AzureSDKAutomation
diff --git a/‎sdk/keyvault/azure-keyvault-administration/CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions b/‎sdk/keyvault/azure-keyvault-administration/CHANGELOG.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py‎
Lines changed: 8 additions & 6 deletions b/‎sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/__init__.py‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py‎
Lines changed: 12 additions & 12 deletions b/‎sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_access_control_client.py‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py‎
Lines changed: 24 additions & 23 deletions b/‎sdk/keyvault/azure-keyvault-administration/azure/keyvault/administration/_backup_client.py‎
Lines changed: 24 additions & 23 deletions
@@ -8,7 +8,27 @@
 ### Breaking Changes
 - Changed parameter order in `KeyVaultAccessControlClient.set_role_definition`.
   `permissions` is now an optional keyword-only argument
+- Renamed `BackupOperation` to `KeyVaultBackupOperation`
+- Renamed `RestoreOperation` to `KeyVaultRestoreOperation`
+- Renamed `SelectiveKeyRestoreOperation` to 
+  `KeyVaultSelectiveKeyRestoreOperation`
+- Renamed `KeyVaultBackupClient.begin_selective_restore` to `begin_selective_key_restore`
+  - Changed parameter order from `folder_url, sas_token, key_name` to
+    `key_name, folder_url, sas_token`
+- `KeyVaultRoleAssignment`'s `principal_id`, `role_definition_id`, and `scope`
+  are now properties of a `properties` property
+  ```
+  # before (4.0.0b3):
+  print(KeyVaultRoleAssignment.scope)
 
+  # after:
+  print(KeyVaultRoleAssignment.properties.scope)
+  ```
+- Renamed `KeyVaultPermission` properties:
+  - `allowed_actions` -> `actions`
+  - `denied_actions` -> `not_actions`
+  - `allowed_data_actions` -> `data_actions`
+  - `denied_data_actions` -> `denied_data_actions`
 
 ## 4.0.0b3 (2021-02-09)
 ### Added
 
@@ -7,25 +7,27 @@
 from ._enums import KeyVaultRoleScope, KeyVaultDataAction
 from ._internal.client_base import ApiVersion
 from ._models import (
-    BackupOperation,
+    KeyVaultBackupOperation,
     KeyVaultPermission,
     KeyVaultRoleAssignment,
+    KeyVaultRoleAssignmentProperties,
     KeyVaultRoleDefinition,
-    RestoreOperation,
-    SelectiveKeyRestoreOperation,
+    KeyVaultRestoreOperation,
+    KeyVaultSelectiveKeyRestoreOperation,
 )
 
 
 __all__ = [
     "ApiVersion",
-    "BackupOperation",
+    "KeyVaultBackupOperation",
     "KeyVaultAccessControlClient",
     "KeyVaultBackupClient",
     "KeyVaultDataAction",
     "KeyVaultPermission",
     "KeyVaultRoleAssignment",
+    "KeyVaultRoleAssignmentProperties",
     "KeyVaultRoleDefinition",
     "KeyVaultRoleScope",
-    "RestoreOperation",
-    "SelectiveKeyRestoreOperation",
+    "KeyVaultRestoreOperation",
+    "KeyVaultSelectiveKeyRestoreOperation",
 ]
@@ -41,7 +41,7 @@ def create_role_assignment(self, role_scope, role_definition_id, principal_id, *
             principal can be a user, service principal, or security group.
         :keyword role_assignment_name: a name for the role assignment. Must be a UUID.
         :paramtype role_assignment_name: str or uuid.UUID
-        :rtype: KeyVaultRoleAssignment
+        :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment
         """
         role_assignment_name = kwargs.pop("role_assignment_name", None) or uuid4()
 
@@ -70,7 +70,7 @@ def delete_role_assignment(self, role_scope, role_assignment_name, **kwargs):
         :param role_assignment_name: the assignment's name.
         :type role_assignment_name: str or uuid.UUID
         :returns: the deleted assignment
-        :rtype: KeyVaultRoleAssignment
+        :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment
         """
         assignment = self._client.role_assignments.delete(
             vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs
@@ -87,7 +87,7 @@ def get_role_assignment(self, role_scope, role_assignment_name, **kwargs):
         :type role_scope: str or KeyVaultRoleScope
         :param role_assignment_name: the assignment's name.
         :type role_assignment_name: str or uuid.UUID
-        :rtype: KeyVaultRoleAssignment
+        :rtype: ~azure.keyvault.administration.KeyVaultRoleAssignment
         """
         assignment = self._client.role_assignments.get(
             vault_base_url=self._vault_url, scope=role_scope, role_assignment_name=str(role_assignment_name), **kwargs
@@ -102,7 +102,7 @@ def list_role_assignments(self, role_scope, **kwargs):
         :param role_scope: scope of the role assignments. :class:`KeyVaultRoleScope` defines common broad scopes.
             Specify a narrower scope as a string.
         :type role_scope: str or KeyVaultRoleScope
-        :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleAssignment]
+        :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleAssignment]
         """
         return self._client.role_assignments.list_for_scope(
             self._vault_url,
@@ -133,14 +133,14 @@ def set_role_definition(self, role_scope, role_definition_name=None, **kwargs):
         :keyword assignable_scopes: the scopes for which the role definition can be assigned.
         :paramtype assignable_scopes: Iterable[str] or Iterable[KeyVaultRoleScope]
         :returns: The created or updated role definition
-        :rtype: KeyVaultRoleDefinition
+        :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition
         """
         permissions = [
             self._client.role_definitions.models.Permission(
-                actions=p.allowed_actions,
-                not_actions=p.denied_actions,
-                data_actions=p.allowed_data_actions,
-                not_data_actions=p.denied_data_actions,
+                actions=p.actions,
+                not_actions=p.not_actions,
+                data_actions=p.data_actions,
+                not_data_actions=p.not_data_actions,
             )
             for p in kwargs.pop("permissions", None) or []
         ]
@@ -172,7 +172,7 @@ def get_role_definition(self, role_scope, role_definition_name, **kwargs):
         :type role_scope: str or KeyVaultRoleScope
         :param role_definition_name: the role definition's name.
         :type role_definition_name: str or uuid.UUID
-        :rtype: KeyVaultRoleDefinition
+        :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition
         """
         definition = self._client.role_definitions.get(
             vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs
@@ -190,7 +190,7 @@ def delete_role_definition(self, role_scope, role_definition_name, **kwargs):
         :param role_definition_name: the role definition's name.
         :type role_definition_name: str or uuid.UUID
         :returns: the deleted role definition
-        :rtype: KeyVaultRoleDefinition
+        :rtype: ~azure.keyvault.administration.KeyVaultRoleDefinition
         """
         definition = self._client.role_definitions.delete(
             vault_base_url=self._vault_url, scope=role_scope, role_definition_name=str(role_definition_name), **kwargs
@@ -205,7 +205,7 @@ def list_role_definitions(self, role_scope, **kwargs):
         :param role_scope: scope of the role definitions. :class:`KeyVaultRoleScope` defines common broad scopes.
             Specify a narrower scope as a string.
         :type role_scope: str or KeyVaultRoleScope
-        :rtype: ~azure.core.paging.ItemPaged[KeyVaultRoleDefinition]
+        :rtype: ~azure.core.paging.ItemPaged[~azure.keyvault.administration.KeyVaultRoleDefinition]
         """
         return self._client.role_definitions.list(
             self._vault_url,
 
@@ -6,7 +6,7 @@
 
 from azure.core.polling.base_polling import LROBasePolling
 
-from ._models import BackupOperation, RestoreOperation, SelectiveKeyRestoreOperation
+from ._models import KeyVaultBackupOperation, KeyVaultRestoreOperation, KeyVaultSelectiveKeyRestoreOperation
 from ._internal import KeyVaultClientBase, parse_folder_url
 from ._internal.polling import KeyVaultBackupClientPolling
 
@@ -26,36 +26,37 @@ class KeyVaultBackupClient(KeyVaultClientBase):
 
     # pylint:disable=protected-access
     def begin_backup(self, blob_storage_url, sas_token, **kwargs):
-        # type: (str, str, **Any) -> LROPoller[BackupOperation]
+        # type: (str, str, **Any) -> LROPoller[KeyVaultBackupOperation]
         """Begin a full backup of the Key Vault.
 
         :param str blob_storage_url: URL of the blob storage container in which the backup will be stored, for example
             https://<account>.blob.core.windows.net/backup
         :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource
         :keyword str continuation_token: a continuation token to restart polling from a saved state
-        :returns: An instance of an LROPoller. Call `result()` on the poller object to get a :class:`BackupOperation`.
-        :rtype: ~azure.core.polling.LROPoller[BackupOperation]
+        :returns: An instance of an LROPoller. Call `result()` on the poller object to get a
+            :class:`KeyVaultBackupOperation`.
+        :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultBackupOperation]
         """
         polling_interval = kwargs.pop("_polling_interval", 5)
         sas_parameter = self._models.SASTokenParameter(storage_resource_uri=blob_storage_url, token=sas_token)
         return self._client.begin_full_backup(
             vault_base_url=self._vault_url,
             azure_storage_blob_container_uri=sas_parameter,
-            cls=BackupOperation._wrap_generated,
+            cls=KeyVaultBackupOperation._wrap_generated,
             continuation_token=kwargs.pop("continuation_token", None),
             polling=LROBasePolling(lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs),
             **kwargs
         )
 
     def begin_restore(self, folder_url, sas_token, **kwargs):
-        # type: (str, str, **Any) -> LROPoller[RestoreOperation]
+        # type: (str, str, **Any) -> LROPoller[KeyVaultRestoreOperation]
         """Restore a full backup of a Key Vault.
 
         :param str folder_url: URL of the blob holding the backup. This would be the `folder_url` of a
-            :class:`BackupOperation` returned by :func:`begin_backup` or :func:`get_backup_status`, for example
+            :class:`KeyVaultBackupOperation` returned by :func:`begin_backup` or :func:`get_backup_status`, for example
             https://<account>.blob.core.windows.net/backup/mhsm-account-2020090117323313
         :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource
-        :rtype: ~azure.core.polling.LROPoller[RestoreOperation]
+        :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultRestoreOperation]
         """
         polling_interval = kwargs.pop("_polling_interval", 5)
         container_url, folder_name = parse_folder_url(folder_url)
@@ -66,23 +67,23 @@ def begin_restore(self, folder_url, sas_token, **kwargs):
         return self._client.begin_full_restore_operation(
             vault_base_url=self._vault_url,
             restore_blob_details=restore_details,
-            cls=RestoreOperation._wrap_generated,
+            cls=KeyVaultRestoreOperation._wrap_generated,
             continuation_token=kwargs.pop("continuation_token", None),
             polling=LROBasePolling(lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs),
             **kwargs
         )
 
-    def begin_selective_restore(self, folder_url, sas_token, key_name, **kwargs):
-        # type: (str, str, str, **Any) -> LROPoller[SelectiveKeyRestoreOperation]
+    def begin_selective_key_restore(self, key_name, folder_url, sas_token, **kwargs):
+        # type: (str, str, str, **Any) -> LROPoller[KeyVaultSelectiveKeyRestoreOperation]
         """Restore a single key from a full Key Vault backup.
 
+        :param str key_name: name of the key to restore from the backup
         :param str folder_url: URL for the blob storage resource, including the path to the blob holding the
-            backup. This would be the `folder_url` of a :class:`BackupOperation` returned by
+            backup. This would be the `folder_url` of a :class:`KeyVaultBackupOperation` returned by
             :func:`begin_backup` or :func:`get_backup_status`, for example
             https://<account>.blob.core.windows.net/backup/mhsm-account-2020090117323313
         :param str sas_token: a Shared Access Signature (SAS) token authorizing access to the blob storage resource
-        :param str key_name: name of the key to restore from the backup
-        :rtype: ~azure.core.polling.LROPoller[RestoreOperation]
+        :rtype: ~azure.core.polling.LROPoller[~azure.keyvault.administration.KeyVaultSelectiveKeyRestoreOperation]
         """
         polling_interval = kwargs.pop("_polling_interval", 5)
         container_url, folder_name = parse_folder_url(folder_url)
@@ -94,34 +95,34 @@ def begin_selective_restore(self, folder_url, sas_token, key_name, **kwargs):
             vault_base_url=self._vault_url,
             key_name=key_name,
             restore_blob_details=restore_details,
-            cls=SelectiveKeyRestoreOperation._wrap_generated,
+            cls=KeyVaultSelectiveKeyRestoreOperation._wrap_generated,
             continuation_token=kwargs.pop("continuation_token", None),
             polling=LROBasePolling(lro_algorithms=[KeyVaultBackupClientPolling()], timeout=polling_interval, **kwargs),
             **kwargs
         )
 
     def get_backup_status(self, job_id, **kwargs):
-        # type: (str, **Any) -> BackupOperation
+        # type: (str, **Any) -> KeyVaultBackupOperation
         """Returns the status of a full backup operation.
 
         :param job_id: The job ID returned as part of the backup request
         :type job_id: str
-        :return: The full backup operation status as a :class:`BackupOperation`
-        :rtype: BackupOperation
+        :return: The full backup operation status as a :class:`KeyVaultBackupOperation`
+        :rtype: ~azure.keyvault.administration.KeyVaultBackupOperation
         """
         return self._client.full_backup_status(
-            vault_base_url=self._vault_url, job_id=job_id, cls=BackupOperation._wrap_generated, **kwargs
+            vault_base_url=self._vault_url, job_id=job_id, cls=KeyVaultBackupOperation._wrap_generated, **kwargs
         )
 
     def get_restore_status(self, job_id, **kwargs):
-        # type: (str, **Any) -> RestoreOperation
+        # type: (str, **Any) -> KeyVaultRestoreOperation
         """Returns the status of a restore operation.
 
         :param job_id: The job ID returned as part of the restore request
         :type job_id: str
-        :return: The restore operation status as a :class:`RestoreOperation`
-        :rtype: RestoreOperation
+        :return: The restore operation status as a :class:`KeyVaultRestoreOperation`
+        :rtype: ~azure.keyvault.administration.KeyVaultRestoreOperation
         """
         return self._client.restore_status(
-            vault_base_url=self.vault_url, job_id=job_id, cls=RestoreOperation._wrap_generated, **kwargs
+            vault_base_url=self.vault_url, job_id=job_id, cls=KeyVaultRestoreOperation._wrap_generated, **kwargs
         )