PyPI - cartography - Versions diffs - 0.112.0__py3-none-any.whl → 0.114.0__py3-none-any.whl - Mend

cartography 0.112.0py3-none-any.whl → 0.114.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of cartography might be problematic. Click here for more details.

Files changed (82) hide show

cartography/_version.py +2 -2
cartography/cli.py +8 -0
cartography/config.py +4 -0
cartography/data/indexes.cypher +0 -31
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/iam.py +741 -492
cartography/intel/aws/organizations.py +7 -8
cartography/intel/aws/permission_relationships.py +4 -16
cartography/intel/aws/resources.py +2 -0
cartography/intel/azure/__init__.py +16 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/entra/__init__.py +31 -0
cartography/intel/entra/app_role_assignments.py +277 -0
cartography/intel/entra/applications.py +4 -238
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/gcp/__init__.py +136 -436
cartography/intel/gcp/clients.py +65 -0
cartography/intel/gcp/compute.py +18 -44
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +108 -0
cartography/intel/gcp/crm/orgs.py +65 -0
cartography/intel/gcp/crm/projects.py +109 -0
cartography/intel/gcp/dns.py +82 -169
cartography/intel/gcp/gke.py +72 -113
cartography/intel/gcp/iam.py +66 -54
cartography/intel/gcp/storage.py +75 -159
cartography/intel/github/__init__.py +41 -0
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +73 -39
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +26 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +54 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +3 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
{cartography-0.112.0.dist-info → cartography-0.114.0.dist-info}/METADATA +7 -5
{cartography-0.112.0.dist-info → cartography-0.114.0.dist-info}/RECORD +69 -39
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/intel/gcp/crm.py +0 -355
{cartography-0.112.0.dist-info → cartography-0.114.0.dist-info}/WHEEL +0 -0
{cartography-0.112.0.dist-info → cartography-0.114.0.dist-info}/entry_points.txt +0 -0
{cartography-0.112.0.dist-info → cartography-0.114.0.dist-info}/licenses/LICENSE +0 -0
{cartography-0.112.0.dist-info → cartography-0.114.0.dist-info}/top_level.txt +0 -0

cartography/_version.py CHANGED Viewed

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
-__version__ = version = '0.112.0'
-__version_tuple__ = version_tuple = (0, 112, 0)
+__version__ = version = '0.114.0'
+__version_tuple__ = version_tuple = (0, 114, 0)
 __commit_id__ = commit_id = None

cartography/cli.py CHANGED Viewed

@@ -328,6 +328,14 @@ class CLI:
                 "Required if you are using the GitHub intel module. Ignored otherwise."
             ),
         )
+        parser.add_argument(
+            "--github-commit-lookback-days",
+            type=int,
+            default=30,
+            help=(
+                "Number of days to look back for tracking GitHub users committing to repositories. Defaults to 30 days."
+            ),
+        )
         parser.add_argument(
             "--digitalocean-token-env-var",
             type=str,

cartography/config.py CHANGED Viewed

@@ -70,6 +70,8 @@ class Config:
     :param okta_saml_role_regex: The regex used to map okta groups to AWS roles. Optional.
     :type github_config: str
     :param github_config: Base64 encoded config object for GitHub ingestion. Optional.
+    :type github_commit_lookback_days: int
+    :param github_commit_lookback_days: Number of days to look back for GitHub commit tracking. Optional.
     :type digitalocean_token: str
     :param digitalocean_token: DigitalOcean access token. Optional.
     :type permission_relationships_file: str
@@ -210,6 +212,7 @@ class Config:
         okta_api_key=None,
         okta_saml_role_regex=None,
         github_config=None,
+        github_commit_lookback_days=30,
         digitalocean_token=None,
         permission_relationships_file=None,
         jamf_base_uri=None,
@@ -301,6 +304,7 @@ class Config:
         self.okta_api_key = okta_api_key
         self.okta_saml_role_regex = okta_saml_role_regex
         self.github_config = github_config
+        self.github_commit_lookback_days = github_commit_lookback_days
         self.digitalocean_token = digitalocean_token
         self.permission_relationships_file = permission_relationships_file
         self.jamf_base_uri = jamf_base_uri

cartography/data/indexes.cypher CHANGED Viewed

@@ -21,23 +21,12 @@ CREATE INDEX IF NOT EXISTS FOR (n:AWSDNSRecord) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSDNSZone) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSDNSZone) ON (n.zoneid);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSDNSZone) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSGroup) ON (n.arn);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSGroup) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSInternetGateway) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSInternetGateway) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv4CidrBlock) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv4CidrBlock) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv6CidrBlock) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSIpv6CidrBlock) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicy) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicy) ON (n.name);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicy) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicyStatement) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPolicyStatement) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPrincipal) ON (n.arn);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSPrincipal) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSRole) ON (n.arn);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSRole) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSTag) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSTag) ON (n.key);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSTag) ON (n.lastupdated);
@@ -46,11 +35,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:AWSTransitGateway) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSTransitGateway) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSTransitGatewayAttachment) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:AWSTransitGatewayAttachment) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSUser) ON (n.arn);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSUser) ON (n.name);
-CREATE INDEX IF NOT EXISTS FOR (n:AWSUser) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:AccountAccessKey) ON (n.accesskeyid);
-CREATE INDEX IF NOT EXISTS FOR (n:AccountAccessKey) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:AutoScalingGroup) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:AutoScalingGroup) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:CVE) ON (n.id);
@@ -100,12 +84,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.name);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPDNSZone) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPDNSZone) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPRecordSet) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPRecordSet) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPFolder) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPFolder) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPForwardingRule) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPForwardingRule) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPInstance) ON (n.id);
@@ -116,23 +94,14 @@ CREATE INDEX IF NOT EXISTS FOR (n:GCPNetworkTag) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPNetworkTag) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPNicAccessConfig) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPNicAccessConfig) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPOrganization) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPOrganization) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPProject) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPProject) ON (n.projectnumber);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPProject) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPBucket) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPBucket) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPBucketLabel) ON (n.key);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPBucketLabel) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPSubnet) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GCPSubnet) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPVpc) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPVpc) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GitHubRepository) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GitHubRepository) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GKECluster) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GKECluster) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GSuiteGroup) ON (n.email);
 CREATE INDEX IF NOT EXISTS FOR (n:GSuiteGroup) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GSuiteGroup) ON (n.lastupdated);

cartography/intel/aws/apigatewayv2.py ADDED Viewed

@@ -0,0 +1,116 @@
+import logging
+from typing import Any
+import boto3
+import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.aws.apigatewayv2.apigatewayv2 import APIGatewayV2APISchema
+from cartography.util import aws_handle_regions
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+@aws_handle_regions
+def get_apigatewayv2_apis(
+    boto3_session: boto3.session.Session,
+    region: str,
+) -> list[dict[str, Any]]:
+    client = boto3_session.client("apigatewayv2", region_name=region)
+    paginator = client.get_paginator("get_apis")
+    apis: list[dict[str, Any]] = []
+    for page in paginator.paginate():
+        apis.extend(page.get("Items", []))
+    return apis
+def transform_apigatewayv2_apis(apis: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    transformed: list[dict[str, Any]] = []
+    for api in apis:
+        transformed.append(
+            {
+                "id": api.get("ApiId"),
+                "name": api.get("Name"),
+                "protocoltype": api.get("ProtocolType"),
+                "routeselectionexpression": api.get("RouteSelectionExpression"),
+                "apikeyselectionexpression": api.get("ApiKeySelectionExpression"),
+                "apiendpoint": api.get("ApiEndpoint"),
+                "version": api.get("Version"),
+                "createddate": api.get("CreatedDate"),
+                "description": api.get("Description"),
+            },
+        )
+    return transformed
+@timeit
+def load_apigatewayv2_apis(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    region: str,
+    current_aws_account_id: str,
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        APIGatewayV2APISchema(),
+        data,
+        lastupdated=update_tag,
+        AWS_ID=current_aws_account_id,
+        region=region,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]
+) -> None:
+    GraphJob.from_node_schema(
+        APIGatewayV2APISchema(),
+        common_job_parameters,
+    ).run(neo4j_session)
+@timeit
+def sync_apigatewayv2_apis(
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    region: str,
+    current_aws_account_id: str,
+    aws_update_tag: int,
+) -> None:
+    apis = get_apigatewayv2_apis(boto3_session, region)
+    transformed = transform_apigatewayv2_apis(apis)
+    load_apigatewayv2_apis(
+        neo4j_session,
+        transformed,
+        region,
+        current_aws_account_id,
+        aws_update_tag,
+    )
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: list[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    for region in regions:
+        logger.info(
+            f"Syncing AWS APIGatewayV2 APIs for region '{region}' in account '{current_aws_account_id}'.",
+        )
+        sync_apigatewayv2_apis(
+            neo4j_session,
+            boto3_session,
+            region,
+            current_aws_account_id,
+            update_tag,
+        )
+    cleanup(neo4j_session, common_job_parameters)

cartography 0.112.0__py3-none-any.whl → 0.114.0__py3-none-any.whl

Potentially problematic release.

cartography 0.112.0py3-none-any.whl → 0.114.0py3-none-any.whl