altametris.sara.core.auth¶
Authentication module for YOLO-SARA.
This module provides authentication and credential management for Azure services, primarily focused on Blob Storage access for model weights and API authentication.
Key Components: - DsCredentials: Main credential manager for Azure services - DsAuthConfig: Configuration class for authentication settings - DsAuthError: Custom exception for authentication errors
Supported Authentication Methods: 1. DefaultAzureCredential (Managed Identity, Service Principal, Azure CLI) 2. Connection String (local development fallback)
- Quick Start:
>>> from altametris.sara.core.auth import DsCredentials >>> >>> # Initialize credentials (loads from environment) >>> creds = DsCredentials() >>> >>> # Get authenticated Blob Service Client (for use with AzureWeightManager) >>> blob_client = creds.get_blob_service_client() >>> >>> # Get API token for APIM authentication >>> token = creds.get_api_token()
- Environment Variables:
- Required:
AZURE_STORAGE_ACCOUNT_NAME: Storage account name
- Optional (Authentication):
AZURE_TENANT_ID: Azure AD tenant (for Service Principal) AZURE_CLIENT_ID: Application ID (for Service Principal) AZURE_CLIENT_SECRET: Application secret (for Service Principal) AZURE_STORAGE_CONNECTION_STRING: Connection string (local dev)
- Optional (Configuration):
DS_WEIGHTS_CONTAINER: Container for weights (default: “weights-dev”) DS_WEIGHTS_PREFIX: Prefix/folder for weights (default: “yolo-sara”) DS_TEST_CONTAINER: Container for tests (default: “unit-tests”) DS_TEST_PREFIX: Prefix/folder for tests (default: “yolo-sara”) DS_API_BASE_URL: API base URL (default: “https://am-ds-apiman-dev.azure-api.net”) DS_API_SCOPE: OAuth2 scope for API (optional)
- Example - Production (Managed Identity):
>>> # On Azure resource (VM, AKS, Container Instance) >>> import os >>> os.environ["AZURE_STORAGE_ACCOUNT_NAME"] = "amdsaiazmldev6965382199" >>> creds = DsCredentials() >>> creds.validate_access() # Test authentication True
- Example - CI/CD (Service Principal):
>>> import os >>> os.environ["AZURE_STORAGE_ACCOUNT_NAME"] = "amdsaiazmldev6965382199" >>> os.environ["AZURE_TENANT_ID"] = "tenant-id" >>> os.environ["AZURE_CLIENT_ID"] = "client-id" >>> os.environ["AZURE_CLIENT_SECRET"] = "client-secret" >>> creds = DsCredentials() >>> print(creds.config.auth_method) 'service_principal'
- Example - Local Dev (Connection String):
>>> import os >>> os.environ["AZURE_STORAGE_CONNECTION_STRING"] = "DefaultEndpointsProtocol=https;..." >>> creds = DsCredentials() >>> print(creds.config.auth_method) 'connection_string'