From e9231898642cad447b450fc35582b896ee8e151b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?McCoy=20Pati=C3=B1o?= <39780829+mccoyp@users.noreply.github.com> Date: Mon, 9 Sep 2024 09:42:25 -0700 Subject: [PATCH] [Key Vault] Linting updates for pylint 3.2.5 (#37241) --- .../azure/__init__.py | 1 - .../azure/keyvault/__init__.py | 1 - .../azure/keyvault/certificates/_client.py | 97 ++++--- .../azure/keyvault/certificates/_models.py | 1 - .../keyvault/certificates/_shared/__init__.py | 2 +- .../keyvault/certificates/_shared/_polling.py | 1 - .../keyvault/certificates/aio/_client.py | 95 ++++--- .../azure-keyvault-keys/azure/__init__.py | 1 - .../azure/keyvault/__init__.py | 1 - .../azure/keyvault/keys/_client.py | 239 +++++++++++++----- .../azure/keyvault/keys/_models.py | 4 +- .../azure/keyvault/keys/_shared/__init__.py | 2 +- .../azure/keyvault/keys/_shared/_polling.py | 1 - .../azure/keyvault/keys/aio/_client.py | 233 +++++++++++++---- .../azure/keyvault/keys/crypto/_client.py | 46 +++- .../keyvault/keys/crypto/_internal/rsa_key.py | 2 +- .../keyvault/keys/crypto/_providers/ec.py | 1 - .../keys/crypto/_providers/local_provider.py | 1 - .../keyvault/keys/crypto/_providers/rsa.py | 1 - .../keys/crypto/_providers/symmetric.py | 1 - .../azure/keyvault/keys/crypto/aio/_client.py | 46 +++- .../keyvault/secrets/_shared/__init__.py | 2 +- .../keyvault/secrets/_shared/_polling.py | 1 - 23 files changed, 557 insertions(+), 223 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/__init__.py index 125860bac907..679ab6995134 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/__init__.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/__init__.py @@ -2,5 +2,4 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -# pylint:disable=missing-docstring __path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/__init__.py index 125860bac907..679ab6995134 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/__init__.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/__init__.py @@ -2,5 +2,4 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -# pylint:disable=missing-docstring __path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_client.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_client.py index 919c2594a172..4eefa0c736fe 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_client.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_client.py @@ -5,7 +5,7 @@ # pylint:disable=too-many-lines,too-many-public-methods,bad-option-value,delete-operation-wrong-return-type import base64 from functools import partial -from typing import Any, List, Optional, Union +from typing import Any, Dict, List, Optional, Union from azure.core.polling import LROPoller from azure.core.paging import ItemPaged @@ -14,6 +14,7 @@ from ._shared import KeyVaultClientBase from ._shared._polling import DeleteRecoverPollingMethod, KeyVaultOperationPoller from ._models import ( + AdministratorContact, KeyVaultCertificate, CertificateProperties, CertificatePolicy, @@ -57,7 +58,13 @@ class CertificateClient(KeyVaultClientBase): @distributed_trace def begin_create_certificate( - self, certificate_name: str, policy: CertificatePolicy, **kwargs: Any + self, + certificate_name: str, + policy: CertificatePolicy, + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + **kwargs: Any, ) -> LROPoller[Union[KeyVaultCertificate, CertificateOperation]]: """Creates a new certificate. @@ -97,7 +104,6 @@ def begin_create_certificate( polling_interval = kwargs.pop("_polling_interval", None) if polling_interval is None: polling_interval = 5 - enabled = kwargs.pop("enabled", None) if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) @@ -107,7 +113,7 @@ def begin_create_certificate( parameters = self._models.CertificateCreateParameters( certificate_policy=policy._to_certificate_policy_bundle(), certificate_attributes=attributes, - tags=kwargs.pop("tags", None), + tags=tags ) pipeline_response, cert_bundle = self._client.create_certificate( @@ -341,7 +347,17 @@ def begin_recover_deleted_certificate(self, certificate_name: str, **kwargs: Any return KeyVaultOperationPoller(polling_method) @distributed_trace - def import_certificate(self, certificate_name: str, certificate_bytes: bytes, **kwargs: Any) -> KeyVaultCertificate: + def import_certificate( + self, + certificate_name: str, + certificate_bytes: bytes, + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + password: Optional[str] = None, + policy: Optional[CertificatePolicy] = None, + **kwargs: Any, + ) -> KeyVaultCertificate: """Import a certificate created externally. Requires certificates/import permission. Imports an existing valid certificate, containing a private key, into Azure Key Vault. The certificate to be @@ -370,9 +386,6 @@ def import_certificate(self, certificate_name: str, certificate_bytes: bytes, ** :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - policy = kwargs.pop("policy", None) - if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) else: @@ -381,10 +394,10 @@ def import_certificate(self, certificate_name: str, certificate_bytes: bytes, ** parameters = self._models.CertificateImportParameters( base64_encoded_certificate=base64_encoded_certificate, - password=kwargs.pop("password", None), + password=password, certificate_policy=policy._to_certificate_policy_bundle() if policy else None, certificate_attributes=attributes, - tags=kwargs.pop("tags", None), + tags=tags, ) bundle = self._client.import_certificate( @@ -437,7 +450,13 @@ def update_certificate_policy( @distributed_trace def update_certificate_properties( - self, certificate_name: str, version: "Optional[str]" = None, **kwargs: Any + self, + certificate_name: str, + version: Optional[str] = None, + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + **kwargs: Any, ) -> KeyVaultCertificate: """Change a certificate's properties. Requires certificates/update permission. @@ -462,15 +481,13 @@ def update_certificate_properties( :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) else: attributes = None parameters = self._models.CertificateUpdateParameters( - certificate_attributes=attributes, tags=kwargs.pop("tags", None) + certificate_attributes=attributes, tags=tags ) bundle = self._client.update_certificate( @@ -789,7 +806,13 @@ def cancel_certificate_operation(self, certificate_name: str, **kwargs: Any) -> @distributed_trace def merge_certificate( - self, certificate_name: str, x509_certificates: "List[bytes]", **kwargs: Any + self, + certificate_name: str, + x509_certificates: List[bytes], + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + **kwargs: Any, ) -> KeyVaultCertificate: """Merges a certificate or a certificate chain with a key pair existing on the server. @@ -813,15 +836,13 @@ def merge_certificate( :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) else: attributes = None parameters = self._models.CertificateMergeParameters( - x509_certificates=x509_certificates, certificate_attributes=attributes, tags=kwargs.pop("tags", None) + x509_certificates=x509_certificates, certificate_attributes=attributes, tags=tags ) bundle = self._client.merge_certificate( @@ -855,7 +876,18 @@ def get_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIssuer: return CertificateIssuer._from_issuer_bundle(issuer_bundle=issuer_bundle) @distributed_trace - def create_issuer(self, issuer_name: str, provider: str, **kwargs: Any) -> CertificateIssuer: + def create_issuer( + self, + issuer_name: str, + provider: str, + *, + enabled: Optional[bool] = None, + account_id: Optional[str] = None, + password: Optional[str] = None, + organization_id: Optional[str] = None, + admin_contacts: Optional[List[AdministratorContact]] = None, + **kwargs: Any, + ) -> CertificateIssuer: """Sets the specified certificate issuer. Requires certificates/setissuers permission. :param str issuer_name: The name of the issuer. @@ -883,12 +915,6 @@ def create_issuer(self, issuer_name: str, provider: str, **kwargs: Any) -> Certi :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - account_id = kwargs.pop("account_id", None) - password = kwargs.pop("password", None) - organization_id = kwargs.pop("organization_id", None) - admin_contacts = kwargs.pop("admin_contacts", None) - if account_id or password: issuer_credentials = self._models.IssuerCredentials(account_id=account_id, password=password) else: @@ -927,7 +953,18 @@ def create_issuer(self, issuer_name: str, provider: str, **kwargs: Any) -> Certi return CertificateIssuer._from_issuer_bundle(issuer_bundle=issuer_bundle) @distributed_trace - def update_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIssuer: + def update_issuer( + self, + issuer_name: str, + *, + enabled: Optional[bool] = None, + provider: Optional[str] = None, + account_id: Optional[str] = None, + password: Optional[str] = None, + organization_id: Optional[str] = None, + admin_contacts: Optional[List[AdministratorContact]] = None, + **kwargs: Any, + ) -> CertificateIssuer: """Updates the specified certificate issuer. Requires certificates/setissuers permission. :param str issuer_name: The name of the issuer. @@ -946,12 +983,6 @@ def update_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIssuer: :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - account_id = kwargs.pop("account_id", None) - password = kwargs.pop("password", None) - organization_id = kwargs.pop("organization_id", None) - admin_contacts = kwargs.pop("admin_contacts", None) - if account_id or password: issuer_credentials = self._models.IssuerCredentials(account_id=account_id, password=password) else: @@ -978,7 +1009,7 @@ def update_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIssuer: issuer_attributes = None parameters = self._models.CertificateIssuerUpdateParameters( - provider=kwargs.pop("provider", None), + provider=provider, credentials=issuer_credentials, organization_details=organization_details, attributes=issuer_attributes, diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_models.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_models.py index 26ab010c6fd7..8c0b38554454 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_models.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_models.py @@ -721,7 +721,6 @@ def _to_certificate_policy_bundle(self) -> models.CertificatePolicy: else: issuer_parameters = None - # pylint:disable=too-many-boolean-expressions if ( self.enabled is not None or self.created_on is not None diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/__init__.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/__init__.py index b245cf4fdb00..4bcf3faed073 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/__init__.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/__init__.py @@ -45,7 +45,7 @@ def __init__( def parse_key_vault_id(source_id: str) -> KeyVaultResourceId: try: parsed_uri = parse.urlparse(source_id) - except Exception as exc: # pylint: disable=broad-except + except Exception as exc: raise ValueError(f"'{source_id}' is not a valid ID") from exc if not (parsed_uri.scheme and parsed_uri.hostname): raise ValueError(f"'{source_id}' is not a valid ID") diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_polling.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_polling.py index 672cf20faa0f..d4b83a0eca57 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_polling.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/_shared/_polling.py @@ -25,7 +25,6 @@ class KeyVaultOperationPoller(LROPoller): :type polling_method: ~azure.core.polling.PollingMethod """ - # pylint: disable=arguments-differ def __init__(self, polling_method: PollingMethod) -> None: super(KeyVaultOperationPoller, self).__init__(None, None, lambda *_: None, NoPolling()) self._polling_method = polling_method diff --git a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/aio/_client.py b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/aio/_client.py index f238a57be60b..f08bd19385f0 100644 --- a/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-certificates/azure/keyvault/certificates/aio/_client.py @@ -4,7 +4,7 @@ # ------------------------------------ # pylint:disable=too-many-lines,too-many-public-methods import base64 -from typing import Any, Optional, List, Union +from typing import Any, Dict, List, Optional, Union from functools import partial from azure.core.polling import AsyncLROPoller @@ -13,6 +13,7 @@ from azure.core.async_paging import AsyncItemPaged from .. import ( + AdministratorContact, KeyVaultCertificate, CertificateOperation, CertificatePolicy, @@ -55,7 +56,13 @@ class CertificateClient(AsyncKeyVaultClientBase): # pylint:disable=protected-access @distributed_trace_async async def create_certificate( - self, certificate_name: str, policy: CertificatePolicy, **kwargs: Any + self, + certificate_name: str, + policy: CertificatePolicy, + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + **kwargs: Any, ) -> Union[KeyVaultCertificate, CertificateOperation]: """Creates a new certificate. @@ -93,7 +100,6 @@ async def create_certificate( polling_interval = kwargs.pop("_polling_interval", None) if polling_interval is None: polling_interval = 5 - enabled = kwargs.pop("enabled", None) if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) @@ -103,7 +109,7 @@ async def create_certificate( parameters = self._models.CertificateCreateParameters( certificate_policy=policy._to_certificate_policy_bundle(), certificate_attributes=attributes, - tags=kwargs.pop("tags", None), + tags=tags, ) pipeline_response, cert_bundle = await self._client.create_certificate( @@ -336,7 +342,15 @@ async def recover_deleted_certificate(self, certificate_name: str, **kwargs: Any @distributed_trace_async async def import_certificate( - self, certificate_name: str, certificate_bytes: bytes, **kwargs: Any + self, + certificate_name: str, + certificate_bytes: bytes, + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + password: Optional[str] = None, + policy: Optional[CertificatePolicy] = None, + **kwargs: Any, ) -> KeyVaultCertificate: """Import a certificate created externally. Requires certificates/import permission. @@ -366,9 +380,6 @@ async def import_certificate( :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - policy = kwargs.pop("policy", None) - if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) else: @@ -377,10 +388,10 @@ async def import_certificate( parameters = self._models.CertificateImportParameters( base64_encoded_certificate=base64_encoded_certificate, - password=kwargs.pop("password", None), + password=password, certificate_policy=policy._to_certificate_policy_bundle() if policy else None, certificate_attributes=attributes, - tags=kwargs.pop("tags", None), + tags=tags, ) bundle = await self._client.import_certificate( @@ -436,7 +447,13 @@ async def update_certificate_policy( @distributed_trace_async async def update_certificate_properties( - self, certificate_name: str, version: Optional[str] = None, **kwargs: Any + self, + certificate_name: str, + version: Optional[str] = None, + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + **kwargs: Any, ) -> KeyVaultCertificate: """Change a certificate's properties. Requires certificates/update permission. @@ -461,15 +478,13 @@ async def update_certificate_properties( :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) else: attributes = None parameters = self._models.CertificateUpdateParameters( - certificate_attributes=attributes, tags=kwargs.pop("tags", None) + certificate_attributes=attributes, tags=tags ) bundle = await self._client.update_certificate( @@ -791,7 +806,13 @@ async def cancel_certificate_operation(self, certificate_name: str, **kwargs: An @distributed_trace_async async def merge_certificate( - self, certificate_name: str, x509_certificates: List[bytes], **kwargs: Any + self, + certificate_name: str, + x509_certificates: List[bytes], + *, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + **kwargs: Any, ) -> KeyVaultCertificate: """Merges a certificate or a certificate chain with a key pair existing on the server. @@ -814,15 +835,13 @@ async def merge_certificate( :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - if enabled is not None: attributes = self._models.CertificateAttributes(enabled=enabled) else: attributes = None parameters = self._models.CertificateMergeParameters( - x509_certificates=x509_certificates, certificate_attributes=attributes, tags=kwargs.pop("tags", None) + x509_certificates=x509_certificates, certificate_attributes=attributes, tags=tags ) bundle = await self._client.merge_certificate( @@ -859,7 +878,18 @@ async def get_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIssuer return CertificateIssuer._from_issuer_bundle(issuer_bundle=issuer_bundle) @distributed_trace_async - async def create_issuer(self, issuer_name: str, provider: str, **kwargs: Any) -> CertificateIssuer: + async def create_issuer( + self, + issuer_name: str, + provider: str, + *, + enabled: Optional[bool] = None, + account_id: Optional[str] = None, + password: Optional[str] = None, + organization_id: Optional[str] = None, + admin_contacts: Optional[List[AdministratorContact]] = None, + **kwargs: Any, + ) -> CertificateIssuer: """Sets the specified certificate issuer. Requires certificates/setissuers permission. :param str issuer_name: The name of the issuer. @@ -887,12 +917,6 @@ async def create_issuer(self, issuer_name: str, provider: str, **kwargs: Any) -> :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - account_id = kwargs.pop("account_id", None) - password = kwargs.pop("password", None) - organization_id = kwargs.pop("organization_id", None) - admin_contacts = kwargs.pop("admin_contacts", None) - if account_id or password: issuer_credentials = self._models.IssuerCredentials(account_id=account_id, password=password) else: @@ -931,7 +955,18 @@ async def create_issuer(self, issuer_name: str, provider: str, **kwargs: Any) -> return CertificateIssuer._from_issuer_bundle(issuer_bundle=issuer_bundle) @distributed_trace_async - async def update_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIssuer: + async def update_issuer( + self, + issuer_name: str, + *, + enabled: Optional[bool] = None, + provider: Optional[str] = None, + account_id: Optional[str] = None, + password: Optional[str] = None, + organization_id: Optional[str] = None, + admin_contacts: Optional[List[AdministratorContact]] = None, + **kwargs: Any, + ) -> CertificateIssuer: """Updates the specified certificate issuer. Requires certificates/setissuers permission. :param str issuer_name: The name of the issuer. @@ -951,12 +986,6 @@ async def update_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIss :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - account_id = kwargs.pop("account_id", None) - password = kwargs.pop("password", None) - organization_id = kwargs.pop("organization_id", None) - admin_contacts = kwargs.pop("admin_contacts", None) - if account_id or password: issuer_credentials = self._models.IssuerCredentials(account_id=account_id, password=password) else: @@ -983,7 +1012,7 @@ async def update_issuer(self, issuer_name: str, **kwargs: Any) -> CertificateIss issuer_attributes = None parameters = self._models.CertificateIssuerUpdateParameters( - provider=kwargs.pop("provider", None), + provider=provider, credentials=issuer_credentials, organization_details=organization_details, attributes=issuer_attributes, diff --git a/sdk/keyvault/azure-keyvault-keys/azure/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/__init__.py index 125860bac907..679ab6995134 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/__init__.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/__init__.py @@ -2,5 +2,4 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -# pylint:disable=missing-docstring __path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/__init__.py index 125860bac907..679ab6995134 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/__init__.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/__init__.py @@ -2,5 +2,4 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ -# pylint:disable=missing-docstring __path__ = __import__("pkgutil").extend_path(__path__, __name__) # type: ignore diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py index f014eb66df32..b03c7768aedd 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py @@ -4,19 +4,19 @@ # ------------------------------------ from datetime import datetime from functools import partial -from typing import Any, Optional, Union +from typing import Any, Dict, List, Optional, Union from azure.core.paging import ItemPaged from azure.core.polling import LROPoller from azure.core.tracing.decorator import distributed_trace from .crypto import CryptographyClient -from ._enums import KeyType +from ._enums import KeyCurveName, KeyExportEncryptionAlgorithm, KeyOperation, KeyType from ._generated.models import KeyAttributes -from ._models import JsonWebKey +from ._models import JsonWebKey, KeyRotationLifetimeAction from ._shared import KeyVaultClientBase from ._shared._polling import DeleteRecoverPollingMethod, KeyVaultOperationPoller -from ._models import DeletedKey, KeyVaultKey, KeyProperties, KeyRotationPolicy, ReleaseKeyResult +from ._models import DeletedKey, KeyVaultKey, KeyProperties, KeyReleasePolicy, KeyRotationPolicy, ReleaseKeyResult def _get_key_id(vault_url, key_name, version=None): @@ -103,7 +103,23 @@ def get_cryptography_client( ) @distributed_trace - def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: Any) -> KeyVaultKey: + def create_key( + self, + name: str, + key_type: Union[str, KeyType], + *, + size: Optional[int] = None, + curve: Optional[Union[str, KeyCurveName]] = None, + public_exponent: Optional[int] = None, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a key or, if ``name`` is already in use, create a new version of the key. Requires keys/create permission. @@ -121,7 +137,7 @@ def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: Any) -> :keyword public_exponent: The RSA public exponent to use. Applies only to RSA keys created in a Managed HSM. :paramtype public_exponent: int or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword enabled: Whether the key is enabled for use. :paramtype enabled: bool or None :keyword tags: Application specific metadata in the form of key-value pairs. @@ -148,37 +164,46 @@ def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: Any) -> :caption: Create a key :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - not_before = kwargs.pop("not_before", None) - expires_on = kwargs.pop("expires_on", None) - exportable = kwargs.pop("exportable", None) attributes = self._get_attributes( enabled=enabled, not_before=not_before, expires_on=expires_on, exportable=exportable ) - policy = kwargs.pop("release_policy", None) + policy = release_policy if policy is not None: policy = self._models.KeyReleasePolicy( encoded_policy=policy.encoded_policy, content_type=policy.content_type, immutable=policy.immutable ) parameters = self._models.KeyCreateParameters( kty=key_type, - key_size=kwargs.pop("size", None), + key_size=size, key_attributes=attributes, - key_ops=kwargs.pop("key_operations", None), - tags=kwargs.pop("tags", None), - curve=kwargs.pop("curve", None), - public_exponent=kwargs.pop("public_exponent", None), + key_ops=key_operations, + tags=tags, + curve=curve, + public_exponent=public_exponent, release_policy=policy, ) - bundle = self._client.create_key( - vault_base_url=self.vault_url, key_name=name, parameters=parameters, **kwargs - ) + bundle = self._client.create_key(vault_base_url=self.vault_url, key_name=name, parameters=parameters, **kwargs) return KeyVaultKey._from_key_bundle(bundle) @distributed_trace - def create_rsa_key(self, name: str, **kwargs: Any) -> KeyVaultKey: + def create_rsa_key( + self, + name: str, + *, + size: Optional[int] = None, + public_exponent: Optional[int] = None, + hardware_protected: Optional[bool] = False, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a new RSA key or, if ``name`` is already in use, create a new version of the key Requires the keys/create permission. @@ -193,7 +218,7 @@ def create_rsa_key(self, name: str, **kwargs: Any) -> KeyVaultKey: Defaults to ``False``. :paramtype hardware_protected: bool or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword enabled: Whether the key is enabled for use. :paramtype enabled: bool or None :keyword tags: Application specific metadata in the form of key-value pairs. @@ -220,11 +245,37 @@ def create_rsa_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :caption: Create RSA key :dedent: 8 """ - hsm = kwargs.pop("hardware_protected", False) - return self.create_key(name, key_type="RSA-HSM" if hsm else "RSA", **kwargs) + return self.create_key( + name, + key_type="RSA-HSM" if hardware_protected else "RSA", + size=size, + public_exponent=public_exponent, + key_operations=key_operations, + enabled=enabled, + tags=tags, + not_before=not_before, + expires_on=expires_on, + exportable=exportable, + release_policy=release_policy, + **kwargs, + ) @distributed_trace - def create_ec_key(self, name: str, **kwargs: Any) -> KeyVaultKey: + def create_ec_key( + self, + name: str, + *, + curve: Optional[Union[str, KeyCurveName]] = None, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + hardware_protected: Optional[bool] = False, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a new elliptic curve key or, if ``name`` is already in use, create a new version of the key. Requires the keys/create permission. @@ -234,7 +285,7 @@ def create_ec_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :keyword curve: Elliptic curve name. Defaults to the NIST P-256 elliptic curve. :paramtype curve: ~azure.keyvault.keys.KeyCurveName or str or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword hardware_protected: Whether the key should be created in a hardware security module. Defaults to ``False``. :paramtype hardware_protected: bool or None @@ -264,11 +315,36 @@ def create_ec_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :caption: Create an elliptic curve key :dedent: 8 """ - hsm = kwargs.pop("hardware_protected", False) - return self.create_key(name, key_type="EC-HSM" if hsm else "EC", **kwargs) + return self.create_key( + name, + key_type="EC-HSM" if hardware_protected else "EC", + curve=curve, + key_operations=key_operations, + enabled=enabled, + tags=tags, + not_before=not_before, + expires_on=expires_on, + exportable=exportable, + release_policy=release_policy, + **kwargs, + ) @distributed_trace - def create_oct_key(self, name: str, **kwargs: Any) -> KeyVaultKey: + def create_oct_key( + self, + name: str, + *, + size: Optional[int] = None, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + hardware_protected: Optional[bool] = False, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a new octet sequence (symmetric) key or, if ``name`` is in use, create a new version of the key. Requires the keys/create permission. @@ -278,7 +354,7 @@ def create_oct_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :keyword size: Key size in bits, for example 128, 192, or 256. :paramtype size: int or None :keyword key_operations: Allowed key operations. - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword hardware_protected: Whether the key should be created in a hardware security module. Defaults to ``False``. :paramtype hardware_protected: bool or None @@ -307,8 +383,19 @@ def create_oct_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :caption: Create an octet sequence (symmetric) key :dedent: 8 """ - hsm = kwargs.pop("hardware_protected", False) - return self.create_key(name, key_type="oct-HSM" if hsm else "oct", **kwargs) + return self.create_key( + name, + key_type="oct-HSM" if hardware_protected else "oct", + size=size, + key_operations=key_operations, + enabled=enabled, + tags=tags, + not_before=not_before, + expires_on=expires_on, + exportable=exportable, + release_policy=release_policy, + **kwargs, + ) @distributed_trace def begin_delete_key(self, name: str, **kwargs: Any) -> LROPoller[DeletedKey]: # pylint:disable=bad-option-value,delete-operation-wrong-return-type @@ -565,7 +652,19 @@ def begin_recover_deleted_key(self, name: str, **kwargs: Any) -> LROPoller[KeyVa return KeyVaultOperationPoller(polling_method) @distributed_trace - def update_key_properties(self, name: str, version: Optional[str] = None, **kwargs: Any) -> KeyVaultKey: + def update_key_properties( + self, + name: str, + version: Optional[str] = None, + *, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Change a key's properties (not its cryptographic material). Requires keys/update permission. @@ -575,7 +674,7 @@ def update_key_properties(self, name: str, version: Optional[str] = None, **kwar :type version: str or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword enabled: Whether the key is enabled for use. :paramtype enabled: bool or None :keyword tags: Application specific metadata in the form of key-value pairs. @@ -601,20 +700,17 @@ def update_key_properties(self, name: str, version: Optional[str] = None, **kwar :caption: Update a key's attributes :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - not_before = kwargs.pop("not_before", None) - expires_on = kwargs.pop("expires_on", None) attributes = self._get_attributes(enabled=enabled, not_before=not_before, expires_on=expires_on) - policy = kwargs.pop("release_policy", None) + policy = release_policy if policy is not None: policy = self._models.KeyReleasePolicy( content_type=policy.content_type, encoded_policy=policy.encoded_policy, immutable=policy.immutable ) parameters = self._models.KeyUpdateParameters( - key_ops=kwargs.pop("key_operations", None), + key_ops=key_operations, key_attributes=attributes, - tags=kwargs.pop("tags", None), + tags=tags, release_policy=policy, ) @@ -686,7 +782,20 @@ def restore_key_backup(self, backup: bytes, **kwargs: Any) -> KeyVaultKey: return KeyVaultKey._from_key_bundle(bundle) @distributed_trace - def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaultKey: + def import_key( + self, + name: str, + key: JsonWebKey, + *, + hardware_protected: Optional[bool] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Import a key created externally. Requires keys/import permission. If ``name`` is already in use, the key will be imported as a new version. @@ -715,15 +824,11 @@ def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaultKey: :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - not_before = kwargs.pop("not_before", None) - expires_on = kwargs.pop("expires_on", None) - exportable = kwargs.pop("exportable", None) attributes = self._get_attributes( enabled=enabled, not_before=not_before, expires_on=expires_on, exportable=exportable ) - policy = kwargs.pop("release_policy", None) + policy = release_policy if policy is not None: policy = self._models.KeyReleasePolicy( content_type=policy.content_type, encoded_policy=policy.encoded_policy, immutable=policy.immutable @@ -731,8 +836,8 @@ def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaultKey: parameters = self._models.KeyImportParameters( key=key._to_generated_model(), key_attributes=attributes, - hsm=kwargs.pop("hardware_protected", None), - tags=kwargs.pop("tags", None), + hsm=hardware_protected, + tags=tags, release_policy=policy, ) @@ -740,7 +845,16 @@ def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaultKey: return KeyVaultKey._from_key_bundle(bundle) @distributed_trace - def release_key(self, name: str, target_attestation_token: str, **kwargs: Any) -> ReleaseKeyResult: + def release_key( + self, + name: str, + target_attestation_token: str, + *, + version: Optional[str] = None, + algorithm: Optional[Union[str, KeyExportEncryptionAlgorithm]] = None, + nonce: Optional[str] = None, + **kwargs: Any, + ) -> ReleaseKeyResult: """Releases a key. The release key operation is applicable to all key types. The target key must be marked @@ -761,15 +875,14 @@ def release_key(self, name: str, target_attestation_token: str, **kwargs: Any) - :raises ~azure.core.exceptions.HttpResponseError: """ - version = kwargs.pop("version", None) result = self._client.release( vault_base_url=self._vault_url, key_name=name, key_version=version or "", parameters=self._models.KeyReleaseParameters( target_attestation_token=target_attestation_token, - nonce=kwargs.pop("nonce", None), - enc=kwargs.pop("algorithm", None), + nonce=nonce, + enc=algorithm, ), **kwargs ) @@ -833,7 +946,13 @@ def rotate_key(self, name: str, **kwargs: Any) -> KeyVaultKey: @distributed_trace def update_key_rotation_policy( - self, key_name: str, policy: KeyRotationPolicy, **kwargs: Any + self, + key_name: str, + policy: KeyRotationPolicy, + *, + lifetime_actions: Optional[List[KeyRotationLifetimeAction]] = None, + expires_in: Optional[str] = None, + **kwargs: Any, ) -> KeyRotationPolicy: """Updates the rotation policy of a Key Vault key. @@ -845,7 +964,7 @@ def update_key_rotation_policy( :keyword lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. This will override the lifetime actions of the provided ``policy``. - :paramtype lifetime_actions: list[~azure.keyvault.keys.KeyRotationLifetimeAction] + :paramtype lifetime_actions: List[~azure.keyvault.keys.KeyRotationLifetimeAction] :keyword str expires_in: The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 duration. For example: 90 days is "P90D", 3 months is "P3M", and 48 hours is "PT48H". See `Wikipedia `_ for more information on ISO 8601 durations. @@ -856,22 +975,22 @@ def update_key_rotation_policy( :raises ~azure.core.exceptions.HttpResponseError: """ - lifetime_actions = kwargs.pop("lifetime_actions", policy.lifetime_actions) - if lifetime_actions: - lifetime_actions = [ + actions = lifetime_actions or policy.lifetime_actions + if actions: + actions = [ self._models.LifetimeActions( action=self._models.LifetimeActionsType(type=action.action), trigger=self._models.LifetimeActionsTrigger( time_after_create=action.time_after_create, time_before_expiry=action.time_before_expiry ), ) - for action in lifetime_actions + for action in actions ] - attributes = self._models.KeyRotationPolicyAttributes(expiry_time=kwargs.pop("expires_in", policy.expires_in)) - new_policy = self._models.KeyRotationPolicy(lifetime_actions=lifetime_actions or [], attributes=attributes) + attributes = self._models.KeyRotationPolicyAttributes(expiry_time=expires_in or policy.expires_in) + new_policy = self._models.KeyRotationPolicy(lifetime_actions=actions or [], attributes=attributes) result = self._client.update_key_rotation_policy( - vault_base_url=self._vault_url, key_name=key_name, key_rotation_policy=new_policy + vault_base_url=self._vault_url, key_name=key_name, key_rotation_policy=new_policy, **kwargs ) return KeyRotationPolicy._from_generated(result) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py index 03383177f4cc..607ae0919d2a 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py @@ -11,14 +11,12 @@ from ._generated.models import JsonWebKey as _JsonWebKey if TYPE_CHECKING: - # pylint:disable=unused-import from ._generated import models as _models KeyOperationResult = namedtuple("KeyOperationResult", ["id", "value"]) class JsonWebKey(object): - # pylint:disable=too-many-instance-attributes """As defined in http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18. All parameters are optional. :keyword str kid: Key identifier. @@ -409,7 +407,7 @@ class KeyVaultKey(object): def __init__(self, key_id: str, jwk: Optional[Dict[str, Any]] = None, **kwargs) -> None: self._properties: KeyProperties = kwargs.pop("properties", None) or KeyProperties(key_id, **kwargs) if isinstance(jwk, dict): - if any(field in kwargs for field in JsonWebKey._FIELDS): # pylint:disable=protected-access + if any(field in kwargs for field in JsonWebKey._FIELDS): raise ValueError( "Individual keyword arguments for key material and the 'jwk' argument are mutually exclusive." ) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/__init__.py index b245cf4fdb00..4bcf3faed073 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/__init__.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/__init__.py @@ -45,7 +45,7 @@ def __init__( def parse_key_vault_id(source_id: str) -> KeyVaultResourceId: try: parsed_uri = parse.urlparse(source_id) - except Exception as exc: # pylint: disable=broad-except + except Exception as exc: raise ValueError(f"'{source_id}' is not a valid ID") from exc if not (parsed_uri.scheme and parsed_uri.hostname): raise ValueError(f"'{source_id}' is not a valid ID") diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py index 672cf20faa0f..d4b83a0eca57 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py @@ -25,7 +25,6 @@ class KeyVaultOperationPoller(LROPoller): :type polling_method: ~azure.core.polling.PollingMethod """ - # pylint: disable=arguments-differ def __init__(self, polling_method: PollingMethod) -> None: super(KeyVaultOperationPoller, self).__init__(None, None, lambda *_: None, NoPolling()) self._polling_method = polling_method diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py index 2b4da3a51ae5..86d537129cc3 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/aio/_client.py @@ -2,9 +2,10 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ +# pylint:disable=too-many-lines from datetime import datetime from functools import partial -from typing import Any, Optional, Union +from typing import Any, Dict, List, Optional, Union from azure.core.async_paging import AsyncItemPaged from azure.core.tracing.decorator import distributed_trace @@ -12,6 +13,7 @@ from ..crypto.aio import CryptographyClient from .._client import _get_key_id +from .._enums import KeyCurveName, KeyExportEncryptionAlgorithm, KeyOperation from .._generated.models import KeyAttributes from .._shared._polling_async import AsyncDeleteRecoverPollingMethod from .._shared import AsyncKeyVaultClientBase @@ -19,6 +21,8 @@ DeletedKey, JsonWebKey, KeyProperties, + KeyReleasePolicy, + KeyRotationLifetimeAction, KeyRotationPolicy, KeyType, KeyVaultKey, @@ -105,7 +109,23 @@ def get_cryptography_client( ) @distributed_trace_async - async def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: Any) -> KeyVaultKey: + async def create_key( + self, + name: str, + key_type: Union[str, KeyType], + *, + size: Optional[int] = None, + curve: Optional[Union[str, KeyCurveName]] = None, + public_exponent: Optional[int] = None, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a key or, if ``name`` is already in use, create a new version of the key. Requires keys/create permission. @@ -123,7 +143,7 @@ async def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: A :keyword public_exponent: The RSA public exponent to use. Applies only to RSA keys created in a Managed HSM. :paramtype public_exponent: int or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword enabled: Whether the key is enabled for use. :paramtype enabled: bool or None :keyword tags: Application specific metadata in the form of key-value pairs. @@ -150,27 +170,23 @@ async def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: A :caption: Create a key :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - not_before = kwargs.pop("not_before", None) - expires_on = kwargs.pop("expires_on", None) - exportable = kwargs.pop("exportable", None) attributes = self._get_attributes( enabled=enabled, not_before=not_before, expires_on=expires_on, exportable=exportable ) - policy = kwargs.pop("release_policy", None) + policy = release_policy if policy is not None: policy = self._models.KeyReleasePolicy( encoded_policy=policy.encoded_policy, content_type=policy.content_type, immutable=policy.immutable ) parameters = self._models.KeyCreateParameters( kty=key_type, - key_size=kwargs.pop("size", None), + key_size=size, key_attributes=attributes, - key_ops=kwargs.pop("key_operations", None), - tags=kwargs.pop("tags", None), - curve=kwargs.pop("curve", None), - public_exponent=kwargs.pop("public_exponent", None), + key_ops=key_operations, + tags=tags, + curve=curve, + public_exponent=public_exponent, release_policy=policy, ) @@ -183,7 +199,22 @@ async def create_key(self, name: str, key_type: Union[str, KeyType], **kwargs: A return KeyVaultKey._from_key_bundle(bundle) @distributed_trace_async - async def create_rsa_key(self, name: str, **kwargs: Any) -> KeyVaultKey: + async def create_rsa_key( + self, + name: str, + *, + size: Optional[int] = None, + public_exponent: Optional[int] = None, + hardware_protected: Optional[bool] = False, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a new RSA key or, if ``name`` is already in use, create a new version of the key Requires the keys/create permission. @@ -198,7 +229,7 @@ async def create_rsa_key(self, name: str, **kwargs: Any) -> KeyVaultKey: Defaults to ``False``. :paramtype hardware_protected: bool or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword enabled: Whether the key is enabled for use. :paramtype enabled: bool or None :keyword tags: Application specific metadata in the form of key-value pairs. @@ -225,11 +256,37 @@ async def create_rsa_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :caption: Create RSA key :dedent: 8 """ - hsm = kwargs.pop("hardware_protected", False) - return await self.create_key(name, key_type="RSA-HSM" if hsm else "RSA", **kwargs) + return await self.create_key( + name, + key_type="RSA-HSM" if hardware_protected else "RSA", + size=size, + public_exponent=public_exponent, + key_operations=key_operations, + enabled=enabled, + tags=tags, + not_before=not_before, + expires_on=expires_on, + exportable=exportable, + release_policy=release_policy, + **kwargs, + ) @distributed_trace_async - async def create_ec_key(self, name: str, **kwargs: Any) -> KeyVaultKey: + async def create_ec_key( + self, + name: str, + *, + curve: Optional[Union[str, KeyCurveName]] = None, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + hardware_protected: Optional[bool] = False, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a new elliptic curve key or, if ``name`` is already in use, create a new version of the key. Requires the keys/create permission. @@ -239,7 +296,7 @@ async def create_ec_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :keyword curve: Elliptic curve name. Defaults to the NIST P-256 elliptic curve. :paramtype curve: ~azure.keyvault.keys.KeyCurveName or str or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword hardware_protected: Whether the key should be created in a hardware security module. Defaults to ``False``. :paramtype hardware_protected: bool or None @@ -269,11 +326,36 @@ async def create_ec_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :caption: Create an elliptic curve key :dedent: 8 """ - hsm = kwargs.pop("hardware_protected", False) - return await self.create_key(name, key_type="EC-HSM" if hsm else "EC", **kwargs) + return await self.create_key( + name, + key_type="EC-HSM" if hardware_protected else "EC", + curve=curve, + key_operations=key_operations, + enabled=enabled, + tags=tags, + not_before=not_before, + expires_on=expires_on, + exportable=exportable, + release_policy=release_policy, + **kwargs, + ) @distributed_trace_async - async def create_oct_key(self, name: str, **kwargs: Any) -> KeyVaultKey: + async def create_oct_key( + self, + name: str, + *, + size: Optional[int] = None, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + hardware_protected: Optional[bool] = False, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Create a new octet sequence (symmetric) key or, if ``name`` is in use, create a new version of the key. Requires the keys/create permission. @@ -283,7 +365,7 @@ async def create_oct_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :keyword size: Key size in bits, for example 128, 192, or 256. :paramtype size: int or None :keyword key_operations: Allowed key operations. - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword hardware_protected: Whether the key should be created in a hardware security module. Defaults to ``False``. :paramtype hardware_protected: bool or None @@ -313,8 +395,19 @@ async def create_oct_key(self, name: str, **kwargs: Any) -> KeyVaultKey: :caption: Create an octet sequence (symmetric) key :dedent: 8 """ - hsm = kwargs.pop("hardware_protected", False) - return await self.create_key(name, key_type="oct-HSM" if hsm else "oct", **kwargs) + return await self.create_key( + name, + key_type="oct-HSM" if hardware_protected else "oct", + size=size, + key_operations=key_operations, + enabled=enabled, + tags=tags, + not_before=not_before, + expires_on=expires_on, + exportable=exportable, + release_policy=release_policy, + **kwargs, + ) @distributed_trace_async async def delete_key(self, name: str, **kwargs: Any) -> DeletedKey: @@ -567,7 +660,19 @@ async def recover_deleted_key(self, name: str, **kwargs: Any) -> KeyVaultKey: return polling_method.resource() @distributed_trace_async - async def update_key_properties(self, name: str, version: Optional[str] = None, **kwargs: Any) -> KeyVaultKey: + async def update_key_properties( + self, + name: str, + version: Optional[str] = None, + *, + key_operations: Optional[List[Union[str, KeyOperation]]] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Change a key's properties (not its cryptographic material). Requires keys/update permission. @@ -577,7 +682,7 @@ async def update_key_properties(self, name: str, version: Optional[str] = None, :type version: str or None :keyword key_operations: Allowed key operations - :paramtype key_operations: list[~azure.keyvault.keys.KeyOperation or str] or None + :paramtype key_operations: List[~azure.keyvault.keys.KeyOperation or str] or None :keyword enabled: Whether the key is enabled for use. :paramtype enabled: bool or None :keyword tags: Application specific metadata in the form of key-value pairs. @@ -603,20 +708,17 @@ async def update_key_properties(self, name: str, version: Optional[str] = None, :caption: Update a key's attributes :dedent: 8 """ - enabled = kwargs.pop("enabled", None) - not_before = kwargs.pop("not_before", None) - expires_on = kwargs.pop("expires_on", None) attributes = self._get_attributes(enabled=enabled, not_before=not_before, expires_on=expires_on) - policy = kwargs.pop("release_policy", None) + policy = release_policy if policy is not None: policy = self._models.KeyReleasePolicy( content_type=policy.content_type, encoded_policy=policy.encoded_policy, immutable=policy.immutable ) parameters = self._models.KeyUpdateParameters( - key_ops=kwargs.pop("key_operations", None), + key_ops=key_operations, key_attributes=attributes, - tags=kwargs.pop("tags", None), + tags=tags, release_policy=policy, ) @@ -688,7 +790,20 @@ async def restore_key_backup(self, backup: bytes, **kwargs: Any) -> KeyVaultKey: return KeyVaultKey._from_key_bundle(bundle) @distributed_trace_async - async def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaultKey: + async def import_key( + self, + name: str, + key: JsonWebKey, + *, + hardware_protected: Optional[bool] = None, + enabled: Optional[bool] = None, + tags: Optional[Dict[str, str]] = None, + not_before: Optional[datetime] = None, + expires_on: Optional[datetime] = None, + exportable: Optional[bool] = None, + release_policy: Optional[KeyReleasePolicy] = None, + **kwargs: Any, + ) -> KeyVaultKey: """Import a key created externally. Requires keys/import permission. If ``name`` is already in use, the key will be imported as a new version. @@ -717,15 +832,11 @@ async def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaul :raises ~azure.core.exceptions.HttpResponseError: """ - enabled = kwargs.pop("enabled", None) - not_before = kwargs.pop("not_before", None) - expires_on = kwargs.pop("expires_on", None) - exportable = kwargs.pop("exportable", None) attributes = self._get_attributes( enabled=enabled, not_before=not_before, expires_on=expires_on, exportable=exportable ) - policy = kwargs.pop("release_policy", None) + policy = release_policy if policy is not None: policy = self._models.KeyReleasePolicy( content_type=policy.content_type, encoded_policy=policy.encoded_policy, immutable=policy.immutable @@ -733,8 +844,8 @@ async def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaul parameters = self._models.KeyImportParameters( key=key._to_generated_model(), key_attributes=attributes, - hsm=kwargs.pop("hardware_protected", None), - tags=kwargs.pop("tags", None), + hsm=hardware_protected, + tags=tags, release_policy=policy, ) @@ -744,7 +855,16 @@ async def import_key(self, name: str, key: JsonWebKey, **kwargs: Any) -> KeyVaul return KeyVaultKey._from_key_bundle(bundle) @distributed_trace_async - async def release_key(self, name: str, target_attestation_token: str, **kwargs: Any) -> ReleaseKeyResult: + async def release_key( + self, + name: str, + target_attestation_token: str, + *, + version: Optional[str] = None, + algorithm: Optional[Union[str, KeyExportEncryptionAlgorithm]] = None, + nonce: Optional[str] = None, + **kwargs: Any, + ) -> ReleaseKeyResult: """Releases a key. The release key operation is applicable to all key types. The target key must be marked @@ -765,15 +885,14 @@ async def release_key(self, name: str, target_attestation_token: str, **kwargs: :raises ~azure.core.exceptions.HttpResponseError: """ - version = kwargs.pop("version", None) result = await self._client.release( vault_base_url=self._vault_url, key_name=name, key_version=version or "", parameters=self._models.KeyReleaseParameters( target_attestation_token=target_attestation_token, - nonce=kwargs.pop("nonce", None), - enc=kwargs.pop("algorithm", None), + nonce=nonce, + enc=algorithm, ), **kwargs, ) @@ -837,7 +956,13 @@ async def rotate_key(self, name: str, **kwargs: Any) -> KeyVaultKey: @distributed_trace_async async def update_key_rotation_policy( - self, key_name: str, policy: KeyRotationPolicy, **kwargs: Any + self, + key_name: str, + policy: KeyRotationPolicy, + *, + lifetime_actions: Optional[List[KeyRotationLifetimeAction]] = None, + expires_in: Optional[str] = None, + **kwargs: Any, ) -> KeyRotationPolicy: """Updates the rotation policy of a Key Vault key. @@ -849,7 +974,7 @@ async def update_key_rotation_policy( :keyword lifetime_actions: Actions that will be performed by Key Vault over the lifetime of a key. This will override the lifetime actions of the provided ``policy``. - :paramtype lifetime_actions: list[~azure.keyvault.keys.KeyRotationLifetimeAction] + :paramtype lifetime_actions: List[~azure.keyvault.keys.KeyRotationLifetimeAction] :keyword str expires_in: The expiry time of the policy that will be applied on new key versions, defined as an ISO 8601 duration. For example: 90 days is "P90D", 3 months is "P3M", and 48 hours is "PT48H". See `Wikipedia `_ for more information on ISO 8601 durations. @@ -860,22 +985,22 @@ async def update_key_rotation_policy( :raises ~azure.core.exceptions.HttpResponseError: """ - lifetime_actions = kwargs.pop("lifetime_actions", policy.lifetime_actions) - if lifetime_actions: - lifetime_actions = [ + actions = lifetime_actions or policy.lifetime_actions + if actions: + actions = [ self._models.LifetimeActions( action=self._models.LifetimeActionsType(type=action.action), trigger=self._models.LifetimeActionsTrigger( time_after_create=action.time_after_create, time_before_expiry=action.time_before_expiry ), ) - for action in lifetime_actions + for action in actions ] - attributes = self._models.KeyRotationPolicyAttributes(expiry_time=kwargs.pop("expires_in", policy.expires_in)) - new_policy = self._models.KeyRotationPolicy(lifetime_actions=lifetime_actions or [], attributes=attributes) + attributes = self._models.KeyRotationPolicyAttributes(expiry_time=expires_in or policy.expires_in) + new_policy = self._models.KeyRotationPolicy(lifetime_actions=actions or [], attributes=attributes) result = await self._client.update_key_rotation_policy( - vault_base_url=self._vault_url, key_name=key_name, key_rotation_policy=new_policy + vault_base_url=self._vault_url, key_name=key_name, key_rotation_policy=new_policy, **kwargs ) return KeyRotationPolicy._from_generated(result) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index 56585ae8861d..c2d9ec60a201 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -143,7 +143,7 @@ def __init__(self, key: Union[KeyVaultKey, str], credential: TokenCredential, ** try: self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) self._initialized = True - except Exception as ex: # pylint:disable=broad-except + except Exception as ex: raise ValueError("The provided jwk is not valid for local cryptography") from ex else: self._local_provider = NoLocalCryptography() @@ -247,7 +247,15 @@ def create_rsa_public_key(self) -> KeyVaultRSAPublicKey: # pylint:disable=clien return KeyVaultRSAPublicKey(client=self, key_material=cast(JsonWebKey, self._key)) @distributed_trace - def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwargs: Any) -> EncryptResult: + def encrypt( + self, + algorithm: EncryptionAlgorithm, + plaintext: bytes, + *, + iv: Optional[bytes] = None, + additional_authenticated_data: Optional[bytes] = None, + **kwargs: Any, + ) -> EncryptResult: """Encrypt bytes using the client's key. Requires the keys/encrypt permission. This method encrypts only a single block of data, whose size depends on @@ -279,9 +287,9 @@ def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwargs: An :language: python :dedent: 8 """ - iv = kwargs.pop("iv", None) - aad = kwargs.pop("additional_authenticated_data", None) - _validate_arguments(operation=KeyOperation.encrypt, algorithm=algorithm, iv=iv, aad=aad) + _validate_arguments( + operation=KeyOperation.encrypt, algorithm=algorithm, iv=iv, aad=additional_authenticated_data + ) self._initialize(**kwargs) if self._local_provider.supports(KeyOperation.encrypt, algorithm): @@ -301,7 +309,9 @@ def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwargs: An vault_base_url=self._key_id.vault_url if self._key_id else None, key_name=self._key_id.name if self._key_id else None, key_version=self._key_id.version if self._key_id else None, - parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=plaintext, iv=iv, aad=aad), + parameters=self._models.KeyOperationsParameters( + algorithm=algorithm, value=plaintext, iv=iv, aad=additional_authenticated_data + ), **kwargs ) @@ -323,7 +333,16 @@ def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwargs: An ) @distributed_trace - def decrypt(self, algorithm: EncryptionAlgorithm, ciphertext: bytes, **kwargs: Any) -> DecryptResult: + def decrypt( + self, + algorithm: EncryptionAlgorithm, + ciphertext: bytes, + *, + iv: Optional[bytes] = None, + authentication_tag: Optional[bytes] = None, + additional_authenticated_data: Optional[bytes] = None, + **kwargs: Any, + ) -> DecryptResult: """Decrypt a single block of encrypted data using the client's key. Requires the keys/decrypt permission. This method decrypts only a single block of data, whose size depends on @@ -356,10 +375,13 @@ def decrypt(self, algorithm: EncryptionAlgorithm, ciphertext: bytes, **kwargs: A :language: python :dedent: 8 """ - iv = kwargs.pop("iv", None) - tag = kwargs.pop("authentication_tag", None) - aad = kwargs.pop("additional_authenticated_data", None) - _validate_arguments(operation=KeyOperation.decrypt, algorithm=algorithm, iv=iv, tag=tag, aad=aad) + _validate_arguments( + operation=KeyOperation.decrypt, + algorithm=algorithm, + iv=iv, + tag=authentication_tag, + aad=additional_authenticated_data, + ) self._initialize(**kwargs) if self._local_provider.supports(KeyOperation.decrypt, algorithm): @@ -379,7 +401,7 @@ def decrypt(self, algorithm: EncryptionAlgorithm, ciphertext: bytes, **kwargs: A key_name=self._key_id.name if self._key_id else None, key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters( - algorithm=algorithm, value=ciphertext, iv=iv, tag=tag, aad=aad + algorithm=algorithm, value=ciphertext, iv=iv, tag=authentication_tag, aad=additional_authenticated_data ), **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py index 29113a3f629d..e1325894bccc 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py @@ -132,7 +132,7 @@ def from_jwk(cls, jwk): else: key_impl = pub.public_key(default_backend()) - rsa_key._rsa_impl = key_impl # pylint:disable=protected-access + rsa_key._rsa_impl = key_impl return rsa_key diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py index 2c7db15b9d1b..d72dd505a1a2 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py @@ -9,7 +9,6 @@ from ... import KeyOperation, KeyType if TYPE_CHECKING: - # pylint:disable=unused-import from .local_provider import Algorithm from .._internal import Key from ... import JsonWebKey diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py index 2905ca61f558..6e0edd2f526c 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py @@ -14,7 +14,6 @@ ABC = abc.ABC if TYPE_CHECKING: - # pylint:disable=unused-import from .._internal.key import Key from .. import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm from ... import JsonWebKey diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py index 5b9f87d9ed9e..4394cc2a9b51 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py @@ -9,7 +9,6 @@ from ... import KeyOperation, KeyType if TYPE_CHECKING: - # pylint:disable=unused-import from .local_provider import Algorithm from .._internal import Key from ... import JsonWebKey diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py index 32899f716b6c..3a5f473b36c1 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py @@ -9,7 +9,6 @@ from ... import KeyOperation, KeyType if TYPE_CHECKING: - # pylint:disable=unused-import from .local_provider import Algorithm from .._internal import Key from ... import JsonWebKey diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 3ebf3f8f2a38..7f97068be30d 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -88,7 +88,7 @@ def __init__(self, key: Union[KeyVaultKey, str], credential: AsyncTokenCredentia try: self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) self._initialized = True - except Exception as ex: # pylint:disable=broad-except + except Exception as ex: raise ValueError("The provided jwk is not valid for local cryptography") from ex else: self._local_provider = NoLocalCryptography() @@ -166,7 +166,15 @@ async def _initialize(self, **kwargs: Any) -> None: self._initialized = self._keys_get_forbidden @distributed_trace_async - async def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwargs: Any) -> EncryptResult: + async def encrypt( + self, + algorithm: EncryptionAlgorithm, + plaintext: bytes, + *, + iv: Optional[bytes] = None, + additional_authenticated_data: Optional[bytes] = None, + **kwargs: Any, + ) -> EncryptResult: """Encrypt bytes using the client's key. Requires the keys/encrypt permission. This method encrypts only a single block of data, whose size depends on @@ -198,9 +206,9 @@ async def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwar :language: python :dedent: 8 """ - iv = kwargs.pop("iv", None) - aad = kwargs.pop("additional_authenticated_data", None) - _validate_arguments(operation=KeyOperation.encrypt, algorithm=algorithm, iv=iv, aad=aad) + _validate_arguments( + operation=KeyOperation.encrypt, algorithm=algorithm, iv=iv, aad=additional_authenticated_data + ) await self._initialize(**kwargs) if self._local_provider.supports(KeyOperation.encrypt, algorithm): @@ -220,7 +228,9 @@ async def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwar vault_base_url=self._key_id.vault_url if self._key_id else None, key_name=self._key_id.name if self._key_id else None, key_version=self._key_id.version if self._key_id else None, - parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=plaintext, iv=iv, aad=aad), + parameters=self._models.KeyOperationsParameters( + algorithm=algorithm, value=plaintext, iv=iv, aad=additional_authenticated_data + ), **kwargs ) @@ -242,7 +252,16 @@ async def encrypt(self, algorithm: EncryptionAlgorithm, plaintext: bytes, **kwar ) @distributed_trace_async - async def decrypt(self, algorithm: EncryptionAlgorithm, ciphertext: bytes, **kwargs: Any) -> DecryptResult: + async def decrypt( + self, + algorithm: EncryptionAlgorithm, + ciphertext: bytes, + *, + iv: Optional[bytes] = None, + authentication_tag: Optional[bytes] = None, + additional_authenticated_data: Optional[bytes] = None, + **kwargs: Any, + ) -> DecryptResult: """Decrypt a single block of encrypted data using the client's key. Requires the keys/decrypt permission. This method decrypts only a single block of data, whose size depends on @@ -275,10 +294,13 @@ async def decrypt(self, algorithm: EncryptionAlgorithm, ciphertext: bytes, **kwa :language: python :dedent: 8 """ - iv = kwargs.pop("iv", None) - tag = kwargs.pop("authentication_tag", None) - aad = kwargs.pop("additional_authenticated_data", None) - _validate_arguments(operation=KeyOperation.decrypt, algorithm=algorithm, iv=iv, tag=tag, aad=aad) + _validate_arguments( + operation=KeyOperation.decrypt, + algorithm=algorithm, + iv=iv, + tag=authentication_tag, + aad=additional_authenticated_data, + ) await self._initialize(**kwargs) if self._local_provider.supports(KeyOperation.decrypt, algorithm): @@ -298,7 +320,7 @@ async def decrypt(self, algorithm: EncryptionAlgorithm, ciphertext: bytes, **kwa key_name=self._key_id.name if self._key_id else None, key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters( - algorithm=algorithm, value=ciphertext, iv=iv, tag=tag, aad=aad + algorithm=algorithm, value=ciphertext, iv=iv, tag=authentication_tag, aad=additional_authenticated_data ), **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/__init__.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/__init__.py index b245cf4fdb00..4bcf3faed073 100644 --- a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/__init__.py +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/__init__.py @@ -45,7 +45,7 @@ def __init__( def parse_key_vault_id(source_id: str) -> KeyVaultResourceId: try: parsed_uri = parse.urlparse(source_id) - except Exception as exc: # pylint: disable=broad-except + except Exception as exc: raise ValueError(f"'{source_id}' is not a valid ID") from exc if not (parsed_uri.scheme and parsed_uri.hostname): raise ValueError(f"'{source_id}' is not a valid ID") diff --git a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_polling.py b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_polling.py index 672cf20faa0f..d4b83a0eca57 100644 --- a/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_polling.py +++ b/sdk/keyvault/azure-keyvault-secrets/azure/keyvault/secrets/_shared/_polling.py @@ -25,7 +25,6 @@ class KeyVaultOperationPoller(LROPoller): :type polling_method: ~azure.core.polling.PollingMethod """ - # pylint: disable=arguments-differ def __init__(self, polling_method: PollingMethod) -> None: super(KeyVaultOperationPoller, self).__init__(None, None, lambda *_: None, NoPolling()) self._polling_method = polling_method