cartography 0.113.0__py3-none-any.whl → 0.115.0__py3-none-any.whl

cartography/models/aws/iam/policy_statement.py

@@ -0,0 +1,57 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSPolicyStatementNodeProperties(CartographyNodeProperties):
+    # Required unique identifier
+    id: PropertyRef = PropertyRef("id")
+
+    # Automatic fields (set by cartography)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+    # Business fields from AWS IAM policy statements
+    effect: PropertyRef = PropertyRef("Effect")
+    action: PropertyRef = PropertyRef("Action")
+    notaction: PropertyRef = PropertyRef("NotAction")
+    resource: PropertyRef = PropertyRef("Resource")
+    notresource: PropertyRef = PropertyRef("NotResource")
+    condition: PropertyRef = PropertyRef("Condition")
+    sid: PropertyRef = PropertyRef("Sid")
+
+
+@dataclass(frozen=True)
+class AWSPolicyStatementToAWSPolicyRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSPolicyStatementToAWSPolicyRel(CartographyRelSchema):
+    target_node_label: str = "AWSPolicy"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("POLICY_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "STATEMENT"
+    properties: AWSPolicyStatementToAWSPolicyRelProperties = (
+        AWSPolicyStatementToAWSPolicyRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSPolicyStatementSchema(CartographyNodeSchema):
+    label: str = "AWSPolicyStatement"
+    properties: AWSPolicyStatementNodeProperties = AWSPolicyStatementNodeProperties()
+    sub_resource_relationship: AWSPolicyStatementToAWSPolicyRel = (
+        AWSPolicyStatementToAWSPolicyRel()
+    )

cartography/models/aws/iam/role.py

@@ -0,0 +1,83 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSRoleNodeProperties(CartographyNodeProperties):
+    # Required unique identifier
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+
+    # Automatic fields (set by cartography)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+    # Business fields from AWS IAM roles
+    roleid: PropertyRef = PropertyRef("roleid")
+    name: PropertyRef = PropertyRef("name")
+    path: PropertyRef = PropertyRef("path")
+    createdate: PropertyRef = PropertyRef("createdate")
+
+
+@dataclass(frozen=True)
+class AWSRoleToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSRoleToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("AWS_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSRoleToAWSAccountRelProperties = AWSRoleToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSRoleToAWSPrincipalTrustRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSRoleToAWSPrincipalTrustRel(CartographyRelSchema):
+    """
+    Trust relationship with principals of type "AWS".
+    """
+
+    target_node_label: str = "AWSPrincipal"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "arn": PropertyRef("trusted_aws_principals", one_to_many=True),
+        },
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "TRUSTS_AWS_PRINCIPAL"
+    properties: AWSRoleToAWSPrincipalTrustRelProperties = (
+        AWSRoleToAWSPrincipalTrustRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSRoleSchema(CartographyNodeSchema):
+    label: str = "AWSRole"
+    properties: AWSRoleNodeProperties = AWSRoleNodeProperties()
+    sub_resource_relationship: AWSRoleToAWSAccountRel = AWSRoleToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            AWSRoleToAWSPrincipalTrustRel(),
+        ]
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSPrincipal"])

cartography/models/aws/iam/root_principal.py

@@ -0,0 +1,52 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("AWS_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSRootPrincipalToAWSAccountRelProperties = (
+        AWSRootPrincipalToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSRootPrincipalSchema(CartographyNodeSchema):
+    """
+    Represents the AWS root principal for an AWS account
+    """
+
+    label: str = "AWSRootPrincipal"
+    properties: AWSRootPrincipalNodeProperties = AWSRootPrincipalNodeProperties()
+    sub_resource_relationship: AWSRootPrincipalToAWSAccountRel = (
+        AWSRootPrincipalToAWSAccountRel()
+    )
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSPrincipal"])

cartography/models/aws/iam/service_principal.py

@@ -0,0 +1,30 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+
+
+@dataclass(frozen=True)
+class AWSServicePrincipalNodeProperties(CartographyNodeProperties):
+    # Required unique identifier
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+
+    # Automatic fields (set by cartography)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+    # Business fields from AWS IAM service principals
+    type: PropertyRef = PropertyRef("type")
+
+
+@dataclass(frozen=True)
+class AWSServicePrincipalSchema(CartographyNodeSchema):
+    """
+    Represents a global AWS service principal e.g. "ec2.amazonaws.com"
+    """
+
+    label: str = "AWSServicePrincipal"
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSPrincipal"])
+    properties: AWSServicePrincipalNodeProperties = AWSServicePrincipalNodeProperties()

cartography/models/aws/iam/sts_assumerole_allow.py

@@ -0,0 +1,38 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_source_node_matcher
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import SourceNodeMatcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class STSAssumeRoleAllowRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+    _sub_resource_label: PropertyRef = PropertyRef(
+        "_sub_resource_label", set_in_kwargs=True
+    )
+    _sub_resource_id: PropertyRef = PropertyRef("_sub_resource_id", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class STSAssumeRoleAllowMatchLink(CartographyRelSchema):
+    rel_label: str = "STS_ASSUMEROLE_ALLOW"
+    direction: LinkDirection = LinkDirection.OUTWARD
+    properties: STSAssumeRoleAllowRelProperties = STSAssumeRoleAllowRelProperties()
+
+    # Target node (the role being assumed)
+    target_node_label: str = "AWSRole"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("target_arn")},
+    )
+
+    # Source node (the principal that can assume the role)
+    source_node_label: str = "AWSPrincipal"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"arn": PropertyRef("source_arn")},
+    )

cartography/models/aws/iam/user.py

@@ -0,0 +1,54 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class AWSUserNodeProperties(CartographyNodeProperties):
+    # Required unique identifier
+    id: PropertyRef = PropertyRef("arn")
+    arn: PropertyRef = PropertyRef("arn", extra_index=True)
+
+    # Automatic fields (set by cartography)
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+    # Business fields from AWS IAM users
+    userid: PropertyRef = PropertyRef("userid")
+    name: PropertyRef = PropertyRef("name")
+    path: PropertyRef = PropertyRef("path")
+    createdate: PropertyRef = PropertyRef("createdate")
+    passwordlastused: PropertyRef = PropertyRef("passwordlastused")
+
+
+@dataclass(frozen=True)
+class AWSUserToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSUserToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {
+            "id": PropertyRef("AWS_ID", set_in_kwargs=True),
+        }
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSUserToAWSAccountRelProperties = AWSUserToAWSAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSUserSchema(CartographyNodeSchema):
+    label: str = "AWSUser"
+    properties: AWSUserNodeProperties = AWSUserNodeProperties()
+    sub_resource_relationship: AWSUserToAWSAccountRel = AWSUserToAWSAccountRel()
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(["AWSPrincipal"])

cartography/models/aws/identitycenter/awspermissionset.py

@@ -82,7 +82,7 @@ class AWSPermissionSetToAWSAccountRel(CartographyRelSchema):
 @dataclass(frozen=True)
 class RoleAssignmentAllowedByRelProperties(CartographyRelProperties):
     """
-    Properties for the ALLOWED_BY relationship between AWSRole and AWSSSOUser.
+    Properties for the ALLOWED_BY relationship between AWSRole and AWSSSO principals.
     """
 
     # Mandatory fields for MatchLinks
@@ -121,6 +121,29 @@ class RoleAssignmentAllowedByMatchLink(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class RoleAssignmentAllowedByGroupMatchLink(CartographyRelSchema):
+    """
+    MatchLink schema for ALLOWED_BY relationships from group role assignments.
+    Creates relationships like: (AWSRole)-[:ALLOWED_BY]->(AWSSSOGroup)
+    """
+
+    source_node_label: str = "AWSRole"
+    source_node_matcher: SourceNodeMatcher = make_source_node_matcher(
+        {"arn": PropertyRef("RoleArn")},
+    )
+
+    target_node_label: str = "AWSSSOGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("GroupId")},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ALLOWED_BY"
+    properties: RoleAssignmentAllowedByRelProperties = (
+        RoleAssignmentAllowedByRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class AWSPermissionSetSchema(CartographyNodeSchema):
     label: str = "AWSPermissionSet"

cartography/models/aws/identitycenter/awssogroup.py

@@ -0,0 +1,70 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class SSOGroupProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("GroupId")
+    display_name: PropertyRef = PropertyRef("DisplayName")
+    description: PropertyRef = PropertyRef("Description")
+    identity_store_id: PropertyRef = PropertyRef("IdentityStoreId")
+    external_id: PropertyRef = PropertyRef("ExternalId", extra_index=True)
+    region: PropertyRef = PropertyRef("Region")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToAWSAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToAWSAccountRel(CartographyRelSchema):
+    target_node_label: str = "AWSAccount"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AWS_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AWSSSOGroupToAWSAccountRelProperties = (
+        AWSSSOGroupToAWSAccountRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToPermissionSetRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupToPermissionSetRel(CartographyRelSchema):
+    target_node_label: str = "AWSPermissionSet"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("AssignedPermissionSets", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_PERMISSION_SET"
+    properties: AWSSSOGroupToPermissionSetRelProperties = (
+        AWSSSOGroupToPermissionSetRelProperties()
+    )
+
+
+@dataclass(frozen=True)
+class AWSSSOGroupSchema(CartographyNodeSchema):
+    label: str = "AWSSSOGroup"
+    properties: SSOGroupProperties = SSOGroupProperties()
+    sub_resource_relationship: AWSSSOGroupToAWSAccountRel = AWSSSOGroupToAWSAccountRel()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            AWSSSOGroupToPermissionSetRel(),
+        ]
+    )

cartography/models/aws/identitycenter/awsssouser.py

@@ -14,7 +14,7 @@ from cartography.models.core.relationships import TargetNodeMatcher
 
 @dataclass(frozen=True)
 class SSOUserProperties(CartographyNodeProperties):
-    id: PropertyRef = PropertyRef("UserId", extra_index=True)
+    id: PropertyRef = PropertyRef("UserId")
     user_name: PropertyRef = PropertyRef("UserName")
     identity_store_id: PropertyRef = PropertyRef("IdentityStoreId")
     external_id: PropertyRef = PropertyRef("ExternalId", extra_index=True)
@@ -57,6 +57,40 @@ class AWSSSOUserToAWSAccountRel(CartographyRelSchema):
     )
 
 
+@dataclass(frozen=True)
+class AWSSSOUserToSSOGroupRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToSSOGroupRel(CartographyRelSchema):
+    target_node_label: str = "AWSSSOGroup"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("MemberOfGroups", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "MEMBER_OF_SSO_GROUP"
+    properties: AWSSSOUserToSSOGroupRelProperties = AWSSSOUserToSSOGroupRelProperties()
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToPermissionSetRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AWSSSOUserToPermissionSetRel(CartographyRelSchema):
+    target_node_label: str = "AWSPermissionSet"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"arn": PropertyRef("AssignedPermissionSets", one_to_many=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "HAS_PERMISSION_SET"
+    properties: AWSSSOUserToPermissionSetRelProperties = (
+        AWSSSOUserToPermissionSetRelProperties()
+    )
+
+
 @dataclass(frozen=True)
 class AWSSSOUserSchema(CartographyNodeSchema):
     label: str = "AWSSSOUser"
@@ -66,5 +100,7 @@ class AWSSSOUserSchema(CartographyNodeSchema):
     other_relationships: OtherRelationships = OtherRelationships(
         [
             SSOUserToOktaUserRel(),
+            AWSSSOUserToSSOGroupRel(),
+            AWSSSOUserToPermissionSetRel(),
         ],
     )

cartography/models/aws/lambda_function/lambda_function.py

@@ -39,6 +39,8 @@ class AWSLambdaNodeProperties(CartographyNodeProperties):
     architectures: PropertyRef = PropertyRef("Architectures")
     masterarn: PropertyRef = PropertyRef("MasterArn")
     kmskeyarn: PropertyRef = PropertyRef("KMSKeyArn")
+    anonymous_access: PropertyRef = PropertyRef("AnonymousAccess")
+    anonymous_actions: PropertyRef = PropertyRef("AnonymousActions")
     region: PropertyRef = PropertyRef("Region", set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
 

cartography/models/azure/app_service.py

@@ -0,0 +1,59 @@
+import logging
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+logger = logging.getLogger(__name__)
+
+
+# --- Node Definitions ---
+@dataclass(frozen=True)
+class AzureAppServiceProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    kind: PropertyRef = PropertyRef("kind")
+    location: PropertyRef = PropertyRef("location")
+    state: PropertyRef = PropertyRef("state")
+    default_host_name: PropertyRef = PropertyRef("default_host_name")
+    https_only: PropertyRef = PropertyRef("https_only")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+# --- Relationship Definitions ---
+@dataclass(frozen=True)
+class AzureAppServiceToSubscriptionRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AzureAppServiceToSubscriptionRel(CartographyRelSchema):
+    target_node_label: str = "AzureSubscription"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AZURE_SUBSCRIPTION_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AzureAppServiceToSubscriptionRelProperties = (
+        AzureAppServiceToSubscriptionRelProperties()
+    )
+
+
+# --- Main Schema ---
+@dataclass(frozen=True)
+class AzureAppServiceSchema(CartographyNodeSchema):
+    """
+    The schema for an Azure App Service.
+    """
+
+    label: str = "AzureAppService"
+    properties: AzureAppServiceProperties = AzureAppServiceProperties()
+    sub_resource_relationship: AzureAppServiceToSubscriptionRel = (
+        AzureAppServiceToSubscriptionRel()
+    )

cartography/models/azure/function_app.py

@@ -0,0 +1,59 @@
+import logging
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+logger = logging.getLogger(__name__)
+
+
+# --- Node Definitions ---
+@dataclass(frozen=True)
+class AzureFunctionAppProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    kind: PropertyRef = PropertyRef("kind")
+    location: PropertyRef = PropertyRef("location")
+    state: PropertyRef = PropertyRef("state")
+    default_host_name: PropertyRef = PropertyRef("default_host_name")
+    https_only: PropertyRef = PropertyRef("https_only")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+# --- Relationship Definitions ---
+@dataclass(frozen=True)
+class AzureFunctionAppToSubscriptionRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AzureFunctionAppToSubscriptionRel(CartographyRelSchema):
+    target_node_label: str = "AzureSubscription"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AZURE_SUBSCRIPTION_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AzureFunctionAppToSubscriptionRelProperties = (
+        AzureFunctionAppToSubscriptionRelProperties()
+    )
+
+
+# --- Main Schema ---
+@dataclass(frozen=True)
+class AzureFunctionAppSchema(CartographyNodeSchema):
+    """
+    The schema for an Azure Function App.
+    """
+
+    label: str = "AzureFunctionApp"
+    properties: AzureFunctionAppProperties = AzureFunctionAppProperties()
+    sub_resource_relationship: AzureFunctionAppToSubscriptionRel = (
+        AzureFunctionAppToSubscriptionRel()
+    )

cartography/models/azure/logic_apps.py

@@ -0,0 +1,56 @@
+import logging
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+
+logger = logging.getLogger(__name__)
+
+
+# --- Node Definitions ---
+@dataclass(frozen=True)
+class AzureLogicAppProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef("id")
+    name: PropertyRef = PropertyRef("name")
+    location: PropertyRef = PropertyRef("location")
+    state: PropertyRef = PropertyRef("state")
+    created_time: PropertyRef = PropertyRef("createdTime")
+    changed_time: PropertyRef = PropertyRef("changedTime")
+    version: PropertyRef = PropertyRef("version")
+    access_endpoint: PropertyRef = PropertyRef("accessEndpoint")
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+# --- Relationship Definitions ---
+@dataclass(frozen=True)
+class AzureLogicAppToSubscriptionRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef("lastupdated", set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class AzureLogicAppToSubscriptionRel(CartographyRelSchema):
+    target_node_label: str = "AzureSubscription"
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {"id": PropertyRef("AZURE_SUBSCRIPTION_ID", set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: AzureLogicAppToSubscriptionRelProperties = (
+        AzureLogicAppToSubscriptionRelProperties()
+    )
+
+
+# --- Main Schema ---
+@dataclass(frozen=True)
+class AzureLogicAppSchema(CartographyNodeSchema):
+    label: str = "AzureLogicApp"
+    properties: AzureLogicAppProperties = AzureLogicAppProperties()
+    sub_resource_relationship: AzureLogicAppToSubscriptionRel = (
+        AzureLogicAppToSubscriptionRel()
+    )