OCI Policy Analysis Entry Points
Desktop application
- oci_policy_analysis.main.GITHUB_REPO_RELEASES_URL = 'https://github.com/agregory999/oci-policy-analysis/releases'
Main Tkinter UI application for OCI Policy Analysis.
This module can be executed directly:
python -m oci_policy_analysis.main
or via the script entrypoint (if configured):
oci-policy-analysis
When run as a script, the __main__ block launches the full desktop UI.
- class oci_policy_analysis.main.App(*args: Any, **kwargs: Any)[source]
Bases:
TkMain User Interface entry point for OCI Policy Analysis application. Inherits from tk.Tk (TKinter) to create the main application window. Tabbed interface with multiple tabs for different analysis features. Helper classes and Repositories for data management and AI integration.
Adds a fixed status bar at the window bottom showing policy data load status/source/time/reload.
- refresh_all_tabs_settings()[source]
Call apply_settings (context help and font) for all tabs that support it.
- apply_theme(*args)[source]
Apply the selected font size from settings to the application style. Not currently exposed in UI, but used at startup to set font size from saved settings.
TODO: Expand to full theme support if desired.
- Parameters:
*args – Optional arguments (not used).
- toggle_bottom()[source]
Toggle the visibility of the bottom output frame. Only available after AI is set up.
- reload_policies_and_compartments_and_update_cache()[source]
Reload just policies, compartments, statements (not IAM) from tenancy, update the ‘policy_data_reloaded’ timestamp, persist sections in cache, and update all UI components as if a tenancy load had completed. Legacy synchronous reload path.
- reload_policies_and_compartments_and_update_cache_async(callback: dict | None = None, show_popup: bool = True)[source]
Non-blocking policy/compartment reload with progress dialog and callbacks.
- Callback keys (all optional):
progress(message: str)
complete(success: bool, message: str, is_error: bool)
error(success: bool, message: str, is_error: bool)
- load_tenancy_async(tenancy_id, recursive, instance_principal, named_profile=None, named_session=None, named_cache=None, load_all_users=True, compartment_domain_search_depth=1, callback=None, show_popup: bool = False)[source]
Asynchronously loads tenancy data, policies, and compartments. Requires parameters for authentication method, whether to load compartments recursively, and optional named profile/session/cache.
- Parameters:
tenancy_id (str) – The OCID of the tenancy to load.
recursive (bool) – Whether to load compartments recursively.
instance_principal (bool) – Whether to use instance principal authentication.
named_profile (str) – The named profile to use for authentication.
named_session (str) – The named session token if applicable.
named_cache (str) – The named cache file to load if applicable.
load_all_users (bool) – Whether to load all users from identity domains.
compartment_domain_search_depth (int) – How many levels below root to enumerate for domains (1 = root only).
callback (dict, optional) – A dictionary of callback functions for progress, error, and completion
show_popup (bool) – Whether to show modal progress popup for initial tenancy load.
- load_compliance_output_async(dir_path: str, callback: dict | None = None, load_all_users: bool = True, show_popup: bool = False)[source]
Asynchronously loads policy, compartment, group, user, dynamic group, and domain data from compliance output .csv files. :param dir_path: The directory containing compliance output files as per spec. :type dir_path: str :param callback: Callbacks for progress, error, and complete. :type callback: dict, optional :param load_all_users: If False, skip loading users. Defaults to True. :type load_all_users: bool, optional
- ask_genai_async(prompt: str, additional_instruction: str = '', callback=None, test_call: bool = False)[source]
Asynchronously queries the GenAI model with the given prompt and additional instructions.
- set_bottom_output(content: str, test_call: bool = False)[source]
Display the given string content as plain text in the output_text widget.
Command-line interface
- oci_policy_analysis.cli.main()[source]
Entry point for the OCI Policy and Dynamic Group Viewer CLI.
Parses command-line arguments to load, filter, display, or export OCI identity and policy information from Oracle Cloud Infrastructure (OCI) using cached or live data.
Parameters
- –verbosebool
Enable verbose logging.
- –log-levelstr
Set CLI log level (CRITICAL, ERROR, WARNING, INFO, or DEBUG).
- –app-logbool
Log output to app.log instead of console.
- –instance-principalbool
Use instance principal authentication.
- –get-cachesstr
List available caches for the given tenancy.
- –print-allbool
Print all policies and dynamic groups.
- –recursivebool
Recursively load policies across all compartments.
- –use-cachestr, optional
Load data from a specified combined cache file.
- –dont-save-cache-after-loadbool
Prevent saving a new combined cache after loading from OCI.
- –profilestr
OCI CLI profile to use (default
DEFAULT).- –filter-jsonstr, optional
A JSON filter expression for policies.
- –export-jsonstr, optional
Write collected data to a JSON file.
- –export-permissions-reportstr, optional
Write the calculated permissions report to a JSON/CSV path prefix.
- Usage Examples:
To print all policies and dynamic groups using the ADMIN profile with verbose logging:
python -m oci_policy_analysis.cli --verbose --profile ADMIN --print-allTo list available caches for a tenancy named “example-tenancy”:
python -m oci_policy_analysis.cli --get-caches example-tenancyTo load data from a specific cache and export to JSON:
python -m oci_policy_analysis.cli --use-cache 2024-11-17T10-43-08+00-00To filter policies with a JSON expression:
python -m oci_policy_analysis.cli --filter-json '{"Subject": "group1", "Verb": "read"}'
- returns:
None. Provides console output and/or writes files as specified.
Standalone MCP server
The MCP tool functions are included explicitly because their docstrings form part of the context presented to MCP consumers.