cartography 0.73.1__py3-none-any.whl → 0.75.0__py3-none-any.whl

cartography/client/core/tx.py

@@ -7,6 +7,9 @@ from typing import Union
 
 import neo4j
 
+from cartography.graph.querybuilder import build_create_index_queries
+from cartography.graph.querybuilder import build_ingestion_query
+from cartography.models.core.nodes import CartographyNodeSchema
 from cartography.util import batch
 
 
@@ -210,3 +213,42 @@ def load_graph_data(
             DictList=data_batch,
             **kwargs,
         )
+
+
+def ensure_indexes(neo4j_session: neo4j.Session, node_schema: CartographyNodeSchema) -> None:
+    """
+    Creates indexes if they don't exist for the given CartographyNodeSchema object, as well as for all of the
+    relationships defined on its `other_relationships` and `sub_resource_relationship` fields. This operation is
+    idempotent.
+
+    This ensures that every time we need to MATCH on a node to draw a relationship to it, the field used for the MATCH
+    will be indexed, making the operation fast.
+    :param neo4j_session: The neo4j session
+    :param node_schema: The node_schema object to create indexes for.
+    """
+    queries = build_create_index_queries(node_schema)
+
+    for query in queries:
+        if not query.startswith('CREATE INDEX IF NOT EXISTS'):
+            raise ValueError('Query provided to `ensure_indexes()` does not start with "CREATE INDEX IF NOT EXISTS".')
+        neo4j_session.run(query)
+
+
+def load(
+        neo4j_session: neo4j.Session,
+        node_schema: CartographyNodeSchema,
+        dict_list: List[Dict[str, Any]],
+        **kwargs,
+) -> None:
+    """
+    Main entrypoint for intel modules to write data to the graph. Ensures that indexes exist for the datatypes loaded
+    to the graph and then performs the load operation.
+    :param neo4j_session: The Neo4j session
+    :param node_schema: The CartographyNodeSchema object to create indexes for and generate a query.
+    :param dict_list: The data to load to the graph represented as a list of dicts.
+    :param kwargs: Allows additional keyword args to be supplied to the Neo4j query.
+    :return: None
+    """
+    ensure_indexes(neo4j_session, node_schema)
+    ingestion_query = build_ingestion_query(node_schema)
+    load_graph_data(neo4j_session, ingestion_query, dict_list, **kwargs)

cartography/data/indexes.cypher

@@ -140,6 +140,7 @@ CREATE INDEX IF NOT EXISTS FOR (n:ECSContainerInstance) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSService) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSService) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSTaskDefinition) ON (n.id);
+CREATE INDEX IF NOT EXISTS FOR (n:ECSTaskDefinition) ON (n.arn);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSTaskDefinition) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSTask) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ECSTask) ON (n.lastupdated);
@@ -158,9 +159,6 @@ CREATE INDEX IF NOT EXISTS FOR (n:ELBListener) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ELBListener) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ELBV2Listener) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:ELBV2Listener) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:EMRCluster) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:EMRCluster) ON (n.arn);
-CREATE INDEX IF NOT EXISTS FOR (n:EMRCluster) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:Endpoint) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:Endpoint) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:ESDomain) ON (n.arn);

cartography/data/jobs/analysis/aws_ec2_asset_exposure.json

@@ -1,12 +1,12 @@
 {
   "statements": [
   {
-    "query": "MATCH (n) where EXISTS(n.exposed_internet) AND labels(n) IN ['AutoScalingGroup', 'EC2Instance', 'LoadBalancer', 'LoadBalancerV2'] WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type return COUNT(*) as TotalCompleted",
+    "query": "MATCH (n) where n.exposed_internet IS NOT NULL AND labels(n) IN ['AutoScalingGroup', 'EC2Instance', 'LoadBalancer', 'LoadBalancerV2'] WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type return COUNT(*) as TotalCompleted",
     "iterative": true,
     "iterationsize": 1000
   },
   {
-    "query": "MATCH (:IpRange{id: '0.0.0.0/0'})-[:MEMBER_OF_IP_RULE]->(:IpPermissionInbound)-[:MEMBER_OF_EC2_SECURITY_GROUP]->(group:EC2SecurityGroup)<-[:MEMBER_OF_EC2_SECURITY_GROUP|NETWORK_INTERFACE*..2]-(instance:EC2Instance)\nWITH instance\nWHERE (EXISTS(instance.publicipaddress)) AND (NOT EXISTS(instance.exposed_internet_type)) OR (NOT 'direct' IN instance.exposed_internet_type)\nSET instance.exposed_internet = true, instance.exposed_internet_type = coalesce(instance.exposed_internet_type , []) + 'direct';",
+    "query": "MATCH (:IpRange{id: '0.0.0.0/0'})-[:MEMBER_OF_IP_RULE]->(:IpPermissionInbound)-[:MEMBER_OF_EC2_SECURITY_GROUP]->(group:EC2SecurityGroup)<-[:MEMBER_OF_EC2_SECURITY_GROUP|NETWORK_INTERFACE*..2]-(instance:EC2Instance)\nWITH instance\nWHERE (instance.publicipaddress IS NOT NULL) AND (instance.exposed_internet_type IS NULL) OR (NOT 'direct' IN instance.exposed_internet_type)\nSET instance.exposed_internet = true, instance.exposed_internet_type = coalesce(instance.exposed_internet_type , []) + 'direct';",
     "iterative": false
   },
   {
@@ -18,15 +18,15 @@
     "iterative": false
   },
   {
-    "query": "MATCH (elb:LoadBalancer{exposed_internet: true})-[:EXPOSE]->(e:EC2Instance)\nWITH e\nWHERE (NOT EXISTS(e.exposed_internet_type)) OR (NOT 'elb' IN e.exposed_internet_type)\nSET e.exposed_internet = true, e.exposed_internet_type = coalesce(e.exposed_internet_type, []) + 'elb'",
+    "query": "MATCH (elb:LoadBalancer{exposed_internet: true})-[:EXPOSE]->(e:EC2Instance)\nWITH e\nWHERE (e.exposed_internet_type IS NULL) OR (NOT 'elb' IN e.exposed_internet_type)\nSET e.exposed_internet = true, e.exposed_internet_type = coalesce(e.exposed_internet_type, []) + 'elb'",
     "iterative": false
   },
   {
-    "query": "MATCH (elbv2:LoadBalancerV2{exposed_internet: true})-[:EXPOSE]->(e:EC2Instance)\nWITH e\nWHERE (NOT EXISTS(e.exposed_internet_type)) OR (NOT 'elbv2' IN e.exposed_internet_type)\nSET e.exposed_internet = true, e.exposed_internet_type = coalesce(e.exposed_internet_type, []) + 'elbv2'",
+    "query": "MATCH (elbv2:LoadBalancerV2{exposed_internet: true})-[:EXPOSE]->(e:EC2Instance)\nWITH e\nWHERE (e.exposed_internet_type IS NULL) OR (NOT 'elbv2' IN e.exposed_internet_type)\nSET e.exposed_internet = true, e.exposed_internet_type = coalesce(e.exposed_internet_type, []) + 'elbv2'",
     "iterative": false
   },
   {
-    "query": "MATCH (instance:EC2Instance{exposed_internet: true})-[:MEMBER_AUTO_SCALE_GROUP]->(asg:AutoScalingGroup)\nWITH distinct instance.exposed_internet_type as types, asg\nUNWIND types as type\nWITH type, asg\nWHERE NOT EXISTS(asg.exposed_internet_type) OR (NOT type IN asg.exposed_internet_type)\nSET asg.exposed_internet = true, asg.exposed_internet_type = coalesce(asg.exposed_internet_type, []) + type;",
+    "query": "MATCH (instance:EC2Instance{exposed_internet: true})-[:MEMBER_AUTO_SCALE_GROUP]->(asg:AutoScalingGroup)\nWITH distinct instance.exposed_internet_type as types, asg\nUNWIND types as type\nWITH type, asg\nWHERE asg.exposed_internet_type IS NULL OR (NOT type IN asg.exposed_internet_type)\nSET asg.exposed_internet = true, asg.exposed_internet_type = coalesce(asg.exposed_internet_type, []) + type;",
     "iterative": false
   }
 ],

cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json

@@ -3,12 +3,12 @@
     "statements": [
         {
             "__comment__": "Delete the attribute user_uploaded",
-            "query": "MATCH (k:EC2KeyPair) WHERE EXISTS (k.user_uploaded) REMOVE k.user_uploaded return COUNT(*) as TotalCompleted",
+            "query": "MATCH (k:EC2KeyPair) WHERE k.user_uploaded IS NOT NULL REMOVE k.user_uploaded return COUNT(*) as TotalCompleted",
             "iterative": false
         },
         {
             "__comment__": "Delete the attribute duplicate_keyfingerprint",
-            "query": "MATCH (k:EC2KeyPair) WHERE EXISTS (k.duplicate_keyfingerprint) REMOVE k.duplicate_keyfingerprint return COUNT(*) as TotalCompleted",
+            "query": "MATCH (k:EC2KeyPair) WHERE k.duplicate_keyfingerprint IS NOT NULL REMOVE k.duplicate_keyfingerprint return COUNT(*) as TotalCompleted",
             "iterative": false
         },
         {

cartography/data/jobs/analysis/aws_eks_asset_exposure.json

@@ -2,7 +2,7 @@
   "statements": [
     {
       "__comment": "This is a clean-up statement to remove custom attributes",
-      "query": "MATCH (cluster:EKSCluster) WHERE EXISTS(cluster.exposed_internet) REMOVE cluster.exposed_internet return COUNT(*) as TotalCompleted",
+      "query": "MATCH (cluster:EKSCluster) WHERE cluster.exposed_internet IS NOT NULL REMOVE cluster.exposed_internet return COUNT(*) as TotalCompleted",
       "iterative": false
     },
     {

cartography/data/jobs/analysis/aws_foreign_accounts.json

@@ -2,12 +2,12 @@
   "statements": [
     {
       "__comment": "This analyze AWS accounts we created and tag the ones that are foreign. Foreign accounts are ones that were not in the sync scope",
-      "query": "MATCH (foreign:AWSAccount) where NOT EXISTS(foreign.inscope) SET foreign.foreign = true",
+      "query": "MATCH (foreign:AWSAccount) where foreign.inscope IS NULL SET foreign.foreign = true",
       "iterative": false
     },
     {
       "__comment": "Remove accounts that were set with foreign and inscope. This can happen as we finish the list of sync accounts through assume role mapping and vpc peering",
-      "query": "MATCH (a:AWSAccount) where EXISTS(a.inscope) AND EXISTS(a.foreign) REMOVE a.foreign",
+      "query": "MATCH (a:AWSAccount) where a.inscope IS NOT NULL AND a.foreign IS NOT NULL REMOVE a.foreign",
       "iterative": false
     }
   ],

cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json

@@ -1,7 +1,7 @@
 {
   "statements": [
   {
-    "query": "MATCH (n) where EXISTS(n.exposed_internet) AND labels(n) IN ['GCPInstance'] WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type return COUNT(*) as TotalCompleted",
+    "query": "MATCH (n) where n.exposed_internet IS NOT NULL AND labels(n) IN ['GCPInstance'] WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type return COUNT(*) as TotalCompleted",
     "iterative": true,
     "iterationsize": 1000,
     "__comment__": "Delete exposed_internet off nodes so we can start fresh"
@@ -22,17 +22,17 @@
     "__comment__": "Delete stale firewall ingress relationships"
   },
   {
-    "query": "MATCH (ac:GCPNicAccessConfig)<-[:RESOURCE]-(:GCPNetworkInterface)<-[:NETWORK_INTERFACE]-(n:GCPInstance)<-[:FIREWALL_INGRESS]-(firewall_a:GCPFirewall)<-[:ALLOWED_BY]-(allow_rule:GCPIpRule{protocol:'tcp'})<-[:MEMBER_OF_IP_RULE]-(:IpRange{id:\"0.0.0.0/0\"})\nOPTIONAL MATCH (n)<-[:FIREWALL_INGRESS]-(firewall_b:GCPFirewall)<-[:DENIED_BY]-(deny_rule:GCPIpRule{protocol:'tcp'})\nWHERE exists(ac.public_ip) and (\n\tdeny_rule is NULL\n\tOR firewall_b.priority > firewall_a.priority\n\tOR NOT allow_rule.fromport IN RANGE(deny_rule.fromport, deny_rule.toport)\n\tOR NOT allow_rule.toport IN RANGE(deny_rule.fromport, deny_rule.toport)\n)\nSET n.exposed_internet = True, n.exposed_internet_type='direct'\nRETURN count(*) as TotalCompleted",
+    "query": "MATCH (ac:GCPNicAccessConfig)<-[:RESOURCE]-(:GCPNetworkInterface)<-[:NETWORK_INTERFACE]-(n:GCPInstance)<-[:FIREWALL_INGRESS]-(firewall_a:GCPFirewall)<-[:ALLOWED_BY]-(allow_rule:GCPIpRule{protocol:'tcp'})<-[:MEMBER_OF_IP_RULE]-(:IpRange{id:\"0.0.0.0/0\"})\nOPTIONAL MATCH (n)<-[:FIREWALL_INGRESS]-(firewall_b:GCPFirewall)<-[:DENIED_BY]-(deny_rule:GCPIpRule{protocol:'tcp'})\nWHERE ac.public_ip IS NOT NULL and (\n\tdeny_rule is NULL\n\tOR firewall_b.priority > firewall_a.priority\n\tOR NOT allow_rule.fromport IN RANGE(deny_rule.fromport, deny_rule.toport)\n\tOR NOT allow_rule.toport IN RANGE(deny_rule.fromport, deny_rule.toport)\n)\nSET n.exposed_internet = True, n.exposed_internet_type='direct'\nRETURN count(*) as TotalCompleted",
     "iterative": false,
     "__comment__": "Mark a GCP instance with exposed_internet = True and exposed_internet_type = 'direct' if its attached firewalls and TCP rules expose it to the internet."
   },
   {
-    "query": "MATCH (ac:GCPNicAccessConfig)<-[:RESOURCE]-(:GCPNetworkInterface)<-[:NETWORK_INTERFACE]-(n:GCPInstance)<-[:FIREWALL_INGRESS]-(firewall_a:GCPFirewall)<-[:ALLOWED_BY]-(allow_rule:GCPIpRule{protocol:'udp'})<-[:MEMBER_OF_IP_RULE]-(:IpRange{id:\"0.0.0.0/0\"})\nOPTIONAL MATCH (n)<-[:FIREWALL_INGRESS]-(firewall_b:GCPFirewall)<-[:DENIED_BY]-(deny_rule:GCPIpRule{protocol:'udp'})\nWHERE exists(ac.public_ip) and (\n\tdeny_rule is NULL\n\tOR firewall_b.priority > firewall_a.priority\n\tOR NOT allow_rule.fromport IN RANGE(deny_rule.fromport, deny_rule.toport)\n\tOR NOT allow_rule.toport IN RANGE(deny_rule.fromport, deny_rule.toport)\n)\nSET n.exposed_internet = True, n.exposed_internet_type='direct'\nRETURN count(*) as TotalCompleted",
+    "query": "MATCH (ac:GCPNicAccessConfig)<-[:RESOURCE]-(:GCPNetworkInterface)<-[:NETWORK_INTERFACE]-(n:GCPInstance)<-[:FIREWALL_INGRESS]-(firewall_a:GCPFirewall)<-[:ALLOWED_BY]-(allow_rule:GCPIpRule{protocol:'udp'})<-[:MEMBER_OF_IP_RULE]-(:IpRange{id:\"0.0.0.0/0\"})\nOPTIONAL MATCH (n)<-[:FIREWALL_INGRESS]-(firewall_b:GCPFirewall)<-[:DENIED_BY]-(deny_rule:GCPIpRule{protocol:'udp'})\nWHERE ac.public_ip IS NOT NULL and (\n\tdeny_rule is NULL\n\tOR firewall_b.priority > firewall_a.priority\n\tOR NOT allow_rule.fromport IN RANGE(deny_rule.fromport, deny_rule.toport)\n\tOR NOT allow_rule.toport IN RANGE(deny_rule.fromport, deny_rule.toport)\n)\nSET n.exposed_internet = True, n.exposed_internet_type='direct'\nRETURN count(*) as TotalCompleted",
     "iterative": false,
     "__comment__": "Mark a GCP instance with exposed_internet = True and exposed_internet_type = 'direct' if its attached firewalls and UDP rules expose it to the internet."
   },
   {
-    "query": "MATCH (ac:GCPNicAccessConfig)<-[:RESOURCE]-(:GCPNetworkInterface)<-[:NETWORK_INTERFACE]-(n:GCPInstance)<-[:FIREWALL_INGRESS]-(firewall_a:GCPFirewall)<-[:ALLOWED_BY]-(allow_rule:GCPIpRule{protocol:'all'})<-[:MEMBER_OF_IP_RULE]-(:IpRange{id:\"0.0.0.0/0\"})\nOPTIONAL MATCH (n)<-[:FIREWALL_INGRESS]-(firewall_b:GCPFirewall)<-[:DENIED_BY]-(deny_rule:GCPIpRule{protocol:'all'})\nWHERE exists(ac.public_ip) and exists(allow_rule.fromport) and exists(allow_rule.toport) and (\n\tdeny_rule is NULL\n\tOR firewall_b.priority > firewall_a.priority\n\tOR NOT allow_rule.fromport IN RANGE(deny_rule.fromport, deny_rule.toport)\n\tOR NOT allow_rule.toport IN RANGE(deny_rule.fromport, deny_rule.toport)\n)\nSET n.exposed_internet = True, n.exposed_internet_type='direct'\nRETURN count(*) as TotalCompleted",
+    "query": "MATCH (ac:GCPNicAccessConfig)<-[:RESOURCE]-(:GCPNetworkInterface)<-[:NETWORK_INTERFACE]-(n:GCPInstance)<-[:FIREWALL_INGRESS]-(firewall_a:GCPFirewall)<-[:ALLOWED_BY]-(allow_rule:GCPIpRule{protocol:'all'})<-[:MEMBER_OF_IP_RULE]-(:IpRange{id:\"0.0.0.0/0\"})\nOPTIONAL MATCH (n)<-[:FIREWALL_INGRESS]-(firewall_b:GCPFirewall)<-[:DENIED_BY]-(deny_rule:GCPIpRule{protocol:'all'})\nWHERE ac.public_ip IS NOT NULL and allow_rule.fromport IS NOT NULL and allow_rule.toport IS NOT NULL and (\n\tdeny_rule is NULL\n\tOR firewall_b.priority > firewall_a.priority\n\tOR NOT allow_rule.fromport IN RANGE(deny_rule.fromport, deny_rule.toport)\n\tOR NOT allow_rule.toport IN RANGE(deny_rule.fromport, deny_rule.toport)\n)\nSET n.exposed_internet = True, n.exposed_internet_type='direct'\nRETURN count(*) as TotalCompleted",
     "iterative": false,
     "__comment__": "Mark a GCP instance with exposed_internet = True and exposed_internet_type = 'direct' if its attached firewalls and ALL rules expose it to the internet."
   }

cartography/data/jobs/analysis/gcp_gke_asset_exposure.json

@@ -2,7 +2,7 @@
   "statements": [
     {
       "__comment": "This is a clean-up statement to remove custom attributes",
-      "query": "MATCH (cluster:GKECluster) WHERE EXISTS(cluster.exposed_internet) REMOVE cluster.exposed_internet return COUNT(*) as TotalCompleted",
+      "query": "MATCH (cluster:GKECluster) WHERE cluster.exposed_internet IS NOT NULL REMOVE cluster.exposed_internet return COUNT(*) as TotalCompleted",
       "iterative": false
     },
     {

cartography/data/jobs/analysis/gcp_gke_basic_auth.json

@@ -2,12 +2,12 @@
   "statements": [
     {
       "__comment": "This is a clean-up statement to remove custom attributes",
-      "query": "MATCH (cluster:GKECluster) WHERE EXISTS(cluster.basic_auth) REMOVE cluster.basic_auth return COUNT(*) as TotalCompleted",
+      "query": "MATCH (cluster:GKECluster) WHERE cluster.basic_auth IS NOT NULL REMOVE cluster.basic_auth return COUNT(*) as TotalCompleted",
       "iterative": false
     },
     {
       "__comment": "This sets the basic_auth attribute",
-      "query": "MATCH (cluster:GKECluster) WHERE (EXISTS(cluster.masterauth_username) AND NOT cluster.masterauth_username = '') AND (EXISTS(cluster.masterauth_password) AND NOT cluster.masterauth.password = '') SET cluster.basic_auth = true",
+      "query": "MATCH (cluster:GKECluster) WHERE (cluster.masterauth_username IS NOT NULL AND NOT cluster.masterauth_username = '') AND (cluster.masterauth_password IS NOT NULL AND NOT cluster.masterauth.password = '') SET cluster.basic_auth = true",
       "iterative": false
     }
   ],

cartography/data/jobs/cleanup/aws_apigateway_details.json

@@ -1,7 +1,7 @@
 {
   "statements": [
     {
-      "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:RestAPI) WHERE EXISTS(s.anonymous_access)\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
+      "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:RestAPI) WHERE s.anonymous_access IS NOT NULL\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
       "iterative": true,
       "iterationsize": 100
     }

cartography/data/jobs/cleanup/aws_kms_details.json

@@ -1,7 +1,7 @@
 {
   "statements": [
     {
-      "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:KMSKey) WHERE EXISTS(s.anonymous_access)\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
+      "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:KMSKey) WHERE s.anonymous_access IS NOT NULL\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
       "iterative": true,
       "iterationsize": 100
     }

cartography/data/jobs/cleanup/aws_s3_details.json

@@ -1,7 +1,7 @@
 {
   "statements": [
     {
-      "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:S3Bucket) WHERE EXISTS(s.anonymous_access)\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
+      "query": "MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:S3Bucket) WHERE s.anonymous_access IS NOT NULL\n WITH s LIMIT $LIMIT_SIZE\nREMOVE s.anonymous_access, s.anonymous_actions",
       "iterative": true,
       "iterationsize": 100
     }

cartography/graph/cleanupbuilder.py

@@ -1,11 +1,8 @@
 from dataclasses import asdict
 from string import Template
 from typing import List
-from typing import Optional
-from typing import Set
 
 from cartography.graph.querybuilder import _build_match_clause
-from cartography.graph.querybuilder import filter_selected_relationships
 from cartography.graph.querybuilder import rel_present_on_node_schema
 from cartography.models.core.nodes import CartographyNodeSchema
 from cartography.models.core.relationships import CartographyRelSchema
@@ -13,49 +10,32 @@ from cartography.models.core.relationships import LinkDirection
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
-def build_cleanup_queries(
-        node_schema: CartographyNodeSchema,
-        selected_rels: Optional[Set[CartographyRelSchema]] = None,
-) -> List[str]:
+def build_cleanup_queries(node_schema: CartographyNodeSchema) -> List[str]:
     """
     Generates queries to clean up stale nodes and relationships from the given CartographyNodeSchema.
-    :param node_schema: The given CartographyNodeSchema to generate cleanup queries for.
-    :param selected_rels: Optional. If specified, only generate cleanup queries where the `node_schema` is bound to this
-    given set of selected relationships. Raises an exception if any of the rels in `selected_rels` aren't actually
-    defined on the `node_schema`.
-    If `selected_rels` is not specified (default), we generate cleanup queries against all relationships defined on the
-    `node_schema`.
-    :return: A list of Neo4j queries to clean up nodes and relationships. Order matters: we always clean up the sub
-    resource relationship last because we only clean up stale nodes and rels that are associated with a given sub
-    resource, so if we delete the sub resource first then we will not be able to reach the stale nodes and rels, thus
-    leaving orphaned objects behind.
-    Note also that we return the empty list if the node_schema has no relationships. Doing cleanups of nodes without
-    relationships can be resource expensive for a large graph, and you might risk deleting unintended objects. Please
-    write a manual cleanup job if you wish to do this.
+    Note that auto-cleanups for a node with no relationships is not currently supported.
+    Algorithm:
+    1. First delete all stale nodes attached to the node_schema's sub resource
+    2. Delete all stale node to sub resource relationships
+        - We don't expect this to be very common (never for AWS resources, at least), but in case it is possible for an
+          asset to change sub resources, we want to handle it properly.
+    3. For all relationships defined on the node schema, delete all stale ones.
+    :param node_schema: The given CartographyNodeSchema
+    :return: A list of Neo4j queries to clean up nodes and relationships.
     """
-    other_rels = node_schema.other_relationships
-    sub_resource_rel = node_schema.sub_resource_relationship
-
-    if selected_rels:
-        # Ensure that the selected rels actually exist on the node_schema
-        sub_resource_rel, other_rels = filter_selected_relationships(node_schema, selected_rels)
-
-    if not sub_resource_rel:
+    if not node_schema.sub_resource_relationship:
         raise ValueError(
             "Auto-creating a cleanup job for a node_schema without a sub resource relationship is not supported. "
-            f'Please check the class definition of "{node_schema.__class__.__name__}". If the optional `selected_rels` '
-            'param was specified to build_cleanup_queries(), then ensure that the sub resource relationship is '
-            'present.',
+            f'Please check the class definition of "{node_schema.__class__.__name__}".',
         )
 
-    result = []
-    if other_rels:
-        for rel in other_rels.rels:
-            result.extend(_build_cleanup_node_and_rel_queries(node_schema, rel))
+    result = _build_cleanup_node_and_rel_queries(node_schema, node_schema.sub_resource_relationship)
+    if node_schema.other_relationships:
+        for rel in node_schema.other_relationships.rels:
+            # [0] is the delete node query, [1] is the delete relationship query. We only want the latter.
+            _, rel_query = _build_cleanup_node_and_rel_queries(node_schema, rel)
+            result.append(rel_query)
 
-    # Make sure that the sub resource cleanup job is last in the list; order matters.
-    result.extend(_build_cleanup_node_and_rel_queries(node_schema, sub_resource_rel))
-    # Note that auto-cleanups for a node with no relationships does not happen at all - we don't support it.
     return result
 
 

cartography/graph/job.py

@@ -16,7 +16,6 @@ from cartography.graph.cleanupbuilder import build_cleanup_queries
 from cartography.graph.statement import get_job_shortname
 from cartography.graph.statement import GraphStatement
 from cartography.models.core.nodes import CartographyNodeSchema
-from cartography.models.core.relationships import CartographyRelSchema
 
 logger = logging.getLogger(__name__)
 
@@ -129,14 +128,13 @@ class GraphJob:
             cls,
             node_schema: CartographyNodeSchema,
             parameters: Dict[str, Any],
-            selected_rels: Optional[Set[CartographyRelSchema]] = None,
     ) -> 'GraphJob':
         """
         Create a cleanup job from a CartographyNodeSchema object.
         For a given node, the fields used in the node_schema.sub_resource_relationship.target_node_node_matcher.keys()
         must be provided as keys and values in the params dict.
         """
-        queries: List[str] = build_cleanup_queries(node_schema, selected_rels)
+        queries: List[str] = build_cleanup_queries(node_schema)
 
         expected_param_keys: Set[str] = get_parameters(queries)
         actual_param_keys: Set[str] = set(parameters.keys())

cartography/graph/querybuilder.py

@@ -2,6 +2,7 @@ import logging
 from dataclasses import asdict
 from string import Template
 from typing import Dict
+from typing import List
 from typing import Optional
 from typing import Set
 from typing import Tuple
@@ -108,6 +109,28 @@ def _build_match_clause(matcher: TargetNodeMatcher) -> str:
     return ', '.join(match.safe_substitute(Key=key, PropRef=prop_ref) for key, prop_ref in matcher_asdict.items())
 
 
+def _build_where_clause_for_rel_match(node_var: str, matcher: TargetNodeMatcher) -> str:
+    """
+    Same as _build_match_clause, but puts the matching logic in a WHERE clause.
+    This is intended specifically to use for joining with relationships where we need a case-insensitive match.
+    :param matcher: A TargetNodeMatcher object
+    :return: a Neo4j where clause
+    """
+    match = Template("$node_var.$key = $prop_ref")
+    case_insensitive_match = Template("toLower($node_var.$key) = toLower($prop_ref)")
+
+    matcher_asdict = asdict(matcher)
+
+    result = []
+    for key, prop_ref in matcher_asdict.items():
+        if prop_ref.ignore_case:
+            prop_line = case_insensitive_match.safe_substitute(node_var=node_var, key=key, prop_ref=prop_ref)
+        else:
+            prop_line = match.safe_substitute(node_var=node_var, key=key, prop_ref=prop_ref)
+        result.append(prop_line)
+    return ' AND\n'.join(result)
+
+
 def _asdict_with_validate_relprops(link: CartographyRelSchema) -> Dict[str, PropertyRef]:
     """
     Give a helpful error message when forgetting to put `()` when instantiating a CartographyRelSchema, as this
@@ -145,6 +168,7 @@ def _build_attach_sub_resource_statement(sub_resource_link: Optional[Cartography
 
     sub_resource_attach_template = Template(
         """
+        WITH i, item
         OPTIONAL MATCH (j:$SubResourceLabel{$MatchClause})
         WITH i, item, j WHERE j IS NOT NULL
         $RelMergeClause
@@ -191,7 +215,9 @@ def _build_attach_additional_links_statement(
     additional_links_template = Template(
         """
         WITH i, item
-        OPTIONAL MATCH ($node_var:$AddlLabel{$MatchClause})
+        OPTIONAL MATCH ($node_var:$AddlLabel)
+        WHERE
+            $WhereClause
         WITH i, item, $node_var WHERE $node_var IS NOT NULL
         $RelMerge
         ON CREATE SET $rel_var.firstseen = timestamp()
@@ -219,7 +245,7 @@ def _build_attach_additional_links_statement(
 
         additional_ref = additional_links_template.safe_substitute(
             AddlLabel=link.target_node_label,
-            MatchClause=_build_match_clause(link.target_node_matcher),
+            WhereClause=_build_where_clause_for_rel_match(node_var, link.target_node_matcher),
             node_var=node_var,
             rel_var=rel_var,
             RelMerge=rel_merge,
@@ -258,7 +284,6 @@ def _build_attach_relationships_statement(
         """
         WITH i, item
         CALL {
-            WITH i, item
             $attach_relationships_statement
         }
         """,
@@ -374,3 +399,55 @@ def build_ingestion_query(
         attach_relationships_statement=_build_attach_relationships_statement(sub_resource_rel, other_rels),
     )
     return ingest_query
+
+
+def build_create_index_queries(node_schema: CartographyNodeSchema) -> List[str]:
+    """
+    Generate queries to create indexes for the given CartographyNodeSchema and all node types attached to it via its
+    relationships.
+    :param node_schema: The Cartography node_schema object
+    :return: A list of queries of the form `CREATE INDEX IF NOT EXISTS FOR (n:$TargetNodeLabel) ON (n.$TargetAttribute)`
+    """
+    index_template = Template('CREATE INDEX IF NOT EXISTS FOR (n:$TargetNodeLabel) ON (n.$TargetAttribute);')
+
+    # First ensure an index exists for the node_schema and all extra labels on the `id` and `lastupdated` fields
+    result = [
+        index_template.safe_substitute(
+            TargetNodeLabel=node_schema.label,
+            TargetAttribute='id',
+        ),
+        index_template.safe_substitute(
+            TargetNodeLabel=node_schema.label,
+            TargetAttribute='lastupdated',
+        ),
+    ]
+    if node_schema.extra_node_labels:
+        result.extend([
+            index_template.safe_substitute(
+                TargetNodeLabel=label,
+                TargetAttribute='id',  # Precondition: 'id' is defined on all cartography node_schema objects.
+            ) for label in node_schema.extra_node_labels.labels
+        ])
+
+    # Next, for all relationships possible out of this node, ensure that indexes exist for all target nodes' properties
+    # as specified in their TargetNodeMatchers.
+    rel_schemas = []
+    if node_schema.sub_resource_relationship:
+        rel_schemas.extend([node_schema.sub_resource_relationship])
+    if node_schema.other_relationships:
+        rel_schemas.extend(node_schema.other_relationships.rels)
+    for rs in rel_schemas:
+        for target_key in asdict(rs.target_node_matcher).keys():
+            result.append(
+                index_template.safe_substitute(TargetNodeLabel=rs.target_node_label, TargetAttribute=target_key),
+            )
+
+    # Now, include extra indexes defined by the module author on the node schema's property refs.
+    node_props_as_dict: Dict[str, PropertyRef] = asdict(node_schema.properties)
+    result.extend([
+        index_template.safe_substitute(
+            TargetNodeLabel=node_schema.label,
+            TargetAttribute=prop_name,
+        ) for prop_name, prop_ref in node_props_as_dict.items() if prop_ref.extra_index
+    ])
+    return result

cartography/graph/statement.py

@@ -4,6 +4,7 @@ import os
 from pathlib import Path
 from typing import Any
 from typing import Dict
+from typing import Optional
 from typing import Union
 
 import neo4j
@@ -40,8 +41,13 @@ class GraphStatement:
     """
 
     def __init__(
-        self, query: str, parameters: Dict = None, iterative: bool = False, iterationsize: int = 0,
-        parent_job_name: str = None, parent_job_sequence_num: int = None,
+            self,
+            query: str,
+            parameters: Optional[Dict[Any, Any]] = None,
+            iterative: bool = False,
+            iterationsize: int = 0,
+            parent_job_name: Optional[str] = None,
+            parent_job_sequence_num: Optional[int] = None,
     ):
         self.query = query
         self.parameters = parameters or {}
@@ -122,7 +128,12 @@ class GraphStatement:
             result.consume()
 
     @classmethod
-    def create_from_json(cls, json_obj: Dict, short_job_name: str = None, job_sequence_num: int = None):
+    def create_from_json(
+            cls,
+            json_obj: Dict[str, Any],
+            short_job_name: Optional[str] = None,
+            job_sequence_num: Optional[int] = None,
+    ):
         """
         Create a statement from a JSON blob.
         """

cartography/intel/aws/apigateway.py

@@ -171,7 +171,7 @@ def _load_apigateway_policies(
 def _set_default_values(neo4j_session: neo4j.Session, aws_account_id: str) -> None:
     set_defaults = """
     MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(restApi:APIGatewayRestAPI)
-    where NOT EXISTS(restApi.anonymous_actions)
+    where restApi.anonymous_actions IS NULL
     SET restApi.anonymous_access = false, restApi.anonymous_actions = []
     """
 

cartography/intel/aws/ecs.py

@@ -91,16 +91,16 @@ def get_ecs_services(cluster_arn: str, boto3_session: boto3.session.Session, reg
 
 @timeit
 @aws_handle_regions
-def get_ecs_task_definitions(boto3_session: boto3.session.Session, region: str) -> List[Dict[str, Any]]:
+def get_ecs_task_definitions(
+    boto3_session: boto3.session.Session,
+    region: str,
+    tasks: List[Dict[str, Any]],
+) -> List[Dict[str, Any]]:
     client = boto3_session.client('ecs', region_name=region)
-    paginator = client.get_paginator('list_task_definitions')
     task_definitions: List[Dict[str, Any]] = []
-    task_definition_arns: List[str] = []
-    for page in paginator.paginate():
-        task_definition_arns.extend(page.get('taskDefinitionArns', []))
-    for arn in task_definition_arns:
+    for task in tasks:
         task_definition = client.describe_task_definition(
-            taskDefinition=arn,
+            taskDefinition=task['taskDefinitionArn'],
         )
         task_definitions.append(task_definition['taskDefinition'])
     return task_definitions
@@ -294,7 +294,8 @@ def load_ecs_task_definitions(
     UNWIND $Definitions AS def
         MERGE (d:ECSTaskDefinition{id: def.taskDefinitionArn})
         ON CREATE SET d.firstseen = timestamp()
-        SET d.arn = def.taskDefinitionArn, d.region = $Region,
+        SET d.arn = def.taskDefinitionArn,
+            d.region = $Region,
             d.family = def.family,
             d.task_role_arn = def.taskRoleArn,
             d.execution_role_arn = def.executionRoleArn,
@@ -317,6 +318,11 @@ def load_ecs_task_definitions(
             d.ephemeral_storage_size_in_gib = def.ephemeralStorage.sizeInGiB,
             d.lastupdated = $aws_update_tag
         WITH d
+        MATCH (task:ECSTask{task_definition_arn: d.arn})
+        MERGE (task)-[r:HAS_TASK_DEFINITION]->(d)
+        ON CREATE SET r.firstseen = timestamp()
+        SET r.lastupdated = $aws_update_tag
+        WITH d
         MATCH (owner:AWSAccount{id: $AWS_ACCOUNT_ID})
         MERGE (owner)-[r:RESOURCE]->(d)
         ON CREATE SET r.firstseen = timestamp()
@@ -565,17 +571,6 @@ def sync(
                 current_aws_account_id,
                 update_tag,
             )
-            task_definitions = get_ecs_task_definitions(
-                boto3_session,
-                region,
-            )
-            load_ecs_task_definitions(
-                neo4j_session,
-                task_definitions,
-                region,
-                current_aws_account_id,
-                update_tag,
-            )
             services = get_ecs_services(
                 cluster_arn,
                 boto3_session,
@@ -602,4 +597,16 @@ def sync(
                 current_aws_account_id,
                 update_tag,
             )
+            task_definitions = get_ecs_task_definitions(
+                boto3_session,
+                region,
+                tasks,
+            )
+            load_ecs_task_definitions(
+                neo4j_session,
+                task_definitions,
+                region,
+                current_aws_account_id,
+                update_tag,
+            )
     cleanup_ecs(neo4j_session, common_job_parameters)

cartography/intel/aws/emr.py

@@ -1,5 +1,6 @@
 import logging
 import time
+from typing import Any
 from typing import Dict
 from typing import List
 
@@ -7,9 +8,8 @@ import boto3
 import botocore.exceptions
 import neo4j
 
-from cartography.client.core.tx import load_graph_data
+from cartography.client.core.tx import load
 from cartography.graph.job import GraphJob
-from cartography.graph.querybuilder import build_ingestion_query
 from cartography.intel.aws.ec2.util import get_botocore_config
 from cartography.models.aws.emr import EMRClusterSchema
 from cartography.util import aws_handle_regions
@@ -24,9 +24,9 @@ DESCRIBE_SLEEP = 1
 
 @timeit
 @aws_handle_regions
-def get_emr_clusters(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
+def get_emr_clusters(boto3_session: boto3.session.Session, region: str) -> List[Dict[str, Any]]:
     client = boto3_session.client('emr', region_name=region, config=get_botocore_config())
-    clusters: List[Dict] = []
+    clusters: List[Dict[str, Any]] = []
     paginator = client.get_paginator('list_clusters')
     for page in paginator.paginate():
         cluster = page['Clusters']
@@ -36,36 +36,31 @@ def get_emr_clusters(boto3_session: boto3.session.Session, region: str) -> List[
 
 
 @timeit
-def get_emr_describe_cluster(boto3_session: boto3.session.Session, region: str, cluster_id: str) -> Dict:
+def get_emr_describe_cluster(boto3_session: boto3.session.Session, region: str, cluster_id: str) -> Dict[str, Any]:
     client = boto3_session.client('emr', region_name=region, config=get_botocore_config())
-    cluster_details: Dict = {}
+    cluster_details: Dict[str, Any] = {}
     try:
         response = client.describe_cluster(ClusterId=cluster_id)
         cluster_details = response['Cluster']
     except botocore.exceptions.ClientError as e:
-        logger.warning(
-            "Could not run EMR describe_cluster due to boto3 error %s: %s. Skipping.",
-            e.response['Error']['Code'],
-            e.response['Error']['Message'],
-        )
+        code = e.response['Error']['Code']
+        msg = e.response['Error']['Message']
+        logger.warning(f"Could not run EMR describe_cluster due to boto3 error {code}: {msg}. Skipping.")
     return cluster_details
 
 
 @timeit
 def load_emr_clusters(
         neo4j_session: neo4j.Session,
-        cluster_data: List[Dict],
+        cluster_data: List[Dict[str, Any]],
         region: str,
         current_aws_account_id: str,
         aws_update_tag: int,
 ) -> None:
-    logger.info("Loading EMR %d clusters for region '%s' into graph.", len(cluster_data), region)
-
-    ingestion_query = build_ingestion_query(EMRClusterSchema())
-
-    load_graph_data(
+    logger.info(f"Loading EMR {len(cluster_data)} clusters for region '{region}' into graph.")
+    load(
         neo4j_session,
-        ingestion_query,
+        EMRClusterSchema(),
         cluster_data,
         lastupdated=aws_update_tag,
         Region=region,
@@ -74,7 +69,7 @@ def load_emr_clusters(
 
 
 @timeit
-def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
     logger.debug("Running EMR cleanup job.")
     cleanup_job = GraphJob.from_node_schema(EMRClusterSchema(), common_job_parameters)
     cleanup_job.run(neo4j_session)
@@ -83,14 +78,14 @@ def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
 @timeit
 def sync(
     neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    update_tag: int, common_job_parameters: Dict[str, Any],
 ) -> None:
     for region in regions:
-        logger.info("Syncing EMR for region '%s' in account '%s'.", region, current_aws_account_id)
+        logger.info(f"Syncing EMR for region '{region}' in account '{current_aws_account_id}'.")
 
         clusters = get_emr_clusters(boto3_session, region)
 
-        cluster_data: List[Dict] = []
+        cluster_data: List[Dict[str, Any]] = []
         for cluster in clusters:
             cluster_id = cluster['Id']
             cluster_details = get_emr_describe_cluster(boto3_session, region, cluster_id)

cartography/intel/aws/iam.py

@@ -309,11 +309,15 @@ def load_roles(
     neo4j_session: neo4j.Session, roles: List[Dict], current_aws_account_id: str, aws_update_tag: int,
 ) -> None:
     ingest_role = """
-    MERGE (rnode:AWSRole{arn: $Arn})
-    ON CREATE SET rnode:AWSPrincipal, rnode.roleid = $RoleId, rnode.firstseen = timestamp(),
-    rnode.createdate = $CreateDate
-    ON MATCH SET rnode.name = $RoleName, rnode.path = $Path
-    SET rnode.lastupdated = $aws_update_tag
+    MERGE (rnode:AWSPrincipal{arn: $Arn})
+    ON CREATE SET rnode.firstseen = timestamp()
+    SET
+        rnode:AWSRole,
+        rnode.roleid = $RoleId,
+        rnode.createdate = $CreateDate,
+        rnode.name = $RoleName,
+        rnode.path = $Path,
+        rnode.lastupdated = $aws_update_tag
     WITH rnode
     MATCH (aa:AWSAccount{id: $AWS_ACCOUNT_ID})
     MERGE (aa)-[r:RESOURCE]->(rnode)
@@ -540,11 +544,12 @@ def transform_policy_data(policy_map: Dict, policy_type: str) -> None:
     for principal_arn, policy_statement_map in policy_map.items():
         logger.debug(f"Transforming IAM {policy_type} policies for principal {principal_arn}")
         for policy_key, statements in policy_statement_map.items():
-            policy_id = transform_policy_id(principal_arn, policy_type, policy_key) \
-                if policy_type == PolicyType.inline.value else policy_key
-            statements = _transform_policy_statements(
-                statements, policy_id,
-            )
+            policy_id = transform_policy_id(
+                principal_arn,
+                policy_type,
+                policy_key,
+            ) if policy_type == PolicyType.inline.value else policy_key
+            policy_statement_map[policy_key] = _transform_policy_statements(statements, policy_id)
 
 
 def transform_policy_id(principal_arn: str, policy_type: str, name: str) -> str:

cartography/intel/aws/kms.py

@@ -189,7 +189,7 @@ def _load_kms_key_policies(neo4j_session: neo4j.Session, policies: List[Dict], u
 
 def _set_default_values(neo4j_session: neo4j.Session, aws_account_id: str) -> None:
     set_defaults = """
-    MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(kmskey:KMSKey) where NOT EXISTS(kmskey.anonymous_actions)
+    MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(kmskey:KMSKey) where kmskey.anonymous_actions IS NULL
     SET kmskey.anonymous_access = false, kmskey.anonymous_actions = []
     """
 

cartography/intel/aws/rds.py

@@ -284,7 +284,7 @@ def load_rds_snapshots(
 
     neo4j_session.run(
         ingest_rds_snapshot,
-        Snapshots=data,
+        Snapshots=snapshots,
         Region=region,
         AWS_ACCOUNT_ID=current_aws_account_id,
         aws_update_tag=aws_update_tag,

cartography/intel/aws/s3.py

@@ -345,7 +345,7 @@ def _load_s3_public_access_block(
     MATCH (s:S3Bucket) where s.name = public_access_block.bucket
     SET s.block_public_acls = public_access_block.block_public_acls,
         s.ignore_public_acls = public_access_block.ignore_public_acls,
-        s.block_public_acls = public_access_block.block_public_acls,
+        s.block_public_policy = public_access_block.block_public_policy,
         s.restrict_public_buckets = public_access_block.restrict_public_buckets,
         s.lastupdated = $UpdateTag
     """
@@ -359,7 +359,7 @@ def _load_s3_public_access_block(
 
 def _set_default_values(neo4j_session: neo4j.Session, aws_account_id: str) -> None:
     set_defaults = """
-    MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:S3Bucket) where NOT EXISTS(s.anonymous_actions)
+    MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:S3Bucket) where s.anonymous_actions IS NULL
     SET s.anonymous_access = false, s.anonymous_actions = []
     """
     neo4j_session.run(
@@ -368,7 +368,7 @@ def _set_default_values(neo4j_session: neo4j.Session, aws_account_id: str) -> No
     )
 
     set_encryption_defaults = """
-    MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:S3Bucket) where NOT EXISTS(s.default_encryption)
+    MATCH (:AWSAccount{id: $AWS_ID})-[:RESOURCE]->(s:S3Bucket) where s.default_encryption IS NULL
     SET s.default_encryption = false
     """
     neo4j_session.run(

cartography/intel/azure/util/credentials.py

@@ -19,8 +19,13 @@ AUTHORITY_HOST_URI = 'https://login.microsoftonline.com'
 class Credentials:
 
     def __init__(
-        self, arm_credentials: Any, aad_graph_credentials: Any, tenant_id: str = None, subscription_id: str = None,
-        context: adal.AuthenticationContext = None, current_user: str = None,
+            self,
+            arm_credentials: Any,
+            aad_graph_credentials: Any,
+            tenant_id: Optional[str] = None,
+            subscription_id: Optional[str] = None,
+            context: Optional[adal.AuthenticationContext] = None,
+            current_user: Optional[str] = None,
     ) -> None:
         self.arm_credentials = arm_credentials  # Azure Resource Manager API credentials
         self.aad_graph_credentials = aad_graph_credentials  # Azure AD Graph API credentials
@@ -129,7 +134,12 @@ class Authenticator:
 
             raise e
 
-    def authenticate_sp(self, tenant_id: str = None, client_id: str = None, client_secret: str = None) -> Credentials:
+    def authenticate_sp(
+            self,
+            tenant_id: Optional[str] = None,
+            client_id: Optional[str] = None,
+            client_secret: Optional[str] = None,
+    ) -> Credentials:
         """
         Implements authentication for the Azure provider
         """

cartography/intel/oci/iam.py

@@ -316,7 +316,7 @@ def sync_policies(
             "Syncing OCI policies for compartment '%s' in account '%s'.", compartment['ocid'], current_tenancy_id,
         )
         data = get_policy_list_data(iam, compartment["ocid"])
-        if(data["Policies"]):
+        if (data["Policies"]):
             load_policies(neo4j_session, data["Policies"], current_tenancy_id, oci_update_tag)
     run_cleanup_job('oci_import_policies_cleanup.json', neo4j_session, common_job_parameters)
 

cartography/models/aws/emr.py

@@ -12,7 +12,7 @@ from cartography.models.core.relationships import TargetNodeMatcher
 
 @dataclass(frozen=True)
 class EMRClusterNodeProperties(CartographyNodeProperties):
-    arn: PropertyRef = PropertyRef('ClusterArn')
+    arn: PropertyRef = PropertyRef('ClusterArn', extra_index=True)
     auto_terminate: PropertyRef = PropertyRef('AutoTerminate')
     autoscaling_role: PropertyRef = PropertyRef('AutoScalingRole')
     custom_ami_id: PropertyRef = PropertyRef('CustomAmiId')

cartography/models/core/common.py

@@ -8,16 +8,36 @@ class PropertyRef:
     (PropertyRef.set_in_kwargs=True).
     """
 
-    def __init__(self, name: str, set_in_kwargs=False):
+    def __init__(self, name: str, set_in_kwargs=False, extra_index=False, ignore_case=False):
         """
         :param name: The name of the property
         :param set_in_kwargs: Optional. If True, the property is not defined on the data dict, and we expect to find the
         property in the kwargs.
         If False, looks for the property in the data dict.
         Defaults to False.
+        :param extra_index: If True, make sure that we create an index for this property name.
+          Notes:
+          - extra_index is available for the case where you anticipate a property will be queried frequently.
+          - The `id` and `lastupdated` properties will always have indexes created for them automatically by
+            `ensure_indexes()`.
+          - All properties included in target node matchers will always have indexes created for them.
+            Defaults to False.
+        :param ignore_case: If True, performs a case-insensitive match when comparing the value of this property during
+        relationship creation. Defaults to False. This only has effect as part of a TargetNodeMatcher, and this is not
+        supported for the sub resource relationship.
+            Example on why you would set this to True:
+            GitHub usernames can have both uppercase and lowercase characters, but GitHub itself treats usernames as
+            case-insensitive. Suppose your company's internal personnel database stores GitHub usernames all as
+            lowercase. If you wanted to map your company's employees to their GitHub identities, you would need to
+            perform a case-insensitive match between your company's record of a user's GitHub username and your
+            cartography catalog of GitHubUser nodes. Therefore, you would need `ignore_case=True` in the PropertyRef
+            that points to the GitHubUser node's name field, otherwise if one of your employees' GitHub usernames
+            contains capital letters, you would not be able to map them properly to a GitHubUser node in your graph.
         """
         self.name = name
         self.set_in_kwargs = set_in_kwargs
+        self.extra_index = extra_index
+        self.ignore_case = ignore_case
 
     def _parameterize_name(self) -> str:
         return f"${self.name}"

{cartography-0.73.1.dist-info → cartography-0.75.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cartography
-Version: 0.73.1
+Version: 0.75.0
 Summary: Explore assets and their relationships across your technical infrastructure.
 Home-page: https://www.github.com/lyft/cartography
 Maintainer: Lyft

{cartography-0.73.1.dist-info → cartography-0.75.0.dist-info}/RECORD

@@ -10,27 +10,27 @@ cartography/client/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuF
 cartography/client/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/aws/iam.py,sha256=dYsGikc36DEsSeR2XVOVFFUDwuU9yWj_EVkpgVYCFgM,1293
 cartography/client/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/client/core/tx.py,sha256=skfsvpEO9UgLPUreuKnVh4jYmdMW8-ivf-dX0H3jruI,8815
+cartography/client/core/tx.py,sha256=4_kTBxrtlwsOM-e8Xtjf7wmmzwZ-DGRJL0rPFp0Xj0Q,10805
 cartography/data/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/data/indexes.cypher,sha256=lWqq3olY3vLNNucH3uZAVQsdvqluUkQjP7o1L-FxNBw,30369
+cartography/data/indexes.cypher,sha256=7whG4zv9GpDwqhf46w6NN3RrJgRiaVj9es_2sMOegrM,30253
 cartography/data/permission_relationships.yaml,sha256=RuKGGc_3ZUQ7ag0MssB8k_zaonCkVM5E8I_svBWTmGc,969
 cartography/data/jobs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/analysis/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/data/jobs/analysis/aws_ec2_asset_exposure.json,sha256=0QUmQOx3Zsde9drJpup3Tx_glYw5iwsRkbjIH2dGmuE,2734
+cartography/data/jobs/analysis/aws_ec2_asset_exposure.json,sha256=PRM7TJwO3gLkGtez-hg5v5avDkuAcF-bQQCK6stecLg,2726
 cartography/data/jobs/analysis/aws_ec2_iaminstance.json,sha256=98wfe8pjwS-iQIjUpM1rxuASdxk7BGl9ooigrwfpmvU,500
 cartography/data/jobs/analysis/aws_ec2_iaminstanceprofile.json,sha256=7M8k0p0SvSYVzCk358FnUQ865IX25TyumtHTXqZS-t8,526
-cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json,sha256=UTEIirvD7lljIcwC_QRIsbGG_Mlg9yg02yx66PCjHC8,1735
-cartography/data/jobs/analysis/aws_eks_asset_exposure.json,sha256=69jZjghVao-COLoiUaHdD0ClbIcLtt_4Xx90IdVsWP8,557
-cartography/data/jobs/analysis/aws_foreign_accounts.json,sha256=hMmvFH5PTt_j5IlgNT5pE6n8pEejFaySUtmeuSA2rkM,682
+cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json,sha256=_ZBczunZbx5NHAbfVc4v6vJsbyl1xaePLzj4cyxW-4A,1741
+cartography/data/jobs/analysis/aws_eks_asset_exposure.json,sha256=Z6z4YTNJJqUJl2JqONeAYAvfH_2A9qEBxkFn-aou8D8,561
+cartography/data/jobs/analysis/aws_foreign_accounts.json,sha256=b8Li_KQLwIvNXxWt0F1bVTV1Vg9dxsbr7ZE8LH2-woc,686
 cartography/data/jobs/analysis/aws_lambda_ecr.json,sha256=wM10Gn0HoNP-sOj3S_Sjqh4mLsh-f2QkonkFuOohs_U,641
 cartography/data/jobs/analysis/aws_s3acl_analysis.json,sha256=EDf1VhDoP7khhGf1QTI9GIsp08foyPL4wE9mB9JQDH4,2493
-cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json,sha256=cGN8eiID7NcyT0u96h_HKJxJBkIHMoqg5KFH9iG8uio,4671
-cartography/data/jobs/analysis/gcp_gke_asset_exposure.json,sha256=j7yPfLC74jQNZl73V2z3P-sWO2nj2gRJhE5yx7pH_qg,639
-cartography/data/jobs/analysis/gcp_gke_basic_auth.json,sha256=31gtyp5Yqgcfg16g6PndL5anOOS_oMX-L2e4vQYqbRY,669
+cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json,sha256=lIurpVOAHZ3u_pfpRhcC5zprxXKqOWG4miGIkMeCfcE,4695
+cartography/data/jobs/analysis/gcp_gke_asset_exposure.json,sha256=7SJc9TeeIWFMDmHOWgmjgaIzjmCClLjJTPS4bGlaEF0,643
+cartography/data/jobs/analysis/gcp_gke_basic_auth.json,sha256=qLkrw1eZvV9ETtkIQN3v9hXnYN3ujAMyfIpqUj5YGo8,681
 cartography/data/jobs/analysis/gsuite_human_link.json,sha256=ArWA51fNIeeXwYiroJbKnuqN8y-TLrndOq0ZdC9q5os,541
 cartography/data/jobs/cleanup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/cleanup/aws_account_cleanup.json,sha256=DEB4h6Z4NSpYaLXECPhNk8HHbT0XNlqUA01pXIskBxc,473
-cartography/data/jobs/cleanup/aws_apigateway_details.json,sha256=QuE7M0jsrysQ1bi6Bef0Q92aR9AGSfJq_Uw7aAHtbck,319
+cartography/data/jobs/cleanup/aws_apigateway_details.json,sha256=rh7cMTebjyUoEu_s7nKl3m-GLQ3gXgw0s3kMJfWKjro,323
 cartography/data/jobs/cleanup/aws_dns_cleanup.json,sha256=H5uMZV4tN6HcjTYwh2I1dENzNGqu2D2Rs2q-5CK5e0Y,3498
 cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json,sha256=dZBpz_yY1M_XpEueAjFq14rf2HMu0paUibsaXrWlF3w,305
 cartography/data/jobs/cleanup/aws_import_apigateway_cleanup.json,sha256=wCV95ydo3dmlhK7VrDrxCqrP6dbhCCMTzcz_qaJQ4Jo,2189
@@ -81,9 +81,9 @@ cartography/data/jobs/cleanup/aws_ingest_load_balancers_cleanup.json,sha256=1vid
 cartography/data/jobs/cleanup/aws_ingest_load_balancers_v2_cleanup.json,sha256=kIMc5YTkWDOLdHCOAHPb7Q8Oz9pP6GzGO9gjBo0ZhR0,1596
 cartography/data/jobs/cleanup/aws_ingest_network_interfaces_cleanup.json,sha256=Qkx0VhiEwUqc_6Jq6U5ov7VEPximGy1y3MxsZZjIoog,2241
 cartography/data/jobs/cleanup/aws_ingest_subnets_cleanup.json,sha256=HtTXrA50PzBJ6LFnKZkO4hnnKxKqF6xUwqUrtFrp29Y,527
-cartography/data/jobs/cleanup/aws_kms_details.json,sha256=J0NNFA7WBhDDRnDetHl6DVUtr4VoGdcyspTBCjVtpAw,315
+cartography/data/jobs/cleanup/aws_kms_details.json,sha256=awluz0DhiAcdABiTYL9M8EUQz2FAuXVpu8lICRpTEnU,319
 cartography/data/jobs/cleanup/aws_post_ingestion_principals_cleanup.json,sha256=h3A6jNk7DGLFq6ob06-V9qzuYN-CltyHq_r2Gj8DqCI,266
-cartography/data/jobs/cleanup/aws_s3_details.json,sha256=LmiIH2KfLNIG6opFmEp88ebXqrW_3Mop4xMrIPqsiIc,312
+cartography/data/jobs/cleanup/aws_s3_details.json,sha256=-GEnBicRjLBNEDS2k2MzE2PUFbQ5WmxXUbYeVTvlJzQ,316
 cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json,sha256=_WIFvR-OGvG2q163NKsNXPqbDATz7rv7FLUTlWtnvK4,1358
 cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json,sha256=meF4119r0TzUwiU0ecygJRc2ZikSFJ9SSCKiayEXRCU,662
 cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json,sha256=7PLCkq5HWvQ43ct3dZ0biUaOu7NcYPAMP5WAFpyhSlw,1354
@@ -141,37 +141,37 @@ cartography/driftdetect/shortcut.py,sha256=0AvX9vZGNRWeLiRqxU7eOOo77gcfufHx4IHZv
 cartography/driftdetect/storage.py,sha256=6ziscwJh34_1ylrSAK6B-U6o09xDhIa7Yb-V1kisveQ,1549
 cartography/driftdetect/util.py,sha256=Lqxv8QoFn3_3Fz18qCOjkjJ6yBwgrHjrxXmArBAEdkc,929
 cartography/graph/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/graph/cleanupbuilder.py,sha256=jmnA5XfbGtW_knzVly5mLOLLfbfCnY-xCSBV7BAcM1o,8954
+cartography/graph/cleanupbuilder.py,sha256=Kj6vNQYGlwrNuz2bExgtZzeXMBLoasHNTgqrRiALPgM,7760
 cartography/graph/context.py,sha256=RGxGb8EnxowcqjR0nFF86baNhgRHeUF9wjIoFUoG8LU,1230
-cartography/graph/job.py,sha256=NzYvl04E8piozVhe_WMucG2FH6mQ6vdoCdilDcoVVlU,7445
-cartography/graph/querybuilder.py,sha256=LcQa1yE8d_AIvGeWFjl9nmYLlQ1ZDMZG_TOUfskJ3DM,16744
-cartography/graph/statement.py,sha256=cgPOAkuWjJvkWnwr0YwvzMiJwvbcPNpkWWmrdJlm61I,5124
+cartography/graph/job.py,sha256=VBKc0VLbDz1zm5jslF49nbPbQS7DkdQwfPG7rdLSc1w,7288
+cartography/graph/querybuilder.py,sha256=MMXzUEg4td-YmHMNM97KAqDZ6-1wNClO2jmJoG47BTY,20108
+cartography/graph/statement.py,sha256=VsqG46ty_Mm87fr8YdIwfr6a82OUXU7yZe6S-Py9hZg,5345
 cartography/intel/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/intel/analysis.py,sha256=gHtN42NqqLL1G5MOm2Q6rMyg-V5lU_wqbnKp5hbOOao,1499
 cartography/intel/create_indexes.py,sha256=HM2jB2v3NZvGqgVDtNoBQRVpkei_JXcYXqM14w8Rjss,741
 cartography/intel/dns.py,sha256=M-WSiGQoxWZsl0sg-2SDR8OD8e1Rexkt2Tbb2OpeioA,5596
 cartography/intel/aws/__init__.py,sha256=q98Jaw0nNI6QKUcp36ZuMs9C-ISlfo8OoPYTVoRf9eY,10295
-cartography/intel/aws/apigateway.py,sha256=4PzbIxICwaRq5-J4WBVXAYGSABjkAB_2EJDzJogYN2c,12768
+cartography/intel/aws/apigateway.py,sha256=se0plc9ZnkGQAEtlfqgrJGTa2JeWljvwC3E3JFM7YbI,12764
 cartography/intel/aws/config.py,sha256=wrZbz7bc8vImLmRvTLkPcWnjjPzk3tOG4bB_BFS2lq8,7329
 cartography/intel/aws/dynamodb.py,sha256=OrFHKNrYDJzyMjkgFW4K4suy01OCP9E3Yqu_rnlsYXw,5106
 cartography/intel/aws/ecr.py,sha256=xTYnefMyt4_dr903rBPvknVoH4S7NTrNe0WWEJHfEuo,5988
-cartography/intel/aws/ecs.py,sha256=cnXSnC73J0LPBzHDe17nnxE_8Cw-gtatRFuk662xzPQ,23566
+cartography/intel/aws/ecs.py,sha256=gulrIZ--iEFLpkkPH58MJIkctsxWeWdO2ofM9amDNZA,23654
 cartography/intel/aws/eks.py,sha256=6ey28ifnPvGMReVvFczBWBwBBSyrUWpuBiv8-NahNwY,4118
 cartography/intel/aws/elasticache.py,sha256=fCI47aDFmIDyE26GiReKYb6XIZUwrzcvsXBQ4ruFhuI,4427
 cartography/intel/aws/elasticsearch.py,sha256=ZL7MkXF_bXRSoXuDSI1dwGckRLG2zDB8LuAD07vSLnE,8374
-cartography/intel/aws/emr.py,sha256=Iqm1U7iEHAK8vB25i0631YqYRKZxfV-UUQh8_Cnaxh8,3437
-cartography/intel/aws/iam.py,sha256=chLz5upvM7r6f2-bK2TtHIbBLCqAQ3oNNApHIkVrrYk,31361
+cartography/intel/aws/emr.py,sha256=xhWBVZngxJRFjMEDxwq3G6SgytRGLq0v2a_CeDvByR0,3372
+cartography/intel/aws/iam.py,sha256=GhiRzsw0S87fdLDMVPdnhuFNArQW6C22VJM4DP5_wCw,31425
 cartography/intel/aws/inspector.py,sha256=mL57NQrpOMF0pvbqtxGIn_NG6-yM5D0opoXoxyhMR1Y,12491
-cartography/intel/aws/kms.py,sha256=bvwuUQBi-dFZqlRsyVdc4ov7-YD7c806xfe0MyUHCF8,11735
+cartography/intel/aws/kms.py,sha256=bZUzMxAH_DsAcGTJBs08gg2tLKYu-QWjvMvV9C-6v50,11731
 cartography/intel/aws/lambda_function.py,sha256=KKTyn53xpaMI9WvIqxmsOASFwflHt-2_5ow-zUFc2wg,9890
 cartography/intel/aws/organizations.py,sha256=HaQZ3J5XF15BuykuDypqFORDYpnoHuRRr4DuceewH4s,4485
 cartography/intel/aws/permission_relationships.py,sha256=PhOnag0a1gZHtUg82546MKhj-8IcGJ7wLbvPASUBXlg,14792
-cartography/intel/aws/rds.py,sha256=k8ccugX7LVx8BH37xWlsLOtiVqJtmHWeJu9eBfk2QYs,25247
+cartography/intel/aws/rds.py,sha256=vnlNYmrO2Cc0PNn31CeG2QwYhwjVosbQFE9Ol1vQyLE,25252
 cartography/intel/aws/redshift.py,sha256=KOqiXIllHmtPTeaNGl-cX4srY5pFE6o12j8MQ5-zWpc,6694
 cartography/intel/aws/resourcegroupstaggingapi.py,sha256=aq4kPF6t8QZZoTxdkQVLXH65Di41CDJVM9llJNe6iaY,10278
 cartography/intel/aws/resources.py,sha256=exmPQXk9V75ubwgzL7sksVI9mKIdfEbNSSXGW206fvg,3181
 cartography/intel/aws/route53.py,sha256=IYqeQud1HuHnf11A7T-Jeif5DWgjpaaU-Jfr2cLUc_o,14099
-cartography/intel/aws/s3.py,sha256=gib7MgqzYMgWNbPlUvMAv1wjzB6qF45V96lCnMaOArY,26385
+cartography/intel/aws/s3.py,sha256=6hBtQKrclOpEmKQx0fYQHfjCjssLz2qZQbfB-tpHPeI,26381
 cartography/intel/aws/secretsmanager.py,sha256=zhgQS-Js8Co_9UIothN-uKQvg8oqLE3kdgoQRvDDUVM,3272
 cartography/intel/aws/securityhub.py,sha256=8FF7vW0ykdqn07xGExtsOLxYTyCTTbDiRuA1pxiRNlM,2266
 cartography/intel/aws/sqs.py,sha256=cosScBKxAm_6GsM9zzg4U12KvAjXUzxpJ1zGv0lsVZI,6199
@@ -206,7 +206,7 @@ cartography/intel/azure/storage.py,sha256=56QyHafWTNproCOjITyAaWsmsqKhyFwJQlVEfw
 cartography/intel/azure/subscription.py,sha256=aEyCYYWD4tFG5hBu_na7B4bohzlgiRr2aQ2B1YJ5bWw,3409
 cartography/intel/azure/tenant.py,sha256=7Tz85e2isPRsq5krScQLdh_dYubM_pzOtj_sRx-nyDE,1454
 cartography/intel/azure/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/intel/azure/util/credentials.py,sha256=aDoS-VJDjBC7X-IPhS7BYHAD4jL57A3FfaV7LKUiK2I,7223
+cartography/intel/azure/util/credentials.py,sha256=99PjTs0vZ2iu0tHD7TohN1VJYjuXYstfMg27F4CE0xU,7416
 cartography/intel/crowdstrike/__init__.py,sha256=dAtgI-0vZAQZ3cTFQhMEzzt7aqiNSNuiIYiw0qbut-I,1896
 cartography/intel/crowdstrike/endpoints.py,sha256=o45309ZDNdlYdG0YicIiBain-nkr3bQahBaRx3N9Mow,3738
 cartography/intel/crowdstrike/spotlight.py,sha256=yNhj44-RYF6ubck-hHMKhKiNU0fCfhQf4Oagopc31EM,4754
@@ -241,7 +241,7 @@ cartography/intel/kubernetes/secrets.py,sha256=oaX90O4SFfrqObEzNaXCREiz98I5Y7tMG
 cartography/intel/kubernetes/services.py,sha256=kzx8QoB_p5q6syAl7SZscGxubYEdWDdmWu5-ZZUg7YM,3516
 cartography/intel/kubernetes/util.py,sha256=pal5MyGrPjShqml_wdEIM8h7M2hMacVM5FA39wg2Dvs,1512
 cartography/intel/oci/__init__.py,sha256=AZmRX6EO4LUnynDtIKHxtZ_Ab2-CYPPc2u5d0Q2S3S4,7926
-cartography/intel/oci/iam.py,sha256=tR-fp8_QwcikhIQoPC3SgUY6bXvi-GqdheAF2OHR6NY,17711
+cartography/intel/oci/iam.py,sha256=zPrJeoMoO3ZkjBfWbTttjrcUvxxMuWquLTmsDH5MgOI,17712
 cartography/intel/oci/organizations.py,sha256=tzQkZfE4LPoS-6lXBRQGyhq8aJLZUJ1_q75Q9eTBke0,4086
 cartography/intel/oci/utils.py,sha256=UbX9jib4sWEdKeAt2CeCo4k9shUiWY08oTfQz_nDvjA,3223
 cartography/intel/okta/__init__.py,sha256=HYw9wlE27dHJ2fwSlHgbJyHcxhdFzbYWBcZdQ6bqfIo,3813
@@ -264,15 +264,15 @@ cartography/intel/pagerduty/users.py,sha256=oltGssxrnzYsV6QTGP1SsPoA1rCUDStj6vGl
 cartography/intel/pagerduty/vendors.py,sha256=WlDHExrWRBegDQKtxBV5nJiYgwoTLxNee4HrQDJ-Pdg,1559
 cartography/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/models/aws/emr.py,sha256=gr9ddEv4P4pRdceYNZTPX5h3864wD_MTvohOxW9_TrU,3019
+cartography/models/aws/emr.py,sha256=TkuwoZnw_VHbJ5bwkac7-ZfwSLe_TeK3gxkuwGQOUk4,3037
 cartography/models/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/models/core/common.py,sha256=7oWLQrGF-AFiWcfb6zUx5QhAIFmj0iq6TzKzDDAqWE0,1819
+cartography/models/core/common.py,sha256=twXdP5gprpmDJYpBmSYL5GWaWDu1Xn-0EVzFsRJ42QQ,3583
 cartography/models/core/nodes.py,sha256=h5dwBOk_a2uCHZWeQz3pidr7gkqMKf7buIZgl6M1Ox4,3699
 cartography/models/core/relationships.py,sha256=6AwXvk0dq48BxqyxBpHyBXZ3dJNm65t1y4vNg4n25uA,5103
-cartography-0.73.1.dist-info/LICENSE,sha256=489ZXeW9G90up6ep-D1n-lJgk9ciNT2yxXpFgRSidtk,11341
-cartography-0.73.1.dist-info/METADATA,sha256=prRlYzJYE12EgcRKE0l95TqF-3giTx0mMaZqgGM2xoY,1988
-cartography-0.73.1.dist-info/NOTICE,sha256=YOGAsjFtbyKj5tslYIg6V5jEYRuEvnSsIuDOUKj0Qj4,97
-cartography-0.73.1.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92
-cartography-0.73.1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.73.1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.73.1.dist-info/RECORD,,
+cartography-0.75.0.dist-info/LICENSE,sha256=489ZXeW9G90up6ep-D1n-lJgk9ciNT2yxXpFgRSidtk,11341
+cartography-0.75.0.dist-info/METADATA,sha256=Wpv0TT2-zbALE2LE5ds3jjWo9rFs65VrfckhnWMHC9s,1988
+cartography-0.75.0.dist-info/NOTICE,sha256=YOGAsjFtbyKj5tslYIg6V5jEYRuEvnSsIuDOUKj0Qj4,97
+cartography-0.75.0.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+cartography-0.75.0.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.75.0.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.75.0.dist-info/RECORD,,

{cartography-0.73.1.dist-info → cartography-0.75.0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.38.4)
+Generator: bdist_wheel (0.40.0)
 Root-Is-Purelib: true
 Tag: py3-none-any