From 41703f3ccbf6274c755db6daa3d4fb774110798d Mon Sep 17 00:00:00 2001 From: iscai-msft Date: Wed, 2 Sep 2020 14:20:34 -0400 Subject: [PATCH 1/4] add KeyVaultRoleScope enum --- .../azure/keyvault/administration/__init__.py | 5 ++- .../administration/_access_control_client.py | 33 ++++++++++++----- .../azure/keyvault/administration/_models.py | 9 +++++ .../aio/_access_control_client.py | 37 ++++++++++++++----- 4 files changed, 63 insertions(+), 21 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py index 008faf70ac0d0..f512df41adc15 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py @@ -4,7 +4,9 @@ # ------------------------------------ from ._access_control_client import KeyVaultAccessControlClient from ._internal.client_base import ApiVersion -from ._models import KeyVaultPermission, KeyVaultRoleAssignment, KeyVaultRoleDefinition +from ._models import ( + KeyVaultPermission, KeyVaultRoleAssignment, KeyVaultRoleDefinition, KeyVaultRoleScope +) __all__ = [ @@ -13,4 +15,5 @@ "KeyVaultPermission", "KeyVaultRoleAssignment", "KeyVaultRoleDefinition", + "KeyVaultRoleScope", ] diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 862fc8cea88c3..bad35d8ba315e 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -13,6 +13,7 @@ from typing import Any, Union from uuid import UUID from azure.core.paging import ItemPaged + from ._models import KeyVaultRoleScope class KeyVaultAccessControlClient(KeyVaultClientBase): @@ -27,10 +28,12 @@ class KeyVaultAccessControlClient(KeyVaultClientBase): @distributed_trace def create_role_assignment(self, role_scope, role_assignment_name, role_definition_id, principal_id, **kwargs): - # type: (str, Union[str, UUID], str, str, **Any) -> KeyVaultRoleAssignment + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], str, str, **Any) -> KeyVaultRoleAssignment """Create a role assignment. - :param str role_scope: scope the role assignment will apply over + :param role_scope: scope the role assignment will apply over. We've provided enum :class:`KeyVaultRoleScope` + to list the well known scopes, but those scopes are not exhaustive + :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: a name for the role assignment. Must be a UUID. :type role_assignment_name: str or uuid.UUID :param str role_definition_id: ID of the role's definition @@ -54,10 +57,13 @@ def create_role_assignment(self, role_scope, role_assignment_name, role_definiti @distributed_trace def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): - # type: (str, Union[str, UUID], **Any) -> KeyVaultRoleAssignment + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleAssignment """Delete a role assignment. - :param str role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not + exhaustive + :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID :returns: the deleted assignment @@ -70,10 +76,13 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): @distributed_trace def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): - # type: (str, Union[str, UUID], **Any) -> KeyVaultRoleAssignment + # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], **Any) -> KeyVaultRoleAssignment """Get a role assignment. - :param str role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not + exhaustive + :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID :rtype: KeyVaultRoleAssignment @@ -85,10 +94,12 @@ def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): @distributed_trace def list_role_assignments(self, role_scope, **kwargs): - # type: (str, **Any) -> ItemPaged[KeyVaultRoleAssignment] + # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleAssignment] """List all role assignments for a scope. - :param str role_scope: scope of the role assignments + :param role_scope: scope of the role assignments. We've provided enum :class:`KeyVaultRoleScope` + to list the well known scopes, but those scopes are not exhaustive + :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleAssignment] """ return self._client.role_assignments.list_for_scope( @@ -100,10 +111,12 @@ def list_role_assignments(self, role_scope, **kwargs): @distributed_trace def list_role_definitions(self, role_scope, **kwargs): - # type: (str, **Any) -> ItemPaged[KeyVaultRoleDefinition] + # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleDefinition] """List all role definitions applicable at and above a scope. - :param str role_scope: scope of the role definitions + :param role_scope: scope of the role definitions. We've provided enum :class:`KeyVaultRoleScope` + to list the well known scopes, but those scopes are not exhaustive + :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleDefinition] """ return self._client.role_definitions.list( diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py index 81d9b1165a3e5..28b35b68930ea 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_models.py @@ -2,6 +2,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # ------------------------------------ +from enum import Enum from typing import TYPE_CHECKING if TYPE_CHECKING: @@ -11,6 +12,14 @@ # pylint:disable=protected-access +class KeyVaultRoleScope(str, Enum): + """Collection of well known role scopes. This list is not exhaustive""" + + global_value = "/" #: use this if you want role assignments to apply to everything on the resource + + keys_value = "/keys" #: use this if you want role assignments to apply to all keys + + class KeyVaultPermission(object): """Role definition permissions. diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index a9cd70ffcd660..5f1698880237b 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -14,6 +14,7 @@ from typing import Any, Union from uuid import UUID from azure.core.async_paging import AsyncItemPaged + from .._models import KeyVaultRoleScope class KeyVaultAccessControlClient(AsyncKeyVaultClientBase): @@ -29,7 +30,7 @@ class KeyVaultAccessControlClient(AsyncKeyVaultClientBase): @distributed_trace_async async def create_role_assignment( self, - role_scope: str, + role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", role_definition_id: str, principal_id: str, @@ -37,7 +38,9 @@ async def create_role_assignment( ) -> KeyVaultRoleAssignment: """Create a role assignment. - :param str role_scope: scope the role assignment will apply over + :param role_scope: scope the role assignment will apply over. We've provided enum :class:`KeyVaultRoleScope` + to list the well known scopes, but those scopes are not exhaustive + :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: a name for the role assignment. Must be a UUID. :type role_assignment_name: str or uuid.UUID :param str role_definition_id: ID of the role's definition @@ -61,11 +64,14 @@ async def create_role_assignment( @distributed_trace_async async def delete_role_assignment( - self, role_scope: str, role_assignment_name: "Union[str, UUID]", **kwargs: "Any" + self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any" ) -> KeyVaultRoleAssignment: """Delete a role assignment. - :param str role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". + We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not + exhaustive + :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID :returns: the deleted assignment @@ -78,11 +84,14 @@ async def delete_role_assignment( @distributed_trace_async async def get_role_assignment( - self, role_scope: str, role_assignment_name: "Union[str, UUID]", **kwargs: "Any" + self, role_scope: "Union[str, KeyVaultRoleScope]", role_assignment_name: "Union[str, UUID]", **kwargs: "Any" ) -> KeyVaultRoleAssignment: """Get a role assignment. - :param str role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" + :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". + We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not + exhaustive + :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID :rtype: KeyVaultRoleAssignment @@ -93,10 +102,14 @@ async def get_role_assignment( return KeyVaultRoleAssignment._from_generated(assignment) @distributed_trace - def list_role_assignments(self, role_scope: str, **kwargs: "Any") -> "AsyncItemPaged[KeyVaultRoleAssignment]": + def list_role_assignments( + self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" + ) -> "AsyncItemPaged[KeyVaultRoleAssignment]": """List all role assignments for a scope. - :param str role_scope: scope of the role assignments + :param role_scope: scope of the role assignments. We've provided enum :class:`KeyVaultRoleScope` + to list the well known scopes, but those scopes are not exhaustive + :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[KeyVaultRoleAssignment] """ return self._client.role_assignments.list_for_scope( @@ -107,10 +120,14 @@ def list_role_assignments(self, role_scope: str, **kwargs: "Any") -> "AsyncItemP ) @distributed_trace - def list_role_definitions(self, role_scope: str, **kwargs: "Any") -> "AsyncItemPaged[KeyVaultRoleDefinition]": + def list_role_definitions( + self, role_scope: "Union[str, KeyVaultRoleScope]", **kwargs: "Any" + ) -> "AsyncItemPaged[KeyVaultRoleDefinition]": """List all role definitions applicable at and above a scope. - :param str role_scope: scope of the role definitions + :param role_scope: scope of the role definitions. We've provided enum :class:`KeyVaultRoleScope` + to list the well known scopes, but those scopes are not exhaustive + :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[KeyVaultRoleDefinition] """ return self._client.role_definitions.list( From 4f0692b53b8b43b1ed3a833bce481181d89219a3 Mon Sep 17 00:00:00 2001 From: iscai-msft Date: Wed, 2 Sep 2020 14:23:02 -0400 Subject: [PATCH 2/4] add to tests --- .../tests/test_access_control.py | 6 +++--- .../tests/test_access_control_async.py | 7 ++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py index 1bdbf40fb3656..d2bf339766a22 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control.py @@ -6,7 +6,7 @@ import os import uuid -from azure.keyvault.administration import KeyVaultAccessControlClient +from azure.keyvault.administration import KeyVaultAccessControlClient, KeyVaultRoleScope from devtools_testutils import KeyVaultPreparer, ResourceGroupPreparer import pytest @@ -41,7 +41,7 @@ def get_service_principal_id(self): @KeyVaultPreparer() @AccessControlClientPreparer() def test_list_role_definitions(self, client): - definitions = [d for d in client.list_role_definitions("/")] + definitions = [d for d in client.list_role_definitions(KeyVaultRoleScope.global_value)] assert len(definitions) for definition in definitions: @@ -58,7 +58,7 @@ def test_list_role_definitions(self, client): @KeyVaultPreparer() @AccessControlClientPreparer() def test_role_assignment(self, client): - scope = "/" + scope = KeyVaultRoleScope.global_value definitions = [d for d in client.list_role_definitions(scope)] # assign an arbitrary role to the service principal authenticating these requests diff --git a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py index feb85c5a1e983..d0cd50d36534f 100644 --- a/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py +++ b/sdk/keyvault/azure-keyvault-administration/tests/test_access_control_async.py @@ -6,6 +6,7 @@ import os import uuid +from azure.keyvault.administration import KeyVaultRoleScope from azure.keyvault.administration.aio import KeyVaultAccessControlClient from devtools_testutils import KeyVaultPreparer, ResourceGroupPreparer import pytest @@ -42,7 +43,7 @@ def get_service_principal_id(self): @AccessControlClientPreparer() async def test_list_role_definitions(self, client): definitions = [] - async for definition in client.list_role_definitions("/"): + async for definition in client.list_role_definitions(KeyVaultRoleScope.global_value): definitions.append(definition) assert len(definitions) @@ -60,9 +61,9 @@ async def test_list_role_definitions(self, client): @KeyVaultPreparer() @AccessControlClientPreparer() async def test_role_assignment(self, client): - scope = "/" + scope = KeyVaultRoleScope.global_value definitions = [] - async for definition in client.list_role_definitions("/"): + async for definition in client.list_role_definitions(scope): definitions.append(definition) # assign an arbitrary role to the service principal authenticating these requests From 2fa74fd808ad7429a9dc15be06b47b51bc02b4bf Mon Sep 17 00:00:00 2001 From: iscai-msft Date: Thu, 3 Sep 2020 13:17:35 -0400 Subject: [PATCH 3/4] remove 'we' from docstrings --- .../administration/_access_control_client.py | 20 +++++++++---------- .../aio/_access_control_client.py | 20 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index bad35d8ba315e..3647a31594e13 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -31,8 +31,8 @@ def create_role_assignment(self, role_scope, role_assignment_name, role_definiti # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], str, str, **Any) -> KeyVaultRoleAssignment """Create a role assignment. - :param role_scope: scope the role assignment will apply over. We've provided enum :class:`KeyVaultRoleScope` - to list the well known scopes, but those scopes are not exhaustive + :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad + scopes. To list role definitions for a narrower scope, specify it as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: a name for the role assignment. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -61,8 +61,8 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): """Delete a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" - We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not - exhaustive + :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, + specify it as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -80,8 +80,8 @@ def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): """Get a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" - We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not - exhaustive + :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, + specify it as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -97,8 +97,8 @@ def list_role_assignments(self, role_scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleAssignment] """List all role assignments for a scope. - :param role_scope: scope of the role assignments. We've provided enum :class:`KeyVaultRoleScope` - to list the well known scopes, but those scopes are not exhaustive + :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad + scopes. To list role definitions for a narrower scope, specify it as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleAssignment] """ @@ -114,8 +114,8 @@ def list_role_definitions(self, role_scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleDefinition] """List all role definitions applicable at and above a scope. - :param role_scope: scope of the role definitions. We've provided enum :class:`KeyVaultRoleScope` - to list the well known scopes, but those scopes are not exhaustive + :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad + scopes. To list role definitions for a narrower scope, specify it as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleDefinition] """ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index 5f1698880237b..d20b3b1bf386a 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -38,8 +38,8 @@ async def create_role_assignment( ) -> KeyVaultRoleAssignment: """Create a role assignment. - :param role_scope: scope the role assignment will apply over. We've provided enum :class:`KeyVaultRoleScope` - to list the well known scopes, but those scopes are not exhaustive + :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad + scopes. To list role definitions for a narrower scope, specify it as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: a name for the role assignment. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -69,8 +69,8 @@ async def delete_role_assignment( """Delete a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". - We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not - exhaustive + :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, + specify it as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -89,8 +89,8 @@ async def get_role_assignment( """Get a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". - We've provided enum :class:`KeyVaultRoleScope` to list the well known scopes, but those scopes are not - exhaustive + :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, + specify it as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -107,8 +107,8 @@ def list_role_assignments( ) -> "AsyncItemPaged[KeyVaultRoleAssignment]": """List all role assignments for a scope. - :param role_scope: scope of the role assignments. We've provided enum :class:`KeyVaultRoleScope` - to list the well known scopes, but those scopes are not exhaustive + :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad + scopes. To list role definitions for a narrower scope, specify it as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[KeyVaultRoleAssignment] """ @@ -125,8 +125,8 @@ def list_role_definitions( ) -> "AsyncItemPaged[KeyVaultRoleDefinition]": """List all role definitions applicable at and above a scope. - :param role_scope: scope of the role definitions. We've provided enum :class:`KeyVaultRoleScope` - to list the well known scopes, but those scopes are not exhaustive + :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad + scopes. To list role definitions for a narrower scope, specify it as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[KeyVaultRoleDefinition] """ From 1a6e04f225182b28ba6ee8de4332273f2079e228 Mon Sep 17 00:00:00 2001 From: iscai-msft Date: Thu, 3 Sep 2020 17:48:02 -0400 Subject: [PATCH 4/4] fix docstrings pt.2 --- .../administration/_access_control_client.py | 18 ++++++++---------- .../aio/_access_control_client.py | 12 +++++------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py index 3647a31594e13..03cf21ca5aa14 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py @@ -31,8 +31,8 @@ def create_role_assignment(self, role_scope, role_assignment_name, role_definiti # type: (Union[str, KeyVaultRoleScope], Union[str, UUID], str, str, **Any) -> KeyVaultRoleAssignment """Create a role assignment. - :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad - scopes. To list role definitions for a narrower scope, specify it as a string. + :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common + broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: a name for the role assignment. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -61,8 +61,7 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs): """Delete a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" - :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, - specify it as a string. + :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -80,8 +79,7 @@ def get_role_assignment(self, role_scope, role_assignment_name, **kwargs): """Get a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/" - :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, - specify it as a string. + :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -97,8 +95,8 @@ def list_role_assignments(self, role_scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleAssignment] """List all role assignments for a scope. - :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad - scopes. To list role definitions for a narrower scope, specify it as a string. + :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleAssignment] """ @@ -114,8 +112,8 @@ def list_role_definitions(self, role_scope, **kwargs): # type: (Union[str, KeyVaultRoleScope], **Any) -> ItemPaged[KeyVaultRoleDefinition] """List all role definitions applicable at and above a scope. - :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad - scopes. To list role definitions for a narrower scope, specify it as a string. + :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes. + Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleDefinition] """ diff --git a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py index d20b3b1bf386a..fcc0fa53ede62 100644 --- a/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py +++ b/sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/aio/_access_control_client.py @@ -39,7 +39,7 @@ async def create_role_assignment( """Create a role assignment. :param role_scope: scope the role assignment will apply over. :class:`KeyVaultRoleScope` defines common broad - scopes. To list role definitions for a narrower scope, specify it as a string. + scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: a name for the role assignment. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -69,8 +69,7 @@ async def delete_role_assignment( """Delete a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". - :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, - specify it as a string. + :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -89,8 +88,7 @@ async def get_role_assignment( """Get a role assignment. :param role_scope: the assignment's scope, for example "/", "/keys", or "/keys/". - :class:`KeyVaultRoleScope` defines common broad scopes. To list role definitions for a narrower scope, - specify it as a string. + :class:`KeyVaultRoleScope` defines common broad scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :param role_assignment_name: the assignment's name. Must be a UUID. :type role_assignment_name: str or uuid.UUID @@ -108,7 +106,7 @@ def list_role_assignments( """List all role assignments for a scope. :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad - scopes. To list role definitions for a narrower scope, specify it as a string. + scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[KeyVaultRoleAssignment] """ @@ -126,7 +124,7 @@ def list_role_definitions( """List all role definitions applicable at and above a scope. :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad - scopes. To list role definitions for a narrower scope, specify it as a string. + scopes. Specify a narrower scope as a string. :type role_scope: str or KeyVaultRoleScope :rtype: ~azure.core.async_paging.AsyncItemPaged[KeyVaultRoleDefinition] """