cartography 0.97.0__py3-none-any.whl → 0.98.0__py3-none-any.whl

cartography/_version.py

@@ -0,0 +1,16 @@
+# file generated by setuptools_scm
+# don't change, don't track in version control
+TYPE_CHECKING = False
+if TYPE_CHECKING:
+    from typing import Tuple, Union
+    VERSION_TUPLE = Tuple[Union[int, str], ...]
+else:
+    VERSION_TUPLE = object
+
+version: str
+__version__: str
+__version_tuple__: VERSION_TUPLE
+version_tuple: VERSION_TUPLE
+
+__version__ = version = '0.98.0'
+__version_tuple__ = version_tuple = (0, 98, 0)

cartography/client/core/tx.py

@@ -249,6 +249,9 @@ def load(
     :param kwargs: Allows additional keyword args to be supplied to the Neo4j query.
     :return: None
     """
+    if len(dict_list) == 0:
+        # If there is no data to load, save some time.
+        return
     ensure_indexes(neo4j_session, node_schema)
     ingestion_query = build_ingestion_query(node_schema)
     load_graph_data(neo4j_session, ingestion_query, dict_list, **kwargs)

cartography/data/indexes.cypher

@@ -161,12 +161,8 @@ CREATE INDEX IF NOT EXISTS FOR (n:GCPSubnet) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPSubnet) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPVpc) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GCPVpc) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GitHubOrganization) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GitHubOrganization) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GitHubRepository) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GitHubRepository) ON (n.lastupdated);
-CREATE INDEX IF NOT EXISTS FOR (n:GitHubUser) ON (n.id);
-CREATE INDEX IF NOT EXISTS FOR (n:GitHubUser) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GKECluster) ON (n.id);
 CREATE INDEX IF NOT EXISTS FOR (n:GKECluster) ON (n.lastupdated);
 CREATE INDEX IF NOT EXISTS FOR (n:GSuiteGroup) ON (n.email);

cartography/data/jobs/analysis/aws_ec2_asset_exposure.json

@@ -1,12 +1,27 @@
 {
   "statements": [
   {
-    "query": "MATCH (n) where n.exposed_internet IS NOT NULL AND labels(n) IN ['AutoScalingGroup', 'EC2Instance', 'LoadBalancer', 'LoadBalancerV2'] WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type return COUNT(*) as TotalCompleted",
+    "query": "MATCH (n:AutoScalingGroup) where n.exposed_internet IS NOT NULL WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type",
     "iterative": true,
     "iterationsize": 1000
   },
   {
-    "query": "MATCH (:IpRange{id: '0.0.0.0/0'})-[:MEMBER_OF_IP_RULE]->(:IpPermissionInbound)-[:MEMBER_OF_EC2_SECURITY_GROUP]->(group:EC2SecurityGroup)<-[:MEMBER_OF_EC2_SECURITY_GROUP|NETWORK_INTERFACE*..2]-(instance:EC2Instance)\nWITH instance\nWHERE (instance.publicipaddress IS NOT NULL) AND (instance.exposed_internet_type IS NULL) OR (NOT 'direct' IN instance.exposed_internet_type)\nSET instance.exposed_internet = true, instance.exposed_internet_type = coalesce(instance.exposed_internet_type , []) + 'direct';",
+    "query": "MATCH (n:EC2Instance) where n.exposed_internet IS NOT NULL WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type",
+    "iterative": true,
+    "iterationsize": 1000
+  },
+  {
+    "query": "MATCH (n:LoadBalancer) where n.exposed_internet IS NOT NULL WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type",
+    "iterative": true,
+    "iterationsize": 1000
+  },
+  {
+    "query": "MATCH (n:LoadBalancerV2) where n.exposed_internet IS NOT NULL WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type",
+    "iterative": true,
+    "iterationsize": 1000
+  },
+  {
+    "query": "MATCH (:IpRange{id: '0.0.0.0/0'})-[:MEMBER_OF_IP_RULE]->(:IpPermissionInbound)-[:MEMBER_OF_EC2_SECURITY_GROUP]->(group:EC2SecurityGroup)<-[:MEMBER_OF_EC2_SECURITY_GROUP|NETWORK_INTERFACE*..2]-(instance:EC2Instance) WITH instance WHERE (instance.publicipaddress IS NOT NULL) AND (instance.exposed_internet_type IS NULL OR NOT 'direct' IN instance.exposed_internet_type) SET instance.exposed_internet = true, instance.exposed_internet_type = CASE WHEN instance.exposed_internet_type IS NULL THEN ['direct'] WHEN NOT 'direct' IN instance.exposed_internet_type THEN instance.exposed_internet_type + ['direct'] ELSE instance.exposed_internet_type END;",
     "iterative": false
   },
   {

cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json

@@ -1,7 +1,7 @@
 {
   "statements": [
   {
-    "query": "MATCH (n) where n.exposed_internet IS NOT NULL AND labels(n) IN ['GCPInstance'] WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type return COUNT(*) as TotalCompleted",
+    "query": "MATCH (n:GCPInstance) where n.exposed_internet IS NOT NULL WITH n LIMIT $LIMIT_SIZE REMOVE n.exposed_internet, n.exposed_internet_type",
     "iterative": true,
     "iterationsize": 1000,
     "__comment__": "Delete exposed_internet off nodes so we can start fresh"

cartography/graph/cleanupbuilder.py

@@ -16,7 +16,17 @@ def build_cleanup_queries(node_schema: CartographyNodeSchema) -> List[str]:
     """
     Generates queries to clean up stale nodes and relationships from the given CartographyNodeSchema.
     Note that auto-cleanups for a node with no relationships is not currently supported.
+
     Algorithm:
+    1. If node_schema has no relationships at all, return empty.
+
+    Otherwise,
+
+    1. If node_schema doesn't have a sub_resource relationship, generate queries only to clean up its other
+    relationships. No nodes will be cleaned up.
+
+    Otherwise,
+
     1. First delete all stale nodes attached to the node_schema's sub resource
     2. Delete all stale node to sub resource relationships
         - We don't expect this to be very common (never for AWS resources, at least), but in case it is possible for an
@@ -25,11 +35,16 @@ def build_cleanup_queries(node_schema: CartographyNodeSchema) -> List[str]:
     :param node_schema: The given CartographyNodeSchema
     :return: A list of Neo4j queries to clean up nodes and relationships.
     """
+    if not node_schema.sub_resource_relationship and not node_schema.other_relationships:
+        return []
+
     if not node_schema.sub_resource_relationship:
-        raise ValueError(
-            "Auto-creating a cleanup job for a node_schema without a sub resource relationship is not supported. "
-            f'Please check the class definition of "{node_schema.__class__.__name__}".',
-        )
+        queries = []
+        other_rels = node_schema.other_relationships.rels if node_schema.other_relationships else []
+        for rel in other_rels:
+            query = _build_cleanup_rel_query_no_sub_resource(node_schema, rel)
+            queries.append(query)
+        return queries
 
     result = _build_cleanup_node_and_rel_queries(node_schema, node_schema.sub_resource_relationship)
     if node_schema.other_relationships:
@@ -41,6 +56,34 @@ def build_cleanup_queries(node_schema: CartographyNodeSchema) -> List[str]:
     return result
 
 
+def _build_cleanup_rel_query_no_sub_resource(
+        node_schema: CartographyNodeSchema,
+        selected_relationship: CartographyRelSchema,
+) -> str:
+    """
+    Helper function to delete stale relationships for node_schemas that have no sub resource relationship defined.
+    """
+    if node_schema.sub_resource_relationship:
+        raise ValueError(
+            f'Expected {node_schema.label} to not exist. '
+            'This function is intended for node_schemas without sub_resource_relationships.',
+        )
+    # Ensure the node is attached to the sub resource and delete the node
+    query_template = Template(
+        """
+        MATCH (n:$node_label)
+        $selected_rel_clause
+        WHERE r.lastupdated <> $UPDATE_TAG
+        WITH r LIMIT $LIMIT_SIZE
+        DELETE r;
+        """,
+    )
+    return query_template.safe_substitute(
+        node_label=node_schema.label,
+        selected_rel_clause=_build_selected_rel_clause(selected_relationship),
+    )
+
+
 def _build_cleanup_node_and_rel_queries(
         node_schema: CartographyNodeSchema,
         selected_relationship: CartographyRelSchema,

cartography/intel/aws/ec2/instances.py

@@ -13,7 +13,7 @@ from cartography.graph.job import GraphJob
 from cartography.intel.aws.ec2.util import get_botocore_config
 from cartography.models.aws.ec2.auto_scaling_groups import EC2InstanceAutoScalingGroupSchema
 from cartography.models.aws.ec2.instances import EC2InstanceSchema
-from cartography.models.aws.ec2.keypairs import EC2KeyPairSchema
+from cartography.models.aws.ec2.keypair_instance import EC2KeyPairInstanceSchema
 from cartography.models.aws.ec2.networkinterface_instance import EC2NetworkInterfaceInstanceSchema
 from cartography.models.aws.ec2.reservations import EC2ReservationSchema
 from cartography.models.aws.ec2.securitygroup_instance import EC2SecurityGroupInstanceSchema
@@ -193,16 +193,17 @@ def load_ec2_subnets(
 
 
 @timeit
-def load_ec2_key_pairs(
+def load_ec2_keypair_instances(
         neo4j_session: neo4j.Session,
         key_pair_list: List[Dict[str, Any]],
         region: str,
         current_aws_account_id: str,
         update_tag: int,
 ) -> None:
+    # Load EC2 keypairs as known by describe-instances.
     load(
         neo4j_session,
-        EC2KeyPairSchema(),
+        EC2KeyPairInstanceSchema(),
         key_pair_list,
         Region=region,
         AWS_ID=current_aws_account_id,
@@ -299,7 +300,7 @@ def load_ec2_instance_data(
     load_ec2_instance_nodes(neo4j_session, instance_list, region, current_aws_account_id, update_tag)
     load_ec2_subnets(neo4j_session, subnet_list, region, current_aws_account_id, update_tag)
     load_ec2_security_groups(neo4j_session, sg_list, region, current_aws_account_id, update_tag)
-    load_ec2_key_pairs(neo4j_session, key_pair_list, region, current_aws_account_id, update_tag)
+    load_ec2_keypair_instances(neo4j_session, key_pair_list, region, current_aws_account_id, update_tag)
     load_ec2_network_interfaces(neo4j_session, nic_list, region, current_aws_account_id, update_tag)
     load_ec2_instance_ebs_volumes(neo4j_session, ebs_volumes_list, region, current_aws_account_id, update_tag)
 

cartography/intel/aws/ec2/key_pairs.py

@@ -1,13 +1,14 @@
 import logging
+from typing import Any
 from typing import Dict
-from typing import List
 
 import boto3
 import neo4j
 
-from .util import get_botocore_config
+from cartography.client.core.tx import load
 from cartography.graph.job import GraphJob
-from cartography.models.aws.ec2.keypairs import EC2KeyPairSchema
+from cartography.intel.aws.ec2.util import get_botocore_config
+from cartography.models.aws.ec2.keypair import EC2KeyPairSchema
 from cartography.util import aws_handle_regions
 from cartography.util import timeit
 
@@ -16,42 +17,45 @@ logger = logging.getLogger(__name__)
 
 @timeit
 @aws_handle_regions
-def get_ec2_key_pairs(boto3_session: boto3.session.Session, region: str) -> List[Dict]:
+def get_ec2_key_pairs(boto3_session: boto3.session.Session, region: str) -> list[dict[str, Any]]:
     client = boto3_session.client('ec2', region_name=region, config=get_botocore_config())
     return client.describe_key_pairs()['KeyPairs']
 
 
+def transform_ec2_key_pairs(
+        key_pairs: list[dict[str, Any]],
+        region: str,
+        current_aws_account_id: str,
+) -> list[dict[str, Any]]:
+    transformed_key_pairs = []
+    for key_pair in key_pairs:
+        key_name = key_pair["KeyName"]
+        transformed_key_pairs.append({
+            'KeyPairArn': f'arn:aws:ec2:{region}:{current_aws_account_id}:key-pair/{key_name}',
+            'KeyName': key_name,
+            'KeyFingerprint': key_pair.get("KeyFingerprint"),
+        })
+    return transformed_key_pairs
+
+
 @timeit
 def load_ec2_key_pairs(
-    neo4j_session: neo4j.Session, data: List[Dict], region: str, current_aws_account_id: str,
-    update_tag: int,
+        neo4j_session: neo4j.Session,
+        data: list[dict[str, Any]],
+        region: str,
+        current_aws_account_id: str,
+        update_tag: int,
 ) -> None:
-    ingest_key_pair = """
-    MERGE (keypair:KeyPair:EC2KeyPair{arn: $ARN, id: $ARN})
-    ON CREATE SET keypair.firstseen = timestamp()
-    SET keypair.keyname = $KeyName, keypair.keyfingerprint = $KeyFingerprint, keypair.region = $Region,
-    keypair.lastupdated = $update_tag
-    WITH keypair
-    MATCH (aa:AWSAccount{id: $AWS_ACCOUNT_ID})
-    MERGE (aa)-[r:RESOURCE]->(keypair)
-    ON CREATE SET r.firstseen = timestamp()
-    SET r.lastupdated = $update_tag
-    """
-
-    for key_pair in data:
-        key_name = key_pair["KeyName"]
-        key_fingerprint = key_pair.get("KeyFingerprint")
-        key_pair_arn = f'arn:aws:ec2:{region}:{current_aws_account_id}:key-pair/{key_name}'
-
-        neo4j_session.run(
-            ingest_key_pair,
-            ARN=key_pair_arn,
-            KeyName=key_name,
-            KeyFingerprint=key_fingerprint,
-            AWS_ACCOUNT_ID=current_aws_account_id,
-            Region=region,
-            update_tag=update_tag,
-        )
+    # Load EC2 keypairs as known by describe-key-pairs
+    logger.info(f"Loading {len(data)} EC2 keypairs for region '{region}' into graph.")
+    load(
+        neo4j_session,
+        EC2KeyPairSchema(),
+        data,
+        Region=region,
+        AWS_ID=current_aws_account_id,
+        lastupdated=update_tag,
+    )
 
 
 @timeit
@@ -61,11 +65,16 @@ def cleanup_ec2_key_pairs(neo4j_session: neo4j.Session, common_job_parameters: D
 
 @timeit
 def sync_ec2_key_pairs(
-    neo4j_session: neo4j.Session, boto3_session: boto3.session.Session, regions: List[str], current_aws_account_id: str,
-    update_tag: int, common_job_parameters: Dict,
+    neo4j_session: neo4j.Session,
+    boto3_session: boto3.session.Session,
+    regions: list[str],
+    current_aws_account_id: str,
+    update_tag: int,
+    common_job_parameters: dict[str, Any],
 ) -> None:
     for region in regions:
         logger.info("Syncing EC2 key pairs for region '%s' in account '%s'.", region, current_aws_account_id)
         data = get_ec2_key_pairs(boto3_session, region)
-        load_ec2_key_pairs(neo4j_session, data, region, current_aws_account_id, update_tag)
+        transformed_data = transform_ec2_key_pairs(data, region, current_aws_account_id)
+        load_ec2_key_pairs(neo4j_session, transformed_data, region, current_aws_account_id, update_tag)
     cleanup_ec2_key_pairs(neo4j_session, common_job_parameters)

cartography/intel/aws/identitycenter.py

@@ -82,26 +82,6 @@ def get_permission_sets(boto3_session: boto3.session.Session, instance_arn: str,
     return permission_sets
 
 
-@timeit
-def get_permission_set_roles(
-    boto3_session: boto3.session.Session,
-    instance_arn: str,
-    permission_set_arn: str,
-    region: str,
-) -> List[Dict]:
-    """
-    Get all accounts associated with a given permission set
-    """
-    client = boto3_session.client('sso-admin', region_name=region)
-    accounts = []
-
-    paginator = client.get_paginator('list_accounts_for_provisioned_permission_set')
-    for page in paginator.paginate(InstanceArn=instance_arn, PermissionSetArn=permission_set_arn):
-        accounts.extend(page.get('AccountIds', []))
-
-    return accounts
-
-
 @timeit
 def load_permission_sets(
     neo4j_session: neo4j.Session,
@@ -128,6 +108,7 @@ def load_permission_sets(
 
 
 @timeit
+@aws_handle_regions
 def get_sso_users(
     boto3_session: boto3.session.Session,
     identity_store_id: str,
@@ -176,6 +157,7 @@ def load_sso_users(
 
 
 @timeit
+@aws_handle_regions
 def get_role_assignments(
     boto3_session: boto3.session.Session,
     users: List[Dict],
@@ -231,6 +213,7 @@ def load_role_assignments(
         )
 
 
+@timeit
 def cleanup(neo4j_session: neo4j.Session, common_job_parameters: Dict[str, Any]) -> None:
     GraphJob.from_node_schema(AWSIdentityCenterInstanceSchema(), common_job_parameters).run(neo4j_session)
     GraphJob.from_node_schema(AWSPermissionSetSchema(), common_job_parameters).run(neo4j_session)

cartography/intel/aws/resourcegroupstaggingapi.py

@@ -188,6 +188,9 @@ def load_tags(
     current_aws_account_id: str,
     aws_update_tag: int,
 ) -> None:
+    if len(tag_data) == 0:
+        # If there is no data to load, save some time.
+        return
     for tag_data_batch in batch(tag_data, size=100):
         neo4j_session.write_transaction(
             _load_tags_tx,

cartography/intel/gcp/__init__.py

@@ -7,9 +7,10 @@ from typing import Set
 
 import googleapiclient.discovery
 import neo4j
+from google.auth import default
+from google.auth.credentials import Credentials as GoogleCredentials
+from google.auth.exceptions import DefaultCredentialsError
 from googleapiclient.discovery import Resource
-from oauth2client.client import ApplicationDefaultCredentialsError
-from oauth2client.client import GoogleCredentials
 
 from cartography.config import Config
 from cartography.intel.gcp import compute
@@ -295,10 +296,9 @@ def get_gcp_credentials() -> GoogleCredentials:
     """
     try:
         # Explicitly use Application Default Credentials.
-        # See https://oauth2client.readthedocs.io/en/latest/source/
-        #             oauth2client.client.html#oauth2client.client.OAuth2Credentials
-        credentials = GoogleCredentials.get_application_default()
-    except ApplicationDefaultCredentialsError as e:
+        # See https://google-auth.readthedocs.io/en/master/user-guide.html#application-default-credentials
+        credentials, project_id = default()
+    except DefaultCredentialsError as e:
         logger.debug("Error occurred calling GoogleCredentials.get_application_default().", exc_info=True)
         logger.error(
             (

cartography/intel/github/users.py

@@ -8,13 +8,13 @@ from typing import Tuple
 import neo4j
 
 from cartography.client.core.tx import load
+from cartography.graph.job import GraphJob
 from cartography.intel.github.util import fetch_all
 from cartography.models.github.orgs import GitHubOrganizationSchema
 from cartography.models.github.users import GitHubOrganizationUserSchema
 from cartography.models.github.users import GitHubUnaffiliatedUserSchema
 from cartography.stats import get_stats_client
 from cartography.util import merge_module_sync_metadata
-from cartography.util import run_cleanup_job
 from cartography.util import timeit
 
 logger = logging.getLogger(__name__)
@@ -210,6 +210,13 @@ def load_organization(
     )
 
 
+@timeit
+def cleanup(neo4j_session: neo4j.Session, common_job_parameters: dict[str, Any]) -> None:
+    logger.info("Cleaning up GitHub users")
+    GraphJob.from_node_schema(GitHubOrganizationUserSchema(), common_job_parameters).run(neo4j_session)
+    GraphJob.from_node_schema(GitHubUnaffiliatedUserSchema(), common_job_parameters).run(neo4j_session)
+
+
 @timeit
 def sync(
         neo4j_session: neo4j.Session,
@@ -236,8 +243,8 @@ def sync(
         neo4j_session, GitHubUnaffiliatedUserSchema(), processed_unaffiliated_user_data, org_data,
         common_job_parameters['UPDATE_TAG'],
     )
-    # no automated cleanup job for users because user node has no sub_resource_relationship
-    run_cleanup_job('github_org_and_users_cleanup.json', neo4j_session, common_job_parameters)
+    cleanup(neo4j_session, common_job_parameters)
+
     merge_module_sync_metadata(
         neo4j_session,
         group_type='GitHubOrganization',

cartography/intel/gsuite/__init__.py

@@ -5,11 +5,14 @@ import os
 from collections import namedtuple
 
 import googleapiclient.discovery
-import httplib2
 import neo4j
+from google.auth.exceptions import DefaultCredentialsError
+from google.auth.transport.requests import Request
+from google.oauth2 import credentials
+from google.oauth2 import service_account
+from google.oauth2.credentials import Credentials as OAuth2Credentials
+from google.oauth2.service_account import Credentials as ServiceAccountCredentials
 from googleapiclient.discovery import Resource
-from oauth2client.client import ApplicationDefaultCredentialsError
-from oauth2client.client import GoogleCredentials
 
 from cartography.config import Config
 from cartography.intel.gsuite import api
@@ -26,21 +29,21 @@ logger = logging.getLogger(__name__)
 Resources = namedtuple('Resources', 'admin')
 
 
-def _get_admin_resource(credentials: GoogleCredentials) -> Resource:
+def _get_admin_resource(credentials: OAuth2Credentials | ServiceAccountCredentials) -> Resource:
     """
     Instantiates a Google API resource object to call the Google API.
     Used to pull users and groups.  See https://developers.google.com/admin-sdk/directory/v1/guides/manage-users
 
-    :param credentials: The GoogleCredentials object
+    :param credentials: The credentials object
     :return: An admin api resource object
     """
     return googleapiclient.discovery.build('admin', 'directory_v1', credentials=credentials, cache_discovery=False)
 
 
-def _initialize_resources(credentials: GoogleCredentials) -> Resources:
+def _initialize_resources(credentials: OAuth2Credentials | ServiceAccountCredentials) -> Resources:
     """
     Create namedtuple of all resource objects necessary for Google API data gathering.
-    :param credentials: The GoogleCredentials object
+    :param credentials: The credentials object
     :return: namedtuple of all resource objects
     """
     return Resources(
@@ -61,14 +64,17 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None
         "UPDATE_TAG": config.update_tag,
     }
 
+    creds: OAuth2Credentials | ServiceAccountCredentials
     if config.gsuite_auth_method == 'delegated':  # Legacy delegated method
         logger.info('Attempting to authenticate to GSuite using legacy delegated method')
         try:
-            credentials = GoogleCredentials.from_stream(config.gsuite_config)
-            credentials = credentials.create_scoped(OAUTH_SCOPE)
-            credentials = credentials.create_delegated(os.environ.get('GSUITE_DELEGATED_ADMIN'))
+            creds = service_account.Credentials.from_service_account_file(
+                config.gsuite_config,
+                scopes=OAUTH_SCOPE,
+            )
+            creds = creds.with_subject(os.environ.get('GSUITE_DELEGATED_ADMIN'))
 
-        except ApplicationDefaultCredentialsError as e:
+        except DefaultCredentialsError as e:
             logger.error(
                 (
                     "Unable to initialize GSuite creds. If you don't have GSuite data or don't want to load "
@@ -83,18 +89,18 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None
         auth_tokens = json.loads(str(base64.b64decode(config.gsuite_config).decode()))
         logger.info('Attempting to authenticate to GSuite using OAuth')
         try:
-            credentials = GoogleCredentials(
-                None,
-                auth_tokens['client_id'],
-                auth_tokens['client_secret'],
-                auth_tokens['refresh_token'],
-                None,
-                auth_tokens['token_uri'],
-                'Cartography',
+            creds = credentials.Credentials(
+                token=None,
+                client_id=auth_tokens['client_id'],
+                client_secret=auth_tokens['client_secret'],
+                refresh_token=auth_tokens['refresh_token'],
+                expiry=None,
+                token_uri=auth_tokens['token_uri'],
+                scopes=OAUTH_SCOPE,
             )
-            credentials.refresh(httplib2.Http())
-            credentials = credentials.create_scoped(OAUTH_SCOPE)
-        except ApplicationDefaultCredentialsError as e:
+            creds.refresh(Request())
+            creds = creds.create_scoped(OAUTH_SCOPE)
+        except DefaultCredentialsError as e:
             logger.error(
                 (
                     "Unable to initialize GSuite creds. If you don't have GSuite data or don't want to load "
@@ -106,6 +112,6 @@ def start_gsuite_ingestion(neo4j_session: neo4j.Session, config: Config) -> None
             )
             return
 
-    resources = _initialize_resources(credentials)
+    resources = _initialize_resources(creds)
     api.sync_gsuite_users(neo4j_session, resources.admin, config.update_tag, common_job_parameters)
     api.sync_gsuite_groups(neo4j_session, resources.admin, config.update_tag, common_job_parameters)

cartography/intel/gsuite/api.py

@@ -41,7 +41,7 @@ def transform_groups(response_objects: List[Dict]) -> List[Dict]:
     """  Strips list of API response objects to return list of group objects only
 
     :param response_objects:
-    :return: list of dictionary objects as defined in /docs/schema/gsuite.md
+    :return: list of dictionary objects as defined in /docs/root/modules/gsuite/schema.md
     """
     groups: List[Dict] = []
     for response_object in response_objects:
@@ -54,7 +54,7 @@ def transform_groups(response_objects: List[Dict]) -> List[Dict]:
 def transform_users(response_objects: List[Dict]) -> List[Dict]:
     """  Strips list of API response objects to return list of group objects only
     :param response_objects:
-    :return: list of dictionary objects as defined in /docs/schema/gsuite.md
+    :return: list of dictionary objects as defined in /docs/root/modules/gsuite/schema.md
     """
     users: List[Dict] = []
     for response_object in response_objects:

cartography/models/aws/ec2/{keypairs.py → keypair.py}

@@ -3,19 +3,23 @@ from dataclasses import dataclass
 from cartography.models.core.common import PropertyRef
 from cartography.models.core.nodes import CartographyNodeProperties
 from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
 from cartography.models.core.relationships import CartographyRelProperties
 from cartography.models.core.relationships import CartographyRelSchema
 from cartography.models.core.relationships import LinkDirection
 from cartography.models.core.relationships import make_target_node_matcher
-from cartography.models.core.relationships import OtherRelationships
 from cartography.models.core.relationships import TargetNodeMatcher
 
 
 @dataclass(frozen=True)
 class EC2KeyPairNodeProperties(CartographyNodeProperties):
+    """
+    Properties for EC2 keypairs from describe-key-pairs
+    """
     id: PropertyRef = PropertyRef('KeyPairArn')
     arn: PropertyRef = PropertyRef('KeyPairArn', extra_index=True)
     keyname: PropertyRef = PropertyRef('KeyName')
+    keyfingerprint: PropertyRef = PropertyRef('KeyFingerprint')
     region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
     lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
 
@@ -27,38 +31,24 @@ class EC2KeyPairToAwsAccountRelProperties(CartographyRelProperties):
 
 @dataclass(frozen=True)
 class EC2KeyPairToAWSAccount(CartographyRelSchema):
+    """
+    Relationship schema for EC2 keypairs to AWS Accounts
+    """
     target_node_label: str = 'AWSAccount'
     target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
         {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
     )
     direction: LinkDirection = LinkDirection.INWARD
-    rel_label: str = "RESOURCE"
+    rel_label: str = 'RESOURCE'
     properties: EC2KeyPairToAwsAccountRelProperties = EC2KeyPairToAwsAccountRelProperties()
 
 
-@dataclass(frozen=True)
-class EC2KeyPairToEC2InstanceRelProperties(CartographyRelProperties):
-    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
-
-
-@dataclass(frozen=True)
-class EC2KeyPairToEC2Instance(CartographyRelSchema):
-    target_node_label: str = 'EC2Instance'
-    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
-        {'id': PropertyRef('InstanceId')},
-    )
-    direction: LinkDirection = LinkDirection.OUTWARD
-    rel_label: str = "SSH_LOGIN_TO"
-    properties: EC2KeyPairToEC2InstanceRelProperties = EC2KeyPairToEC2InstanceRelProperties()
-
-
 @dataclass(frozen=True)
 class EC2KeyPairSchema(CartographyNodeSchema):
+    """
+    Schema for EC2 keypairs from describe-key-pairs
+    """
     label: str = 'EC2KeyPair'
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(['KeyPair'])
     properties: EC2KeyPairNodeProperties = EC2KeyPairNodeProperties()
     sub_resource_relationship: EC2KeyPairToAWSAccount = EC2KeyPairToAWSAccount()
-    other_relationships: OtherRelationships = OtherRelationships(
-        [
-            EC2KeyPairToEC2Instance(),
-        ],
-    )

cartography/models/aws/ec2/keypair_instance.py

@@ -0,0 +1,69 @@
+from dataclasses import dataclass
+
+from cartography.models.core.common import PropertyRef
+from cartography.models.core.nodes import CartographyNodeProperties
+from cartography.models.core.nodes import CartographyNodeSchema
+from cartography.models.core.nodes import ExtraNodeLabels
+from cartography.models.core.relationships import CartographyRelProperties
+from cartography.models.core.relationships import CartographyRelSchema
+from cartography.models.core.relationships import LinkDirection
+from cartography.models.core.relationships import make_target_node_matcher
+from cartography.models.core.relationships import OtherRelationships
+from cartography.models.core.relationships import TargetNodeMatcher
+
+
+@dataclass(frozen=True)
+class EC2KeyPairInstanceNodeProperties(CartographyNodeProperties):
+    id: PropertyRef = PropertyRef('KeyPairArn')
+    arn: PropertyRef = PropertyRef('KeyPairArn', extra_index=True)
+    keyname: PropertyRef = PropertyRef('KeyName')
+    region: PropertyRef = PropertyRef('Region', set_in_kwargs=True)
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2KeyPairInstanceToAwsAccountRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2KeyPairInstanceToAWSAccount(CartographyRelSchema):
+    target_node_label: str = 'AWSAccount'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('AWS_ID', set_in_kwargs=True)},
+    )
+    direction: LinkDirection = LinkDirection.INWARD
+    rel_label: str = "RESOURCE"
+    properties: EC2KeyPairInstanceToAwsAccountRelProperties = EC2KeyPairInstanceToAwsAccountRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2KeyPairInstanceToEC2InstanceRelProperties(CartographyRelProperties):
+    lastupdated: PropertyRef = PropertyRef('lastupdated', set_in_kwargs=True)
+
+
+@dataclass(frozen=True)
+class EC2KeyPairInstanceToEC2Instance(CartographyRelSchema):
+    target_node_label: str = 'EC2Instance'
+    target_node_matcher: TargetNodeMatcher = make_target_node_matcher(
+        {'id': PropertyRef('InstanceId')},
+    )
+    direction: LinkDirection = LinkDirection.OUTWARD
+    rel_label: str = "SSH_LOGIN_TO"
+    properties: EC2KeyPairInstanceToEC2InstanceRelProperties = EC2KeyPairInstanceToEC2InstanceRelProperties()
+
+
+@dataclass(frozen=True)
+class EC2KeyPairInstanceSchema(CartographyNodeSchema):
+    """
+    EC2 keypairs as known by describe-instances.
+    """
+    label: str = 'EC2KeyPair'
+    extra_node_labels: ExtraNodeLabels = ExtraNodeLabels(['KeyPair'])
+    properties: EC2KeyPairInstanceNodeProperties = EC2KeyPairInstanceNodeProperties()
+    sub_resource_relationship: EC2KeyPairInstanceToAWSAccount = EC2KeyPairInstanceToAWSAccount()
+    other_relationships: OtherRelationships = OtherRelationships(
+        [
+            EC2KeyPairInstanceToEC2Instance(),
+        ],
+    )

cartography/util.py

@@ -1,9 +1,10 @@
 import asyncio
 import logging
 import re
-import sys
 from functools import partial
 from functools import wraps
+from importlib.resources import open_binary
+from importlib.resources import read_text
 from string import Template
 from typing import Any
 from typing import Awaitable
@@ -30,11 +31,6 @@ from cartography.stats import get_stats_client
 from cartography.stats import ScopedStatsClient
 
 
-if sys.version_info >= (3, 7):
-    from importlib.resources import open_binary, read_text
-else:
-    from importlib_resources import open_binary, read_text
-
 logger = logging.getLogger(__name__)
 
 

cartography-0.98.0.dist-info/METADATA

@@ -0,0 +1,187 @@
+Metadata-Version: 2.1
+Name: cartography
+Version: 0.98.0
+Summary: Explore assets and their relationships across your technical infrastructure.
+Maintainer: Cartography Contributors
+License: apache2
+Project-URL: Homepage, https://cartography-cncf.github.io/cartography
+Project-URL: Documentation, https://cartography-cncf.github.io/cartography
+Project-URL: Repository, https://github.com/cartography-cncf/cartography
+Project-URL: Issues, https://github.com/cartography-cncf/cartography/issues
+Project-URL: Changelog, https://github.com/cartography-cncf/cartography/releases
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Natural Language :: English
+Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: backoff>=2.1.2
+Requires-Dist: boto3>=1.15.1
+Requires-Dist: botocore>=1.18.1
+Requires-Dist: dnspython>=1.15.0
+Requires-Dist: neo4j<5.0.0,>=4.4.4
+Requires-Dist: policyuniverse>=1.1.0.0
+Requires-Dist: google-api-python-client>=1.7.8
+Requires-Dist: google-auth>=2.37.0
+Requires-Dist: marshmallow>=3.0.0rc7
+Requires-Dist: oci>=2.71.0
+Requires-Dist: okta<1.0.0
+Requires-Dist: pyyaml>=5.3.1
+Requires-Dist: requests>=2.22.0
+Requires-Dist: statsd
+Requires-Dist: packaging
+Requires-Dist: python-digitalocean>=1.16.0
+Requires-Dist: adal>=1.2.4
+Requires-Dist: azure-cli-core>=2.26.0
+Requires-Dist: azure-mgmt-compute>=5.0.0
+Requires-Dist: azure-mgmt-resource>=10.2.0
+Requires-Dist: azure-mgmt-cosmosdb>=6.0.0
+Requires-Dist: msrestazure>=0.6.4
+Requires-Dist: azure-mgmt-storage>=16.0.0
+Requires-Dist: azure-mgmt-sql<=1.0.0
+Requires-Dist: azure-identity>=1.5.0
+Requires-Dist: kubernetes>=22.6.0
+Requires-Dist: pdpyras>=4.3.0
+Requires-Dist: crowdstrike-falconpy>=0.5.1
+Requires-Dist: python-dateutil
+Requires-Dist: xmltodict
+Requires-Dist: duo-client
+Provides-Extra: dev
+Requires-Dist: backoff>=2.1.2; extra == "dev"
+Requires-Dist: moto; extra == "dev"
+Requires-Dist: pre-commit; extra == "dev"
+Requires-Dist: pytest>=6.2.4; extra == "dev"
+Requires-Dist: pytest-mock; extra == "dev"
+Requires-Dist: pytest-cov==2.10.0; extra == "dev"
+Requires-Dist: pytest-rerunfailures; extra == "dev"
+Requires-Dist: types-PyYAML; extra == "dev"
+Requires-Dist: types-requests<2.31.0.7; extra == "dev"
+
+![Cartography](docs/root/images/logo-horizontal.png)
+
+Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a [Neo4j](https://www.neo4j.com) database.
+
+![Visualization of RDS nodes and AWS nodes](docs/root/images/accountsandrds.png)
+
+## Why Cartography?
+Cartography aims to enable a broad set of exploration and automation scenarios. It is particularly good at exposing otherwise hidden dependency relationships between your service's assets so that you may validate assumptions about security risks.
+
+Service owners can generate asset reports, Red Teamers can discover attack paths, and Blue Teamers can identify areas for security improvement. All can benefit from using the graph for manual exploration through a web frontend interface, or in an automated fashion by calling the APIs.
+
+Cartography is not the only [security](https://github.com/dowjones/hammer) [graph](https://github.com/BloodHoundAD/BloodHound) [tool](https://github.com/Netflix/security_monkey) [out](https://github.com/vysecurity/ANGRYPUPPY) [there](https://github.com/duo-labs/cloudmapper), but it differentiates itself by being fully-featured yet generic and [extensible](https://cartography-cncf.github.io/cartography/dev/writing-analysis-jobs.html) enough to help make anyone better understand their risk exposure, regardless of what platforms they use. Rather than being focused on one core scenario or attack vector like the other linked tools, Cartography focuses on flexibility and exploration.
+
+You can learn more about the story behind Cartography in our [presentation at BSidesSF 2019](https://www.youtube.com/watch?v=ZukUmZSKSek).
+
+
+## Supported platforms
+
+- [Amazon Web Services](https://cartography-cncf.github.io/cartography/modules/aws/index.html) - API Gateway, Config, EC2, ECS, ECR, Elasticsearch, Elastic Kubernetes Service (EKS), DynamoDB, IAM, Inspector, KMS, Lambda, RDS, Redshift, Route53, S3, Secrets Manager, Security Hub, SQS, SSM, STS, Tags
+- [Google Cloud Platform](https://cartography-cncf.github.io/cartography/modules/gcp/index.html) - Cloud Resource Manager, Compute, DNS, Storage, Google Kubernetes Engine
+- [Google GSuite](https://cartography-cncf.github.io/cartography/modules/gsuite/index.html) - users, groups
+- [Oracle Cloud Infrastructure](docs/setup/config/oci.md) - IAM
+- [Okta](https://cartography-cncf.github.io/cartography/modules/okta/index.html) - users, groups, organizations, roles, applications, factors, trusted origins, reply URIs
+- [GitHub](https://cartography-cncf.github.io/cartography/modules/github/index.html) - repos, branches, users, teams
+- [DigitalOcean](https://cartography-cncf.github.io/cartography/modules/digitalocean/index.html)
+- [Microsoft Azure](https://cartography-cncf.github.io/cartography/modules/azure/index.html) -  CosmosDB, SQL, Storage, Virtual Machine
+- [Kubernetes](https://cartography-cncf.github.io/cartography/modules/kubernetes/index.html) - Cluster, Namespace, Service, Pod, Container
+- [PagerDuty](https://cartography-cncf.github.io/cartography/modules/pagerduty/index.html) - Users, teams, services, schedules, escalation policies, integrations, vendors
+- [Crowdstrike Falcon](https://cartography-cncf.github.io/cartography/modules/crowdstrike/index.html) - Hosts, Spotlight vulnerabilities, CVEs
+- [NIST CVE](https://cartography-cncf.github.io/cartography/modules/cve/index.html) - Common Vulnerabilities and Exposures (CVE) data from NIST database
+- [Lastpass](https://cartography-cncf.github.io/cartography/modules/lastpass/index.html) - users
+- [BigFix](https://cartography-cncf.github.io/cartography/modules/bigfix/index.html) - Computers
+- [Duo](https://cartography-cncf.github.io/cartography/modules/duo/index.html) - Users, Groups, Endpoints
+- [Kandji](https://cartography-cncf.github.io/cartography/modules/kandji/index.html) - Devices
+- [SnipeIT](https://cartography-cncf.github.io/cartography/modules/snipeit/index.html) - Users, Assets
+
+
+## Philosophy
+Here are some points that can help you decide if adopting Cartography is a good fit for your problem.
+
+### What Cartography is
+- A simple Python script that pulls data from multiple providers and writes it to a Neo4j graph database in batches.
+- A powerful analysis tool that captures the current snapshot of the environment, building a uniquely useful inventory where you can ask complex questions such as:
+  - Which identities have access to which datastores?
+  - What are the cross-tenant permission relationships in the environment?
+  - What are the network paths in and out of the environment?
+  - What are the backup policies for my datastores?
+- Battle-tested in production by [many companies](#who-uses-cartography).
+- Straightforward to extend with your own custom plugins.
+- Provides a useful data-plane that you can build automation and CSPM (Cloud Security Posture Management) applications on top of.
+
+### What Cartography is not
+- A near-real time capability.
+  - Cartography is not designed for very fast updates. Cartography writes to the database in a batches (not streamed).
+  - Cartography is also limited by how most upstream sources only provide APIs to retrieve assets in a batched manner.
+- By itself, Cartography does not capture data changes over time.
+  - Although we do include a [drift detection](https://cartography-cncf.github.io/cartography/usage/drift-detect.html) feature.
+  - It's also possible to implement other processes in your Cartography installation to make this happen.
+
+
+## Install and configure
+
+### Trying out Cartography on a test machine
+Start [here](https://cartography-cncf.github.io/cartography/install.html) to set up a test graph and get data into it.
+
+### Setting up Cartography in production
+When you are ready to try it in production, read [here](https://cartography-cncf.github.io/cartography/ops.html) for recommendations on getting cartography spun up in your environment.
+
+## Usage
+
+### Querying the database directly
+
+![poweruser.png](docs/root/images/poweruser.png)
+
+Now that data is in the graph, you can quickly start with our [querying tutorial](https://cartography-cncf.github.io/cartography/usage/tutorial.html). Our [data schema](https://cartography-cncf.github.io/cartography/usage/schema.html) is a helpful reference when you get stuck.
+
+### Building applications around Cartography
+Directly querying Neo4j is already very useful as a sort of "swiss army knife" for security data problems, but you can also build applications and data pipelines around Cartography. View this doc on [applications](https://cartography-cncf.github.io/cartography/usage/applications.html).
+
+
+## Community
+
+- Hang out with us on Slack: Join the CNCF Slack workspace [here](https://communityinviter.com/apps/cloud-native/cncf), and then join the `#cartography` channel.
+- Talk to us and see what we're working on at our [monthly community meeting](https://calendar.google.com/calendar/embed?src=lyft.com_p10o6ceuiieq9sqcn1ef61v1io%40group.calendar.google.com&ctz=America%2FLos_Angeles).
+  - Meeting minutes are [here](https://docs.google.com/document/d/1VyRKmB0dpX185I15BmNJZpfAJ_Ooobwz0U1WIhjDxvw).
+  - Recorded videos are posted [here](https://www.youtube.com/playlist?list=PLMga2YJvAGzidUWJB_fnG7EHI4wsDDsE1).
+
+## License
+
+This project is licensed under the [Apache 2.0 License](LICENSE).
+
+## Contributing
+Thank you for considering contributing to Cartography!
+
+### Code of conduct
+All contributors and participants of this project must follow the  [CNCF code of conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
+
+### Bug reports and feature requests and discussions
+Submit a GitHub issue to report a bug or request a new feature. If we decide that the issue needs more discussion - usually because the scope is too large or we need to make careful decision - we will convert the issue to a [GitHub Discussion](https://github.com/lyft/cartography/discussions).
+
+### Developing Cartography
+
+Get started with our [developer documentation](https://cartography-cncf.github.io/cartography/dev/developer-guide.html). Please feel free to submit your own PRs to update documentation if you've found a better way to explain something.
+
+## Who uses Cartography?
+
+1. [Lyft](https://www.lyft.com)
+1. [Thought Machine](https://thoughtmachine.net/)
+1. [MessageBird](https://messagebird.com)
+1. [Cloudanix](https://www.cloudanix.com/)
+1. [Corelight](https://www.corelight.com/)
+1. {Your company here} :-)
+
+If your organization uses Cartography, please file a PR and update this list. Say hi on Slack too!
+
+---
+
+Cartography is a [Cloud Native Computing Foundation](https://www.cncf.io/) sandbox project.<br>
+<div style="background-color: white; display: inline-block; padding: 10px;">
+  <img src="docs/root/images/cncf-color.png" alt="CNCF Logo" width="200">
+</div>

{cartography-0.97.0.dist-info → cartography-0.98.0.dist-info}/RECORD

@@ -1,22 +1,23 @@
 cartography/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/__main__.py,sha256=JftXT_nUPkqcEh8uxCCT4n-OyHYqbldEgrDS-4ygy0U,101
+cartography/_version.py,sha256=4jVixOK9_PQOEIMhE_GIqcqb9BjuSb8yjAWba2VL3gw,413
 cartography/cli.py,sha256=LPjeOkx-cKhRkuhqMicB-0X3SHOjLXxEeGqsp2FtpC0,33285
 cartography/config.py,sha256=ZcadsKmooAkti9Kv0eDl8Ec1PcZDu3lWobtNaCnwY3k,11872
 cartography/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/stats.py,sha256=dbybb9V2FuvSuHjjNwz6Vjwnd1hap2C7h960rLoKcl8,4406
 cartography/sync.py,sha256=ziD63T_774gXSuD5zdz6fLGvv1Kt2ntQySSVbmcCZb8,9708
-cartography/util.py,sha256=T51p1WrA9sdyDnHM3H9RN25OR2xClXww33SBUkM_HgA,15080
+cartography/util.py,sha256=VZgiHcAprn3nGzItee4_TggfsGWxWPTkLN-2MIhYUqM,14999
 cartography/client/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/aws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/client/aws/iam.py,sha256=dYsGikc36DEsSeR2XVOVFFUDwuU9yWj_EVkpgVYCFgM,1293
 cartography/client/core/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/client/core/tx.py,sha256=FcUPfmNIKSXkN5UK3nL5-GFoGkPYXmAxIWP7knvrHWg,10794
+cartography/client/core/tx.py,sha256=55Cf9DJGHHXQk4HmPOdFwr1eh9Pr1nzmIvs4XoCVr0g,10892
 cartography/data/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/data/indexes.cypher,sha256=zMEzytgcvMLgclMmCkFUdWp4t_EFsOEOp1M2v1vGctM,27208
+cartography/data/indexes.cypher,sha256=KMhj8DoKl3d-o6Zx4PY6IZ_8eZNPqZWWVNnOzIi5dRw,26946
 cartography/data/permission_relationships.yaml,sha256=RuKGGc_3ZUQ7ag0MssB8k_zaonCkVM5E8I_svBWTmGc,969
 cartography/data/jobs/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cartography/data/jobs/analysis/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/data/jobs/analysis/aws_ec2_asset_exposure.json,sha256=PRM7TJwO3gLkGtez-hg5v5avDkuAcF-bQQCK6stecLg,2726
+cartography/data/jobs/analysis/aws_ec2_asset_exposure.json,sha256=wSR_-0TbieAMSFOWpNZohgbDHooa-F6jHm8DxdntLOY,3397
 cartography/data/jobs/analysis/aws_ec2_iaminstance.json,sha256=98wfe8pjwS-iQIjUpM1rxuASdxk7BGl9ooigrwfpmvU,500
 cartography/data/jobs/analysis/aws_ec2_iaminstanceprofile.json,sha256=7M8k0p0SvSYVzCk358FnUQ865IX25TyumtHTXqZS-t8,526
 cartography/data/jobs/analysis/aws_ec2_keypair_analysis.json,sha256=_ZBczunZbx5NHAbfVc4v6vJsbyl1xaePLzj4cyxW-4A,1741
@@ -24,7 +25,7 @@ cartography/data/jobs/analysis/aws_eks_asset_exposure.json,sha256=Z6z4YTNJJqUJl2
 cartography/data/jobs/analysis/aws_foreign_accounts.json,sha256=b8Li_KQLwIvNXxWt0F1bVTV1Vg9dxsbr7ZE8LH2-woc,686
 cartography/data/jobs/analysis/aws_lambda_ecr.json,sha256=wM10Gn0HoNP-sOj3S_Sjqh4mLsh-f2QkonkFuOohs_U,641
 cartography/data/jobs/analysis/aws_s3acl_analysis.json,sha256=ihTzHXAjpulNo0F1swZlZtxqKsZwtt2QXoB7yaX6gKA,2737
-cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json,sha256=lIurpVOAHZ3u_pfpRhcC5zprxXKqOWG4miGIkMeCfcE,4695
+cartography/data/jobs/analysis/gcp_compute_asset_inet_exposure.json,sha256=lXuxrcHLom_DvsDvCQjZsqwRLMkwtKtjj6CRmo0eweI,4640
 cartography/data/jobs/analysis/gcp_gke_asset_exposure.json,sha256=7SJc9TeeIWFMDmHOWgmjgaIzjmCClLjJTPS4bGlaEF0,643
 cartography/data/jobs/analysis/gcp_gke_basic_auth.json,sha256=qLkrw1eZvV9ETtkIQN3v9hXnYN3ujAMyfIpqUj5YGo8,681
 cartography/data/jobs/analysis/gsuite_human_link.json,sha256=ArWA51fNIeeXwYiroJbKnuqN8y-TLrndOq0ZdC9q5os,541
@@ -102,7 +103,6 @@ cartography/data/jobs/cleanup/gcp_crm_project_cleanup.json,sha256=JImcuuz9HI2TL0
 cartography/data/jobs/cleanup/gcp_dns_cleanup.json,sha256=NGs5UYFmm65Rq8gyqbzIe8_OnFchfpNFf9iAcIj_hyY,1286
 cartography/data/jobs/cleanup/gcp_gke_cluster_cleanup.json,sha256=3bMEJ44AEvjkj_1ibclk6Ys5r1LniUWefpZ_U5hTwHI,671
 cartography/data/jobs/cleanup/gcp_storage_bucket_cleanup.json,sha256=sGygB_meoCpGdGgEZtIlC4L-19meAXdfP99gkNJHD7o,1288
-cartography/data/jobs/cleanup/github_org_and_users_cleanup.json,sha256=vjaOlWdnjaCHmvmaWadOzHXqFnjpR1wW8cykb_M54fM,1010
 cartography/data/jobs/cleanup/github_repos_cleanup.json,sha256=Ko6zya72yLjLt_m-wogAUmuzzL2-IJiO457clEHFxPk,3676
 cartography/data/jobs/cleanup/gsuite_ingest_groups_cleanup.json,sha256=ddXAUi6aVi2htf5R1bNn6YrC3SjshjLBgWtlzBgZ9Do,961
 cartography/data/jobs/cleanup/gsuite_ingest_users_cleanup.json,sha256=0qMLbVSTyq5F9vt4-TvVa3YAAvZCpPtzF9EwblaTxWg,353
@@ -133,7 +133,7 @@ cartography/driftdetect/shortcut.py,sha256=0AvX9vZGNRWeLiRqxU7eOOo77gcfufHx4IHZv
 cartography/driftdetect/storage.py,sha256=6ziscwJh34_1ylrSAK6B-U6o09xDhIa7Yb-V1kisveQ,1549
 cartography/driftdetect/util.py,sha256=Lqxv8QoFn3_3Fz18qCOjkjJ6yBwgrHjrxXmArBAEdkc,929
 cartography/graph/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cartography/graph/cleanupbuilder.py,sha256=87vFrOJo66hOrrqeNwXp18WrNQEheHTlZko9KUkXWhY,8021
+cartography/graph/cleanupbuilder.py,sha256=zZc7SvRz23sU_VN-RrHoyhug7dRZlqbbLwHbrlPdVik,9411
 cartography/graph/context.py,sha256=RGxGb8EnxowcqjR0nFF86baNhgRHeUF9wjIoFUoG8LU,1230
 cartography/graph/job.py,sha256=RZWsbNhHuJlcSpw4C73ZuovRTp7kGrcm3X9yUH8vT1Q,7488
 cartography/graph/querybuilder.py,sha256=7DtIGPlfeKcIWKw_ReCAX1OeUkhSnIRV_reeVaKL6I4,20416
@@ -153,7 +153,7 @@ cartography/intel/aws/elasticache.py,sha256=fCI47aDFmIDyE26GiReKYb6XIZUwrzcvsXBQ
 cartography/intel/aws/elasticsearch.py,sha256=ZL7MkXF_bXRSoXuDSI1dwGckRLG2zDB8LuAD07vSLnE,8374
 cartography/intel/aws/emr.py,sha256=xhWBVZngxJRFjMEDxwq3G6SgytRGLq0v2a_CeDvByR0,3372
 cartography/intel/aws/iam.py,sha256=zRlF9cKcYm44iL63G6bd-_flNOFHVrjsEfW0jZHpUNg,32387
-cartography/intel/aws/identitycenter.py,sha256=Mgd7ZNj8W7IghVSXovgYyQDwRt_MjxrBPGyDKxlFsoQ,9495
+cartography/intel/aws/identitycenter.py,sha256=OnyvsSfn6AszB2e9dPAsGmzgne0zq0_7Ta0A6k_l_TE,8956
 cartography/intel/aws/inspector.py,sha256=S22ZgRKEnmnBTJ-u0rodqRPB7_LkSIek47NeBxN4XJw,9336
 cartography/intel/aws/kms.py,sha256=bZUzMxAH_DsAcGTJBs08gg2tLKYu-QWjvMvV9C-6v50,11731
 cartography/intel/aws/lambda_function.py,sha256=KKTyn53xpaMI9WvIqxmsOASFwflHt-2_5ow-zUFc2wg,9890
@@ -161,7 +161,7 @@ cartography/intel/aws/organizations.py,sha256=HaQZ3J5XF15BuykuDypqFORDYpnoHuRRr4
 cartography/intel/aws/permission_relationships.py,sha256=IarV9gt5BaplZ5TPo_mfypt9bTKfT9qDtqC3Ob89qGI,14904
 cartography/intel/aws/rds.py,sha256=vnlNYmrO2Cc0PNn31CeG2QwYhwjVosbQFE9Ol1vQyLE,25252
 cartography/intel/aws/redshift.py,sha256=KOqiXIllHmtPTeaNGl-cX4srY5pFE6o12j8MQ5-zWpc,6694
-cartography/intel/aws/resourcegroupstaggingapi.py,sha256=aq4kPF6t8QZZoTxdkQVLXH65Di41CDJVM9llJNe6iaY,10278
+cartography/intel/aws/resourcegroupstaggingapi.py,sha256=I2VrL-oplGj2Jyhbo312V6vnER_FXpJRrc6OBJ-_VmI,10375
 cartography/intel/aws/resources.py,sha256=A8Dc3PtCfDyk5a1ZgAoHthhDPS6aWN_kR0PLwnHdC0Q,3370
 cartography/intel/aws/route53.py,sha256=IYqeQud1HuHnf11A7T-Jeif5DWgjpaaU-Jfr2cLUc_o,14099
 cartography/intel/aws/s3.py,sha256=SVxUMtMSkbdjZv5qOSYIbYb8BQa-QTojbHG85-EFWLA,27034
@@ -173,9 +173,9 @@ cartography/intel/aws/ec2/__init__.py,sha256=IDK2Yap7mllK_ab6yVMLXatJ94znIkn-szv
 cartography/intel/aws/ec2/auto_scaling_groups.py,sha256=ylfks8_oC0-fVMnToFbmRcbKdEN0H17LlN1-ZqW6ULc,8148
 cartography/intel/aws/ec2/elastic_ip_addresses.py,sha256=0k4NwS73VyWbEj5jXvSkaq2RNvmAlBlrN-UKa_Bj0uk,3957
 cartography/intel/aws/ec2/images.py,sha256=heElwHJGqVD3iUJjxwA_Sdc3CmE4HPs00CTMHuQ1wkc,3782
-cartography/intel/aws/ec2/instances.py,sha256=IJS9TJhk0aqFaRbmUOCE_sHVhZJLg8fPTF8zEnTlyvk,12372
+cartography/intel/aws/ec2/instances.py,sha256=uI8eVJmeEybS8y_T8CVKAkwxJyVDCH7sbuEJYeWGSWY,12468
 cartography/intel/aws/ec2/internet_gateways.py,sha256=dI-4-85_3DGGZZBcY_DN6XqESx9P26S6jKok314lcnQ,2883
-cartography/intel/aws/ec2/key_pairs.py,sha256=SvRgd56vE4eouvTSNoFK8PP8HYoECO91goxc36oq_FY,2508
+cartography/intel/aws/ec2/key_pairs.py,sha256=g4imIo_5jk8upq9J4--erg-OZXG2i3cJMe6SnNCYj9s,2635
 cartography/intel/aws/ec2/launch_templates.py,sha256=aeqaL8On38ET8nM8bISsIXLy6PkZoV-tqSWG38YXgkI,6010
 cartography/intel/aws/ec2/load_balancer_v2s.py,sha256=95FfQQn740gexINIHDJizOM4OKzRtQT_y2XQMipQ5Dg,8661
 cartography/intel/aws/ec2/load_balancers.py,sha256=1GwErzGqi3BKCARqfGJcD_r_D84rFKVy5kNMas9jAok,6756
@@ -222,7 +222,7 @@ cartography/intel/duo/phones.py,sha256=ueJheqSLD2xYcMus5eOiixPYS3_xVjgQzeomjV2a6
 cartography/intel/duo/tokens.py,sha256=bEEnjfc4waQnkRHVSnZLAeGE8wHOOZL7FA9m80GGQdQ,2396
 cartography/intel/duo/users.py,sha256=lc7ly_XKeUjJ50szw31WT_GiCrZfGKJv1zVUpmTchh4,4097
 cartography/intel/duo/web_authn_credentials.py,sha256=IbDf3CWqfEyI7f9zJugUvoDd6vZOECfb_7ANZaRYzuk,2636
-cartography/intel/gcp/__init__.py,sha256=jJOT6Ys97qm1W0jGXFwtSOOSGPa7q-Xxr1YIR8fKejo,15849
+cartography/intel/gcp/__init__.py,sha256=raPnE8b4WAwLfWJwU2D3JJwSnENHBRi_Bv9x-pMavdQ,15813
 cartography/intel/gcp/compute.py,sha256=CH2cBdOwbLZCAbkfRJkkI-sFybXVKRWEUGDJANQmvyA,48333
 cartography/intel/gcp/crm.py,sha256=Uw5PILhVFhpM8gq7uu2v7F_YikDW3gsTZ3d7-e8Z1_k,12324
 cartography/intel/gcp/dns.py,sha256=y2pvbmV04cnrMyuu_nbW3oc7uwHX6yEzn1n7veCsjmk,7748
@@ -231,10 +231,10 @@ cartography/intel/gcp/storage.py,sha256=oO_ayEhkXlj2Gn7T5MU41ZXiqwRwe6Ud4wzqyRTs
 cartography/intel/github/__init__.py,sha256=y876JJGTDJZEOFCDiNCJfcLNxN24pVj4s2N0YmuuoaE,1914
 cartography/intel/github/repos.py,sha256=MmpxZASDJFQxDeSMxX3pZcpxCHFPos4_uYC_cX9KjOg,29865
 cartography/intel/github/teams.py,sha256=AltQSmBHHmyzBtnRkez9Bo5yChEKBSt3wwzhGcfqmX4,14180
-cartography/intel/github/users.py,sha256=f_YIDwdNECRg7wRwY8qZ5mztm7m3SIgOz8BbfveRzy8,8734
+cartography/intel/github/users.py,sha256=MCLE0V0UCzQm3k3KmrNe6PYkI6usRQZYy2rCN3mT8o0,8948
 cartography/intel/github/util.py,sha256=K0cXOPuhnGvN-aqcSUBO3vTuKQLjufVal9kn2HwOpbo,8110
-cartography/intel/gsuite/__init__.py,sha256=AGIUskGlLCVGHbnQicNpNWi9AvmV7_7hUKTt-hsB2J8,4306
-cartography/intel/gsuite/api.py,sha256=J0dkNdfBVMrEv8vvStQu7YKVxXSyV45WueFhUS4aOG4,10310
+cartography/intel/gsuite/__init__.py,sha256=Ed5Lab8E_OpRY1JM7NBaQwajfbG2MCACU21xKS9_ETY,4636
+cartography/intel/gsuite/api.py,sha256=qgEnAcajYGsgC5XNKMnYxOli8Su9wooaEnBBEpsk2EY,10336
 cartography/intel/jamf/__init__.py,sha256=Nof-LrUeevoieo6oP2GyfTwx8k5TUIgreW6hSj53YjQ,419
 cartography/intel/jamf/computers.py,sha256=EfjlupQ-9HYTjOrmuwrGuJDy9ApAnJvk8WrYcp6_Jkk,1673
 cartography/intel/jamf/util.py,sha256=EAyP8VpOY2uAvW3HtX6r7qORNjGa1Tr3fuqezuLQ0j4,1017
@@ -288,7 +288,8 @@ cartography/models/aws/ec2/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 cartography/models/aws/ec2/auto_scaling_groups.py,sha256=ImIu-i5iU_CJQ25oa2MDnOhOjL4jcpBagPiB95JUvSE,8660
 cartography/models/aws/ec2/images.py,sha256=uGhXS7Xb6sKUdwwkS0O0dWP4sIREjusUaV_unODv9gE,3012
 cartography/models/aws/ec2/instances.py,sha256=cNMHngdGNRhxoyID6AmG2F7CQGC1fYani8DV8lSKvsI,3902
-cartography/models/aws/ec2/keypairs.py,sha256=scKC3SdExHAWkPNmb6tT9LK-9q4sweqS2ejFzMec10M,2630
+cartography/models/aws/ec2/keypair.py,sha256=UzKj1-Oyd-xMAJeuELzkGlDNAih1H9KpBwEgCCp54T8,2235
+cartography/models/aws/ec2/keypair_instance.py,sha256=M1Ru8Z_2izW0cADAnQVVHaKsT_4FucNZnjr2DIGncJY,2943
 cartography/models/aws/ec2/launch_configurations.py,sha256=zdfWJEx93HXDXd_IzSEkhvcztkJI7_v_TCE_d8ZNAyI,2764
 cartography/models/aws/ec2/launch_template_versions.py,sha256=RitfnAuAj0XpFsCXkRbtUhHMAi8Vsvmtury231eKvGU,3897
 cartography/models/aws/ec2/launch_templates.py,sha256=GqiwFuMp72LNSt2eQlp2WfdU_vHsom-xKV5AaUewSHQ,2157
@@ -353,9 +354,9 @@ cartography/models/snipeit/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJ
 cartography/models/snipeit/asset.py,sha256=FyRAaeXuZjMy0eUQcSDFcgEAF5lbLMlvqp1Tv9d3Lv4,3238
 cartography/models/snipeit/tenant.py,sha256=p4rFnpNNuF1W5ilGBbexDaETWTwavfb38RcQGoImkQI,679
 cartography/models/snipeit/user.py,sha256=MsB4MiCVNTH6JpESime7cOkB89autZOXQpL6Z0l7L6o,2113
-cartography-0.97.0.dist-info/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
-cartography-0.97.0.dist-info/METADATA,sha256=KXebB76HbcUfcT1umMgUjh0c8lw_ah1wCW1SEtZ5rWU,1938
-cartography-0.97.0.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-cartography-0.97.0.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
-cartography-0.97.0.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
-cartography-0.97.0.dist-info/RECORD,,
+cartography-0.98.0.dist-info/LICENSE,sha256=kvLEBRYaQ1RvUni6y7Ti9uHeooqnjPoo6n_-0JO1ETc,11351
+cartography-0.98.0.dist-info/METADATA,sha256=EVM33emFVVSN4bpq4GQ2tr6H6YbCt1CTm6B2zGASCe8,11470
+cartography-0.98.0.dist-info/WHEEL,sha256=A3WOREP4zgxI0fKrHUG8DC8013e3dK3n7a6HDbcEIwE,91
+cartography-0.98.0.dist-info/entry_points.txt,sha256=GVIAWD0o0_K077qMA_k1oZU4v-M0a8GLKGJR8tZ-qH8,112
+cartography-0.98.0.dist-info/top_level.txt,sha256=BHqsNJQiI6Q72DeypC1IINQJE59SLhU4nllbQjgJi9g,12
+cartography-0.98.0.dist-info/RECORD,,

{cartography-0.97.0.dist-info → cartography-0.98.0.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.6.0)
+Generator: setuptools (75.7.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

cartography/data/jobs/cleanup/github_org_and_users_cleanup.json

@@ -1,28 +0,0 @@
-{
-  "statements": [{
-    "query": "MATCH (n:GitHubUser) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (n:GitHubOrganization) WHERE n.lastupdated <> $UPDATE_TAG WITH n LIMIT $LIMIT_SIZE DETACH DELETE (n)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (:GitHubUser)-[r:OWNER]->(:GitHubRepository) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (:GitHubUser)-[r:MEMBER_OF]->(:GitHubOrganization) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
-    "iterative": true,
-    "iterationsize": 100
-  },
-  {
-    "query": "MATCH (:GitHubUser)-[r:UNAFFILIATED]->(:GitHubOrganization) WHERE r.lastupdated <> $UPDATE_TAG WITH r LIMIT $LIMIT_SIZE DELETE (r)",
-    "iterative": true,
-    "iterationsize": 100
-  }],
-  "name": "cleanup GitHub users data"
-}

cartography-0.97.0.dist-info/METADATA

@@ -1,53 +0,0 @@
-Metadata-Version: 2.1
-Name: cartography
-Version: 0.97.0
-Summary: Explore assets and their relationships across your technical infrastructure.
-Home-page: https://www.github.com/cartography-cncf/cartography
-Maintainer: Cartography Contributors
-License: apache2
-Classifier: Development Status :: 4 - Beta
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: Apache Software License
-Classifier: Natural Language :: English
-Classifier: Programming Language :: Python
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Topic :: Security
-Classifier: Topic :: Software Development :: Libraries
-Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Description-Content-Type: text/markdown
-License-File: LICENSE
-Requires-Dist: backoff>=2.1.2
-Requires-Dist: boto3>=1.15.1
-Requires-Dist: botocore>=1.18.1
-Requires-Dist: dnspython>=1.15.0
-Requires-Dist: neo4j<5.0.0,>=4.4.4
-Requires-Dist: policyuniverse>=1.1.0.0
-Requires-Dist: google-api-python-client>=1.7.8
-Requires-Dist: oauth2client>=4.1.3
-Requires-Dist: marshmallow>=3.0.0rc7
-Requires-Dist: oci>=2.71.0
-Requires-Dist: okta<1.0.0
-Requires-Dist: pyyaml>=5.3.1
-Requires-Dist: requests>=2.22.0
-Requires-Dist: statsd
-Requires-Dist: packaging
-Requires-Dist: python-digitalocean>=1.16.0
-Requires-Dist: adal>=1.2.4
-Requires-Dist: azure-cli-core>=2.26.0
-Requires-Dist: azure-mgmt-compute>=5.0.0
-Requires-Dist: azure-mgmt-resource>=10.2.0
-Requires-Dist: azure-mgmt-cosmosdb>=6.0.0
-Requires-Dist: msrestazure>=0.6.4
-Requires-Dist: azure-mgmt-storage>=16.0.0
-Requires-Dist: azure-mgmt-sql<=1.0.0
-Requires-Dist: azure-identity>=1.5.0
-Requires-Dist: kubernetes>=22.6.0
-Requires-Dist: pdpyras>=4.3.0
-Requires-Dist: crowdstrike-falconpy>=0.5.1
-Requires-Dist: python-dateutil
-Requires-Dist: xmltodict
-Requires-Dist: duo-client
-Requires-Dist: importlib-resources; python_version < "3.7"
-
-file: README.md