OCI Policy Analysis UI

Tkinter UI components for OCI Policy Analysis.

SettingsTab

class oci_policy_analysis.ui.SettingsTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Settings Tab for OCI Policy Analysis UI. Allows configuration of tenancy, profile, MCP server, and AI settings. All tenancy data is loaded via this tab.

_on_ai_enablement_finished(success: bool, message: str, clear: bool = False)[source]

Callback from App once AI loading completes. Used to enable AI toggle button if successful.

Parameters:

success (bool) – Whether the AI call was successful.
message (str) – Message to display.
clear (bool) – Whether to clear the message after a delay.

_toggle_console_tab()[source]: Toggle the visibility of the console and debug tab in the notebook.

_toggle_maintenance_tab()[source]: Toggle the visibility of the maintenance tab in the notebook.

refresh_context_help()[source]: Refresh style/visibility of Page Help label. (SettingsTab extension point)

refresh_cache_list()[source]: Update the cache list OptionMenu in the Settings tab to reflect the current state, preserving selection.

apply_config()[source]: Apply changes to Model ID and Endpoint in AI client.

PoliciesTab

class oci_policy_analysis.ui.PoliciesTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Tab for displaying and filtering OCI policies.

Supports searching and filtering by multiple criteria (OR via | character in fields).
Includes saved search/load, policy export, and summary displays.
Context help is unified and appears at the top, per app setting.
Provides right-click analysis and integration with other app tabs.

clear_policy_filters()[source]

export_policy_to_csv()[source]

populate_data(*args)[source]: Populate the policy output using per-step timing ala BaseUITab.timed_step (sub-timings).

update_policy_output(*args, **kwargs)[source]: [DEPRECATED] Use populate_data instead for sub-timing and improved logging.

enable_widgets_after_load()[source]: Enable widgets after load.

DynamicGroupsTab

class oci_policy_analysis.ui.DynamicGroupsTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Dynamic Groups Tab for OCI Policy Analysis UI.

Browse, filter, and analyze dynamic groups and related policies. Select dynamic groups to reveal matching policy statements below.

set_show_all_data(checked: bool | None = None) → None[source]

Sync table display columns with the Show all Data checkbox.

If checked is provided, force the checkbox to that state. If checked is None, rely on the current BooleanVar value (used when invoked by the Checkbutton command, since Tkinter has already toggled it).

set_ocid_filter_and_search(ocids: list[str] | None) → None[source]

Set the DG OCID filter from a list of OCIDs and refresh the table.

Intended for cross-tab integrations (e.g., Policies tab right-click actions) to programmatically focus on one or more dynamic groups by OCID. OCIDs are joined with | to leverage existing OR semantics.

populate_data() → None[source]

Populate / refresh Dynamic Groups tab data after a load.

This is the single entry point used by the main application after repository data is (re)loaded. It enables filter controls and refreshes the dynamic groups table using the current filter state.

apply_settings(context_help: bool, font_size: str)[source]: Update context help and font settings (called globally from main app).

enable_controls()[source]: Called from main app when data is loaded to enable the controls

UsersTab

class oci_policy_analysis.ui.UsersTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Users Tab for OCI Policy Analysis UI. Allows selection of Groups or Users, and displays associated policy statements. Supports filtering and detailed policy statement views.

populate_data()[source]

Populate / refresh Users tab data after a tenancy or cache load.

This is the single entry point used by the main application after repository data is (re)loaded. It ensures that:

The GROUPS/USERS dropdown reflects the current repository state (including load_all_users and whether users were actually loaded).
The top tables (groups/users) and counts are refreshed using the current search text and selection.

Behavior-wise this is equivalent to the previous sequence of calls from main:

update_user_analysis_output()
update_users_dropdown_options()

set_show_all_data(checked=None)[source]

Sync table display columns with the Show all Data checkbox.

If checked is provided, force the checkbox to that state. If checked is None, rely on the current BooleanVar value (used when invoked by the Checkbutton command, since Tkinter has already toggled it).

sync_load_all_users_checkbox()[source]: Ensures the checkbox/UI for load_all_users matches the repository state. Should be called after loading data/cache if UI lags behind data model.

should_show_users_option()[source]: Returns True if the USERS option should be available in the dropdown, i.e., only if load_all_users is True AND there are users loaded.

update_users_dropdown_options()[source]

Refresh the GROUPS/USERS dropdown based on current repo state.

This should be called after any tenancy/repository load and is safe to invoke at other times. The method also forces a refresh of the table below by calling update_user_analysis_output() at the end so that the current selection (GROUPS vs USERS) and search term are immediately reflected in the UI.

update_user_analysis_output()[source]

Update the top user/group listing and associated counters.

This method is responsible for:

Updating the Total Groups / Total Users labels from the underlying repository.
Displaying either the groups table or the users table, depending on the current value of self.groups_option_var ('GROUPS' or 'USERS').
Applying the search filter from self.user_group_search using GroupSearch / UserSearch.

It does not compute policy statements; those are handled by _update_user_analysis_policy_output() and update_user_policy_output().

update_user_policy_output()[source]

Refresh the policy statements table and related labels.

This uses the pre-computed self.filtered_policies and self.selected_groups_for_table that are maintained by _update_user_analysis_policy_output() when the selection in the groups/users tables changes.

Responsibilities:

Toggle between basic vs expanded policy columns based on the Parsed Output checkbox (self.chk_show_expanded).
Optionally include “any-user” / “any-group” statements when the corresponding checkbox is enabled.
Push the final policy list into self.users_policy_table and update the Selected Groups helper table and the Policy Statements (Filtered) count label.

on_load_all_users_setting_changed(enabled: bool)[source]: Called if settings change for Load All Users to refresh user/group options and UI. Synchronizes between UI and model: both directions.

ReportTab

ConsoleTab

class oci_policy_analysis.ui.ConsoleTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Console Tab: Show all logs (unfiltered) with control of log level. Debug logs go to shell only. For this reason, the level selector excludes DEBUG.

PolicyRecommendationsTab

class oci_policy_analysis.ui.PolicyRecommendationsTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Unified UI tab for displaying Oracle Cloud Policy Recommendations and analytics.

STATEMENTS_PER_COMPARTMENT_LIMIT = 500

populate_data()[source]: Called after policy analysis/intelligence is refreshed. Reload all analytics/tables, using timing. Also launches OCI tenancy limits fetch (policies-count, statements-count).

update_limits_tab_output()[source]

fetch_tenancy_policy_statement_limits()[source]

reload_all_analytics()[source]

on_enabled_cleanup_checks_changed()[source]: Called when Settings > Recommendation/Consolidation cleanup check toggles change. Re-runs analytics with new checks.

update_policy_risk_tab_output()[source]: Aggregates risk per policy (from statement risk) and updates the table. Adds globally normalized risk and supporting stats.

update_risk_tab_output()[source]: Update statement risk table: only allow statements, columns: Policy Path, Effective Path, Score, Relative Risk, Risk Notes, Statement Text (truncated).

update_overlap_tab_output()[source]

update_consolidation_tab_output()[source]: Refresh the consolidation tab’s data after analytics reload.

update_cleanup_tab_output()[source]: Refresh the cleanup tab’s data after analytics reload.

apply_settings(context_help: bool, font_size: str)[source]: Apply context help and font size settings for the recommendations tab.

McpTab

class oci_policy_analysis.ui.McpTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

MCP Tab for OCI Policy Analysis UI. Allows starting/stopping the MCP server and viewing its logs. .. method:: __init__

Initializes the McpTab with UI components and callbacks.

_start_mcp()[source]: (Internal) Starts the MCP server in a separate thread.

ResourcePrincipalsTab

class oci_policy_analysis.ui.ResourcePrincipalsTab(*args: Any, **kwargs: Any)[source]

Bases: BaseUITab

Resource Principals Tab for OCI Policy Analysis UI.

Allows viewing Dynamic Groups and associated policy statements, with contextual page help. Now inherits from BaseUITab. .. method:: __init__

Initializes the ResourcePrincipalsTab with UI components and context help.

_build_ui()[source]: (Internal) Builds the UI components for the tab.

apply_settings()[source]: Updates tab appearance and page help when global UI settings change.

update_principals_sheets()[source]: Updates sheets based on dropdown and DG selection (called from main app, or internally).

update_principals_sheets(*args)[source]

Update view: show or hide tables depending on dropdown, update data in both tables.

In DG mode, show both tables; in other principal modes, show only matching policy table, hiding DG table.
Refresh table data for all cases.
Text filter field applies to Matching Rule (DG) or Policy Statement (any-user modes).

apply_settings(context_help: bool, font_size: str)[source]: Update help area and style on global context help and font size change (from main.py).

MaintenanceTab

class oci_policy_analysis.ui.MaintenanceTab(*args: Any, **kwargs: Any)[source]

Bases: Frame

Maintenance Tab for OCI Policy Analysis UI. Provides cache management and permissions testing tools. .. method:: __init__

Initializes the MaintenanceTab with UI components and callbacks.

_refresh_maintenance_cache_list()[source]: (Internal) Refreshes the cache list display.

_maintenance_remove_selected_cache()[source]: (Internal) Removes the selected cache entry.

_maintenance_rename_selected_cache()[source]: (Internal) Renames the selected cache entry.

_maintenance_preserve_selected_cache()[source]: (Internal) Toggles the preserve status of the selected cache entry.

_maintenance_permissions_load_data()[source]: (Internal) Loads reference data for permissions testing.

_maintenance_get_permission()[source]: (Internal) Retrieves permissions for the selected resource/family and verb.

_maintenance_check_overlap()[source]: (Internal) Checks for overlap between two permission statements.

build_ui()[source]

refresh_data()[source]: Public method: must be called after reference data is loaded and ready. Loads or reloads all data-dependent UI elements (comboboxes, JSON viewers, permissions, etc).

DataTable

class oci_policy_analysis.ui.DataTable(*args: Any, **kwargs: Any)[source]

Bases: Frame

A Tkinter table widget with alternating row colors, sortable columns, resizable columns, show/hide columns, row selection with callback, full space utilization, cell copy functionality, and row context menu.

Note: for checklist-style tables with checkboxes and custom action button, see the more generic CheckboxTable class also defined below.

Note: ttk.Treeview does not natively support multi-line text wrapping. Text with newlines may appear clipped; use wider columns (via column_widths) for better visibility. Font, padding, and ttk.Style must be configured externally to include right-side cell padding (e.g., padding=(0, 0, 5, 0)) for column separation.

parent: The parent Tkinter widget.

columns: List of all possible column names.

display_columns: List of initially displayed column names.

data: List of dictionaries containing row data.

sortable: Enable/disable column sorting (default: True).

row_colors: Tuple of colors for alternating rows (default: white, light gray).

selection_callback: Optional function to call with selected rows (default: None). Can be omitted if no callback is needed.

multi_select: Enable/disable multi-row selection (default: False).

column_widths: Dictionary mapping column names to initial widths (default: None, uses 100 for all columns).

row_context_menu_callback: Optional function to create a context menu for a row (default: None).

set_multi_select(multi_select: bool) → None[source]: Set single or multi-select mode.

set_display_columns(display_columns: list[str]) → None[source]: Set the displayed columns externally.

update_data(new_data: list[dict]) → None[source]: Update table data and refresh display. Re-applies current sort if one was set.

apply_theme(theme: str) → None[source]: Apply light or dark theme colors to the Treeview. :param theme: ‘light’ or ‘dark’

CheckboxTable

class oci_policy_analysis.ui.CheckboxTable(*args: Any, **kwargs: Any)[source]

Bases: Frame

A DataTable-based Tkinter widget for a table with a first-column checkbox and resizable columns, alternating backgrounds, and an action button.

Optional display_columns restricts which columns are shown (subset of columns; the checkbox column is “☑”). Optional sortable enables column header sorting on the inner DataTable (default False).

get_checked_rows()[source]

update_data(data)[source]