cartography 0.110.0rc2__py3-none-any.whl → 0.111.0__py3-none-any.whl

cartography/intel/keycloak/util.py

@@ -0,0 +1,47 @@
+from typing import Any
+from typing import Generator
+
+import requests
+
+# Connect and read timeouts of 60 seconds each; see https://requests.readthedocs.io/en/master/user/advanced/#timeouts
+_TIMEOUT = (60, 60)
+
+
+def get_paginated(
+    api_session: requests.Session,
+    endpoint: str,
+    items_per_page: int = 100,
+    params: dict[str, Any] | None = None,
+) -> Generator[dict[str, Any], None, None]:
+    """Fetch paginated results from a REST API endpoint.
+
+    This function handles pagination by making multiple requests to the API
+    until all pages of results have been retrieved.
+
+    Args:
+        api_session (requests.Session): The requests session to use for making API calls.
+        endpoint (str): The API endpoint to fetch data from.
+        items_per_page (int, optional): The number of items to retrieve per page. Defaults to 100.
+        params (dict[str, Any] | None, optional): Additional query parameters to include in the request. Defaults to None.
+
+    Yields:
+        Generator[dict[str, Any], None, None]: A generator that yields the individual items from the paginated response.
+    """
+    has_more = True
+    offset = 0
+    while has_more:
+        if params is None:
+            payload = {}
+        else:
+            payload = params.copy()
+        payload["first"] = offset
+        payload["max"] = items_per_page
+        req = api_session.get(endpoint, params=payload, timeout=_TIMEOUT)
+        req.raise_for_status()
+        data = req.json()
+        if not data:
+            break
+        yield from data
+        if len(data) < items_per_page:
+            has_more = False
+        offset += len(data)

cartography/models/aws/apigateway/apigatewaydeployment.py

@@ -0,0 +1,74 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    arn: PropertyRef = PropertyRef("id", extra_index=True)
+    description: PropertyRef = PropertyRef("description")
+    region: PropertyRef = PropertyRef("region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentToAWSAccountRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:APIGatewayDeployment)<-[:RESOURCE]-(:AWSAccount)
+class APIGatewayDeploymentToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: APIGatewayDeploymentToAWSAccountRelRelProperties = (
+        APIGatewayDeploymentToAWSAccountRelRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentToRestAPIRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:APIGatewayDeployment)<-[:HAS_DEPLOYMENT]-(:APIGatewayRestAPI)
+class APIGatewayDeploymentToRestAPIRel(CartographyRelSchema):
+    target_node_label: str = "APIGatewayRestAPI"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("api_id")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "HAS_DEPLOYMENT"
+    properties: APIGatewayDeploymentToRestAPIRelRelProperties = (
+        APIGatewayDeploymentToRestAPIRelRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentSchema(CartographyNodeSchema):
+    label: str = "APIGatewayDeployment"
+    properties: APIGatewayDeploymentNodeProperties = (
+        APIGatewayDeploymentNodeProperties()
+    )
+    sub_resource_relationship: APIGatewayDeploymentToAWSAccountRel = (
+        APIGatewayDeploymentToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            APIGatewayDeploymentToRestAPIRel(),
+        ]
+    )

cartography/models/aws/ec2/vpc.py

@@ -0,0 +1,46 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class VPCNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("VpcId")
+    vpcid: PropertyRef = PropertyRef("VpcId", extra_index=True)
+    primary_cidr_block: PropertyRef = PropertyRef("PrimaryCIDRBlock")
+    instance_tenancy: PropertyRef = PropertyRef("InstanceTenancy")
+    state: PropertyRef = PropertyRef("State")
+    is_default: PropertyRef = PropertyRef("IsDefault")
+    dhcp_options_id: PropertyRef = PropertyRef("DhcpOptionsId")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class VPCToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class VPCToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: VPCToAWSAccountRelProperties = VPCToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSVpcSchema(CartographyNodeSchema):
+    label: str = "AWSVpc"
+    properties: VPCNodeProperties = VPCNodeProperties()
+    sub_resource_relationship: VPCToAWSAccountRel = VPCToAWSAccountRel()

cartography/models/aws/ec2/vpc_cidr.py

@@ -0,0 +1,102 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Id")
+    vpcid: PropertyRef = PropertyRef("VpcId")
+    association_id: PropertyRef = PropertyRef("AssociationId")
+    cidr_block: PropertyRef = PropertyRef("CidrBlock")
+    block_state: PropertyRef = PropertyRef("BlockState")
+    block_state_message: PropertyRef = PropertyRef("BlockStateMessage")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockToAWSVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockToAWSVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "BLOCK_ASSOCIATION"
+    properties: AWSIPv4CidrBlockToAWSVpcRelProperties = (
+        AWSIPv4CidrBlockToAWSVpcRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockSchema(CartographyNodeSchema):
+    """
+    There is no sub-resource relationship here because a
+    CIDR block can be associated with more than one account
+    and it doesn't make sense to scope it to one.
+    """
+
+    label: str = "AWSCidrBlock"
+    properties: AWSIPv4CidrBlockNodeProperties = AWSIPv4CidrBlockNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [AWSIPv4CidrBlockToAWSVpcRel()]
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSIpv4CidrBlock"])
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Id")
+    vpcid: PropertyRef = PropertyRef("VpcId")
+    association_id: PropertyRef = PropertyRef("AssociationId")
+    cidr_block: PropertyRef = PropertyRef("CidrBlock")
+    block_state: PropertyRef = PropertyRef("BlockState")
+    block_state_message: PropertyRef = PropertyRef("BlockStateMessage")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockToAWSVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockToAWSVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "BLOCK_ASSOCIATION"
+    properties: AWSIPv6CidrBlockToAWSVpcRelProperties = (
+        AWSIPv6CidrBlockToAWSVpcRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockSchema(CartographyNodeSchema):
+    """
+    There is no sub-resource relationship here because a
+    CIDR block can be associated with more than one account
+    and it doesn't make sense to scope it to one.
+    """
+
+    label: str = "AWSCidrBlock"
+    properties: AWSIPv6CidrBlockNodeProperties = AWSIPv6CidrBlockNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [AWSIPv6CidrBlockToAWSVpcRel()]
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSIpv6CidrBlock"])

cartography/models/aws/eventbridge/target.py

@@ -0,0 +1,71 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Id")
+    arn: PropertyRef = PropertyRef("Arn", extra_index=True)
+    rule_arn: PropertyRef = PropertyRef("RuleArn")
+    role_arn: PropertyRef = PropertyRef("RoleArn")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EventBridgeTargetToAwsAccountRelProperties = (
+        EventBridgeTargetToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToEventBridgeRuleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToEventBridgeRuleRel(CartographyRelSchema):
+    target_node_label: str = "EventBridgeRule"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("RuleArn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "LINKED_TO_RULE"
+    properties: EventBridgeTargetToEventBridgeRuleRelProperties = (
+        EventBridgeTargetToEventBridgeRuleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetSchema(CartographyNodeSchema):
+    label: str = "EventBridgeTarget"
+    properties: EventBridgeTargetNodeProperties = EventBridgeTargetNodeProperties()
+    sub_resource_relationship: EventBridgeTargetToAWSAccountRel = (
+        EventBridgeTargetToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EventBridgeTargetToEventBridgeRuleRel(),
+        ]
+    )

cartography/models/keycloak/authenticationexecution.py

@@ -0,0 +1,160 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import SourceNodeMatcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakAuthenticationExecutionNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    display_name: PropertyRef = PropertyRef("displayName")
+    requirement: PropertyRef = PropertyRef("requirement")
+    description: PropertyRef = PropertyRef("description")
+    configurable: PropertyRef = PropertyRef("configurable")
+    authentication_flow: PropertyRef = PropertyRef("authenticationFlow")
+    provider_id: PropertyRef = PropertyRef("providerId")
+    flow_id: PropertyRef = PropertyRef("flowId")
+    level: PropertyRef = PropertyRef("level")
+    index: PropertyRef = PropertyRef("index")
+    priority: PropertyRef = PropertyRef("priority")
+    is_terminal_step: PropertyRef = PropertyRef("is_terminal_step")
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakAuthenticationExecutionToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakAuthenticationExecution)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakAuthenticationExecutionToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakAuthenticationExecutionToRealmRelProperties = (
+        KeycloakAuthenticationExecutionToRealmRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ExecutionToFlowRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakAuthenticationExecution)<-[:HAS_STEP]-(:KeycloakAuthenticationFlow)
+class ExecutionToFlowRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakAuthenticationFlow"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "alias": PropertyRef("_parent_flow"),
+            "realm": PropertyRef("REALM", set_in_kwargs=True),
+        },
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "HAS_STEP"
+    properties: ExecutionToFlowRelProperties = ExecutionToFlowRelProperties()
+
+
+@dataclass(frozen=True)
+class ExecutionToExecutionRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakAuthenticationExecution)<-[:HAS_STEP]-(:KeycloakAuthenticationExecution)
+class ExecutionToExecutionRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakAuthenticationExecution"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_parent_subflow")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "HAS_STEP"
+    properties: ExecutionToExecutionRelProperties = ExecutionToExecutionRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakAuthenticationExecutionSchema(CartographyNodeSchema):
+    label: str = "KeycloakAuthenticationExecution"
+    properties: KeycloakAuthenticationExecutionNodeProperties = (
+        KeycloakAuthenticationExecutionNodeProperties()
+    )
+    sub_resource_relationship: KeycloakAuthenticationExecutionToRealmRel = (
+        KeycloakAuthenticationExecutionToRealmRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [ExecutionToFlowRel(), ExecutionToExecutionRel()]
+    )
+
+
+# The following relationships are MatchLinks, they are used to modelize all the possible flows
+@dataclass(frozen=True)
+class ExecutionToExecutionStepRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+    # Mandatory fields for MatchLinks
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakAuthenticationExecution)-[:NEXT_STEP]->(:KeycloakAuthenticationExecution)
+class ExecutionToExecutionMatchLink(CartographyRelSchema):
+    source_node_label: str = "KeycloakAuthenticationExecution"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"id": PropertyRef("source")},
+    )
+    target_node_label: str = "KeycloakAuthenticationExecution"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("target")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "NEXT_STEP"
+    properties: ExecutionToExecutionStepRelProperties = (
+        ExecutionToExecutionStepRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class ExecutionToFlowStepRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+    # Mandatory fields for MatchLinks
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakAuthenticationFlow)-[:NEXT_STEP]->(:KeycloakAuthenticationExecution)
+class ExecutionToFlowMatchLink(CartographyRelSchema):
+    source_node_label: str = "KeycloakAuthenticationExecution"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"id": PropertyRef("execution_id")},
+    )
+    target_node_label: str = "KeycloakAuthenticationFlow"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "alias": PropertyRef("flow_name"),
+            "realm": PropertyRef(
+                "realm"
+            ),  # We need to pass the realm to match the flow correctly as aliases can be shared across realms
+        },
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "NEXT_STEP"
+    properties: ExecutionToFlowStepRelProperties = ExecutionToFlowStepRelProperties()

cartography/models/keycloak/authenticationflow.py

@@ -0,0 +1,54 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakAuthenticationFlowNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    alias: PropertyRef = PropertyRef("alias", extra_index=True)
+    description: PropertyRef = PropertyRef("description")
+    provider_id: PropertyRef = PropertyRef("providerId")
+    top_level: PropertyRef = PropertyRef("topLevel")
+    built_in: PropertyRef = PropertyRef("builtIn")
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+    # We need to store the realm name because authentication flows are often referenced by name
+    # and not by id, so we need to be able to find the authentication flows by name (that is not unique across realms)
+    realm: PropertyRef = PropertyRef("REALM", set_in_kwargs=True, extra_index=True)
+
+
+@dataclass(frozen=True)
+class KeycloakAuthenticationFlowToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakAuthenticationFlow)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakAuthenticationFlowToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakAuthenticationFlowToRealmRelProperties = (
+        KeycloakAuthenticationFlowToRealmRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakAuthenticationFlowSchema(CartographyNodeSchema):
+    label: str = "KeycloakAuthenticationFlow"
+    properties: KeycloakAuthenticationFlowNodeProperties = (
+        KeycloakAuthenticationFlowNodeProperties()
+    )
+    sub_resource_relationship: KeycloakAuthenticationFlowToRealmRel = (
+        KeycloakAuthenticationFlowToRealmRel()
+    )