Address feedback

Azure · Feb 5, 2021 · 08ad6b2 · 08ad6b2
1 parent 147a92d
commit 08ad6b2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 9 deletions.
diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/client_base.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_shared/client_base.py
@@ -22,13 +22,13 @@
 class ApiVersion(str, Enum):
     """Key Vault API versions supported by this package"""
 
-    V7_2_preview = "7.2-preview"
     #: this is the default version
+    V7_2_preview = "7.2-preview"
     V7_1 = "7.1"
     V7_0 = "7.0"
     V2016_10_01 = "2016-10-01"
 
-DEFAULT_VERSION = ApiVersion.V7_1
+DEFAULT_VERSION = ApiVersion.V7_2_preview
 
 
 class KeyVaultClientBase(object):

diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_client.py
@@ -118,8 +118,7 @@ def encrypt(self, algorithm, plaintext, **kwargs):
         :param algorithm: encryption algorithm to use
         :type algorithm: :class:`~azure.keyvault.keys.crypto.EncryptionAlgorithm`
         :param bytes plaintext: bytes to encrypt
-        :keyword bytes iv: optional initialization vector. For use with AES-CBC encryption. Unless specified, this will
-            be generated by the service when necessary.
+        :keyword bytes iv: optional initialization vector. For use with AES-CBC encryption.
         :keyword bytes additional_authenticated_data: optional data that is authenticated but not encrypted. For use
             with AES-GCM encryption.
         :rtype: :class:`~azure.keyvault.keys.crypto.EncryptResult`
@@ -134,12 +133,12 @@ def encrypt(self, algorithm, plaintext, **kwargs):
         """
         self._initialize(**kwargs)
         iv = kwargs.pop("iv", None)
-        if "CBC" not in algorithm:
+        if iv and "CBC" not in algorithm:
             raise ValueError(
                 "iv should only be provided with AES-CBC algorithms; {} does not accept an iv".format(algorithm)
             )
         aad = kwargs.pop("additional_authenticated_data", None)
-        if "GCM" not in algorithm:
+        if aad and "GCM" not in algorithm:
             raise ValueError(
                 "additional_authenticated_data should only be provided with AES-GCM algorithms; {} does not accept an "
                 "aad".format(algorithm)
@@ -196,19 +195,19 @@ def decrypt(self, algorithm, ciphertext, **kwargs):
         """
         self._initialize(**kwargs)
         iv = kwargs.pop("iv", None)
-        if not ("CBC" in algorithm or "GCM" in algorithm):
+        if iv and not ("CBC" in algorithm or "GCM" in algorithm):
             raise ValueError(
                 "iv should only be provided with AES algorithms; {} does not accept an iv".format(algorithm)
             )
         tag = kwargs.pop("authentication_tag", None)
-        if "GCM" not in algorithm:
+        if tag and "GCM" not in algorithm:
             raise ValueError(
                 "authentication_tag should only be provided with AES-GCM algorithms; {} does not accept a tag".format(
                     algorithm
                 )
             )
         aad = kwargs.pop("additional_authenticated_data", None)
-        if "GCM" not in algorithm:
+        if aad and "GCM" not in algorithm:
             raise ValueError(
                 "additional_authenticated_data should only be provided with AES-GCM algorithms; {} does not accept an "
                 "aad".format(algorithm)