PyPI - cartography - Versions diffs - 0.93.0rc1__py3-none-any.whl → 0.123.0__py3-none-any.whl - Mend

cartography 0.93.0rc1py3-none-any.whl → 0.123.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (822) hide show

cartography/__main__.py +1 -2
cartography/_version.py +34 -0
cartography/cli.py +903 -225
cartography/client/aws/__init__.py +19 -0
cartography/client/aws/ecr.py +51 -0
cartography/client/core/tx.py +400 -27
cartography/config.py +215 -10
cartography/data/azure_permission_relationships.yaml +20 -0
cartography/data/gcp_permission_relationships.yaml +21 -0
cartography/data/indexes.cypher +1 -200
cartography/data/jobs/analysis/aws_ec2_asset_exposure.json +17 -2
cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json +2 -2
cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json +1 -1
cartography/data/jobs/analysis/keycloak_inheritance.json +30 -0
cartography/data/jobs/cleanup/crowdstrike_import_cleanup.json +0 -5
cartography/data/jobs/cleanup/gcp_compute_vpc_cleanup.json +0 -12
cartography/data/jobs/cleanup/github_repos_cleanup.json +27 -0
cartography/data/jobs/scoped_analysis/aws_ec2_iaminstanceprofile.json +15 -0
cartography/data/jobs/scoped_analysis/semgrep_sca_risk_analysis.json +13 -13
cartography/driftdetect/__main__.py +1 -2
cartography/driftdetect/add_shortcut.py +10 -2
cartography/driftdetect/cli.py +72 -75
cartography/driftdetect/detect_deviations.py +7 -3
cartography/driftdetect/get_states.py +20 -8
cartography/driftdetect/model.py +5 -5
cartography/driftdetect/serializers.py +8 -6
cartography/driftdetect/storage.py +2 -2
cartography/graph/cleanupbuilder.py +255 -35
cartography/graph/job.py +104 -20
cartography/graph/querybuilder.py +689 -91
cartography/graph/statement.py +49 -36
cartography/intel/airbyte/__init__.py +105 -0
cartography/intel/airbyte/connections.py +120 -0
cartography/intel/airbyte/destinations.py +81 -0
cartography/intel/airbyte/organizations.py +59 -0
cartography/intel/airbyte/sources.py +78 -0
cartography/intel/airbyte/tags.py +64 -0
cartography/intel/airbyte/users.py +106 -0
cartography/intel/airbyte/util.py +122 -0
cartography/intel/airbyte/workspaces.py +63 -0
cartography/intel/analysis.py +4 -1
cartography/intel/anthropic/__init__.py +62 -0
cartography/intel/anthropic/apikeys.py +72 -0
cartography/intel/anthropic/users.py +75 -0
cartography/intel/anthropic/util.py +51 -0
cartography/intel/anthropic/workspaces.py +95 -0
cartography/intel/aws/__init__.py +137 -59
cartography/intel/aws/acm.py +124 -0
cartography/intel/aws/apigateway.py +482 -217
cartography/intel/aws/apigatewayv2.py +116 -0
cartography/intel/aws/cloudtrail.py +105 -0
cartography/intel/aws/cloudtrail_management_events.py +962 -0
cartography/intel/aws/cloudwatch.py +239 -0
cartography/intel/aws/codebuild.py +132 -0
cartography/intel/aws/cognito.py +201 -0
cartography/intel/aws/config.py +63 -23
cartography/intel/aws/dynamodb.py +108 -40
cartography/intel/aws/ec2/__init__.py +2 -2
cartography/intel/aws/ec2/auto_scaling_groups.py +254 -189
cartography/intel/aws/ec2/elastic_ip_addresses.py +44 -14
cartography/intel/aws/ec2/images.py +74 -39
cartography/intel/aws/ec2/instances.py +262 -137
cartography/intel/aws/ec2/internet_gateways.py +44 -13
cartography/intel/aws/ec2/key_pairs.py +72 -39
cartography/intel/aws/ec2/launch_templates.py +143 -66
cartography/intel/aws/ec2/load_balancer_v2s.py +119 -45
cartography/intel/aws/ec2/load_balancers.py +165 -147
cartography/intel/aws/ec2/network_acls.py +233 -0
cartography/intel/aws/ec2/network_interfaces.py +150 -87
cartography/intel/aws/ec2/reserved_instances.py +48 -17
cartography/intel/aws/ec2/route_tables.py +327 -0
cartography/intel/aws/ec2/security_groups.py +189 -121
cartography/intel/aws/ec2/snapshots.py +93 -91
cartography/intel/aws/ec2/subnets.py +70 -58
cartography/intel/aws/ec2/tgw.py +111 -39
cartography/intel/aws/ec2/util.py +1 -1
cartography/intel/aws/ec2/volumes.py +69 -41
cartography/intel/aws/ec2/vpc.py +157 -116
cartography/intel/aws/ec2/vpc_peerings.py +317 -121
cartography/intel/aws/ecr.py +336 -93
cartography/intel/aws/ecr_image_layers.py +923 -0
cartography/intel/aws/ecs.py +310 -403
cartography/intel/aws/efs.py +261 -0
cartography/intel/aws/eks.py +55 -29
cartography/intel/aws/elasticache.py +130 -83
cartography/intel/aws/elasticsearch.py +70 -24
cartography/intel/aws/emr.py +61 -23
cartography/intel/aws/eventbridge.py +164 -0
cartography/intel/aws/glue.py +181 -0
cartography/intel/aws/guardduty.py +443 -0
cartography/intel/aws/iam.py +978 -464
cartography/intel/aws/iam_instance_profiles.py +73 -0
cartography/intel/aws/identitycenter.py +847 -0
cartography/intel/aws/inspector.py +330 -133
cartography/intel/aws/kms.py +235 -209
cartography/intel/aws/lambda_function.py +328 -176
cartography/intel/aws/organizations.py +40 -19
cartography/intel/aws/permission_relationships.py +144 -68
cartography/intel/aws/rds.py +467 -412
cartography/intel/aws/redshift.py +116 -50
cartography/intel/aws/resourcegroupstaggingapi.py +198 -82
cartography/intel/aws/resources.py +80 -42
cartography/intel/aws/route53.py +419 -318
cartography/intel/aws/s3.py +489 -96
cartography/intel/aws/s3accountpublicaccessblock.py +157 -0
cartography/intel/aws/secretsmanager.py +217 -40
cartography/intel/aws/securityhub.py +23 -10
cartography/intel/aws/sns.py +226 -0
cartography/intel/aws/sqs.py +74 -96
cartography/intel/aws/ssm.py +142 -33
cartography/intel/aws/util/arns.py +7 -7
cartography/intel/aws/util/common.py +31 -4
cartography/intel/azure/__init__.py +259 -46
cartography/intel/azure/aks.py +175 -0
cartography/intel/azure/app_service.py +105 -0
cartography/intel/azure/compute.py +141 -120
cartography/intel/azure/container_instances.py +95 -0
cartography/intel/azure/cosmosdb.py +706 -519
cartography/intel/azure/data_factory.py +85 -0
cartography/intel/azure/data_factory_dataset.py +128 -0
cartography/intel/azure/data_factory_linked_service.py +119 -0
cartography/intel/azure/data_factory_pipeline.py +142 -0
cartography/intel/azure/data_lake.py +124 -0
cartography/intel/azure/event_grid.py +94 -0
cartography/intel/azure/functions.py +124 -0
cartography/intel/azure/load_balancers.py +263 -0
cartography/intel/azure/logic_apps.py +101 -0
cartography/intel/azure/monitor.py +105 -0
cartography/intel/azure/network.py +467 -0
cartography/intel/azure/permission_relationships.py +466 -0
cartography/intel/azure/rbac.py +309 -0
cartography/intel/azure/resource_groups.py +82 -0
cartography/intel/azure/security_center.py +106 -0
cartography/intel/azure/sql.py +436 -392
cartography/intel/azure/storage.py +467 -335
cartography/intel/azure/subscription.py +49 -55
cartography/intel/azure/tenant.py +46 -28
cartography/intel/azure/util/common.py +13 -0
cartography/intel/azure/util/credentials.py +58 -143
cartography/intel/azure/util/tag.py +41 -0
cartography/intel/bigfix/__init__.py +2 -2
cartography/intel/bigfix/computers.py +93 -65
cartography/intel/cloudflare/__init__.py +74 -0
cartography/intel/cloudflare/accounts.py +57 -0
cartography/intel/cloudflare/dnsrecords.py +64 -0
cartography/intel/cloudflare/members.py +75 -0
cartography/intel/cloudflare/roles.py +65 -0
cartography/intel/cloudflare/zones.py +64 -0
cartography/intel/create_indexes.py +5 -3
cartography/intel/crowdstrike/__init__.py +26 -12
cartography/intel/crowdstrike/endpoints.py +17 -45
cartography/intel/crowdstrike/spotlight.py +13 -5
cartography/intel/cve/__init__.py +91 -26
cartography/intel/cve/feed.py +77 -56
cartography/intel/digitalocean/__init__.py +22 -13
cartography/intel/digitalocean/compute.py +75 -108
cartography/intel/digitalocean/management.py +44 -80
cartography/intel/digitalocean/platform.py +48 -43
cartography/intel/dns.py +41 -12
cartography/intel/duo/__init__.py +21 -16
cartography/intel/duo/api_host.py +14 -9
cartography/intel/duo/endpoints.py +50 -45
cartography/intel/duo/groups.py +18 -14
cartography/intel/duo/phones.py +37 -34
cartography/intel/duo/tokens.py +26 -23
cartography/intel/duo/users.py +54 -50
cartography/intel/duo/web_authn_credentials.py +30 -25
cartography/intel/entra/__init__.py +160 -0
cartography/intel/entra/app_role_assignments.py +284 -0
cartography/intel/entra/applications.py +182 -0
cartography/intel/entra/federation/__init__.py +0 -0
cartography/intel/entra/federation/aws_identity_center.py +77 -0
cartography/intel/entra/groups.py +198 -0
cartography/intel/entra/ou.py +136 -0
cartography/intel/entra/service_principals.py +217 -0
cartography/intel/entra/users.py +259 -0
cartography/intel/gcp/__init__.py +381 -175
cartography/intel/gcp/bigtable_app_profile.py +101 -0
cartography/intel/gcp/bigtable_backup.py +91 -0
cartography/intel/gcp/bigtable_cluster.py +93 -0
cartography/intel/gcp/bigtable_instance.py +86 -0
cartography/intel/gcp/bigtable_table.py +87 -0
cartography/intel/gcp/cai.py +292 -0
cartography/intel/gcp/clients.py +112 -0
cartography/intel/gcp/compute.py +521 -325
cartography/intel/gcp/crm/__init__.py +0 -0
cartography/intel/gcp/crm/folders.py +114 -0
cartography/intel/gcp/crm/orgs.py +70 -0
cartography/intel/gcp/crm/projects.py +120 -0
cartography/intel/gcp/dns.py +134 -179
cartography/intel/gcp/gke.py +100 -107
cartography/intel/gcp/iam.py +262 -0
cartography/intel/gcp/permission_relationships.py +394 -0
cartography/intel/gcp/policy_bindings.py +225 -0
cartography/intel/gcp/storage.py +103 -158
cartography/intel/github/__init__.py +66 -27
cartography/intel/github/commits.py +423 -0
cartography/intel/github/repos.py +871 -160
cartography/intel/github/teams.py +386 -53
cartography/intel/github/users.py +214 -49
cartography/intel/github/util.py +50 -35
cartography/intel/googleworkspace/__init__.py +193 -0
cartography/intel/googleworkspace/devices.py +254 -0
cartography/intel/googleworkspace/groups.py +568 -0
cartography/intel/googleworkspace/oauth_apps.py +259 -0
cartography/intel/googleworkspace/tenant.py +85 -0
cartography/intel/googleworkspace/users.py +138 -0
cartography/intel/gsuite/__init__.py +101 -42
cartography/intel/gsuite/groups.py +291 -0
cartography/intel/gsuite/users.py +142 -0
cartography/intel/jamf/__init__.py +19 -1
cartography/intel/jamf/computers.py +37 -8
cartography/intel/jamf/util.py +7 -2
cartography/intel/kandji/__init__.py +6 -3
cartography/intel/kandji/devices.py +40 -10
cartography/intel/keycloak/__init__.py +153 -0
cartography/intel/keycloak/authenticationexecutions.py +322 -0
cartography/intel/keycloak/authenticationflows.py +77 -0
cartography/intel/keycloak/clients.py +187 -0
cartography/intel/keycloak/groups.py +126 -0
cartography/intel/keycloak/identityproviders.py +94 -0
cartography/intel/keycloak/organizations.py +163 -0
cartography/intel/keycloak/realms.py +61 -0
cartography/intel/keycloak/roles.py +202 -0
cartography/intel/keycloak/scopes.py +73 -0
cartography/intel/keycloak/users.py +70 -0
cartography/intel/keycloak/util.py +47 -0
cartography/intel/kubernetes/__init__.py +60 -14
cartography/intel/kubernetes/clusters.py +86 -0
cartography/intel/kubernetes/eks.py +402 -0
cartography/intel/kubernetes/namespaces.py +60 -55
cartography/intel/kubernetes/pods.py +171 -75
cartography/intel/kubernetes/rbac.py +597 -0
cartography/intel/kubernetes/secrets.py +95 -45
cartography/intel/kubernetes/services.py +131 -63
cartography/intel/kubernetes/util.py +142 -14
cartography/intel/lastpass/__init__.py +2 -2
cartography/intel/lastpass/users.py +23 -12
cartography/intel/oci/__init__.py +44 -11
cartography/intel/oci/iam.py +157 -47
cartography/intel/oci/organizations.py +16 -7
cartography/intel/oci/utils.py +71 -25
cartography/intel/okta/__init__.py +66 -15
cartography/intel/okta/applications.py +57 -25
cartography/intel/okta/awssaml.py +105 -41
cartography/intel/okta/factors.py +19 -5
cartography/intel/okta/groups.py +61 -31
cartography/intel/okta/organization.py +8 -2
cartography/intel/okta/origins.py +9 -3
cartography/intel/okta/roles.py +20 -7
cartography/intel/okta/users.py +31 -10
cartography/intel/okta/utils.py +6 -4
cartography/intel/ontology/__init__.py +44 -0
cartography/intel/ontology/devices.py +54 -0
cartography/intel/ontology/users.py +54 -0
cartography/intel/ontology/utils.py +176 -0
cartography/intel/openai/__init__.py +86 -0
cartography/intel/openai/adminapikeys.py +89 -0
cartography/intel/openai/apikeys.py +96 -0
cartography/intel/openai/projects.py +97 -0
cartography/intel/openai/serviceaccounts.py +82 -0
cartography/intel/openai/users.py +75 -0
cartography/intel/openai/util.py +45 -0
cartography/intel/pagerduty/__init__.py +8 -7
cartography/intel/pagerduty/escalation_policies.py +31 -12
cartography/intel/pagerduty/schedules.py +21 -8
cartography/intel/pagerduty/services.py +18 -7
cartography/intel/pagerduty/teams.py +13 -5
cartography/intel/pagerduty/users.py +6 -2
cartography/intel/pagerduty/vendors.py +6 -2
cartography/intel/scaleway/__init__.py +127 -0
cartography/intel/scaleway/iam/__init__.py +0 -0
cartography/intel/scaleway/iam/apikeys.py +71 -0
cartography/intel/scaleway/iam/applications.py +71 -0
cartography/intel/scaleway/iam/groups.py +71 -0
cartography/intel/scaleway/iam/users.py +71 -0
cartography/intel/scaleway/instances/__init__.py +0 -0
cartography/intel/scaleway/instances/flexibleips.py +86 -0
cartography/intel/scaleway/instances/instances.py +92 -0
cartography/intel/scaleway/projects.py +79 -0
cartography/intel/scaleway/storage/__init__.py +0 -0
cartography/intel/scaleway/storage/snapshots.py +86 -0
cartography/intel/scaleway/storage/volumes.py +84 -0
cartography/intel/scaleway/utils.py +37 -0
cartography/intel/semgrep/__init__.py +30 -5
cartography/intel/semgrep/dependencies.py +255 -0
cartography/intel/semgrep/deployment.py +69 -0
cartography/intel/semgrep/findings.py +157 -117
cartography/intel/sentinelone/__init__.py +75 -0
cartography/intel/sentinelone/account.py +140 -0
cartography/intel/sentinelone/agent.py +139 -0
cartography/intel/sentinelone/api.py +124 -0
cartography/intel/sentinelone/application.py +248 -0
cartography/intel/sentinelone/cve.py +119 -0
cartography/intel/sentinelone/utils.py +28 -0
cartography/intel/slack/__init__.py +78 -0
cartography/intel/slack/channels.py +80 -0
cartography/intel/slack/groups.py +90 -0
cartography/intel/slack/teams.py +65 -0
cartography/intel/slack/users.py +57 -0
cartography/intel/slack/utils.py +29 -0
cartography/intel/snipeit/__init__.py +44 -0
cartography/intel/snipeit/asset.py +80 -0
cartography/intel/snipeit/user.py +78 -0
cartography/intel/snipeit/util.py +40 -0
cartography/intel/spacelift/__init__.py +161 -0
cartography/intel/spacelift/account.py +73 -0
cartography/intel/spacelift/ec2_ownership.py +280 -0
cartography/intel/spacelift/runs.py +463 -0
cartography/intel/spacelift/spaces.py +112 -0
cartography/intel/spacelift/stacks.py +119 -0
cartography/intel/spacelift/util.py +122 -0
cartography/intel/spacelift/workerpools.py +131 -0
cartography/intel/spacelift/workers.py +128 -0
cartography/intel/tailscale/__init__.py +77 -0
cartography/intel/tailscale/acls.py +146 -0
cartography/intel/tailscale/devices.py +127 -0
cartography/intel/tailscale/postureintegrations.py +81 -0
cartography/intel/tailscale/tailnets.py +76 -0
cartography/intel/tailscale/users.py +80 -0
cartography/intel/tailscale/utils.py +132 -0
cartography/intel/trivy/__init__.py +272 -0
cartography/intel/trivy/scanner.py +386 -0
cartography/models/airbyte/__init__.py +0 -0
cartography/models/airbyte/connection.py +138 -0
cartography/models/airbyte/destination.py +75 -0
cartography/models/airbyte/organization.py +19 -0
cartography/models/airbyte/source.py +75 -0
cartography/models/airbyte/stream.py +74 -0
cartography/models/airbyte/tag.py +69 -0
cartography/models/airbyte/user.py +115 -0
cartography/models/airbyte/workspace.py +46 -0
cartography/models/anthropic/__init__.py +0 -0
cartography/models/anthropic/apikey.py +94 -0
cartography/models/anthropic/organization.py +19 -0
cartography/models/anthropic/user.py +52 -0
cartography/models/anthropic/workspace.py +90 -0
cartography/models/aws/acm/__init__.py +0 -0
cartography/models/aws/acm/certificate.py +75 -0
cartography/models/aws/apigateway/__init__.py +0 -0
cartography/models/aws/apigateway/apigateway.py +51 -0
cartography/models/aws/apigateway/apigatewaycertificate.py +72 -0
cartography/models/aws/apigateway/apigatewaydeployment.py +74 -0
cartography/models/aws/apigateway/apigatewayintegration.py +79 -0
cartography/models/aws/apigateway/apigatewaymethod.py +74 -0
cartography/models/aws/apigateway/apigatewayresource.py +70 -0
cartography/models/aws/apigateway/apigatewaystage.py +75 -0
cartography/models/aws/apigatewayv2/__init__.py +0 -0
cartography/models/aws/apigatewayv2/apigatewayv2.py +53 -0
cartography/models/aws/cloudtrail/__init__.py +0 -0
cartography/models/aws/cloudtrail/management_events.py +153 -0
cartography/models/aws/cloudtrail/trail.py +106 -0
cartography/models/aws/cloudwatch/__init__.py +0 -0
cartography/models/aws/cloudwatch/log_metric_filter.py +79 -0
cartography/models/aws/cloudwatch/loggroup.py +52 -0
cartography/models/aws/cloudwatch/metric_alarm.py +53 -0
cartography/models/aws/codebuild/__init__.py +0 -0
cartography/models/aws/codebuild/project.py +49 -0
cartography/models/aws/cognito/__init__.py +0 -0
cartography/models/aws/cognito/identity_pool.py +70 -0
cartography/models/aws/cognito/user_pool.py +47 -0
cartography/models/aws/dynamodb/gsi.py +30 -22
cartography/models/aws/dynamodb/tables.py +27 -17
cartography/models/aws/ec2/auto_scaling_groups.py +224 -0
cartography/models/aws/ec2/images.py +36 -34
cartography/models/aws/ec2/instances.py +85 -38
cartography/models/aws/ec2/keypair.py +59 -0
cartography/models/aws/ec2/keypair_instance.py +76 -0
cartography/models/aws/ec2/launch_configurations.py +59 -0
cartography/models/aws/ec2/launch_template_versions.py +48 -38
cartography/models/aws/ec2/launch_templates.py +21 -17
cartography/models/aws/ec2/load_balancer_listeners.py +72 -0
cartography/models/aws/ec2/load_balancers.py +112 -0
cartography/models/aws/ec2/network_acl_rules.py +106 -0
cartography/models/aws/ec2/network_acls.py +95 -0
cartography/models/aws/ec2/networkinterface_instance.py +52 -39
cartography/models/aws/ec2/networkinterfaces.py +57 -37
cartography/models/aws/ec2/privateip_networkinterface.py +32 -22
cartography/models/aws/ec2/reservations.py +18 -14
cartography/models/aws/ec2/route_table_associations.py +97 -0
cartography/models/aws/ec2/route_tables.py +128 -0
cartography/models/aws/ec2/routes.py +85 -0
cartography/models/aws/ec2/security_group_rules.py +109 -0
cartography/models/aws/ec2/security_groups.py +90 -0
cartography/models/aws/ec2/securitygroup_instance.py +29 -20
cartography/models/aws/ec2/securitygroup_networkinterface.py +24 -15
cartography/models/aws/ec2/snapshots.py +58 -0
cartography/models/aws/ec2/subnet_instance.py +26 -19
cartography/models/aws/ec2/subnet_networkinterface.py +42 -31
cartography/models/aws/ec2/subnets.py +65 -0
cartography/models/aws/ec2/volumes.py +67 -40
cartography/models/aws/ec2/vpc.py +46 -0
cartography/models/aws/ec2/vpc_cidr.py +102 -0
cartography/models/aws/ec2/vpc_peering.py +157 -0
cartography/models/aws/ecr/__init__.py +0 -0
cartography/models/aws/ecr/image.py +146 -0
cartography/models/aws/ecr/image_layer.py +107 -0
cartography/models/aws/ecr/repository.py +72 -0
cartography/models/aws/ecr/repository_image.py +95 -0
cartography/models/aws/ecs/__init__.py +0 -0
cartography/models/aws/ecs/clusters.py +64 -0
cartography/models/aws/ecs/container_definitions.py +93 -0
cartography/models/aws/ecs/container_instances.py +84 -0
cartography/models/aws/ecs/containers.py +101 -0
cartography/models/aws/ecs/services.py +134 -0
cartography/models/aws/ecs/task_definitions.py +135 -0
cartography/models/aws/ecs/tasks.py +134 -0
cartography/models/aws/efs/__init__.py +0 -0
cartography/models/aws/efs/access_point.py +77 -0
cartography/models/aws/efs/file_system.py +60 -0
cartography/models/aws/efs/mount_target.py +79 -0
cartography/models/aws/eks/clusters.py +23 -21
cartography/models/aws/elasticache/__init__.py +0 -0
cartography/models/aws/elasticache/cluster.py +65 -0
cartography/models/aws/elasticache/topic.py +67 -0
cartography/models/aws/emr.py +32 -30
cartography/models/aws/eventbridge/__init__.py +0 -0
cartography/models/aws/eventbridge/rule.py +77 -0
cartography/models/aws/eventbridge/target.py +71 -0
cartography/models/aws/glue/__init__.py +0 -0
cartography/models/aws/glue/connection.py +51 -0
cartography/models/aws/glue/job.py +69 -0
cartography/models/aws/guardduty/__init__.py +1 -0
cartography/models/aws/guardduty/detectors.py +50 -0
cartography/models/aws/guardduty/findings.py +121 -0
cartography/models/aws/iam/__init__.py +0 -0
cartography/models/aws/iam/access_key.py +103 -0
cartography/models/aws/iam/account_role.py +24 -0
cartography/models/aws/iam/federated_principal.py +60 -0
cartography/models/aws/iam/group.py +60 -0
cartography/models/aws/iam/group_membership.py +27 -0
cartography/models/aws/iam/inline_policy.py +78 -0
cartography/models/aws/iam/instanceprofile.py +76 -0
cartography/models/aws/iam/managed_policy.py +51 -0
cartography/models/aws/iam/policy_statement.py +57 -0
cartography/models/aws/iam/role.py +83 -0
cartography/models/aws/iam/root_principal.py +52 -0
cartography/models/aws/iam/service_principal.py +30 -0
cartography/models/aws/iam/sts_assumerole_allow.py +38 -0
cartography/models/aws/iam/user.py +59 -0
cartography/models/aws/identitycenter/__init__.py +0 -0
cartography/models/aws/identitycenter/awsidentitycenter.py +49 -0
cartography/models/aws/identitycenter/awspermissionset.py +162 -0
cartography/models/aws/identitycenter/awssogroup.py +70 -0
cartography/models/aws/identitycenter/awsssouser.py +110 -0
cartography/models/aws/inspector/findings.py +124 -58
cartography/models/aws/inspector/packages.py +18 -42
cartography/models/aws/kms/__init__.py +0 -0
cartography/models/aws/kms/aliases.py +86 -0
cartography/models/aws/kms/grants.py +65 -0
cartography/models/aws/kms/keys.py +88 -0
cartography/models/aws/lambda_function/__init__.py +0 -0
cartography/models/aws/lambda_function/alias.py +74 -0
cartography/models/aws/lambda_function/event_source_mapping.py +88 -0
cartography/models/aws/lambda_function/lambda_function.py +91 -0
cartography/models/aws/lambda_function/layer.py +72 -0
cartography/models/aws/rds/__init__.py +0 -0
cartography/models/aws/rds/cluster.py +91 -0
cartography/models/aws/rds/event_subscription.py +146 -0
cartography/models/aws/rds/instance.py +156 -0
cartography/models/aws/rds/snapshot.py +108 -0
cartography/models/aws/rds/subnet_group.py +101 -0
cartography/models/aws/route53/__init__.py +0 -0
cartography/models/aws/route53/dnsrecord.py +235 -0
cartography/models/aws/route53/nameserver.py +63 -0
cartography/models/aws/route53/subzone.py +40 -0
cartography/models/aws/route53/zone.py +47 -0
cartography/models/aws/s3/__init__.py +0 -0
cartography/models/aws/s3/account_public_access_block.py +51 -0
cartography/models/aws/s3/notification.py +24 -0
cartography/models/aws/secretsmanager/__init__.py +0 -0
cartography/models/aws/secretsmanager/secret.py +106 -0
cartography/models/aws/secretsmanager/secret_version.py +114 -0
cartography/models/aws/sns/__init__.py +0 -0
cartography/models/aws/sns/topic.py +50 -0
cartography/models/aws/sns/topic_subscription.py +74 -0
cartography/models/aws/sqs/__init__.py +0 -0
cartography/models/aws/sqs/queue.py +89 -0
cartography/models/aws/ssm/instance_information.py +51 -39
cartography/models/aws/ssm/instance_patch.py +32 -26
cartography/models/aws/ssm/parameters.py +84 -0
cartography/models/azure/__init__.py +0 -0
cartography/models/azure/aks_cluster.py +54 -0
cartography/models/azure/aks_nodepool.py +54 -0
cartography/models/azure/app_service.py +59 -0
cartography/models/azure/container_instance.py +57 -0
cartography/models/azure/cosmosdb/__init__.py +0 -0
cartography/models/azure/cosmosdb/account.py +77 -0
cartography/models/azure/cosmosdb/accountfailoverpolicy.py +77 -0
cartography/models/azure/cosmosdb/cassandrakeyspace.py +82 -0
cartography/models/azure/cosmosdb/cassandratable.py +81 -0
cartography/models/azure/cosmosdb/corspolicy.py +74 -0
cartography/models/azure/cosmosdb/dblocation.py +120 -0
cartography/models/azure/cosmosdb/mongodbcollection.py +82 -0
cartography/models/azure/cosmosdb/mongodbdatabase.py +78 -0
cartography/models/azure/cosmosdb/privateendpointconnection.py +81 -0
cartography/models/azure/cosmosdb/sqlcontainer.py +88 -0
cartography/models/azure/cosmosdb/sqldatabase.py +78 -0
cartography/models/azure/cosmosdb/tableresource.py +76 -0
cartography/models/azure/cosmosdb/virtualnetworkrule.py +78 -0
cartography/models/azure/data_factory/__init__.py +0 -0
cartography/models/azure/data_factory/data_factory.py +51 -0
cartography/models/azure/data_factory/data_factory_dataset.py +94 -0
cartography/models/azure/data_factory/data_factory_linked_service.py +78 -0
cartography/models/azure/data_factory/data_factory_pipeline.py +93 -0
cartography/models/azure/data_lake_filesystem.py +51 -0
cartography/models/azure/event_grid_topic.py +57 -0
cartography/models/azure/function_app.py +59 -0
cartography/models/azure/load_balancer/__init__.py +0 -0
cartography/models/azure/load_balancer/load_balancer.py +49 -0
cartography/models/azure/load_balancer/load_balancer_backend_pool.py +73 -0
cartography/models/azure/load_balancer/load_balancer_frontend_ip.py +75 -0
cartography/models/azure/load_balancer/load_balancer_inbound_nat_rule.py +78 -0
cartography/models/azure/load_balancer/load_balancer_rule.py +108 -0
cartography/models/azure/logic_apps.py +56 -0
cartography/models/azure/monitor.py +54 -0
cartography/models/azure/network_interface.py +112 -0
cartography/models/azure/network_security_group.py +50 -0
cartography/models/azure/permission_relationships.py +60 -0
cartography/models/azure/principal.py +41 -0
cartography/models/azure/public_ip_address.py +50 -0
cartography/models/azure/rbac.py +268 -0
cartography/models/azure/resource_groups.py +52 -0
cartography/models/azure/security_center.py +50 -0
cartography/models/azure/sql/__init__.py +0 -0
cartography/models/azure/sql/databasethreatdetectionpolicy.py +85 -0
cartography/models/azure/sql/elasticpool.py +77 -0
cartography/models/azure/sql/failovergroup.py +73 -0
cartography/models/azure/sql/recoverabledatabase.py +75 -0
cartography/models/azure/sql/replicationlink.py +81 -0
cartography/models/azure/sql/restorabledroppeddatabase.py +82 -0
cartography/models/azure/sql/restorepoint.py +74 -0
cartography/models/azure/sql/serveradadministrator.py +74 -0
cartography/models/azure/sql/serverdnsalias.py +71 -0
cartography/models/azure/sql/sqldatabase.py +85 -0
cartography/models/azure/sql/sqlserver.py +50 -0
cartography/models/azure/sql/transparentdataencryption.py +76 -0
cartography/models/azure/storage/__init__.py +0 -0
cartography/models/azure/storage/account.py +59 -0
cartography/models/azure/storage/blobcontainer.py +85 -0
cartography/models/azure/storage/blobservice.py +71 -0
cartography/models/azure/storage/fileservice.py +71 -0
cartography/models/azure/storage/fileshare.py +82 -0
cartography/models/azure/storage/queue.py +71 -0
cartography/models/azure/storage/queueservice.py +73 -0
cartography/models/azure/storage/table.py +72 -0
cartography/models/azure/storage/tableservice.py +73 -0
cartography/models/azure/subnet.py +101 -0
cartography/models/azure/subscription.py +47 -0
cartography/models/azure/tags/__init__.py +0 -0
cartography/models/azure/tags/storage_tag.py +40 -0
cartography/models/azure/tags/tag.py +37 -0
cartography/models/azure/tenant.py +17 -0
cartography/models/azure/virtual_network.py +49 -0
cartography/models/azure/vm/__init__.py +0 -0
cartography/models/azure/vm/datadisk.py +80 -0
cartography/models/azure/vm/disk.py +55 -0
cartography/models/azure/vm/snapshot.py +56 -0
cartography/models/azure/vm/virtualmachine.py +59 -0
cartography/models/bigfix/bigfix_computer.py +42 -38
cartography/models/bigfix/bigfix_root.py +3 -3
cartography/models/cloudflare/__init__.py +0 -0
cartography/models/cloudflare/account.py +25 -0
cartography/models/cloudflare/dnsrecord.py +55 -0
cartography/models/cloudflare/member.py +86 -0
cartography/models/cloudflare/role.py +44 -0
cartography/models/cloudflare/zone.py +59 -0
cartography/models/core/common.py +53 -2
cartography/models/core/nodes.py +20 -4
cartography/models/core/relationships.py +58 -6
cartography/models/crowdstrike/__init__.py +0 -0
cartography/models/crowdstrike/hosts.py +51 -0
cartography/models/cve/cve.py +34 -32
cartography/models/cve/cve_feed.py +6 -6
cartography/models/digitalocean/__init__.py +0 -0
cartography/models/digitalocean/account.py +21 -0
cartography/models/digitalocean/droplet.py +58 -0
cartography/models/digitalocean/project.py +48 -0
cartography/models/duo/api_host.py +3 -3
cartography/models/duo/endpoint.py +43 -41
cartography/models/duo/group.py +14 -14
cartography/models/duo/phone.py +27 -27
cartography/models/duo/token.py +16 -16
cartography/models/duo/user.py +50 -44
cartography/models/duo/web_authn_credential.py +27 -19
cartography/models/entra/__init__.py +0 -0
cartography/models/entra/app_role_assignment.py +115 -0
cartography/models/entra/application.py +49 -0
cartography/models/entra/entra_user_to_aws_sso.py +41 -0
cartography/models/entra/group.py +117 -0
cartography/models/entra/ou.py +48 -0
cartography/models/entra/service_principal.py +104 -0
cartography/models/entra/tenant.py +39 -0
cartography/models/entra/user.py +90 -0
cartography/models/gcp/__init__.py +0 -0
cartography/models/gcp/bigtable/__init__.py +0 -0
cartography/models/gcp/bigtable/app_profile.py +94 -0
cartography/models/gcp/bigtable/backup.py +91 -0
cartography/models/gcp/bigtable/cluster.py +73 -0
cartography/models/gcp/bigtable/instance.py +52 -0
cartography/models/gcp/bigtable/table.py +69 -0
cartography/models/gcp/compute/__init__.py +0 -0
cartography/models/gcp/compute/subnet.py +74 -0
cartography/models/gcp/compute/vpc.py +50 -0
cartography/models/gcp/crm/__init__.py +0 -0
cartography/models/gcp/crm/folders.py +98 -0
cartography/models/gcp/crm/organizations.py +21 -0
cartography/models/gcp/crm/projects.py +100 -0
cartography/models/gcp/dns.py +109 -0
cartography/models/gcp/gke.py +69 -0
cartography/models/gcp/iam.py +73 -0
cartography/models/gcp/permission_relationships.py +61 -0
cartography/models/gcp/policy_bindings.py +93 -0
cartography/models/gcp/storage/__init__.py +0 -0
cartography/models/gcp/storage/bucket.py +119 -0
cartography/models/github/commits.py +63 -0
cartography/models/github/dependencies.py +73 -0
cartography/models/github/manifests.py +49 -0
cartography/models/github/orgs.py +27 -0
cartography/models/github/teams.py +74 -22
cartography/models/github/users.py +149 -0
cartography/models/googleworkspace/__init__.py +0 -0
cartography/models/googleworkspace/device.py +132 -0
cartography/models/googleworkspace/group.py +382 -0
cartography/models/googleworkspace/oauth_app.py +124 -0
cartography/models/googleworkspace/tenant.py +30 -0
cartography/models/googleworkspace/user.py +113 -0
cartography/models/gsuite/__init__.py +0 -0
cartography/models/gsuite/group.py +218 -0
cartography/models/gsuite/tenant.py +29 -0
cartography/models/gsuite/user.py +107 -0
cartography/models/kandji/device.py +22 -17
cartography/models/kandji/tenant.py +6 -4
cartography/models/keycloak/__init__.py +0 -0
cartography/models/keycloak/authenticationexecution.py +160 -0
cartography/models/keycloak/authenticationflow.py +54 -0
cartography/models/keycloak/client.py +179 -0
cartography/models/keycloak/group.py +101 -0
cartography/models/keycloak/identityprovider.py +89 -0
cartography/models/keycloak/organization.py +116 -0
cartography/models/keycloak/organizationdomain.py +73 -0
cartography/models/keycloak/realm.py +173 -0
cartography/models/keycloak/role.py +126 -0
cartography/models/keycloak/scope.py +73 -0
cartography/models/keycloak/user.py +55 -0
cartography/models/kubernetes/__init__.py +0 -0
cartography/models/kubernetes/clusterrolebindings.py +138 -0
cartography/models/kubernetes/clusterroles.py +52 -0
cartography/models/kubernetes/clusters.py +26 -0
cartography/models/kubernetes/containers.py +133 -0
cartography/models/kubernetes/groups.py +107 -0
cartography/models/kubernetes/namespaces.py +51 -0
cartography/models/kubernetes/oidc.py +51 -0
cartography/models/kubernetes/pods.py +80 -0
cartography/models/kubernetes/rolebindings.py +159 -0
cartography/models/kubernetes/roles.py +76 -0
cartography/models/kubernetes/secrets.py +79 -0
cartography/models/kubernetes/serviceaccounts.py +77 -0
cartography/models/kubernetes/services.py +108 -0
cartography/models/kubernetes/users.py +105 -0
cartography/models/lastpass/tenant.py +3 -3
cartography/models/lastpass/user.py +36 -28
cartography/models/ontology/__init__.py +0 -0
cartography/models/ontology/device.py +137 -0
cartography/models/ontology/mapping/__init__.py +76 -0
cartography/models/ontology/mapping/data/__init__.py +0 -0
cartography/models/ontology/mapping/data/apikeys.py +93 -0
cartography/models/ontology/mapping/data/computeinstance.py +95 -0
cartography/models/ontology/mapping/data/containers.py +88 -0
cartography/models/ontology/mapping/data/databases.py +182 -0
cartography/models/ontology/mapping/data/devices.py +194 -0
cartography/models/ontology/mapping/data/thirdpartyapps.py +140 -0
cartography/models/ontology/mapping/data/useraccounts.py +416 -0
cartography/models/ontology/mapping/data/users.py +63 -0
cartography/models/ontology/mapping/specs.py +85 -0
cartography/models/ontology/user.py +51 -0
cartography/models/openai/__init__.py +0 -0
cartography/models/openai/adminapikey.py +94 -0
cartography/models/openai/apikey.py +88 -0
cartography/models/openai/organization.py +17 -0
cartography/models/openai/project.py +89 -0
cartography/models/openai/serviceaccount.py +50 -0
cartography/models/openai/user.py +53 -0
cartography/models/scaleway/__init__.py +0 -0
cartography/models/scaleway/iam/__init__.py +0 -0
cartography/models/scaleway/iam/apikey.py +100 -0
cartography/models/scaleway/iam/application.py +52 -0
cartography/models/scaleway/iam/group.py +95 -0
cartography/models/scaleway/iam/user.py +64 -0
cartography/models/scaleway/instance/__init__.py +0 -0
cartography/models/scaleway/instance/flexibleip.py +52 -0
cartography/models/scaleway/instance/instance.py +120 -0
cartography/models/scaleway/organization.py +19 -0
cartography/models/scaleway/project.py +48 -0
cartography/models/scaleway/storage/__init__.py +0 -0
cartography/models/scaleway/storage/snapshot.py +78 -0
cartography/models/scaleway/storage/volume.py +51 -0
cartography/models/semgrep/dependencies.py +102 -0
cartography/models/semgrep/deployment.py +5 -5
cartography/models/semgrep/findings.py +58 -40
cartography/models/semgrep/locations.py +27 -21
cartography/models/sentinelone/__init__.py +1 -0
cartography/models/sentinelone/account.py +40 -0
cartography/models/sentinelone/agent.py +50 -0
cartography/models/sentinelone/application.py +44 -0
cartography/models/sentinelone/application_version.py +96 -0
cartography/models/sentinelone/cve.py +73 -0
cartography/models/slack/__init__.py +0 -0
cartography/models/slack/channels.py +92 -0
cartography/models/slack/group.py +129 -0
cartography/models/slack/team.py +22 -0
cartography/models/slack/user.py +62 -0
cartography/models/snipeit/__init__.py +0 -0
cartography/models/snipeit/asset.py +92 -0
cartography/models/snipeit/tenant.py +19 -0
cartography/models/snipeit/user.py +60 -0
cartography/models/spacelift/__init__.py +0 -0
cartography/models/spacelift/cloudtrailevent.py +120 -0
cartography/models/spacelift/run.py +162 -0
cartography/models/spacelift/space.py +131 -0
cartography/models/spacelift/spaceliftaccount.py +31 -0
cartography/models/spacelift/spaceliftgitcommit.py +157 -0
cartography/models/spacelift/stack.py +96 -0
cartography/models/spacelift/user.py +63 -0
cartography/models/spacelift/worker.py +97 -0
cartography/models/spacelift/workerpool.py +90 -0
cartography/models/tailscale/__init__.py +0 -0
cartography/models/tailscale/device.py +96 -0
cartography/models/tailscale/group.py +86 -0
cartography/models/tailscale/postureintegration.py +58 -0
cartography/models/tailscale/tag.py +102 -0
cartography/models/tailscale/tailnet.py +29 -0
cartography/models/tailscale/user.py +57 -0
cartography/models/trivy/__init__.py +0 -0
cartography/models/trivy/findings.py +66 -0
cartography/models/trivy/fix.py +66 -0
cartography/models/trivy/package.py +71 -0
cartography/rules/README.md +1 -0
cartography/rules/__init__.py +0 -0
cartography/rules/cli.py +261 -0
cartography/rules/data/__init__.py +0 -0
cartography/rules/data/rules/__init__.py +46 -0
cartography/rules/data/rules/cloud_security_product_deactivated.py +49 -0
cartography/rules/data/rules/compute_instance_exposed.py +51 -0
cartography/rules/data/rules/database_instance_exposed.py +53 -0
cartography/rules/data/rules/delegation_boundary_modifiable.py +90 -0
cartography/rules/data/rules/identity_administration_privileges.py +100 -0
cartography/rules/data/rules/inactive_user_active_accounts.py +48 -0
cartography/rules/data/rules/malicious_npm_dependencies_shai_hulud.py +2222 -0
cartography/rules/data/rules/mfa_missing.py +46 -0
cartography/rules/data/rules/object_storage_public.py +100 -0
cartography/rules/data/rules/policy_administration_privileges.py +104 -0
cartography/rules/data/rules/unmanaged_accounts.py +43 -0
cartography/rules/data/rules/workload_identity_admin_capabilities.py +193 -0
cartography/rules/formatters.py +108 -0
cartography/rules/runners.py +216 -0
cartography/rules/spec/__init__.py +0 -0
cartography/rules/spec/model.py +267 -0
cartography/rules/spec/result.py +38 -0
cartography/stats.py +4 -4
cartography/sync.py +137 -31
cartography/util.py +187 -77
cartography-0.123.0.dist-info/METADATA +230 -0
cartography-0.123.0.dist-info/RECORD +856 -0
{cartography-0.93.0rc1.dist-info → cartography-0.123.0.dist-info}/WHEEL +1 -1
{cartography-0.93.0rc1.dist-info → cartography-0.123.0.dist-info}/entry_points.txt +1 -0
{cartography-0.93.0rc1.dist-info → cartography-0.123.0.dist-info/licenses}/LICENSE +1 -1
cartography/data/jobs/analysis/aws_ec2_iaminstance.json +0 -10
cartography/data/jobs/analysis/aws_ec2_iaminstanceprofile.json +0 -10
cartography/data/jobs/cleanup/aws_apigateway_details.json +0 -10
cartography/data/jobs/cleanup/aws_dns_cleanup.json +0 -65
cartography/data/jobs/cleanup/aws_import_account_access_key_cleanup.json +0 -17
cartography/data/jobs/cleanup/aws_import_apigateway_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_import_ec2_security_groupinfo_cleanup.json +0 -24
cartography/data/jobs/cleanup/aws_import_groups_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_lambda_cleanup.json +0 -50
cartography/data/jobs/cleanup/aws_import_principals_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_rds_clusters_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_rds_instances_cleanup.json +0 -47
cartography/data/jobs/cleanup/aws_import_rds_snapshots_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_roles_cleanup.json +0 -13
cartography/data/jobs/cleanup/aws_import_secrets_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_snapshots_cleanup.json +0 -30
cartography/data/jobs/cleanup/aws_import_users_cleanup.json +0 -8
cartography/data/jobs/cleanup/aws_import_vpc_cleanup.json +0 -23
cartography/data/jobs/cleanup/aws_import_vpc_peering_cleanup.json +0 -45
cartography/data/jobs/cleanup/aws_kms_details.json +0 -10
cartography/data/jobs/cleanup/azure_cosmosdb_cassandra_keyspace_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_cors_details.json +0 -15
cartography/data/jobs/cleanup/azure_cosmosdb_mongodb_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_sql_database_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_cosmosdb_table_resources_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_database_account_cleanup.json +0 -85
cartography/data/jobs/cleanup/azure_import_disks_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_snapshots_cleanup.json +0 -15
cartography/data/jobs/cleanup/azure_import_virtual_machines_cleanup.json +0 -25
cartography/data/jobs/cleanup/azure_sql_server_cleanup.json +0 -125
cartography/data/jobs/cleanup/azure_storage_account_cleanup.json +0 -95
cartography/data/jobs/cleanup/azure_subscriptions_cleanup.json +0 -14
cartography/data/jobs/cleanup/azure_tenant_cleanup.json +0 -9
cartography/data/jobs/cleanup/crxcavator_import_cleanup.json +0 -18
cartography/data/jobs/cleanup/gcp_compute_vpc_subnet_cleanup.json +0 -35
cartography/data/jobs/cleanup/gcp_crm_folder_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_crm_organization_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json +0 -23
cartography/data/jobs/cleanup/gcp_dns_cleanup.json +0 -29
cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json +0 -17
cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json +0 -29
cartography/data/jobs/cleanup/github_users_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json +0 -23
cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json +0 -11
cartography/data/jobs/cleanup/kubernetes_import_cleanup.json +0 -70
cartography/intel/crxcavator/__init__.py +0 -44
cartography/intel/crxcavator/crxcavator.py +0 -329
cartography/intel/gcp/crm.py +0 -302
cartography/intel/gsuite/api.py +0 -284
cartography/models/aws/ec2/keypairs.py +0 -64
cartography-0.93.0rc1.dist-info/METADATA +0 -55
cartography-0.93.0rc1.dist-info/NOTICE +0 -4
cartography-0.93.0rc1.dist-info/RECORD +0 -341
/cartography/data/jobs/{analysis → scoped_analysis}/aws_s3acl_analysis.json +0 -0
{cartography-0.93.0rc1.dist-info → cartography-0.123.0.dist-info}/top_level.txt +0 -0

cartography/intel/okta/users.py CHANGED Viewed

@@ -8,11 +8,11 @@ import neo4j
 from okta import UsersClient
 from okta.models.user import User
+from cartography.client.core.tx import run_write_query
 from cartography.intel.okta.sync_state import OktaSyncState
 from cartography.intel.okta.utils import check_rate_limit
 from cartography.util import timeit
 logger = logging.getLogger(__name__)
@@ -56,7 +56,9 @@ def _get_okta_users(user_client: UsersClient) -> List[Dict]:
 @timeit
-def transform_okta_user_list(okta_user_list: List[User]) -> Tuple[List[Dict], List[str]]:
+def transform_okta_user_list(
+    okta_user_list: List[User],
+) -> Tuple[List[Dict], List[str]]:
     users: List[Dict] = []
     user_ids: List[str] = []
@@ -91,7 +93,9 @@ def transform_okta_user(okta_user: User) -> Dict:
         user_props["activated"] = None
     if okta_user.statusChanged:
-        user_props["status_changed"] = okta_user.statusChanged.strftime("%m/%d/%Y, %H:%M:%S")
+        user_props["status_changed"] = okta_user.statusChanged.strftime(
+            "%m/%d/%Y, %H:%M:%S",
+        )
     else:
         user_props["status_changed"] = None
@@ -101,12 +105,16 @@ def transform_okta_user(okta_user: User) -> Dict:
         user_props["last_login"] = None
     if okta_user.lastUpdated:
-        user_props["okta_last_updated"] = okta_user.lastUpdated.strftime("%m/%d/%Y, %H:%M:%S")
+        user_props["okta_last_updated"] = okta_user.lastUpdated.strftime(
+            "%m/%d/%Y, %H:%M:%S",
+        )
     else:
         user_props["okta_last_updated"] = None
     if okta_user.passwordChanged:
-        user_props["password_changed"] = okta_user.passwordChanged.strftime("%m/%d/%Y, %H:%M:%S")
+        user_props["password_changed"] = okta_user.passwordChanged.strftime(
+            "%m/%d/%Y, %H:%M:%S",
+        )
     else:
         user_props["password_changed"] = None
@@ -120,7 +128,9 @@ def transform_okta_user(okta_user: User) -> Dict:
 @timeit
 def _load_okta_users(
-    neo4j_session: neo4j.Session, okta_org_id: str, user_list: List[Dict],
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    user_list: List[Dict],
     okta_update_tag: int,
 ) -> None:
     """
@@ -150,7 +160,14 @@ def _load_okta_users(
     new_user.okta_last_updated = user_data.okta_last_updated,
     new_user.password_changed = user_data.password_changed,
     new_user.transition_to_status = user_data.transition_to_status,
-    new_user.lastupdated = $okta_update_tag
+    new_user.lastupdated = $okta_update_tag,
+    new_user:UserAccount,
+    new_user._module_name = "cartography:okta",
+    new_user._ont_email = user_data.email,
+    new_user._ont_firstname = user_data.first_name,
+    new_user._ont_lastname = user_data.last_name,
+    new_user._ont_lastactivity = user_data.last_login,
+    new_user._ont_source = "okta"
     WITH new_user, org
     MERGE (org)-[org_r:RESOURCE]->(new_user)
     ON CREATE SET org_r.firstseen = timestamp()
@@ -164,7 +181,8 @@ def _load_okta_users(
     SET h.lastupdated = $okta_update_tag
     """
-    neo4j_session.run(
+    run_write_query(
+        neo4j_session,
         ingest_statement,
         ORG_ID=okta_org_id,
         USER_LIST=user_list,
@@ -174,8 +192,11 @@ def _load_okta_users(
 @timeit
 def sync_okta_users(
-    neo4j_session: neo4j.Session, okta_org_id: str, okta_update_tag: int,
-    okta_api_key: str, sync_state: OktaSyncState,
+    neo4j_session: neo4j.Session,
+    okta_org_id: str,
+    okta_update_tag: int,
+    okta_api_key: str,
+    sync_state: OktaSyncState,
 ) -> None:
     """
     Sync okta users

cartography/intel/okta/utils.py CHANGED Viewed

@@ -43,9 +43,9 @@ def check_rate_limit(response: Response) -> None:
     """
     rate_limit_threshold = 0.1
-    remaining = response.headers.get('x-rate-limit-remaining')
-    limit = response.headers.get('x-rate-limit-limit')
-    reset_time = response.headers.get('x-rate-limit-reset')
+    remaining = response.headers.get("x-rate-limit-remaining")
+    limit = response.headers.get("x-rate-limit-limit")
+    reset_time = response.headers.get("x-rate-limit-reset")
     if remaining and limit and reset_time:
         if (int(remaining) / int(limit)) < rate_limit_threshold:
@@ -58,5 +58,7 @@ def check_rate_limit(response: Response) -> None:
                     f"Okta API limit exceeded. Sleep time of {sleep_time_seconds} would exceed one minute. Crashing "
                     f"Okta sync to avoid blocking.",
                 )
-            logger.warning(f"Okta rate limit threshold reached. Waiting {sleep_time_seconds} seconds.")
+            logger.warning(
+                f"Okta rate limit threshold reached. Waiting {sleep_time_seconds} seconds.",
+            )
             time.sleep(sleep_time_seconds)

cartography/intel/ontology/__init__.py ADDED Viewed

@@ -0,0 +1,44 @@
+import logging
+import neo4j
+import cartography.intel.ontology.devices
+import cartography.intel.ontology.users
+from cartography.config import Config
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def run(neo4j_session: neo4j.Session, config: Config) -> None:
+    common_job_parameters = {
+        "UPDATE_TAG": config.update_tag,
+    }
+    # Get source of truth from config
+    if config.ontology_users_source:
+        users_source_of_truth = [
+            source.strip() for source in config.ontology_users_source.split(",")
+        ]
+    else:
+        users_source_of_truth = []
+    if config.ontology_devices_source:
+        computers_source_of_truth = [
+            source.strip() for source in config.ontology_devices_source.split(",")
+        ]
+    else:
+        computers_source_of_truth = []
+    cartography.intel.ontology.users.sync(
+        neo4j_session,
+        users_source_of_truth,
+        config.update_tag,
+        common_job_parameters,
+    )
+    cartography.intel.ontology.devices.sync(
+        neo4j_session,
+        computers_source_of_truth,
+        config.update_tag,
+        common_job_parameters,
+    )

cartography/intel/ontology/devices.py ADDED Viewed

@@ -0,0 +1,54 @@
+import logging
+from typing import Any
+import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.ontology.utils import get_source_nodes_from_graph
+from cartography.intel.ontology.utils import link_ontology_nodes
+from cartography.models.ontology.device import DeviceSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    source_of_truth: list[str],
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    data = get_source_nodes_from_graph(neo4j_session, source_of_truth, "devices")
+    load_devices(
+        neo4j_session,
+        data,
+        update_tag,
+    )
+    link_ontology_nodes(neo4j_session, "devices", update_tag)
+    cleanup(neo4j_session, common_job_parameters)
+@timeit
+def load_devices(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        DeviceSchema(),
+        data,
+        lastupdated=update_tag,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    GraphJob.from_node_schema(DeviceSchema(), common_job_parameters).run(
+        neo4j_session,
+    )

cartography/intel/ontology/users.py ADDED Viewed

@@ -0,0 +1,54 @@
+import logging
+from typing import Any
+import neo4j
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.ontology.utils import get_source_nodes_from_graph
+from cartography.intel.ontology.utils import link_ontology_nodes
+from cartography.models.ontology.user import UserSchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    source_of_truth: list[str],
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    data = get_source_nodes_from_graph(neo4j_session, source_of_truth, "users")
+    load_users(
+        neo4j_session,
+        data,
+        update_tag,
+    )
+    link_ontology_nodes(neo4j_session, "users", update_tag)
+    cleanup(neo4j_session, common_job_parameters)
+@timeit
+def load_users(
+    neo4j_session: neo4j.Session,
+    data: list[dict[str, Any]],
+    update_tag: int,
+) -> None:
+    load(
+        neo4j_session,
+        UserSchema(),
+        data,
+        lastupdated=update_tag,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session,
+    common_job_parameters: dict[str, Any],
+) -> None:
+    GraphJob.from_node_schema(UserSchema(), common_job_parameters).run(
+        neo4j_session,
+    )

cartography/intel/ontology/utils.py ADDED Viewed

@@ -0,0 +1,176 @@
+import logging
+from dataclasses import asdict
+from typing import Any
+import neo4j
+from cartography.client.core.tx import read_list_of_dicts_tx
+from cartography.graph.job import GraphJob
+from cartography.models.ontology.mapping import ONTOLOGY_MODELS
+from cartography.models.ontology.mapping import ONTOLOGY_NODES_MAPPING
+from cartography.models.ontology.mapping.specs import OntologyNodeMapping
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def _run_source_node_single_query(
+    module_name: str,
+    node: OntologyNodeMapping,
+    neo4j_session: neo4j.Session,
+    query: str,
+    results: dict[str, dict[str, Any]],
+    **kwargs: Any,
+) -> dict[str, dict[str, Any]]:
+    # DOC
+    for row in neo4j_session.execute_read(read_list_of_dicts_tx, query, **kwargs):
+        node_data = row["n"]
+        result: dict[str, Any] = {}
+        skip_node: bool = False
+        # Extract only the fields defined in the ontology mapping
+        for field in node.fields:
+            value = node_data.get(field.node_field)
+            # Skip nodes missing required fields
+            if field.required and not value:
+                logger.debug(
+                    "Skipping node with label '%s' due to missing required field '%s'.",
+                    node.node_label,
+                    field.node_field,
+                )
+                skip_node = True
+                break
+            result[field.ontology_field] = value
+        if skip_node:
+            continue
+        # Merge results based on the node's id field to avoid duplicates
+        ontology_model = ONTOLOGY_MODELS[module_name]
+        if ontology_model is None:
+            # Should not happen as we skip non-eligible nodes above
+            logger.warning(
+                "No ontology model found for module '%s'. Skipping node label '%s'.",
+                module_name,
+                node.node_label,
+            )
+            continue
+        id_field = ontology_model().properties.id.name
+        existing = results.get(result[id_field])
+        if existing:
+            logger.debug("Merging node: %s to %s", result[id_field], existing[id_field])
+            # Merge existing data with new data, prioritizing non-None values
+            for key, value in result.items():
+                if existing.get(key) is None and value is not None:
+                    existing[key] = value
+        else:
+            logger.debug("Adding new node: %s", result[id_field])
+            results[result[id_field]] = result
+    return results
+@timeit
+def get_source_nodes_from_graph(
+    neo4j_session: neo4j.Session,
+    source_of_truth: list[str],
+    module_name: str,
+) -> list[dict[str, Any]]:
+    """Retrieve source nodes from the Neo4j graph database based on the ontology mapping.
+    This function queries the Neo4j database for nodes that match the labels
+    defined in the ontology mapping for the specified module and source of truth.
+    It returns a list of dictionaries containing the relevant fields for each node.
+    If no source of truth is provided, default to all sources defined in the mapping.
+    Args:
+        neo4j_session (neo4j.Session): The Neo4j session to use for querying the database.
+        source_of_truth (list[str]): A list of source of truth identifiers to filter the modules.
+        module_name (str): The name of the ontology module to use for the mapping (eg. users, devices, etc.).
+    Returns:
+        list[dict[str, Any]]: A list of dictionaries, each containing a node details formatted according to the ontology mapping.
+    """
+    results: dict[str, dict[str, Any]] = {}
+    modules_mapping = ONTOLOGY_NODES_MAPPING[module_name]
+    if len(source_of_truth) == 0:
+        source_of_truth = list(modules_mapping.keys())
+    # Check if ontology nodes are used in mapping
+    _has_ontology = False
+    if modules_mapping.get("ontology") is not None:
+        _has_ontology = True
+        for node in modules_mapping["ontology"].nodes:
+            if not node.eligible_for_source:
+                logger.debug(
+                    "Skipping ontology node with label '%s' as it is not eligible for source of truth.",
+                    node.node_label,
+                )
+                continue
+            # Run the query for every source
+            for source in source_of_truth:
+                # Use parameterized query to prevent Cypher injection attacks
+                query = f"MATCH (n:{node.node_label} {{_ont_source: $source}}) RETURN n"
+                results = _run_source_node_single_query(
+                    module_name, node, neo4j_session, query, results, source=source
+                )
+    # Run queries for each source of truth
+    for source in source_of_truth:
+        if source not in modules_mapping:
+            if not _has_ontology:
+                logger.warning(
+                    "Source of truth '%s' is not supported for '%s'.",
+                    source,
+                    module_name,
+                )
+            continue
+        for node in modules_mapping[source].nodes:
+            if not node.eligible_for_source:
+                logger.debug(
+                    "Skipping node with label '%s' as it is not eligible for source of truth '%s'.",
+                    node.node_label,
+                    source,
+                )
+                continue
+            query = f"MATCH (n:{node.node_label}) RETURN n"
+            results = _run_source_node_single_query(
+                module_name, node, neo4j_session, query, results
+            )
+    return list(results.values())
+@timeit
+def link_ontology_nodes(
+    neo4j_session: neo4j.Session,
+    module_name: str,
+    update_tag: int,
+) -> None:
+    """Link ontology nodes in the Neo4j graph database based on the ontology mapping.
+    This function retrieves the ontology mapping for the specified module and
+    executes the relationship statements defined in the mapping to link nodes
+    in the Neo4j graph database.
+    Args:
+        neo4j_session (neo4j.Session): The Neo4j session to use for executing the relationship statements.
+        module_name (str): The name of the ontology module for which to link nodes (eg. users, devices, etc.).
+        update_tag (int): The update tag of the current run, used to tag the changes in the graph.
+    """
+    modules_mapping = ONTOLOGY_NODES_MAPPING.get(module_name)
+    if modules_mapping is None:
+        logger.warning("No ontology mapping found for module '%s'.", module_name)
+        return
+    for source, mapping in modules_mapping.items():
+        if len(mapping.rels) == 0:
+            continue
+        formated_json = {
+            "name": f"Linking ontology nodes for {module_name} for source {source}",
+            "statements": [asdict(rel) for rel in mapping.rels],
+        }
+        GraphJob.run_from_json(
+            neo4j_session,
+            formated_json,
+            {"UPDATE_TAG": update_tag},
+            short_name=f"ontology.{module_name}.{source}.linking",
+        )

cartography/intel/openai/__init__.py ADDED Viewed

@@ -0,0 +1,86 @@
+import logging
+import neo4j
+import requests
+import cartography.intel.openai.adminapikeys
+import cartography.intel.openai.apikeys
+import cartography.intel.openai.projects
+import cartography.intel.openai.serviceaccounts
+import cartography.intel.openai.users
+from cartography.config import Config
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+@timeit
+def start_openai_ingestion(neo4j_session: neo4j.Session, config: Config) -> None:
+    """
+    If this module is configured, perform ingestion of OpenAI data. Otherwise warn and exit
+    :param neo4j_session: Neo4J session for database interface
+    :param config: A cartography.config object
+    :return: None
+    """
+    if not config.openai_apikey or not config.openai_org_id:
+        logger.info(
+            "OpenAI import is not configured - skipping this module. "
+            "See docs to configure.",
+        )
+        return
+    # Create requests sessions
+    api_session = requests.session()
+    api_session.headers.update(
+        {
+            "Authorization": f"Bearer {config.openai_apikey}",
+            "OpenAI-Organization": config.openai_org_id,
+        }
+    )
+    common_job_parameters = {
+        "UPDATE_TAG": config.update_tag,
+        "BASE_URL": "https://api.openai.com/v1",
+        "ORG_ID": config.openai_org_id,
+    }
+    # Organization node is created during the users sync
+    cartography.intel.openai.users.sync(
+        neo4j_session,
+        api_session,
+        common_job_parameters,
+        ORG_ID=config.openai_org_id,
+    )
+    for project in cartography.intel.openai.projects.sync(
+        neo4j_session,
+        api_session,
+        common_job_parameters,
+        ORG_ID=config.openai_org_id,
+    ):
+        project_job_parameters = {
+            "UPDATE_TAG": config.update_tag,
+            "BASE_URL": "https://api.openai.com/v1",
+            "ORG_ID": config.openai_org_id,
+            "project_id": project["id"],
+        }
+        cartography.intel.openai.serviceaccounts.sync(
+            neo4j_session,
+            api_session,
+            project_job_parameters,
+            project_id=project["id"],
+        )
+        cartography.intel.openai.apikeys.sync(
+            neo4j_session,
+            api_session,
+            project_job_parameters,
+            project_id=project["id"],
+        )
+    cartography.intel.openai.adminapikeys.sync(
+        neo4j_session,
+        api_session,
+        common_job_parameters,
+        ORG_ID=config.openai_org_id,
+    )

cartography/intel/openai/adminapikeys.py ADDED Viewed

@@ -0,0 +1,89 @@
+import logging
+from typing import Any
+from typing import Dict
+from typing import List
+import neo4j
+import requests
+from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
+from cartography.intel.openai.util import paginated_get
+from cartography.models.openai.adminapikey import OpenAIAdminApiKeySchema
+from cartography.util import timeit
+logger = logging.getLogger(__name__)
+# Connect and read timeouts of 60 seconds each; see https://requests.readthedocs.io/en/master/user/advanced/#timeouts
+_TIMEOUT = (60, 60)
+@timeit
+def sync(
+    neo4j_session: neo4j.Session,
+    api_session: requests.Session,
+    common_job_parameters: Dict[str, Any],
+    ORG_ID: str,
+) -> None:
+    adminapikeys = get(
+        api_session,
+        common_job_parameters["BASE_URL"],
+    )
+    transformed_adminapikeys = transform(adminapikeys)
+    load_adminapikeys(
+        neo4j_session,
+        transformed_adminapikeys,
+        ORG_ID,
+        common_job_parameters["UPDATE_TAG"],
+    )
+    cleanup(neo4j_session, common_job_parameters)
+@timeit
+def get(
+    api_session: requests.Session,
+    base_url: str,
+) -> List[Dict[str, Any]]:
+    return list(
+        paginated_get(
+            api_session, f"{base_url}/organization/admin_api_keys", timeout=_TIMEOUT
+        )
+    )
+def transform(
+    adminapikeys: List[Dict[str, Any]],
+) -> List[Dict[str, Any]]:
+    result: List[Dict[str, Any]] = []
+    for adminapikey in adminapikeys:
+        if adminapikey["owner"]["type"] == "user":
+            adminapikey["owner_user_id"] = adminapikey["owner"]["id"]
+        else:
+            adminapikey["owner_sa_id"] = adminapikey["owner"]["id"]
+        result.append(adminapikey)
+    return result
+@timeit
+def load_adminapikeys(
+    neo4j_session: neo4j.Session,
+    data: List[Dict[str, Any]],
+    ORG_ID: str,
+    update_tag: int,
+) -> None:
+    logger.info("Loading %d OpenAI AdminApiKey into Neo4j.", len(data))
+    load(
+        neo4j_session,
+        OpenAIAdminApiKeySchema(),
+        data,
+        lastupdated=update_tag,
+        ORG_ID=ORG_ID,
+    )
+@timeit
+def cleanup(
+    neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]
+) -> None:
+    GraphJob.from_node_schema(OpenAIAdminApiKeySchema(), common_job_parameters).run(
+        neo4j_session
+    )

cartography 0.93.0rc1__py3-none-any.whl → 0.123.0__py3-none-any.whl

cartography 0.93.0rc1py3-none-any.whl → 0.123.0py3-none-any.whl