cartography 0.111.0rc1__py3-none-any.whl → 0.113.0__py3-none-any.whl

cartography/models/keycloak/organization.py

@@ -0,0 +1,116 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    alias: PropertyRef = PropertyRef("alias")
+    enabled: PropertyRef = PropertyRef("enabled")
+    description: PropertyRef = PropertyRef("description")
+    redirect_url: PropertyRef = PropertyRef("redirectUrl")
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakOrganization)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakOrganizationToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakOrganizationToRealmRelProperties = (
+        KeycloakOrganizationToRealmRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationToManagedUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakOrganization)<-[:MANAGED_MEMBER_OF]-(:KeycloakUser)
+class KeycloakOrganizationToManagedUserRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_managed_members", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "MANAGED_MEMBER_OF"
+    properties: KeycloakOrganizationToManagedUserRelProperties = (
+        KeycloakOrganizationToManagedUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationToUnmanagedUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakOrganization)<-[:UNMANAGED_MEMBER_OF]-(:KeycloakUser)
+class KeycloakOrganizationToUnmanagedUserRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_unmanaged_members", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "UNMANAGED_MEMBER_OF"
+    properties: KeycloakOrganizationToUnmanagedUserRelProperties = (
+        KeycloakOrganizationToUnmanagedUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationToIdentityProviderRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakOrganization)-[:ENFORCES]->(:KeycloakIdentityProvider)
+class KeycloakOrganizationToIdentityProviderRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakIdentityProvider"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_idp_ids", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ENFORCES"
+    properties: KeycloakOrganizationToIdentityProviderRelProperties = (
+        KeycloakOrganizationToIdentityProviderRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationSchema(CartographyNodeSchema):
+    label: str = "KeycloakOrganization"
+    properties: KeycloakOrganizationNodeProperties = (
+        KeycloakOrganizationNodeProperties()
+    )
+    sub_resource_relationship: KeycloakOrganizationToRealmRel = (
+        KeycloakOrganizationToRealmRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KeycloakOrganizationToManagedUserRel(),
+            KeycloakOrganizationToUnmanagedUserRel(),
+            KeycloakOrganizationToIdentityProviderRel(),
+        ]
+    )

cartography/models/keycloak/organizationdomain.py

@@ -0,0 +1,73 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationDomainNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name", extra_index=True)
+    verified: PropertyRef = PropertyRef("verified")
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationDomainToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakOrganizationDomain)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakOrganizationDomainToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakOrganizationDomainToRealmRelProperties = (
+        KeycloakOrganizationDomainToRealmRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationDomainToOrganizationRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakOrganizationDomain)-[:BELONGS_TO]->(:KeycloakOrganization)
+class KeycloakOrganizationDomainToOrganizationRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakOrganization"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("organization_id")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "BELONGS_TO"
+    properties: KeycloakOrganizationDomainToOrganizationRelProperties = (
+        KeycloakOrganizationDomainToOrganizationRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KeycloakOrganizationDomainSchema(CartographyNodeSchema):
+    label: str = "KeycloakOrganizationDomain"
+    properties: KeycloakOrganizationDomainNodeProperties = (
+        KeycloakOrganizationDomainNodeProperties()
+    )
+    sub_resource_relationship: KeycloakOrganizationDomainToRealmRel = (
+        KeycloakOrganizationDomainToRealmRel()
+    )
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KeycloakOrganizationDomainToOrganizationRel(),
+        ]
+    )

cartography/models/keycloak/realm.py

@@ -0,0 +1,173 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+
+
+@dataclass(frozen=True)
+class KeycloakRealmNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    # We need to index realm name as Keycloak use this slug instead of ID in all queries
+    name: PropertyRef = PropertyRef("realm", extra_index=True)
+    display_name: PropertyRef = PropertyRef("displayName")
+    enabled: PropertyRef = PropertyRef("enabled")
+    not_before: PropertyRef = PropertyRef("notBefore")
+    default_signature_algorithm: PropertyRef = PropertyRef("defaultSignatureAlgorithm")
+    revoke_refresh_token: PropertyRef = PropertyRef("revokeRefreshToken")
+    refresh_token_max_reuse: PropertyRef = PropertyRef("refreshTokenMaxReuse")
+    access_token_lifespan: PropertyRef = PropertyRef("accessTokenLifespan")
+    access_token_lifespan_for_implicit_flow: PropertyRef = PropertyRef(
+        "accessTokenLifespanForImplicitFlow"
+    )
+    sso_session_idle_timeout: PropertyRef = PropertyRef("ssoSessionIdleTimeout")
+    sso_session_max_lifespan: PropertyRef = PropertyRef("ssoSessionMaxLifespan")
+    sso_session_idle_timeout_remember_me: PropertyRef = PropertyRef(
+        "ssoSessionIdleTimeoutRememberMe"
+    )
+    sso_session_max_lifespan_remember_me: PropertyRef = PropertyRef(
+        "ssoSessionMaxLifespanRememberMe"
+    )
+    offline_session_idle_timeout: PropertyRef = PropertyRef("offlineSessionIdleTimeout")
+    offline_session_max_lifespan_enabled: PropertyRef = PropertyRef(
+        "offlineSessionMaxLifespanEnabled"
+    )
+    offline_session_max_lifespan: PropertyRef = PropertyRef("offlineSessionMaxLifespan")
+    client_session_idle_timeout: PropertyRef = PropertyRef("clientSessionIdleTimeout")
+    client_session_max_lifespan: PropertyRef = PropertyRef("clientSessionMaxLifespan")
+    client_offline_session_idle_timeout: PropertyRef = PropertyRef(
+        "clientOfflineSessionIdleTimeout"
+    )
+    client_offline_session_max_lifespan: PropertyRef = PropertyRef(
+        "clientOfflineSessionMaxLifespan"
+    )
+    access_code_lifespan: PropertyRef = PropertyRef("accessCodeLifespan")
+    access_code_lifespan_user_action: PropertyRef = PropertyRef(
+        "accessCodeLifespanUserAction"
+    )
+    access_code_lifespan_login: PropertyRef = PropertyRef("accessCodeLifespanLogin")
+    action_token_generated_by_admin_lifespan: PropertyRef = PropertyRef(
+        "actionTokenGeneratedByAdminLifespan"
+    )
+    action_token_generated_by_user_lifespan: PropertyRef = PropertyRef(
+        "actionTokenGeneratedByUserLifespan"
+    )
+    oauth2_device_code_lifespan: PropertyRef = PropertyRef("oauth2DeviceCodeLifespan")
+    oauth2_device_polling_interval: PropertyRef = PropertyRef(
+        "oauth2DevicePollingInterval"
+    )
+    ssl_required: PropertyRef = PropertyRef("sslRequired")
+    password_credential_grant_allowed: PropertyRef = PropertyRef(
+        "passwordCredentialGrantAllowed"
+    )
+    registration_allowed: PropertyRef = PropertyRef("registrationAllowed")
+    registration_email_as_username: PropertyRef = PropertyRef(
+        "registrationEmailAsUsername"
+    )
+    remember_me: PropertyRef = PropertyRef("rememberMe")
+    verify_email: PropertyRef = PropertyRef("verifyEmail")
+    login_with_email_allowed: PropertyRef = PropertyRef("loginWithEmailAllowed")
+    duplicate_emails_allowed: PropertyRef = PropertyRef("duplicateEmailsAllowed")
+    reset_password_allowed: PropertyRef = PropertyRef("resetPasswordAllowed")
+    edit_username_allowed: PropertyRef = PropertyRef("editUsernameAllowed")
+    user_cache_enabled: PropertyRef = PropertyRef("userCacheEnabled")
+    realm_cache_enabled: PropertyRef = PropertyRef("realmCacheEnabled")
+    brute_force_protected: PropertyRef = PropertyRef("bruteForceProtected")
+    permanent_lockout: PropertyRef = PropertyRef("permanentLockout")
+    max_temporary_lockouts: PropertyRef = PropertyRef("maxTemporaryLockouts")
+    max_failure_wait_seconds: PropertyRef = PropertyRef("maxFailureWaitSeconds")
+    minimum_quick_login_wait_seconds: PropertyRef = PropertyRef(
+        "minimumQuickLoginWaitSeconds"
+    )
+    wait_increment_seconds: PropertyRef = PropertyRef("waitIncrementSeconds")
+    quick_login_check_milli_seconds: PropertyRef = PropertyRef(
+        "quickLoginCheckMilliSeconds"
+    )
+    max_delta_time_seconds: PropertyRef = PropertyRef("maxDeltaTimeSeconds")
+    failure_factor: PropertyRef = PropertyRef("failureFactor")
+    events_enabled: PropertyRef = PropertyRef("eventsEnabled")
+    events_expiration: PropertyRef = PropertyRef("eventsExpiration")
+    admin_events_enabled: PropertyRef = PropertyRef("adminEventsEnabled")
+    admin_events_details_enabled: PropertyRef = PropertyRef("adminEventsDetailsEnabled")
+    internationalization_enabled: PropertyRef = PropertyRef(
+        "internationalizationEnabled"
+    )
+    default_locale: PropertyRef = PropertyRef("defaultLocale")
+    password_policy: PropertyRef = PropertyRef("passwordPolicy")
+    otp_policy_type: PropertyRef = PropertyRef("otpPolicyType")
+    otp_policy_algorithm: PropertyRef = PropertyRef("otpPolicyAlgorithm")
+    otp_policy_initial_counter: PropertyRef = PropertyRef("otpPolicyInitialCounter")
+    otp_policy_digits: PropertyRef = PropertyRef("otpPolicyDigits")
+    otp_policy_look_ahead_window: PropertyRef = PropertyRef("otpPolicyLookAheadWindow")
+    otp_policy_period: PropertyRef = PropertyRef("otpPolicyPeriod")
+    otp_policy_code_reusable: PropertyRef = PropertyRef("otpPolicyCodeReusable")
+    web_authn_policy_rp_entity_name: PropertyRef = PropertyRef(
+        "webAuthnPolicyRpEntityName"
+    )
+    web_authn_policy_rp_id: PropertyRef = PropertyRef("webAuthnPolicyRpId")
+    web_authn_policy_attestation_conveyance_preference: PropertyRef = PropertyRef(
+        "webAuthnPolicyAttestationConveyancePreference"
+    )
+    web_authn_policy_authenticator_attachment: PropertyRef = PropertyRef(
+        "webAuthnPolicyAuthenticatorAttachment"
+    )
+    web_authn_policy_require_resident_key: PropertyRef = PropertyRef(
+        "webAuthnPolicyRequireResidentKey"
+    )
+    web_authn_policy_user_verification_requirement: PropertyRef = PropertyRef(
+        "webAuthnPolicyUserVerificationRequirement"
+    )
+    web_authn_policy_create_timeout: PropertyRef = PropertyRef(
+        "webAuthnPolicyCreateTimeout"
+    )
+    web_authn_policy_avoid_same_authenticator_register: PropertyRef = PropertyRef(
+        "webAuthnPolicyAvoidSameAuthenticatorRegister"
+    )
+    web_authn_policy_passwordless_rp_entity_name: PropertyRef = PropertyRef(
+        "webAuthnPolicyPasswordlessRpEntityName"
+    )
+    web_authn_policy_passwordless_rp_id: PropertyRef = PropertyRef(
+        "webAuthnPolicyPasswordlessRpId"
+    )
+    web_authn_policy_passwordless_attestation_conveyance_preference: PropertyRef = (
+        PropertyRef("webAuthnPolicyPasswordlessAttestationConveyancePreference")
+    )
+    web_authn_policy_passwordless_authenticator_attachment: PropertyRef = PropertyRef(
+        "webAuthnPolicyPasswordlessAuthenticatorAttachment"
+    )
+    web_authn_policy_passwordless_require_resident_key: PropertyRef = PropertyRef(
+        "webAuthnPolicyPasswordlessRequireResidentKey"
+    )
+    web_authn_policy_passwordless_user_verification_requirement: PropertyRef = (
+        PropertyRef("webAuthnPolicyPasswordlessUserVerificationRequirement")
+    )
+    web_authn_policy_passwordless_create_timeout: PropertyRef = PropertyRef(
+        "webAuthnPolicyPasswordlessCreateTimeout"
+    )
+    web_authn_policy_passwordless_avoid_same_authenticator_register: PropertyRef = (
+        PropertyRef("webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister")
+    )
+    keycloak_version: PropertyRef = PropertyRef("keycloakVersion")
+    user_managed_access_allowed: PropertyRef = PropertyRef("userManagedAccessAllowed")
+    organizations_enabled: PropertyRef = PropertyRef("organizationsEnabled")
+    verifiable_credentials_enabled: PropertyRef = PropertyRef(
+        "verifiableCredentialsEnabled"
+    )
+    admin_permissions_enabled: PropertyRef = PropertyRef("adminPermissionsEnabled")
+    social: PropertyRef = PropertyRef("social")
+    update_profile_on_initial_social_login: PropertyRef = PropertyRef(
+        "updateProfileOnInitialSocialLogin"
+    )
+    o_auth2_device_code_lifespan: PropertyRef = PropertyRef("oAuth2DeviceCodeLifespan")
+    o_auth2_device_polling_interval: PropertyRef = PropertyRef(
+        "oAuth2DevicePollingInterval"
+    )
+    bruteForceStrategy: PropertyRef = PropertyRef("bruteForceStrategy")
+    default_role_id: PropertyRef = PropertyRef("defaultRole.id")
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakRealmSchema(CartographyNodeSchema):
+    label: str = "KeycloakRealm"
+    properties: KeycloakRealmNodeProperties = KeycloakRealmNodeProperties()

cartography/models/keycloak/role.py

@@ -0,0 +1,126 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakRoleNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name", extra_index=True)
+    description: PropertyRef = PropertyRef("description")
+    scope_param_required: PropertyRef = PropertyRef("scopeParamRequired")
+    composite: PropertyRef = PropertyRef("composite")
+    client_role: PropertyRef = PropertyRef("clientRole")
+    container_id: PropertyRef = PropertyRef("containerId")
+    # We need to store the realm name because role are often referenced by name
+    # and not by id, so we need to be able to find the role by name (that is not unique across realms)
+    realm: PropertyRef = PropertyRef("REALM", set_in_kwargs=True, extra_index=True)
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakRoleToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakRole)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakRoleToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakRoleToRealmRelProperties = KeycloakRoleToRealmRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakRoleToClientRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakRole)<-[:DEFINES]->(:KeycloakClient)
+class KeycloakRoleToClientRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakClient"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("containerId")},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "DEFINES"
+    properties: KeycloakRoleToClientRelProperties = KeycloakRoleToClientRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakRoleToRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakRole)-[:INCLUDES]->(:KeycloakRole)
+class KeycloakRoleToRoleRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_composite_roles", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "INCLUDES"
+    properties: KeycloakRoleToRoleRelProperties = KeycloakRoleToRoleRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakRoleToScopeRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakRole)-[:GRANTS]->(:KeycloakScope)
+class KeycloakRoleToScopeRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakScope"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_scope_ids", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "GRANTS"
+    properties: KeycloakRoleToScopeRelProperties = KeycloakRoleToScopeRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakRoleToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakRole)<-[:ASSUME_ROLE]-(:KeycloakUser)
+class KeycloakRoleToUserRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_direct_members", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "ASSUME_ROLE"
+    properties: KeycloakRoleToUserRelProperties = KeycloakRoleToUserRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakRoleSchema(CartographyNodeSchema):
+    label: str = "KeycloakRole"
+    properties: KeycloakRoleNodeProperties = KeycloakRoleNodeProperties()
+    sub_resource_relationship: KeycloakRoleToRealmRel = KeycloakRoleToRealmRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            KeycloakRoleToClientRel(),
+            KeycloakRoleToRoleRel(),
+            KeycloakRoleToScopeRel(),
+            KeycloakRoleToUserRel(),
+        ],
+    )

cartography/models/keycloak/scope.py

@@ -0,0 +1,73 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakScopeNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name", extra_index=True)
+    description: PropertyRef = PropertyRef("description")
+    protocol: PropertyRef = PropertyRef("protocol")
+    include_in_token_scope: PropertyRef = PropertyRef(
+        "attributes.include.in.token.scope",
+    )
+    display_on_consent_screen: PropertyRef = PropertyRef(
+        "attributes.display.on.consent.screen",
+    )
+    # We need to store the realm name because scope are often referenced by name
+    # and not by id, so we need to be able to find the scope by name (that is not unique across realms)
+    realm: PropertyRef = PropertyRef("REALM", set_in_kwargs=True, extra_index=True)
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakScopeToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakScope)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakScopeToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakScopeToRealmRelProperties = KeycloakScopeToRealmRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakScopeToRoleRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakScope)<-[:GRANTS]-(:KeycloakRole)
+class KeycloakScopeToRoleRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("_role_ids", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "GRANTS"
+    properties: KeycloakScopeToRoleRelProperties = KeycloakScopeToRoleRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakScopeSchema(CartographyNodeSchema):
+    label: str = "KeycloakScope"
+    properties: KeycloakScopeNodeProperties = KeycloakScopeNodeProperties()
+    sub_resource_relationship: KeycloakScopeToRealmRel = KeycloakScopeToRealmRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [KeycloakScopeToRoleRel()],
+    )

cartography/models/keycloak/user.py

@@ -0,0 +1,51 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class KeycloakUserNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    username: PropertyRef = PropertyRef("username")
+    first_name: PropertyRef = PropertyRef("firstName")
+    last_name: PropertyRef = PropertyRef("lastName")
+    email: PropertyRef = PropertyRef("email")
+    email_verified: PropertyRef = PropertyRef("emailVerified")
+    origin: PropertyRef = PropertyRef("origin")
+    created_timestamp: PropertyRef = PropertyRef("createdTimestamp")
+    enabled: PropertyRef = PropertyRef("enabled")
+    totp: PropertyRef = PropertyRef("totp")
+    service_account_client_id: PropertyRef = PropertyRef("serviceAccountClientId")
+    not_before: PropertyRef = PropertyRef("notBefore")
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KeycloakUserToRealmRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("LASTUPDATED", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+# (:KeycloakUser)<-[:RESOURCE]-(:KeycloakRealm)
+class KeycloakUserToRealmRel(CartographyRelSchema):
+    target_node_label: str = "KeycloakRealm"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"name": PropertyRef("REALM", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: KeycloakUserToRealmRelProperties = KeycloakUserToRealmRelProperties()
+
+
+@dataclass(frozen=True)
+class KeycloakUserSchema(CartographyNodeSchema):
+    label: str = "KeycloakUser"
+    properties: KeycloakUserNodeProperties = KeycloakUserNodeProperties()
+    sub_resource_relationship: KeycloakUserToRealmRel = KeycloakUserToRealmRel()

cartography/models/kubernetes/clusterrolebindings.py

@@ -21,6 +21,8 @@ class KubernetesClusterRoleBindingNodeProperties(CartographyNodeProperties):
     role_name: PropertyRef = PropertyRef("role_name")
     role_kind: PropertyRef = PropertyRef("role_kind")
     service_account_ids: PropertyRef = PropertyRef("service_account_ids")
+    user_ids: PropertyRef = PropertyRef("user_ids")
+    group_ids: PropertyRef = PropertyRef("group_ids")
     role_id: PropertyRef = PropertyRef("role_id")
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 
@@ -81,6 +83,42 @@ class KubernetesClusterRoleBindingToClusterRoleRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToUserRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToUserRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesUser"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("user_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SUBJECT"
+    properties: KubernetesClusterRoleBindingToUserRelProperties = (
+        KubernetesClusterRoleBindingToUserRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class KubernetesClusterRoleBindingToGroupRel(CartographyRelSchema):
+    target_node_label: str = "KubernetesGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("group_ids", one_to_many=True)}
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SUBJECT"
+    properties: KubernetesClusterRoleBindingToGroupRelProperties = (
+        KubernetesClusterRoleBindingToGroupRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class KubernetesClusterRoleBindingSchema(CartographyNodeSchema):
     label: str = "KubernetesClusterRoleBinding"
@@ -93,6 +131,8 @@ class KubernetesClusterRoleBindingSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             KubernetesClusterRoleBindingToServiceAccountRel(),
+            KubernetesClusterRoleBindingToUserRel(),
+            KubernetesClusterRoleBindingToGroupRel(),
             KubernetesClusterRoleBindingToClusterRoleRel(),
         ]
     )