yera.providers.azure_common
Shared Azure credential and logging helpers.
Centralises credential construction so setup, discovery, and runtime all acquire tokens against the same tenant. Azure OpenAI supports AAD bearer tokens natively, so Yera never stores an API key for this provider.
Symbols
build_azure_credential
build_azure_credential(
tenant_id: str,
) → DefaultAzureCredentialBuild a DefaultAzureCredential pinned to a specific tenant.
additionally_allowed_tenants ensures the credential chain can
acquire tokens for tenant_id even when the active Azure CLI
context points elsewhere — which is the common failure mode for
users with multiple Azure identities.
Parameters
The AAD tenant UUID this credential should target.
Returns
A DefaultAzureCredential that will try managed identity, workload identity, env vars, Azure CLI, and developer tools in order — all constrained to the given tenant.
build_azure_openai_client
build_azure_openai_client(
connection: AzureConnection,
) → AzureOpenAIBuild an AzureOpenAI client authenticated via AAD bearer token.
Constructs a tenant-pinned credential, wraps it in a token provider scoped to the Cognitive Services data plane, and passes it to the AzureOpenAI client. No API key is involved — authentication is handled entirely through the AAD credential chain.
Parameters
The Azure connection config supplying the tenant ID, endpoint URL, and API version.
Returns
An AzureOpenAI client configured for the connection's endpoint and API version, with AAD token-based authentication.
suppress_azure_logging
suppress_azure_logging() → NoneSilence chatty INFO-level logs from the Azure SDK chain.
The identity/mgmt SDKs log each credential attempt at INFO, which
clutters CLI output. Call this before any operation that touches
azure.* modules.