cartography 0.93.0rc1__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography/intel/gcp/crm.py

@@ -1,302 +0,0 @@
-# Google Compute Resource Manager
-# https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
-import logging
-from string import Template
-from typing import Dict
-from typing import List
-
-import neo4j
-from googleapiclient.discovery import HttpError
-from googleapiclient.discovery import Resource
-
-from cartography.util import run_cleanup_job
-from cartography.util import timeit
-
-logger = logging.getLogger(__name__)
-
-
-@timeit
-def get_gcp_organizations(crm_v1: Resource) -> List[Resource]:
-    """
-    Return list of GCP organizations that the crm_v1 resource object has permissions to access.
-    Returns empty list if we are unable to enumerate organizations for any reason.
-    :param crm_v1: The Compute Resource Manager v1 resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :return: List of GCP Organizations. See https://cloud.google.com/resource-manager/reference/rest/v1/organizations.
-    """
-    try:
-        req = crm_v1.organizations().search(body={})
-        res = req.execute()
-        return res.get('organizations', [])
-    except HttpError as e:
-        logger.warning("HttpError occurred in crm.get_gcp_organizations(), returning empty list. Details: %r", e)
-        return []
-
-
-@timeit
-def get_gcp_folders(crm_v2: Resource) -> List[Resource]:
-    """
-    Return list of GCP folders that the crm_v2 resource object has permissions to access.
-    Returns empty list if we are unable to enumerate folders for any reason.
-    :param crm_v2: The Compute Resource Manager v2 resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :return: List of GCP folders. See https://cloud.google.com/resource-manager/reference/rest/v2/folders/list.
-    """
-    try:
-        req = crm_v2.folders().search(body={})
-        res = req.execute()
-        return res.get('folders', [])
-    except HttpError as e:
-        logger.warning("HttpError occurred in crm.get_gcp_folders(), returning empty list. Details: %r", e)
-        return []
-
-
-@timeit
-def get_gcp_projects(crm_v1: Resource) -> List[Resource]:
-    """
-    Return list of GCP projects that the crm_v1 resource object has permissions to access.
-    Returns empty list if we are unable to enumerate projects for any reason.
-    :param crm_v1: The Compute Resource Manager v1 resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :return: List of GCP projects. See https://cloud.google.com/resource-manager/reference/rest/v2/projects/list.
-    """
-    try:
-        projects: List[Resource] = []
-        req = crm_v1.projects().list(filter="lifecycleState:ACTIVE")
-        while req is not None:
-            res = req.execute()
-            page = res.get('projects', [])
-            projects.extend(page)
-            req = crm_v1.projects().list_next(previous_request=req, previous_response=res)
-        return projects
-    except HttpError as e:
-        logger.warning("HttpError occurred in crm.get_gcp_projects(), returning empty list. Details: %r", e)
-        return []
-
-
-@timeit
-def load_gcp_organizations(neo4j_session: neo4j.Session, data: List[Dict], gcp_update_tag: int) -> None:
-    """
-    Ingest the GCP organizations to Neo4j
-    :param neo4j_session: The Neo4j session
-    :param data: List of organizations; output from crm.get_gcp_organizations()
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :return: Nothing
-    """
-    query = """
-    MERGE (org:GCPOrganization{id:$OrgName})
-    ON CREATE SET org.firstseen = timestamp()
-    SET org.orgname = $OrgName,
-    org.displayname = $DisplayName,
-    org.lifecyclestate = $LifecycleState,
-    org.lastupdated = $gcp_update_tag
-    """
-    for org_object in data:
-        neo4j_session.run(
-            query,
-            OrgName=org_object['name'],
-            DisplayName=org_object.get('displayName', None),
-            LifecycleState=org_object.get('lifecycleState', None),
-            gcp_update_tag=gcp_update_tag,
-        )
-
-
-@timeit
-def load_gcp_folders(neo4j_session: neo4j.Session, data: List[Dict], gcp_update_tag: int) -> None:
-    """
-    Ingest the GCP folders to Neo4j
-    :param neo4j_session: The Neo4j session
-    :param data: List of folders; output from crm.get_gcp_folders()
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :return: Nothing
-    """
-    for folder in data:
-        # Get the correct parent type.
-        # Parents of folders can only be GCPOrganizations or other folders, see
-        # https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
-        if folder['parent'].startswith("organizations"):
-            query = "MATCH (parent:GCPOrganization{id:$ParentId})"
-        elif folder['parent'].startswith("folders"):
-            query = """
-            MERGE (parent:GCPFolder{id:$ParentId})
-            ON CREATE SET parent.firstseen = timestamp()
-            """
-        query += """
-        MERGE (folder:GCPFolder{id:$FolderName})
-        ON CREATE SET folder.firstseen = timestamp()
-        SET folder.foldername = $FolderName,
-        folder.displayname = $DisplayName,
-        folder.lifecyclestate = $LifecycleState,
-        folder.lastupdated = $gcp_update_tag
-        WITH parent, folder
-        MERGE (parent)-[r:RESOURCE]->(folder)
-        ON CREATE SET r.firstseen = timestamp()
-        SET r.lastupdated = $gcp_update_tag
-        """
-        neo4j_session.run(
-            query,
-            ParentId=folder['parent'],
-            FolderName=folder['name'],
-            DisplayName=folder.get('displayName', None),
-            LifecycleState=folder.get('lifecycleState', None),
-            gcp_update_tag=gcp_update_tag,
-        )
-
-
-@timeit
-def load_gcp_projects(neo4j_session: neo4j.Session, data: List[Dict], gcp_update_tag: int) -> None:
-    """
-    Ingest the GCP projects to Neo4j
-    :param neo4j_session: The Neo4j session
-    :param data: List of GCP projects; output from crm.get_gcp_projects()
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :return: Nothing
-    """
-    query = """
-    MERGE (project:GCPProject{id:$ProjectId})
-    ON CREATE SET project.firstseen = timestamp()
-    SET project.projectid = $ProjectId,
-    project.projectnumber = $ProjectNumber,
-    project.displayname = $DisplayName,
-    project.lifecyclestate = $LifecycleState,
-    project.lastupdated = $gcp_update_tag
-    """
-
-    for project in data:
-        neo4j_session.run(
-            query,
-            ProjectId=project['projectId'],
-            ProjectNumber=project['projectNumber'],
-            DisplayName=project.get('name', None),
-            LifecycleState=project.get('lifecycleState', None),
-            gcp_update_tag=gcp_update_tag,
-        )
-        if project.get('parent'):
-            _attach_gcp_project_parent(neo4j_session, project, gcp_update_tag)
-
-
-@timeit
-def _attach_gcp_project_parent(neo4j_session: neo4j.Session, project: Dict, gcp_update_tag: int) -> None:
-    """
-    Attach a project to its respective parent, as in the Resource Hierarchy -
-    https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy
-    """
-    if project['parent']['type'] == 'organization':
-        parent_label = 'GCPOrganization'
-    elif project['parent']['type'] == 'folder':
-        parent_label = 'GCPFolder'
-    else:
-        raise NotImplementedError(
-            "Ingestion of GCP {}s as parent nodes is currently not supported. "
-            "Please file an issue at https://github.com/lyft/cartography/issues.".format(
-                project['parent']['type'],
-            ),
-        )
-    parent_id = f"{project['parent']['type']}s/{project['parent']['id']}"
-    INGEST_PARENT_TEMPLATE = Template("""
-    MATCH (project:GCPProject{id:$ProjectId})
-
-    MERGE (parent:$parent_label{id:$ParentId})
-    ON CREATE SET parent.firstseen = timestamp()
-
-    MERGE (parent)-[r:RESOURCE]->(project)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $gcp_update_tag
-    """)
-    neo4j_session.run(
-        INGEST_PARENT_TEMPLATE.safe_substitute(parent_label=parent_label),
-        ParentId=parent_id,
-        ProjectId=project['projectId'],
-        gcp_update_tag=gcp_update_tag,
-    )
-
-
-@timeit
-def cleanup_gcp_organizations(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    """
-    Remove stale GCP organizations and their relationships
-    :param neo4j_session: The Neo4j session
-    :param common_job_parameters: Parameters to carry to the cleanup job
-    :return: Nothing
-    """
-    run_cleanup_job('gcp_crm_organization_cleanup.json', neo4j_session, common_job_parameters)
-
-
-@timeit
-def cleanup_gcp_folders(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    """
-    Remove stale GCP folders and their relationships
-    :param neo4j_session: The Neo4j session
-    :param common_job_parameters: Parameters to carry to the cleanup job
-    :return: Nothing
-    """
-    run_cleanup_job('gcp_crm_folder_cleanup.json', neo4j_session, common_job_parameters)
-
-
-@timeit
-def cleanup_gcp_projects(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    """
-    Remove stale GCP projects and their relationships
-    :param neo4j_session: The Neo4j session
-    :param common_job_parameters: Parameters to carry to the cleanup job
-    :return: Nothing
-    """
-    run_cleanup_job('gcp_crm_project_cleanup.json', neo4j_session, common_job_parameters)
-
-
-@timeit
-def sync_gcp_organizations(
-    neo4j_session: neo4j.Session, crm_v1: Resource, gcp_update_tag: int,
-    common_job_parameters: Dict,
-) -> None:
-    """
-    Get GCP organization data using the CRM v1 resource object, load the data to Neo4j, and clean up stale nodes.
-    :param neo4j_session: The Neo4j session
-    :param crm_v1: The Compute Resource Manager v1 resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :param common_job_parameters: Parameters to carry to the Neo4j jobs
-    :return: Nothing
-    """
-    logger.debug("Syncing GCP organizations")
-    data = get_gcp_organizations(crm_v1)
-    load_gcp_organizations(neo4j_session, data, gcp_update_tag)
-    cleanup_gcp_organizations(neo4j_session, common_job_parameters)
-
-
-@timeit
-def sync_gcp_folders(
-    neo4j_session: neo4j.Session, crm_v2: Resource, gcp_update_tag: int,
-    common_job_parameters: Dict,
-) -> None:
-    """
-    Get GCP folder data using the CRM v2 resource object, load the data to Neo4j, and clean up stale nodes.
-    :param neo4j_session: The Neo4j session
-    :param crm_v2: The Compute Resource Manager v2 resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :param common_job_parameters: Parameters to carry to the Neo4j jobs
-    :return: Nothing
-    """
-    logger.debug("Syncing GCP folders")
-    folders = get_gcp_folders(crm_v2)
-    load_gcp_folders(neo4j_session, folders, gcp_update_tag)
-    cleanup_gcp_folders(neo4j_session, common_job_parameters)
-
-
-@timeit
-def sync_gcp_projects(
-    neo4j_session: neo4j.Session, projects: List[Dict], gcp_update_tag: int,
-    common_job_parameters: Dict,
-) -> None:
-    """
-    Load a given list of GCP project data to Neo4j and clean up stale nodes.
-    :param neo4j_session: The Neo4j session
-    :param projects: List of GCP projects; output from crm.get_gcp_projects()
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :param common_job_parameters: Parameters to carry to the Neo4j jobs
-    :return: Nothing
-    """
-    logger.debug("Syncing GCP projects")
-    load_gcp_projects(neo4j_session, projects, gcp_update_tag)
-    cleanup_gcp_projects(neo4j_session, common_job_parameters)

cartography/intel/gsuite/api.py

@@ -1,284 +0,0 @@
-import logging
-from typing import Dict
-from typing import List
-
-import neo4j
-from googleapiclient.discovery import Resource
-
-from cartography.util import run_cleanup_job
-from cartography.util import timeit
-
-
-logger = logging.getLogger(__name__)
-
-
-GOOGLE_API_NUM_RETRIES = 5
-
-
-@timeit
-def get_all_groups(admin: Resource) -> List[Dict]:
-    """
-    Return list of Google Groups in your organization
-    Returns empty list if we are unable to enumerate the groups for any reasons
-
-    googleapiclient.discovery.build('admin', 'directory_v1', credentials=credentials, cache_discovery=False)
-
-    :param admin: google's apiclient discovery resource object.  From googleapiclient.discovery.build
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :return: List of Google groups in domain
-    """
-    request = admin.groups().list(customer='my_customer', maxResults=20, orderBy='email')
-    response_objects = []
-    while request is not None:
-        resp = request.execute(num_retries=GOOGLE_API_NUM_RETRIES)
-        response_objects.append(resp)
-        request = admin.groups().list_next(request, resp)
-    return response_objects
-
-
-@timeit
-def transform_groups(response_objects: List[Dict]) -> List[Dict]:
-    """  Strips list of API response objects to return list of group objects only
-
-    :param response_objects:
-    :return: list of dictionary objects as defined in /docs/schema/gsuite.md
-    """
-    groups: List[Dict] = []
-    for response_object in response_objects:
-        for group in response_object['groups']:
-            groups.append(group)
-    return groups
-
-
-@timeit
-def transform_users(response_objects: List[Dict]) -> List[Dict]:
-    """  Strips list of API response objects to return list of group objects only
-    :param response_objects:
-    :return: list of dictionary objects as defined in /docs/schema/gsuite.md
-    """
-    users: List[Dict] = []
-    for response_object in response_objects:
-        for user in response_object['users']:
-            users.append(user)
-    return users
-
-
-@timeit
-def get_all_groups_for_email(admin: Resource, email: str) -> List[Dict]:
-    """ Fetch all groups of which the given group is a member
-
-    Arguments:
-        email: A string representing the email address for the group
-
-    Returns a list of Group models
-    Throws GoogleException
-    """
-    request = admin.groups().list(userKey=email, maxResults=500)
-    groups: List[Dict] = []
-    while request is not None:
-        resp = request.execute(num_retries=GOOGLE_API_NUM_RETRIES)
-        groups = groups + resp.get('groups', [])
-        request = admin.groups().list_next(request, resp)
-    return groups
-
-
-@timeit
-def get_members_for_group(admin: Resource, group_email: str) -> List[Dict]:
-    """ Get all members for a google group
-
-    :param group_email: A string representing the email address for the group
-
-    :return: List of dictionaries representing Users or Groups.
-    """
-    request = admin.members().list(
-        groupKey=group_email,
-        maxResults=500,
-    )
-    members: List[Dict] = []
-    while request is not None:
-        resp = request.execute(num_retries=GOOGLE_API_NUM_RETRIES)
-        members = members + resp.get('members', [])
-        request = admin.members().list_next(request, resp)
-
-    return members
-
-
-@timeit
-def get_all_users(admin: Resource) -> List[Dict]:
-    """
-    Return list of Google Users in your organization
-    Returns empty list if we are unable to enumerate the groups for any reasons
-    https://developers.google.com/admin-sdk/directory/v1/guides/manage-users
-
-    :param admin: apiclient discovery resource object
-    see
-    :return: List of Google users in domain
-    see https://developers.google.com/admin-sdk/directory/v1/guides/manage-users#get_all_domain_users
-    """
-    request = admin.users().list(customer='my_customer', maxResults=500, orderBy='email')
-    response_objects = []
-    while request is not None:
-        resp = request.execute(num_retries=GOOGLE_API_NUM_RETRIES)
-        response_objects.append(resp)
-        request = admin.users().list_next(request, resp)
-    return response_objects
-
-
-@timeit
-def load_gsuite_groups(neo4j_session: neo4j.Session, groups: List[Dict], gsuite_update_tag: int) -> None:
-    ingestion_qry = """
-        UNWIND $GroupData as group
-        MERGE (g:GSuiteGroup{id: group.id})
-        ON CREATE SET
-        g.firstseen = $UpdateTag,
-        g.group_id = group.id
-        SET
-        g.admin_created = group.adminCreated,
-        g.description = group.description,
-        g.direct_members_count = group.directMembersCount,
-        g.email = group.email,
-        g.etag = group.etag,
-        g.kind = group.kind,
-        g.name = group.name,
-        g.lastupdated = $UpdateTag
-    """
-    logger.info(f'Ingesting {len(groups)} gsuite groups')
-    neo4j_session.run(ingestion_qry, GroupData=groups, UpdateTag=gsuite_update_tag)
-
-
-@timeit
-def load_gsuite_users(neo4j_session: neo4j.Session, users: List[Dict], gsuite_update_tag: int) -> None:
-    ingestion_qry = """
-        UNWIND $UserData as user
-        MERGE (u:GSuiteUser{id: user.id})
-        ON CREATE SET
-        u.user_id = user.id,
-        u.firstseen = $UpdateTag
-        SET
-        u.agreed_to_terms = user.agreedToTerms,
-        u.archived = user.archived,
-        u.change_password_at_next_login = user.changePasswordAtNextLogin,
-        u.creation_time = user.creationTime,
-        u.customer_id = user.customerId,
-        u.etag = user.etag,
-        u.include_in_global_address_list = user.includeInGlobalAddressList,
-        u.ip_whitelisted = user.ipWhitelisted,
-        u.is_admin = user.isAdmin,
-        u.is_delegated_admin =  user.isDelegatedAdmin,
-        u.is_enforced_in_2_sv = user.isEnforcedIn2Sv,
-        u.is_enrolled_in_2_sv = user.isEnrolledIn2Sv,
-        u.is_mailbox_setup = user.isMailboxSetup,
-        u.kind = user.kind,
-        u.last_login_time = user.lastLoginTime,
-        u.name = user.name.fullName,
-        u.family_name = user.name.familyName,
-        u.given_name = user.name.givenName,
-        u.org_unit_path = user.orgUnitPath,
-        u.primary_email = user.primaryEmail,
-        u.email = user.primaryEmail,
-        u.suspended = user.suspended,
-        u.thumbnail_photo_etag = user.thumbnailPhotoEtag,
-        u.thumbnail_photo_url = user.thumbnailPhotoUrl,
-        u.lastupdated = $UpdateTag
-    """
-    logger.info(f'Ingesting {len(users)} gsuite users')
-    neo4j_session.run(ingestion_qry, UserData=users, UpdateTag=gsuite_update_tag)
-
-
-@timeit
-def load_gsuite_members(neo4j_session: neo4j.Session, group: Dict, members: List[Dict], gsuite_update_tag: int) -> None:
-    ingestion_qry = """
-        UNWIND $MemberData as member
-        MATCH (user:GSuiteUser {id: member.id}),(group:GSuiteGroup {id: $GroupID })
-        MERGE (user)-[r:MEMBER_GSUITE_GROUP]->(group)
-        ON CREATE SET
-        r.firstseen = $UpdateTag
-        SET
-        r.lastupdated = $UpdateTag
-    """
-    neo4j_session.run(
-        ingestion_qry,
-        MemberData=members,
-        GroupID=group.get("id"),
-        UpdateTag=gsuite_update_tag,
-    )
-    membership_qry = """
-        UNWIND $MemberData as member
-        MATCH(group_1: GSuiteGroup{id: member.id}), (group_2:GSuiteGroup {id: $GroupID})
-        MERGE (group_1)-[r:MEMBER_GSUITE_GROUP]->(group_2)
-        ON CREATE SET
-        r.firstseen = $UpdateTag
-        SET
-        r.lastupdated = $UpdateTag
-    """
-    neo4j_session.run(membership_qry, MemberData=members, GroupID=group.get("id"), UpdateTag=gsuite_update_tag)
-
-
-@timeit
-def cleanup_gsuite_users(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job(
-        'gsuite_ingest_users_cleanup.json',
-        neo4j_session,
-        common_job_parameters,
-    )
-
-
-@timeit
-def cleanup_gsuite_groups(neo4j_session: neo4j.Session, common_job_parameters: Dict) -> None:
-    run_cleanup_job(
-        'gsuite_ingest_groups_cleanup.json',
-        neo4j_session,
-        common_job_parameters,
-    )
-
-
-@timeit
-def sync_gsuite_users(
-    neo4j_session: neo4j.Session, admin: Resource, gsuite_update_tag: int, common_job_parameters: Dict,
-) -> None:
-    """
-    GET GSuite user objects using the google admin api resource, load the data into Neo4j and clean up stale nodes.
-
-    :param session: The Neo4j session
-    :param admin: Google admin resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :param common_job_parameters: Parameters to carry to the Neo4j jobs
-    :return: Nothing
-    """
-    logger.debug('Syncing GSuite Users')
-    resp_objs = get_all_users(admin)
-    users = transform_users(resp_objs)
-    load_gsuite_users(neo4j_session, users, gsuite_update_tag)
-    cleanup_gsuite_users(neo4j_session, common_job_parameters)
-
-
-@timeit
-def sync_gsuite_groups(
-    neo4j_session: neo4j.Session, admin: Resource, gsuite_update_tag: int, common_job_parameters: Dict,
-) -> None:
-    """
-    GET GSuite group objects using the google admin api resource, load the data into Neo4j and clean up stale nodes.
-
-    :param neo4j_session: The Neo4j session
-    :param admin: Google admin resource object created by `googleapiclient.discovery.build()`.
-    See https://googleapis.github.io/google-api-python-client/docs/epy/googleapiclient.discovery-module.html#build.
-    :param gcp_update_tag: The timestamp value to set our new Neo4j nodes with
-    :param common_job_parameters: Parameters to carry to the Neo4j jobs
-    :return: Nothing
-    """
-    logger.debug('Syncing GSuite Groups')
-    resp_objs = get_all_groups(admin)
-    groups = transform_groups(resp_objs)
-    load_gsuite_groups(neo4j_session, groups, gsuite_update_tag)
-    cleanup_gsuite_groups(neo4j_session, common_job_parameters)
-    sync_gsuite_members(groups, neo4j_session, admin, gsuite_update_tag)
-
-
-@timeit
-def sync_gsuite_members(
-    groups: List[Dict], neo4j_session: neo4j.Session, admin: Resource, gsuite_update_tag: int,
-) -> None:
-    for group in groups:
-        members = get_members_for_group(admin, group['email'])
-        load_gsuite_members(neo4j_session, group, members, gsuite_update_tag)

cartography/models/aws/ec2/keypairs.py

@@ -1,64 +0,0 @@
-from dataclasses import dataclass
-
-from cartography.models.core.common import PropertyRef
-from cartography.models.core.nodes import CartographyNodeProperties
-from cartography.models.core.nodes import CartographyNodeSchema
-from cartography.models.core.relationships import CartographyRelProperties
-from cartography.models.core.relationships import CartographyRelSchema
-from cartography.models.core.relationships import LinkDirection
-from cartography.models.core.relationships import make_target_node_matcher
-from cartography.models.core.relationships import OtherRelationships
-from cartography.models.core.relationships import TargetNodeMatcher
-
-
-@dataclass(frozen=True)
-class EC2KeyPairNodeProperties(CartographyNodeProperties):
-    id: PropertyRef = PropertyRef('KeyPairArn')
-    arn: PropertyRef = PropertyRef('KeyPairArn', extra_index=True)
-    keyname: PropertyRef = PropertyRef('KeyName')
-    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
-
-
-@dataclass(frozen=True)
-class EC2KeyPairToAwsAccountRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
-
-
-@dataclass(frozen=True)
-class EC2KeyPairToAWSAccount(CartographyRelSchema):
-    target_node_label: str = 'AWSAccount'
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
-    )
-    direction: LinkDirection = LinkDirection.INWARD
-    rel_label: str = "RESOURCE"
-    properties: EC2KeyPairToAwsAccountRelProperties = EC2KeyPairToAwsAccountRelProperties()
-
-
-@dataclass(frozen=True)
-class EC2KeyPairToEC2InstanceRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
-
-
-@dataclass(frozen=True)
-class EC2KeyPairToEC2Instance(CartographyRelSchema):
-    target_node_label: str = 'EC2Instance'
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('InstanceId')},
-    )
-    direction: LinkDirection = LinkDirection.OUTWARD
-    rel_label: str = "SSH_LOGIN_TO"
-    properties: EC2KeyPairToEC2InstanceRelProperties = EC2KeyPairToEC2InstanceRelProperties()
-
-
-@dataclass(frozen=True)
-class EC2KeyPairSchema(CartographyNodeSchema):
-    label: str = 'EC2KeyPair'
-    properties: EC2KeyPairNodeProperties = EC2KeyPairNodeProperties()
-    sub_resource_relationship: EC2KeyPairToAWSAccount = EC2KeyPairToAWSAccount()
-    other_relationships: OtherRelationships = OtherRelationships(
-        [
-            EC2KeyPairToEC2Instance(),
-        ],
-    )