altametris.sara.core.auth.config¶
Authentication configuration for Data Science Azure services.
This module provides configuration classes for Azure authentication, supporting multiple authentication methods: 1. Managed Identity (production - Azure resources) 2. Service Principal (CI/CD pipelines) 3. Connection String (local development - fallback)
- Environment Variables (DS_* prefix for Data Science):
- Storage:
AZURE_STORAGE_ACCOUNT_NAME: Storage account name DS_WEIGHTS_CONTAINER: Container for weights (default: “weights-dev”) DS_WEIGHTS_PREFIX: Prefix/folder for weights (default: “yolo-sara”) DS_TEST_CONTAINER: Container for test data (default: “unit-tests”) DS_TEST_PREFIX: Prefix/folder for test data (default: “yolo-sara”) DS_TEST_WEIGHT_NAME: Test weight filename (default: “yolo11n.pt”) DS_TEST_IMAGE_NAME: Test image filename (default: “000000000139.jpg”)
- API:
DS_API_BASE_URL: APIM base URL DS_API_SCOPE: OAuth2 scope for API
- Authentication:
AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_CLIENT_SECRET: Service Principal AZURE_STORAGE_CONNECTION_STRING: Connection string (fallback)
Classes¶
Authentication configuration for Data Science Azure services. |
Module Contents¶
- class altametris.sara.core.auth.config.DsAuthConfig¶
Authentication configuration for Data Science Azure services.
This configuration class loads authentication settings from environment variables and supports multiple authentication methods following Azure best practices.
Authentication Priority: 1. DefaultAzureCredential (Managed Identity or Service Principal via env vars) 2. Connection String (fallback for local development)
- Blob Path Structure:
{container}/{prefix}/{filename} Example: weights-dev/yolo-sara/yolo11n.pt
Example
>>> # From environment variables >>> config = DsAuthConfig.from_env() >>> print(config.get_weight_blob_path("yolo11n.pt")) 'yolo-sara/yolo11n.pt'
>>> # Manual creation >>> config = DsAuthConfig( ... storage_account_name="myaccount", ... weights_container="weights-dev", ... weights_prefix="my-project" ... )
- storage_account_name: str | None = None¶
- weights_container: str = 'weights-dev'¶
- test_container: str = 'unit-tests'¶
- weights_prefix: str = 'yolo-sara'¶
- test_prefix: str = 'yolo-sara'¶
- test_weight_name: str = 'yolo11n.pt'¶
- test_image_name: str = '000000000139.jpg'¶
- api_base_url: str = 'https://am-ds-apiman-dev.azure-api.net'¶
- api_scope: str | None = None¶
- classmethod from_env() DsAuthConfig¶
Load configuration from environment variables.
This method reads all authentication and configuration settings from environment variables. It provides sensible defaults for optional ones.
- Environment Variables:
DS_WEIGHTS_CONTAINER: Container for weights (default: “weights-dev”) DS_WEIGHTS_PREFIX: Prefix/folder for weights (default: “yolo-sara”) DS_TEST_CONTAINER: Container for test data (default: “unit-tests”) DS_TEST_PREFIX: Prefix/folder for test data (default: “yolo-sara”) DS_TEST_WEIGHT_NAME: Test weight filename (default: “yolo11n.pt”) DS_TEST_IMAGE_NAME: Test image filename (default: “000000000139.jpg”) DS_API_BASE_URL: APIM base URL DS_API_SCOPE: OAuth2 scope for API
- Returns:
Configured authentication settings
- Return type:
Example
>>> import os >>> os.environ["DS_API_SCOPE"] = "api://ds-dev/.default" >>> os.environ["DS_WEIGHTS_PREFIX"] = "my-project" >>> config = DsAuthConfig.from_env()
- property has_service_principal: bool¶
Check if Service Principal credentials are configured.
- Returns:
True if all Service Principal env vars are set
- Return type:
bool
- property has_connection_string: bool¶
Check if Connection String is configured.
- Returns:
True if connection string is set
- Return type:
bool
- property auth_method: str¶
Get the primary authentication method that will be used.
- Returns:
One of “service_principal”, “connection_string”, “default_azure”
- Return type:
str
Example
>>> config = DsAuthConfig.from_env() >>> print(config.auth_method) 'default_azure'
- get_storage_account_url() str¶
Get the full Blob Storage account URL.
- Returns:
Full HTTPS URL to the storage account
- Return type:
str
- Raises:
DsAuthError – If storage_account_name is not configured
Example
>>> config = DsAuthConfig(storage_account_name="myaccount") >>> config.get_storage_account_url() 'https://myaccount.blob.core.windows.net'
- get_weight_blob_path(filename: str) str¶
Build the full blob path for a weight file.
Constructs path as: {prefix}/{filename}
- Parameters:
filename – Name of the weight file (e.g., “yolo11n.pt”)
- Returns:
Full blob path (e.g., “yolo-sara/yolo11n.pt”)
- Return type:
str
Example
>>> config = DsAuthConfig(weights_prefix="yolo-sara") >>> config.get_weight_blob_path("yolo11n.pt") 'yolo-sara/yolo11n.pt' >>> config = DsAuthConfig(weights_prefix="") >>> config.get_weight_blob_path("yolo11n.pt") 'yolo11n.pt'
- get_test_weight_blob_path() str¶
Get the full blob path for the test weight file.
- Returns:
Full blob path (e.g., “yolo-sara/yolo11n.pt”)
- Return type:
str
Example
>>> config = DsAuthConfig.from_env() >>> config.get_test_weight_blob_path() 'yolo-sara/yolo11n.pt'
- get_test_image_blob_path() str¶
Get the full blob path for the test image file.
- Returns:
Full blob path (e.g., “yolo-sara/000000000139.jpg”)
- Return type:
str
Example
>>> config = DsAuthConfig.from_env() >>> config.get_test_image_blob_path() 'yolo-sara/000000000139.jpg'
- get_apim_weight_url(filename: str) str¶
Build the full APIM URL for downloading a weight file.
Constructs URL as: {api_base_url}/weights/{prefix}/{filename}
- Parameters:
filename – Name of the weight file (e.g., “yolo11n.pt”)
- Returns:
Full APIM URL
- Return type:
str
Example
>>> config = DsAuthConfig( ... api_base_url="https://am-ds-apiman-dev.azure-api.net", ... weights_prefix="yolo-sara" ... ) >>> config.get_apim_weight_url("yolo11n.pt") 'https://am-ds-apiman-dev.azure-api.net/weights/yolo-sara/yolo11n.pt'
- get_apim_list_url() str¶
Build the APIM URL for listing available weights.
Constructs URL as: {api_base_url}/weights/list
- Returns:
Full APIM URL for listing weights
- Return type:
str
Example
>>> config = DsAuthConfig( ... api_base_url="https://am-ds-apiman-dev.azure-api.net" ... ) >>> config.get_apim_list_url() 'https://am-ds-apiman-dev.azure-api.net/weights/list'