MyPy, PyLint, Snippets

Author: Nicola Camillucci

sdk/keyvault/azure-keyvault-administration/README.md

@@ -193,8 +193,7 @@ role_definition = client.set_role_definition(scope=scope, role_name=role_name, p
 ```python
 new_permissions = [
     KeyVaultPermission(
-        data_actions=[KeyVaultDataAction.READ_HSM_KEY],
-        not_data_actions=[KeyVaultDataAction.CREATE_HSM_KEY]
+        data_actions=[KeyVaultDataAction.READ_HSM_KEY], not_data_actions=[KeyVaultDataAction.CREATE_HSM_KEY]
     )
 ]
 unique_definition_name = role_definition.name

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_client.py

@@ -399,9 +399,9 @@ def create_oct_key(
         )
 
     @distributed_trace
-    def begin_delete_key(
+    def begin_delete_key(  # pylint:disable=bad-option-value,delete-operation-wrong-return-type
         self, name: str, **kwargs: Any
-    ) -> LROPoller[DeletedKey]:  # pylint:disable=bad-option-value,delete-operation-wrong-return-type
+    ) -> LROPoller[DeletedKey]:
         """Delete all versions of a key and its cryptographic material.
 
         Requires keys/delete permission. When this method returns Key Vault has begun deleting the key. Deletion may

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/_models.py

@@ -253,11 +253,11 @@ def recovery_level(self) -> Optional[str]:
         return self._attributes.recovery_level if self._attributes else None
 
     @property
-    def tags(self) -> Dict[str, str]:
+    def tags(self) -> Optional[Dict[str, str]]:
         """Application specific metadata in the form of key-value pairs.
 
         :returns: A dictionary of tags attached to the key.
-        :rtype: dict[str, str]
+        :rtype: dict[str, str] or None
         """
         return self._tags
 
@@ -313,9 +313,8 @@ def attestation(self) -> Optional[KeyAttestation]:
         # attestation was added in 7.6-preview.2
         if self._attributes:
             attestation = getattr(self._attributes, "attestation", None)
-            return (
-                KeyAttestation._from_generated(attestation=attestation) if attestation else None
-            )  # pylint:disable=protected-access
+            if attestation:
+                return KeyAttestation._from_generated(attestation=attestation)  # pylint:disable=protected-access
         return None
 
 
@@ -414,8 +413,8 @@ def _from_generated(cls, policy: "_models.KeyRotationPolicy") -> "KeyRotationPol
             []
             if policy.lifetime_actions is None
             else [
-                KeyRotationLifetimeAction._from_generated(action)
-                for action in policy.lifetime_actions  # pylint:disable=protected-access
+                KeyRotationLifetimeAction._from_generated(action)  # pylint:disable=protected-access
+                for action in policy.lifetime_actions
             ]
         )
         if policy.attributes:

sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_models.py

@@ -240,8 +240,11 @@ def verify(
         if not result.is_valid:
             raise InvalidSignature(f"The provided signature '{signature!r}' is invalid.")
 
-    def recover_data_from_signature(
-        self, signature: bytes, padding: AsymmetricPadding, algorithm: Optional[HashAlgorithm]
+    def recover_data_from_signature(  # type: ignore[override]  # Parameter subset
+        self,
+        signature: bytes,
+        padding: AsymmetricPadding,
+        algorithm: Optional[HashAlgorithm],
     ) -> bytes:
         # pylint: disable=line-too-long
         """Recovers the signed data from the signature. Only supported with `cryptography` version 3.3 and above.
@@ -392,7 +395,7 @@ def public_key(self) -> KeyVaultRSAPublicKey:
         """
         return KeyVaultRSAPublicKey(self._client, self._key)
 
-    def sign(
+    def sign(  # type: ignore[override]  # Parameter subset
         self,
         data: bytes,
         padding: AsymmetricPadding,
@@ -413,8 +416,8 @@ def sign(
         :returns: The signature, as bytes.
         :rtype: bytes
         """
-        if isinstance(algorithm, Prehashed):
-            raise ValueError("`Prehashed` algorithms are unsupported. Please provide a `HashAlgorithm` instead.")
+        if not isinstance(algorithm, HashAlgorithm):
+            raise ValueError("Only `HashAlgorithm`s are supported. Please provide a `HashAlgorithm` instead.")
         mapped_algorithm = get_signature_algorithm(padding, algorithm)
         digest = Hash(algorithm)
         digest.update(data)