cartography 0.110.0rc2__py3-none-any.whl → 0.111.0rc1__py3-none-any.whl

cartography/_version.py

@@ -1,7 +1,14 @@
 # file generated by setuptools-scm
 # don't change, don't track in version control
 
-__all__ = ["__version__", "__version_tuple__", "version", "version_tuple"]
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
 
 TYPE_CHECKING = False
 if TYPE_CHECKING:
@@ -9,13 +16,19 @@ if TYPE_CHECKING:
     from typing import Union
 
     VERSION_TUPLE = Tuple[Union[int, str], ...]
+    COMMIT_ID = Union[str, None]
 else:
     VERSION_TUPLE = object
+    COMMIT_ID = object
 
 version: str
 __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
+commit_id: COMMIT_ID
+__commit_id__: COMMIT_ID
 
-__version__ = version = '0.110.0rc2'
-__version_tuple__ = version_tuple = (0, 110, 0, 'rc2')
+__version__ = version = '0.111.0rc1'
+__version_tuple__ = version_tuple = (0, 111, 0, 'rc1')
+
+__commit_id__ = commit_id = None

cartography/data/indexes.cypher

@@ -51,8 +51,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:AWSTransitGatewayAttachment) ON (n.lastupdated
 CREATE INDEX IF NOT EXISTS FOR (n:AWSUser) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSUser) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSUser) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSVpc) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSVpc) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AccountAccessKey) ON (n.accesskeyid);
 CREATE INDEX IF NOT EXISTS FOR (n:AccountAccessKey) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AutoScalingGroup) ON (n.arn);

cartography/graph/querybuilder.py

@@ -1,5 +1,7 @@
 import logging
 from dataclasses import asdict
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version
 from string import Template
 from typing import Dict
 from typing import List
@@ -223,6 +225,8 @@ def _build_attach_sub_resource_statement(
         $RelMergeClause
         ON CREATE SET r.firstseen = timestamp()
         SET
+            r._module_name = "$module_name",
+            r._module_version = "$module_version",
             $set_rel_properties_statement
         """,
     )
@@ -244,6 +248,8 @@ def _build_attach_sub_resource_statement(
         SubResourceLabel=sub_resource_link.target_node_label,
         MatchClause=_build_match_clause(sub_resource_link.target_node_matcher),
         RelMergeClause=rel_merge_clause,
+        module_name=_get_module_from_schema(sub_resource_link),
+        module_version=_get_cartography_version(),
         SubResourceRelLabel=sub_resource_link.rel_label,
         set_rel_properties_statement=_build_rel_properties_statement(
             "r",
@@ -278,6 +284,8 @@ def _build_attach_additional_links_statement(
         $RelMerge
         ON CREATE SET $rel_var.firstseen = timestamp()
         SET
+            $rel_var._module_name = "$module_name",
+            $rel_var._module_version = "$module_version",
             $set_rel_properties_statement
         """,
     )
@@ -312,6 +320,8 @@ def _build_attach_additional_links_statement(
             node_var=node_var,
             rel_var=rel_var,
             RelMerge=rel_merge,
+            module_name=_get_module_from_schema(link),
+            module_version=_get_cartography_version(),
             set_rel_properties_statement=_build_rel_properties_statement(
                 rel_var,
                 rel_props_as_dict,
@@ -453,6 +463,8 @@ def build_ingestion_query(
             MERGE (i:$node_label{id: $dict_id_field})
             ON CREATE SET i.firstseen = timestamp()
             SET
+                i._module_name = "$module_name",
+                i._module_version = "$module_version",
                 $set_node_properties_statement
             $attach_relationships_statement
         """,
@@ -475,6 +487,8 @@ def build_ingestion_query(
     ingest_query = query_template.safe_substitute(
         node_label=node_schema.label,
         dict_id_field=node_props.id,
+        module_name=_get_module_from_schema(node_schema),
+        module_version=_get_cartography_version(),
         set_node_properties_statement=_build_node_properties_statement(
             node_props_as_dict,
             node_schema.extra_node_labels,
@@ -650,6 +664,8 @@ def build_matchlink_query(rel_schema: CartographyRelSchema) -> str:
             MERGE $rel
             ON CREATE SET r.firstseen = timestamp()
             SET
+                r._module_name = "$module_name",
+                r._module_version = "$module_version",
                 $set_rel_properties_statement;
         """
     )
@@ -677,8 +693,62 @@ def build_matchlink_query(rel_schema: CartographyRelSchema) -> str:
         source_match=source_match,
         target_match=target_match,
         rel=rel,
+        module_name=_get_module_from_schema(rel_schema),
+        module_version=_get_cartography_version(),
         set_rel_properties_statement=_build_rel_properties_statement(
             "r",
             rel_props_as_dict,
         ),
     )
+
+
+def _get_cartography_version() -> str:
+    """
+    Get the current version of the cartography package.
+
+    This function attempts to retrieve the version of the installed cartography package
+    using importlib.metadata. If the package is not found (typically in development
+    or testing environments), it returns 'dev' as a fallback.
+
+    Returns:
+        The version string of the cartography package, or 'dev' if not found
+    """
+    try:
+        return version("cartography")
+    except PackageNotFoundError:
+        # This can occured if the cartography package is not installed in the environment, typically in development or testing environments.
+        logger.warning("cartography package not found. Returning 'dev' version.")
+        # Fallback to reading the VERSION file if the package is not found
+        return "dev"
+
+
+def _get_module_from_schema(
+    schema,  #: "CartographyNodeSchema" | "CartographyRelSchema",
+) -> str:
+    """
+    Extract the module name from a Cartography schema object.
+
+    This function extracts and formats the module name from a CartographyNodeSchema
+    or CartographyRelSchema object. It expects schemas to be part of the official
+    cartography.models package hierarchy and returns a formatted string indicating
+    the specific cartography module.
+
+    Args:
+        schema: A CartographyNodeSchema or CartographyRelSchema object
+
+    Returns:
+        A formatted module name string in the format 'cartography:<module_name>'
+        or 'unknown:<full_module_path>' if the schema is not from cartography.models
+    """
+    # If the entity schema does not belong to the cartography.models package,
+    # we log a warning and return the full module path.
+    if not schema.__module__.startswith("cartography.models."):
+        logger.warning(
+            "The schema %s does not start with 'cartography.models.'. "
+            "This may indicate that the schema is not part of the official cartography models.",
+            schema.__module__,
+        )
+        return f"unknown:{schema.__module__}"
+    # Otherwise, we return the module path as a string.
+    parts = schema.__module__.split(".")
+    return f"cartography:{parts[2]}"

cartography/intel/aws/apigateway.py

@@ -14,12 +14,18 @@ from policyuniverse.policy import Policy
 
 from cartography.client.core.tx import load
 from cartography.graph.job import GraphJob
-from cartography.models.aws.apigateway import APIGatewayRestAPISchema
-from cartography.models.aws.apigatewaycertificate import (
+from cartography.intel.aws.ec2.util import get_botocore_config
+from cartography.models.aws.apigateway.apigateway import APIGatewayRestAPISchema
+from cartography.models.aws.apigateway.apigatewaycertificate import (
     APIGatewayClientCertificateSchema,
 )
-from cartography.models.aws.apigatewayresource import APIGatewayResourceSchema
-from cartography.models.aws.apigatewaystage import APIGatewayStageSchema
+from cartography.models.aws.apigateway.apigatewaydeployment import (
+    APIGatewayDeploymentSchema,
+)
+from cartography.models.aws.apigateway.apigatewayresource import (
+    APIGatewayResourceSchema,
+)
+from cartography.models.aws.apigateway.apigatewaystage import APIGatewayStageSchema
 from cartography.util import aws_handle_regions
 from cartography.util import timeit
 
@@ -40,6 +46,38 @@ def get_apigateway_rest_apis(
     return apis
 
 
+def get_rest_api_ids(
+    rest_apis: List[Dict],
+) -> List[str]:
+    """
+    Extracts the IDs of the REST APIs from the provided list.
+    """
+    return [api["id"] for api in rest_apis if "id" in api]
+
+
+@timeit
+@aws_handle_regions
+def get_rest_api_deployments(
+    boto3_session: boto3.session.Session,
+    rest_api_ids: List[str],
+    region: str,
+) -> List[Dict[str, Any]]:
+    """
+    Retrieves the deployments for each REST API in the provided list.
+    """
+    client = boto3_session.client(
+        "apigateway", region_name=region, config=get_botocore_config()
+    )
+    deployments: List[Dict[str, Any]] = []
+    for api_id in rest_api_ids:
+        paginator = client.get_paginator("get_deployments")
+        for page in paginator.paginate(restApiId=api_id):
+            for deployment in page.get("items", []):
+                deployment["api_id"] = api_id
+                deployments.append(deployment)
+    return deployments
+
+
 @timeit
 @aws_handle_regions
 def get_rest_api_details(
@@ -244,6 +282,25 @@ def transform_rest_api_details(
     return stages, certificates, resources
 
 
+def transform_apigateway_deployments(
+    deployments: List[Dict[str, Any]],
+    region: str,
+) -> List[Dict[str, Any]]:
+    """
+    Transform API Gateway Deployment data for ingestion
+    """
+    transformed_deployments = []
+    for deployment in deployments:
+        transformed_deployment = {
+            "id": f"{deployment['api_id']}/{deployment['id']}",
+            "api_id": deployment["api_id"],
+            "description": deployment.get("description"),
+            "region": region,
+        }
+        transformed_deployments.append(transformed_deployment)
+    return transformed_deployments
+
+
 @timeit
 def load_rest_api_details(
     neo4j_session: neo4j.Session,
@@ -283,6 +340,30 @@ def load_rest_api_details(
     )
 
 
+@timeit
+def load_apigateway_deployments(
+    neo4j_session: neo4j.Session,
+    data: List[Dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    aws_update_tag: int,
+) -> None:
+    """
+    Load API Gateway Deployment data into neo4j.
+    """
+    logger.info(
+        f"Loading API Gateway {len(data)} deployments for region '{region}' into graph.",
+    )
+    load(
+        neo4j_session,
+        APIGatewayDeploymentSchema(),
+        data,
+        region=region,
+        lastupdated=aws_update_tag,
+        AWS_ID=current_aws_account_id,
+    )
+
+
 @timeit
 def parse_policy(api_id: str, policy: Policy) -> Optional[Dict[Any, Any]]:
     """
@@ -345,6 +426,12 @@ def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
     )
     cleanup_job.run(neo4j_session)
 
+    cleanup_job = GraphJob.from_node_schema(
+        APIGatewayDeploymentSchema(),
+        common_job_parameters,
+    )
+    cleanup_job.run(neo4j_session)
+
 
 @timeit
 def sync_apigateway_rest_apis(
@@ -375,6 +462,19 @@ def sync_apigateway_rest_apis(
         current_aws_account_id,
         aws_update_tag,
     )
+
+    api_ids = get_rest_api_ids(rest_apis)
+    deployments = get_rest_api_deployments(
+        boto3_session,
+        api_ids,
+        region,
+    )
+
+    transformed_deployments = transform_apigateway_deployments(
+        deployments,
+        region,
+    )
+
     load_apigateway_rest_apis(
         neo4j_session,
         transformed_apis,
@@ -388,6 +488,13 @@ def sync_apigateway_rest_apis(
         current_aws_account_id,
         aws_update_tag,
     )
+    load_apigateway_deployments(
+        neo4j_session,
+        transformed_deployments,
+        region,
+        current_aws_account_id,
+        aws_update_tag,
+    )
 
 
 @timeit

cartography/intel/aws/ec2/vpc.py

@@ -1,13 +1,15 @@
 import logging
-from string import Template
-from typing import Dict
-from typing import List
+from typing import Any
 
 import boto3
 import neo4j
 
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.ec2.vpc import AWSVpcSchema
+from cartography.models.aws.ec2.vpc_cidr import AWSIPv4CidrBlockSchema
+from cartography.models.aws.ec2.vpc_cidr import AWSIPv6CidrBlockSchema
 from cartography.util import aws_handle_regions
-from cartography.util import run_cleanup_job
 from cartography.util import timeit
 
 from .util import get_botocore_config
@@ -17,87 +19,78 @@ logger = logging.getLogger(__name__)
 
 @timeit
 @aws_handle_regions
-def get_ec2_vpcs(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
+def get_ec2_vpcs(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> list[dict[str, Any]]:
     client = boto3_session.client(
         "ec2",
         region_name=region,
         config=get_botocore_config(),
     )
-    return client.describe_vpcs()["Vpcs"]
-
-
-def _get_cidr_association_statement(block_type: str) -> str:
-    INGEST_CIDR_TEMPLATE = Template(
-        """
-    MATCH (vpc:AWSVpc{id: $VpcId})
-    WITH vpc
-    UNWIND $CidrBlock as block_data
-        MERGE (new_block:$block_label{id: $VpcId + '|' + block_data.$block_cidr})
-        ON CREATE SET new_block.firstseen = timestamp()
-        SET new_block.association_id = block_data.AssociationId,
-        new_block.cidr_block = block_data.$block_cidr,
-        new_block.block_state = block_data.$state_name.State,
-        new_block.block_state_message = block_data.$state_name.StatusMessage,
-        new_block.lastupdated = $update_tag
-        WITH vpc, new_block
-        MERGE (vpc)-[r:BLOCK_ASSOCIATION]->(new_block)
-        ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $update_tag""",
-    )
-
-    BLOCK_CIDR = "CidrBlock"
-    STATE_NAME = "CidrBlockState"
-
-    # base label type. We add the AWS ipv4 or 6 depending on block type
-    BLOCK_TYPE = "AWSCidrBlock"
-
-    if block_type == "ipv6":
-        BLOCK_CIDR = "Ipv6" + BLOCK_CIDR
-        STATE_NAME = "Ipv6" + STATE_NAME
-        BLOCK_TYPE = BLOCK_TYPE + ":AWSIpv6CidrBlock"
-    elif block_type == "ipv4":
-        BLOCK_TYPE = BLOCK_TYPE + ":AWSIpv4CidrBlock"
-    else:
-        raise ValueError(f"Unsupported block type specified - {block_type}")
-
-    return INGEST_CIDR_TEMPLATE.safe_substitute(
-        block_label=BLOCK_TYPE,
-        block_cidr=BLOCK_CIDR,
-        state_name=STATE_NAME,
-    )
-
-
-@timeit
-def load_cidr_association_set(
-    neo4j_session: neo4j.Session,
-    vpc_id: str,
-    vpc_data: Dict,
-    block_type: str,
-    update_tag: int,
-) -> None:
-    ingest_statement = _get_cidr_association_statement(block_type)
-
-    if block_type == "ipv6":
-        data = vpc_data.get("Ipv6CidrBlockAssociationSet", [])
-    else:
-        data = vpc_data.get("CidrBlockAssociationSet", [])
-
-    neo4j_session.run(
-        ingest_statement,
-        VpcId=vpc_id,
-        CidrBlock=data,
-        update_tag=update_tag,
-    )
+    return client.describe_vpcs().get("Vpcs", [])
+
+
+def transform_vpc_data(
+    vpc_list: list[dict[str, Any]], region: str
+) -> tuple[list[dict[str, Any]], list[dict[str, Any]], list[dict[str, Any]]]:
+
+    vpc_data: list[dict[str, Any]] = []
+    ipv4_cidr_blocks: list[dict[str, Any]] = []
+    ipv6_cidr_blocks: list[dict[str, Any]] = []
+
+    for vpc in vpc_list:
+        vpc_record = {
+            "VpcId": vpc.get("VpcId"),
+            "InstanceTenancy": vpc.get("InstanceTenancy"),
+            "State": vpc.get("State"),
+            "IsDefault": vpc.get("IsDefault"),
+            "PrimaryCIDRBlock": vpc.get("CidrBlock"),
+            "DhcpOptionsId": vpc.get("DhcpOptionsId"),
+            "lastupdated": vpc.get("lastupdated"),
+        }
+        vpc_data.append(vpc_record)
+
+        ipv4_associations = vpc.get("CidrBlockAssociationSet", [])
+        for association in ipv4_associations:
+            ipv4_block = {
+                "Id": vpc["VpcId"] + "|" + association.get("CidrBlock"),
+                "VpcId": vpc["VpcId"],
+                "AssociationId": association.get("AssociationId"),
+                "CidrBlock": association.get("CidrBlock"),
+                "BlockState": association.get("CidrBlockState", {}).get("State"),
+                "BlockStateMessage": association.get("CidrBlockState", {}).get(
+                    "StatusMessage"
+                ),
+            }
+            ipv4_cidr_blocks.append(ipv4_block)
+
+        ipv6_associations = vpc.get("Ipv6CidrBlockAssociationSet", [])
+        for association in ipv6_associations:
+            ipv6_block = {
+                "Id": vpc["VpcId"] + "|" + association.get("Ipv6CidrBlock"),
+                "VpcId": vpc["VpcId"],
+                "AssociationId": association.get("AssociationId"),
+                "CidrBlock": association.get("Ipv6CidrBlock"),
+                "BlockState": association.get("Ipv6CidrBlockState", {}).get("State"),
+                "BlockStateMessage": association.get("Ipv6CidrBlockState", {}).get(
+                    "StatusMessage"
+                ),
+            }
+            ipv6_cidr_blocks.append(ipv6_block)
+
+    return vpc_data, ipv4_cidr_blocks, ipv6_cidr_blocks
 
 
 @timeit
 def load_ec2_vpcs(
     neo4j_session: neo4j.Session,
-    data: List[Dict],
+    vpcs: list[dict[str, Any]],
     region: str,
-    current_aws_account_id: str,
+    aws_account_id: str,
     update_tag: int,
 ) -> None:
+    logger.info(f"Loading {len(vpcs)} EC2 VPCs for region '{region}' into graph.")
     # https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpcs.html
     # {
     #     "Vpcs": [
@@ -126,69 +119,69 @@ def load_ec2_vpcs(
     #         }
     #     ]
     # }
+    load(
+        neo4j_session,
+        AWSVpcSchema(),
+        vpcs,
+        lastupdated=update_tag,
+        Region=region,
+        AWS_ID=aws_account_id,
+    )
 
-    ingest_vpc = """
-    MERGE (new_vpc:AWSVpc{id: $VpcId})
-    ON CREATE SET new_vpc.firstseen = timestamp(), new_vpc.vpcid =$VpcId
-    SET new_vpc.instance_tenancy = $InstanceTenancy,
-    new_vpc.state = $State,
-    new_vpc.is_default = $IsDefault,
-    new_vpc.primary_cidr_block = $PrimaryCIDRBlock,
-    new_vpc.dhcp_options_id = $DhcpOptionsId,
-    new_vpc.region = $Region,
-    new_vpc.lastupdated = $update_tag
-    WITH new_vpc
-    MATCH (awsAccount:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (awsAccount)-[r:RESOURCE]->(new_vpc)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag"""
-
-    for vpc in data:
-        vpc_id = vpc["VpcId"]  # fail if not present
-
-        neo4j_session.run(
-            ingest_vpc,
-            VpcId=vpc_id,
-            InstanceTenancy=vpc.get("InstanceTenancy", None),
-            State=vpc.get("State", None),
-            IsDefault=vpc.get("IsDefault", None),
-            PrimaryCIDRBlock=vpc.get("CidrBlock", None),
-            DhcpOptionsId=vpc.get("DhcpOptionsId", None),
-            Region=region,
-            AWS_ACCOUNT_ID=current_aws_account_id,
-            update_tag=update_tag,
-        )
 
-        load_cidr_association_set(
-            neo4j_session,
-            vpc_id=vpc_id,
-            block_type="ipv4",
-            vpc_data=vpc,
-            update_tag=update_tag,
-        )
+@timeit
+def load_ipv4_cidr_blocks(
+    neo4j_session: neo4j.Session,
+    ipv4_cidr_blocks: list[dict[str, Any]],
+    region: str,
+    aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        AWSIPv4CidrBlockSchema(),
+        ipv4_cidr_blocks,
+        lastupdated=update_tag,
+    )
 
-        load_cidr_association_set(
-            neo4j_session,
-            vpc_id=vpc_id,
-            block_type="ipv6",
-            vpc_data=vpc,
-            update_tag=update_tag,
-        )
+
+@timeit
+def load_ipv6_cidr_blocks(
+    neo4j_session: neo4j.Session,
+    ipv6_cidr_blocks: list[dict[str, Any]],
+    region: str,
+    aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        AWSIPv6CidrBlockSchema(),
+        ipv6_cidr_blocks,
+        lastupdated=update_tag,
+    )
 
 
 @timeit
-def cleanup_ec2_vpcs(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job("aws_import_vpc_cleanup.json", neo4j_session, common_job_parameters)
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    GraphJob.from_node_schema(AWSIPv6CidrBlockSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+    GraphJob.from_node_schema(AWSIPv4CidrBlockSchema(), common_job_parameters).run(
+        neo4j_session
+    )
+    GraphJob.from_node_schema(AWSVpcSchema(), common_job_parameters).run(neo4j_session)
 
 
 @timeit
 def sync_vpc(
     neo4j_session: neo4j.Session,
     boto3_session: boto3.session.Session,
-    regions: List[str],
+    regions: list[str],
     current_aws_account_id: str,
     update_tag: int,
-    common_job_parameters: Dict,
+    common_job_parameters: dict[str, Any],
 ) -> None:
     for region in regions:
         logger.info(
@@ -196,6 +189,29 @@ def sync_vpc(
             region,
             current_aws_account_id,
         )
-        data = get_ec2_vpcs(boto3_session, region)
-        load_ec2_vpcs(neo4j_session, data, region, current_aws_account_id, update_tag)
-    cleanup_ec2_vpcs(neo4j_session, common_job_parameters)
+        raw_vpc_data = get_ec2_vpcs(boto3_session, region)
+        vpc_data, ipv4_cidr_blocks, ipv6_cidr_blocks = transform_vpc_data(
+            raw_vpc_data, region
+        )
+        load_ec2_vpcs(
+            neo4j_session,
+            vpc_data,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+        load_ipv4_cidr_blocks(
+            neo4j_session,
+            ipv4_cidr_blocks,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+        load_ipv6_cidr_blocks(
+            neo4j_session,
+            ipv6_cidr_blocks,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/aws/eventbridge.py

@@ -10,6 +10,7 @@ from cartography.client.core.tx import load
 from cartography.graph.job import GraphJob
 from cartography.intel.aws.ec2.util import get_botocore_config
 from cartography.models.aws.eventbridge.rule import EventBridgeRuleSchema
+from cartography.models.aws.eventbridge.target import EventBridgeTargetSchema
 from cartography.util import aws_handle_regions
 from cartography.util import timeit
 
@@ -33,6 +34,44 @@ def get_eventbridge_rules(
     return rules
 
 
+@timeit
+@aws_handle_regions
+def get_eventbridge_targets(
+    boto3_session: boto3.Session, region: str, rules: List[Dict[str, Any]]
+) -> List[Dict[str, Any]]:
+    client = boto3_session.client(
+        "events", region_name=region, config=get_botocore_config()
+    )
+    targets = []
+    for rule in rules:
+        paginator = client.get_paginator("list_targets_by_rule")
+        for page in paginator.paginate(Rule=rule["Name"]):
+            for target in page.get("Targets", []):
+                target["RuleArn"] = rule["Arn"]
+                targets.append(target)
+    return targets
+
+
+def transform_eventbridge_targets(
+    targets: List[Dict[str, Any]],
+    region: str,
+) -> List[Dict[str, Any]]:
+    """
+    Transform EventBridge target data for ingestion into Neo4j.
+    """
+    transformed_data = []
+    for target in targets:
+        transformed_target = {
+            "Id": target["Arn"],
+            "Arn": target["Arn"],
+            "RuleArn": target["RuleArn"],
+            "RoleArn": target.get("RoleArn"),
+            "Region": region,
+        }
+        transformed_data.append(transformed_target)
+    return transformed_data
+
+
 @timeit
 def load_eventbridge_rules(
     neo4j_session: neo4j.Session,
@@ -54,6 +93,27 @@ def load_eventbridge_rules(
     )
 
 
+@timeit
+def load_eventbridge_targets(
+    neo4j_session: neo4j.Session,
+    data: List[Dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    aws_update_tag: int,
+) -> None:
+    logger.info(
+        f"Loading EventBridge {len(data)} targets for region '{region}' into graph.",
+    )
+    load(
+        neo4j_session,
+        EventBridgeTargetSchema(),
+        data,
+        lastupdated=aws_update_tag,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+    )
+
+
 @timeit
 def cleanup(
     neo4j_session: neo4j.Session,
@@ -63,6 +123,9 @@ def cleanup(
     GraphJob.from_node_schema(EventBridgeRuleSchema(), common_job_parameters).run(
         neo4j_session
     )
+    GraphJob.from_node_schema(EventBridgeTargetSchema(), common_job_parameters).run(
+        neo4j_session
+    )
 
 
 @timeit
@@ -88,4 +151,14 @@ def sync(
             update_tag,
         )
 
+        targets = get_eventbridge_targets(boto3_session, region, rules)
+        transformed_targets = transform_eventbridge_targets(targets, region)
+        load_eventbridge_targets(
+            neo4j_session,
+            transformed_targets,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+
     cleanup(neo4j_session, common_job_parameters)

cartography/intel/github/repos.py

@@ -405,9 +405,16 @@ def _create_default_branch_id(repo_url: str, default_branch_ref_id: str) -> str:
 
 def _create_git_url_from_ssh_url(ssh_url: str) -> str:
     """
-    Return a git:// URL from the given ssh_url
+    Convert SSH URL to git:// URL.
+    Example:
+        git@github.com:cartography-cncf/cartography.git
+        -> git://github.com/cartography-cncf/cartography.git
     """
-    return ssh_url.replace("/", ":").replace("git@", "git://")
+    # Remove the user part (e.g., "git@")
+    _, host_and_path = ssh_url.split("@", 1)
+    # Replace first ':' (separating host and repo) with '/'
+    host, path = host_and_path.split(":", 1)
+    return f"git://{host}/{path}"
 
 
 def _transform_repo_objects(input_repo_object: Dict, out_repo_list: List[Dict]) -> None:

cartography/models/aws/apigateway/apigatewaydeployment.py

@@ -0,0 +1,74 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    arn: PropertyRef = PropertyRef("id", extra_index=True)
+    description: PropertyRef = PropertyRef("description")
+    region: PropertyRef = PropertyRef("region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentToAWSAccountRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:APIGatewayDeployment)<-[:RESOURCE]-(:AWSAccount)
+class APIGatewayDeploymentToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: APIGatewayDeploymentToAWSAccountRelRelProperties = (
+        APIGatewayDeploymentToAWSAccountRelRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentToRestAPIRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:APIGatewayDeployment)<-[:HAS_DEPLOYMENT]-(:APIGatewayRestAPI)
+class APIGatewayDeploymentToRestAPIRel(CartographyRelSchema):
+    target_node_label: str = "APIGatewayRestAPI"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("api_id")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "HAS_DEPLOYMENT"
+    properties: APIGatewayDeploymentToRestAPIRelRelProperties = (
+        APIGatewayDeploymentToRestAPIRelRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class APIGatewayDeploymentSchema(CartographyNodeSchema):
+    label: str = "APIGatewayDeployment"
+    properties: APIGatewayDeploymentNodeProperties = (
+        APIGatewayDeploymentNodeProperties()
+    )
+    sub_resource_relationship: APIGatewayDeploymentToAWSAccountRel = (
+        APIGatewayDeploymentToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            APIGatewayDeploymentToRestAPIRel(),
+        ]
+    )

cartography/models/aws/ec2/vpc.py

@@ -0,0 +1,46 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class VPCNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("VpcId")
+    vpcid: PropertyRef = PropertyRef("VpcId", extra_index=True)
+    primary_cidr_block: PropertyRef = PropertyRef("PrimaryCIDRBlock")
+    instance_tenancy: PropertyRef = PropertyRef("InstanceTenancy")
+    state: PropertyRef = PropertyRef("State")
+    is_default: PropertyRef = PropertyRef("IsDefault")
+    dhcp_options_id: PropertyRef = PropertyRef("DhcpOptionsId")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class VPCToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class VPCToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: VPCToAWSAccountRelProperties = VPCToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSVpcSchema(CartographyNodeSchema):
+    label: str = "AWSVpc"
+    properties: VPCNodeProperties = VPCNodeProperties()
+    sub_resource_relationship: VPCToAWSAccountRel = VPCToAWSAccountRel()

cartography/models/aws/ec2/vpc_cidr.py

@@ -0,0 +1,102 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Id")
+    vpcid: PropertyRef = PropertyRef("VpcId")
+    association_id: PropertyRef = PropertyRef("AssociationId")
+    cidr_block: PropertyRef = PropertyRef("CidrBlock")
+    block_state: PropertyRef = PropertyRef("BlockState")
+    block_state_message: PropertyRef = PropertyRef("BlockStateMessage")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockToAWSVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockToAWSVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "BLOCK_ASSOCIATION"
+    properties: AWSIPv4CidrBlockToAWSVpcRelProperties = (
+        AWSIPv4CidrBlockToAWSVpcRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSIPv4CidrBlockSchema(CartographyNodeSchema):
+    """
+    There is no sub-resource relationship here because a
+    CIDR block can be associated with more than one account
+    and it doesn't make sense to scope it to one.
+    """
+
+    label: str = "AWSCidrBlock"
+    properties: AWSIPv4CidrBlockNodeProperties = AWSIPv4CidrBlockNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [AWSIPv4CidrBlockToAWSVpcRel()]
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSIpv4CidrBlock"])
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Id")
+    vpcid: PropertyRef = PropertyRef("VpcId")
+    association_id: PropertyRef = PropertyRef("AssociationId")
+    cidr_block: PropertyRef = PropertyRef("CidrBlock")
+    block_state: PropertyRef = PropertyRef("BlockState")
+    block_state_message: PropertyRef = PropertyRef("BlockStateMessage")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockToAWSVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockToAWSVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("VpcId")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "BLOCK_ASSOCIATION"
+    properties: AWSIPv6CidrBlockToAWSVpcRelProperties = (
+        AWSIPv6CidrBlockToAWSVpcRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSIPv6CidrBlockSchema(CartographyNodeSchema):
+    """
+    There is no sub-resource relationship here because a
+    CIDR block can be associated with more than one account
+    and it doesn't make sense to scope it to one.
+    """
+
+    label: str = "AWSCidrBlock"
+    properties: AWSIPv6CidrBlockNodeProperties = AWSIPv6CidrBlockNodeProperties()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [AWSIPv6CidrBlockToAWSVpcRel()]
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSIpv6CidrBlock"])

cartography/models/aws/eventbridge/target.py

@@ -0,0 +1,71 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("Id")
+    arn: PropertyRef = PropertyRef("Arn", extra_index=True)
+    rule_arn: PropertyRef = PropertyRef("RuleArn")
+    role_arn: PropertyRef = PropertyRef("RoleArn")
+    region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EventBridgeTargetToAwsAccountRelProperties = (
+        EventBridgeTargetToAwsAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToEventBridgeRuleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetToEventBridgeRuleRel(CartographyRelSchema):
+    target_node_label: str = "EventBridgeRule"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("RuleArn")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "LINKED_TO_RULE"
+    properties: EventBridgeTargetToEventBridgeRuleRelProperties = (
+        EventBridgeTargetToEventBridgeRuleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class EventBridgeTargetSchema(CartographyNodeSchema):
+    label: str = "EventBridgeTarget"
+    properties: EventBridgeTargetNodeProperties = EventBridgeTargetNodeProperties()
+    sub_resource_relationship: EventBridgeTargetToAWSAccountRel = (
+        EventBridgeTargetToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EventBridgeTargetToEventBridgeRuleRel(),
+        ]
+    )

cartography/models/tailscale/device.py

@@ -28,6 +28,7 @@ class TailscaleDeviceNodeProperties(CartographyNodeProperties):
     authorized: PropertyRef = PropertyRef("authorized")
     is_external: PropertyRef = PropertyRef("isExternal")
     node_key: PropertyRef = PropertyRef("nodeKey")
+    addresses: PropertyRef = PropertyRef("addresses")
     blocks_incoming_connections: PropertyRef = PropertyRef("blocksIncomingConnections")
     client_connectivity_endpoints: PropertyRef = PropertyRef(
         "clientConnectivity.endpoints"

{cartography-0.110.0rc2.dist-info → cartography-0.111.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cartography
-Version: 0.110.0rc2
+Version: 0.111.0rc1
 Summary: Explore assets and their relationships across your technical infrastructure.
 Maintainer: Cartography Contributors
 License: apache2

{cartography-0.110.0rc2.dist-info → cartography-0.111.0rc1.dist-info}/RECORD

@@ -1,6 +1,6 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=y5iqUrj4BmqZfjeDT-9balzpXeMARgHeIedRMRI1gr8,100
-cartography/_version.py,sha256=f8gHwx9mg-BSoFSMQZAGikuzAcOSL2iL_f7vCTkedPA,525
+cartography/_version.py,sha256=mjqbwY_wN8Z8qqEs-Mud3vkMN1NHb8-3V1jv-jutGAM,718
 cartography/cli.py,sha256=iw_Rhs4ztquxD_BaneRNOZDuwBzANq9zImBteB3shXI,47085
 cartography/config.py,sha256=CUp5Klxr8enNLFttqlo67le6Z4mXTzzEb5nYiE-pGs0,17076
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -14,7 +14,7 @@ cartography/client/aws/iam.py,sha256=dYsGikc36DEsSeR2XVOVFFUDwuU9yWj_EVkpgVYCFgM
 cartography/client/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/core/tx.py,sha256=Xx6_a5u7PE5pyREuBL_J39ORcafqieFf4KdosaEv1c4,13530
 cartography/data/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/data/indexes.cypher,sha256=R1UiBIAYqWGyZmwL0EPaaVWM2P64KKClSj0xPDF715s,22472
+cartography/data/indexes.cypher,sha256=Ci4Vp8UI5qqFTvIht7TIGORRY2p6seQAQlUaKJ8WxEI,22357
 cartography/data/permission_relationships.yaml,sha256=RuKGGc_3ZUQ7ag0MssB8k_zaonCkVM5E8I_svBWTmGc,969
 cartography/data/jobs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/analysis/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -54,7 +54,6 @@ cartography/data/jobs/cleanup/aws_import_sqs_queues_cleanup.json,sha256=Mla8y-CW
 cartography/data/jobs/cleanup/aws_import_tags_cleanup.json,sha256=mVOmhpoeHYItYQFATlTTeBhUt2GipAliRhh69zQcHok,7360
 cartography/data/jobs/cleanup/aws_import_tgw_cleanup.json,sha256=jHlKj2jcI3avvDMOCbFd89hTS0HcNVrZinJ4AYgykQs,2097
 cartography/data/jobs/cleanup/aws_import_users_cleanup.json,sha256=TY0VFJlbgd3ClmuHSzNuNAu-tDWFbAeEGWIZz-rmlGg,257
-cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json,sha256=2_2mVflLBg1i33WBEJiiQoVKP3RSD3MRPe-yfxzyKh0,948
 cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json,sha256=jpIy2W2T9A9tB5EZQeVU2p2Z0LY52NYHS8W51NQTKaA,2040
 cartography/data/jobs/cleanup/aws_ingest_ec2_auto_scaling_groups_cleanup.json,sha256=6EXQO_xH3kXkgxN_H3j45LKEN_TZucLg__g-lD3gyfI,1802
 cartography/data/jobs/cleanup/aws_ingest_load_balancers_cleanup.json,sha256=1vidNCrITt-_bxw5lsSzyqGsuyWiNhI6-bnuv5lMvRI,1729
@@ -123,7 +122,7 @@ cartography/graph/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU
 cartography/graph/cleanupbuilder.py,sha256=uMSjMOnfkfTDrgMJwflNK8HAd4oioG8NIU0JeMN7ets,16552
 cartography/graph/context.py,sha256=RGxGb8EnxowcqjR0nFF86baNhgRHeUF9wjIoFUoG8LU,1230
 cartography/graph/job.py,sha256=5h4FsOV2tHeO5O2Gv-vglI5QUNE7V6p-RNmf9Fz5gvU,9396
-cartography/graph/querybuilder.py,sha256=b_dIScQ8MZfskM3CsY8vOgZjHMV1rzbJuywML1X72mw,27206
+cartography/graph/querybuilder.py,sha256=-5Vpaf_HBgZpwGnzrgtUVuy_lnBXSYr8nvcYodbUMYQ,30337
 cartography/graph/statement.py,sha256=VtvZFMqzzZk-gDeOnBx6oDj90XYOCM1EWw4d55bm7SU,5383
 cartography/intel/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/intel/analysis.py,sha256=uWIpmrk2hezkqjfepqz1VV2BopT7VZ-alBj2YekfE_c,1546
@@ -145,7 +144,7 @@ cartography/intel/anthropic/util.py,sha256=m2OopxCC6chCwOxUXmc9nWW--nOlYyBL_Nc3K
 cartography/intel/anthropic/workspaces.py,sha256=_t2kdGIFceDziC_BqIJa9-nLWIoWJbPoFNX1JYqbQ-w,2544
 cartography/intel/aws/__init__.py,sha256=lgu0kxERg_dJGuktEDU0ImpHuNGHJharoLEpirKWPZM,12330
 cartography/intel/aws/acm.py,sha256=a_i2pYPpocjlL8itwlcrmg8KrSLfjcmrkhcrPP-Omj8,3827
-cartography/intel/aws/apigateway.py,sha256=hOYVSY70DbrEfhi9gkX7PAMtg9WiPE0Pbp2wqGes7Vs,12198
+cartography/intel/aws/apigateway.py,sha256=0aXt4IRdXYNRtTaAy-JBf-7yMoqeNHukLOwOY_mGpoQ,15101
 cartography/intel/aws/cloudtrail.py,sha256=LCqf3pQMiMY4h1Wehb_OjwXst2fMIEnNOD8HbXsK4X4,2753
 cartography/intel/aws/cloudtrail_management_events.py,sha256=z5VZH1wQvl_ROG1sB9ZPdH4uexp-BKrI-WdEkhQKbkQ,35751
 cartography/intel/aws/cloudwatch.py,sha256=bBPlx5W15nun-jhYs-UAZQpo9Qm7FcBs4gBQevTqmi4,7246
@@ -160,7 +159,7 @@ cartography/intel/aws/eks.py,sha256=bPItyEj5q0nSDltJrr0S5MIrTPV0fK3xkqF6EV8fcqA,
 cartography/intel/aws/elasticache.py,sha256=ePTi-49Lbw94L6m7id5dUk1cG6FZRizFxojxKZBk8XY,5552
 cartography/intel/aws/elasticsearch.py,sha256=8X_Rp1zejkvXho0Zz_Cr4g-w9IpompdYRc-YS595Aso,8645
 cartography/intel/aws/emr.py,sha256=EJoKjHQP7-F_A1trUNU05Sb42yNR1i0C9VIpGcCfAXw,3662
-cartography/intel/aws/eventbridge.py,sha256=XmF8Wfigbu94HOmpVR2w-fujpHjJi8HqJoBJ8wOZI0o,2285
+cartography/intel/aws/eventbridge.py,sha256=PUq0UBxKro5oiTyq8U3gLcxomh5UaeBxoO7BhIKea6k,4442
 cartography/intel/aws/glue.py,sha256=y3RQRNQutdMugSKOVnbJfA1CFfu12g8sqSuhp_AF4aI,5211
 cartography/intel/aws/guardduty.py,sha256=QpwWisz3TzbOxkRKNjByk4WWDCCMXr8jgNOgOdjQM5g,8532
 cartography/intel/aws/iam.py,sha256=bkyIzWw2OC4MHxuoCvTiZ5eEGEQhz2asiUgY_tkX2GY,34322
@@ -203,7 +202,7 @@ cartography/intel/aws/ec2/subnets.py,sha256=uzZ_YyRY2zycKXsGS05qmT6cHHi4SNbN2v1y
 cartography/intel/aws/ec2/tgw.py,sha256=FcXWgLkr4EcD9DRXJMeyWQIgIHidaq40UrZneKhvnuE,9621
 cartography/intel/aws/ec2/util.py,sha256=t6oJX9nCTejvp0D9ihxfhmCoD1aoOXQB0cuvz0pMCe0,226
 cartography/intel/aws/ec2/volumes.py,sha256=C5V9LRE41REU4siHMAaE9yAjtbpLi8yTkaqLEw1uXMg,3726
-cartography/intel/aws/ec2/vpc.py,sha256=Es6ufAOEhnUyzWIb_hoQ0WtKqv6R4OzKAGHRmdaHvbk,6075
+cartography/intel/aws/ec2/vpc.py,sha256=JXRy0G33PQmMx2UM788InHEq7UW45MdH_wasH22t_uE,6536
 cartography/intel/aws/ec2/vpc_peerings.py,sha256=_a2Bs5tf-Qfj8SYcmPlDiUWhyzZKhKbweVAG4WEsplY,6844
 cartography/intel/aws/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/intel/aws/util/arns.py,sha256=Hwg_Lnf9ZNRTI-oEXU182S9ejOTy2-ggm2RKIxV5lGc,549
@@ -256,7 +255,7 @@ cartography/intel/gcp/gke.py,sha256=2-lhTzFEh-gAQ756Sr0kZZJY5_zcFWPS7_p0EVNzuR8,
 cartography/intel/gcp/iam.py,sha256=0aSVXeSuPLE5g0Ckl8mC0vM9d2dIi-W_8tcp1xLUhoE,7694
 cartography/intel/gcp/storage.py,sha256=ARDDySshRza90Biw33z_oNxLGJqvxLYBDyuRJ270muc,9307
 cartography/intel/github/__init__.py,sha256=qDMmYd-3DAVDhkPwCTVtkwP_0x5wuhWVp9jc0ghWtx4,1679
-cartography/intel/github/repos.py,sha256=JWIAS7Tq_EJc5w6XCimcu_SCYK3VhXUMzDxNAA9zM18,42036
+cartography/intel/github/repos.py,sha256=tuxiF3M8g7XXSbWptRAUGETQsYKTdxCe2xfnZtFUdL8,42317
 cartography/intel/github/teams.py,sha256=JICUXVScYbowtbOtIe-D4bibPmSBbQnL5z8IjzqSJ3s,14657
 cartography/intel/github/users.py,sha256=meAkOpymGGdXXqZDCqv0hPIqCP4FHJvHkVug7L8jA10,9125
 cartography/intel/github/util.py,sha256=00MihS14j95xjwEdoSHlC8BYXQYJzDHCMc43DkCH55o,8098
@@ -358,14 +357,15 @@ cartography/models/anthropic/apikey.py,sha256=eDaaXBHkZtRrKCDgeBD5BYR4jVUH-5QTi7
 cartography/models/anthropic/organization.py,sha256=3Jr9dplEF57Jn50YKn_Jy7LMpDfSydudtiy3_Pismgc,669
 cartography/models/anthropic/user.py,sha256=SJWrQoL-RGiC7uBuJ72vstnCXbOj2umcgypHKT-F3AA,1995
 cartography/models/anthropic/workspace.py,sha256=I7-UkDhXr75b9KFA_WeuIhbTUikOP22RSEsuEQh8ppM,3684
-cartography/models/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/models/aws/apigateway.py,sha256=qwb-NQzw47qu3zH6SdGicrDfClYn19wZFYASaF_6GWo,2312
-cartography/models/aws/apigatewaycertificate.py,sha256=vFKip_EeOws3Ke-77xI6eyUMDJK2ZgB0XWHytIuesKA,3019
-cartography/models/aws/apigatewayresource.py,sha256=iyri4znJo1pgAAe4xBs-eoE5dHK8fEsg6-5OusdvwE0,2856
-cartography/models/aws/apigatewaystage.py,sha256=d3m82TH4ggC--0HdE3SG7n-Uwm5Gu9eZMRT23h7a2as,3179
 cartography/models/aws/emr.py,sha256=iZPzyqFrDsyRSRZqjCHlyDkO91H__6iszJq5hkNpOLU,3071
 cartography/models/aws/acm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/acm/certificate.py,sha256=GvB7xKBCoPmLsV9LnqAUg8x8sGTsDDsr7WIaqh4Sc-M,3141
+cartography/models/aws/apigateway/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cartography/models/aws/apigateway/apigateway.py,sha256=qwb-NQzw47qu3zH6SdGicrDfClYn19wZFYASaF_6GWo,2312
+cartography/models/aws/apigateway/apigatewaycertificate.py,sha256=vFKip_EeOws3Ke-77xI6eyUMDJK2ZgB0XWHytIuesKA,3019
+cartography/models/aws/apigateway/apigatewaydeployment.py,sha256=msxbdHbTb6Upp14f6JjuP6RHe2-TFgA-Ru5wVLnxyFY,2980
+cartography/models/aws/apigateway/apigatewayresource.py,sha256=iyri4znJo1pgAAe4xBs-eoE5dHK8fEsg6-5OusdvwE0,2856
+cartography/models/aws/apigateway/apigatewaystage.py,sha256=d3m82TH4ggC--0HdE3SG7n-Uwm5Gu9eZMRT23h7a2as,3179
 cartography/models/aws/cloudtrail/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/cloudtrail/management_events.py,sha256=b-p_SoZsumJggaD3CfmSHRfIfW1G_29uFwgFIJdW0lw,6634
 cartography/models/aws/cloudtrail/trail.py,sha256=dQi5txRQBnpdoHLFSl8VaWVI2Bx5tPDevGCbT7RIr0o,4452
@@ -411,6 +411,8 @@ cartography/models/aws/ec2/subnet_instance.py,sha256=6bgrWbFcCjBIjqd_6lcKv6rWyll
 cartography/models/aws/ec2/subnet_networkinterface.py,sha256=B60S1YvEopVWNlRL5W-hMby3-P06uaNcC_8oOLoRGik,3872
 cartography/models/aws/ec2/subnets.py,sha256=BtlFgf03IaD9XFesv5uzHBCm6xr71LT435m9t4MHkY8,2915
 cartography/models/aws/ec2/volumes.py,sha256=spAi4QjoYjp5G-qNuFJdW4b-oZg7by5g5FEaqJv1mZo,5242
+cartography/models/aws/ec2/vpc.py,sha256=7pJ-FzkoPKxUcdFlBSHbvGr2bQoujeACUS1BRsJD8Kc,2011
+cartography/models/aws/ec2/vpc_cidr.py,sha256=8DMZZKjIbgrUpet-ojQEM-5Nlo81EPUbrdOkYerUPv4,4072
 cartography/models/aws/ecr/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/ecr/image.py,sha256=8atk1Z13BgUOcAq3uIK-sJ9gDxwcmeCIk7x1PW9B4BE,1753
 cartography/models/aws/ecr/repository.py,sha256=goItMJ3XnLSSk8FCMvgCpWCSsleTqdNzUT_Asvw8Yhk,2908
@@ -434,6 +436,7 @@ cartography/models/aws/elasticache/cluster.py,sha256=3tx3fL3FPSp4QX3pd42sV71t6kY
 cartography/models/aws/elasticache/topic.py,sha256=Rq-Hj6xo9xouRLw2NRNU1cmmVUlOP0ieRA8fT5GlZ2w,2757
 cartography/models/aws/eventbridge/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/eventbridge/rule.py,sha256=VH7oTferIyykITCJhVPWZKVx2-7H9Dxi4fm9GwDitJw,3135
+cartography/models/aws/eventbridge/target.py,sha256=gncb5bEdZTfy2OI_Frcn1tY_a_W5HYEDOpjahsPskwE,2865
 cartography/models/aws/glue/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/glue/connection.py,sha256=wG7mDMoYnmAHXrLfi52_1wPHF6VcrLOKfDmZaJJti1Q,2213
 cartography/models/aws/glue/job.py,sha256=Y4RUgfpXKf-4z4vxGEa4eEka7oJOATGks0hy_Aezevk,2805
@@ -583,7 +586,7 @@ cartography/models/snipeit/asset.py,sha256=hFvGPH6-6kGgG1yjztkf9wrrAmxNL2p38nc08
 cartography/models/snipeit/tenant.py,sha256=E6uaY3d2W3MmfuUqF2TLpRP3T1QZkoIXRtp9BGxxSxk,695
 cartography/models/snipeit/user.py,sha256=c-XWAnPTFrFnZLzR_sQB8pKNelwrLjHu-oWQLnQFnxg,2162
 cartography/models/tailscale/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/models/tailscale/device.py,sha256=hj0wRaVsSTrz__k1sUE91_pG0VWbsB8QrNrzJe3rjjU,3989
+cartography/models/tailscale/device.py,sha256=aKk2tYUYekU9Nma1qSDoRpUa29h8Pt4sld7x5Q9KtLw,4043
 cartography/models/tailscale/group.py,sha256=hOtzt7TYq606EszefbW0KuBWraHJ71kl-ebjUT3Gn5I,3349
 cartography/models/tailscale/postureintegration.py,sha256=nwyzYoCZn9PPaChVxCL7ibyfEc7x2mYXmpuVW2q3by4,2598
 cartography/models/tailscale/tag.py,sha256=7a8SidgsBI8f_ZzoHo3NPAA83JSXgS785VxlDeU2cBs,3955
@@ -593,9 +596,9 @@ cartography/models/trivy/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZ
 cartography/models/trivy/findings.py,sha256=SgI_h1aRyR20uAHvuXIZ1T6r4IZJt6SVhxRaF2bTsm0,3085
 cartography/models/trivy/fix.py,sha256=ho9ENVl9HSXqyggyCwR6ilkOBKDxpQ7rGibo_j21NA4,2587
 cartography/models/trivy/package.py,sha256=IwO1RZZ-MFRtNbt8Cq6YFl6fdNJMFmULnJkkK8Q4rL4,2809
-cartography-0.110.0rc2.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
-cartography-0.110.0rc2.dist-info/METADATA,sha256=CAGzvE1j8UYuQSFr5q1ttaY0Tw2TWn7yh-aXA_w38eY,13008
-cartography-0.110.0rc2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cartography-0.110.0rc2.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.110.0rc2.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.110.0rc2.dist-info/RECORD,,
+cartography-0.111.0rc1.dist-info/licenses/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
+cartography-0.111.0rc1.dist-info/METADATA,sha256=fVzU8tAWysJtWlHvzRl34b9_lVSm7ZrTRrOmDYoGKm0,13008
+cartography-0.111.0rc1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cartography-0.111.0rc1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.111.0rc1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.111.0rc1.dist-info/RECORD,,

cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json

@@ -1,23 +0,0 @@
-{
-  "statements": [{
-    "query": "MATCH (n:CidrBlock)<-[:BLOCK_ASSOCIATION]-(:AWSVpc)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (:CidrBlock)<-[r:BLOCK_ASSOCIATION]-(:AWSVpc)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (n:AWSVpc)<-[:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (:AWSVpc)<-[r:RESOURCE]-(:AWSAccount{id: $AWS_ID}) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
-    "iterative": true,
-    "iterationsize": 100
-  }],
-  "name": "cleanup AWS VPC information"
-}