is_management_restricted")
-    is_resource_account: PropertyRef = PropertyRef("is_resource_account")
-    job_title: PropertyRef = PropertyRef("job_title")
-    last_password_change_date_time: PropertyRef = PropertyRef(
-        "last_password_change_date_time"
-    )
-    mail_nickname: PropertyRef = PropertyRef("mail_nickname")
-    office_location: PropertyRef = PropertyRef("office_location")
-    on_premises_distinguished_name: PropertyRef = PropertyRef(
-        "on_premises_distinguished_name"
-    )
-    on_premises_domain_name: PropertyRef = PropertyRef("on_premises_domain_name")
-    on_premises_immutable_id: PropertyRef = PropertyRef("on_premises_immutable_id")
-    on_premises_last_sync_date_time: PropertyRef = PropertyRef(
-        "on_premises_last_sync_date_time"
-    )
-    on_premises_sam_account_name: PropertyRef = PropertyRef(
-        "on_premises_sam_account_name"
-    )
-    on_premises_security_identifier: PropertyRef = PropertyRef(
-        "on_premises_security_identifier"
-    )
-    on_premises_sync_enabled: PropertyRef = PropertyRef("on_premises_sync_enabled")
-    on_premises_user_principal_name: PropertyRef = PropertyRef(
-        "on_premises_user_principal_name"
-    )
+    city: PropertyRef = PropertyRef("city")
+    state: PropertyRef = PropertyRef("state")
+    country: PropertyRef = PropertyRef("country")
+    preferred_language: PropertyRef = PropertyRef("preferred_language")
+    account_enabled: PropertyRef = PropertyRef("account_enabled")
+    age_group: PropertyRef = PropertyRef("age_group")
+    manager_id: PropertyRef = PropertyRef("manager_id")
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)