PyPI - cartography - Versions diffs - 0.90.0rc2__py3-none-any.whl → 0.92.0rc1__py3-none-any.whl - Mend

cartography 0.90.0rc2py3-none-any.whl → 0.92.0rc1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

cartography/cli.py +44 -0
cartography/config.py +12 -0
cartography/intel/aws/ec2/images.py +9 -9
cartography/intel/aws/ec2/snapshots.py +4 -2
cartography/intel/github/teams.py +6 -3
cartography/intel/github/util.py +26 -8
cartography/intel/kandji/__init__.py +39 -0
cartography/intel/kandji/devices.py +84 -0
cartography/intel/okta/__init__.py +1 -1
cartography/intel/okta/awssaml.py +117 -9
cartography/models/kandji/__init__.py +0 -0
cartography/models/kandji/device.py +48 -0
cartography/models/kandji/tenant.py +17 -0
cartography/sync.py +2 -0
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/METADATA +1 -1
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/RECORD +21 -16
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/WHEEL +1 -1
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/LICENSE +0 -0
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/NOTICE +0 -0
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/entry_points.txt +0 -0
{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/top_level.txt +0 -0

cartography/cli.py CHANGED Viewed

@@ -325,6 +325,30 @@ class CLI:
             default=None,
             help='The name of an environment variable containing a password with which to authenticate to Jamf.',
         )
+        parser.add_argument(
+            '--kandji-base-uri',
+            type=str,
+            default=None,
+            help=(
+                'Your Kandji base URI, e.g. https://company.api.kandji.io.'
+                'Required if you are using the Kandji intel module. Ignored otherwise.'
+            ),
+        )
+        parser.add_argument(
+            '--kandji-tenant-id',
+            type=str,
+            default=None,
+            help=(
+                'Your Kandji tenant id e.g. company.'
+                'Required using the Kandji intel module. Ignored otherwise.'
+            ),
+        )
+        parser.add_argument(
+            '--kandji-token-env-var',
+            type=str,
+            default=None,
+            help='The name of an environment variable containing token with which to authenticate to Kandji.',
+        )
         parser.add_argument(
             '--k8s-kubeconfig',
             default=None,
@@ -620,6 +644,26 @@ class CLI:
             config.jamf_user = None
             config.jamf_password = None
+        # Kandji config
+        if config.kandji_base_uri:
+            if config.kandji_token_env_var:
+                logger.debug(
+                    "Reading Kandji API token from environment variable '%s'.",
+                    config.kandji_token_env_var,
+                )
+                config.kandji_token = os.environ.get(config.kandji_token_env_var)
+            elif os.environ.get('KANDJI_TOKEN'):
+                logger.debug(
+                    "Reading Kandji API token from environment variable 'KANDJI_TOKEN'.",
+                )
+                config.kandji_token = os.environ.get('KANDJI_TOKEN')
+            else:
+                logger.warning("A Kandji base URI was provided but a token was not.")
+                config.kandji_token = None
+        else:
+            logger.warning("A Kandji base URI was not provided.")
+            config.kandji_base_uri = None
         if config.statsd_enabled:
             logger.debug(
                 f'statsd enabled. Sending metrics to server {config.statsd_host}:{config.statsd_port}. '

cartography/config.py CHANGED Viewed

@@ -69,6 +69,12 @@ class Config:
     :param jamf_user: User name used to authenticate to the Jamf data provider. Optional.
     :type jamf_password: string
     :param jamf_password: Password used to authenticate to the Jamf data provider. Optional.
+    :type kandji_base_uri: string
+    :param kandji_base_uri: Kandji data provider base URI, e.g. https://company.api.kandji.io. Optional.
+    :type kandji_tenant_id: string
+    :param kandji_tenant_id: Kandji tenant id. e.g. company Optional.
+    :type kandji_token: string
+    :param kandji_token: Token used to authenticate to the Kandji data provider. Optional.
     :type statsd_enabled: bool
     :param statsd_enabled: Whether to collect statsd metrics such as sync execution times. Optional.
     :type statsd_host: str
@@ -137,6 +143,9 @@ class Config:
         jamf_base_uri=None,
         jamf_user=None,
         jamf_password=None,
+        kandji_base_uri=None,
+        kandji_tenant_id=None,
+        kandji_token=None,
         k8s_kubeconfig=None,
         statsd_enabled=False,
         statsd_prefix=None,
@@ -190,6 +199,9 @@ class Config:
         self.jamf_base_uri = jamf_base_uri
         self.jamf_user = jamf_user
         self.jamf_password = jamf_password
+        self.kandji_base_uri = kandji_base_uri
+        self.kandji_tenant_id = kandji_tenant_id
+        self.kandji_token = kandji_token
         self.k8s_kubeconfig = k8s_kubeconfig
         self.statsd_enabled = statsd_enabled
         self.statsd_prefix = statsd_prefix

cartography/intel/aws/ec2/images.py CHANGED Viewed

@@ -19,23 +19,23 @@ logger = logging.getLogger(__name__)
 @timeit
 def get_images_in_use(neo4j_session: neo4j.Session, region: str, current_aws_account_id: str) -> List[str]:
-    # We use OPTIONAL here to allow query chaining with queries that may not match.
     get_images_query = """
-    OPTIONAL MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(i:EC2Instance)
+    MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(i:EC2Instance)
     WHERE i.region = $Region
-    WITH collect(DISTINCT i.imageid) AS images
-    OPTIONAL MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(lc:LaunchConfiguration)
+    RETURN DISTINCT(i.imageid) as image
+    UNION
+    MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(lc:LaunchConfiguration)
     WHERE lc.region = $Region
-    WITH collect(DISTINCT lc.image_id)+images AS images
-    OPTIONAL MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(ltv:LaunchTemplateVersion)
+    RETURN DISTINCT(lc.image_id) as image
+    UNION
+    MATCH (:AWSAccount{id: $AWS_ACCOUNT_ID})-[:RESOURCE]->(ltv:LaunchTemplateVersion)
     WHERE ltv.region = $Region
-    WITH collect(DISTINCT ltv.image_id)+images AS images
-    RETURN images
+    RETURN DISTINCT(ltv.image_id) as image
     """
     results = neo4j_session.run(get_images_query, AWS_ACCOUNT_ID=current_aws_account_id, Region=region)
     images = []
     for r in results:
-        images.extend(r['images'])
+        images.append(r['image'])
     return images

cartography/intel/aws/ec2/snapshots.py CHANGED Viewed

@@ -42,8 +42,10 @@ def get_snapshots(boto3_session: boto3.session.Session, region: str, in_use_snap
                 snapshots.extend(page['Snapshots'])
         except ClientError as e:
             if e.response['Error']['Code'] == 'InvalidSnapshot.NotFound':
-                logger.warning(f"Failed to retrieve page of in-use, \
-                    not owned snapshots. Continuing anyway. Error - {e}")
+                logger.warning(
+                    f"Failed to retrieve page of in-use, \
+                    not owned snapshots. Continuing anyway. Error - {e}",
+                )
             else:
                 raise

cartography/intel/github/teams.py CHANGED Viewed

@@ -57,10 +57,13 @@ def _get_team_repos_for_multiple_teams(
         team_repos = _get_team_repos(org, api_url, token, team_name) if repo_count > 0 else None
-        # Shape = [(repo_url, 'WRITE'), ...]]
-        repo_urls = [t['url'] for t in team_repos.nodes] if team_repos else []
-        repo_permissions = [t['permission'] for t in team_repos.edges] if team_repos else []
+        repo_urls = []
+        repo_permissions = []
+        if team_repos:
+            repo_urls = [t['url'] for t in team_repos.nodes] if team_repos.nodes else []
+            repo_permissions = [t['permission'] for t in team_repos.edges] if team_repos.edges else []
+        # Shape = [(repo_url, 'WRITE'), ...]]
         result[team_name] = list(zip(repo_urls, repo_permissions))
     return result

cartography/intel/github/util.py CHANGED Viewed

@@ -81,12 +81,12 @@ def call_github_api(query: str, variables: str, token: str, api_url: str) -> Dic
 def fetch_page(
-        token: str,
-        api_url: str,
-        organization: str,
-        query: str,
-        cursor: Optional[str] = None,
-        **kwargs: Any,
+    token: str,
+    api_url: str,
+    organization: str,
+    query: str,
+    cursor: Optional[str] = None,
+    **kwargs: Any,
 ) -> Dict[str, Any]:
     """
     Return a single page of max size 100 elements from the Github api_url using the given `query` and `cursor` params.
@@ -139,6 +139,7 @@ def fetch_all(
     """
     cursor = None
     has_next_page = True
+    org_data: Dict[str, Any] = {}
     data: PaginatedGraphqlData = PaginatedGraphqlData(nodes=[], edges=[])
     retry = 0
@@ -170,6 +171,15 @@ def fetch_all(
             time.sleep(2 ** retry)
             continue
+        if 'data' not in resp:
+            logger.warning(
+                f'Got no "data" attribute in response: {resp}. '
+                f'Stopping requests for organization: {organization} and '
+                f'resource_type: {resource_type}',
+            )
+            has_next_page = False
+            continue
         resource = resp['data']['organization'][resource_type]
         if resource_inner_type:
             resource = resp['data']['organization'][resource_type][resource_inner_type]
@@ -180,6 +190,14 @@ def fetch_all(
         cursor = resource['pageInfo']['endCursor']
         has_next_page = resource['pageInfo']['hasNextPage']
-    org_data = {'url': resp['data']['organization']['url'], 'login': resp['data']['organization']['login']}
+        if not org_data:
+            org_data = {
+                'url': resp['data']['organization']['url'],
+                'login': resp['data']['organization']['login'],
+            }
+    if not org_data:
+        raise ValueError(
+            f"Didn't get any organization data for organization: {organization} and resource_type: {resource_type}",
+        )
     return data, org_data

cartography/intel/kandji/__init__.py ADDED Viewed

@@ -0,0 +1,39 @@
+import logging
+import neo4j
+import cartography.intel.kandji.devices
+from cartography.config import Config
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def start_kandji_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
+    """
+    If this module is configured, perform ingestion of Kandji devices. Otherwise warn and exit
+    :param neo4j_session: Neo4J session for database interface
+    :param config: A cartography.config object
+    :return: None
+    """
+    if config.kandji_base_uri is None or config.kandji_token is None or config.kandji_tenant_id is None:
+        logger.warning(
+            'Required parameter(s) missing. Skipping sync.',
+            'See docs to configure.',
+        )
+        return
+    common_job_parameters = {
+        "UPDATE_TAG": config.update_tag,
+        "TENANT_ID": config.kandji_tenant_id,
+    }
+    cartography.intel.kandji.devices.sync(
+        neo4j_session,
+        config.kandji_base_uri,
+        config.kandji_token,
+        common_job_parameters=common_job_parameters,
+    )

cartography/intel/kandji/devices.py ADDED Viewed

@@ -0,0 +1,84 @@
+import logging
+from typing import Any
+from typing import Dict
+from typing import List
+import neo4j
+from requests import Session
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.models.kandji.device import KandjiDeviceSchema
+from cartography.models.kandji.tenant import KandjiTenantSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+_TIMEOUT = (60, 60)
+@timeit
+def get(kandji_base_uri: str, kandji_token: str) -> List[Dict[str, Any]]:
+    api_endpoint = f"{kandji_base_uri}/api/v1/devices"
+    headers = {
+        'Accept': 'application/json',
+        'Authorization': f'Bearer {kandji_token}',
+    }
+    session = Session()
+    req = session.get(api_endpoint, headers=headers, timeout=_TIMEOUT)
+    req.raise_for_status()
+    return req.json()
+@timeit
+def transform(api_result: List[Dict[str, Any]]) -> List[Dict[str, Any]]:
+    result: List[Dict[str, Any]] = []
+    for device in api_result:
+        n_device = device
+        n_device['id'] = device['device_id']
+        result.append(n_device)
+    return result
+@timeit
+def load_devices(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: Dict[str, Any],
+    data: List[Dict[str, Any]],
+) -> None:
+    tenant_id = common_job_parameters["TENANT_ID"]
+    update_tag = common_job_parameters["UPDATE_TAG"]
+    load(
+        neo4j_session,
+        KandjiTenantSchema(),
+        [{'id': tenant_id}],
+        lastupdated=update_tag,
+    )
+    load(
+        neo4j_session,
+        KandjiDeviceSchema(),
+        data,
+        lastupdated=update_tag,
+        TENANT_ID=tenant_id,
+    )
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
+    GraphJob.from_node_schema(KandjiDeviceSchema(), common_job_parameters).run(neo4j_session)
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    kandji_base_uri: str,
+    kandji_token: str,
+    common_job_parameters: Dict[str, Any],
+) -> None:
+    devices = get(kandji_base_uri=kandji_base_uri, kandji_token=kandji_token)
+    formatted_devices = transform(devices)
+    load_devices(neo4j_session, common_job_parameters, formatted_devices)
+    cleanup(neo4j_session, common_job_parameters)

cartography/intel/okta/__init__.py CHANGED Viewed

@@ -68,7 +68,7 @@ def start_okta_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
     applications.sync_okta_applications(neo4j_session, config.okta_org_id, config.update_tag, config.okta_api_key)
     factors.sync_users_factors(neo4j_session, config.okta_org_id, config.update_tag, config.okta_api_key, state)
     origins.sync_trusted_origins(neo4j_session, config.okta_org_id, config.update_tag, config.okta_api_key)
-    awssaml.sync_okta_aws_saml(neo4j_session, config.okta_saml_role_regex, config.update_tag)
+    awssaml.sync_okta_aws_saml(neo4j_session, config.okta_saml_role_regex, config.update_tag, config.okta_org_id)
     # need creds with permission
     # soft fail as some won't be able to get such high priv token

cartography/intel/okta/awssaml.py CHANGED Viewed

@@ -1,15 +1,22 @@
 # Okta intel module - AWS SAML
 import logging
 import re
+from collections import namedtuple
 from typing import Dict
 from typing import List
 from typing import Optional
 import neo4j
+from cartography.client.core.tx import read_list_of_dicts_tx
+from cartography.client.core.tx import read_single_value_tx
 from cartography.util import timeit
+AccountRole = namedtuple('AccountRole', ['account_id', 'role_name'])
+OktaGroup = namedtuple('OktaGroup', ['group_id', 'group_name'])
+GroupRole = namedtuple('GroupRole', ['okta_group_id', 'aws_role_arn'])
 logger = logging.getLogger(__name__)
@@ -17,17 +24,25 @@ def _parse_regex(regex_string: str) -> str:
     return regex_string.replace("{{accountid}}", "P<accountid>").replace("{{role}}", "P<role>").strip()
-@timeit
-def transform_okta_group_to_aws_role(group_id: str, group_name: str, mapping_regex: str) -> Optional[Dict]:
+def _parse_okta_group_name(okta_group_name: str, mapping_regex: str) -> AccountRole | None:
+    """
+    Extract AWS account id and AWS role name from the given Okta group name using the given mapping regex.
+    """
     regex = _parse_regex(mapping_regex)
-    matches = re.search(regex, group_name)
+    matches = re.search(regex, okta_group_name)
     if matches:
-        accountid = matches.group("accountid")
-        role = matches.group("role")
-        role_arn = f"arn:aws:iam::{accountid}:role/{role}"
+        account_id = matches.group("accountid")
+        role_name = matches.group("role")
+        return AccountRole(account_id, role_name)
+    return None
+def transform_okta_group_to_aws_role(group_id: str, group_name: str, mapping_regex: str) -> Optional[Dict]:
+    account_role = _parse_okta_group_name(group_name, mapping_regex)
+    if account_role:
+        role_arn = f"arn:aws:iam::{account_role.account_id}:role/{account_role.role_name}"
         return {"groupid": group_id, "role": role_arn}
-    else:
-        return None
+    return None
 @timeit
@@ -45,6 +60,7 @@ def query_for_okta_to_aws_role_mapping(neo4j_session: neo4j.Session, mapping_reg
     for res in results:
         has_results = True
+        # input: okta group id, okta group name. output: aws role arn.
         mapping = transform_okta_group_to_aws_role(res["group.id"], res["group.name"], mapping_regex)
         if mapping:
             group_to_role_mapping.append(mapping)
@@ -107,8 +123,96 @@ def _load_human_can_assume_role(neo4j_session: neo4j.Session, okta_update_tag: i
     )
+def get_awssso_okta_groups(neo4j_session: neo4j.Session, okta_org_id: str) -> list[OktaGroup]:
+    """
+    Return list of all Okta group ids in the current Okta organization tied to Okta Applications with name
+    "amazon_aws_sso".
+    """
+    query = """
+    MATCH (g:OktaGroup)-[:APPLICATION]->(a:OktaApplication{name:"amazon_aws_sso"})
+           <-[:RESOURCE]-(:OktaOrganization{id: $okta_org_id})
+    RETURN g.id as group_id, g.name as group_name
+    """
+    result = neo4j_session.read_transaction(read_list_of_dicts_tx, query, okta_org_id=okta_org_id)
+    return [OktaGroup(group_name=og['group_name'], group_id=og['group_id']) for og in result]
+def get_awssso_role_arn(account_id: str, role_hint: str, neo4j_session: neo4j.Session) -> str | None:
+    """
+    Attempt to return the AWS role ARN for the given AWS account ID and role hint string.
+    This function exists to handle that AWS SSO roles have a 'AWSReservedSSO' prefix and a hashed suffix
+    Input:
+    - account_id: AWS account ID
+    - role_hint (str): The `AccountRole.role_name` returned by _parse_okta_group_name(). This is the part of the Okta
+    group name that refers to the AWS role name.
+    Output:
+    - If we are able to find it, returns the matching AWS role ARN.
+    """
+    query = """
+    MATCH (:AWSAccount{id:$account_id})-[:RESOURCE]->(role:AWSRole{path:"/aws-reserved/sso.amazonaws.com/"})
+    WHERE SPLIT(role.name, '_')[1..-1][0] = $role_hint
+    RETURN role.arn AS role_arn
+    """
+    return neo4j_session.read_transaction(read_single_value_tx, query, account_id=account_id, role_hint=role_hint)
+def query_for_okta_to_awssso_role_mapping(
+        neo4j_session: neo4j.Session,
+        awssso_okta_groups: list[OktaGroup],
+        mapping_regex: str,
+) -> list[GroupRole]:
+    """
+    Input:
+    - neo4j session
+    - str list of Okta group names
+    - str regex that tells us how to find the AWS role name and account when given an Okta group name
+    Output:
+    - list of OktaGroup id to AWSRole arn pairs.
+    """
+    result = []
+    for group in awssso_okta_groups:
+        account_role = _parse_okta_group_name(group.group_name, mapping_regex)
+        if not account_role:
+            logger.info(f"Okta group {group.group_name} has no associated AWS SSO role")
+            continue
+        role_arn = get_awssso_role_arn(account_role.account_id, account_role.role_name, neo4j_session)
+        if role_arn:
+            result.append(GroupRole(group.group_id, role_arn))
+    return result
+def _load_awssso_tx(tx: neo4j.Transaction, group_to_role: list[GroupRole], okta_update_tag: int) -> None:
+    ingest_statement = """
+    UNWIND $GROUP_TO_ROLE as app_data
+        MATCH (role:AWSRole{arn: app_data.aws_role_arn})
+        MATCH (group:OktaGroup{id: app_data.okta_group_id})
+        MERGE (role)<-[r:ALLOWED_BY]-(group)
+        ON CREATE SET r.firstseen = timestamp()
+        SET r.lastupdated = $okta_update_tag
+    """
+    tx.run(
+        ingest_statement,
+        GROUP_TO_ROLE=[g._asdict() for g in group_to_role],
+        okta_update_tag=okta_update_tag,
+    )
+def _load_okta_group_to_awssso_roles(
+        neo4j_session: neo4j.Session,
+        group_to_role: list[GroupRole],
+        okta_update_tag: int,
+) -> None:
+    neo4j_session.write_transaction(_load_awssso_tx, group_to_role, okta_update_tag)
 @timeit
-def sync_okta_aws_saml(neo4j_session: neo4j.Session, mapping_regex: str, okta_update_tag: int) -> None:
+def sync_okta_aws_saml(
+        neo4j_session: neo4j.Session,
+        mapping_regex: str,
+        okta_update_tag: int,
+        okta_org_id: str,
+) -> None:
     """
     Sync okta integration with saml. This will link OktaGroups to the AWSRoles they enable.
     This is for people who use the okta saml provider for AWS
@@ -127,3 +231,7 @@ def sync_okta_aws_saml(neo4j_session: neo4j.Session, mapping_regex: str, okta_up
     group_to_role_mapping = query_for_okta_to_aws_role_mapping(neo4j_session, mapping_regex)
     _load_okta_group_to_aws_roles(neo4j_session, group_to_role_mapping, okta_update_tag)
     _load_human_can_assume_role(neo4j_session, okta_update_tag)
+    sso_okta_groups = get_awssso_okta_groups(neo4j_session, okta_org_id)
+    group_to_ssorole_mapping = query_for_okta_to_awssso_role_mapping(neo4j_session, sso_okta_groups, mapping_regex)
+    _load_okta_group_to_awssso_roles(neo4j_session, group_to_ssorole_mapping, okta_update_tag)

cartography/models/kandji/__init__.py ADDED Viewed

File without changes

cartography/models/kandji/device.py ADDED Viewed

@@ -0,0 +1,48 @@
+from dataclasses import dataclass
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import TargetNodeMatcher
+@dataclass(frozen=True)
+class KandjiDeviceNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+    device_id: PropertyRef = PropertyRef('device_id')
+    device_name: PropertyRef = PropertyRef('device_name')
+    last_check_in: PropertyRef = PropertyRef('last_check_in')
+    model: PropertyRef = PropertyRef('model')
+    os_version: PropertyRef = PropertyRef('os_version')
+    platform: PropertyRef = PropertyRef('platform')
+    serial_number: PropertyRef = PropertyRef('serial_number', extra_index=True)
+@dataclass(frozen=True)
+class KandjiTenantToKandjiDeviceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+# (:KandjiDevice)-[:ENROLLED_TO]->(:KandjiTenant)
+class KandjiTenantToKandjiDeviceRel(CartographyRelSchema):
+    target_node_label: str = 'KandjiTenant'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('TENANT_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "ENROLLED_TO"
+    properties: KandjiTenantToKandjiDeviceRelProperties = KandjiTenantToKandjiDeviceRelProperties()
+@dataclass(frozen=True)
+class KandjiDeviceSchema(CartographyNodeSchema):
+    label: str = 'KandjiDevice'  # The label of the node
+    properties: KandjiDeviceNodeProperties = KandjiDeviceNodeProperties()  # An object representing all properties
+    sub_resource_relationship: KandjiTenantToKandjiDeviceRel = KandjiTenantToKandjiDeviceRel()

cartography/models/kandji/tenant.py ADDED Viewed

@@ -0,0 +1,17 @@
+from dataclasses import dataclass
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+@dataclass(frozen=True)
+class KandjiTenantNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('id')
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+@dataclass(frozen=True)
+class KandjiTenantSchema(CartographyNodeSchema):
+    label: str = 'KandjiTenant'  # The label of the node
+    properties: KandjiTenantNodeProperties = KandjiTenantNodeProperties()  # An object representing all properties

cartography/sync.py CHANGED Viewed

@@ -24,6 +24,7 @@ import cartography.intel.duo
 import cartography.intel.gcp
 import cartography.intel.github
 import cartography.intel.gsuite
+import cartography.intel.kandji
 import cartography.intel.kubernetes
 import cartography.intel.lastpass
 import cartography.intel.oci
@@ -50,6 +51,7 @@ TOP_LEVEL_MODULES = OrderedDict({  # preserve order so that the default sync alw
     'okta': cartography.intel.okta.start_okta_ingestion,
     'github': cartography.intel.github.start_github_ingestion,
     'digitalocean': cartography.intel.digitalocean.start_digitalocean_ingestion,
+    'kandji': cartography.intel.kandji.start_kandji_ingestion,
     'kubernetes': cartography.intel.kubernetes.start_k8s_ingestion,
     'lastpass': cartography.intel.lastpass.start_lastpass_ingestion,
     'bigfix': cartography.intel.bigfix.start_bigfix_ingestion,

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cartography
-Version: 0.90.0rc2
+Version: 0.92.0rc1
 Summary: Explore assets and their relationships across your technical infrastructure.
 Home-page: https://www.github.com/lyft/cartography
 Maintainer: Lyft

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/RECORD RENAMED Viewed

@@ -1,10 +1,10 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=JftXT_nUPkqcEh8uxCCT4n-OyHYqbldEgrDS-4ygy0U,101
-cartography/cli.py,sha256=2_kLxdCSIb0nLo2vRVnIR_5XnylonvoWehfvXZElX1o,30059
-cartography/config.py,sha256=3X70Vx94T0Sam5qCdln-R_FnGmJGY-SY6Ok32A38nbE,10777
+cartography/cli.py,sha256=ot9_gMxw5_irVS7KYfWf5HIr2Xkb10RDEbOTY1nzUcw,31787
+cartography/config.py,sha256=rL1zgxZO47_R7S6E9e0CwxmhzRSN0X_q93NtcPR1G00,11368
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/stats.py,sha256=dbybb9V2FuvSuHjjNwz6Vjwnd1hap2C7h960rLoKcl8,4406
-cartography/sync.py,sha256=1y7nzaNSpxND1CRHpP6pFyOSw0DVDn_kox3zuvw3Uzo,9635
+cartography/sync.py,sha256=a80r_IzrZcWGSmRDRrxkesNYPiOuLte5YHvDQT3L-Lw,9730
 cartography/util.py,sha256=F3FPMJl1KDW0x_5cvt2ZGI0Dv1LVrHU7Az4OleAANBI,14474
 cartography/client/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -172,7 +172,7 @@ cartography/intel/aws/ssm.py,sha256=IDOYa8v2FgziU8nBOZ7wyDG4o_nFYshbB-si9Ut_9Zc,
 cartography/intel/aws/ec2/__init__.py,sha256=IDK2Yap7mllK_ab6yVMLXatJ94znIkn-szv5RJP5fbo,346
 cartography/intel/aws/ec2/auto_scaling_groups.py,sha256=4erjP31KSVW-Pp2ASmDox_VLp_AQUAin4KYxfZKZcSM,9223
 cartography/intel/aws/ec2/elastic_ip_addresses.py,sha256=0k4NwS73VyWbEj5jXvSkaq2RNvmAlBlrN-UKa_Bj0uk,3957
-cartography/intel/aws/ec2/images.py,sha256=KZJft6EB-EbILzzjbamRkOgvOmPBqarKUFzMKgpJdXc,3842
+cartography/intel/aws/ec2/images.py,sha256=DcGHJwZf8_K5iRCDJ2QOdP837TTJTwST02IRswfk9Mc,3697
 cartography/intel/aws/ec2/instances.py,sha256=mnTjdBY-4D-TGhH29UrSaLUW0Uft0JApDIJkkLz4zPc,12170
 cartography/intel/aws/ec2/internet_gateways.py,sha256=dI-4-85_3DGGZZBcY_DN6XqESx9P26S6jKok314lcnQ,2883
 cartography/intel/aws/ec2/key_pairs.py,sha256=SvRgd56vE4eouvTSNoFK8PP8HYoECO91goxc36oq_FY,2508
@@ -182,7 +182,7 @@ cartography/intel/aws/ec2/load_balancers.py,sha256=1GwErzGqi3BKCARqfGJcD_r_D84rF
 cartography/intel/aws/ec2/network_interfaces.py,sha256=CzF8PooCYUQ2pk8DR8JDAhkWRUQSBj_27OsIfkL_-Cs,9199
 cartography/intel/aws/ec2/reserved_instances.py,sha256=jv8-VLI5KL8jN1QRI20yim8lzZ7I7wR8a5EF8DckahA,3122
 cartography/intel/aws/ec2/security_groups.py,sha256=vxLeaCpCowkbl-YpON1UdbjtPolMfj_reOEuKujN80Y,6060
-cartography/intel/aws/ec2/snapshots.py,sha256=HSeK8COoc1p399Y0LSg6Jo0bTiooCIh66jCv4DPsJsA,5393
+cartography/intel/aws/ec2/snapshots.py,sha256=R3U6ZwE4bQPy5yikLCRcUHyXN1dD7TzS-3jULQO-F0g,5432
 cartography/intel/aws/ec2/subnets.py,sha256=wdv9TXI1BR_iilOCYmYXL2yok8qef49-I77_DPlyheQ,3694
 cartography/intel/aws/ec2/tgw.py,sha256=lTFPlRNoDHNklR38alSywXlSiiTyg86vJNth7Pc4pZQ,9114
 cartography/intel/aws/ec2/util.py,sha256=Pv-x1QEAAmyxcpEl6y8M24ija3ERjXFE36fswuKXHDs,226
@@ -231,14 +231,16 @@ cartography/intel/gcp/gke.py,sha256=qaTwsVaxkwNhW5_Mw4bedOk7fgJK8y0LwwcYlUABXDg,
 cartography/intel/gcp/storage.py,sha256=oO_ayEhkXlj2Gn7T5MU41ZXiqwRwe6Ud4wzqyRTsyf4,9075
 cartography/intel/github/__init__.py,sha256=y876JJGTDJZEOFCDiNCJfcLNxN24pVj4s2N0YmuuoaE,1914
 cartography/intel/github/repos.py,sha256=YPDdBMk6NkZjwPcqPW5LlCy_OS9tKcrZD6ygiUG93J0,21766
-cartography/intel/github/teams.py,sha256=aX1dj7HHVjw0hv_VvG1dee3WzTfmVMraP1khlwvN7Xs,5287
+cartography/intel/github/teams.py,sha256=mofyJeJVOD7Umh9Rq6QnAwom9bBHBx18kyvFMvQX5YE,5383
 cartography/intel/github/users.py,sha256=kQp0dxzP08DVrdvfVeCciQbrKPbbFvwbR_p_I_XGt7s,3826
-cartography/intel/github/util.py,sha256=trigWITP7C44RjKpBT12fCcxtqo5WFqUOcB9VqtzifA,7465
+cartography/intel/github/util.py,sha256=K6hbxypy4luKhIE1Uh5VWZc9OyjMK2OuO00vBAQfloA,8049
 cartography/intel/gsuite/__init__.py,sha256=AGIUskGlLCVGHbnQicNpNWi9AvmV7_7hUKTt-hsB2J8,4306
 cartography/intel/gsuite/api.py,sha256=J0dkNdfBVMrEv8vvStQu7YKVxXSyV45WueFhUS4aOG4,10310
 cartography/intel/jamf/__init__.py,sha256=Nof-LrUeevoieo6oP2GyfTwx8k5TUIgreW6hSj53YjQ,419
 cartography/intel/jamf/computers.py,sha256=EfjlupQ-9HYTjOrmuwrGuJDy9ApAnJvk8WrYcp6_Jkk,1673
 cartography/intel/jamf/util.py,sha256=EAyP8VpOY2uAvW3HtX6r7qORNjGa1Tr3fuqezuLQ0j4,1017
+cartography/intel/kandji/__init__.py,sha256=OHZJNzuNibIfJ51OkL3XL2EdA_ZmvPHPeWCQUld4J64,1079
+cartography/intel/kandji/devices.py,sha256=j_rP6rQ5VPT_XEcGXx7Yt6eCOm1Oe3I2qWIxXODXEcA,2224
 cartography/intel/kubernetes/__init__.py,sha256=jaOTEanWnTrYvcBN1XUC5oqBhz1AJbFmzoT9uu_VBSg,1481
 cartography/intel/kubernetes/namespaces.py,sha256=6o-FgAX_Ai5NCj2xOWM-RNWEvn0gZjVQnZSGCJlcIhw,2710
 cartography/intel/kubernetes/pods.py,sha256=aX3pP_vs6icMe2vK4vgMak6HZ64okhRzoihpkPHscGU,4502
@@ -251,9 +253,9 @@ cartography/intel/oci/__init__.py,sha256=AZmRX6EO4LUnynDtIKHxtZ_Ab2-CYPPc2u5d0Q2
 cartography/intel/oci/iam.py,sha256=zPrJeoMoO3ZkjBfWbTttjrcUvxxMuWquLTmsDH5MgOI,17712
 cartography/intel/oci/organizations.py,sha256=tzQkZfE4LPoS-6lXBRQGyhq8aJLZUJ1_q75Q9eTBke0,4086
 cartography/intel/oci/utils.py,sha256=UbX9jib4sWEdKeAt2CeCo4k9shUiWY08oTfQz_nDvjA,3223
-cartography/intel/okta/__init__.py,sha256=HYw9wlE27dHJ2fwSlHgbJyHcxhdFzbYWBcZdQ6bqfIo,3813
+cartography/intel/okta/__init__.py,sha256=i5YY9mIDQ2-IBnCSWf4rToYMa9fQQIxucCnl0TXK2Uc,3833
 cartography/intel/okta/applications.py,sha256=ZqUn-bru6Kh75vpUeRnMurUBh0rGBRpI2b2V09HOOQw,12866
-cartography/intel/okta/awssaml.py,sha256=uJFasoyQmABoC5xAjlXak51KuAjT2H6AA2f47N3h6gw,4651
+cartography/intel/okta/awssaml.py,sha256=Rw0mrJ7NY5xjfEO_ijMqi1VEbr0FSasfrvGtoCPy1aU,9136
 cartography/intel/okta/factors.py,sha256=1bLnF4MRf0MYzzhT2tfM4jdfkjE1bkQn6_WuOqED2K4,4955
 cartography/intel/okta/groups.py,sha256=GxaixbY5KWkalj2rY6nWwe_IskVVowOAPo88OZIGcPY,10172
 cartography/intel/okta/organization.py,sha256=YLQc7ETdtf8Vc-CRCYivV_xmVl2Oz0Px53anJHYp-p8,821
@@ -319,6 +321,9 @@ cartography/models/duo/user.py,sha256=ih3DH_QveAve4cX9dmIwC5gVN6_RNnuLK3bfJ5I9u6
 cartography/models/duo/web_authn_credential.py,sha256=OcZnfG5zCMlphxSltRcAXQ12hHYJjxrBt6A9L28g7Vk,2920
 cartography/models/github/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/github/teams.py,sha256=mk3OFGTDqWkLz7aX7Q9AtpOMOkZDDGH0MWoVeevK2-k,4376
+cartography/models/kandji/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+cartography/models/kandji/device.py,sha256=C3zPhLi1oPNysbSUr4H2u8b-Xy14sb3FE7YcjCwlntw,2214
+cartography/models/kandji/tenant.py,sha256=KhcbahNBemny3coQPiadIY8B-yDMg_ejYB2BR6vqBfw,674
 cartography/models/lastpass/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/models/lastpass/tenant.py,sha256=TG-9LFo9Sfzb9UgcTt_gFVTKocLItbgQMMPkN_iprXU,618
 cartography/models/lastpass/user.py,sha256=SMTTYN6jgccc9k76hY3rVImElJOhHhZ9f1aZ6JzcrHw,3487
@@ -326,10 +331,10 @@ cartography/models/semgrep/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 cartography/models/semgrep/deployment.py,sha256=or5qZDuR51MXzINpH15jZrqmSUvXQevCNYWJ7D6v-JI,745
 cartography/models/semgrep/findings.py,sha256=xrn8sgXpNMrNJbKQagaAVxaCG9bVjTATSRR2XRBR4rg,5386
 cartography/models/semgrep/locations.py,sha256=kSk7Nn5Mn4Ob84MVZOo2GR0YFi-9Okq9pgA3FfC6_bk,3061
-cartography-0.90.0rc2.dist-info/LICENSE,sha256=489ZXeW9G90up6ep-D1n-lJgk9ciNT2yxXpFgRSidtk,11341
-cartography-0.90.0rc2.dist-info/METADATA,sha256=DHVlVtAVX0wLA23rAP2on60QcEvswp8wivDIIw5LQgE,1991
-cartography-0.90.0rc2.dist-info/NOTICE,sha256=YOGAsjFtbyKj5tslYIg6V5jEYRuEvnSsIuDOUKj0Qj4,97
-cartography-0.90.0rc2.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
-cartography-0.90.0rc2.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.90.0rc2.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.90.0rc2.dist-info/RECORD,,
+cartography-0.92.0rc1.dist-info/LICENSE,sha256=489ZXeW9G90up6ep-D1n-lJgk9ciNT2yxXpFgRSidtk,11341
+cartography-0.92.0rc1.dist-info/METADATA,sha256=Ascw5OW3AX47QCK7O2ftYRY4BRVycgrTVfIZqMe0O6g,1991
+cartography-0.92.0rc1.dist-info/NOTICE,sha256=YOGAsjFtbyKj5tslYIg6V5jEYRuEvnSsIuDOUKj0Qj4,97
+cartography-0.92.0rc1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+cartography-0.92.0rc1.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.92.0rc1.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.92.0rc1.dist-info/RECORD,,

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/WHEEL RENAMED Viewed

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: bdist_wheel (0.42.0)
+Generator: bdist_wheel (0.43.0)
 Root-Is-Purelib: true
 Tag: py3-none-any

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/LICENSE RENAMED Viewed

File without changes

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/NOTICE RENAMED Viewed

File without changes

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/entry_points.txt RENAMED Viewed

File without changes

{cartography-0.90.0rc2.dist-info → cartography-0.92.0rc1.dist-info}/top_level.txt RENAMED Viewed

File without changes

cartography 0.90.0rc2__py3-none-any.whl → 0.92.0rc1__py3-none-any.whl

cartography 0.90.0rc2py3-none-any.whl → 0.92.0rc1py3-none-any.whl