OCI Policy Analysis Entry Points

Desktop application

oci_policy_analysis.main.GITHUB_REPO_RELEASES_URL = 'https://github.com/agregory999/oci-policy-analysis/releases'

Main Tkinter UI application for OCI Policy Analysis.

This module can be executed directly:

python -m oci_policy_analysis.main

or via the script entrypoint (if configured):

oci-policy-analysis

When run as a script, the __main__ block launches the full desktop UI.

class oci_policy_analysis.main.App(*args: Any, **kwargs: Any)[source]

Bases: Tk

Main User Interface entry point for OCI Policy Analysis application. Inherits from tk.Tk (TKinter) to create the main application window. Tabbed interface with multiple tabs for different analysis features. Helper classes and Repositories for data management and AI integration.

Adds a fixed status bar at the window bottom showing policy data load status/source/time/reload.

ai_additional_instructions: str
update_status_bar()[source]

Update status bar with policy data load status and tracking flag.

refresh_all_tabs_settings()[source]

Call apply_settings (context help and font) for all tabs that support it.

apply_theme(*args)[source]

Apply the selected font size from settings to the application style. Not currently exposed in UI, but used at startup to set font size from saved settings.

TODO: Expand to full theme support if desired.

Parameters:

*args – Optional arguments (not used).

toggle_bottom()[source]

Toggle the visibility of the bottom output frame. Only available after AI is set up.

reload_policies_and_compartments_and_update_cache()[source]

Reload just policies, compartments, statements (not IAM) from tenancy, update the ‘policy_data_reloaded’ timestamp, persist sections in cache, and update all UI components as if a tenancy load had completed. Legacy synchronous reload path.

reload_policies_and_compartments_and_update_cache_async(callback: dict | None = None, show_popup: bool = True)[source]

Non-blocking policy/compartment reload with progress dialog and callbacks.

Callback keys (all optional):
  • progress(message: str)

  • complete(success: bool, message: str, is_error: bool)

  • error(success: bool, message: str, is_error: bool)

load_tenancy_async(tenancy_id, recursive, instance_principal, named_profile=None, named_session=None, named_cache=None, load_all_users=True, compartment_domain_search_depth=1, callback=None, show_popup: bool = False)[source]

Asynchronously loads tenancy data, policies, and compartments. Requires parameters for authentication method, whether to load compartments recursively, and optional named profile/session/cache.

Parameters:
  • tenancy_id (str) – The OCID of the tenancy to load.

  • recursive (bool) – Whether to load compartments recursively.

  • instance_principal (bool) – Whether to use instance principal authentication.

  • named_profile (str) – The named profile to use for authentication.

  • named_session (str) – The named session token if applicable.

  • named_cache (str) – The named cache file to load if applicable.

  • load_all_users (bool) – Whether to load all users from identity domains.

  • compartment_domain_search_depth (int) – How many levels below root to enumerate for domains (1 = root only).

  • callback (dict, optional) – A dictionary of callback functions for progress, error, and completion

  • show_popup (bool) – Whether to show modal progress popup for initial tenancy load.

load_compliance_output_async(dir_path: str, callback: dict | None = None, load_all_users: bool = True, show_popup: bool = False)[source]

Asynchronously loads policy, compartment, group, user, dynamic group, and domain data from compliance output .csv files. :param dir_path: The directory containing compliance output files as per spec. :type dir_path: str :param callback: Callbacks for progress, error, and complete. :type callback: dict, optional :param load_all_users: If False, skip loading users. Defaults to True. :type load_all_users: bool, optional

ask_genai_async(prompt: str, additional_instruction: str = '', callback=None, test_call: bool = False)[source]

Asynchronously queries the GenAI model with the given prompt and additional instructions.

Parameters:
  • prompt (str) – The main prompt to send to the GenAI model.

  • additional_instruction (str, optional) – Any additional instructions to include in the query.

  • callback (dict, optional) – A dictionary of callback functions for different stages of the query.

set_bottom_output(content: str, test_call: bool = False)[source]

Display the given string content as plain text in the output_text widget.

Parameters:
  • content (str) – The text content to display in the output area.

  • test_call (bool) – Indicates if this is a test call to set output.

copy_output_text()[source]

Copies the current output text to the clipboard if it is non-empty.

Opens the given web link in the default browser.

Parameters:

link (str) – The URL to open.

open_condition_tester_with_condition(condition_text)[source]

Open the Condition Tester tab, populate it with the given condition string, auto-generate inputs for it, and switch focus to this tab.

Parameters:

condition_text (str) – The condition string to test.

oci_policy_analysis.main.main() None[source]

Main entry point for OCI Policy Analysis application.

Command-line interface

oci_policy_analysis.cli.main()[source]

Entry point for the OCI Policy and Dynamic Group Viewer CLI.

Parses command-line arguments to load, filter, display, or export OCI identity and policy information from Oracle Cloud Infrastructure (OCI) using cached or live data.

Parameters

–verbosebool

Enable verbose logging.

–log-levelstr

Set CLI log level (CRITICAL, ERROR, WARNING, INFO, or DEBUG).

–app-logbool

Log output to app.log instead of console.

–instance-principalbool

Use instance principal authentication.

–get-cachesstr

List available caches for the given tenancy.

–print-allbool

Print all policies and dynamic groups.

–recursivebool

Recursively load policies across all compartments.

–use-cachestr, optional

Load data from a specified combined cache file.

–dont-save-cache-after-loadbool

Prevent saving a new combined cache after loading from OCI.

–profilestr

OCI CLI profile to use (default DEFAULT).

–filter-jsonstr, optional

A JSON filter expression for policies.

–export-jsonstr, optional

Write collected data to a JSON file.

–export-permissions-reportstr, optional

Write the calculated permissions report to a JSON/CSV path prefix.

Usage Examples:

To print all policies and dynamic groups using the ADMIN profile with verbose logging:

python -m oci_policy_analysis.cli --verbose --profile ADMIN --print-all

To list available caches for a tenancy named “example-tenancy”:

python -m oci_policy_analysis.cli --get-caches example-tenancy

To load data from a specific cache and export to JSON:

python -m oci_policy_analysis.cli --use-cache 2024-11-17T10-43-08+00-00

To filter policies with a JSON expression:

python -m oci_policy_analysis.cli --filter-json '{"Subject": "group1", "Verb": "read"}'

returns:

None. Provides console output and/or writes files as specified.

Standalone MCP server

The MCP tool functions are included explicitly because their docstrings form part of the context presented to MCP consumers.