cartography 0.111.0__py3-none-any.whl → 0.112.0__py3-none-any.whl

cartography/models/aws/apigateway/apigatewaymethod.py

@@ -0,0 +1,74 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class APIGatewayMethodNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    httpmethod: PropertyRef = PropertyRef("httpMethod")
+    resource_id: PropertyRef = PropertyRef("resourceId")
+    api_id: PropertyRef = PropertyRef("apiId")
+    authorization_type: PropertyRef = PropertyRef("authorizationType")
+    authorizer_id: PropertyRef = PropertyRef("authorizerId")
+    request_validator_id: PropertyRef = PropertyRef("requestValidatorId")
+    operation_name: PropertyRef = PropertyRef("operationName")
+    api_key_required: PropertyRef = PropertyRef("apiKeyRequired")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class APIGatewayMethodToAPIGatewayResourceRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class APIGatewayMethodToAPIGatewayResourceRel(CartographyRelSchema):
+    target_node_label: str = "APIGatewayResource"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("resourceId")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "HAS_METHOD"
+    properties: APIGatewayMethodToAPIGatewayResourceRelRelProperties = (
+        APIGatewayMethodToAPIGatewayResourceRelRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class APIGatewayMethodToAWSAccountRelRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:APIGatewayMethod)<-[:RESOURCE]-(:AWSAccount)
+class APIGatewayMethodToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: APIGatewayMethodToAWSAccountRelRelProperties = (
+        APIGatewayMethodToAWSAccountRelRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class APIGatewayMethodSchema(CartographyNodeSchema):
+    label: str = "APIGatewayMethod"
+    properties: APIGatewayMethodNodeProperties = APIGatewayMethodNodeProperties()
+    sub_resource_relationship: APIGatewayMethodToAWSAccountRel = (
+        APIGatewayMethodToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [APIGatewayMethodToAPIGatewayResourceRel()],
+    )

cartography/models/aws/ec2/vpc_peering.py

@@ -0,0 +1,157 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class VPCPeeringNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("VpcPeeringConnectionId")
+    allow_dns_resolution_from_remote_vpc: PropertyRef = PropertyRef(
+        "AllowDnsResolutionFromRemoteVpc",
+    )
+    allow_egress_from_local_classic_link_to_remote_vpc: PropertyRef = PropertyRef(
+        "AllowEgressFromLocalClassicLinkToRemoteVpc",
+    )
+    allow_egress_from_local_vpc_to_remote_classic_link: PropertyRef = PropertyRef(
+        "AllowEgressFromLocalVpcToRemoteClassicLink",
+    )
+    requester_region: PropertyRef = PropertyRef("RequesterRegion")
+    accepter_region: PropertyRef = PropertyRef("AccepterRegion")
+    status_code: PropertyRef = PropertyRef("StatusCode")
+    status_message: PropertyRef = PropertyRef("StatusMessage")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PeeringToAccepterVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PeeringToAccepterVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AccepterVpcId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ACCEPTER_VPC"
+    properties: PeeringToAccepterVpcRelProperties = PeeringToAccepterVpcRelProperties()
+
+
+@dataclass(frozen=True)
+class PeeringToRequesterVpcRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PeeringToRequesterVpcRel(CartographyRelSchema):
+    target_node_label: str = "AWSVpc"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("RequesterVpcId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "REQUESTER_VPC"
+    properties: PeeringToRequesterVpcRelProperties = (
+        PeeringToRequesterVpcRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class PeeringToAccepterCidrRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PeeringToAccepterCidrRel(CartographyRelSchema):
+    target_node_label: str = "AWSCidrBlock"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("ACCEPTER_CIDR_BLOCK_IDS", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ACCEPTER_CIDR"
+    properties: PeeringToAccepterCidrRelProperties = (
+        PeeringToAccepterCidrRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class PeeringToRequesterCidrRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PeeringToRequesterCidrRel(CartographyRelSchema):
+    target_node_label: str = "AWSCidrBlock"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("REQUESTER_CIDR_BLOCK_IDS", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "REQUESTER_CIDR"
+    properties: PeeringToRequesterCidrRelProperties = (
+        PeeringToRequesterCidrRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class PeeringConnectionToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class PeeringConnectionToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: PeeringConnectionToAWSAccountRelProperties = (
+        PeeringConnectionToAWSAccountRelProperties()
+    )
+
+
+# Composite Node Pattern: AWSAccount as known by VPC Peering
+@dataclass(frozen=True)
+class AWSAccountVPCPeeringNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSAccountVPCPeeringSchema(CartographyNodeSchema):
+    """
+    Composite schema to represent AWS Accounts as known by VPC Peering.
+    Targets the same 'AWSAccount' label as the primary AWS account schema,
+    allowing MERGE operations to combine properties from both sources.
+    """
+
+    label: str = "AWSAccount"  # Same label as primary AWSAccount schema
+    properties: AWSAccountVPCPeeringNodeProperties = (
+        AWSAccountVPCPeeringNodeProperties()
+    )
+    # No sub_resource_relationship - accounts are top-level entities
+
+
+@dataclass(frozen=True)
+class AWSPeeringConnectionSchema(CartographyNodeSchema):
+    label: str = "AWSPeeringConnection"
+    properties: VPCPeeringNodeProperties = VPCPeeringNodeProperties()
+    sub_resource_relationship: PeeringConnectionToAWSAccountRel = (
+        PeeringConnectionToAWSAccountRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            PeeringToAccepterVpcRel(),
+            PeeringToRequesterVpcRel(),
+            PeeringToAccepterCidrRel(),
+            PeeringToRequesterCidrRel(),
+        ],
+    )

cartography/models/azure/principal.py

@@ -0,0 +1,44 @@
+import logging
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass(frozen=True)
+class AzurePrincipalProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AzurePrincipalToTenantRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AzurePrincipalToTenantRel(CartographyRelSchema):
+    target_node_label: str = "AzureTenant"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("TENANT_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AzurePrincipalToTenantRelProperties = (
+        AzurePrincipalToTenantRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AzurePrincipalSchema(CartographyNodeSchema):
+    label: str = "AzurePrincipal"
+    properties: AzurePrincipalProperties = AzurePrincipalProperties()
+    sub_resource_relationship: AzurePrincipalToTenantRel = AzurePrincipalToTenantRel()

cartography/models/azure/tenant.py

@@ -0,0 +1,20 @@
+import logging
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass(frozen=True)
+class AzureTenantProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AzureTenantSchema(CartographyNodeSchema):
+    label: str = "AzureTenant"
+    properties: AzureTenantProperties = AzureTenantProperties()

cartography/models/kubernetes/clusterrolebindings.py

@@ -21,6 +21,8 @@ class KubernetesClusterRoleBindingNodeProperties(CartographyNodeProperties):
     role_name: PropertyRef = PropertyRef("role_name")
     role_kind: PropertyRef = PropertyRef("role_kind")
     service_account_ids: PropertyRef = PropertyRef("service_account_ids")
+    user_ids: PropertyRef = PropertyRef("user_ids")
+    group_ids: PropertyRef = PropertyRef("group_ids")
     role_id: PropertyRef = PropertyRef("role_id")
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
@@ -81,6 +83,42 @@ class KubernetesClusterRoleBindingToClusterRoleRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToUserRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("user_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SUBJECT"
+    properties: KubernetesClusterRoleBindingToUserRelProperties = (
+        KubernetesClusterRoleBindingToUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToGroupRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("group_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SUBJECT"
+    properties: KubernetesClusterRoleBindingToGroupRelProperties = (
+        KubernetesClusterRoleBindingToGroupRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class KubernetesClusterRoleBindingSchema(CartographyNodeSchema):
     label: str = "KubernetesClusterRoleBinding"
@@ -93,6 +131,8 @@ class KubernetesClusterRoleBindingSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             KubernetesClusterRoleBindingToServiceAccountRel(),
+            KubernetesClusterRoleBindingToUserRel(),
+            KubernetesClusterRoleBindingToGroupRel(),
             KubernetesClusterRoleBindingToClusterRoleRel(),
         ]
     )

cartography/models/kubernetes/groups.py

@@ -0,0 +1,107 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KubernetesGroupNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    cluster_name: PropertyRef = PropertyRef("cluster_name")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToClusterRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToClusterRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesCluster"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("CLUSTER_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KubernetesGroupToClusterRelProperties = (
+        KubernetesGroupToClusterRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToOktaGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToAWSRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToAWSUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToOktaGroupRel(CartographyRelSchema):
+    target_node_label: str = "OktaGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("name")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MAPS_TO"
+    properties: KubernetesGroupToOktaGroupRelProperties = (
+        KubernetesGroupToOktaGroupRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToAWSRoleRel(CartographyRelSchema):
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("aws_role_arn")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MAPS_TO"
+    properties: KubernetesGroupToAWSRoleRelProperties = (
+        KubernetesGroupToAWSRoleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesGroupToAWSUserRel(CartographyRelSchema):
+    target_node_label: str = "AWSUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("aws_user_arn")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MAPS_TO"
+    properties: KubernetesGroupToAWSUserRelProperties = (
+        KubernetesGroupToAWSUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesGroupSchema(CartographyNodeSchema):
+    label: str = "KubernetesGroup"
+    properties: KubernetesGroupNodeProperties = KubernetesGroupNodeProperties()
+    sub_resource_relationship: KubernetesGroupToClusterRel = (
+        KubernetesGroupToClusterRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KubernetesGroupToOktaGroupRel(),
+            KubernetesGroupToAWSRoleRel(),
+            KubernetesGroupToAWSUserRel(),
+        ]
+    )

cartography/models/kubernetes/oidc.py

@@ -0,0 +1,51 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KubernetesOIDCProviderNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    issuer_url: PropertyRef = PropertyRef("issuer_url")
+    cluster_name: PropertyRef = PropertyRef("cluster_name")
+    k8s_platform: PropertyRef = PropertyRef("k8s_platform")
+    client_id: PropertyRef = PropertyRef("client_id")
+    status: PropertyRef = PropertyRef("status")
+    name: PropertyRef = PropertyRef("name")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesOIDCProviderToClusterRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesOIDCProviderToClusterRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesCluster"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("CLUSTER_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "TRUSTS"
+    properties: KubernetesOIDCProviderToClusterRelProperties = (
+        KubernetesOIDCProviderToClusterRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesOIDCProviderSchema(CartographyNodeSchema):
+    label: str = "KubernetesOIDCProvider"
+    properties: KubernetesOIDCProviderNodeProperties = (
+        KubernetesOIDCProviderNodeProperties()
+    )
+    sub_resource_relationship: KubernetesOIDCProviderToClusterRel = (
+        KubernetesOIDCProviderToClusterRel()
+    )

cartography/models/kubernetes/rolebindings.py

@@ -22,6 +22,8 @@ class KubernetesRoleBindingNodeProperties(CartographyNodeProperties):
     role_name: PropertyRef = PropertyRef("role_name")
     role_kind: PropertyRef = PropertyRef("role_kind")
     service_account_ids: PropertyRef = PropertyRef("service_account_ids")
+    user_ids: PropertyRef = PropertyRef("user_ids")
+    group_ids: PropertyRef = PropertyRef("group_ids")
     role_id: PropertyRef = PropertyRef("role_id")
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
@@ -83,6 +85,42 @@ class KubernetesRoleBindingToServiceAccountRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class KubernetesRoleBindingToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesRoleBindingToUserRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("user_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SUBJECT"
+    properties: KubernetesRoleBindingToUserRelProperties = (
+        KubernetesRoleBindingToUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesRoleBindingToGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesRoleBindingToGroupRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("group_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SUBJECT"
+    properties: KubernetesRoleBindingToGroupRelProperties = (
+        KubernetesRoleBindingToGroupRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class KubernetesRoleBindingToRoleRelProperties(CartographyRelProperties):
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
@@ -114,6 +152,8 @@ class KubernetesRoleBindingSchema(CartographyNodeSchema):
         [
             KubernetesRoleBindingToNamespaceRel(),
             KubernetesRoleBindingToServiceAccountRel(),
+            KubernetesRoleBindingToUserRel(),
+            KubernetesRoleBindingToGroupRel(),
             KubernetesRoleBindingToRoleRel(),
         ]
     )

cartography/models/kubernetes/users.py

@@ -0,0 +1,105 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KubernetesUserNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    cluster_name: PropertyRef = PropertyRef("cluster_name")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesUserToClusterRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesUserToClusterRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesCluster"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("CLUSTER_ID", set_in_kwargs=True)}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KubernetesUserToClusterRelProperties = (
+        KubernetesUserToClusterRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesUserToOktaUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesUserToAWSRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesUserToAWSUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesUserToOktaUserRel(CartographyRelSchema):
+    target_node_label: str = "OktaUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"email": PropertyRef("name")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MAPS_TO"
+    properties: KubernetesUserToOktaUserRelProperties = (
+        KubernetesUserToOktaUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesUserToAWSRoleRel(CartographyRelSchema):
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("aws_role_arn")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MAPS_TO"
+    properties: KubernetesUserToAWSRoleRelProperties = (
+        KubernetesUserToAWSRoleRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesUserToAWSUserRel(CartographyRelSchema):
+    target_node_label: str = "AWSUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("aws_user_arn")}
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MAPS_TO"
+    properties: KubernetesUserToAWSUserRelProperties = (
+        KubernetesUserToAWSUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesUserSchema(CartographyNodeSchema):
+    label: str = "KubernetesUser"
+    properties: KubernetesUserNodeProperties = KubernetesUserNodeProperties()
+    sub_resource_relationship: KubernetesUserToClusterRel = KubernetesUserToClusterRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KubernetesUserToOktaUserRel(),
+            KubernetesUserToAWSRoleRel(),
+            KubernetesUserToAWSUserRel(),
+        ]
+    )