From 0d1d7838100cdfc574dcbddd80912423190c4894 Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Thu, 2 Sep 2021 23:52:44 -0700 Subject: [PATCH 01/11] Fix errors in keyvault keys --- eng/tox/mypy_hard_failure_packages.py | 1 + .../azure/keyvault/keys/_client.py | 8 +- .../azure/keyvault/keys/_models.py | 83 ++++++++++--------- .../azure/keyvault/keys/_shared/_polling.py | 4 +- .../azure/keyvault/keys/crypto/_client.py | 75 +++++++++-------- .../keys/crypto/_internal/__init__.py | 4 +- .../keys/crypto/_internal/algorithm.py | 14 +++- .../keys/crypto/_internal/algorithms/sha_2.py | 11 ++- .../keyvault/keys/crypto/_internal/key.py | 14 +++- .../azure/keyvault/keys/crypto/_models.py | 38 ++++----- .../keys/crypto/_providers/__init__.py | 8 +- .../keyvault/keys/crypto/_providers/ec.py | 2 +- .../keys/crypto/_providers/local_provider.py | 16 ++-- .../keyvault/keys/crypto/_providers/rsa.py | 2 +- .../keys/crypto/_providers/symmetric.py | 2 +- .../azure/keyvault/keys/crypto/aio/_client.py | 74 +++++++++-------- sdk/keyvault/azure-keyvault-keys/mypy.ini | 7 ++ 17 files changed, 208 insertions(+), 155 deletions(-) create mode 100644 sdk/keyvault/azure-keyvault-keys/mypy.ini diff --git a/eng/tox/mypy_hard_failure_packages.py b/eng/tox/mypy_hard_failure_packages.py index b85c70560081..a781fe158f57 100644 --- a/eng/tox/mypy_hard_failure_packages.py +++ b/eng/tox/mypy_hard_failure_packages.py @@ -10,6 +10,7 @@ "azure-eventhub", "azure-identity", "azure-keyvault-administration", + "azure-keyvault-keys", "azure-servicebus", "azure-ai-textanalytics", "azure-ai-formrecognizer", diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py index 498d6afb32b2..abff877de306 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py @@ -4,6 +4,8 @@ # ------------------------------------ from functools import partial from azure.core.tracing.decorator import distributed_trace +from azure.core.polling import LROPoller +from azure.keyvault.keys import KeyType from ._shared import KeyVaultClientBase from ._shared.exceptions import error_map as _error_map @@ -55,7 +57,7 @@ def _get_attributes(self, enabled, not_before, expires_on, exportable=None): @distributed_trace def create_key(self, name, key_type, **kwargs): - # type: (str, Union[str, azure.keyvault.keys.KeyType], **Any) -> KeyVaultKey + # type: (str, Union[str, KeyType], **Any) -> KeyVaultKey """Create a key or, if ``name`` is already in use, create a new version of the key. Requires keys/create permission. @@ -242,7 +244,7 @@ def create_oct_key(self, name, **kwargs): @distributed_trace def begin_delete_key(self, name, **kwargs): - # type: (str, **Any) -> DeletedKey + # type: (str, **Any) -> LROPoller """Delete all versions of a key and its cryptographic material. Requires keys/delete permission. When this method returns Key Vault has begun deleting the key. Deletion may @@ -450,7 +452,7 @@ def purge_deleted_key(self, name, **kwargs): @distributed_trace def begin_recover_deleted_key(self, name, **kwargs): - # type: (str, **Any) -> KeyVaultKey + # type: (str, **Any) -> LROPoller """Recover a deleted key to its latest version. Possible only in a vault with soft-delete enabled. Requires keys/recover permission. diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py index 822cf9d420c6..67df6a9b7545 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py @@ -13,7 +13,7 @@ if TYPE_CHECKING: # pylint:disable=unused-import - from typing import Any, Dict, Optional + from typing import Any, Dict, Optional, List from datetime import datetime from ._generated.v7_0 import models as _models from ._enums import KeyOperation @@ -83,13 +83,15 @@ def _from_key_bundle(cls, key_bundle): """Construct a KeyProperties from an autorest-generated KeyBundle""" # release_policy was added in 7.3-preview release_policy = None - if hasattr(key_bundle, "release_policy") and key_bundle.release_policy is not None: + if (hasattr(key_bundle, "release_policy") and + key_bundle.release_policy is not None): # type: ignore[attr-defined] release_policy = KeyReleasePolicy( - data=key_bundle.release_policy.data, content_type=key_bundle.release_policy.content_type + data=key_bundle.release_policy.data, # type: ignore[attr-defined] + content_type=key_bundle.release_policy.content_type # type: ignore[attr-defined] ) return cls( - key_bundle.key.kid, + key_bundle.key.kid, # type: ignore attributes=key_bundle.attributes, managed=key_bundle.managed, tags=key_bundle.tags, @@ -100,7 +102,12 @@ def _from_key_bundle(cls, key_bundle): def _from_key_item(cls, key_item): # type: (_models.KeyItem) -> KeyProperties """Construct a KeyProperties from an autorest-generated KeyItem""" - return cls(key_id=key_item.kid, attributes=key_item.attributes, managed=key_item.managed, tags=key_item.tags) + return cls( + key_id=key_item.kid, # type: ignore + attributes=key_item.attributes, + managed=key_item.managed, + tags=key_item.tags + ) @property def id(self): @@ -122,57 +129,57 @@ def name(self): @property def version(self): - # type: () -> str + # type: () -> Optional[str] """The key's version - :rtype: str + :rtype: str or None """ return self._vault_id.version @property def enabled(self): - # type: () -> bool + # type: () -> Optional[bool] """Whether the key is enabled for use - :rtype: bool + :rtype: bool or None """ - return self._attributes.enabled + return self._attributes.enabled if self._attributes else None @property def not_before(self): - # type: () -> datetime + # type: () -> Optional[datetime] """The time before which the key can not be used, in UTC - :rtype: ~datetime.datetime + :rtype: ~datetime.datetime or None """ - return self._attributes.not_before + return self._attributes.not_before if self._attributes else None @property def expires_on(self): - # type: () -> datetime + # type: () -> Optional[datetime] """When the key will expire, in UTC - :rtype: ~datetime.datetime + :rtype: ~datetime.datetime or None """ - return self._attributes.expires + return self._attributes.expires if self._attributes else None @property def created_on(self): - # type: () -> datetime + # type: () -> Optional[datetime] """When the key was created, in UTC - :rtype: ~datetime.datetime + :rtype: ~datetime.datetime or None """ - return self._attributes.created + return self._attributes.created if self._attributes else None @property def updated_on(self): - # type: () -> datetime + # type: () -> Optional[datetime] """When the key was last updated, in UTC - :rtype: ~datetime.datetime + :rtype: ~datetime.datetime or None """ - return self._attributes.updated + return self._attributes.updated if self._attributes else None @property def vault_url(self): @@ -188,7 +195,7 @@ def recoverable_days(self): # type: () -> Optional[int] """The number of days the key is retained before being deleted from a soft-delete enabled Key Vault. - :rtype: int + :rtype: int or None """ # recoverable_days was added in 7.1-preview if self._attributes: @@ -197,12 +204,12 @@ def recoverable_days(self): @property def recovery_level(self): - # type: () -> str + # type: () -> Optional[str] """The vault's deletion recovery level for keys - :rtype: str + :rtype: str or None """ - return self._attributes.recovery_level + return self._attributes.recovery_level if self._attributes else None @property def tags(self): @@ -326,7 +333,7 @@ def _from_key_bundle(cls, key_bundle): """Construct a KeyVaultKey from an autorest-generated KeyBundle""" # pylint:disable=protected-access return cls( - key_id=key_bundle.key.kid, + key_id=key_bundle.key.kid, # type: ignore jwk={field: getattr(key_bundle.key, field, None) for field in JsonWebKey._FIELDS}, properties=KeyProperties._from_key_bundle(key_bundle), ) @@ -374,16 +381,18 @@ def key_type(self): :rtype: ~azure.keyvault.keys.KeyType or str """ - return self._key_material.kty # pylint:disable=no-member + # pylint:disable=no-member + return self._key_material.kty # type: ignore[attr-defined] @property def key_operations(self): - # type: () -> list[KeyOperation] + # type: () -> List[KeyOperation] """Permitted operations. See :class:`~azure.keyvault.keys.KeyOperation` for possible values. :rtype: list[~azure.keyvault.keys.KeyOperation or str] """ - return self._key_material.key_ops # pylint:disable=no-member + # pylint:disable=no-member + return self._key_material.key_ops # type: ignore[attr-defined] class KeyVaultKeyIdentifier(object): @@ -454,7 +463,7 @@ def _from_deleted_key_bundle(cls, deleted_key_bundle): # pylint:disable=protected-access return cls( properties=KeyProperties._from_key_bundle(deleted_key_bundle), - key_id=deleted_key_bundle.key.kid, + key_id=deleted_key_bundle.key.kid, # type: ignore jwk={field: getattr(deleted_key_bundle.key, field, None) for field in JsonWebKey._FIELDS}, deleted_date=deleted_key_bundle.deleted_date, recovery_id=deleted_key_bundle.recovery_id, @@ -475,28 +484,28 @@ def _from_deleted_key_item(cls, deleted_key_item): @property def deleted_date(self): - # type: () -> datetime + # type: () -> Optional[datetime] """When the key was deleted, in UTC - :rtype: ~datetime.datetime + :rtype: ~datetime.datetime or None """ return self._deleted_date @property def recovery_id(self): - # type: () -> str + # type: () -> Optional[str] """An identifier used to recover the deleted key. Returns ``None`` if soft-delete is disabled. - :rtype: str + :rtype: str or None """ return self._recovery_id @property def scheduled_purge_date(self): - # type: () -> datetime + # type: () -> Optional[datetime] """When the key is scheduled to be purged, in UTC. Returns ``None`` if soft-delete is disabled. - :rtype: ~datetime.datetime + :rtype: ~datetime.datetime or None """ return self._scheduled_purge_date diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py index df63ad0a70ec..ec1898453d81 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/_polling.py @@ -33,11 +33,11 @@ class KeyVaultOperationPoller(LROPoller): # pylint: disable=arguments-differ def __init__(self, polling_method): # type: (PollingMethod) -> None - super(KeyVaultOperationPoller, self).__init__(None, None, None, NoPolling()) + super(KeyVaultOperationPoller, self).__init__(None, None, lambda *_: None, NoPolling()) self._polling_method = polling_method # pylint: disable=arguments-differ - def result(self): + def result(self): # type: ignore # type: () -> Any """Returns a representation of the final resource without waiting for the operation to complete. diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index c577ae69c471..c2241973f46e 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -3,7 +3,7 @@ # Licensed under the MIT License. # ------------------------------------ import logging -from typing import TYPE_CHECKING +from typing import TYPE_CHECKING, cast import six from azure.core.exceptions import HttpResponseError @@ -112,7 +112,7 @@ def __init__(self, key, credential, **kwargs): self._key_id = None # type: Optional[KeyVaultResourceId] if isinstance(key, KeyVaultKey): - self._key = key.key + self._key = key.key # type: Union[JsonWebKey, KeyVaultKey, str, None] self._key_id = parse_key_vault_id(key.id) if key.properties._attributes: # pylint:disable=protected-access self._not_before = key.properties.not_before @@ -126,12 +126,12 @@ def __init__(self, key, credential, **kwargs): else: raise ValueError("'key' must be a KeyVaultKey instance or a key ID string including a version") - if not (self._jwk or self._key_id.version): + if not (self._jwk or self._key_id.version if self._key_id else None): raise ValueError("'key' must include a version") if self._jwk: try: - self._local_provider = get_local_cryptography_provider(self._key) + self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) self._initialized = True except Exception as ex: # pylint:disable=broad-except six.raise_from(ValueError("The provided jwk is not valid for local cryptography"), ex) @@ -139,7 +139,7 @@ def __init__(self, key, credential, **kwargs): self._local_provider = NoLocalCryptography() self._initialized = False - self._vault_url = None if self._jwk else self._key_id.vault_url + self._vault_url = None if self._jwk else self._key_id.vault_url if self._key_id else None # type: ignore super(CryptographyClient, self).__init__( vault_url=self._vault_url or "vault_url", credential=credential, **kwargs ) @@ -154,11 +154,11 @@ def key_id(self): :rtype: str or None """ if not self._jwk: - return self._key_id.source_id - return self._key.kid + return self._key_id.source_id if self._key_id else None + return cast(JsonWebKey,self._key).kid # type: ignore[attr-defined] @property - def vault_url(self): + def vault_url(self): # type: ignore # type: () -> Optional[str] """The base vault URL of the client's key. @@ -179,7 +179,7 @@ def from_jwk(cls, jwk): """ if not isinstance(jwk, JsonWebKey): jwk = JsonWebKey(**jwk) - return cls(jwk, object(), _jwk=True) + return cls(jwk, object(), _jwk=True) # type: ignore @distributed_trace def _initialize(self, **kwargs): @@ -191,7 +191,10 @@ def _initialize(self, **kwargs): if not (self._key or self._keys_get_forbidden): try: key_bundle = self._client.get_key( - self._key_id.vault_url, self._key_id.name, self._key_id.version, **kwargs + self._key_id.vault_url if self._key_id else None, + self._key_id.name if self._key_id else None, + self._key_id.version if self._key_id else None, + **kwargs ) self._key = KeyVaultKey._from_key_bundle(key_bundle).key # pylint:disable=protected-access except HttpResponseError as ex: @@ -201,11 +204,11 @@ def _initialize(self, **kwargs): # if we have the key material, create a local crypto provider with it if self._key: - self._local_provider = get_local_cryptography_provider(self._key) + self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) self._initialized = True else: # try to get the key again next time unless we know we're forbidden to do so - self._initialized = self._keys_get_forbidden + self._initialized = False if self._keys_get_forbidden else True @distributed_trace def encrypt(self, algorithm, plaintext, **kwargs): @@ -250,17 +253,17 @@ def encrypt(self, algorithm, plaintext, **kwargs): ) operation_result = self._client.encrypt( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=plaintext, iv=iv, aad=aad), **kwargs ) return EncryptResult( - key_id=self.key_id, algorithm=algorithm, ciphertext=operation_result.result, + key_id=self.key_id, iv=operation_result.iv, authentication_tag=operation_result.authentication_tag, additional_authenticated_data=operation_result.additional_authenticated_data, @@ -311,16 +314,16 @@ def decrypt(self, algorithm, ciphertext, **kwargs): ) operation_result = self._client.decrypt( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters( algorithm=algorithm, value=ciphertext, iv=iv, tag=tag, aad=aad ), **kwargs ) - return DecryptResult(key_id=self.key_id, algorithm=algorithm, plaintext=operation_result.result) + return DecryptResult(algorithm=algorithm, plaintext=operation_result.result, key_id=self.key_id) @distributed_trace def wrap_key(self, algorithm, key, **kwargs): @@ -356,14 +359,14 @@ def wrap_key(self, algorithm, key, **kwargs): ) operation_result = self._client.wrap_key( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=key), **kwargs ) - return WrapResult(key_id=self.key_id, algorithm=algorithm, encrypted_key=operation_result.result) + return WrapResult(algorithm=algorithm, encrypted_key=operation_result.result, key_id=self.key_id) @distributed_trace def unwrap_key(self, algorithm, encrypted_key, **kwargs): @@ -398,13 +401,13 @@ def unwrap_key(self, algorithm, encrypted_key, **kwargs): ) operation_result = self._client.unwrap_key( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=encrypted_key), **kwargs ) - return UnwrapResult(key_id=self.key_id, algorithm=algorithm, key=operation_result.result) + return UnwrapResult(algorithm=algorithm, key=operation_result.result, key_id=self.key_id) @distributed_trace def sign(self, algorithm, digest, **kwargs): @@ -440,14 +443,14 @@ def sign(self, algorithm, digest, **kwargs): ) operation_result = self._client.sign( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeySignParameters(algorithm=algorithm, value=digest), **kwargs ) - return SignResult(key_id=self.key_id, algorithm=algorithm, signature=operation_result.result) + return SignResult(algorithm=algorithm, signature=operation_result.result, key_id=self.key_id) @distributed_trace def verify(self, algorithm, digest, signature, **kwargs): @@ -484,11 +487,11 @@ def verify(self, algorithm, digest, signature, **kwargs): ) operation_result = self._client.verify( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature), **kwargs ) - return VerifyResult(key_id=self.key_id, algorithm=algorithm, is_valid=operation_result.value) + return VerifyResult(algorithm=algorithm, is_valid=operation_result.value, key_id=self.key_id) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/__init__.py index 942edd662580..880d4cdeb7ae 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/__init__.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/__init__.py @@ -15,7 +15,7 @@ from .symmetric_key import SymmetricKey from .transform import CryptoTransform, BlockCryptoTransform, AuthenticatedCryptoTransform, SignatureTransform -__all__ = { +__all__ = [ "Key", "EllipticCurveKey", "RsaKey", @@ -29,4 +29,4 @@ "AuthenticatedSymmetricEncryptionAlgorithm", "SignatureTransform", "SymmetricKey", -} +] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py index 7270b14ff43c..8b9fff47558a 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py @@ -4,11 +4,21 @@ # ------------------------------------ from abc import abstractmethod +try: + from typing import TYPE_CHECKING +except ImportError: + TYPE_CHECKING = False + +if TYPE_CHECKING: + # pylint:disable=unused-import + from typing import Optional, Union, Type + from cryptography.hazmat.primitives import hashes + _alg_registry = {} class Algorithm(object): - _name = None + _name = None # type: Optional[str] @classmethod def name(cls): @@ -56,7 +66,7 @@ def create_decryptor(self, key, iv, auth_data, auth_tag): class SignatureAlgorithm(Algorithm): - _default_hash_algorithm = None + _default_hash_algorithm = None # type: Union[hashes.SHA256, hashes.SHA384, hashes.SHA512, None] @property def default_hash_algorithm(self): diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/sha_2.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/sha_2.py index c6656b0493c5..18b4838afeba 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/sha_2.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/sha_2.py @@ -8,6 +8,15 @@ from ..algorithm import HashAlgorithm from ..transform import DigestTransform +try: + from typing import TYPE_CHECKING +except ImportError: + TYPE_CHECKING = False + +if TYPE_CHECKING: + # pylint:disable=unused-import + from typing import Union, Type + class _Sha2DigestTransform(DigestTransform): def __init__(self, algorithm): @@ -23,7 +32,7 @@ def finalize(self, data): class _Sha2HashAlgorithm(HashAlgorithm): - _algorithm_cls = None + _algorithm_cls = None # type: Union[Type[hashes.SHA256], Type[hashes.SHA384], Type[hashes.SHA512], None] def create_digest(self): return _Sha2DigestTransform(self._algorithm_cls()) # pylint:disable=not-callable diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/key.py index a593279bb2d7..2a04602ba8f1 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/key.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/key.py @@ -7,11 +7,19 @@ from six import with_metaclass from .algorithm import Algorithm +try: + from typing import TYPE_CHECKING +except ImportError: + TYPE_CHECKING = False + +if TYPE_CHECKING: + # pylint:disable=unused-import + from typing import Any, FrozenSet class Key(with_metaclass(ABCMeta, object)): - _supported_encryption_algorithms = [] - _supported_key_wrap_algorithms = [] - _supported_signature_algorithms = [] + _supported_encryption_algorithms = frozenset([]) # type: FrozenSet[Any] + _supported_key_wrap_algorithms = frozenset([]) # type: FrozenSet[Any] + _supported_signature_algorithms = frozenset([]) # type: FrozenSet[Any] def __init__(self): self._kid = None diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py index 61fe89865625..84ed1c1806ff 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py @@ -6,7 +6,7 @@ if TYPE_CHECKING: from . import EncryptionAlgorithm, KeyWrapAlgorithm, SignatureAlgorithm - from typing import Any + from typing import Any, Optional class DecryptResult: @@ -18,11 +18,11 @@ class DecryptResult: :param bytes plaintext: The decrypted bytes """ - def __init__(self, key_id, algorithm, plaintext): - # type: (str, EncryptionAlgorithm, bytes) -> None - self.key_id = key_id + def __init__(self, algorithm, plaintext, key_id = None): + # type: (EncryptionAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.plaintext = plaintext + self.key_id = key_id class EncryptResult: @@ -39,11 +39,11 @@ class EncryptResult: authenticated algorithm """ - def __init__(self, key_id, algorithm, ciphertext, **kwargs): - # type: (str, EncryptionAlgorithm, bytes, **Any) -> None - self.key_id = key_id + def __init__(self, algorithm, ciphertext, key_id=None, **kwargs): + # type: (EncryptionAlgorithm, bytes, Optional[str], **Any) -> None self.algorithm = algorithm self.ciphertext = ciphertext + self.key_id = key_id self.iv = kwargs.pop("iv", None) self.tag = kwargs.pop("authentication_tag", None) self.aad = kwargs.pop("additional_authenticated_data", None) @@ -58,11 +58,11 @@ class SignResult: :param bytes signature: """ - def __init__(self, key_id, algorithm, signature): - # type: (str, SignatureAlgorithm, bytes) -> None - self.key_id = key_id + def __init__(self, algorithm, signature, key_id = None): + # type: (SignatureAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.signature = signature + self.key_id = key_id class VerifyResult: @@ -74,11 +74,11 @@ class VerifyResult: :type algorithm: ~azure.keyvault.keys.crypto.SignatureAlgorithm """ - def __init__(self, key_id, is_valid, algorithm): - # type: (str, bool, SignatureAlgorithm) -> None - self.key_id = key_id + def __init__(self, is_valid, algorithm, key_id = None): + # type: (bool, SignatureAlgorithm, Optional[str]) -> None self.is_valid = is_valid self.algorithm = algorithm + self.key_id = key_id class UnwrapResult: @@ -90,11 +90,11 @@ class UnwrapResult: :param bytes key: The unwrapped key """ - def __init__(self, key_id, algorithm, key): - # type: (str, KeyWrapAlgorithm, bytes) -> None - self.key_id = key_id + def __init__(self, algorithm, key, key_id = None): + # type: (KeyWrapAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.key = key + self.key_id = key_id class WrapResult: @@ -106,8 +106,8 @@ class WrapResult: :param bytes encrypted_key: The encrypted key bytes """ - def __init__(self, key_id, algorithm, encrypted_key): - # type: (str, KeyWrapAlgorithm, bytes) -> None - self.key_id = key_id + def __init__(self, algorithm, encrypted_key, key_id = None): + # type: (KeyWrapAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.encrypted_key = encrypted_key + self.key_id = key_id diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/__init__.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/__init__.py index f13ec67b4dba..1ff9652740e7 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/__init__.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/__init__.py @@ -16,14 +16,14 @@ def get_local_cryptography_provider(key): # type: (JsonWebKey) -> LocalCryptographyProvider - if key.kty in (KeyType.ec, KeyType.ec_hsm): + if key.kty in (KeyType.ec, KeyType.ec_hsm): # type: ignore[attr-defined] return EllipticCurveCryptographyProvider(key) - if key.kty in (KeyType.rsa, KeyType.rsa_hsm): + if key.kty in (KeyType.rsa, KeyType.rsa_hsm): # type: ignore[attr-defined] return RsaCryptographyProvider(key) - if key.kty in (KeyType.oct, KeyType.oct_hsm): + if key.kty in (KeyType.oct, KeyType.oct_hsm): # type: ignore[attr-defined] return SymmetricCryptographyProvider(key) - raise ValueError('Unsupported key type "{}"'.format(key.kty)) + raise ValueError('Unsupported key type "{}"'.format(key.kty)) # type: ignore[attr-defined] class NoLocalCryptography(LocalCryptographyProvider): diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py index e415474c90ae..5b2957062727 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/ec.py @@ -20,7 +20,7 @@ class EllipticCurveCryptographyProvider(LocalCryptographyProvider): def _get_internal_key(self, key): # type: (JsonWebKey) -> Key - if key.kty not in (KeyType.ec, KeyType.ec_hsm): + if key.kty not in (KeyType.ec, KeyType.ec_hsm): # type: ignore[attr-defined] raise ValueError('"key" must be an EC or EC-HSM key') return EllipticCurveKey.from_jwk(key) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py index 504ff0ae8828..710914af4058 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py @@ -28,7 +28,7 @@ class LocalCryptographyProvider(ABC): def __init__(self, key): # type: (JsonWebKey) -> None - self._allowed_ops = frozenset(key.key_ops or []) + self._allowed_ops = frozenset(key.key_ops or []) # type: ignore[attr-defined] self._internal_key = self._get_internal_key(key) self._key = key @@ -49,7 +49,7 @@ def key_id(self): :rtype: str or None """ - return self._key.kid + return self._key.kid # type: ignore[attr-defined] def _raise_if_unsupported(self, operation, algorithm): # type: (KeyOperation, Algorithm) -> None @@ -64,34 +64,34 @@ def encrypt(self, algorithm, plaintext, iv=None): # type: (EncryptionAlgorithm, bytes, Optional[bytes]) -> EncryptResult self._raise_if_unsupported(KeyOperation.encrypt, algorithm) ciphertext = self._internal_key.encrypt(plaintext, algorithm=algorithm.value, iv=iv) - return EncryptResult(key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv) + return EncryptResult(key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv) # type: ignore[attr-defined] def decrypt(self, algorithm, ciphertext, iv=None): # type: (EncryptionAlgorithm, bytes, Optional[bytes]) -> DecryptResult self._raise_if_unsupported(KeyOperation.decrypt, algorithm) plaintext = self._internal_key.decrypt(ciphertext, iv=iv, algorithm=algorithm.value) - return DecryptResult(key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext) + return DecryptResult(key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext) # type: ignore[attr-defined] def wrap_key(self, algorithm, key): # type: (KeyWrapAlgorithm, bytes) -> WrapResult self._raise_if_unsupported(KeyOperation.wrap_key, algorithm) encrypted_key = self._internal_key.wrap_key(key, algorithm=algorithm.value) - return WrapResult(key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key) + return WrapResult(key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key) # type: ignore[attr-defined] def unwrap_key(self, algorithm, encrypted_key): # type: (KeyWrapAlgorithm, bytes) -> UnwrapResult self._raise_if_unsupported(KeyOperation.unwrap_key, algorithm) unwrapped_key = self._internal_key.unwrap_key(encrypted_key, algorithm=algorithm.value) - return UnwrapResult(key_id=self._key.kid, algorithm=algorithm, key=unwrapped_key) + return UnwrapResult(key_id=self._key.kid, algorithm=algorithm, key=unwrapped_key) # type: ignore[attr-defined] def sign(self, algorithm, digest): # type: (SignatureAlgorithm, bytes) -> SignResult self._raise_if_unsupported(KeyOperation.sign, algorithm) signature = self._internal_key.sign(digest, algorithm=algorithm.value) - return SignResult(key_id=self._key.kid, algorithm=algorithm, signature=signature) + return SignResult(key_id=self._key.kid, algorithm=algorithm, signature=signature) # type: ignore[attr-defined] def verify(self, algorithm, digest, signature): # type: (SignatureAlgorithm, bytes, bytes) -> VerifyResult self._raise_if_unsupported(KeyOperation.verify, algorithm) is_valid = self._internal_key.verify(digest, signature, algorithm=algorithm.value) - return VerifyResult(key_id=self._key.kid, algorithm=algorithm, is_valid=is_valid) + return VerifyResult(key_id=self._key.kid, algorithm=algorithm, is_valid=is_valid) # type: ignore[attr-defined] diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py index 3498072db217..292e6bba4c97 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/rsa.py @@ -20,7 +20,7 @@ class RsaCryptographyProvider(LocalCryptographyProvider): def _get_internal_key(self, key): # type: (JsonWebKey) -> Key - if key.kty not in (KeyType.rsa, KeyType.rsa_hsm): + if key.kty not in (KeyType.rsa, KeyType.rsa_hsm): # type: ignore[attr-defined] raise ValueError('"key" must be an RSA or RSA-HSM key') return RsaKey.from_jwk(key) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py index 73a07f296a6a..729377acab7b 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/symmetric.py @@ -18,7 +18,7 @@ class SymmetricCryptographyProvider(LocalCryptographyProvider): def _get_internal_key(self, key): # type: (JsonWebKey) -> Key - if key.kty not in (KeyType.oct, KeyType.oct_hsm): + if key.kty not in (KeyType.oct, KeyType.oct_hsm): # type: ignore[attr-defined] raise ValueError('"key" must be an oct or oct-HSM (symmetric) key') return SymmetricKey.from_jwk(key) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index ffda9d3d06f8..719b33192ce0 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -3,7 +3,7 @@ # Licensed under the MIT License. # ------------------------------------ import logging -from typing import TYPE_CHECKING +from typing import TYPE_CHECKING, cast from azure.core.exceptions import HttpResponseError from azure.core.tracing.decorator_async import distributed_trace_async @@ -61,7 +61,7 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden self._key_id = None # type: Optional[KeyVaultResourceId] if isinstance(key, KeyVaultKey): - self._key = key.key + self._key = key.key # type: Union[JsonWebKey, KeyVaultKey, str, None] self._key_id = parse_key_vault_id(key.id) if key.properties._attributes: # pylint:disable=protected-access self._not_before = key.properties.not_before @@ -75,12 +75,13 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden else: raise ValueError("'key' must be a KeyVaultKey instance or a key ID string including a version") - if not (self._jwk or self._key_id.version): + if not (self._jwk or self._key_id.version if self._key_id else None): raise ValueError("'key' must include a version") + self._initialized = None # type: Optional[bool] if self._jwk: try: - self._local_provider = get_local_cryptography_provider(self._key) + self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) self._initialized = True except Exception as ex: # pylint:disable=broad-except raise ValueError("The provided jwk is not valid for local cryptography") from ex @@ -88,7 +89,7 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden self._local_provider = NoLocalCryptography() self._initialized = False - self._vault_url = None if self._jwk else self._key_id.vault_url + self._vault_url = None if self._jwk else self._key_id.vault_url # type: ignore super().__init__(vault_url=self._vault_url or "vault_url", credential=credential, **kwargs) @property @@ -100,11 +101,11 @@ def key_id(self) -> "Optional[str]": :rtype: str or None """ if not self._jwk: - return self._key_id.source_id - return self._key.kid + return self._key_id.source_id if self._key_id else None + return cast(JsonWebKey,self._key).kid # type: ignore[attr-defined] @property - def vault_url(self) -> "Optional[str]": + def vault_url(self) -> "Optional[str]": # type: ignore """The base vault URL of the client's key. This property may be None when a client is constructed with :func:`from_jwk`. @@ -123,7 +124,7 @@ def from_jwk(cls, jwk: "Union[JsonWebKey, dict]") -> "CryptographyClient": """ if not isinstance(jwk, JsonWebKey): jwk = JsonWebKey(**jwk) - return cls(jwk, object(), _jwk=True) + return cls(jwk, object(), _jwk=True) # type: ignore @distributed_trace_async async def _initialize(self, **kwargs): @@ -135,7 +136,10 @@ async def _initialize(self, **kwargs): if not (self._key or self._keys_get_forbidden): try: key_bundle = await self._client.get_key( - self._key_id.vault_url, self._key_id.name, self._key_id.version, **kwargs + self._key_id.vault_url if self._key_id else None, + self._key_id.name if self._key_id else None, + self._key_id.version if self._key_id else None, + **kwargs ) self._key = KeyVaultKey._from_key_bundle(key_bundle).key # pylint:disable=protected-access except HttpResponseError as ex: @@ -145,7 +149,7 @@ async def _initialize(self, **kwargs): # if we have the key material, create a local crypto provider with it if self._key: - self._local_provider = get_local_cryptography_provider(self._key) + self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) self._initialized = True else: # try to get the key again next time unless we know we're forbidden to do so @@ -193,17 +197,17 @@ async def encrypt(self, algorithm: "EncryptionAlgorithm", plaintext: bytes, **kw ) operation_result = await self._client.encrypt( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=plaintext, iv=iv, aad=aad), **kwargs ) return EncryptResult( - key_id=self.key_id, algorithm=algorithm, ciphertext=operation_result.result, + key_id=self.key_id, iv=operation_result.iv, authentication_tag=operation_result.authentication_tag, additional_authenticated_data=operation_result.additional_authenticated_data, @@ -253,16 +257,16 @@ async def decrypt(self, algorithm: "EncryptionAlgorithm", ciphertext: bytes, **k ) operation_result = await self._client.decrypt( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters( algorithm=algorithm, value=ciphertext, iv=iv, tag=tag, aad=aad ), **kwargs ) - return DecryptResult(key_id=self.key_id, algorithm=algorithm, plaintext=operation_result.result) + return DecryptResult(algorithm=algorithm, plaintext=operation_result.result, key_id=self.key_id) @distributed_trace_async async def wrap_key(self, algorithm: "KeyWrapAlgorithm", key: bytes, **kwargs: "Any") -> WrapResult: @@ -297,14 +301,14 @@ async def wrap_key(self, algorithm: "KeyWrapAlgorithm", key: bytes, **kwargs: "A ) operation_result = await self._client.wrap_key( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=key), **kwargs ) - return WrapResult(key_id=self.key_id, algorithm=algorithm, encrypted_key=operation_result.result) + return WrapResult(algorithm=algorithm, encrypted_key=operation_result.result, key_id=self.key_id) @distributed_trace_async async def unwrap_key(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, **kwargs: "Any") -> UnwrapResult: @@ -338,14 +342,14 @@ async def unwrap_key(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, ) operation_result = await self._client.unwrap_key( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=encrypted_key), **kwargs ) - return UnwrapResult(key_id=self._key_id, algorithm=algorithm, key=operation_result.result) + return UnwrapResult(algorithm=algorithm, key=operation_result.result, key_id=self.key_id) @distributed_trace_async async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: "Any") -> SignResult: @@ -380,14 +384,14 @@ async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: " ) operation_result = await self._client.sign( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeySignParameters(algorithm=algorithm, value=digest), **kwargs ) - return SignResult(key_id=self.key_id, algorithm=algorithm, signature=operation_result.result) + return SignResult(algorithm=algorithm, signature=operation_result.result, key_id=self.key_id) @distributed_trace_async async def verify( @@ -425,11 +429,11 @@ async def verify( ) operation_result = await self._client.verify( - vault_base_url=self._key_id.vault_url, - key_name=self._key_id.name, - key_version=self._key_id.version, + vault_base_url=self._key_id.vault_url if self._key_id else None, + key_name=self._key_id.name if self._key_id else None, + key_version=self._key_id.version if self._key_id else None, parameters=self._models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature), **kwargs ) - return VerifyResult(key_id=self.key_id, algorithm=algorithm, is_valid=operation_result.value) + return VerifyResult(algorithm=algorithm, is_valid=operation_result.value, key_id=self.key_id) diff --git a/sdk/keyvault/azure-keyvault-keys/mypy.ini b/sdk/keyvault/azure-keyvault-keys/mypy.ini new file mode 100644 index 000000000000..18b37b44c426 --- /dev/null +++ b/sdk/keyvault/azure-keyvault-keys/mypy.ini @@ -0,0 +1,7 @@ +[mypy] +python_version = 3.6 +warn_unused_configs = True +ignore_missing_imports = True + +[mypy-azure.keyvault.*._generated.*] +ignore_errors = True From cd1edb3453a7f28ad60aa062d2bb5a15242761ac Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Tue, 7 Sep 2021 10:33:57 -0700 Subject: [PATCH 02/11] Run pylint --- .../azure/keyvault/keys/crypto/_client.py | 2 +- .../azure/keyvault/keys/crypto/_models.py | 10 +++++----- .../keyvault/keys/crypto/_providers/local_provider.py | 9 ++++++--- .../azure/keyvault/keys/crypto/aio/_client.py | 2 +- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index c2241973f46e..2cf245830b1e 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -155,7 +155,7 @@ def key_id(self): """ if not self._jwk: return self._key_id.source_id if self._key_id else None - return cast(JsonWebKey,self._key).kid # type: ignore[attr-defined] + return cast(JsonWebKey, self._key).kid # type: ignore[attr-defined] @property def vault_url(self): # type: ignore diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py index 84ed1c1806ff..b98774ab2bdd 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py @@ -18,7 +18,7 @@ class DecryptResult: :param bytes plaintext: The decrypted bytes """ - def __init__(self, algorithm, plaintext, key_id = None): + def __init__(self, algorithm, plaintext, key_id=None): # type: (EncryptionAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.plaintext = plaintext @@ -58,7 +58,7 @@ class SignResult: :param bytes signature: """ - def __init__(self, algorithm, signature, key_id = None): + def __init__(self, algorithm, signature, key_id=None): # type: (SignatureAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.signature = signature @@ -74,7 +74,7 @@ class VerifyResult: :type algorithm: ~azure.keyvault.keys.crypto.SignatureAlgorithm """ - def __init__(self, is_valid, algorithm, key_id = None): + def __init__(self, is_valid, algorithm, key_id=None): # type: (bool, SignatureAlgorithm, Optional[str]) -> None self.is_valid = is_valid self.algorithm = algorithm @@ -90,7 +90,7 @@ class UnwrapResult: :param bytes key: The unwrapped key """ - def __init__(self, algorithm, key, key_id = None): + def __init__(self, algorithm, key, key_id=None): # type: (KeyWrapAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.key = key @@ -106,7 +106,7 @@ class WrapResult: :param bytes encrypted_key: The encrypted key bytes """ - def __init__(self, algorithm, encrypted_key, key_id = None): + def __init__(self, algorithm, encrypted_key, key_id=None): # type: (KeyWrapAlgorithm, bytes, Optional[str]) -> None self.algorithm = algorithm self.encrypted_key = encrypted_key diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py index 710914af4058..5d0959af9ce6 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py @@ -64,19 +64,22 @@ def encrypt(self, algorithm, plaintext, iv=None): # type: (EncryptionAlgorithm, bytes, Optional[bytes]) -> EncryptResult self._raise_if_unsupported(KeyOperation.encrypt, algorithm) ciphertext = self._internal_key.encrypt(plaintext, algorithm=algorithm.value, iv=iv) - return EncryptResult(key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv) # type: ignore[attr-defined] + return EncryptResult( + key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv) # type: ignore[attr-defined] def decrypt(self, algorithm, ciphertext, iv=None): # type: (EncryptionAlgorithm, bytes, Optional[bytes]) -> DecryptResult self._raise_if_unsupported(KeyOperation.decrypt, algorithm) plaintext = self._internal_key.decrypt(ciphertext, iv=iv, algorithm=algorithm.value) - return DecryptResult(key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext) # type: ignore[attr-defined] + return DecryptResult( + key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext) # type: ignore[attr-defined] def wrap_key(self, algorithm, key): # type: (KeyWrapAlgorithm, bytes) -> WrapResult self._raise_if_unsupported(KeyOperation.wrap_key, algorithm) encrypted_key = self._internal_key.wrap_key(key, algorithm=algorithm.value) - return WrapResult(key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key) # type: ignore[attr-defined] + return WrapResult( + key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key) # type: ignore[attr-defined] def unwrap_key(self, algorithm, encrypted_key): # type: (KeyWrapAlgorithm, bytes) -> UnwrapResult diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 719b33192ce0..52c70d912e23 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -102,7 +102,7 @@ def key_id(self) -> "Optional[str]": """ if not self._jwk: return self._key_id.source_id if self._key_id else None - return cast(JsonWebKey,self._key).kid # type: ignore[attr-defined] + return cast(JsonWebKey, self._key).kid # type: ignore[attr-defined] @property def vault_url(self) -> "Optional[str]": # type: ignore From 76c681cbfc588ee34cf016771555a6e8d7bf6c39 Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Tue, 7 Sep 2021 11:27:10 -0700 Subject: [PATCH 03/11] Run pylint --- .../azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index 2cf245830b1e..d0c18330bd6e 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -208,7 +208,7 @@ def _initialize(self, **kwargs): self._initialized = True else: # try to get the key again next time unless we know we're forbidden to do so - self._initialized = False if self._keys_get_forbidden else True + self._initialized = not self._keys_get_forbidden @distributed_trace def encrypt(self, algorithm, plaintext, **kwargs): From 3f9aa4481179e3bf762ff48399302242cefb516d Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Tue, 7 Sep 2021 12:15:26 -0700 Subject: [PATCH 04/11] Run pylint --- .../azure-keyvault-keys/azure/keyvault/keys/_models.py | 4 ++-- .../azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py | 4 ++-- .../azure/keyvault/keys/crypto/aio/_client.py | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py index 67df6a9b7545..6a127ced8283 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py @@ -16,7 +16,7 @@ from typing import Any, Dict, Optional, List from datetime import datetime from ._generated.v7_0 import models as _models - from ._enums import KeyOperation + from ._enums import KeyOperation, KeyType KeyOperationResult = namedtuple("KeyOperationResult", ["id", "value"]) @@ -376,7 +376,7 @@ def key(self): @property def key_type(self): - # type: () -> str + # type: () -> KeyType """The key's type. See :class:`~azure.keyvault.keys.KeyType` for possible values. :rtype: ~azure.keyvault.keys.KeyType or str diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index d0c18330bd6e..9f90610350f3 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -120,7 +120,7 @@ def __init__(self, key, credential, **kwargs): elif isinstance(key, six.string_types): self._key = None self._key_id = parse_key_vault_id(key) - self._keys_get_forbidden = None # type: Optional[bool] + self._keys_get_forbidden = False elif self._jwk: self._key = key else: @@ -208,7 +208,7 @@ def _initialize(self, **kwargs): self._initialized = True else: # try to get the key again next time unless we know we're forbidden to do so - self._initialized = not self._keys_get_forbidden + self._initialized = self._keys_get_forbidden @distributed_trace def encrypt(self, algorithm, plaintext, **kwargs): diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 52c70d912e23..54be077e306b 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -69,7 +69,7 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden elif isinstance(key, str): self._key = None self._key_id = parse_key_vault_id(key) - self._keys_get_forbidden = None # type: Optional[bool] + self._keys_get_forbidden = False elif self._jwk: self._key = key else: From 8c5aee6edf1dffd5bba2d4b813ba020103f2cbeb Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Tue, 7 Sep 2021 19:51:42 -0700 Subject: [PATCH 05/11] Address comments --- eng/tox/mypy_hard_failure_packages.py | 1 - .../azure-keyvault-keys/azure/keyvault/keys/_client.py | 4 ++-- .../azure/keyvault/keys/crypto/_client.py | 4 ++-- .../keyvault/keys/crypto/_providers/local_provider.py | 9 ++++++--- .../azure/keyvault/keys/crypto/aio/_client.py | 4 ++-- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/eng/tox/mypy_hard_failure_packages.py b/eng/tox/mypy_hard_failure_packages.py index a781fe158f57..b85c70560081 100644 --- a/eng/tox/mypy_hard_failure_packages.py +++ b/eng/tox/mypy_hard_failure_packages.py @@ -10,7 +10,6 @@ "azure-eventhub", "azure-identity", "azure-keyvault-administration", - "azure-keyvault-keys", "azure-servicebus", "azure-ai-textanalytics", "azure-ai-formrecognizer", diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py index abff877de306..1e561321b9c2 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py @@ -4,8 +4,6 @@ # ------------------------------------ from functools import partial from azure.core.tracing.decorator import distributed_trace -from azure.core.polling import LROPoller -from azure.keyvault.keys import KeyType from ._shared import KeyVaultClientBase from ._shared.exceptions import error_map as _error_map @@ -21,7 +19,9 @@ # pylint:disable=unused-import from typing import Any, Optional, Union from azure.core.paging import ItemPaged + from azure.core.polling import LROPoller from ._models import JsonWebKey + from ._enums import KeyType class KeyClient(KeyVaultClientBase): diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index 9f90610350f3..845091b378b0 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -126,7 +126,7 @@ def __init__(self, key, credential, **kwargs): else: raise ValueError("'key' must be a KeyVaultKey instance or a key ID string including a version") - if not (self._jwk or self._key_id.version if self._key_id else None): + if not (self._jwk or (self._key_id.version if self._key_id else None)): raise ValueError("'key' must include a version") if self._jwk: @@ -139,7 +139,7 @@ def __init__(self, key, credential, **kwargs): self._local_provider = NoLocalCryptography() self._initialized = False - self._vault_url = None if self._jwk else self._key_id.vault_url if self._key_id else None # type: ignore + self._vault_url = None if (self._jwk or self._key_id is None) else self._key_id.vault_url # type: ignore super(CryptographyClient, self).__init__( vault_url=self._vault_url or "vault_url", credential=credential, **kwargs ) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py index 5d0959af9ce6..fa3ffac0f445 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py @@ -65,21 +65,24 @@ def encrypt(self, algorithm, plaintext, iv=None): self._raise_if_unsupported(KeyOperation.encrypt, algorithm) ciphertext = self._internal_key.encrypt(plaintext, algorithm=algorithm.value, iv=iv) return EncryptResult( - key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv) # type: ignore[attr-defined] + key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv + ) # type: ignore[attr-defined] def decrypt(self, algorithm, ciphertext, iv=None): # type: (EncryptionAlgorithm, bytes, Optional[bytes]) -> DecryptResult self._raise_if_unsupported(KeyOperation.decrypt, algorithm) plaintext = self._internal_key.decrypt(ciphertext, iv=iv, algorithm=algorithm.value) return DecryptResult( - key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext) # type: ignore[attr-defined] + key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext + ) # type: ignore[attr-defined] def wrap_key(self, algorithm, key): # type: (KeyWrapAlgorithm, bytes) -> WrapResult self._raise_if_unsupported(KeyOperation.wrap_key, algorithm) encrypted_key = self._internal_key.wrap_key(key, algorithm=algorithm.value) return WrapResult( - key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key) # type: ignore[attr-defined] + key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key + ) # type: ignore[attr-defined] def unwrap_key(self, algorithm, encrypted_key): # type: (KeyWrapAlgorithm, bytes) -> UnwrapResult diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 54be077e306b..8b36a3a025d9 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -75,7 +75,7 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden else: raise ValueError("'key' must be a KeyVaultKey instance or a key ID string including a version") - if not (self._jwk or self._key_id.version if self._key_id else None): + if not (self._jwk or (self._key_id.version if self._key_id else None)): raise ValueError("'key' must include a version") self._initialized = None # type: Optional[bool] @@ -89,7 +89,7 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden self._local_provider = NoLocalCryptography() self._initialized = False - self._vault_url = None if self._jwk else self._key_id.vault_url # type: ignore + self._vault_url = None if (self._jwk or self._key_id is None) else self._key_id.vault_url # type: ignore super().__init__(vault_url=self._vault_url or "vault_url", credential=credential, **kwargs) @property From c594bb958bddaad491453479316c43d292072b0c Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Tue, 7 Sep 2021 20:06:07 -0700 Subject: [PATCH 06/11] Address comments --- .../azure/keyvault/keys/crypto/_models.py | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py index b98774ab2bdd..44b2d8e086e2 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py @@ -18,11 +18,11 @@ class DecryptResult: :param bytes plaintext: The decrypted bytes """ - def __init__(self, algorithm, plaintext, key_id=None): - # type: (EncryptionAlgorithm, bytes, Optional[str]) -> None - self.algorithm = algorithm - self.plaintext = plaintext + def __init__(self, key_id, algorithm, plaintext): + # type: (Optional[str], EncryptionAlgorithm, bytes) -> None self.key_id = key_id + self.algorithm = algorithm + self.plaintext = plaintext class EncryptResult: @@ -39,11 +39,11 @@ class EncryptResult: authenticated algorithm """ - def __init__(self, algorithm, ciphertext, key_id=None, **kwargs): - # type: (EncryptionAlgorithm, bytes, Optional[str], **Any) -> None - self.algorithm = algorithm - self.ciphertext = ciphertext + def __init__(self, key_id, algorithm, ciphertext, **kwargs): + # type: (Optional[str], EncryptionAlgorithm, bytes, **Any) -> None self.key_id = key_id + self.algorithm = algorithm + self.ciphertext = ciphertext self.iv = kwargs.pop("iv", None) self.tag = kwargs.pop("authentication_tag", None) self.aad = kwargs.pop("additional_authenticated_data", None) @@ -58,11 +58,11 @@ class SignResult: :param bytes signature: """ - def __init__(self, algorithm, signature, key_id=None): - # type: (SignatureAlgorithm, bytes, Optional[str]) -> None + def __init__(self, key_id, algorithm, signature): + # type: (Optional[str], SignatureAlgorithm, bytes) -> None + self.key_id = key_id self.algorithm = algorithm self.signature = signature - self.key_id = key_id class VerifyResult: @@ -74,11 +74,11 @@ class VerifyResult: :type algorithm: ~azure.keyvault.keys.crypto.SignatureAlgorithm """ - def __init__(self, is_valid, algorithm, key_id=None): - # type: (bool, SignatureAlgorithm, Optional[str]) -> None + def __init__(self, key_id, is_valid, algorithm): + # type: (Optional[str], bool, SignatureAlgorithm) -> None + self.key_id = key_id self.is_valid = is_valid self.algorithm = algorithm - self.key_id = key_id class UnwrapResult: @@ -90,11 +90,11 @@ class UnwrapResult: :param bytes key: The unwrapped key """ - def __init__(self, algorithm, key, key_id=None): - # type: (KeyWrapAlgorithm, bytes, Optional[str]) -> None + def __init__(self, key_id, algorithm, key): + # type: (Optional[str], KeyWrapAlgorithm, bytes) -> None + self.key_id = key_id self.algorithm = algorithm self.key = key - self.key_id = key_id class WrapResult: @@ -106,8 +106,8 @@ class WrapResult: :param bytes encrypted_key: The encrypted key bytes """ - def __init__(self, algorithm, encrypted_key, key_id=None): - # type: (KeyWrapAlgorithm, bytes, Optional[str]) -> None + def __init__(self, key_id, algorithm, encrypted_key): + # type: (Optional[str], KeyWrapAlgorithm, bytes) -> None + self.key_id = key_id self.algorithm = algorithm self.encrypted_key = encrypted_key - self.key_id = key_id From f8ae3c3b2f919cecca7a43c08a82276f0c4f637c Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Tue, 7 Sep 2021 20:12:02 -0700 Subject: [PATCH 07/11] Run pylint --- .../azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py index 44b2d8e086e2..fc9e9f9c6d2f 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py @@ -22,7 +22,7 @@ def __init__(self, key_id, algorithm, plaintext): # type: (Optional[str], EncryptionAlgorithm, bytes) -> None self.key_id = key_id self.algorithm = algorithm - self.plaintext = plaintext + self.plaintext = plaintext class EncryptResult: @@ -43,7 +43,7 @@ def __init__(self, key_id, algorithm, ciphertext, **kwargs): # type: (Optional[str], EncryptionAlgorithm, bytes, **Any) -> None self.key_id = key_id self.algorithm = algorithm - self.ciphertext = ciphertext + self.ciphertext = ciphertext self.iv = kwargs.pop("iv", None) self.tag = kwargs.pop("authentication_tag", None) self.aad = kwargs.pop("additional_authenticated_data", None) From b36431af49df75d505ba21ffc1dee5273e691fd9 Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Wed, 8 Sep 2021 15:15:21 -0700 Subject: [PATCH 08/11] Address comments --- .../azure/keyvault/keys/crypto/_client.py | 10 +++++----- .../keyvault/keys/crypto/_internal/algorithm.py | 2 +- .../keys/crypto/_providers/local_provider.py | 12 ++++++------ .../azure/keyvault/keys/crypto/aio/_client.py | 13 ++++++------- 4 files changed, 18 insertions(+), 19 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index 845091b378b0..5f44e41f65ce 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -261,9 +261,9 @@ def encrypt(self, algorithm, plaintext, **kwargs): ) return EncryptResult( + key_id=self.key_id, algorithm=algorithm, ciphertext=operation_result.result, - key_id=self.key_id, iv=operation_result.iv, authentication_tag=operation_result.authentication_tag, additional_authenticated_data=operation_result.additional_authenticated_data, @@ -323,7 +323,7 @@ def decrypt(self, algorithm, ciphertext, **kwargs): **kwargs ) - return DecryptResult(algorithm=algorithm, plaintext=operation_result.result, key_id=self.key_id) + return DecryptResult(key_id=self.key_id, algorithm=algorithm, plaintext=operation_result.result) @distributed_trace def wrap_key(self, algorithm, key, **kwargs): @@ -366,7 +366,7 @@ def wrap_key(self, algorithm, key, **kwargs): **kwargs ) - return WrapResult(algorithm=algorithm, encrypted_key=operation_result.result, key_id=self.key_id) + return WrapResult(key_id=self.key_id, algorithm=algorithm, encrypted_key=operation_result.result) @distributed_trace def unwrap_key(self, algorithm, encrypted_key, **kwargs): @@ -407,7 +407,7 @@ def unwrap_key(self, algorithm, encrypted_key, **kwargs): parameters=self._models.KeyOperationsParameters(algorithm=algorithm, value=encrypted_key), **kwargs ) - return UnwrapResult(algorithm=algorithm, key=operation_result.result, key_id=self.key_id) + return UnwrapResult(key_id=self.key_id, algorithm=algorithm, key=operation_result.result) @distributed_trace def sign(self, algorithm, digest, **kwargs): @@ -494,4 +494,4 @@ def verify(self, algorithm, digest, signature, **kwargs): **kwargs ) - return VerifyResult(algorithm=algorithm, is_valid=operation_result.value, key_id=self.key_id) + return VerifyResult(key_id=self.key_id, algorithm=algorithm, is_valid=operation_result.value) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py index 8b9fff47558a..1b850cf2b14b 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithm.py @@ -11,7 +11,7 @@ if TYPE_CHECKING: # pylint:disable=unused-import - from typing import Optional, Union, Type + from typing import Optional, Union from cryptography.hazmat.primitives import hashes _alg_registry = {} diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py index fa3ffac0f445..df8c03638bc1 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_providers/local_provider.py @@ -65,24 +65,24 @@ def encrypt(self, algorithm, plaintext, iv=None): self._raise_if_unsupported(KeyOperation.encrypt, algorithm) ciphertext = self._internal_key.encrypt(plaintext, algorithm=algorithm.value, iv=iv) return EncryptResult( - key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv - ) # type: ignore[attr-defined] + key_id=self._key.kid, algorithm=algorithm, ciphertext=ciphertext, iv=iv # type: ignore[attr-defined] + ) def decrypt(self, algorithm, ciphertext, iv=None): # type: (EncryptionAlgorithm, bytes, Optional[bytes]) -> DecryptResult self._raise_if_unsupported(KeyOperation.decrypt, algorithm) plaintext = self._internal_key.decrypt(ciphertext, iv=iv, algorithm=algorithm.value) return DecryptResult( - key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext - ) # type: ignore[attr-defined] + key_id=self._key.kid, algorithm=algorithm, plaintext=plaintext # type: ignore[attr-defined] + ) def wrap_key(self, algorithm, key): # type: (KeyWrapAlgorithm, bytes) -> WrapResult self._raise_if_unsupported(KeyOperation.wrap_key, algorithm) encrypted_key = self._internal_key.wrap_key(key, algorithm=algorithm.value) return WrapResult( - key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key - ) # type: ignore[attr-defined] + key_id=self._key.kid, algorithm=algorithm, encrypted_key=encrypted_key # type: ignore[attr-defined] + ) def unwrap_key(self, algorithm, encrypted_key): # type: (KeyWrapAlgorithm, bytes) -> UnwrapResult diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 8b36a3a025d9..8c21543eddff 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -78,7 +78,6 @@ def __init__(self, key: "Union[KeyVaultKey, str]", credential: "AsyncTokenCreden if not (self._jwk or (self._key_id.version if self._key_id else None)): raise ValueError("'key' must include a version") - self._initialized = None # type: Optional[bool] if self._jwk: try: self._local_provider = get_local_cryptography_provider(cast(JsonWebKey, self._key)) @@ -205,9 +204,9 @@ async def encrypt(self, algorithm: "EncryptionAlgorithm", plaintext: bytes, **kw ) return EncryptResult( + key_id=self.key_id, algorithm=algorithm, ciphertext=operation_result.result, - key_id=self.key_id, iv=operation_result.iv, authentication_tag=operation_result.authentication_tag, additional_authenticated_data=operation_result.additional_authenticated_data, @@ -266,7 +265,7 @@ async def decrypt(self, algorithm: "EncryptionAlgorithm", ciphertext: bytes, **k **kwargs ) - return DecryptResult(algorithm=algorithm, plaintext=operation_result.result, key_id=self.key_id) + return DecryptResult(key_id=self.key_id, algorithm=algorithm, plaintext=operation_result.result) @distributed_trace_async async def wrap_key(self, algorithm: "KeyWrapAlgorithm", key: bytes, **kwargs: "Any") -> WrapResult: @@ -308,7 +307,7 @@ async def wrap_key(self, algorithm: "KeyWrapAlgorithm", key: bytes, **kwargs: "A **kwargs ) - return WrapResult(algorithm=algorithm, encrypted_key=operation_result.result, key_id=self.key_id) + return WrapResult(key_id=self.key_id, algorithm=algorithm, encrypted_key=operation_result.result) @distributed_trace_async async def unwrap_key(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, **kwargs: "Any") -> UnwrapResult: @@ -349,7 +348,7 @@ async def unwrap_key(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, **kwargs ) - return UnwrapResult(algorithm=algorithm, key=operation_result.result, key_id=self.key_id) + return UnwrapResult(key_id=self.key_id, algorithm=algorithm, key=operation_result.result) @distributed_trace_async async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: "Any") -> SignResult: @@ -391,7 +390,7 @@ async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: " **kwargs ) - return SignResult(algorithm=algorithm, signature=operation_result.result, key_id=self.key_id) + return SignResult(key_id=self.key_id, algorithm=algorithm, signature=operation_result.result) @distributed_trace_async async def verify( @@ -436,4 +435,4 @@ async def verify( **kwargs ) - return VerifyResult(algorithm=algorithm, is_valid=operation_result.value, key_id=self.key_id) + return VerifyResult(key_id=self.key_id, algorithm=algorithm, is_valid=operation_result.value) From a97a9c8e2f6c6fea15af40ff1ef90129d228560e Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Wed, 8 Sep 2021 15:20:08 -0700 Subject: [PATCH 09/11] Resolve conflicts --- eng/tox/mypy_hard_failure_packages.py | 1 - 1 file changed, 1 deletion(-) diff --git a/eng/tox/mypy_hard_failure_packages.py b/eng/tox/mypy_hard_failure_packages.py index 948dacb2e272..7619732b13b4 100644 --- a/eng/tox/mypy_hard_failure_packages.py +++ b/eng/tox/mypy_hard_failure_packages.py @@ -11,7 +11,6 @@ "azure-identity", "azure-keyvault-administration", "azure-keyvault-certificates", - "azure-keyvault-keys", "azure-servicebus", "azure-ai-textanalytics", "azure-ai-formrecognizer", From 73fbe01a2e11f3d4764ef7cf7772a34ea72b0379 Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Wed, 8 Sep 2021 17:08:55 -0700 Subject: [PATCH 10/11] Address comments --- .../azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py | 2 +- .../azure/keyvault/keys/crypto/aio/_client.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py index 5f44e41f65ce..1008ee131392 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py @@ -450,7 +450,7 @@ def sign(self, algorithm, digest, **kwargs): **kwargs ) - return SignResult(algorithm=algorithm, signature=operation_result.result, key_id=self.key_id) + return SignResult(key_id=self.key_id, algorithm=algorithm, signature=operation_result.result) @distributed_trace def verify(self, algorithm, digest, signature, **kwargs): diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 8c21543eddff..7c7e50922dd2 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -348,7 +348,7 @@ async def unwrap_key(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, **kwargs ) - return UnwrapResult(key_id=self.key_id, algorithm=algorithm, key=operation_result.result) + return UnwrapResult(key_id=self._key_id, algorithm=algorithm, key=operation_result.result) @distributed_trace_async async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: "Any") -> SignResult: From 56077ca98471538b622464ee101e0ee569ce4c99 Mon Sep 17 00:00:00 2001 From: YalinLi0312 Date: Wed, 8 Sep 2021 18:00:09 -0700 Subject: [PATCH 11/11] Address comments --- .../azure/keyvault/keys/crypto/aio/_client.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py index 7c7e50922dd2..8c21543eddff 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/aio/_client.py @@ -348,7 +348,7 @@ async def unwrap_key(self, algorithm: "KeyWrapAlgorithm", encrypted_key: bytes, **kwargs ) - return UnwrapResult(key_id=self._key_id, algorithm=algorithm, key=operation_result.result) + return UnwrapResult(key_id=self.key_id, algorithm=algorithm, key=operation_result.result) @distributed_trace_async async def sign(self, algorithm: "SignatureAlgorithm", digest: bytes, **kwargs: "Any") -> SignResult: