altametris.sara.core.auth
=========================

.. py:module:: altametris.sara.core.auth

.. autoapi-nested-parse::

   Authentication module for YOLO-SARA.

   This module provides authentication and credential management for Azure services,
   primarily focused on Blob Storage access for model weights and API authentication.

   Key Components:
   - DsCredentials: Main credential manager for Azure services
   - DsAuthConfig: Configuration class for authentication settings
   - DsAuthError: Custom exception for authentication errors

   Supported Authentication Methods:
   1. DefaultAzureCredential (Managed Identity, Service Principal, Azure CLI)
   2. Connection String (local development fallback)

   Quick Start:
       >>> from altametris.sara.core.auth import DsCredentials
       >>>
       >>> # Initialize credentials (loads from environment)
       >>> creds = DsCredentials()
       >>>
       >>> # Get authenticated Blob Service Client (for use with AzureWeightManager)
       >>> blob_client = creds.get_blob_service_client()
       >>>
       >>> # Get API token for APIM authentication
       >>> token = creds.get_api_token()

   Environment Variables:
       Required:
           AZURE_STORAGE_ACCOUNT_NAME: Storage account name

       Optional (Authentication):
           AZURE_TENANT_ID: Azure AD tenant (for Service Principal)
           AZURE_CLIENT_ID: Application ID (for Service Principal)
           AZURE_CLIENT_SECRET: Application secret (for Service Principal)
           AZURE_STORAGE_CONNECTION_STRING: Connection string (local dev)

       Optional (Configuration):
           DS_WEIGHTS_CONTAINER: Container for weights (default: "weights-dev")
           DS_WEIGHTS_PREFIX: Prefix/folder for weights (default: "yolo-sara")
           DS_TEST_CONTAINER: Container for tests (default: "unit-tests")
           DS_TEST_PREFIX: Prefix/folder for tests (default: "yolo-sara")
           DS_API_BASE_URL: API base URL (default: "https://am-ds-apiman-dev.azure-api.net")
           DS_API_SCOPE: OAuth2 scope for API (optional)

   Example - Production (Managed Identity):
       >>> # On Azure resource (VM, AKS, Container Instance)
       >>> import os
       >>> os.environ["AZURE_STORAGE_ACCOUNT_NAME"] = "amdsaiazmldev6965382199"
       >>> creds = DsCredentials()
       >>> creds.validate_access()  # Test authentication
       True

   Example - CI/CD (Service Principal):
       >>> import os
       >>> os.environ["AZURE_STORAGE_ACCOUNT_NAME"] = "amdsaiazmldev6965382199"
       >>> os.environ["AZURE_TENANT_ID"] = "tenant-id"
       >>> os.environ["AZURE_CLIENT_ID"] = "client-id"
       >>> os.environ["AZURE_CLIENT_SECRET"] = "client-secret"
       >>> creds = DsCredentials()
       >>> print(creds.config.auth_method)
       'service_principal'

   Example - Local Dev (Connection String):
       >>> import os
       >>> os.environ["AZURE_STORAGE_CONNECTION_STRING"] = "DefaultEndpointsProtocol=https;..."
       >>> creds = DsCredentials()
       >>> print(creds.config.auth_method)
       'connection_string'



Submodules
----------

.. toctree::
   :maxdepth: 1

   /autoapi/altametris/sara/core/auth/config/index
   /autoapi/altametris/sara/core/auth/credentials/index
   /autoapi/altametris/sara/core/auth/exceptions/index