diff --git a/azure-keyvault/azure/keyvault/key_vault_client.py b/azure-keyvault/azure/keyvault/key_vault_client.py
old mode 100755
new mode 100644
index 3059e3951aef..2aecef47e52d
--- a/azure-keyvault/azure/keyvault/key_vault_client.py
+++ b/azure-keyvault/azure/keyvault/key_vault_client.py
@@ -9,7 +9,7 @@
 # regenerated.
 # --------------------------------------------------------------------------
 
-from msrest.service_client import ServiceClient
+from msrest.service_client import SDKClient
 from msrest import Serializer, Deserializer
 from msrestazure import AzureConfiguration
 from .version import VERSION
@@ -37,13 +37,13 @@ def __init__(
 
         super(KeyVaultClientConfiguration, self).__init__(base_url)
 
-        self.add_user_agent('keyvaultclient/{}'.format(VERSION))
+        self.add_user_agent('azure-keyvault/{}'.format(VERSION))
         self.add_user_agent('Azure-SDK-For-Python')
 
         self.credentials = credentials
 
 
-class KeyVaultClient(object):
+class KeyVaultClient(SDKClient):
     """The key vault client performs cryptographic key operations and vault operations against the Key Vault service.
 
     :ivar config: Configuration for client.
@@ -58,7 +58,7 @@ def __init__(
             self, credentials):
 
         self.config = KeyVaultClientConfiguration(credentials)
-        self._client = ServiceClient(self.config.credentials, self.config)
+        super(KeyVaultClient, self).__init__(self.config.credentials, self.config)
 
         client_models = {k: v for k, v in models.__dict__.items() if isinstance(v, type)}
         self.api_version = '2016-10-01'
@@ -67,13 +67,13 @@ def __init__(
 
 
     def create_key(
-            self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
+            self, vault_base_url, key_name, kty, key_size=None, key_ops=None, key_attributes=None, tags=None, curve=None, custom_headers=None, raw=False, **operation_config):
         """Creates a new key, stores it, then returns key parameters and
         attributes to the client.
 
         The create key operation can be used to create any key type in Azure
         Key Vault. If the named key already exists, Azure Key Vault creates a
-        new version of the key.
+        new version of the key. It requires the keys/create permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -81,41 +81,42 @@ def create_key(
         :param key_name: The name for the new key. The system will generate
          the version name for the new key.
         :type key_name: str
-        :param kty: The type of key to create. For valid key types, see
-         JsonWebKeyType. Supported JsonWebKey key types (kty) for Elliptic
-         Curve, RSA, HSM, Octet. Possible values include: 'EC', 'RSA',
+        :param kty: The type of key to create. For valid values, see
+         JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA',
          'RSA-HSM', 'oct'
-        :type kty: str or :class:`JsonWebKeyType
-         <azure.keyvault.models.JsonWebKeyType>`
-        :param key_size: The key size in bytes. For example, 1024 or 2048.
+        :type kty: str or ~azure.keyvault.models.JsonWebKeyType
+        :param key_size: The key size in bits. For example: 2048, 3072, or
+         4096 for RSA.
         :type key_size: int
         :param key_ops:
-        :type key_ops: list of str or :class:`JsonWebKeyOperation
-         <azure.keyvault.models.JsonWebKeyOperation>`
+        :type key_ops: list[str or ~azure.keyvault.models.JsonWebKeyOperation]
         :param key_attributes:
-        :type key_attributes: :class:`KeyAttributes
-         <azure.keyvault.models.KeyAttributes>`
+        :type key_attributes: ~azure.keyvault.models.KeyAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
+        :param curve: Elliptic curve name. For valid values, see
+         JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384',
+         'P-521', 'SECP256K1'
+        :type curve: str or ~azure.keyvault.models.JsonWebKeyCurveName
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyBundle <azure.keyvault.models.KeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
-        parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags)
+        parameters = models.KeyCreateParameters(kty=kty, key_size=key_size, key_ops=key_ops, key_attributes=key_attributes, tags=tags, curve=curve)
 
         # Construct URL
-        url = '/keys/{key-name}/create'
+        url = self.create_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'key-name': self._serialize.url("key_name", key_name, 'str', pattern='^[0-9a-zA-Z-]+$')
+            'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -139,7 +140,7 @@ def create_key(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -154,6 +155,7 @@ def create_key(
             return client_raw_response
 
         return deserialized
+    create_key.metadata = {'url': '/keys/{key-name}/create'}
 
     def import_key(
             self, vault_base_url, key_name, key, hsm=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
@@ -162,7 +164,8 @@ def import_key(
 
         The import key operation may be used to import any key type into an
         Azure Key Vault. If the named key already exists, Azure Key Vault
-        creates a new version of the key.
+        creates a new version of the key. This operation requires the
+        keys/import permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -170,33 +173,32 @@ def import_key(
         :param key_name: Name for the imported key.
         :type key_name: str
         :param key: The Json web key
-        :type key: :class:`JsonWebKey <azure.keyvault.models.JsonWebKey>`
+        :type key: ~azure.keyvault.models.JsonWebKey
         :param hsm: Whether to import as a hardware key (HSM) or software key.
         :type hsm: bool
         :param key_attributes: The key management attributes.
-        :type key_attributes: :class:`KeyAttributes
-         <azure.keyvault.models.KeyAttributes>`
+        :type key_attributes: ~azure.keyvault.models.KeyAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyBundle <azure.keyvault.models.KeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyImportParameters(hsm=hsm, key=key, key_attributes=key_attributes, tags=tags)
 
         # Construct URL
-        url = '/keys/{key-name}'
+        url = self.import_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'key-name': self._serialize.url("key_name", key_name, 'str', pattern='^[0-9a-zA-Z-]+$')
+            'key-name': self._serialize.url("key_name", key_name, 'str', pattern=r'^[0-9a-zA-Z-]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -220,7 +222,7 @@ def import_key(
         # Construct and send request
         request = self._client.put(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -235,6 +237,7 @@ def import_key(
             return client_raw_response
 
         return deserialized
+    import_key.metadata = {'url': '/keys/{key-name}'}
 
     def delete_key(
             self, vault_base_url, key_name, custom_headers=None, raw=False, **operation_config):
@@ -243,7 +246,8 @@ def delete_key(
         The delete key operation cannot be used to remove individual versions
         of a key. This operation removes the cryptographic material associated
         with the key, which means the key is not usable for Sign/Verify,
-        Wrap/Unwrap or Encrypt/Decrypt operations.
+        Wrap/Unwrap or Encrypt/Decrypt operations. This operation requires the
+        keys/delete permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -255,15 +259,14 @@ def delete_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedKeyBundle
-         <azure.keyvault.models.DeletedKeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: DeletedKeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.DeletedKeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/keys/{key-name}'
+        url = self.delete_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str')
@@ -286,7 +289,7 @@ def delete_key(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -301,6 +304,7 @@ def delete_key(
             return client_raw_response
 
         return deserialized
+    delete_key.metadata = {'url': '/keys/{key-name}'}
 
     def update_key(
             self, vault_base_url, key_name, key_version, key_ops=None, key_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
@@ -310,7 +314,7 @@ def update_key(
 
         In order to perform this operation, the key must already exist in the
         Key Vault. Note: The cryptographic material of a key itself cannot be
-        changed.
+        changed. This operation requires the keys/update permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -321,29 +325,27 @@ def update_key(
         :type key_version: str
         :param key_ops: Json web key operations. For more information on
          possible key operations, see JsonWebKeyOperation.
-        :type key_ops: list of str or :class:`JsonWebKeyOperation
-         <azure.keyvault.models.JsonWebKeyOperation>`
+        :type key_ops: list[str or ~azure.keyvault.models.JsonWebKeyOperation]
         :param key_attributes:
-        :type key_attributes: :class:`KeyAttributes
-         <azure.keyvault.models.KeyAttributes>`
+        :type key_attributes: ~azure.keyvault.models.KeyAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyBundle <azure.keyvault.models.KeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyUpdateParameters(key_ops=key_ops, key_attributes=key_attributes, tags=tags)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}'
+        url = self.update_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -371,7 +373,7 @@ def update_key(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -386,6 +388,7 @@ def update_key(
             return client_raw_response
 
         return deserialized
+    update_key.metadata = {'url': '/keys/{key-name}/{key-version}'}
 
     def get_key(
             self, vault_base_url, key_name, key_version, custom_headers=None, raw=False, **operation_config):
@@ -393,6 +396,7 @@ def get_key(
 
         The get key operation is applicable to all key types. If the requested
         key is symmetric, then no key material is released in the response.
+        This operation requires the keys/get permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -407,14 +411,14 @@ def get_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyBundle <azure.keyvault.models.KeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/keys/{key-name}/{key-version}'
+        url = self.get_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -438,7 +442,7 @@ def get_key(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -453,13 +457,14 @@ def get_key(
             return client_raw_response
 
         return deserialized
+    get_key.metadata = {'url': '/keys/{key-name}/{key-version}'}
 
     def get_key_versions(
             self, vault_base_url, key_name, maxresults=None, custom_headers=None, raw=False, **operation_config):
         """Retrieves a list of individual key versions with the same key name.
 
         The full key identifier, attributes, and tags are provided in the
-        response.
+        response. This operation requires the keys/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -474,7 +479,9 @@ def get_key_versions(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyItemPaged <azure.keyvault.models.KeyItemPaged>`
+        :return: An iterator like instance of KeyItem
+        :rtype:
+         ~azure.keyvault.models.KeyItemPaged[~azure.keyvault.models.KeyItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -482,7 +489,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/keys/{key-name}/versions'
+                url = self.get_key_versions.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
                     'key-name': self._serialize.url("key_name", key_name, 'str')
@@ -512,7 +519,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -528,6 +535,7 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_key_versions.metadata = {'url': '/keys/{key-name}/versions'}
 
     def get_keys(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
@@ -536,9 +544,9 @@ def get_keys(
         Retrieves a list of the keys in the Key Vault as JSON Web Key
         structures that contain the public part of a stored key. The LIST
         operation is applicable to all key types, however only the base key
-        identifier,attributes, and tags are provided in the response.
-        Individual versions of a key are not listed in the response.
-        Authorization: Requires the keys/list permission.
+        identifier, attributes, and tags are provided in the response.
+        Individual versions of a key are not listed in the response. This
+        operation requires the keys/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -551,7 +559,9 @@ def get_keys(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyItemPaged <azure.keyvault.models.KeyItemPaged>`
+        :return: An iterator like instance of KeyItem
+        :rtype:
+         ~azure.keyvault.models.KeyItemPaged[~azure.keyvault.models.KeyItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -559,7 +569,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/keys'
+                url = self.get_keys.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -588,7 +598,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -604,6 +614,7 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_keys.metadata = {'url': '/keys'}
 
     def backup_key(
             self, vault_base_url, key_name, custom_headers=None, raw=False, **operation_config):
@@ -622,7 +633,8 @@ def backup_key(
         BACKUP / RESTORE can be performed within geographical boundaries only;
         meaning that a BACKUP from one geographical area cannot be restored to
         another geographical area. For example, a backup from the US
-        geographical area cannot be restored in an EU geographical area.
+        geographical area cannot be restored in an EU geographical area. This
+        operation requires the key/backup permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -634,15 +646,14 @@ def backup_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`BackupKeyResult
-         <azure.keyvault.models.BackupKeyResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: BackupKeyResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.BackupKeyResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/keys/{key-name}/backup'
+        url = self.backup_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str')
@@ -665,7 +676,7 @@ def backup_key(
 
         # Construct and send request
         request = self._client.post(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -680,6 +691,7 @@ def backup_key(
             return client_raw_response
 
         return deserialized
+    backup_key.metadata = {'url': '/keys/{key-name}/backup'}
 
     def restore_key(
             self, vault_base_url, key_bundle_backup, custom_headers=None, raw=False, **operation_config):
@@ -697,7 +709,8 @@ def restore_key(
         version identifiers. The RESTORE operation is subject to security
         constraints: The target Key Vault must be owned by the same Microsoft
         Azure Subscription as the source Key Vault The user must have RESTORE
-        permission in the target Key Vault.
+        permission in the target Key Vault. This operation requires the
+        keys/restore permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -710,16 +723,16 @@ def restore_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyBundle <azure.keyvault.models.KeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyRestoreParameters(key_bundle_backup=key_bundle_backup)
 
         # Construct URL
-        url = '/keys/restore'
+        url = self.restore_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
         }
@@ -745,7 +758,7 @@ def restore_key(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -760,6 +773,7 @@ def restore_key(
             return client_raw_response
 
         return deserialized
+    restore_key.metadata = {'url': '/keys/restore'}
 
     def encrypt(
             self, vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config):
@@ -774,7 +788,8 @@ def encrypt(
         stored in Azure Key Vault since protection with an asymmetric key can
         be performed using public portion of the key. This operation is
         supported for asymmetric keys as a convenience for callers that have a
-        key-reference but do not have access to the public key material.
+        key-reference but do not have access to the public key material. This
+        operation requires the keys/encypt permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -785,8 +800,8 @@ def encrypt(
         :type key_version: str
         :param algorithm: algorithm identifier. Possible values include:
          'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
-        :type algorithm: str or :class:`JsonWebKeyEncryptionAlgorithm
-         <azure.keyvault.models.JsonWebKeyEncryptionAlgorithm>`
+        :type algorithm: str or
+         ~azure.keyvault.models.JsonWebKeyEncryptionAlgorithm
         :param value:
         :type value: bytes
         :param dict custom_headers: headers that will be added to the request
@@ -794,17 +809,16 @@ def encrypt(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyOperationResult
-         <azure.keyvault.models.KeyOperationResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyOperationResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyOperationResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}/encrypt'
+        url = self.encrypt.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -832,7 +846,7 @@ def encrypt(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -847,6 +861,7 @@ def encrypt(
             return client_raw_response
 
         return deserialized
+    encrypt.metadata = {'url': '/keys/{key-name}/{key-version}/encrypt'}
 
     def decrypt(
             self, vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config):
@@ -858,7 +873,8 @@ def decrypt(
         be decrypted, the size of this block is dependent on the target key and
         the algorithm to be used. The DECRYPT operation applies to asymmetric
         and symmetric keys stored in Azure Key Vault since it uses the private
-        portion of the key.
+        portion of the key. This operation requires the keys/decrypt
+        permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -869,8 +885,8 @@ def decrypt(
         :type key_version: str
         :param algorithm: algorithm identifier. Possible values include:
          'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
-        :type algorithm: str or :class:`JsonWebKeyEncryptionAlgorithm
-         <azure.keyvault.models.JsonWebKeyEncryptionAlgorithm>`
+        :type algorithm: str or
+         ~azure.keyvault.models.JsonWebKeyEncryptionAlgorithm
         :param value:
         :type value: bytes
         :param dict custom_headers: headers that will be added to the request
@@ -878,17 +894,16 @@ def decrypt(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyOperationResult
-         <azure.keyvault.models.KeyOperationResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyOperationResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyOperationResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}/decrypt'
+        url = self.decrypt.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -916,7 +931,7 @@ def decrypt(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -931,6 +946,7 @@ def decrypt(
             return client_raw_response
 
         return deserialized
+    decrypt.metadata = {'url': '/keys/{key-name}/{key-version}/decrypt'}
 
     def sign(
             self, vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config):
@@ -938,7 +954,7 @@ def sign(
 
         The SIGN operation is applicable to asymmetric and symmetric keys
         stored in Azure Key Vault since this operation uses the private portion
-        of the key.
+        of the key. This operation requires the keys/sign permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -950,9 +966,10 @@ def sign(
         :param algorithm: The signing/verification algorithm identifier. For
          more information on possible algorithm types, see
          JsonWebKeySignatureAlgorithm. Possible values include: 'PS256',
-         'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL'
-        :type algorithm: str or :class:`JsonWebKeySignatureAlgorithm
-         <azure.keyvault.models.JsonWebKeySignatureAlgorithm>`
+         'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256',
+         'ES384', 'ES512', 'ECDSA256'
+        :type algorithm: str or
+         ~azure.keyvault.models.JsonWebKeySignatureAlgorithm
         :param value:
         :type value: bytes
         :param dict custom_headers: headers that will be added to the request
@@ -960,17 +977,16 @@ def sign(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyOperationResult
-         <azure.keyvault.models.KeyOperationResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyOperationResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyOperationResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeySignParameters(algorithm=algorithm, value=value)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}/sign'
+        url = self.sign.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -998,7 +1014,7 @@ def sign(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1013,6 +1029,7 @@ def sign(
             return client_raw_response
 
         return deserialized
+    sign.metadata = {'url': '/keys/{key-name}/{key-version}/sign'}
 
     def verify(
             self, vault_base_url, key_name, key_version, algorithm, digest, signature, custom_headers=None, raw=False, **operation_config):
@@ -1023,7 +1040,8 @@ def verify(
         in Azure Key Vault since signature verification can be performed using
         the public portion of the key but this operation is supported as a
         convenience for callers that only have a key-reference and not the
-        public portion of the key.
+        public portion of the key. This operation requires the keys/verify
+        permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1035,9 +1053,10 @@ def verify(
         :param algorithm: The signing/verification algorithm. For more
          information on possible algorithm types, see
          JsonWebKeySignatureAlgorithm. Possible values include: 'PS256',
-         'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL'
-        :type algorithm: str or :class:`JsonWebKeySignatureAlgorithm
-         <azure.keyvault.models.JsonWebKeySignatureAlgorithm>`
+         'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256',
+         'ES384', 'ES512', 'ECDSA256'
+        :type algorithm: str or
+         ~azure.keyvault.models.JsonWebKeySignatureAlgorithm
         :param digest: The digest used for signing.
         :type digest: bytes
         :param signature: The signature to be verified.
@@ -1047,17 +1066,16 @@ def verify(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyVerifyResult
-         <azure.keyvault.models.KeyVerifyResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyVerifyResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyVerifyResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyVerifyParameters(algorithm=algorithm, digest=digest, signature=signature)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}/verify'
+        url = self.verify.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -1085,7 +1103,7 @@ def verify(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1100,6 +1118,7 @@ def verify(
             return client_raw_response
 
         return deserialized
+    verify.metadata = {'url': '/keys/{key-name}/{key-version}/verify'}
 
     def wrap_key(
             self, vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config):
@@ -1111,7 +1130,8 @@ def wrap_key(
         in Azure Key Vault since protection with an asymmetric key can be
         performed using the public portion of the key. This operation is
         supported for asymmetric keys as a convenience for callers that have a
-        key-reference but do not have access to the public key material.
+        key-reference but do not have access to the public key material. This
+        operation requires the keys/wrapKey permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1122,8 +1142,8 @@ def wrap_key(
         :type key_version: str
         :param algorithm: algorithm identifier. Possible values include:
          'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
-        :type algorithm: str or :class:`JsonWebKeyEncryptionAlgorithm
-         <azure.keyvault.models.JsonWebKeyEncryptionAlgorithm>`
+        :type algorithm: str or
+         ~azure.keyvault.models.JsonWebKeyEncryptionAlgorithm
         :param value:
         :type value: bytes
         :param dict custom_headers: headers that will be added to the request
@@ -1131,17 +1151,16 @@ def wrap_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyOperationResult
-         <azure.keyvault.models.KeyOperationResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyOperationResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyOperationResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}/wrapkey'
+        url = self.wrap_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -1169,7 +1188,7 @@ def wrap_key(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1184,6 +1203,7 @@ def wrap_key(
             return client_raw_response
 
         return deserialized
+    wrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/wrapkey'}
 
     def unwrap_key(
             self, vault_base_url, key_name, key_version, algorithm, value, custom_headers=None, raw=False, **operation_config):
@@ -1194,7 +1214,7 @@ def unwrap_key(
         target key encryption key. This operation is the reverse of the WRAP
         operation. The UNWRAP operation applies to asymmetric and symmetric
         keys stored in Azure Key Vault since it uses the private portion of the
-        key.
+        key. This operation requires the keys/unwrapKey permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1205,8 +1225,8 @@ def unwrap_key(
         :type key_version: str
         :param algorithm: algorithm identifier. Possible values include:
          'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
-        :type algorithm: str or :class:`JsonWebKeyEncryptionAlgorithm
-         <azure.keyvault.models.JsonWebKeyEncryptionAlgorithm>`
+        :type algorithm: str or
+         ~azure.keyvault.models.JsonWebKeyEncryptionAlgorithm
         :param value:
         :type value: bytes
         :param dict custom_headers: headers that will be added to the request
@@ -1214,17 +1234,16 @@ def unwrap_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyOperationResult
-         <azure.keyvault.models.KeyOperationResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyOperationResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyOperationResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.KeyOperationsParameters(algorithm=algorithm, value=value)
 
         # Construct URL
-        url = '/keys/{key-name}/{key-version}/unwrapkey'
+        url = self.unwrap_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str'),
@@ -1252,7 +1271,7 @@ def unwrap_key(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1267,10 +1286,18 @@ def unwrap_key(
             return client_raw_response
 
         return deserialized
+    unwrap_key.metadata = {'url': '/keys/{key-name}/{key-version}/unwrapkey'}
 
     def get_deleted_keys(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
-        """List deleted keys in the specified vault. Authorization: Requires the
+        """Lists the deleted keys in the specified vault.
+
+        Retrieves a list of the keys in the Key Vault as JSON Web Key
+        structures that contain the public part of a deleted key. This
+        operation includes deletion-specific information. The Get Deleted Keys
+        operation is applicable for vaults enabled for soft-delete. While the
+        operation can be invoked on any vault, it will return an error if
+        invoked on a non soft-delete enabled vault. This operation requires the
         keys/list permission.
 
         :param vault_base_url: The vault name, for example
@@ -1284,8 +1311,9 @@ def get_deleted_keys(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedKeyItemPaged
-         <azure.keyvault.models.DeletedKeyItemPaged>`
+        :return: An iterator like instance of DeletedKeyItem
+        :rtype:
+         ~azure.keyvault.models.DeletedKeyItemPaged[~azure.keyvault.models.DeletedKeyItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -1293,7 +1321,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/deletedkeys'
+                url = self.get_deleted_keys.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -1322,7 +1350,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1338,31 +1366,35 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_deleted_keys.metadata = {'url': '/deletedkeys'}
 
     def get_deleted_key(
             self, vault_base_url, key_name, custom_headers=None, raw=False, **operation_config):
-        """Retrieves the deleted key information plus its attributes.
-        Authorization: Requires the keys/get permission.
+        """Gets the public part of a deleted key.
+
+        The Get Deleted Key operation is applicable for soft-delete enabled
+        vaults. While the operation can be invoked on any vault, it will return
+        an error if invoked on a non soft-delete enabled vault. This operation
+        requires the keys/get permission. .
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
-        :param key_name: The name of the key
+        :param key_name: The name of the key.
         :type key_name: str
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedKeyBundle
-         <azure.keyvault.models.DeletedKeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: DeletedKeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.DeletedKeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedkeys/{key-name}'
+        url = self.get_deleted_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str')
@@ -1385,7 +1417,7 @@ def get_deleted_key(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1400,11 +1432,16 @@ def get_deleted_key(
             return client_raw_response
 
         return deserialized
+    get_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'}
 
     def purge_deleted_key(
             self, vault_base_url, key_name, custom_headers=None, raw=False, **operation_config):
-        """Permanently deletes the specified key. aka purges the key.
-        Authorization: Requires the keys/purge permission.
+        """Permanently deletes the specified key.
+
+        The Purge Deleted Key operation is applicable for soft-delete enabled
+        vaults. While the operation can be invoked on any vault, it will return
+        an error if invoked on a non soft-delete enabled vault. This operation
+        requires the keys/purge permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1416,14 +1453,13 @@ def purge_deleted_key(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: None
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: None or ClientRawResponse if raw=true
+        :rtype: None or ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedkeys/{key-name}'
+        url = self.purge_deleted_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str')
@@ -1446,7 +1482,7 @@ def purge_deleted_key(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [204]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1454,30 +1490,37 @@ def purge_deleted_key(
         if raw:
             client_raw_response = ClientRawResponse(None, response)
             return client_raw_response
+    purge_deleted_key.metadata = {'url': '/deletedkeys/{key-name}'}
 
     def recover_deleted_key(
             self, vault_base_url, key_name, custom_headers=None, raw=False, **operation_config):
-        """Recovers the deleted key back to its current version under /keys.
-        Authorization: Requires the keys/recover permission.
+        """Recovers the deleted key to its latest version.
+
+        The Recover Deleted Key operation is applicable for deleted keys in
+        soft-delete enabled vaults. It recovers the deleted key back to its
+        latest version under /keys. An attempt to recover an non-deleted key
+        will return an error. Consider this the inverse of the delete operation
+        on soft-delete enabled vaults. This operation requires the keys/recover
+        permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
-        :param key_name: The name of the deleted key
+        :param key_name: The name of the deleted key.
         :type key_name: str
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`KeyBundle <azure.keyvault.models.KeyBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: KeyBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.KeyBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedkeys/{key-name}/recover'
+        url = self.recover_deleted_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'key-name': self._serialize.url("key_name", key_name, 'str')
@@ -1500,7 +1543,7 @@ def recover_deleted_key(
 
         # Construct and send request
         request = self._client.post(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1515,6 +1558,7 @@ def recover_deleted_key(
             return client_raw_response
 
         return deserialized
+    recover_deleted_key.metadata = {'url': '/deletedkeys/{key-name}/recover'}
 
     def set_secret(
             self, vault_base_url, secret_name, value, tags=None, content_type=None, secret_attributes=None, custom_headers=None, raw=False, **operation_config):
@@ -1522,7 +1566,7 @@ def set_secret(
 
         The SET operation adds a secret to the Azure Key Vault. If the named
         secret already exists, Azure Key Vault creates a new version of that
-        secret.
+        secret. This operation requires the secrets/set permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1533,30 +1577,29 @@ def set_secret(
         :type value: str
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param content_type: Type of the secret value such as a password.
         :type content_type: str
         :param secret_attributes: The secret management attributes.
-        :type secret_attributes: :class:`SecretAttributes
-         <azure.keyvault.models.SecretAttributes>`
+        :type secret_attributes: ~azure.keyvault.models.SecretAttributes
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretBundle <azure.keyvault.models.SecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.SecretSetParameters(value=value, tags=tags, content_type=content_type, secret_attributes=secret_attributes)
 
         # Construct URL
-        url = '/secrets/{secret-name}'
+        url = self.set_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern='^[0-9a-zA-Z-]+$')
+            'secret-name': self._serialize.url("secret_name", secret_name, 'str', pattern=r'^[0-9a-zA-Z-]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -1580,7 +1623,7 @@ def set_secret(
         # Construct and send request
         request = self._client.put(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1595,13 +1638,15 @@ def set_secret(
             return client_raw_response
 
         return deserialized
+    set_secret.metadata = {'url': '/secrets/{secret-name}'}
 
     def delete_secret(
             self, vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config):
         """Deletes a secret from a specified key vault.
 
         The DELETE operation applies to any secret stored in Azure Key Vault.
-        DELETE cannot be applied to an individual version of a secret.
+        DELETE cannot be applied to an individual version of a secret. This
+        operation requires the secrets/delete permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1613,15 +1658,14 @@ def delete_secret(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedSecretBundle
-         <azure.keyvault.models.DeletedSecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: DeletedSecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.DeletedSecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/secrets/{secret-name}'
+        url = self.delete_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str')
@@ -1644,7 +1688,7 @@ def delete_secret(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1659,6 +1703,7 @@ def delete_secret(
             return client_raw_response
 
         return deserialized
+    delete_secret.metadata = {'url': '/secrets/{secret-name}'}
 
     def update_secret(
             self, vault_base_url, secret_name, secret_version, content_type=None, secret_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
@@ -1667,7 +1712,8 @@ def update_secret(
 
         The UPDATE operation changes specified attributes of an existing stored
         secret. Attributes that are not specified in the request are left
-        unchanged. The value of a secret itself cannot be changed.
+        unchanged. The value of a secret itself cannot be changed. This
+        operation requires the secrets/set permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1679,26 +1725,25 @@ def update_secret(
         :param content_type: Type of the secret value such as a password.
         :type content_type: str
         :param secret_attributes: The secret management attributes.
-        :type secret_attributes: :class:`SecretAttributes
-         <azure.keyvault.models.SecretAttributes>`
+        :type secret_attributes: ~azure.keyvault.models.SecretAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretBundle <azure.keyvault.models.SecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.SecretUpdateParameters(content_type=content_type, secret_attributes=secret_attributes, tags=tags)
 
         # Construct URL
-        url = '/secrets/{secret-name}/{secret-version}'
+        url = self.update_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str'),
@@ -1726,7 +1771,7 @@ def update_secret(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1741,13 +1786,14 @@ def update_secret(
             return client_raw_response
 
         return deserialized
+    update_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'}
 
     def get_secret(
             self, vault_base_url, secret_name, secret_version, custom_headers=None, raw=False, **operation_config):
         """Get a specified secret from a given key vault.
 
         The GET operation is applicable to any secret stored in Azure Key
-        Vault.
+        Vault. This operation requires the secrets/get permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1761,14 +1807,14 @@ def get_secret(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretBundle <azure.keyvault.models.SecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/secrets/{secret-name}/{secret-version}'
+        url = self.get_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str'),
@@ -1792,7 +1838,7 @@ def get_secret(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1807,28 +1853,31 @@ def get_secret(
             return client_raw_response
 
         return deserialized
+    get_secret.metadata = {'url': '/secrets/{secret-name}/{secret-version}'}
 
     def get_secrets(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
         """List secrets in a specified key vault.
 
-        The LIST operation is applicable to the entire vault, however only the
-        base secret identifier and attributes are provided in the response.
-        Individual secret versions are not listed in the response.
+        The Get Secrets operation is applicable to the entire vault. However,
+        only the base secret identifier and its attributes are provided in the
+        response. Individual secret versions are not listed in the response.
+        This operation requires the secrets/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
         :param maxresults: Maximum number of results to return in a page. If
-         not specified the service will return up to 25 results.
+         not specified, the service will return up to 25 results.
         :type maxresults: int
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretItemPaged
-         <azure.keyvault.models.SecretItemPaged>`
+        :return: An iterator like instance of SecretItem
+        :rtype:
+         ~azure.keyvault.models.SecretItemPaged[~azure.keyvault.models.SecretItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -1836,7 +1885,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/secrets'
+                url = self.get_secrets.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -1865,7 +1914,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1881,15 +1930,15 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_secrets.metadata = {'url': '/secrets'}
 
     def get_secret_versions(
             self, vault_base_url, secret_name, maxresults=None, custom_headers=None, raw=False, **operation_config):
-        """List the versions of the specified secret.
+        """List all versions of the specified secret.
 
-        The LIST VERSIONS operation can be applied to all versions having the
-        same secret name in the same key vault. The full secret identifier and
-        attributes are provided in the response. No values are returned for the
-        secrets and only current versions of a secret are listed.
+        The full secret identifier and attributes are provided in the response.
+        No values are returned for the secrets. This operations requires the
+        secrets/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -1897,15 +1946,16 @@ def get_secret_versions(
         :param secret_name: The name of the secret.
         :type secret_name: str
         :param maxresults: Maximum number of results to return in a page. If
-         not specified the service will return up to 25 results.
+         not specified, the service will return up to 25 results.
         :type maxresults: int
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretItemPaged
-         <azure.keyvault.models.SecretItemPaged>`
+        :return: An iterator like instance of SecretItem
+        :rtype:
+         ~azure.keyvault.models.SecretItemPaged[~azure.keyvault.models.SecretItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -1913,7 +1963,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/secrets/{secret-name}/versions'
+                url = self.get_secret_versions.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
                     'secret-name': self._serialize.url("secret_name", secret_name, 'str')
@@ -1943,7 +1993,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -1959,10 +2009,14 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_secret_versions.metadata = {'url': '/secrets/{secret-name}/versions'}
 
     def get_deleted_secrets(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
-        """List deleted secrets in the specified vault. Authorization: requires
+        """Lists deleted secrets for the specified vault.
+
+        The Get Deleted Secrets operation returns the secrets that have been
+        deleted for a vault enabled for soft-delete. This operation requires
         the secrets/list permission.
 
         :param vault_base_url: The vault name, for example
@@ -1976,8 +2030,9 @@ def get_deleted_secrets(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedSecretItemPaged
-         <azure.keyvault.models.DeletedSecretItemPaged>`
+        :return: An iterator like instance of DeletedSecretItem
+        :rtype:
+         ~azure.keyvault.models.DeletedSecretItemPaged[~azure.keyvault.models.DeletedSecretItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -1985,7 +2040,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/deletedsecrets'
+                url = self.get_deleted_secrets.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -2014,7 +2069,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2030,31 +2085,34 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_deleted_secrets.metadata = {'url': '/deletedsecrets'}
 
     def get_deleted_secret(
             self, vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config):
-        """Retrieves the deleted secret information plus its attributes.
-        Authorization: requires the secrets/get permission.
+        """Gets the specified deleted secret.
+
+        The Get Deleted Secret operation returns the specified deleted secret
+        along with its attributes. This operation requires the secrets/get
+        permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
-        :param secret_name: The name of the secret
+        :param secret_name: The name of the secret.
         :type secret_name: str
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedSecretBundle
-         <azure.keyvault.models.DeletedSecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: DeletedSecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.DeletedSecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedsecrets/{secret-name}'
+        url = self.get_deleted_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str')
@@ -2077,7 +2135,7 @@ def get_deleted_secret(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2092,30 +2150,34 @@ def get_deleted_secret(
             return client_raw_response
 
         return deserialized
+    get_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'}
 
     def purge_deleted_secret(
             self, vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config):
-        """Permanently deletes the specified secret. aka purges the secret.
-        Authorization: requires the secrets/purge permission.
+        """Permanently deletes the specified secret.
+
+        The purge deleted secret operation removes the secret permanently,
+        without the possibility of recovery. This operation can only be enabled
+        on a soft-delete enabled vault. This operation requires the
+        secrets/purge permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
-        :param secret_name: The name of the secret
+        :param secret_name: The name of the secret.
         :type secret_name: str
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: None
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: None or ClientRawResponse if raw=true
+        :rtype: None or ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedsecrets/{secret-name}'
+        url = self.purge_deleted_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str')
@@ -2138,7 +2200,7 @@ def purge_deleted_secret(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [204]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2146,30 +2208,34 @@ def purge_deleted_secret(
         if raw:
             client_raw_response = ClientRawResponse(None, response)
             return client_raw_response
+    purge_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}'}
 
     def recover_deleted_secret(
             self, vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config):
-        """Recovers the deleted secret back to its current version under /secrets.
-        Authorization: requires the secrets/recover permission.
+        """Recovers the deleted secret to the latest version.
+
+        Recovers the deleted secret in the specified vault. This operation can
+        only be performed on a soft-delete enabled vault. This operation
+        requires the secrets/recover permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
-        :param secret_name: The name of the deleted secret
+        :param secret_name: The name of the deleted secret.
         :type secret_name: str
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretBundle <azure.keyvault.models.SecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedsecrets/{secret-name}/recover'
+        url = self.recover_deleted_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str')
@@ -2192,7 +2258,7 @@ def recover_deleted_secret(
 
         # Construct and send request
         request = self._client.post(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2207,11 +2273,15 @@ def recover_deleted_secret(
             return client_raw_response
 
         return deserialized
+    recover_deleted_secret.metadata = {'url': '/deletedsecrets/{secret-name}/recover'}
 
     def backup_secret(
             self, vault_base_url, secret_name, custom_headers=None, raw=False, **operation_config):
-        """Requests that a backup of the specified secret be downloaded to the
-        client. Authorization: requires the secrets/backup permission.
+        """Backs up the specified secret.
+
+        Requests that a backup of the specified secret be downloaded to the
+        client. All versions of the secret will be downloaded. This operation
+        requires the secrets/backup permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2223,15 +2293,14 @@ def backup_secret(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`BackupSecretResult
-         <azure.keyvault.models.BackupSecretResult>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: BackupSecretResult or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.BackupSecretResult or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/secrets/{secret-name}/backup'
+        url = self.backup_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'secret-name': self._serialize.url("secret_name", secret_name, 'str')
@@ -2254,7 +2323,7 @@ def backup_secret(
 
         # Construct and send request
         request = self._client.post(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2269,11 +2338,14 @@ def backup_secret(
             return client_raw_response
 
         return deserialized
+    backup_secret.metadata = {'url': '/secrets/{secret-name}/backup'}
 
     def restore_secret(
             self, vault_base_url, secret_bundle_backup, custom_headers=None, raw=False, **operation_config):
-        """Restores a backed up secret to a vault. Authorization: requires the
-        secrets/restore permission.
+        """Restores a backed up secret to a vault.
+
+        Restores a backed up secret, and all its versions, to a vault. This
+        operation requires the secrets/restore permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2286,16 +2358,16 @@ def restore_secret(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SecretBundle <azure.keyvault.models.SecretBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SecretBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SecretBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.SecretRestoreParameters(secret_bundle_backup=secret_bundle_backup)
 
         # Construct URL
-        url = '/secrets/restore'
+        url = self.restore_secret.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
         }
@@ -2321,7 +2393,7 @@ def restore_secret(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2336,13 +2408,15 @@ def restore_secret(
             return client_raw_response
 
         return deserialized
+    restore_secret.metadata = {'url': '/secrets/restore'}
 
     def get_certificates(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
         """List certificates in a specified key vault.
 
         The GetCertificates operation returns the set of certificates resources
-        in the specified key vault.
+        in the specified key vault. This operation requires the
+        certificates/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2355,8 +2429,9 @@ def get_certificates(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateItemPaged
-         <azure.keyvault.models.CertificateItemPaged>`
+        :return: An iterator like instance of CertificateItem
+        :rtype:
+         ~azure.keyvault.models.CertificateItemPaged[~azure.keyvault.models.CertificateItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -2364,7 +2439,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/certificates'
+                url = self.get_certificates.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -2393,7 +2468,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2409,6 +2484,7 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_certificates.metadata = {'url': '/certificates'}
 
     def delete_certificate(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
@@ -2416,7 +2492,8 @@ def delete_certificate(
 
         Deletes all versions of a certificate object along with its associated
         policy. Delete certificate cannot be used to remove individual versions
-        of a certificate object.
+        of a certificate object. This operation requires the
+        certificates/delete permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2428,15 +2505,14 @@ def delete_certificate(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedCertificateBundle
-         <azure.keyvault.models.DeletedCertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: DeletedCertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.DeletedCertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/{certificate-name}'
+        url = self.delete_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -2459,7 +2535,7 @@ def delete_certificate(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2474,35 +2550,35 @@ def delete_certificate(
             return client_raw_response
 
         return deserialized
+    delete_certificate.metadata = {'url': '/certificates/{certificate-name}'}
 
     def set_certificate_contacts(
             self, vault_base_url, contact_list=None, custom_headers=None, raw=False, **operation_config):
         """Sets the certificate contacts for the specified key vault.
 
-        Sets the certificate contacts for the specified key vault.
-        Authorization: requires the certificates/managecontacts permission.
+        Sets the certificate contacts for the specified key vault. This
+        operation requires the certificates/managecontacts permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
         :param contact_list: The contact list for the vault certificates.
-        :type contact_list: list of :class:`Contact
-         <azure.keyvault.models.Contact>`
+        :type contact_list: list[~azure.keyvault.models.Contact]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`Contacts <azure.keyvault.models.Contacts>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: Contacts or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.Contacts or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         contacts = models.Contacts(contact_list=contact_list)
 
         # Construct URL
-        url = '/certificates/contacts'
+        url = self.set_certificate_contacts.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
         }
@@ -2528,7 +2604,7 @@ def set_certificate_contacts(
         # Construct and send request
         request = self._client.put(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2543,13 +2619,15 @@ def set_certificate_contacts(
             return client_raw_response
 
         return deserialized
+    set_certificate_contacts.metadata = {'url': '/certificates/contacts'}
 
     def get_certificate_contacts(
             self, vault_base_url, custom_headers=None, raw=False, **operation_config):
         """Lists the certificate contacts for a specified key vault.
 
         The GetCertificateContacts operation returns the set of certificate
-        contact resources in the specified key vault.
+        contact resources in the specified key vault. This operation requires
+        the certificates/managecontacts permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2559,14 +2637,14 @@ def get_certificate_contacts(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`Contacts <azure.keyvault.models.Contacts>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: Contacts or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.Contacts or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/contacts'
+        url = self.get_certificate_contacts.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
         }
@@ -2588,7 +2666,7 @@ def get_certificate_contacts(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2603,13 +2681,14 @@ def get_certificate_contacts(
             return client_raw_response
 
         return deserialized
+    get_certificate_contacts.metadata = {'url': '/certificates/contacts'}
 
     def delete_certificate_contacts(
             self, vault_base_url, custom_headers=None, raw=False, **operation_config):
         """Deletes the certificate contacts for a specified key vault.
 
         Deletes the certificate contacts for a specified key vault certificate.
-        Authorization: requires the certificates/managecontacts permission.
+        This operation requires the certificates/managecontacts permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2619,14 +2698,14 @@ def delete_certificate_contacts(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`Contacts <azure.keyvault.models.Contacts>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: Contacts or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.Contacts or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/contacts'
+        url = self.delete_certificate_contacts.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
         }
@@ -2648,7 +2727,7 @@ def delete_certificate_contacts(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2663,13 +2742,15 @@ def delete_certificate_contacts(
             return client_raw_response
 
         return deserialized
+    delete_certificate_contacts.metadata = {'url': '/certificates/contacts'}
 
     def get_certificate_issuers(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
         """List certificate issuers for a specified key vault.
 
         The GetCertificateIssuers operation returns the set of certificate
-        issuer resources in the specified key vault.
+        issuer resources in the specified key vault. This operation requires
+        the certificates/manageissuers/getissuers permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2682,8 +2763,9 @@ def get_certificate_issuers(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateIssuerItemPaged
-         <azure.keyvault.models.CertificateIssuerItemPaged>`
+        :return: An iterator like instance of CertificateIssuerItem
+        :rtype:
+         ~azure.keyvault.models.CertificateIssuerItemPaged[~azure.keyvault.models.CertificateIssuerItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -2691,7 +2773,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/certificates/issuers'
+                url = self.get_certificate_issuers.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -2720,7 +2802,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2736,13 +2818,15 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_certificate_issuers.metadata = {'url': '/certificates/issuers'}
 
     def set_certificate_issuer(
             self, vault_base_url, issuer_name, provider, credentials=None, organization_details=None, attributes=None, custom_headers=None, raw=False, **operation_config):
         """Sets the specified certificate issuer.
 
         The SetCertificateIssuer operation adds or updates the specified
-        certificate issuer.
+        certificate issuer. This operation requires the certificates/setissuers
+        permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2752,30 +2836,27 @@ def set_certificate_issuer(
         :param provider: The issuer provider.
         :type provider: str
         :param credentials: The credentials to be used for the issuer.
-        :type credentials: :class:`IssuerCredentials
-         <azure.keyvault.models.IssuerCredentials>`
+        :type credentials: ~azure.keyvault.models.IssuerCredentials
         :param organization_details: Details of the organization as provided
          to the issuer.
-        :type organization_details: :class:`OrganizationDetails
-         <azure.keyvault.models.OrganizationDetails>`
+        :type organization_details: ~azure.keyvault.models.OrganizationDetails
         :param attributes: Attributes of the issuer object.
-        :type attributes: :class:`IssuerAttributes
-         <azure.keyvault.models.IssuerAttributes>`
+        :type attributes: ~azure.keyvault.models.IssuerAttributes
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`IssuerBundle <azure.keyvault.models.IssuerBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: IssuerBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.IssuerBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameter = models.CertificateIssuerSetParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes)
 
         # Construct URL
-        url = '/certificates/issuers/{issuer-name}'
+        url = self.set_certificate_issuer.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str')
@@ -2802,7 +2883,7 @@ def set_certificate_issuer(
         # Construct and send request
         request = self._client.put(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2817,13 +2898,15 @@ def set_certificate_issuer(
             return client_raw_response
 
         return deserialized
+    set_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'}
 
     def update_certificate_issuer(
             self, vault_base_url, issuer_name, provider=None, credentials=None, organization_details=None, attributes=None, custom_headers=None, raw=False, **operation_config):
         """Updates the specified certificate issuer.
 
         The UpdateCertificateIssuer operation performs an update on the
-        specified certificate issuer entity.
+        specified certificate issuer entity. This operation requires the
+        certificates/setissuers permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2833,30 +2916,27 @@ def update_certificate_issuer(
         :param provider: The issuer provider.
         :type provider: str
         :param credentials: The credentials to be used for the issuer.
-        :type credentials: :class:`IssuerCredentials
-         <azure.keyvault.models.IssuerCredentials>`
+        :type credentials: ~azure.keyvault.models.IssuerCredentials
         :param organization_details: Details of the organization as provided
          to the issuer.
-        :type organization_details: :class:`OrganizationDetails
-         <azure.keyvault.models.OrganizationDetails>`
+        :type organization_details: ~azure.keyvault.models.OrganizationDetails
         :param attributes: Attributes of the issuer object.
-        :type attributes: :class:`IssuerAttributes
-         <azure.keyvault.models.IssuerAttributes>`
+        :type attributes: ~azure.keyvault.models.IssuerAttributes
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`IssuerBundle <azure.keyvault.models.IssuerBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: IssuerBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.IssuerBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameter = models.CertificateIssuerUpdateParameters(provider=provider, credentials=credentials, organization_details=organization_details, attributes=attributes)
 
         # Construct URL
-        url = '/certificates/issuers/{issuer-name}'
+        url = self.update_certificate_issuer.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str')
@@ -2883,7 +2963,7 @@ def update_certificate_issuer(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2898,13 +2978,15 @@ def update_certificate_issuer(
             return client_raw_response
 
         return deserialized
+    update_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'}
 
     def get_certificate_issuer(
             self, vault_base_url, issuer_name, custom_headers=None, raw=False, **operation_config):
         """Lists the specified certificate issuer.
 
         The GetCertificateIssuer operation returns the specified certificate
-        issuer resources in the specified key vault.
+        issuer resources in the specified key vault. This operation requires
+        the certificates/manageissuers/getissuers permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2916,14 +2998,14 @@ def get_certificate_issuer(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`IssuerBundle <azure.keyvault.models.IssuerBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: IssuerBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.IssuerBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/issuers/{issuer-name}'
+        url = self.get_certificate_issuer.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str')
@@ -2946,7 +3028,7 @@ def get_certificate_issuer(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -2961,13 +3043,15 @@ def get_certificate_issuer(
             return client_raw_response
 
         return deserialized
+    get_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'}
 
     def delete_certificate_issuer(
             self, vault_base_url, issuer_name, custom_headers=None, raw=False, **operation_config):
         """Deletes the specified certificate issuer.
 
         The DeleteCertificateIssuer operation permanently removes the specified
-        certificate issuer from the vault.
+        certificate issuer from the vault. This operation requires the
+        certificates/manageissuers/deleteissuers permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -2979,14 +3063,14 @@ def delete_certificate_issuer(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`IssuerBundle <azure.keyvault.models.IssuerBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: IssuerBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.IssuerBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/issuers/{issuer-name}'
+        url = self.delete_certificate_issuer.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'issuer-name': self._serialize.url("issuer_name", issuer_name, 'str')
@@ -3009,7 +3093,7 @@ def delete_certificate_issuer(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3024,12 +3108,14 @@ def delete_certificate_issuer(
             return client_raw_response
 
         return deserialized
+    delete_certificate_issuer.metadata = {'url': '/certificates/issuers/{issuer-name}'}
 
     def create_certificate(
             self, vault_base_url, certificate_name, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
-        """Creates a new certificate. .
+        """Creates a new certificate.
 
-        If this is the first version, the certificate resource is created.
+        If this is the first version, the certificate resource is created. This
+        operation requires the certificates/create permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3037,34 +3123,32 @@ def create_certificate(
         :param certificate_name: The name of the certificate.
         :type certificate_name: str
         :param certificate_policy: The management policy for the certificate.
-        :type certificate_policy: :class:`CertificatePolicy
-         <azure.keyvault.models.CertificatePolicy>`
+        :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
         :param certificate_attributes: The attributes of the certificate
          (optional).
-        :type certificate_attributes: :class:`CertificateAttributes
-         <azure.keyvault.models.CertificateAttributes>`
+        :type certificate_attributes:
+         ~azure.keyvault.models.CertificateAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateOperation
-         <azure.keyvault.models.CertificateOperation>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateOperation or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateOperation or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.CertificateCreateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags)
 
         # Construct URL
-        url = '/certificates/{certificate-name}/create'
+        url = self.create_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern='^[0-9a-zA-Z-]+$')
+            'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -3088,7 +3172,7 @@ def create_certificate(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [202]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3103,6 +3187,7 @@ def create_certificate(
             return client_raw_response
 
         return deserialized
+    create_certificate.metadata = {'url': '/certificates/{certificate-name}/create'}
 
     def import_certificate(
             self, vault_base_url, certificate_name, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
@@ -3111,7 +3196,8 @@ def import_certificate(
         Imports an existing valid certificate, containing a private key, into
         Azure Key Vault. The certificate to be imported can be in either PFX or
         PEM format. If the certificate is in PEM format the PEM file must
-        contain the key as well as x509 certificates.
+        contain the key as well as x509 certificates. This operation requires
+        the certificates/import permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3126,34 +3212,32 @@ def import_certificate(
          encrypted, the password used for encryption.
         :type password: str
         :param certificate_policy: The management policy for the certificate.
-        :type certificate_policy: :class:`CertificatePolicy
-         <azure.keyvault.models.CertificatePolicy>`
+        :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
         :param certificate_attributes: The attributes of the certificate
          (optional).
-        :type certificate_attributes: :class:`CertificateAttributes
-         <azure.keyvault.models.CertificateAttributes>`
+        :type certificate_attributes:
+         ~azure.keyvault.models.CertificateAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateBundle
-         <azure.keyvault.models.CertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.CertificateImportParameters(base64_encoded_certificate=base64_encoded_certificate, password=password, certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags)
 
         # Construct URL
-        url = '/certificates/{certificate-name}/import'
+        url = self.import_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern='^[0-9a-zA-Z-]+$')
+            'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str', pattern=r'^[0-9a-zA-Z-]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -3177,7 +3261,7 @@ def import_certificate(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3192,13 +3276,15 @@ def import_certificate(
             return client_raw_response
 
         return deserialized
+    import_certificate.metadata = {'url': '/certificates/{certificate-name}/import'}
 
     def get_certificate_versions(
             self, vault_base_url, certificate_name, maxresults=None, custom_headers=None, raw=False, **operation_config):
         """List the versions of a certificate.
 
         The GetCertificateVersions operation returns the versions of a
-        certificate in the specified key vault.
+        certificate in the specified key vault. This operation requires the
+        certificates/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3213,8 +3299,9 @@ def get_certificate_versions(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateItemPaged
-         <azure.keyvault.models.CertificateItemPaged>`
+        :return: An iterator like instance of CertificateItem
+        :rtype:
+         ~azure.keyvault.models.CertificateItemPaged[~azure.keyvault.models.CertificateItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -3222,7 +3309,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/certificates/{certificate-name}/versions'
+                url = self.get_certificate_versions.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
                     'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3252,7 +3339,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3268,13 +3355,15 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_certificate_versions.metadata = {'url': '/certificates/{certificate-name}/versions'}
 
     def get_certificate_policy(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
         """Lists the policy for a certificate.
 
         The GetCertificatePolicy operation returns the specified certificate
-        policy resources in the specified key vault.
+        policy resources in the specified key vault. This operation requires
+        the certificates/get permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3287,15 +3376,14 @@ def get_certificate_policy(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificatePolicy
-         <azure.keyvault.models.CertificatePolicy>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificatePolicy or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificatePolicy or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/{certificate-name}/policy'
+        url = self.get_certificate_policy.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3318,7 +3406,7 @@ def get_certificate_policy(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3333,12 +3421,14 @@ def get_certificate_policy(
             return client_raw_response
 
         return deserialized
+    get_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'}
 
     def update_certificate_policy(
             self, vault_base_url, certificate_name, certificate_policy, custom_headers=None, raw=False, **operation_config):
         """Updates the policy for a certificate.
 
         Set specified members in the certificate policy. Leave others as null.
+        This operation requires the certificates/update permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3347,22 +3437,20 @@ def update_certificate_policy(
          vault.
         :type certificate_name: str
         :param certificate_policy: The policy for the certificate.
-        :type certificate_policy: :class:`CertificatePolicy
-         <azure.keyvault.models.CertificatePolicy>`
+        :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificatePolicy
-         <azure.keyvault.models.CertificatePolicy>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificatePolicy or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificatePolicy or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/{certificate-name}/policy'
+        url = self.update_certificate_policy.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3389,7 +3477,7 @@ def update_certificate_policy(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3404,14 +3492,15 @@ def update_certificate_policy(
             return client_raw_response
 
         return deserialized
+    update_certificate_policy.metadata = {'url': '/certificates/{certificate-name}/policy'}
 
     def update_certificate(
             self, vault_base_url, certificate_name, certificate_version, certificate_policy=None, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
         """Updates the specified attributes associated with the given certificate.
 
         The UpdateCertificate operation applies the specified update on the
-        given certificate; note the only elements being updated are the
-        certificate's attributes.
+        given certificate; the only elements updated are the certificate's
+        attributes. This operation requires the certificates/update permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3422,31 +3511,29 @@ def update_certificate(
         :param certificate_version: The version of the certificate.
         :type certificate_version: str
         :param certificate_policy: The management policy for the certificate.
-        :type certificate_policy: :class:`CertificatePolicy
-         <azure.keyvault.models.CertificatePolicy>`
+        :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
         :param certificate_attributes: The attributes of the certificate
          (optional).
-        :type certificate_attributes: :class:`CertificateAttributes
-         <azure.keyvault.models.CertificateAttributes>`
+        :type certificate_attributes:
+         ~azure.keyvault.models.CertificateAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateBundle
-         <azure.keyvault.models.CertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.CertificateUpdateParameters(certificate_policy=certificate_policy, certificate_attributes=certificate_attributes, tags=tags)
 
         # Construct URL
-        url = '/certificates/{certificate-name}/{certificate-version}'
+        url = self.update_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'),
@@ -3474,7 +3561,7 @@ def update_certificate(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3489,10 +3576,13 @@ def update_certificate(
             return client_raw_response
 
         return deserialized
+    update_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'}
 
     def get_certificate(
             self, vault_base_url, certificate_name, certificate_version, custom_headers=None, raw=False, **operation_config):
-        """Gets information about a specified certificate. Authorization: requires
+        """Gets information about a certificate.
+
+        Gets information about a specific certificate. This operation requires
         the certificates/get permission.
 
         :param vault_base_url: The vault name, for example
@@ -3508,15 +3598,14 @@ def get_certificate(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateBundle
-         <azure.keyvault.models.CertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/{certificate-name}/{certificate-version}'
+        url = self.get_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str'),
@@ -3540,7 +3629,7 @@ def get_certificate(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3555,11 +3644,14 @@ def get_certificate(
             return client_raw_response
 
         return deserialized
+    get_certificate.metadata = {'url': '/certificates/{certificate-name}/{certificate-version}'}
 
     def update_certificate_operation(
             self, vault_base_url, certificate_name, cancellation_requested, custom_headers=None, raw=False, **operation_config):
-        """Updates a certificate operation. Authorization: requires the
-        certificates/update permission.
+        """Updates a certificate operation.
+
+        Updates a certificate creation operation that is already in progress.
+        This operation requires the certificates/update permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3574,17 +3666,16 @@ def update_certificate_operation(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateOperation
-         <azure.keyvault.models.CertificateOperation>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateOperation or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateOperation or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         certificate_operation = models.CertificateOperationUpdateParameter(cancellation_requested=cancellation_requested)
 
         # Construct URL
-        url = '/certificates/{certificate-name}/pending'
+        url = self.update_certificate_operation.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3611,7 +3702,7 @@ def update_certificate_operation(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3626,11 +3717,14 @@ def update_certificate_operation(
             return client_raw_response
 
         return deserialized
+    update_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'}
 
     def get_certificate_operation(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
-        """Gets the operation associated with a specified certificate.
-        Authorization: requires the certificates/get permission.
+        """Gets the creation operation of a certificate.
+
+        Gets the creation operation associated with a specified certificate.
+        This operation requires the certificates/get permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3642,15 +3736,14 @@ def get_certificate_operation(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateOperation
-         <azure.keyvault.models.CertificateOperation>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateOperation or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateOperation or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/{certificate-name}/pending'
+        url = self.get_certificate_operation.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3673,7 +3766,7 @@ def get_certificate_operation(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3688,11 +3781,15 @@ def get_certificate_operation(
             return client_raw_response
 
         return deserialized
+    get_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'}
 
     def delete_certificate_operation(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
-        """Deletes the operation for a specified certificate. Authorization:
-        requires the certificates/update permission.
+        """Deletes the creation operation for a specific certificate.
+
+        Deletes the creation operation for a specified certificate that is in
+        the process of being created. The certificate is no longer created.
+        This operation requires the certificates/update permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3704,15 +3801,14 @@ def delete_certificate_operation(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateOperation
-         <azure.keyvault.models.CertificateOperation>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateOperation or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateOperation or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/certificates/{certificate-name}/pending'
+        url = self.delete_certificate_operation.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3735,7 +3831,7 @@ def delete_certificate_operation(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3750,6 +3846,7 @@ def delete_certificate_operation(
             return client_raw_response
 
         return deserialized
+    delete_certificate_operation.metadata = {'url': '/certificates/{certificate-name}/pending'}
 
     def merge_certificate(
             self, vault_base_url, certificate_name, x509_certificates, certificate_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
@@ -3758,7 +3855,7 @@ def merge_certificate(
 
         The MergeCertificate operation performs the merging of a certificate or
         certificate chain with a key pair currently available in the service.
-        Authorization: requires the certificates/update permission.
+        This operation requires the certificates/create permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3767,30 +3864,29 @@ def merge_certificate(
         :type certificate_name: str
         :param x509_certificates: The certificate or the certificate chain to
          merge.
-        :type x509_certificates: list of bytearray
+        :type x509_certificates: list[bytearray]
         :param certificate_attributes: The attributes of the certificate
          (optional).
-        :type certificate_attributes: :class:`CertificateAttributes
-         <azure.keyvault.models.CertificateAttributes>`
+        :type certificate_attributes:
+         ~azure.keyvault.models.CertificateAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateBundle
-         <azure.keyvault.models.CertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.CertificateMergeParameters(x509_certificates=x509_certificates, certificate_attributes=certificate_attributes, tags=tags)
 
         # Construct URL
-        url = '/certificates/{certificate-name}/pending/merge'
+        url = self.merge_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3817,7 +3913,7 @@ def merge_certificate(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [201]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3832,15 +3928,18 @@ def merge_certificate(
             return client_raw_response
 
         return deserialized
+    merge_certificate.metadata = {'url': '/certificates/{certificate-name}/pending/merge'}
 
     def get_deleted_certificates(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
-        """Lists the deleted certificates in the specified vault, currently
+        """Lists the deleted certificates in the specified vault currently
         available for recovery.
 
         The GetDeletedCertificates operation retrieves the certificates in the
         current vault which are in a deleted state and ready for recovery or
-        purging.
+        purging. This operation includes deletion-specific information. This
+        operation requires the certificates/get/list permission. This operation
+        can only be enabled on soft-delete enabled vaults.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3853,8 +3952,9 @@ def get_deleted_certificates(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedCertificateItemPaged
-         <azure.keyvault.models.DeletedCertificateItemPaged>`
+        :return: An iterator like instance of DeletedCertificateItem
+        :rtype:
+         ~azure.keyvault.models.DeletedCertificateItemPaged[~azure.keyvault.models.DeletedCertificateItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -3862,7 +3962,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/deletedcertificates'
+                url = self.get_deleted_certificates.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -3891,7 +3991,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3907,6 +4007,7 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_deleted_certificates.metadata = {'url': '/deletedcertificates'}
 
     def get_deleted_certificate(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
@@ -3914,7 +4015,8 @@ def get_deleted_certificate(
 
         The GetDeletedCertificate operation retrieves the deleted certificate
         information plus its attributes, such as retention interval, scheduled
-        permanent deletion and the current deletion recovery level.
+        permanent deletion and the current deletion recovery level. This
+        operation requires the certificates/get permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3926,15 +4028,14 @@ def get_deleted_certificate(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`DeletedCertificateBundle
-         <azure.keyvault.models.DeletedCertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: DeletedCertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.DeletedCertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedcertificates/{certificate-name}'
+        url = self.get_deleted_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -3957,7 +4058,7 @@ def get_deleted_certificate(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -3972,6 +4073,7 @@ def get_deleted_certificate(
             return client_raw_response
 
         return deserialized
+    get_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'}
 
     def purge_deleted_certificate(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
@@ -3980,7 +4082,7 @@ def purge_deleted_certificate(
         The PurgeDeletedCertificate operation performs an irreversible deletion
         of the specified certificate, without possibility for recovery. The
         operation is not available if the recovery level does not specify
-        'Purgeable'. Requires the explicit granting of the 'purge' permission.
+        'Purgeable'. This operation requires the certificate/purge permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -3992,14 +4094,13 @@ def purge_deleted_certificate(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: None
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: None or ClientRawResponse if raw=true
+        :rtype: None or ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedcertificates/{certificate-name}'
+        url = self.purge_deleted_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -4022,7 +4123,7 @@ def purge_deleted_certificate(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [204]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4030,6 +4131,7 @@ def purge_deleted_certificate(
         if raw:
             client_raw_response = ClientRawResponse(None, response)
             return client_raw_response
+    purge_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}'}
 
     def recover_deleted_certificate(
             self, vault_base_url, certificate_name, custom_headers=None, raw=False, **operation_config):
@@ -4039,7 +4141,8 @@ def recover_deleted_certificate(
         The RecoverDeletedCertificate operation performs the reversal of the
         Delete operation. The operation is applicable in vaults enabled for
         soft-delete, and must be issued during the retention interval
-        (available in the deleted certificate's attributes).
+        (available in the deleted certificate's attributes). This operation
+        requires the certificates/recover permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4051,15 +4154,14 @@ def recover_deleted_certificate(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`CertificateBundle
-         <azure.keyvault.models.CertificateBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: CertificateBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.CertificateBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/deletedcertificates/{certificate-name}/recover'
+        url = self.recover_deleted_certificate.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
             'certificate-name': self._serialize.url("certificate_name", certificate_name, 'str')
@@ -4082,7 +4184,7 @@ def recover_deleted_certificate(
 
         # Construct and send request
         request = self._client.post(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4097,10 +4199,12 @@ def recover_deleted_certificate(
             return client_raw_response
 
         return deserialized
+    recover_deleted_certificate.metadata = {'url': '/deletedcertificates/{certificate-name}/recover'}
 
     def get_storage_accounts(
             self, vault_base_url, maxresults=None, custom_headers=None, raw=False, **operation_config):
-        """List storage accounts managed by specified key vault.
+        """List storage accounts managed by the specified key vault. This
+        operation requires the storage/list permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4113,8 +4217,9 @@ def get_storage_accounts(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`StorageAccountItemPaged
-         <azure.keyvault.models.StorageAccountItemPaged>`
+        :return: An iterator like instance of StorageAccountItem
+        :rtype:
+         ~azure.keyvault.models.StorageAccountItemPaged[~azure.keyvault.models.StorageAccountItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -4122,7 +4227,7 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/storage'
+                url = self.get_storage_accounts.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True)
                 }
@@ -4151,7 +4256,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4167,10 +4272,12 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_storage_accounts.metadata = {'url': '/storage'}
 
     def delete_storage_account(
             self, vault_base_url, storage_account_name, custom_headers=None, raw=False, **operation_config):
-        """Deletes a storage account.
+        """Deletes a storage account. This operation requires the storage/delete
+        permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4182,17 +4289,17 @@ def delete_storage_account(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`StorageBundle <azure.keyvault.models.StorageBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: StorageBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.StorageBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/storage/{storage-account-name}'
+        url = self.delete_storage_account.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4212,7 +4319,7 @@ def delete_storage_account(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4227,10 +4334,12 @@ def delete_storage_account(
             return client_raw_response
 
         return deserialized
+    delete_storage_account.metadata = {'url': '/storage/{storage-account-name}'}
 
     def get_storage_account(
             self, vault_base_url, storage_account_name, custom_headers=None, raw=False, **operation_config):
-        """Gets information about a specified storage account.
+        """Gets information about a specified storage account. This operation
+        requires the storage/get permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4242,17 +4351,17 @@ def get_storage_account(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`StorageBundle <azure.keyvault.models.StorageBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: StorageBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.StorageBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/storage/{storage-account-name}'
+        url = self.get_storage_account.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4272,7 +4381,7 @@ def get_storage_account(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4287,10 +4396,12 @@ def get_storage_account(
             return client_raw_response
 
         return deserialized
+    get_storage_account.metadata = {'url': '/storage/{storage-account-name}'}
 
     def set_storage_account(
             self, vault_base_url, storage_account_name, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
-        """Creates or updates a new storage account.
+        """Creates or updates a new storage account. This operation requires the
+        storage/set permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4309,29 +4420,29 @@ def set_storage_account(
         :type regeneration_period: str
         :param storage_account_attributes: The attributes of the storage
          account.
-        :type storage_account_attributes: :class:`StorageAccountAttributes
-         <azure.keyvault.models.StorageAccountAttributes>`
+        :type storage_account_attributes:
+         ~azure.keyvault.models.StorageAccountAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`StorageBundle <azure.keyvault.models.StorageBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: StorageBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.StorageBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.StorageAccountCreateParameters(resource_id=resource_id, active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags)
 
         # Construct URL
-        url = '/storage/{storage-account-name}'
+        url = self.set_storage_account.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4355,7 +4466,7 @@ def set_storage_account(
         # Construct and send request
         request = self._client.put(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4370,11 +4481,12 @@ def set_storage_account(
             return client_raw_response
 
         return deserialized
+    set_storage_account.metadata = {'url': '/storage/{storage-account-name}'}
 
     def update_storage_account(
             self, vault_base_url, storage_account_name, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
         """Updates the specified attributes associated with the given storage
-        account.
+        account. This operation requires the storage/set/update permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4391,29 +4503,29 @@ def update_storage_account(
         :type regeneration_period: str
         :param storage_account_attributes: The attributes of the storage
          account.
-        :type storage_account_attributes: :class:`StorageAccountAttributes
-         <azure.keyvault.models.StorageAccountAttributes>`
+        :type storage_account_attributes:
+         ~azure.keyvault.models.StorageAccountAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`StorageBundle <azure.keyvault.models.StorageBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: StorageBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.StorageBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.StorageAccountUpdateParameters(active_key_name=active_key_name, auto_regenerate_key=auto_regenerate_key, regeneration_period=regeneration_period, storage_account_attributes=storage_account_attributes, tags=tags)
 
         # Construct URL
-        url = '/storage/{storage-account-name}'
+        url = self.update_storage_account.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4437,7 +4549,7 @@ def update_storage_account(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4452,10 +4564,12 @@ def update_storage_account(
             return client_raw_response
 
         return deserialized
+    update_storage_account.metadata = {'url': '/storage/{storage-account-name}'}
 
     def regenerate_storage_account_key(
             self, vault_base_url, storage_account_name, key_name, custom_headers=None, raw=False, **operation_config):
-        """Regenerates the specified key value for the given storage account.
+        """Regenerates the specified key value for the given storage account. This
+        operation requires the storage/regeneratekey permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4463,26 +4577,25 @@ def regenerate_storage_account_key(
         :param storage_account_name: The name of the storage account.
         :type storage_account_name: str
         :param key_name: The storage account key name.
-
         :type key_name: str
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`StorageBundle <azure.keyvault.models.StorageBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: StorageBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.StorageBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters = models.StorageAccountRegenerteKeyParameters(key_name=key_name)
 
         # Construct URL
-        url = '/storage/{storage-account-name}/regeneratekey'
+        url = self.regenerate_storage_account_key.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4506,7 +4619,7 @@ def regenerate_storage_account_key(
         # Construct and send request
         request = self._client.post(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4521,11 +4634,13 @@ def regenerate_storage_account_key(
             return client_raw_response
 
         return deserialized
+    regenerate_storage_account_key.metadata = {'url': '/storage/{storage-account-name}/regeneratekey'}
 
     def get_sas_definitions(
             self, vault_base_url, storage_account_name, maxresults=None, custom_headers=None, raw=False, **operation_config):
-        """List storage SAS definitions for the given storage account.
-        
+        """List storage SAS definitions for the given storage account. This
+        operation requires the storage/listsas permission.
+
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
         :type vault_base_url: str
@@ -4539,8 +4654,9 @@ def get_sas_definitions(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SasDefinitionItemPaged
-         <azure.keyvault.models.SasDefinitionItemPaged>`
+        :return: An iterator like instance of SasDefinitionItem
+        :rtype:
+         ~azure.keyvault.models.SasDefinitionItemPaged[~azure.keyvault.models.SasDefinitionItem]
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
@@ -4548,10 +4664,10 @@ def internal_paging(next_link=None, raw=False):
 
             if not next_link:
                 # Construct URL
-                url = '/storage/{storage-account-name}/sas'
+                url = self.get_sas_definitions.metadata['url']
                 path_format_arguments = {
                     'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-                    'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$')
+                    'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
                 }
                 url = self._client.format_url(url, **path_format_arguments)
 
@@ -4578,7 +4694,7 @@ def internal_paging(next_link=None, raw=False):
             # Construct and send request
             request = self._client.get(url, query_parameters)
             response = self._client.send(
-                request, header_parameters, **operation_config)
+                request, header_parameters, stream=False, **operation_config)
 
             if response.status_code not in [200]:
                 raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4594,11 +4710,12 @@ def internal_paging(next_link=None, raw=False):
             return client_raw_response
 
         return deserialized
+    get_sas_definitions.metadata = {'url': '/storage/{storage-account-name}/sas'}
 
     def delete_sas_definition(
             self, vault_base_url, storage_account_name, sas_definition_name, custom_headers=None, raw=False, **operation_config):
-
-        """Deletes a SAS definition from a specified storage account.
+        """Deletes a SAS definition from a specified storage account. This
+        operation requires the storage/deletesas permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4612,19 +4729,18 @@ def delete_sas_definition(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SasDefinitionBundle
-         <azure.keyvault.models.SasDefinitionBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SasDefinitionBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SasDefinitionBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/storage/{storage-account-name}/sas/{sas-definition-name}'
+        url = self.delete_sas_definition.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$'),
-            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'),
+            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4644,7 +4760,7 @@ def delete_sas_definition(
 
         # Construct and send request
         request = self._client.delete(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4659,12 +4775,12 @@ def delete_sas_definition(
             return client_raw_response
 
         return deserialized
+    delete_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'}
 
     def get_sas_definition(
             self, vault_base_url, storage_account_name, sas_definition_name, custom_headers=None, raw=False, **operation_config):
-
         """Gets information about a SAS definition for the specified storage
-        account.
+        account. This operation requires the storage/getsas permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4678,19 +4794,18 @@ def get_sas_definition(
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SasDefinitionBundle
-         <azure.keyvault.models.SasDefinitionBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SasDefinitionBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SasDefinitionBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         # Construct URL
-        url = '/storage/{storage-account-name}/sas/{sas-definition-name}'
+        url = self.get_sas_definition.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$'),
-            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'),
+            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4710,7 +4825,7 @@ def get_sas_definition(
 
         # Construct and send request
         request = self._client.get(url, query_parameters)
-        response = self._client.send(request, header_parameters, **operation_config)
+        response = self._client.send(request, header_parameters, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4725,11 +4840,12 @@ def get_sas_definition(
             return client_raw_response
 
         return deserialized
+    get_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'}
 
     def set_sas_definition(
             self, vault_base_url, storage_account_name, sas_definition_name, parameters, sas_definition_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
         """Creates or updates a new SAS definition for the specified storage
-        account.
+        account. This operation requires the storage/setsas permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4740,34 +4856,33 @@ def set_sas_definition(
         :type sas_definition_name: str
         :param parameters: Sas definition creation metadata in the form of
          key-value pairs.
-        :type parameters: dict
+        :type parameters: dict[str, str]
         :param sas_definition_attributes: The attributes of the SAS
          definition.
-        :type sas_definition_attributes: :class:`SasDefinitionAttributes
-         <azure.keyvault.models.SasDefinitionAttributes>`
+        :type sas_definition_attributes:
+         ~azure.keyvault.models.SasDefinitionAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SasDefinitionBundle
-         <azure.keyvault.models.SasDefinitionBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SasDefinitionBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SasDefinitionBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters1 = models.SasDefinitionCreateParameters(parameters=parameters, sas_definition_attributes=sas_definition_attributes, tags=tags)
 
         # Construct URL
-        url = '/storage/{storage-account-name}/sas/{sas-definition-name}'
+        url = self.set_sas_definition.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$'),
-            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'),
+            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4791,7 +4906,7 @@ def set_sas_definition(
         # Construct and send request
         request = self._client.put(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4806,11 +4921,12 @@ def set_sas_definition(
             return client_raw_response
 
         return deserialized
+    set_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'}
 
     def update_sas_definition(
             self, vault_base_url, storage_account_name, sas_definition_name, parameters=None, sas_definition_attributes=None, tags=None, custom_headers=None, raw=False, **operation_config):
         """Updates the specified attributes associated with the given SAS
-        definition.
+        definition. This operation requires the storage/setsas permission.
 
         :param vault_base_url: The vault name, for example
          https://myvault.vault.azure.net.
@@ -4821,34 +4937,33 @@ def update_sas_definition(
         :type sas_definition_name: str
         :param parameters: Sas definition update metadata in the form of
          key-value pairs.
-        :type parameters: dict
+        :type parameters: dict[str, str]
         :param sas_definition_attributes: The attributes of the SAS
          definition.
-        :type sas_definition_attributes: :class:`SasDefinitionAttributes
-         <azure.keyvault.models.SasDefinitionAttributes>`
+        :type sas_definition_attributes:
+         ~azure.keyvault.models.SasDefinitionAttributes
         :param tags: Application specific metadata in the form of key-value
          pairs.
-        :type tags: dict
+        :type tags: dict[str, str]
         :param dict custom_headers: headers that will be added to the request
         :param bool raw: returns the direct response alongside the
          deserialized response
         :param operation_config: :ref:`Operation configuration
          overrides<msrest:optionsforoperations>`.
-        :rtype: :class:`SasDefinitionBundle
-         <azure.keyvault.models.SasDefinitionBundle>`
-        :rtype: :class:`ClientRawResponse<msrest.pipeline.ClientRawResponse>`
-         if raw=true
+        :return: SasDefinitionBundle or ClientRawResponse if raw=true
+        :rtype: ~azure.keyvault.models.SasDefinitionBundle or
+         ~msrest.pipeline.ClientRawResponse
         :raises:
          :class:`KeyVaultErrorException<azure.keyvault.models.KeyVaultErrorException>`
         """
         parameters1 = models.SasDefinitionUpdateParameters(parameters=parameters, sas_definition_attributes=sas_definition_attributes, tags=tags)
 
         # Construct URL
-        url = '/storage/{storage-account-name}/sas/{sas-definition-name}'
+        url = self.update_sas_definition.metadata['url']
         path_format_arguments = {
             'vaultBaseUrl': self._serialize.url("vault_base_url", vault_base_url, 'str', skip_quote=True),
-            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern='^[0-9a-zA-Z]+$'),
-            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern='^[0-9a-zA-Z]+$')
+            'storage-account-name': self._serialize.url("storage_account_name", storage_account_name, 'str', pattern=r'^[0-9a-zA-Z]+$'),
+            'sas-definition-name': self._serialize.url("sas_definition_name", sas_definition_name, 'str', pattern=r'^[0-9a-zA-Z]+$')
         }
         url = self._client.format_url(url, **path_format_arguments)
 
@@ -4872,7 +4987,7 @@ def update_sas_definition(
         # Construct and send request
         request = self._client.patch(url, query_parameters)
         response = self._client.send(
-            request, header_parameters, body_content, **operation_config)
+            request, header_parameters, body_content, stream=False, **operation_config)
 
         if response.status_code not in [200]:
             raise models.KeyVaultErrorException(self._deserialize, response)
@@ -4887,3 +5002,4 @@ def update_sas_definition(
             return client_raw_response
 
         return deserialized
+    update_sas_definition.metadata = {'url': '/storage/{storage-account-name}/sas/{sas-definition-name}'}
diff --git a/azure-keyvault/azure/keyvault/models/__init__.py b/azure-keyvault/azure/keyvault/models/__init__.py
old mode 100755
new mode 100644
index e404b4bec3ef..4a5ccbd72829
--- a/azure-keyvault/azure/keyvault/models/__init__.py
+++ b/azure-keyvault/azure/keyvault/models/__init__.py
@@ -9,76 +9,148 @@
 # regenerated.
 # --------------------------------------------------------------------------
 
-from .attributes import Attributes
-from .json_web_key import JsonWebKey
-from .key_attributes import KeyAttributes
-from .key_bundle import KeyBundle
-from .key_item import KeyItem
-from .deleted_key_bundle import DeletedKeyBundle
-from .deleted_key_item import DeletedKeyItem
-from .secret_attributes import SecretAttributes
-from .secret_bundle import SecretBundle
-from .secret_item import SecretItem
-from .deleted_secret_bundle import DeletedSecretBundle
-from .deleted_secret_item import DeletedSecretItem
-from .secret_restore_parameters import SecretRestoreParameters
-from .certificate_attributes import CertificateAttributes
-from .certificate_item import CertificateItem
-from .certificate_issuer_item import CertificateIssuerItem
-from .key_properties import KeyProperties
-from .secret_properties import SecretProperties
-from .subject_alternative_names import SubjectAlternativeNames
-from .x509_certificate_properties import X509CertificateProperties
-from .trigger import Trigger
-from .action import Action
-from .lifetime_action import LifetimeAction
-from .issuer_parameters import IssuerParameters
-from .certificate_policy import CertificatePolicy
-from .certificate_bundle import CertificateBundle
-from .deleted_certificate_bundle import DeletedCertificateBundle
-from .deleted_certificate_item import DeletedCertificateItem
-from .error import Error
-from .certificate_operation import CertificateOperation
-from .issuer_credentials import IssuerCredentials
-from .administrator_details import AdministratorDetails
-from .organization_details import OrganizationDetails
-from .issuer_attributes import IssuerAttributes
-from .issuer_bundle import IssuerBundle
-from .contact import Contact
-from .contacts import Contacts
-from .key_create_parameters import KeyCreateParameters
-from .key_import_parameters import KeyImportParameters
-from .key_operations_parameters import KeyOperationsParameters
-from .key_sign_parameters import KeySignParameters
-from .key_verify_parameters import KeyVerifyParameters
-from .key_update_parameters import KeyUpdateParameters
-from .key_restore_parameters import KeyRestoreParameters
-from .secret_set_parameters import SecretSetParameters
-from .secret_update_parameters import SecretUpdateParameters
-from .certificate_create_parameters import CertificateCreateParameters
-from .certificate_import_parameters import CertificateImportParameters
-from .certificate_update_parameters import CertificateUpdateParameters
-from .certificate_merge_parameters import CertificateMergeParameters
-from .certificate_issuer_set_parameters import CertificateIssuerSetParameters
-from .certificate_issuer_update_parameters import CertificateIssuerUpdateParameters
-from .certificate_operation_update_parameter import CertificateOperationUpdateParameter
-from .key_operation_result import KeyOperationResult
-from .key_verify_result import KeyVerifyResult
-from .backup_key_result import BackupKeyResult
-from .backup_secret_result import BackupSecretResult
-from .pending_certificate_signing_request_result import PendingCertificateSigningRequestResult
-from .storage_account_attributes import StorageAccountAttributes
-from .storage_bundle import StorageBundle
-from .storage_account_create_parameters import StorageAccountCreateParameters
-from .storage_account_update_parameters import StorageAccountUpdateParameters
-from .storage_account_regenerte_key_parameters import StorageAccountRegenerteKeyParameters
-from .storage_account_item import StorageAccountItem
-from .sas_definition_attributes import SasDefinitionAttributes
-from .sas_definition_bundle import SasDefinitionBundle
-from .sas_definition_item import SasDefinitionItem
-from .sas_definition_create_parameters import SasDefinitionCreateParameters
-from .sas_definition_update_parameters import SasDefinitionUpdateParameters
-from .key_vault_error import KeyVaultError, KeyVaultErrorException
+try:
+    from .attributes_py3 import Attributes
+    from .json_web_key_py3 import JsonWebKey
+    from .key_attributes_py3 import KeyAttributes
+    from .key_bundle_py3 import KeyBundle
+    from .key_item_py3 import KeyItem
+    from .deleted_key_bundle_py3 import DeletedKeyBundle
+    from .deleted_key_item_py3 import DeletedKeyItem
+    from .secret_attributes_py3 import SecretAttributes
+    from .secret_bundle_py3 import SecretBundle
+    from .secret_item_py3 import SecretItem
+    from .deleted_secret_bundle_py3 import DeletedSecretBundle
+    from .deleted_secret_item_py3 import DeletedSecretItem
+    from .secret_restore_parameters_py3 import SecretRestoreParameters
+    from .certificate_attributes_py3 import CertificateAttributes
+    from .certificate_item_py3 import CertificateItem
+    from .certificate_issuer_item_py3 import CertificateIssuerItem
+    from .key_properties_py3 import KeyProperties
+    from .secret_properties_py3 import SecretProperties
+    from .subject_alternative_names_py3 import SubjectAlternativeNames
+    from .x509_certificate_properties_py3 import X509CertificateProperties
+    from .trigger_py3 import Trigger
+    from .action_py3 import Action
+    from .lifetime_action_py3 import LifetimeAction
+    from .issuer_parameters_py3 import IssuerParameters
+    from .certificate_policy_py3 import CertificatePolicy
+    from .certificate_bundle_py3 import CertificateBundle
+    from .deleted_certificate_bundle_py3 import DeletedCertificateBundle
+    from .deleted_certificate_item_py3 import DeletedCertificateItem
+    from .error_py3 import Error
+    from .certificate_operation_py3 import CertificateOperation
+    from .issuer_credentials_py3 import IssuerCredentials
+    from .administrator_details_py3 import AdministratorDetails
+    from .organization_details_py3 import OrganizationDetails
+    from .issuer_attributes_py3 import IssuerAttributes
+    from .issuer_bundle_py3 import IssuerBundle
+    from .contact_py3 import Contact
+    from .contacts_py3 import Contacts
+    from .key_create_parameters_py3 import KeyCreateParameters
+    from .key_import_parameters_py3 import KeyImportParameters
+    from .key_operations_parameters_py3 import KeyOperationsParameters
+    from .key_sign_parameters_py3 import KeySignParameters
+    from .key_verify_parameters_py3 import KeyVerifyParameters
+    from .key_update_parameters_py3 import KeyUpdateParameters
+    from .key_restore_parameters_py3 import KeyRestoreParameters
+    from .secret_set_parameters_py3 import SecretSetParameters
+    from .secret_update_parameters_py3 import SecretUpdateParameters
+    from .certificate_create_parameters_py3 import CertificateCreateParameters
+    from .certificate_import_parameters_py3 import CertificateImportParameters
+    from .certificate_update_parameters_py3 import CertificateUpdateParameters
+    from .certificate_merge_parameters_py3 import CertificateMergeParameters
+    from .certificate_issuer_set_parameters_py3 import CertificateIssuerSetParameters
+    from .certificate_issuer_update_parameters_py3 import CertificateIssuerUpdateParameters
+    from .certificate_operation_update_parameter_py3 import CertificateOperationUpdateParameter
+    from .key_operation_result_py3 import KeyOperationResult
+    from .key_verify_result_py3 import KeyVerifyResult
+    from .backup_key_result_py3 import BackupKeyResult
+    from .backup_secret_result_py3 import BackupSecretResult
+    from .pending_certificate_signing_request_result_py3 import PendingCertificateSigningRequestResult
+    from .storage_account_attributes_py3 import StorageAccountAttributes
+    from .storage_bundle_py3 import StorageBundle
+    from .storage_account_create_parameters_py3 import StorageAccountCreateParameters
+    from .storage_account_update_parameters_py3 import StorageAccountUpdateParameters
+    from .storage_account_regenerte_key_parameters_py3 import StorageAccountRegenerteKeyParameters
+    from .storage_account_item_py3 import StorageAccountItem
+    from .sas_definition_attributes_py3 import SasDefinitionAttributes
+    from .sas_definition_bundle_py3 import SasDefinitionBundle
+    from .sas_definition_item_py3 import SasDefinitionItem
+    from .sas_definition_create_parameters_py3 import SasDefinitionCreateParameters
+    from .sas_definition_update_parameters_py3 import SasDefinitionUpdateParameters
+    from .key_vault_error_py3 import KeyVaultError, KeyVaultErrorException
+except (SyntaxError, ImportError):
+    from .attributes import Attributes
+    from .json_web_key import JsonWebKey
+    from .key_attributes import KeyAttributes
+    from .key_bundle import KeyBundle
+    from .key_item import KeyItem
+    from .deleted_key_bundle import DeletedKeyBundle
+    from .deleted_key_item import DeletedKeyItem
+    from .secret_attributes import SecretAttributes
+    from .secret_bundle import SecretBundle
+    from .secret_item import SecretItem
+    from .deleted_secret_bundle import DeletedSecretBundle
+    from .deleted_secret_item import DeletedSecretItem
+    from .secret_restore_parameters import SecretRestoreParameters
+    from .certificate_attributes import CertificateAttributes
+    from .certificate_item import CertificateItem
+    from .certificate_issuer_item import CertificateIssuerItem
+    from .key_properties import KeyProperties
+    from .secret_properties import SecretProperties
+    from .subject_alternative_names import SubjectAlternativeNames
+    from .x509_certificate_properties import X509CertificateProperties
+    from .trigger import Trigger
+    from .action import Action
+    from .lifetime_action import LifetimeAction
+    from .issuer_parameters import IssuerParameters
+    from .certificate_policy import CertificatePolicy
+    from .certificate_bundle import CertificateBundle
+    from .deleted_certificate_bundle import DeletedCertificateBundle
+    from .deleted_certificate_item import DeletedCertificateItem
+    from .error import Error
+    from .certificate_operation import CertificateOperation
+    from .issuer_credentials import IssuerCredentials
+    from .administrator_details import AdministratorDetails
+    from .organization_details import OrganizationDetails
+    from .issuer_attributes import IssuerAttributes
+    from .issuer_bundle import IssuerBundle
+    from .contact import Contact
+    from .contacts import Contacts
+    from .key_create_parameters import KeyCreateParameters
+    from .key_import_parameters import KeyImportParameters
+    from .key_operations_parameters import KeyOperationsParameters
+    from .key_sign_parameters import KeySignParameters
+    from .key_verify_parameters import KeyVerifyParameters
+    from .key_update_parameters import KeyUpdateParameters
+    from .key_restore_parameters import KeyRestoreParameters
+    from .secret_set_parameters import SecretSetParameters
+    from .secret_update_parameters import SecretUpdateParameters
+    from .certificate_create_parameters import CertificateCreateParameters
+    from .certificate_import_parameters import CertificateImportParameters
+    from .certificate_update_parameters import CertificateUpdateParameters
+    from .certificate_merge_parameters import CertificateMergeParameters
+    from .certificate_issuer_set_parameters import CertificateIssuerSetParameters
+    from .certificate_issuer_update_parameters import CertificateIssuerUpdateParameters
+    from .certificate_operation_update_parameter import CertificateOperationUpdateParameter
+    from .key_operation_result import KeyOperationResult
+    from .key_verify_result import KeyVerifyResult
+    from .backup_key_result import BackupKeyResult
+    from .backup_secret_result import BackupSecretResult
+    from .pending_certificate_signing_request_result import PendingCertificateSigningRequestResult
+    from .storage_account_attributes import StorageAccountAttributes
+    from .storage_bundle import StorageBundle
+    from .storage_account_create_parameters import StorageAccountCreateParameters
+    from .storage_account_update_parameters import StorageAccountUpdateParameters
+    from .storage_account_regenerte_key_parameters import StorageAccountRegenerteKeyParameters
+    from .storage_account_item import StorageAccountItem
+    from .sas_definition_attributes import SasDefinitionAttributes
+    from .sas_definition_bundle import SasDefinitionBundle
+    from .sas_definition_item import SasDefinitionItem
+    from .sas_definition_create_parameters import SasDefinitionCreateParameters
+    from .sas_definition_update_parameters import SasDefinitionUpdateParameters
+    from .key_vault_error import KeyVaultError, KeyVaultErrorException
 from .key_item_paged import KeyItemPaged
 from .deleted_key_item_paged import DeletedKeyItemPaged
 from .secret_item_paged import SecretItemPaged
@@ -90,6 +162,7 @@
 from .sas_definition_item_paged import SasDefinitionItemPaged
 from .key_vault_client_enums import (
     JsonWebKeyType,
+    JsonWebKeyCurveName,
     DeletionRecoveryLevel,
     KeyUsageType,
     ActionType,
@@ -179,6 +252,7 @@
     'StorageAccountItemPaged',
     'SasDefinitionItemPaged',
     'JsonWebKeyType',
+    'JsonWebKeyCurveName',
     'DeletionRecoveryLevel',
     'KeyUsageType',
     'ActionType',
diff --git a/azure-keyvault/azure/keyvault/models/action.py b/azure-keyvault/azure/keyvault/models/action.py
old mode 100755
new mode 100644
index f11e1373fbd4..23a4a13670db
--- a/azure-keyvault/azure/keyvault/models/action.py
+++ b/azure-keyvault/azure/keyvault/models/action.py
@@ -17,13 +17,13 @@ class Action(Model):
 
     :param action_type: The type of the action. Possible values include:
      'EmailContacts', 'AutoRenew'
-    :type action_type: str or :class:`ActionType
-     <azure.keyvault.models.ActionType>`
+    :type action_type: str or ~azure.keyvault.models.ActionType
     """
 
     _attribute_map = {
         'action_type': {'key': 'action_type', 'type': 'ActionType'},
     }
 
-    def __init__(self, action_type=None):
-        self.action_type = action_type
+    def __init__(self, **kwargs):
+        super(Action, self).__init__(**kwargs)
+        self.action_type = kwargs.get('action_type', None)
diff --git a/azure-keyvault/azure/keyvault/models/action_py3.py b/azure-keyvault/azure/keyvault/models/action_py3.py
new file mode 100644
index 000000000000..285ffc71cb57
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/action_py3.py
@@ -0,0 +1,29 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class Action(Model):
+    """The action that will be executed.
+
+    :param action_type: The type of the action. Possible values include:
+     'EmailContacts', 'AutoRenew'
+    :type action_type: str or ~azure.keyvault.models.ActionType
+    """
+
+    _attribute_map = {
+        'action_type': {'key': 'action_type', 'type': 'ActionType'},
+    }
+
+    def __init__(self, *, action_type=None, **kwargs) -> None:
+        super(Action, self).__init__(**kwargs)
+        self.action_type = action_type
diff --git a/azure-keyvault/azure/keyvault/models/administrator_details.py b/azure-keyvault/azure/keyvault/models/administrator_details.py
old mode 100755
new mode 100644
index 05b62173448e..4026a83a5da4
--- a/azure-keyvault/azure/keyvault/models/administrator_details.py
+++ b/azure-keyvault/azure/keyvault/models/administrator_details.py
@@ -32,8 +32,9 @@ class AdministratorDetails(Model):
         'phone': {'key': 'phone', 'type': 'str'},
     }
 
-    def __init__(self, first_name=None, last_name=None, email_address=None, phone=None):
-        self.first_name = first_name
-        self.last_name = last_name
-        self.email_address = email_address
-        self.phone = phone
+    def __init__(self, **kwargs):
+        super(AdministratorDetails, self).__init__(**kwargs)
+        self.first_name = kwargs.get('first_name', None)
+        self.last_name = kwargs.get('last_name', None)
+        self.email_address = kwargs.get('email_address', None)
+        self.phone = kwargs.get('phone', None)
diff --git a/azure-keyvault/azure/keyvault/models/administrator_details_py3.py b/azure-keyvault/azure/keyvault/models/administrator_details_py3.py
new file mode 100644
index 000000000000..24a8ef8a3a1b
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/administrator_details_py3.py
@@ -0,0 +1,40 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class AdministratorDetails(Model):
+    """Details of the organization administrator of the certificate issuer.
+
+    :param first_name: First name.
+    :type first_name: str
+    :param last_name: Last name.
+    :type last_name: str
+    :param email_address: Email addresss.
+    :type email_address: str
+    :param phone: Phone number.
+    :type phone: str
+    """
+
+    _attribute_map = {
+        'first_name': {'key': 'first_name', 'type': 'str'},
+        'last_name': {'key': 'last_name', 'type': 'str'},
+        'email_address': {'key': 'email', 'type': 'str'},
+        'phone': {'key': 'phone', 'type': 'str'},
+    }
+
+    def __init__(self, *, first_name: str=None, last_name: str=None, email_address: str=None, phone: str=None, **kwargs) -> None:
+        super(AdministratorDetails, self).__init__(**kwargs)
+        self.first_name = first_name
+        self.last_name = last_name
+        self.email_address = email_address
+        self.phone = phone
diff --git a/azure-keyvault/azure/keyvault/models/attributes.py b/azure-keyvault/azure/keyvault/models/attributes.py
old mode 100755
new mode 100644
index 57c9b432d63f..5c89678b313f
--- a/azure-keyvault/azure/keyvault/models/attributes.py
+++ b/azure-keyvault/azure/keyvault/models/attributes.py
@@ -43,9 +43,10 @@ class Attributes(Model):
         'updated': {'key': 'updated', 'type': 'unix-time'},
     }
 
-    def __init__(self, enabled=None, not_before=None, expires=None):
-        self.enabled = enabled
-        self.not_before = not_before
-        self.expires = expires
+    def __init__(self, **kwargs):
+        super(Attributes, self).__init__(**kwargs)
+        self.enabled = kwargs.get('enabled', None)
+        self.not_before = kwargs.get('not_before', None)
+        self.expires = kwargs.get('expires', None)
         self.created = None
         self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/attributes_py3.py b/azure-keyvault/azure/keyvault/models/attributes_py3.py
new file mode 100644
index 000000000000..16fe316c84cb
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/attributes_py3.py
@@ -0,0 +1,52 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class Attributes(Model):
+    """The object attributes managed by the KeyVault service.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: Determines whether the object is enabled.
+    :type enabled: bool
+    :param not_before: Not before date in UTC.
+    :type not_before: datetime
+    :param expires: Expiry date in UTC.
+    :type expires: datetime
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'not_before': {'key': 'nbf', 'type': 'unix-time'},
+        'expires': {'key': 'exp', 'type': 'unix-time'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None:
+        super(Attributes, self).__init__(**kwargs)
+        self.enabled = enabled
+        self.not_before = not_before
+        self.expires = expires
+        self.created = None
+        self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/backup_key_result.py b/azure-keyvault/azure/keyvault/models/backup_key_result.py
old mode 100755
new mode 100644
index 2e977906ae41..4aaa5fc2ebe8
--- a/azure-keyvault/azure/keyvault/models/backup_key_result.py
+++ b/azure-keyvault/azure/keyvault/models/backup_key_result.py
@@ -30,5 +30,6 @@ class BackupKeyResult(Model):
         'value': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(BackupKeyResult, self).__init__(**kwargs)
         self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/backup_key_result_py3.py b/azure-keyvault/azure/keyvault/models/backup_key_result_py3.py
new file mode 100644
index 000000000000..7865e8701f76
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/backup_key_result_py3.py
@@ -0,0 +1,35 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class BackupKeyResult(Model):
+    """The backup key result, containing the backup blob.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar value: The backup blob containing the backed up key.
+    :vartype value: bytes
+    """
+
+    _validation = {
+        'value': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(BackupKeyResult, self).__init__(**kwargs)
+        self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/backup_secret_result.py b/azure-keyvault/azure/keyvault/models/backup_secret_result.py
old mode 100755
new mode 100644
index 5ae53f2f3467..4f803fc0cefe
--- a/azure-keyvault/azure/keyvault/models/backup_secret_result.py
+++ b/azure-keyvault/azure/keyvault/models/backup_secret_result.py
@@ -30,5 +30,6 @@ class BackupSecretResult(Model):
         'value': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(BackupSecretResult, self).__init__(**kwargs)
         self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/backup_secret_result_py3.py b/azure-keyvault/azure/keyvault/models/backup_secret_result_py3.py
new file mode 100644
index 000000000000..444ba7fe0fb5
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/backup_secret_result_py3.py
@@ -0,0 +1,35 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class BackupSecretResult(Model):
+    """The backup secret result, containing the backup blob.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar value: The backup blob containing the backed up secret.
+    :vartype value: bytes
+    """
+
+    _validation = {
+        'value': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(BackupSecretResult, self).__init__(**kwargs)
+        self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/certificate_attributes.py b/azure-keyvault/azure/keyvault/models/certificate_attributes.py
old mode 100755
new mode 100644
index 48162bdfac8c..a372c204ff0e
--- a/azure-keyvault/azure/keyvault/models/certificate_attributes.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_attributes.py
@@ -35,8 +35,8 @@ class CertificateAttributes(Attributes):
      retention interval. Possible values include: 'Purgeable',
      'Recoverable+Purgeable', 'Recoverable',
      'Recoverable+ProtectedSubscription'
-    :vartype recovery_level: str or :class:`DeletionRecoveryLevel
-     <azure.keyvault.models.DeletionRecoveryLevel>`
+    :vartype recovery_level: str or
+     ~azure.keyvault.models.DeletionRecoveryLevel
     """
 
     _validation = {
@@ -54,6 +54,6 @@ class CertificateAttributes(Attributes):
         'recovery_level': {'key': 'recoveryLevel', 'type': 'str'},
     }
 
-    def __init__(self, enabled=None, not_before=None, expires=None):
-        super(CertificateAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires)
+    def __init__(self, **kwargs):
+        super(CertificateAttributes, self).__init__(**kwargs)
         self.recovery_level = None
diff --git a/azure-keyvault/azure/keyvault/models/certificate_attributes_py3.py b/azure-keyvault/azure/keyvault/models/certificate_attributes_py3.py
new file mode 100644
index 000000000000..0a977c07a8b0
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_attributes_py3.py
@@ -0,0 +1,59 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .attributes_py3 import Attributes
+
+
+class CertificateAttributes(Attributes):
+    """The certificate management attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: Determines whether the object is enabled.
+    :type enabled: bool
+    :param not_before: Not before date in UTC.
+    :type not_before: datetime
+    :param expires: Expiry date in UTC.
+    :type expires: datetime
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    :ivar recovery_level: Reflects the deletion recovery level currently in
+     effect for certificates in the current vault. If it contains 'Purgeable',
+     the certificate can be permanently deleted by a privileged user;
+     otherwise, only the system can purge the certificate, at the end of the
+     retention interval. Possible values include: 'Purgeable',
+     'Recoverable+Purgeable', 'Recoverable',
+     'Recoverable+ProtectedSubscription'
+    :vartype recovery_level: str or
+     ~azure.keyvault.models.DeletionRecoveryLevel
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+        'recovery_level': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'not_before': {'key': 'nbf', 'type': 'unix-time'},
+        'expires': {'key': 'exp', 'type': 'unix-time'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+        'recovery_level': {'key': 'recoveryLevel', 'type': 'str'},
+    }
+
+    def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None:
+        super(CertificateAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs)
+        self.recovery_level = None
diff --git a/azure-keyvault/azure/keyvault/models/certificate_bundle.py b/azure-keyvault/azure/keyvault/models/certificate_bundle.py
old mode 100755
new mode 100644
index d07959405672..7e06eccada5d
--- a/azure-keyvault/azure/keyvault/models/certificate_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_bundle.py
@@ -27,17 +27,15 @@ class CertificateBundle(Model):
     :ivar x509_thumbprint: Thumbprint of the certificate.
     :vartype x509_thumbprint: bytes
     :ivar policy: The management policy.
-    :vartype policy: :class:`CertificatePolicy
-     <azure.keyvault.models.CertificatePolicy>`
+    :vartype policy: ~azure.keyvault.models.CertificatePolicy
     :param cer: CER contents of x509 certificate.
     :type cer: bytearray
     :param content_type: The content type of the secret.
     :type content_type: str
     :param attributes: The certificate attributes.
-    :type attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _validation = {
@@ -60,13 +58,14 @@ class CertificateBundle(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, cer=None, content_type=None, attributes=None, tags=None):
+    def __init__(self, **kwargs):
+        super(CertificateBundle, self).__init__(**kwargs)
         self.id = None
         self.kid = None
         self.sid = None
         self.x509_thumbprint = None
         self.policy = None
-        self.cer = cer
-        self.content_type = content_type
-        self.attributes = attributes
-        self.tags = tags
+        self.cer = kwargs.get('cer', None)
+        self.content_type = kwargs.get('content_type', None)
+        self.attributes = kwargs.get('attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_bundle_py3.py b/azure-keyvault/azure/keyvault/models/certificate_bundle_py3.py
new file mode 100644
index 000000000000..f1870ec6268a
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_bundle_py3.py
@@ -0,0 +1,71 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateBundle(Model):
+    """A certificate bundle consists of a certificate (X509) plus its attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The certificate id.
+    :vartype id: str
+    :ivar kid: The key id.
+    :vartype kid: str
+    :ivar sid: The secret id.
+    :vartype sid: str
+    :ivar x509_thumbprint: Thumbprint of the certificate.
+    :vartype x509_thumbprint: bytes
+    :ivar policy: The management policy.
+    :vartype policy: ~azure.keyvault.models.CertificatePolicy
+    :param cer: CER contents of x509 certificate.
+    :type cer: bytearray
+    :param content_type: The content type of the secret.
+    :type content_type: str
+    :param attributes: The certificate attributes.
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs
+    :type tags: dict[str, str]
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+        'kid': {'readonly': True},
+        'sid': {'readonly': True},
+        'x509_thumbprint': {'readonly': True},
+        'policy': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'kid': {'key': 'kid', 'type': 'str'},
+        'sid': {'key': 'sid', 'type': 'str'},
+        'x509_thumbprint': {'key': 'x5t', 'type': 'base64'},
+        'policy': {'key': 'policy', 'type': 'CertificatePolicy'},
+        'cer': {'key': 'cer', 'type': 'bytearray'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None:
+        super(CertificateBundle, self).__init__(**kwargs)
+        self.id = None
+        self.kid = None
+        self.sid = None
+        self.x509_thumbprint = None
+        self.policy = None
+        self.cer = cer
+        self.content_type = content_type
+        self.attributes = attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/certificate_create_parameters.py b/azure-keyvault/azure/keyvault/models/certificate_create_parameters.py
old mode 100755
new mode 100644
index bfbec2edbab8..67b72b43f738
--- a/azure-keyvault/azure/keyvault/models/certificate_create_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_create_parameters.py
@@ -16,14 +16,12 @@ class CertificateCreateParameters(Model):
     """The certificate create parameters.
 
     :param certificate_policy: The management policy for the certificate.
-    :type certificate_policy: :class:`CertificatePolicy
-     <azure.keyvault.models.CertificatePolicy>`
+    :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
     :param certificate_attributes: The attributes of the certificate
      (optional).
-    :type certificate_attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _attribute_map = {
@@ -32,7 +30,8 @@ class CertificateCreateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, certificate_policy=None, certificate_attributes=None, tags=None):
-        self.certificate_policy = certificate_policy
-        self.certificate_attributes = certificate_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(CertificateCreateParameters, self).__init__(**kwargs)
+        self.certificate_policy = kwargs.get('certificate_policy', None)
+        self.certificate_attributes = kwargs.get('certificate_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_create_parameters_py3.py b/azure-keyvault/azure/keyvault/models/certificate_create_parameters_py3.py
new file mode 100644
index 000000000000..674f3eb0a63c
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_create_parameters_py3.py
@@ -0,0 +1,37 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateCreateParameters(Model):
+    """The certificate create parameters.
+
+    :param certificate_policy: The management policy for the certificate.
+    :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
+    :param certificate_attributes: The attributes of the certificate
+     (optional).
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _attribute_map = {
+        'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'},
+        'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None:
+        super(CertificateCreateParameters, self).__init__(**kwargs)
+        self.certificate_policy = certificate_policy
+        self.certificate_attributes = certificate_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/certificate_import_parameters.py b/azure-keyvault/azure/keyvault/models/certificate_import_parameters.py
old mode 100755
new mode 100644
index d0b6136a0397..635afbd1361d
--- a/azure-keyvault/azure/keyvault/models/certificate_import_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_import_parameters.py
@@ -15,22 +15,22 @@
 class CertificateImportParameters(Model):
     """The certificate import parameters.
 
-    :param base64_encoded_certificate: Base64 encoded representation of the
-     certificate object to import. This certificate needs to contain the
+    All required parameters must be populated in order to send to Azure.
+
+    :param base64_encoded_certificate: Required. Base64 encoded representation
+     of the certificate object to import. This certificate needs to contain the
      private key.
     :type base64_encoded_certificate: str
     :param password: If the private key in base64EncodedCertificate is
      encrypted, the password used for encryption.
     :type password: str
     :param certificate_policy: The management policy for the certificate.
-    :type certificate_policy: :class:`CertificatePolicy
-     <azure.keyvault.models.CertificatePolicy>`
+    :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
     :param certificate_attributes: The attributes of the certificate
      (optional).
-    :type certificate_attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _validation = {
@@ -45,9 +45,10 @@ class CertificateImportParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, base64_encoded_certificate, password=None, certificate_policy=None, certificate_attributes=None, tags=None):
-        self.base64_encoded_certificate = base64_encoded_certificate
-        self.password = password
-        self.certificate_policy = certificate_policy
-        self.certificate_attributes = certificate_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(CertificateImportParameters, self).__init__(**kwargs)
+        self.base64_encoded_certificate = kwargs.get('base64_encoded_certificate', None)
+        self.password = kwargs.get('password', None)
+        self.certificate_policy = kwargs.get('certificate_policy', None)
+        self.certificate_attributes = kwargs.get('certificate_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_import_parameters_py3.py b/azure-keyvault/azure/keyvault/models/certificate_import_parameters_py3.py
new file mode 100644
index 000000000000..f30ad37e711c
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_import_parameters_py3.py
@@ -0,0 +1,54 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateImportParameters(Model):
+    """The certificate import parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param base64_encoded_certificate: Required. Base64 encoded representation
+     of the certificate object to import. This certificate needs to contain the
+     private key.
+    :type base64_encoded_certificate: str
+    :param password: If the private key in base64EncodedCertificate is
+     encrypted, the password used for encryption.
+    :type password: str
+    :param certificate_policy: The management policy for the certificate.
+    :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
+    :param certificate_attributes: The attributes of the certificate
+     (optional).
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _validation = {
+        'base64_encoded_certificate': {'required': True},
+    }
+
+    _attribute_map = {
+        'base64_encoded_certificate': {'key': 'value', 'type': 'str'},
+        'password': {'key': 'pwd', 'type': 'str'},
+        'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'},
+        'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, base64_encoded_certificate: str, password: str=None, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None:
+        super(CertificateImportParameters, self).__init__(**kwargs)
+        self.base64_encoded_certificate = base64_encoded_certificate
+        self.password = password
+        self.certificate_policy = certificate_policy
+        self.certificate_attributes = certificate_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_item.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_item.py
old mode 100755
new mode 100644
index 66012dd1173f..98713b2ab4c1
--- a/azure-keyvault/azure/keyvault/models/certificate_issuer_item.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_item.py
@@ -26,6 +26,7 @@ class CertificateIssuerItem(Model):
         'provider': {'key': 'provider', 'type': 'str'},
     }
 
-    def __init__(self, id=None, provider=None):
-        self.id = id
-        self.provider = provider
+    def __init__(self, **kwargs):
+        super(CertificateIssuerItem, self).__init__(**kwargs)
+        self.id = kwargs.get('id', None)
+        self.provider = kwargs.get('provider', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_item_paged.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_item_paged.py
old mode 100755
new mode 100644
index f13037a9adf7..aea372a5c6a1
--- a/azure-keyvault/azure/keyvault/models/certificate_issuer_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_item_paged.py
@@ -14,7 +14,7 @@
 
 class CertificateIssuerItemPaged(Paged):
     """
-    A paging container for iterating over a list of CertificateIssuerItem object
+    A paging container for iterating over a list of :class:`CertificateIssuerItem <azure.keyvault.models.CertificateIssuerItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_item_py3.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_item_py3.py
new file mode 100644
index 000000000000..f11aa78f8cdd
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_item_py3.py
@@ -0,0 +1,32 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateIssuerItem(Model):
+    """The certificate issuer item containing certificate issuer metadata.
+
+    :param id: Certificate Identifier.
+    :type id: str
+    :param provider: The issuer provider.
+    :type provider: str
+    """
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'provider': {'key': 'provider', 'type': 'str'},
+    }
+
+    def __init__(self, *, id: str=None, provider: str=None, **kwargs) -> None:
+        super(CertificateIssuerItem, self).__init__(**kwargs)
+        self.id = id
+        self.provider = provider
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters.py
old mode 100755
new mode 100644
index 6301f1f82bed..733740938202
--- a/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters.py
@@ -15,18 +15,17 @@
 class CertificateIssuerSetParameters(Model):
     """The certificate issuer set parameters.
 
-    :param provider: The issuer provider.
+    All required parameters must be populated in order to send to Azure.
+
+    :param provider: Required. The issuer provider.
     :type provider: str
     :param credentials: The credentials to be used for the issuer.
-    :type credentials: :class:`IssuerCredentials
-     <azure.keyvault.models.IssuerCredentials>`
+    :type credentials: ~azure.keyvault.models.IssuerCredentials
     :param organization_details: Details of the organization as provided to
      the issuer.
-    :type organization_details: :class:`OrganizationDetails
-     <azure.keyvault.models.OrganizationDetails>`
+    :type organization_details: ~azure.keyvault.models.OrganizationDetails
     :param attributes: Attributes of the issuer object.
-    :type attributes: :class:`IssuerAttributes
-     <azure.keyvault.models.IssuerAttributes>`
+    :type attributes: ~azure.keyvault.models.IssuerAttributes
     """
 
     _validation = {
@@ -40,8 +39,9 @@ class CertificateIssuerSetParameters(Model):
         'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'},
     }
 
-    def __init__(self, provider, credentials=None, organization_details=None, attributes=None):
-        self.provider = provider
-        self.credentials = credentials
-        self.organization_details = organization_details
-        self.attributes = attributes
+    def __init__(self, **kwargs):
+        super(CertificateIssuerSetParameters, self).__init__(**kwargs)
+        self.provider = kwargs.get('provider', None)
+        self.credentials = kwargs.get('credentials', None)
+        self.organization_details = kwargs.get('organization_details', None)
+        self.attributes = kwargs.get('attributes', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters_py3.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters_py3.py
new file mode 100644
index 000000000000..6a36eaef3ae9
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_set_parameters_py3.py
@@ -0,0 +1,47 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateIssuerSetParameters(Model):
+    """The certificate issuer set parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param provider: Required. The issuer provider.
+    :type provider: str
+    :param credentials: The credentials to be used for the issuer.
+    :type credentials: ~azure.keyvault.models.IssuerCredentials
+    :param organization_details: Details of the organization as provided to
+     the issuer.
+    :type organization_details: ~azure.keyvault.models.OrganizationDetails
+    :param attributes: Attributes of the issuer object.
+    :type attributes: ~azure.keyvault.models.IssuerAttributes
+    """
+
+    _validation = {
+        'provider': {'required': True},
+    }
+
+    _attribute_map = {
+        'provider': {'key': 'provider', 'type': 'str'},
+        'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'},
+        'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'},
+        'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'},
+    }
+
+    def __init__(self, *, provider: str, credentials=None, organization_details=None, attributes=None, **kwargs) -> None:
+        super(CertificateIssuerSetParameters, self).__init__(**kwargs)
+        self.provider = provider
+        self.credentials = credentials
+        self.organization_details = organization_details
+        self.attributes = attributes
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters.py
old mode 100755
new mode 100644
index a5590e044059..44347583ed42
--- a/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters.py
@@ -18,15 +18,12 @@ class CertificateIssuerUpdateParameters(Model):
     :param provider: The issuer provider.
     :type provider: str
     :param credentials: The credentials to be used for the issuer.
-    :type credentials: :class:`IssuerCredentials
-     <azure.keyvault.models.IssuerCredentials>`
+    :type credentials: ~azure.keyvault.models.IssuerCredentials
     :param organization_details: Details of the organization as provided to
      the issuer.
-    :type organization_details: :class:`OrganizationDetails
-     <azure.keyvault.models.OrganizationDetails>`
+    :type organization_details: ~azure.keyvault.models.OrganizationDetails
     :param attributes: Attributes of the issuer object.
-    :type attributes: :class:`IssuerAttributes
-     <azure.keyvault.models.IssuerAttributes>`
+    :type attributes: ~azure.keyvault.models.IssuerAttributes
     """
 
     _attribute_map = {
@@ -36,8 +33,9 @@ class CertificateIssuerUpdateParameters(Model):
         'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'},
     }
 
-    def __init__(self, provider=None, credentials=None, organization_details=None, attributes=None):
-        self.provider = provider
-        self.credentials = credentials
-        self.organization_details = organization_details
-        self.attributes = attributes
+    def __init__(self, **kwargs):
+        super(CertificateIssuerUpdateParameters, self).__init__(**kwargs)
+        self.provider = kwargs.get('provider', None)
+        self.credentials = kwargs.get('credentials', None)
+        self.organization_details = kwargs.get('organization_details', None)
+        self.attributes = kwargs.get('attributes', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters_py3.py b/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters_py3.py
new file mode 100644
index 000000000000..0b06096a438d
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_issuer_update_parameters_py3.py
@@ -0,0 +1,41 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateIssuerUpdateParameters(Model):
+    """The certificate issuer update parameters.
+
+    :param provider: The issuer provider.
+    :type provider: str
+    :param credentials: The credentials to be used for the issuer.
+    :type credentials: ~azure.keyvault.models.IssuerCredentials
+    :param organization_details: Details of the organization as provided to
+     the issuer.
+    :type organization_details: ~azure.keyvault.models.OrganizationDetails
+    :param attributes: Attributes of the issuer object.
+    :type attributes: ~azure.keyvault.models.IssuerAttributes
+    """
+
+    _attribute_map = {
+        'provider': {'key': 'provider', 'type': 'str'},
+        'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'},
+        'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'},
+        'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'},
+    }
+
+    def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None:
+        super(CertificateIssuerUpdateParameters, self).__init__(**kwargs)
+        self.provider = provider
+        self.credentials = credentials
+        self.organization_details = organization_details
+        self.attributes = attributes
diff --git a/azure-keyvault/azure/keyvault/models/certificate_item.py b/azure-keyvault/azure/keyvault/models/certificate_item.py
old mode 100755
new mode 100644
index 3f8f0c1db218..405cc71751a5
--- a/azure-keyvault/azure/keyvault/models/certificate_item.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_item.py
@@ -18,10 +18,9 @@ class CertificateItem(Model):
     :param id: Certificate identifier.
     :type id: str
     :param attributes: The certificate management attributes.
-    :type attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :param x509_thumbprint: Thumbprint of the certificate.
     :type x509_thumbprint: bytes
     """
@@ -33,8 +32,9 @@ class CertificateItem(Model):
         'x509_thumbprint': {'key': 'x5t', 'type': 'base64'},
     }
 
-    def __init__(self, id=None, attributes=None, tags=None, x509_thumbprint=None):
-        self.id = id
-        self.attributes = attributes
-        self.tags = tags
-        self.x509_thumbprint = x509_thumbprint
+    def __init__(self, **kwargs):
+        super(CertificateItem, self).__init__(**kwargs)
+        self.id = kwargs.get('id', None)
+        self.attributes = kwargs.get('attributes', None)
+        self.tags = kwargs.get('tags', None)
+        self.x509_thumbprint = kwargs.get('x509_thumbprint', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_item_paged.py b/azure-keyvault/azure/keyvault/models/certificate_item_paged.py
old mode 100755
new mode 100644
index e560848abcd4..fc6c4609930a
--- a/azure-keyvault/azure/keyvault/models/certificate_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_item_paged.py
@@ -14,7 +14,7 @@
 
 class CertificateItemPaged(Paged):
     """
-    A paging container for iterating over a list of CertificateItem object
+    A paging container for iterating over a list of :class:`CertificateItem <azure.keyvault.models.CertificateItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/certificate_item_py3.py b/azure-keyvault/azure/keyvault/models/certificate_item_py3.py
new file mode 100644
index 000000000000..8d27a8cc6246
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_item_py3.py
@@ -0,0 +1,40 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateItem(Model):
+    """The certificate item containing certificate metadata.
+
+    :param id: Certificate identifier.
+    :type id: str
+    :param attributes: The certificate management attributes.
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :param x509_thumbprint: Thumbprint of the certificate.
+    :type x509_thumbprint: bytes
+    """
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'x509_thumbprint': {'key': 'x5t', 'type': 'base64'},
+    }
+
+    def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, **kwargs) -> None:
+        super(CertificateItem, self).__init__(**kwargs)
+        self.id = id
+        self.attributes = attributes
+        self.tags = tags
+        self.x509_thumbprint = x509_thumbprint
diff --git a/azure-keyvault/azure/keyvault/models/certificate_merge_parameters.py b/azure-keyvault/azure/keyvault/models/certificate_merge_parameters.py
old mode 100755
new mode 100644
index c83d68be47bd..cb4226161fab
--- a/azure-keyvault/azure/keyvault/models/certificate_merge_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_merge_parameters.py
@@ -15,15 +15,16 @@
 class CertificateMergeParameters(Model):
     """The certificate merge parameters.
 
-    :param x509_certificates: The certificate or the certificate chain to
-     merge.
-    :type x509_certificates: list of bytearray
+    All required parameters must be populated in order to send to Azure.
+
+    :param x509_certificates: Required. The certificate or the certificate
+     chain to merge.
+    :type x509_certificates: list[bytearray]
     :param certificate_attributes: The attributes of the certificate
      (optional).
-    :type certificate_attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _validation = {
@@ -36,7 +37,8 @@ class CertificateMergeParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, x509_certificates, certificate_attributes=None, tags=None):
-        self.x509_certificates = x509_certificates
-        self.certificate_attributes = certificate_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(CertificateMergeParameters, self).__init__(**kwargs)
+        self.x509_certificates = kwargs.get('x509_certificates', None)
+        self.certificate_attributes = kwargs.get('certificate_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_merge_parameters_py3.py b/azure-keyvault/azure/keyvault/models/certificate_merge_parameters_py3.py
new file mode 100644
index 000000000000..375dfc9bf8e9
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_merge_parameters_py3.py
@@ -0,0 +1,44 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateMergeParameters(Model):
+    """The certificate merge parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param x509_certificates: Required. The certificate or the certificate
+     chain to merge.
+    :type x509_certificates: list[bytearray]
+    :param certificate_attributes: The attributes of the certificate
+     (optional).
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _validation = {
+        'x509_certificates': {'required': True},
+    }
+
+    _attribute_map = {
+        'x509_certificates': {'key': 'x5c', 'type': '[bytearray]'},
+        'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, x509_certificates, certificate_attributes=None, tags=None, **kwargs) -> None:
+        super(CertificateMergeParameters, self).__init__(**kwargs)
+        self.x509_certificates = x509_certificates
+        self.certificate_attributes = certificate_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/certificate_operation.py b/azure-keyvault/azure/keyvault/models/certificate_operation.py
old mode 100755
new mode 100644
index 31389a7abf30..d9976856dd6e
--- a/azure-keyvault/azure/keyvault/models/certificate_operation.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_operation.py
@@ -22,8 +22,7 @@ class CertificateOperation(Model):
     :vartype id: str
     :param issuer_parameters: Parameters for the issuer of the X509 component
      of a certificate.
-    :type issuer_parameters: :class:`IssuerParameters
-     <azure.keyvault.models.IssuerParameters>`
+    :type issuer_parameters: ~azure.keyvault.models.IssuerParameters
     :param csr: The certificate signing request (CSR) that is being used in
      the certificate operation.
     :type csr: bytearray
@@ -35,7 +34,7 @@ class CertificateOperation(Model):
     :param status_details: The status details of the certificate operation.
     :type status_details: str
     :param error: Error encountered, if any, during the certificate operation.
-    :type error: :class:`Error <azure.keyvault.models.Error>`
+    :type error: ~azure.keyvault.models.Error
     :param target: Location which contains the result of the certificate
      operation.
     :type target: str
@@ -59,13 +58,14 @@ class CertificateOperation(Model):
         'request_id': {'key': 'request_id', 'type': 'str'},
     }
 
-    def __init__(self, issuer_parameters=None, csr=None, cancellation_requested=None, status=None, status_details=None, error=None, target=None, request_id=None):
+    def __init__(self, **kwargs):
+        super(CertificateOperation, self).__init__(**kwargs)
         self.id = None
-        self.issuer_parameters = issuer_parameters
-        self.csr = csr
-        self.cancellation_requested = cancellation_requested
-        self.status = status
-        self.status_details = status_details
-        self.error = error
-        self.target = target
-        self.request_id = request_id
+        self.issuer_parameters = kwargs.get('issuer_parameters', None)
+        self.csr = kwargs.get('csr', None)
+        self.cancellation_requested = kwargs.get('cancellation_requested', None)
+        self.status = kwargs.get('status', None)
+        self.status_details = kwargs.get('status_details', None)
+        self.error = kwargs.get('error', None)
+        self.target = kwargs.get('target', None)
+        self.request_id = kwargs.get('request_id', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_operation_py3.py b/azure-keyvault/azure/keyvault/models/certificate_operation_py3.py
new file mode 100644
index 000000000000..674fa5e0414a
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_operation_py3.py
@@ -0,0 +1,71 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateOperation(Model):
+    """A certificate operation is returned in case of asynchronous requests.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The certificate id.
+    :vartype id: str
+    :param issuer_parameters: Parameters for the issuer of the X509 component
+     of a certificate.
+    :type issuer_parameters: ~azure.keyvault.models.IssuerParameters
+    :param csr: The certificate signing request (CSR) that is being used in
+     the certificate operation.
+    :type csr: bytearray
+    :param cancellation_requested: Indicates if cancellation was requested on
+     the certificate operation.
+    :type cancellation_requested: bool
+    :param status: Status of the certificate operation.
+    :type status: str
+    :param status_details: The status details of the certificate operation.
+    :type status_details: str
+    :param error: Error encountered, if any, during the certificate operation.
+    :type error: ~azure.keyvault.models.Error
+    :param target: Location which contains the result of the certificate
+     operation.
+    :type target: str
+    :param request_id: Identifier for the certificate operation.
+    :type request_id: str
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'},
+        'csr': {'key': 'csr', 'type': 'bytearray'},
+        'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'},
+        'status': {'key': 'status', 'type': 'str'},
+        'status_details': {'key': 'status_details', 'type': 'str'},
+        'error': {'key': 'error', 'type': 'Error'},
+        'target': {'key': 'target', 'type': 'str'},
+        'request_id': {'key': 'request_id', 'type': 'str'},
+    }
+
+    def __init__(self, *, issuer_parameters=None, csr: bytearray=None, cancellation_requested: bool=None, status: str=None, status_details: str=None, error=None, target: str=None, request_id: str=None, **kwargs) -> None:
+        super(CertificateOperation, self).__init__(**kwargs)
+        self.id = None
+        self.issuer_parameters = issuer_parameters
+        self.csr = csr
+        self.cancellation_requested = cancellation_requested
+        self.status = status
+        self.status_details = status_details
+        self.error = error
+        self.target = target
+        self.request_id = request_id
diff --git a/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter.py b/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter.py
old mode 100755
new mode 100644
index ec887e9d2313..fadc2e3ea734
--- a/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter.py
@@ -15,8 +15,10 @@
 class CertificateOperationUpdateParameter(Model):
     """The certificate operation update parameters.
 
-    :param cancellation_requested: Indicates if cancellation was requested on
-     the certificate operation.
+    All required parameters must be populated in order to send to Azure.
+
+    :param cancellation_requested: Required. Indicates if cancellation was
+     requested on the certificate operation.
     :type cancellation_requested: bool
     """
 
@@ -28,5 +30,6 @@ class CertificateOperationUpdateParameter(Model):
         'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'},
     }
 
-    def __init__(self, cancellation_requested):
-        self.cancellation_requested = cancellation_requested
+    def __init__(self, **kwargs):
+        super(CertificateOperationUpdateParameter, self).__init__(**kwargs)
+        self.cancellation_requested = kwargs.get('cancellation_requested', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter_py3.py b/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter_py3.py
new file mode 100644
index 000000000000..c9fea79090ee
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_operation_update_parameter_py3.py
@@ -0,0 +1,35 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateOperationUpdateParameter(Model):
+    """The certificate operation update parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param cancellation_requested: Required. Indicates if cancellation was
+     requested on the certificate operation.
+    :type cancellation_requested: bool
+    """
+
+    _validation = {
+        'cancellation_requested': {'required': True},
+    }
+
+    _attribute_map = {
+        'cancellation_requested': {'key': 'cancellation_requested', 'type': 'bool'},
+    }
+
+    def __init__(self, *, cancellation_requested: bool, **kwargs) -> None:
+        super(CertificateOperationUpdateParameter, self).__init__(**kwargs)
+        self.cancellation_requested = cancellation_requested
diff --git a/azure-keyvault/azure/keyvault/models/certificate_policy.py b/azure-keyvault/azure/keyvault/models/certificate_policy.py
old mode 100755
new mode 100644
index 684da134dd4e..cbf8823076ea
--- a/azure-keyvault/azure/keyvault/models/certificate_policy.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_policy.py
@@ -21,26 +21,21 @@ class CertificatePolicy(Model):
     :ivar id: The certificate id.
     :vartype id: str
     :param key_properties: Properties of the key backing a certificate.
-    :type key_properties: :class:`KeyProperties
-     <azure.keyvault.models.KeyProperties>`
+    :type key_properties: ~azure.keyvault.models.KeyProperties
     :param secret_properties: Properties of the secret backing a certificate.
-    :type secret_properties: :class:`SecretProperties
-     <azure.keyvault.models.SecretProperties>`
+    :type secret_properties: ~azure.keyvault.models.SecretProperties
     :param x509_certificate_properties: Properties of the X509 component of a
      certificate.
-    :type x509_certificate_properties: :class:`X509CertificateProperties
-     <azure.keyvault.models.X509CertificateProperties>`
+    :type x509_certificate_properties:
+     ~azure.keyvault.models.X509CertificateProperties
     :param lifetime_actions: Actions that will be performed by Key Vault over
      the lifetime of a certificate.
-    :type lifetime_actions: list of :class:`LifetimeAction
-     <azure.keyvault.models.LifetimeAction>`
+    :type lifetime_actions: list[~azure.keyvault.models.LifetimeAction]
     :param issuer_parameters: Parameters for the issuer of the X509 component
      of a certificate.
-    :type issuer_parameters: :class:`IssuerParameters
-     <azure.keyvault.models.IssuerParameters>`
+    :type issuer_parameters: ~azure.keyvault.models.IssuerParameters
     :param attributes: The certificate attributes.
-    :type attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
     """
 
     _validation = {
@@ -57,11 +52,12 @@ class CertificatePolicy(Model):
         'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
     }
 
-    def __init__(self, key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None):
+    def __init__(self, **kwargs):
+        super(CertificatePolicy, self).__init__(**kwargs)
         self.id = None
-        self.key_properties = key_properties
-        self.secret_properties = secret_properties
-        self.x509_certificate_properties = x509_certificate_properties
-        self.lifetime_actions = lifetime_actions
-        self.issuer_parameters = issuer_parameters
-        self.attributes = attributes
+        self.key_properties = kwargs.get('key_properties', None)
+        self.secret_properties = kwargs.get('secret_properties', None)
+        self.x509_certificate_properties = kwargs.get('x509_certificate_properties', None)
+        self.lifetime_actions = kwargs.get('lifetime_actions', None)
+        self.issuer_parameters = kwargs.get('issuer_parameters', None)
+        self.attributes = kwargs.get('attributes', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_policy_py3.py b/azure-keyvault/azure/keyvault/models/certificate_policy_py3.py
new file mode 100644
index 000000000000..d338af8a0044
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_policy_py3.py
@@ -0,0 +1,63 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificatePolicy(Model):
+    """Management policy for a certificate.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The certificate id.
+    :vartype id: str
+    :param key_properties: Properties of the key backing a certificate.
+    :type key_properties: ~azure.keyvault.models.KeyProperties
+    :param secret_properties: Properties of the secret backing a certificate.
+    :type secret_properties: ~azure.keyvault.models.SecretProperties
+    :param x509_certificate_properties: Properties of the X509 component of a
+     certificate.
+    :type x509_certificate_properties:
+     ~azure.keyvault.models.X509CertificateProperties
+    :param lifetime_actions: Actions that will be performed by Key Vault over
+     the lifetime of a certificate.
+    :type lifetime_actions: list[~azure.keyvault.models.LifetimeAction]
+    :param issuer_parameters: Parameters for the issuer of the X509 component
+     of a certificate.
+    :type issuer_parameters: ~azure.keyvault.models.IssuerParameters
+    :param attributes: The certificate attributes.
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'key_properties': {'key': 'key_props', 'type': 'KeyProperties'},
+        'secret_properties': {'key': 'secret_props', 'type': 'SecretProperties'},
+        'x509_certificate_properties': {'key': 'x509_props', 'type': 'X509CertificateProperties'},
+        'lifetime_actions': {'key': 'lifetime_actions', 'type': '[LifetimeAction]'},
+        'issuer_parameters': {'key': 'issuer', 'type': 'IssuerParameters'},
+        'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+    }
+
+    def __init__(self, *, key_properties=None, secret_properties=None, x509_certificate_properties=None, lifetime_actions=None, issuer_parameters=None, attributes=None, **kwargs) -> None:
+        super(CertificatePolicy, self).__init__(**kwargs)
+        self.id = None
+        self.key_properties = key_properties
+        self.secret_properties = secret_properties
+        self.x509_certificate_properties = x509_certificate_properties
+        self.lifetime_actions = lifetime_actions
+        self.issuer_parameters = issuer_parameters
+        self.attributes = attributes
diff --git a/azure-keyvault/azure/keyvault/models/certificate_update_parameters.py b/azure-keyvault/azure/keyvault/models/certificate_update_parameters.py
old mode 100755
new mode 100644
index 499a22d5ff81..9407d23b28ec
--- a/azure-keyvault/azure/keyvault/models/certificate_update_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/certificate_update_parameters.py
@@ -16,14 +16,12 @@ class CertificateUpdateParameters(Model):
     """The certificate update parameters.
 
     :param certificate_policy: The management policy for the certificate.
-    :type certificate_policy: :class:`CertificatePolicy
-     <azure.keyvault.models.CertificatePolicy>`
+    :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
     :param certificate_attributes: The attributes of the certificate
      (optional).
-    :type certificate_attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _attribute_map = {
@@ -32,7 +30,8 @@ class CertificateUpdateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, certificate_policy=None, certificate_attributes=None, tags=None):
-        self.certificate_policy = certificate_policy
-        self.certificate_attributes = certificate_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(CertificateUpdateParameters, self).__init__(**kwargs)
+        self.certificate_policy = kwargs.get('certificate_policy', None)
+        self.certificate_attributes = kwargs.get('certificate_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/certificate_update_parameters_py3.py b/azure-keyvault/azure/keyvault/models/certificate_update_parameters_py3.py
new file mode 100644
index 000000000000..cddbe4ea6cee
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/certificate_update_parameters_py3.py
@@ -0,0 +1,37 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class CertificateUpdateParameters(Model):
+    """The certificate update parameters.
+
+    :param certificate_policy: The management policy for the certificate.
+    :type certificate_policy: ~azure.keyvault.models.CertificatePolicy
+    :param certificate_attributes: The attributes of the certificate
+     (optional).
+    :type certificate_attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _attribute_map = {
+        'certificate_policy': {'key': 'policy', 'type': 'CertificatePolicy'},
+        'certificate_attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, certificate_policy=None, certificate_attributes=None, tags=None, **kwargs) -> None:
+        super(CertificateUpdateParameters, self).__init__(**kwargs)
+        self.certificate_policy = certificate_policy
+        self.certificate_attributes = certificate_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/contact.py b/azure-keyvault/azure/keyvault/models/contact.py
old mode 100755
new mode 100644
index bdfd1c8b96bb..217a04fb85d0
--- a/azure-keyvault/azure/keyvault/models/contact.py
+++ b/azure-keyvault/azure/keyvault/models/contact.py
@@ -29,7 +29,8 @@ class Contact(Model):
         'phone': {'key': 'phone', 'type': 'str'},
     }
 
-    def __init__(self, email_address=None, name=None, phone=None):
-        self.email_address = email_address
-        self.name = name
-        self.phone = phone
+    def __init__(self, **kwargs):
+        super(Contact, self).__init__(**kwargs)
+        self.email_address = kwargs.get('email_address', None)
+        self.name = kwargs.get('name', None)
+        self.phone = kwargs.get('phone', None)
diff --git a/azure-keyvault/azure/keyvault/models/contact_py3.py b/azure-keyvault/azure/keyvault/models/contact_py3.py
new file mode 100644
index 000000000000..56569b0d9912
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/contact_py3.py
@@ -0,0 +1,36 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class Contact(Model):
+    """The contact information for the vault certificates.
+
+    :param email_address: Email addresss.
+    :type email_address: str
+    :param name: Name.
+    :type name: str
+    :param phone: Phone number.
+    :type phone: str
+    """
+
+    _attribute_map = {
+        'email_address': {'key': 'email', 'type': 'str'},
+        'name': {'key': 'name', 'type': 'str'},
+        'phone': {'key': 'phone', 'type': 'str'},
+    }
+
+    def __init__(self, *, email_address: str=None, name: str=None, phone: str=None, **kwargs) -> None:
+        super(Contact, self).__init__(**kwargs)
+        self.email_address = email_address
+        self.name = name
+        self.phone = phone
diff --git a/azure-keyvault/azure/keyvault/models/contacts.py b/azure-keyvault/azure/keyvault/models/contacts.py
old mode 100755
new mode 100644
index 3ebe54cd89cf..4efc32f9b5be
--- a/azure-keyvault/azure/keyvault/models/contacts.py
+++ b/azure-keyvault/azure/keyvault/models/contacts.py
@@ -21,8 +21,7 @@ class Contacts(Model):
     :ivar id: Identifier for the contacts collection.
     :vartype id: str
     :param contact_list: The contact list for the vault certificates.
-    :type contact_list: list of :class:`Contact
-     <azure.keyvault.models.Contact>`
+    :type contact_list: list[~azure.keyvault.models.Contact]
     """
 
     _validation = {
@@ -34,6 +33,7 @@ class Contacts(Model):
         'contact_list': {'key': 'contacts', 'type': '[Contact]'},
     }
 
-    def __init__(self, contact_list=None):
+    def __init__(self, **kwargs):
+        super(Contacts, self).__init__(**kwargs)
         self.id = None
-        self.contact_list = contact_list
+        self.contact_list = kwargs.get('contact_list', None)
diff --git a/azure-keyvault/azure/keyvault/models/contacts_py3.py b/azure-keyvault/azure/keyvault/models/contacts_py3.py
new file mode 100644
index 000000000000..c2539d8e6de3
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/contacts_py3.py
@@ -0,0 +1,39 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class Contacts(Model):
+    """The contacts for the vault certificates.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: Identifier for the contacts collection.
+    :vartype id: str
+    :param contact_list: The contact list for the vault certificates.
+    :type contact_list: list[~azure.keyvault.models.Contact]
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'contact_list': {'key': 'contacts', 'type': '[Contact]'},
+    }
+
+    def __init__(self, *, contact_list=None, **kwargs) -> None:
+        super(Contacts, self).__init__(**kwargs)
+        self.id = None
+        self.contact_list = contact_list
diff --git a/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle.py b/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle.py
old mode 100755
new mode 100644
index 518c414f0b2d..b3fac86a9805
--- a/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle.py
@@ -28,17 +28,15 @@ class DeletedCertificateBundle(CertificateBundle):
     :ivar x509_thumbprint: Thumbprint of the certificate.
     :vartype x509_thumbprint: bytes
     :ivar policy: The management policy.
-    :vartype policy: :class:`CertificatePolicy
-     <azure.keyvault.models.CertificatePolicy>`
+    :vartype policy: ~azure.keyvault.models.CertificatePolicy
     :param cer: CER contents of x509 certificate.
     :type cer: bytearray
     :param content_type: The content type of the secret.
     :type content_type: str
     :param attributes: The certificate attributes.
-    :type attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs
-    :type tags: dict
+    :type tags: dict[str, str]
     :param recovery_id: The url of the recovery object, used to identify and
      recover the deleted certificate.
     :type recovery_id: str
@@ -74,8 +72,8 @@ class DeletedCertificateBundle(CertificateBundle):
         'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
     }
 
-    def __init__(self, cer=None, content_type=None, attributes=None, tags=None, recovery_id=None):
-        super(DeletedCertificateBundle, self).__init__(cer=cer, content_type=content_type, attributes=attributes, tags=tags)
-        self.recovery_id = recovery_id
+    def __init__(self, **kwargs):
+        super(DeletedCertificateBundle, self).__init__(**kwargs)
+        self.recovery_id = kwargs.get('recovery_id', None)
         self.scheduled_purge_date = None
         self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle_py3.py b/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle_py3.py
new file mode 100644
index 000000000000..c028d1db6740
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/deleted_certificate_bundle_py3.py
@@ -0,0 +1,79 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .certificate_bundle_py3 import CertificateBundle
+
+
+class DeletedCertificateBundle(CertificateBundle):
+    """A Deleted Certificate consisting of its previous id, attributes and its
+    tags, as well as information on when it will be purged.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The certificate id.
+    :vartype id: str
+    :ivar kid: The key id.
+    :vartype kid: str
+    :ivar sid: The secret id.
+    :vartype sid: str
+    :ivar x509_thumbprint: Thumbprint of the certificate.
+    :vartype x509_thumbprint: bytes
+    :ivar policy: The management policy.
+    :vartype policy: ~azure.keyvault.models.CertificatePolicy
+    :param cer: CER contents of x509 certificate.
+    :type cer: bytearray
+    :param content_type: The content type of the secret.
+    :type content_type: str
+    :param attributes: The certificate attributes.
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs
+    :type tags: dict[str, str]
+    :param recovery_id: The url of the recovery object, used to identify and
+     recover the deleted certificate.
+    :type recovery_id: str
+    :ivar scheduled_purge_date: The time when the certificate is scheduled to
+     be purged, in UTC
+    :vartype scheduled_purge_date: datetime
+    :ivar deleted_date: The time when the certificate was deleted, in UTC
+    :vartype deleted_date: datetime
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+        'kid': {'readonly': True},
+        'sid': {'readonly': True},
+        'x509_thumbprint': {'readonly': True},
+        'policy': {'readonly': True},
+        'scheduled_purge_date': {'readonly': True},
+        'deleted_date': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'kid': {'key': 'kid', 'type': 'str'},
+        'sid': {'key': 'sid', 'type': 'str'},
+        'x509_thumbprint': {'key': 'x5t', 'type': 'base64'},
+        'policy': {'key': 'policy', 'type': 'CertificatePolicy'},
+        'cer': {'key': 'cer', 'type': 'bytearray'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'recovery_id': {'key': 'recoveryId', 'type': 'str'},
+        'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'},
+        'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, cer: bytearray=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None:
+        super(DeletedCertificateBundle, self).__init__(cer=cer, content_type=content_type, attributes=attributes, tags=tags, **kwargs)
+        self.recovery_id = recovery_id
+        self.scheduled_purge_date = None
+        self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_certificate_item.py b/azure-keyvault/azure/keyvault/models/deleted_certificate_item.py
old mode 100755
new mode 100644
index 38fbcc8f2f50..e6fa2963cc09
--- a/azure-keyvault/azure/keyvault/models/deleted_certificate_item.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_certificate_item.py
@@ -22,10 +22,9 @@ class DeletedCertificateItem(CertificateItem):
     :param id: Certificate identifier.
     :type id: str
     :param attributes: The certificate management attributes.
-    :type attributes: :class:`CertificateAttributes
-     <azure.keyvault.models.CertificateAttributes>`
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :param x509_thumbprint: Thumbprint of the certificate.
     :type x509_thumbprint: bytes
     :param recovery_id: The url of the recovery object, used to identify and
@@ -53,8 +52,8 @@ class DeletedCertificateItem(CertificateItem):
         'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
     }
 
-    def __init__(self, id=None, attributes=None, tags=None, x509_thumbprint=None, recovery_id=None):
-        super(DeletedCertificateItem, self).__init__(id=id, attributes=attributes, tags=tags, x509_thumbprint=x509_thumbprint)
-        self.recovery_id = recovery_id
+    def __init__(self, **kwargs):
+        super(DeletedCertificateItem, self).__init__(**kwargs)
+        self.recovery_id = kwargs.get('recovery_id', None)
         self.scheduled_purge_date = None
         self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_certificate_item_paged.py b/azure-keyvault/azure/keyvault/models/deleted_certificate_item_paged.py
old mode 100755
new mode 100644
index 879fb74641b4..28328340ba83
--- a/azure-keyvault/azure/keyvault/models/deleted_certificate_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_certificate_item_paged.py
@@ -14,7 +14,7 @@
 
 class DeletedCertificateItemPaged(Paged):
     """
-    A paging container for iterating over a list of DeletedCertificateItem object
+    A paging container for iterating over a list of :class:`DeletedCertificateItem <azure.keyvault.models.DeletedCertificateItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/deleted_certificate_item_py3.py b/azure-keyvault/azure/keyvault/models/deleted_certificate_item_py3.py
new file mode 100644
index 000000000000..eb9c4c941c7c
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/deleted_certificate_item_py3.py
@@ -0,0 +1,59 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .certificate_item_py3 import CertificateItem
+
+
+class DeletedCertificateItem(CertificateItem):
+    """The deleted certificate item containing metadata about the deleted
+    certificate.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param id: Certificate identifier.
+    :type id: str
+    :param attributes: The certificate management attributes.
+    :type attributes: ~azure.keyvault.models.CertificateAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :param x509_thumbprint: Thumbprint of the certificate.
+    :type x509_thumbprint: bytes
+    :param recovery_id: The url of the recovery object, used to identify and
+     recover the deleted certificate.
+    :type recovery_id: str
+    :ivar scheduled_purge_date: The time when the certificate is scheduled to
+     be purged, in UTC
+    :vartype scheduled_purge_date: datetime
+    :ivar deleted_date: The time when the certificate was deleted, in UTC
+    :vartype deleted_date: datetime
+    """
+
+    _validation = {
+        'scheduled_purge_date': {'readonly': True},
+        'deleted_date': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'CertificateAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'x509_thumbprint': {'key': 'x5t', 'type': 'base64'},
+        'recovery_id': {'key': 'recoveryId', 'type': 'str'},
+        'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'},
+        'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, id: str=None, attributes=None, tags=None, x509_thumbprint: bytes=None, recovery_id: str=None, **kwargs) -> None:
+        super(DeletedCertificateItem, self).__init__(id=id, attributes=attributes, tags=tags, x509_thumbprint=x509_thumbprint, **kwargs)
+        self.recovery_id = recovery_id
+        self.scheduled_purge_date = None
+        self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_key_bundle.py b/azure-keyvault/azure/keyvault/models/deleted_key_bundle.py
old mode 100755
new mode 100644
index c2abbaaf2fb5..4da00938813b
--- a/azure-keyvault/azure/keyvault/models/deleted_key_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_key_bundle.py
@@ -20,12 +20,11 @@ class DeletedKeyBundle(KeyBundle):
     sending a request.
 
     :param key: The Json web key.
-    :type key: :class:`JsonWebKey <azure.keyvault.models.JsonWebKey>`
+    :type key: ~azure.keyvault.models.JsonWebKey
     :param attributes: The key management attributes.
-    :type attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :ivar managed: True if the key's lifetime is managed by key vault. If this
      is a key backing a certificate, then managed will be true.
     :vartype managed: bool
@@ -55,8 +54,8 @@ class DeletedKeyBundle(KeyBundle):
         'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
     }
 
-    def __init__(self, key=None, attributes=None, tags=None, recovery_id=None):
-        super(DeletedKeyBundle, self).__init__(key=key, attributes=attributes, tags=tags)
-        self.recovery_id = recovery_id
+    def __init__(self, **kwargs):
+        super(DeletedKeyBundle, self).__init__(**kwargs)
+        self.recovery_id = kwargs.get('recovery_id', None)
         self.scheduled_purge_date = None
         self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_key_bundle_py3.py b/azure-keyvault/azure/keyvault/models/deleted_key_bundle_py3.py
new file mode 100644
index 000000000000..f36d9a0028b1
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/deleted_key_bundle_py3.py
@@ -0,0 +1,61 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .key_bundle_py3 import KeyBundle
+
+
+class DeletedKeyBundle(KeyBundle):
+    """A DeletedKeyBundle consisting of a WebKey plus its Attributes and deletion
+    info.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param key: The Json web key.
+    :type key: ~azure.keyvault.models.JsonWebKey
+    :param attributes: The key management attributes.
+    :type attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :ivar managed: True if the key's lifetime is managed by key vault. If this
+     is a key backing a certificate, then managed will be true.
+    :vartype managed: bool
+    :param recovery_id: The url of the recovery object, used to identify and
+     recover the deleted key.
+    :type recovery_id: str
+    :ivar scheduled_purge_date: The time when the key is scheduled to be
+     purged, in UTC
+    :vartype scheduled_purge_date: datetime
+    :ivar deleted_date: The time when the key was deleted, in UTC
+    :vartype deleted_date: datetime
+    """
+
+    _validation = {
+        'managed': {'readonly': True},
+        'scheduled_purge_date': {'readonly': True},
+        'deleted_date': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'key': {'key': 'key', 'type': 'JsonWebKey'},
+        'attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+        'recovery_id': {'key': 'recoveryId', 'type': 'str'},
+        'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'},
+        'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, key=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None:
+        super(DeletedKeyBundle, self).__init__(key=key, attributes=attributes, tags=tags, **kwargs)
+        self.recovery_id = recovery_id
+        self.scheduled_purge_date = None
+        self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_key_item.py b/azure-keyvault/azure/keyvault/models/deleted_key_item.py
old mode 100755
new mode 100644
index dc37b3b238b9..a3ed56f9a99e
--- a/azure-keyvault/azure/keyvault/models/deleted_key_item.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_key_item.py
@@ -22,10 +22,9 @@ class DeletedKeyItem(KeyItem):
     :param kid: Key identifier.
     :type kid: str
     :param attributes: The key management attributes.
-    :type attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :ivar managed: True if the key's lifetime is managed by key vault. If this
      is a key backing a certificate, then managed will be true.
     :vartype managed: bool
@@ -55,8 +54,8 @@ class DeletedKeyItem(KeyItem):
         'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
     }
 
-    def __init__(self, kid=None, attributes=None, tags=None, recovery_id=None):
-        super(DeletedKeyItem, self).__init__(kid=kid, attributes=attributes, tags=tags)
-        self.recovery_id = recovery_id
+    def __init__(self, **kwargs):
+        super(DeletedKeyItem, self).__init__(**kwargs)
+        self.recovery_id = kwargs.get('recovery_id', None)
         self.scheduled_purge_date = None
         self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_key_item_paged.py b/azure-keyvault/azure/keyvault/models/deleted_key_item_paged.py
old mode 100755
new mode 100644
index efa1ecf696ba..96b80d8961cf
--- a/azure-keyvault/azure/keyvault/models/deleted_key_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_key_item_paged.py
@@ -14,7 +14,7 @@
 
 class DeletedKeyItemPaged(Paged):
     """
-    A paging container for iterating over a list of DeletedKeyItem object
+    A paging container for iterating over a list of :class:`DeletedKeyItem <azure.keyvault.models.DeletedKeyItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/deleted_key_item_py3.py b/azure-keyvault/azure/keyvault/models/deleted_key_item_py3.py
new file mode 100644
index 000000000000..f891deac56a0
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/deleted_key_item_py3.py
@@ -0,0 +1,61 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .key_item_py3 import KeyItem
+
+
+class DeletedKeyItem(KeyItem):
+    """The deleted key item containing the deleted key metadata and information
+    about deletion.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param kid: Key identifier.
+    :type kid: str
+    :param attributes: The key management attributes.
+    :type attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :ivar managed: True if the key's lifetime is managed by key vault. If this
+     is a key backing a certificate, then managed will be true.
+    :vartype managed: bool
+    :param recovery_id: The url of the recovery object, used to identify and
+     recover the deleted key.
+    :type recovery_id: str
+    :ivar scheduled_purge_date: The time when the key is scheduled to be
+     purged, in UTC
+    :vartype scheduled_purge_date: datetime
+    :ivar deleted_date: The time when the key was deleted, in UTC
+    :vartype deleted_date: datetime
+    """
+
+    _validation = {
+        'managed': {'readonly': True},
+        'scheduled_purge_date': {'readonly': True},
+        'deleted_date': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'kid': {'key': 'kid', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+        'recovery_id': {'key': 'recoveryId', 'type': 'str'},
+        'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'},
+        'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, kid: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None:
+        super(DeletedKeyItem, self).__init__(kid=kid, attributes=attributes, tags=tags, **kwargs)
+        self.recovery_id = recovery_id
+        self.scheduled_purge_date = None
+        self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_secret_bundle.py b/azure-keyvault/azure/keyvault/models/deleted_secret_bundle.py
old mode 100755
new mode 100644
index f948590cc77d..f88eb1fb02c2
--- a/azure-keyvault/azure/keyvault/models/deleted_secret_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_secret_bundle.py
@@ -26,10 +26,9 @@ class DeletedSecretBundle(SecretBundle):
     :param content_type: The content type of the secret.
     :type content_type: str
     :param attributes: The secret management attributes.
-    :type attributes: :class:`SecretAttributes
-     <azure.keyvault.models.SecretAttributes>`
+    :type attributes: ~azure.keyvault.models.SecretAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :ivar kid: If this is a secret backing a KV certificate, then this field
      specifies the corresponding key backing the KV certificate.
     :vartype kid: str
@@ -66,8 +65,8 @@ class DeletedSecretBundle(SecretBundle):
         'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
     }
 
-    def __init__(self, value=None, id=None, content_type=None, attributes=None, tags=None, recovery_id=None):
-        super(DeletedSecretBundle, self).__init__(value=value, id=id, content_type=content_type, attributes=attributes, tags=tags)
-        self.recovery_id = recovery_id
+    def __init__(self, **kwargs):
+        super(DeletedSecretBundle, self).__init__(**kwargs)
+        self.recovery_id = kwargs.get('recovery_id', None)
         self.scheduled_purge_date = None
         self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_secret_bundle_py3.py b/azure-keyvault/azure/keyvault/models/deleted_secret_bundle_py3.py
new file mode 100644
index 000000000000..d6f4032cd614
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/deleted_secret_bundle_py3.py
@@ -0,0 +1,72 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .secret_bundle_py3 import SecretBundle
+
+
+class DeletedSecretBundle(SecretBundle):
+    """A Deleted Secret consisting of its previous id, attributes and its tags, as
+    well as information on when it will be purged.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param value: The secret value.
+    :type value: str
+    :param id: The secret id.
+    :type id: str
+    :param content_type: The content type of the secret.
+    :type content_type: str
+    :param attributes: The secret management attributes.
+    :type attributes: ~azure.keyvault.models.SecretAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :ivar kid: If this is a secret backing a KV certificate, then this field
+     specifies the corresponding key backing the KV certificate.
+    :vartype kid: str
+    :ivar managed: True if the secret's lifetime is managed by key vault. If
+     this is a secret backing a certificate, then managed will be true.
+    :vartype managed: bool
+    :param recovery_id: The url of the recovery object, used to identify and
+     recover the deleted secret.
+    :type recovery_id: str
+    :ivar scheduled_purge_date: The time when the secret is scheduled to be
+     purged, in UTC
+    :vartype scheduled_purge_date: datetime
+    :ivar deleted_date: The time when the secret was deleted, in UTC
+    :vartype deleted_date: datetime
+    """
+
+    _validation = {
+        'kid': {'readonly': True},
+        'managed': {'readonly': True},
+        'scheduled_purge_date': {'readonly': True},
+        'deleted_date': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'str'},
+        'id': {'key': 'id', 'type': 'str'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'kid': {'key': 'kid', 'type': 'str'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+        'recovery_id': {'key': 'recoveryId', 'type': 'str'},
+        'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'},
+        'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, recovery_id: str=None, **kwargs) -> None:
+        super(DeletedSecretBundle, self).__init__(value=value, id=id, content_type=content_type, attributes=attributes, tags=tags, **kwargs)
+        self.recovery_id = recovery_id
+        self.scheduled_purge_date = None
+        self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_secret_item.py b/azure-keyvault/azure/keyvault/models/deleted_secret_item.py
old mode 100755
new mode 100644
index a5dd1a4fa3f3..6faa18b080df
--- a/azure-keyvault/azure/keyvault/models/deleted_secret_item.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_secret_item.py
@@ -21,10 +21,9 @@ class DeletedSecretItem(SecretItem):
     :param id: Secret identifier.
     :type id: str
     :param attributes: The secret management attributes.
-    :type attributes: :class:`SecretAttributes
-     <azure.keyvault.models.SecretAttributes>`
+    :type attributes: ~azure.keyvault.models.SecretAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :param content_type: Type of the secret value such as a password.
     :type content_type: str
     :ivar managed: True if the secret's lifetime is managed by key vault. If
@@ -57,8 +56,8 @@ class DeletedSecretItem(SecretItem):
         'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
     }
 
-    def __init__(self, id=None, attributes=None, tags=None, content_type=None, recovery_id=None):
-        super(DeletedSecretItem, self).__init__(id=id, attributes=attributes, tags=tags, content_type=content_type)
-        self.recovery_id = recovery_id
+    def __init__(self, **kwargs):
+        super(DeletedSecretItem, self).__init__(**kwargs)
+        self.recovery_id = kwargs.get('recovery_id', None)
         self.scheduled_purge_date = None
         self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/deleted_secret_item_paged.py b/azure-keyvault/azure/keyvault/models/deleted_secret_item_paged.py
old mode 100755
new mode 100644
index bc8a5644c259..723328f86a49
--- a/azure-keyvault/azure/keyvault/models/deleted_secret_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/deleted_secret_item_paged.py
@@ -14,7 +14,7 @@
 
 class DeletedSecretItemPaged(Paged):
     """
-    A paging container for iterating over a list of DeletedSecretItem object
+    A paging container for iterating over a list of :class:`DeletedSecretItem <azure.keyvault.models.DeletedSecretItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/deleted_secret_item_py3.py b/azure-keyvault/azure/keyvault/models/deleted_secret_item_py3.py
new file mode 100644
index 000000000000..45a05db4b63e
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/deleted_secret_item_py3.py
@@ -0,0 +1,63 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .secret_item_py3 import SecretItem
+
+
+class DeletedSecretItem(SecretItem):
+    """The deleted secret item containing metadata about the deleted secret.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param id: Secret identifier.
+    :type id: str
+    :param attributes: The secret management attributes.
+    :type attributes: ~azure.keyvault.models.SecretAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :param content_type: Type of the secret value such as a password.
+    :type content_type: str
+    :ivar managed: True if the secret's lifetime is managed by key vault. If
+     this is a key backing a certificate, then managed will be true.
+    :vartype managed: bool
+    :param recovery_id: The url of the recovery object, used to identify and
+     recover the deleted secret.
+    :type recovery_id: str
+    :ivar scheduled_purge_date: The time when the secret is scheduled to be
+     purged, in UTC
+    :vartype scheduled_purge_date: datetime
+    :ivar deleted_date: The time when the secret was deleted, in UTC
+    :vartype deleted_date: datetime
+    """
+
+    _validation = {
+        'managed': {'readonly': True},
+        'scheduled_purge_date': {'readonly': True},
+        'deleted_date': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+        'recovery_id': {'key': 'recoveryId', 'type': 'str'},
+        'scheduled_purge_date': {'key': 'scheduledPurgeDate', 'type': 'unix-time'},
+        'deleted_date': {'key': 'deletedDate', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, recovery_id: str=None, **kwargs) -> None:
+        super(DeletedSecretItem, self).__init__(id=id, attributes=attributes, tags=tags, content_type=content_type, **kwargs)
+        self.recovery_id = recovery_id
+        self.scheduled_purge_date = None
+        self.deleted_date = None
diff --git a/azure-keyvault/azure/keyvault/models/error.py b/azure-keyvault/azure/keyvault/models/error.py
old mode 100755
new mode 100644
index edd0fb144070..9dbe09fa48fc
--- a/azure-keyvault/azure/keyvault/models/error.py
+++ b/azure-keyvault/azure/keyvault/models/error.py
@@ -23,7 +23,7 @@ class Error(Model):
     :ivar message: The error message.
     :vartype message: str
     :ivar inner_error:
-    :vartype inner_error: :class:`Error <azure.keyvault.models.Error>`
+    :vartype inner_error: ~azure.keyvault.models.Error
     """
 
     _validation = {
@@ -38,7 +38,8 @@ class Error(Model):
         'inner_error': {'key': 'innererror', 'type': 'Error'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(Error, self).__init__(**kwargs)
         self.code = None
         self.message = None
         self.inner_error = None
diff --git a/azure-keyvault/azure/keyvault/models/error_py3.py b/azure-keyvault/azure/keyvault/models/error_py3.py
new file mode 100644
index 000000000000..660e077d36db
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/error_py3.py
@@ -0,0 +1,45 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class Error(Model):
+    """The key vault server error.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar code: The error code.
+    :vartype code: str
+    :ivar message: The error message.
+    :vartype message: str
+    :ivar inner_error:
+    :vartype inner_error: ~azure.keyvault.models.Error
+    """
+
+    _validation = {
+        'code': {'readonly': True},
+        'message': {'readonly': True},
+        'inner_error': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'code': {'key': 'code', 'type': 'str'},
+        'message': {'key': 'message', 'type': 'str'},
+        'inner_error': {'key': 'innererror', 'type': 'Error'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(Error, self).__init__(**kwargs)
+        self.code = None
+        self.message = None
+        self.inner_error = None
diff --git a/azure-keyvault/azure/keyvault/models/issuer_attributes.py b/azure-keyvault/azure/keyvault/models/issuer_attributes.py
old mode 100755
new mode 100644
index 4c79186d0155..c10a16642899
--- a/azure-keyvault/azure/keyvault/models/issuer_attributes.py
+++ b/azure-keyvault/azure/keyvault/models/issuer_attributes.py
@@ -37,7 +37,8 @@ class IssuerAttributes(Model):
         'updated': {'key': 'updated', 'type': 'unix-time'},
     }
 
-    def __init__(self, enabled=None):
-        self.enabled = enabled
+    def __init__(self, **kwargs):
+        super(IssuerAttributes, self).__init__(**kwargs)
+        self.enabled = kwargs.get('enabled', None)
         self.created = None
         self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/issuer_attributes_py3.py b/azure-keyvault/azure/keyvault/models/issuer_attributes_py3.py
new file mode 100644
index 000000000000..d52ad4e0fc20
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/issuer_attributes_py3.py
@@ -0,0 +1,44 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class IssuerAttributes(Model):
+    """The attributes of an issuer managed by the Key Vault service.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: Determines whether the issuer is enabled.
+    :type enabled: bool
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, enabled: bool=None, **kwargs) -> None:
+        super(IssuerAttributes, self).__init__(**kwargs)
+        self.enabled = enabled
+        self.created = None
+        self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/issuer_bundle.py b/azure-keyvault/azure/keyvault/models/issuer_bundle.py
old mode 100755
new mode 100644
index 895598ec2bc4..778b64ada702
--- a/azure-keyvault/azure/keyvault/models/issuer_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/issuer_bundle.py
@@ -23,15 +23,12 @@ class IssuerBundle(Model):
     :param provider: The issuer provider.
     :type provider: str
     :param credentials: The credentials to be used for the issuer.
-    :type credentials: :class:`IssuerCredentials
-     <azure.keyvault.models.IssuerCredentials>`
+    :type credentials: ~azure.keyvault.models.IssuerCredentials
     :param organization_details: Details of the organization as provided to
      the issuer.
-    :type organization_details: :class:`OrganizationDetails
-     <azure.keyvault.models.OrganizationDetails>`
+    :type organization_details: ~azure.keyvault.models.OrganizationDetails
     :param attributes: Attributes of the issuer object.
-    :type attributes: :class:`IssuerAttributes
-     <azure.keyvault.models.IssuerAttributes>`
+    :type attributes: ~azure.keyvault.models.IssuerAttributes
     """
 
     _validation = {
@@ -46,9 +43,10 @@ class IssuerBundle(Model):
         'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'},
     }
 
-    def __init__(self, provider=None, credentials=None, organization_details=None, attributes=None):
+    def __init__(self, **kwargs):
+        super(IssuerBundle, self).__init__(**kwargs)
         self.id = None
-        self.provider = provider
-        self.credentials = credentials
-        self.organization_details = organization_details
-        self.attributes = attributes
+        self.provider = kwargs.get('provider', None)
+        self.credentials = kwargs.get('credentials', None)
+        self.organization_details = kwargs.get('organization_details', None)
+        self.attributes = kwargs.get('attributes', None)
diff --git a/azure-keyvault/azure/keyvault/models/issuer_bundle_py3.py b/azure-keyvault/azure/keyvault/models/issuer_bundle_py3.py
new file mode 100644
index 000000000000..c8a3dc83178a
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/issuer_bundle_py3.py
@@ -0,0 +1,52 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class IssuerBundle(Model):
+    """The issuer for Key Vault certificate.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: Identifier for the issuer object.
+    :vartype id: str
+    :param provider: The issuer provider.
+    :type provider: str
+    :param credentials: The credentials to be used for the issuer.
+    :type credentials: ~azure.keyvault.models.IssuerCredentials
+    :param organization_details: Details of the organization as provided to
+     the issuer.
+    :type organization_details: ~azure.keyvault.models.OrganizationDetails
+    :param attributes: Attributes of the issuer object.
+    :type attributes: ~azure.keyvault.models.IssuerAttributes
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'provider': {'key': 'provider', 'type': 'str'},
+        'credentials': {'key': 'credentials', 'type': 'IssuerCredentials'},
+        'organization_details': {'key': 'org_details', 'type': 'OrganizationDetails'},
+        'attributes': {'key': 'attributes', 'type': 'IssuerAttributes'},
+    }
+
+    def __init__(self, *, provider: str=None, credentials=None, organization_details=None, attributes=None, **kwargs) -> None:
+        super(IssuerBundle, self).__init__(**kwargs)
+        self.id = None
+        self.provider = provider
+        self.credentials = credentials
+        self.organization_details = organization_details
+        self.attributes = attributes
diff --git a/azure-keyvault/azure/keyvault/models/issuer_credentials.py b/azure-keyvault/azure/keyvault/models/issuer_credentials.py
old mode 100755
new mode 100644
index 9908e3a6c19e..2f86d863239d
--- a/azure-keyvault/azure/keyvault/models/issuer_credentials.py
+++ b/azure-keyvault/azure/keyvault/models/issuer_credentials.py
@@ -26,6 +26,7 @@ class IssuerCredentials(Model):
         'password': {'key': 'pwd', 'type': 'str'},
     }
 
-    def __init__(self, account_id=None, password=None):
-        self.account_id = account_id
-        self.password = password
+    def __init__(self, **kwargs):
+        super(IssuerCredentials, self).__init__(**kwargs)
+        self.account_id = kwargs.get('account_id', None)
+        self.password = kwargs.get('password', None)
diff --git a/azure-keyvault/azure/keyvault/models/issuer_credentials_py3.py b/azure-keyvault/azure/keyvault/models/issuer_credentials_py3.py
new file mode 100644
index 000000000000..2882bad875d0
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/issuer_credentials_py3.py
@@ -0,0 +1,32 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class IssuerCredentials(Model):
+    """The credentials to be used for the certificate issuer.
+
+    :param account_id: The user name/account name/account id.
+    :type account_id: str
+    :param password: The password/secret/account key.
+    :type password: str
+    """
+
+    _attribute_map = {
+        'account_id': {'key': 'account_id', 'type': 'str'},
+        'password': {'key': 'pwd', 'type': 'str'},
+    }
+
+    def __init__(self, *, account_id: str=None, password: str=None, **kwargs) -> None:
+        super(IssuerCredentials, self).__init__(**kwargs)
+        self.account_id = account_id
+        self.password = password
diff --git a/azure-keyvault/azure/keyvault/models/issuer_parameters.py b/azure-keyvault/azure/keyvault/models/issuer_parameters.py
old mode 100755
new mode 100644
index 4e8db00262bc..9a0f0a5572e5
--- a/azure-keyvault/azure/keyvault/models/issuer_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/issuer_parameters.py
@@ -28,6 +28,7 @@ class IssuerParameters(Model):
         'certificate_type': {'key': 'cty', 'type': 'str'},
     }
 
-    def __init__(self, name=None, certificate_type=None):
-        self.name = name
-        self.certificate_type = certificate_type
+    def __init__(self, **kwargs):
+        super(IssuerParameters, self).__init__(**kwargs)
+        self.name = kwargs.get('name', None)
+        self.certificate_type = kwargs.get('certificate_type', None)
diff --git a/azure-keyvault/azure/keyvault/models/issuer_parameters_py3.py b/azure-keyvault/azure/keyvault/models/issuer_parameters_py3.py
new file mode 100644
index 000000000000..25fd2aadef30
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/issuer_parameters_py3.py
@@ -0,0 +1,34 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class IssuerParameters(Model):
+    """Parameters for the issuer of the X509 component of a certificate.
+
+    :param name: Name of the referenced issuer object or reserved names; for
+     example, 'Self' or 'Unknown'.
+    :type name: str
+    :param certificate_type: Type of certificate to be requested from the
+     issuer provider.
+    :type certificate_type: str
+    """
+
+    _attribute_map = {
+        'name': {'key': 'name', 'type': 'str'},
+        'certificate_type': {'key': 'cty', 'type': 'str'},
+    }
+
+    def __init__(self, *, name: str=None, certificate_type: str=None, **kwargs) -> None:
+        super(IssuerParameters, self).__init__(**kwargs)
+        self.name = name
+        self.certificate_type = certificate_type
diff --git a/azure-keyvault/azure/keyvault/models/json_web_key.py b/azure-keyvault/azure/keyvault/models/json_web_key.py
old mode 100755
new mode 100644
index 481594a77b40..033416b2b1d3
--- a/azure-keyvault/azure/keyvault/models/json_web_key.py
+++ b/azure-keyvault/azure/keyvault/models/json_web_key.py
@@ -17,18 +17,16 @@ class JsonWebKey(Model):
 
     :param kid: Key identifier.
     :type kid: str
-    :param kty: Supported JsonWebKey key types (kty) for Elliptic Curve, RSA,
-     HSM, Octet. Kty is usually set to RSA. Possible values include: 'EC',
-     'RSA', 'RSA-HSM', 'oct'
-    :type kty: str or :class:`JsonWebKeyType
-     <azure.keyvault.models.JsonWebKeyType>`
+    :param kty: JsonWebKey key type (kty). Possible values include: 'EC',
+     'EC-HSM', 'RSA', 'RSA-HSM', 'oct'
+    :type kty: str or ~azure.keyvault.models.JsonWebKeyType
     :param key_ops:
-    :type key_ops: list of str
+    :type key_ops: list[str]
     :param n: RSA modulus.
     :type n: bytes
     :param e: RSA public exponent.
     :type e: bytes
-    :param d: RSA private exponent.
+    :param d: RSA private exponent, or the D component of an EC private key.
     :type d: bytes
     :param dp: RSA private key parameter.
     :type dp: bytes
@@ -44,6 +42,14 @@ class JsonWebKey(Model):
     :type k: bytes
     :param t: HSM Token, used with 'Bring Your Own Key'.
     :type t: bytes
+    :param crv: Elliptic curve name. For valid values, see
+     JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521',
+     'SECP256K1'
+    :type crv: str or ~azure.keyvault.models.JsonWebKeyCurveName
+    :param x: X component of an EC public key.
+    :type x: bytes
+    :param y: Y component of an EC public key.
+    :type y: bytes
     """
 
     _attribute_map = {
@@ -60,19 +66,26 @@ class JsonWebKey(Model):
         'q': {'key': 'q', 'type': 'base64'},
         'k': {'key': 'k', 'type': 'base64'},
         't': {'key': 'key_hsm', 'type': 'base64'},
+        'crv': {'key': 'crv', 'type': 'str'},
+        'x': {'key': 'x', 'type': 'base64'},
+        'y': {'key': 'y', 'type': 'base64'},
     }
 
-    def __init__(self, kid=None, kty=None, key_ops=None, n=None, e=None, d=None, dp=None, dq=None, qi=None, p=None, q=None, k=None, t=None):
-        self.kid = kid
-        self.kty = kty
-        self.key_ops = key_ops
-        self.n = n
-        self.e = e
-        self.d = d
-        self.dp = dp
-        self.dq = dq
-        self.qi = qi
-        self.p = p
-        self.q = q
-        self.k = k
-        self.t = t
+    def __init__(self, **kwargs):
+        super(JsonWebKey, self).__init__(**kwargs)
+        self.kid = kwargs.get('kid', None)
+        self.kty = kwargs.get('kty', None)
+        self.key_ops = kwargs.get('key_ops', None)
+        self.n = kwargs.get('n', None)
+        self.e = kwargs.get('e', None)
+        self.d = kwargs.get('d', None)
+        self.dp = kwargs.get('dp', None)
+        self.dq = kwargs.get('dq', None)
+        self.qi = kwargs.get('qi', None)
+        self.p = kwargs.get('p', None)
+        self.q = kwargs.get('q', None)
+        self.k = kwargs.get('k', None)
+        self.t = kwargs.get('t', None)
+        self.crv = kwargs.get('crv', None)
+        self.x = kwargs.get('x', None)
+        self.y = kwargs.get('y', None)
diff --git a/azure-keyvault/azure/keyvault/models/json_web_key_py3.py b/azure-keyvault/azure/keyvault/models/json_web_key_py3.py
new file mode 100644
index 000000000000..c5e1252f9783
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/json_web_key_py3.py
@@ -0,0 +1,91 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class JsonWebKey(Model):
+    """As of http://tools.ietf.org/html/draft-ietf-jose-json-web-key-18.
+
+    :param kid: Key identifier.
+    :type kid: str
+    :param kty: JsonWebKey key type (kty). Possible values include: 'EC',
+     'EC-HSM', 'RSA', 'RSA-HSM', 'oct'
+    :type kty: str or ~azure.keyvault.models.JsonWebKeyType
+    :param key_ops:
+    :type key_ops: list[str]
+    :param n: RSA modulus.
+    :type n: bytes
+    :param e: RSA public exponent.
+    :type e: bytes
+    :param d: RSA private exponent, or the D component of an EC private key.
+    :type d: bytes
+    :param dp: RSA private key parameter.
+    :type dp: bytes
+    :param dq: RSA private key parameter.
+    :type dq: bytes
+    :param qi: RSA private key parameter.
+    :type qi: bytes
+    :param p: RSA secret prime.
+    :type p: bytes
+    :param q: RSA secret prime, with p < q.
+    :type q: bytes
+    :param k: Symmetric key.
+    :type k: bytes
+    :param t: HSM Token, used with 'Bring Your Own Key'.
+    :type t: bytes
+    :param crv: Elliptic curve name. For valid values, see
+     JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521',
+     'SECP256K1'
+    :type crv: str or ~azure.keyvault.models.JsonWebKeyCurveName
+    :param x: X component of an EC public key.
+    :type x: bytes
+    :param y: Y component of an EC public key.
+    :type y: bytes
+    """
+
+    _attribute_map = {
+        'kid': {'key': 'kid', 'type': 'str'},
+        'kty': {'key': 'kty', 'type': 'str'},
+        'key_ops': {'key': 'key_ops', 'type': '[str]'},
+        'n': {'key': 'n', 'type': 'base64'},
+        'e': {'key': 'e', 'type': 'base64'},
+        'd': {'key': 'd', 'type': 'base64'},
+        'dp': {'key': 'dp', 'type': 'base64'},
+        'dq': {'key': 'dq', 'type': 'base64'},
+        'qi': {'key': 'qi', 'type': 'base64'},
+        'p': {'key': 'p', 'type': 'base64'},
+        'q': {'key': 'q', 'type': 'base64'},
+        'k': {'key': 'k', 'type': 'base64'},
+        't': {'key': 'key_hsm', 'type': 'base64'},
+        'crv': {'key': 'crv', 'type': 'str'},
+        'x': {'key': 'x', 'type': 'base64'},
+        'y': {'key': 'y', 'type': 'base64'},
+    }
+
+    def __init__(self, *, kid: str=None, kty=None, key_ops=None, n: bytes=None, e: bytes=None, d: bytes=None, dp: bytes=None, dq: bytes=None, qi: bytes=None, p: bytes=None, q: bytes=None, k: bytes=None, t: bytes=None, crv=None, x: bytes=None, y: bytes=None, **kwargs) -> None:
+        super(JsonWebKey, self).__init__(**kwargs)
+        self.kid = kid
+        self.kty = kty
+        self.key_ops = key_ops
+        self.n = n
+        self.e = e
+        self.d = d
+        self.dp = dp
+        self.dq = dq
+        self.qi = qi
+        self.p = p
+        self.q = q
+        self.k = k
+        self.t = t
+        self.crv = crv
+        self.x = x
+        self.y = y
diff --git a/azure-keyvault/azure/keyvault/models/key_attributes.py b/azure-keyvault/azure/keyvault/models/key_attributes.py
old mode 100755
new mode 100644
index 3338efe6189d..d1fb33f64a64
--- a/azure-keyvault/azure/keyvault/models/key_attributes.py
+++ b/azure-keyvault/azure/keyvault/models/key_attributes.py
@@ -34,8 +34,8 @@ class KeyAttributes(Attributes):
      system can purge the key, at the end of the retention interval. Possible
      values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable',
      'Recoverable+ProtectedSubscription'
-    :vartype recovery_level: str or :class:`DeletionRecoveryLevel
-     <azure.keyvault.models.DeletionRecoveryLevel>`
+    :vartype recovery_level: str or
+     ~azure.keyvault.models.DeletionRecoveryLevel
     """
 
     _validation = {
@@ -53,6 +53,6 @@ class KeyAttributes(Attributes):
         'recovery_level': {'key': 'recoveryLevel', 'type': 'str'},
     }
 
-    def __init__(self, enabled=None, not_before=None, expires=None):
-        super(KeyAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires)
+    def __init__(self, **kwargs):
+        super(KeyAttributes, self).__init__(**kwargs)
         self.recovery_level = None
diff --git a/azure-keyvault/azure/keyvault/models/key_attributes_py3.py b/azure-keyvault/azure/keyvault/models/key_attributes_py3.py
new file mode 100644
index 000000000000..ee606fe0f5f4
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_attributes_py3.py
@@ -0,0 +1,58 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .attributes_py3 import Attributes
+
+
+class KeyAttributes(Attributes):
+    """The attributes of a key managed by the key vault service.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: Determines whether the object is enabled.
+    :type enabled: bool
+    :param not_before: Not before date in UTC.
+    :type not_before: datetime
+    :param expires: Expiry date in UTC.
+    :type expires: datetime
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    :ivar recovery_level: Reflects the deletion recovery level currently in
+     effect for keys in the current vault. If it contains 'Purgeable' the key
+     can be permanently deleted by a privileged user; otherwise, only the
+     system can purge the key, at the end of the retention interval. Possible
+     values include: 'Purgeable', 'Recoverable+Purgeable', 'Recoverable',
+     'Recoverable+ProtectedSubscription'
+    :vartype recovery_level: str or
+     ~azure.keyvault.models.DeletionRecoveryLevel
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+        'recovery_level': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'not_before': {'key': 'nbf', 'type': 'unix-time'},
+        'expires': {'key': 'exp', 'type': 'unix-time'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+        'recovery_level': {'key': 'recoveryLevel', 'type': 'str'},
+    }
+
+    def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None:
+        super(KeyAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs)
+        self.recovery_level = None
diff --git a/azure-keyvault/azure/keyvault/models/key_bundle.py b/azure-keyvault/azure/keyvault/models/key_bundle.py
old mode 100755
new mode 100644
index 3bb9ea90c9c6..0dd494c6de1d
--- a/azure-keyvault/azure/keyvault/models/key_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/key_bundle.py
@@ -19,12 +19,11 @@ class KeyBundle(Model):
     sending a request.
 
     :param key: The Json web key.
-    :type key: :class:`JsonWebKey <azure.keyvault.models.JsonWebKey>`
+    :type key: ~azure.keyvault.models.JsonWebKey
     :param attributes: The key management attributes.
-    :type attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :ivar managed: True if the key's lifetime is managed by key vault. If this
      is a key backing a certificate, then managed will be true.
     :vartype managed: bool
@@ -41,8 +40,9 @@ class KeyBundle(Model):
         'managed': {'key': 'managed', 'type': 'bool'},
     }
 
-    def __init__(self, key=None, attributes=None, tags=None):
-        self.key = key
-        self.attributes = attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(KeyBundle, self).__init__(**kwargs)
+        self.key = kwargs.get('key', None)
+        self.attributes = kwargs.get('attributes', None)
+        self.tags = kwargs.get('tags', None)
         self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/key_bundle_py3.py b/azure-keyvault/azure/keyvault/models/key_bundle_py3.py
new file mode 100644
index 000000000000..53e3abc61095
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_bundle_py3.py
@@ -0,0 +1,48 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyBundle(Model):
+    """A KeyBundle consisting of a WebKey plus its attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param key: The Json web key.
+    :type key: ~azure.keyvault.models.JsonWebKey
+    :param attributes: The key management attributes.
+    :type attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :ivar managed: True if the key's lifetime is managed by key vault. If this
+     is a key backing a certificate, then managed will be true.
+    :vartype managed: bool
+    """
+
+    _validation = {
+        'managed': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'key': {'key': 'key', 'type': 'JsonWebKey'},
+        'attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+    }
+
+    def __init__(self, *, key=None, attributes=None, tags=None, **kwargs) -> None:
+        super(KeyBundle, self).__init__(**kwargs)
+        self.key = key
+        self.attributes = attributes
+        self.tags = tags
+        self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/key_create_parameters.py b/azure-keyvault/azure/keyvault/models/key_create_parameters.py
old mode 100755
new mode 100644
index deb9289ea3f9..cc23494b80fc
--- a/azure-keyvault/azure/keyvault/models/key_create_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_create_parameters.py
@@ -15,21 +15,25 @@
 class KeyCreateParameters(Model):
     """The key create parameters.
 
-    :param kty: The type of key to create. For valid key types, see
-     JsonWebKeyType. Supported JsonWebKey key types (kty) for Elliptic Curve,
-     RSA, HSM, Octet. Possible values include: 'EC', 'RSA', 'RSA-HSM', 'oct'
-    :type kty: str or :class:`JsonWebKeyType
-     <azure.keyvault.models.JsonWebKeyType>`
-    :param key_size: The key size in bytes. For example, 1024 or 2048.
+    All required parameters must be populated in order to send to Azure.
+
+    :param kty: Required. The type of key to create. For valid values, see
+     JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM',
+     'oct'
+    :type kty: str or ~azure.keyvault.models.JsonWebKeyType
+    :param key_size: The key size in bits. For example: 2048, 3072, or 4096
+     for RSA.
     :type key_size: int
     :param key_ops:
-    :type key_ops: list of str or :class:`JsonWebKeyOperation
-     <azure.keyvault.models.JsonWebKeyOperation>`
+    :type key_ops: list[str or ~azure.keyvault.models.JsonWebKeyOperation]
     :param key_attributes:
-    :type key_attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type key_attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
+    :param curve: Elliptic curve name. For valid values, see
+     JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521',
+     'SECP256K1'
+    :type curve: str or ~azure.keyvault.models.JsonWebKeyCurveName
     """
 
     _validation = {
@@ -42,11 +46,14 @@ class KeyCreateParameters(Model):
         'key_ops': {'key': 'key_ops', 'type': '[str]'},
         'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
         'tags': {'key': 'tags', 'type': '{str}'},
+        'curve': {'key': 'crv', 'type': 'str'},
     }
 
-    def __init__(self, kty, key_size=None, key_ops=None, key_attributes=None, tags=None):
-        self.kty = kty
-        self.key_size = key_size
-        self.key_ops = key_ops
-        self.key_attributes = key_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(KeyCreateParameters, self).__init__(**kwargs)
+        self.kty = kwargs.get('kty', None)
+        self.key_size = kwargs.get('key_size', None)
+        self.key_ops = kwargs.get('key_ops', None)
+        self.key_attributes = kwargs.get('key_attributes', None)
+        self.tags = kwargs.get('tags', None)
+        self.curve = kwargs.get('curve', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_create_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_create_parameters_py3.py
new file mode 100644
index 000000000000..b0937c730ffd
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_create_parameters_py3.py
@@ -0,0 +1,59 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyCreateParameters(Model):
+    """The key create parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param kty: Required. The type of key to create. For valid values, see
+     JsonWebKeyType. Possible values include: 'EC', 'EC-HSM', 'RSA', 'RSA-HSM',
+     'oct'
+    :type kty: str or ~azure.keyvault.models.JsonWebKeyType
+    :param key_size: The key size in bits. For example: 2048, 3072, or 4096
+     for RSA.
+    :type key_size: int
+    :param key_ops:
+    :type key_ops: list[str or ~azure.keyvault.models.JsonWebKeyOperation]
+    :param key_attributes:
+    :type key_attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :param curve: Elliptic curve name. For valid values, see
+     JsonWebKeyCurveName. Possible values include: 'P-256', 'P-384', 'P-521',
+     'SECP256K1'
+    :type curve: str or ~azure.keyvault.models.JsonWebKeyCurveName
+    """
+
+    _validation = {
+        'kty': {'required': True, 'min_length': 1},
+    }
+
+    _attribute_map = {
+        'kty': {'key': 'kty', 'type': 'str'},
+        'key_size': {'key': 'key_size', 'type': 'int'},
+        'key_ops': {'key': 'key_ops', 'type': '[str]'},
+        'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'curve': {'key': 'crv', 'type': 'str'},
+    }
+
+    def __init__(self, *, kty, key_size: int=None, key_ops=None, key_attributes=None, tags=None, curve=None, **kwargs) -> None:
+        super(KeyCreateParameters, self).__init__(**kwargs)
+        self.kty = kty
+        self.key_size = key_size
+        self.key_ops = key_ops
+        self.key_attributes = key_attributes
+        self.tags = tags
+        self.curve = curve
diff --git a/azure-keyvault/azure/keyvault/models/key_import_parameters.py b/azure-keyvault/azure/keyvault/models/key_import_parameters.py
old mode 100755
new mode 100644
index 6583fbabd4ca..f309aad29ea8
--- a/azure-keyvault/azure/keyvault/models/key_import_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_import_parameters.py
@@ -15,15 +15,16 @@
 class KeyImportParameters(Model):
     """The key import parameters.
 
+    All required parameters must be populated in order to send to Azure.
+
     :param hsm: Whether to import as a hardware key (HSM) or software key.
     :type hsm: bool
-    :param key: The Json web key
-    :type key: :class:`JsonWebKey <azure.keyvault.models.JsonWebKey>`
+    :param key: Required. The Json web key
+    :type key: ~azure.keyvault.models.JsonWebKey
     :param key_attributes: The key management attributes.
-    :type key_attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type key_attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _validation = {
@@ -37,8 +38,9 @@ class KeyImportParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, key, hsm=None, key_attributes=None, tags=None):
-        self.hsm = hsm
-        self.key = key
-        self.key_attributes = key_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(KeyImportParameters, self).__init__(**kwargs)
+        self.hsm = kwargs.get('hsm', None)
+        self.key = kwargs.get('key', None)
+        self.key_attributes = kwargs.get('key_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_import_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_import_parameters_py3.py
new file mode 100644
index 000000000000..6808d2290484
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_import_parameters_py3.py
@@ -0,0 +1,46 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyImportParameters(Model):
+    """The key import parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param hsm: Whether to import as a hardware key (HSM) or software key.
+    :type hsm: bool
+    :param key: Required. The Json web key
+    :type key: ~azure.keyvault.models.JsonWebKey
+    :param key_attributes: The key management attributes.
+    :type key_attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _validation = {
+        'key': {'required': True},
+    }
+
+    _attribute_map = {
+        'hsm': {'key': 'Hsm', 'type': 'bool'},
+        'key': {'key': 'key', 'type': 'JsonWebKey'},
+        'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, key, hsm: bool=None, key_attributes=None, tags=None, **kwargs) -> None:
+        super(KeyImportParameters, self).__init__(**kwargs)
+        self.hsm = hsm
+        self.key = key
+        self.key_attributes = key_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/key_item.py b/azure-keyvault/azure/keyvault/models/key_item.py
old mode 100755
new mode 100644
index 206de5a8f1a7..6a4697b9a54d
--- a/azure-keyvault/azure/keyvault/models/key_item.py
+++ b/azure-keyvault/azure/keyvault/models/key_item.py
@@ -21,10 +21,9 @@ class KeyItem(Model):
     :param kid: Key identifier.
     :type kid: str
     :param attributes: The key management attributes.
-    :type attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :ivar managed: True if the key's lifetime is managed by key vault. If this
      is a key backing a certificate, then managed will be true.
     :vartype managed: bool
@@ -41,8 +40,9 @@ class KeyItem(Model):
         'managed': {'key': 'managed', 'type': 'bool'},
     }
 
-    def __init__(self, kid=None, attributes=None, tags=None):
-        self.kid = kid
-        self.attributes = attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(KeyItem, self).__init__(**kwargs)
+        self.kid = kwargs.get('kid', None)
+        self.attributes = kwargs.get('attributes', None)
+        self.tags = kwargs.get('tags', None)
         self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/key_item_paged.py b/azure-keyvault/azure/keyvault/models/key_item_paged.py
old mode 100755
new mode 100644
index 11ccc8cf2576..8f2c62fbaa44
--- a/azure-keyvault/azure/keyvault/models/key_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/key_item_paged.py
@@ -14,7 +14,7 @@
 
 class KeyItemPaged(Paged):
     """
-    A paging container for iterating over a list of KeyItem object
+    A paging container for iterating over a list of :class:`KeyItem <azure.keyvault.models.KeyItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/key_item_py3.py b/azure-keyvault/azure/keyvault/models/key_item_py3.py
new file mode 100644
index 000000000000..cc00bce8ee47
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_item_py3.py
@@ -0,0 +1,48 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyItem(Model):
+    """The key item containing key metadata.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param kid: Key identifier.
+    :type kid: str
+    :param attributes: The key management attributes.
+    :type attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :ivar managed: True if the key's lifetime is managed by key vault. If this
+     is a key backing a certificate, then managed will be true.
+    :vartype managed: bool
+    """
+
+    _validation = {
+        'managed': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'kid': {'key': 'kid', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+    }
+
+    def __init__(self, *, kid: str=None, attributes=None, tags=None, **kwargs) -> None:
+        super(KeyItem, self).__init__(**kwargs)
+        self.kid = kid
+        self.attributes = attributes
+        self.tags = tags
+        self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/key_operation_result.py b/azure-keyvault/azure/keyvault/models/key_operation_result.py
old mode 100755
new mode 100644
index 02c121311b9d..577326dcf54c
--- a/azure-keyvault/azure/keyvault/models/key_operation_result.py
+++ b/azure-keyvault/azure/keyvault/models/key_operation_result.py
@@ -34,6 +34,7 @@ class KeyOperationResult(Model):
         'result': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(KeyOperationResult, self).__init__(**kwargs)
         self.kid = None
         self.result = None
diff --git a/azure-keyvault/azure/keyvault/models/key_operation_result_py3.py b/azure-keyvault/azure/keyvault/models/key_operation_result_py3.py
new file mode 100644
index 000000000000..82cd8de63331
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_operation_result_py3.py
@@ -0,0 +1,40 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyOperationResult(Model):
+    """The key operation result.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar kid: Key identifier
+    :vartype kid: str
+    :ivar result:
+    :vartype result: bytes
+    """
+
+    _validation = {
+        'kid': {'readonly': True},
+        'result': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'kid': {'key': 'kid', 'type': 'str'},
+        'result': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(KeyOperationResult, self).__init__(**kwargs)
+        self.kid = None
+        self.result = None
diff --git a/azure-keyvault/azure/keyvault/models/key_operations_parameters.py b/azure-keyvault/azure/keyvault/models/key_operations_parameters.py
old mode 100755
new mode 100644
index 9733161d5326..76c19c93e69c
--- a/azure-keyvault/azure/keyvault/models/key_operations_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_operations_parameters.py
@@ -15,11 +15,13 @@
 class KeyOperationsParameters(Model):
     """The key operations parameters.
 
-    :param algorithm: algorithm identifier. Possible values include:
+    All required parameters must be populated in order to send to Azure.
+
+    :param algorithm: Required. algorithm identifier. Possible values include:
      'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
-    :type algorithm: str or :class:`JsonWebKeyEncryptionAlgorithm
-     <azure.keyvault.models.JsonWebKeyEncryptionAlgorithm>`
-    :param value:
+    :type algorithm: str or
+     ~azure.keyvault.models.JsonWebKeyEncryptionAlgorithm
+    :param value: Required.
     :type value: bytes
     """
 
@@ -33,6 +35,7 @@ class KeyOperationsParameters(Model):
         'value': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self, algorithm, value):
-        self.algorithm = algorithm
-        self.value = value
+    def __init__(self, **kwargs):
+        super(KeyOperationsParameters, self).__init__(**kwargs)
+        self.algorithm = kwargs.get('algorithm', None)
+        self.value = kwargs.get('value', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_operations_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_operations_parameters_py3.py
new file mode 100644
index 000000000000..95908ea94bf7
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_operations_parameters_py3.py
@@ -0,0 +1,41 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyOperationsParameters(Model):
+    """The key operations parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param algorithm: Required. algorithm identifier. Possible values include:
+     'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
+    :type algorithm: str or
+     ~azure.keyvault.models.JsonWebKeyEncryptionAlgorithm
+    :param value: Required.
+    :type value: bytes
+    """
+
+    _validation = {
+        'algorithm': {'required': True, 'min_length': 1},
+        'value': {'required': True},
+    }
+
+    _attribute_map = {
+        'algorithm': {'key': 'alg', 'type': 'str'},
+        'value': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, *, algorithm, value: bytes, **kwargs) -> None:
+        super(KeyOperationsParameters, self).__init__(**kwargs)
+        self.algorithm = algorithm
+        self.value = value
diff --git a/azure-keyvault/azure/keyvault/models/key_properties.py b/azure-keyvault/azure/keyvault/models/key_properties.py
old mode 100755
new mode 100644
index 9460e1f6b0ac..cffdedef7c39
--- a/azure-keyvault/azure/keyvault/models/key_properties.py
+++ b/azure-keyvault/azure/keyvault/models/key_properties.py
@@ -19,7 +19,8 @@ class KeyProperties(Model):
     :type exportable: bool
     :param key_type: The key type.
     :type key_type: str
-    :param key_size: The key size in bytes. For example;  1024 or 2048.
+    :param key_size: The key size in bits. For example: 2048, 3072, or 4096
+     for RSA.
     :type key_size: int
     :param reuse_key: Indicates if the same key pair will be used on
      certificate renewal.
@@ -33,8 +34,9 @@ class KeyProperties(Model):
         'reuse_key': {'key': 'reuse_key', 'type': 'bool'},
     }
 
-    def __init__(self, exportable=None, key_type=None, key_size=None, reuse_key=None):
-        self.exportable = exportable
-        self.key_type = key_type
-        self.key_size = key_size
-        self.reuse_key = reuse_key
+    def __init__(self, **kwargs):
+        super(KeyProperties, self).__init__(**kwargs)
+        self.exportable = kwargs.get('exportable', None)
+        self.key_type = kwargs.get('key_type', None)
+        self.key_size = kwargs.get('key_size', None)
+        self.reuse_key = kwargs.get('reuse_key', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_properties_py3.py b/azure-keyvault/azure/keyvault/models/key_properties_py3.py
new file mode 100644
index 000000000000..1068ce7af0f4
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_properties_py3.py
@@ -0,0 +1,42 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyProperties(Model):
+    """Properties of the key pair backing a certificate.
+
+    :param exportable: Indicates if the private key can be exported.
+    :type exportable: bool
+    :param key_type: The key type.
+    :type key_type: str
+    :param key_size: The key size in bits. For example: 2048, 3072, or 4096
+     for RSA.
+    :type key_size: int
+    :param reuse_key: Indicates if the same key pair will be used on
+     certificate renewal.
+    :type reuse_key: bool
+    """
+
+    _attribute_map = {
+        'exportable': {'key': 'exportable', 'type': 'bool'},
+        'key_type': {'key': 'kty', 'type': 'str'},
+        'key_size': {'key': 'key_size', 'type': 'int'},
+        'reuse_key': {'key': 'reuse_key', 'type': 'bool'},
+    }
+
+    def __init__(self, *, exportable: bool=None, key_type: str=None, key_size: int=None, reuse_key: bool=None, **kwargs) -> None:
+        super(KeyProperties, self).__init__(**kwargs)
+        self.exportable = exportable
+        self.key_type = key_type
+        self.key_size = key_size
+        self.reuse_key = reuse_key
diff --git a/azure-keyvault/azure/keyvault/models/key_restore_parameters.py b/azure-keyvault/azure/keyvault/models/key_restore_parameters.py
old mode 100755
new mode 100644
index 47224e4f519a..7594a7af2833
--- a/azure-keyvault/azure/keyvault/models/key_restore_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_restore_parameters.py
@@ -15,7 +15,10 @@
 class KeyRestoreParameters(Model):
     """The key restore parameters.
 
-    :param key_bundle_backup: The backup blob associated with a key bundle.
+    All required parameters must be populated in order to send to Azure.
+
+    :param key_bundle_backup: Required. The backup blob associated with a key
+     bundle.
     :type key_bundle_backup: bytes
     """
 
@@ -27,5 +30,6 @@ class KeyRestoreParameters(Model):
         'key_bundle_backup': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self, key_bundle_backup):
-        self.key_bundle_backup = key_bundle_backup
+    def __init__(self, **kwargs):
+        super(KeyRestoreParameters, self).__init__(**kwargs)
+        self.key_bundle_backup = kwargs.get('key_bundle_backup', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_restore_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_restore_parameters_py3.py
new file mode 100644
index 000000000000..cf74e5904178
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_restore_parameters_py3.py
@@ -0,0 +1,35 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyRestoreParameters(Model):
+    """The key restore parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param key_bundle_backup: Required. The backup blob associated with a key
+     bundle.
+    :type key_bundle_backup: bytes
+    """
+
+    _validation = {
+        'key_bundle_backup': {'required': True},
+    }
+
+    _attribute_map = {
+        'key_bundle_backup': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, *, key_bundle_backup: bytes, **kwargs) -> None:
+        super(KeyRestoreParameters, self).__init__(**kwargs)
+        self.key_bundle_backup = key_bundle_backup
diff --git a/azure-keyvault/azure/keyvault/models/key_sign_parameters.py b/azure-keyvault/azure/keyvault/models/key_sign_parameters.py
old mode 100755
new mode 100644
index 025351c4d55c..2bb4c401dd10
--- a/azure-keyvault/azure/keyvault/models/key_sign_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_sign_parameters.py
@@ -15,13 +15,16 @@
 class KeySignParameters(Model):
     """The key operations parameters.
 
-    :param algorithm: The signing/verification algorithm identifier. For more
-     information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
-     Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384',
-     'RS512', 'RSNULL'
-    :type algorithm: str or :class:`JsonWebKeySignatureAlgorithm
-     <azure.keyvault.models.JsonWebKeySignatureAlgorithm>`
-    :param value:
+    All required parameters must be populated in order to send to Azure.
+
+    :param algorithm: Required. The signing/verification algorithm identifier.
+     For more information on possible algorithm types, see
+     JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384',
+     'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512',
+     'ECDSA256'
+    :type algorithm: str or
+     ~azure.keyvault.models.JsonWebKeySignatureAlgorithm
+    :param value: Required.
     :type value: bytes
     """
 
@@ -35,6 +38,7 @@ class KeySignParameters(Model):
         'value': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self, algorithm, value):
-        self.algorithm = algorithm
-        self.value = value
+    def __init__(self, **kwargs):
+        super(KeySignParameters, self).__init__(**kwargs)
+        self.algorithm = kwargs.get('algorithm', None)
+        self.value = kwargs.get('value', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_sign_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_sign_parameters_py3.py
new file mode 100644
index 000000000000..9287a24a6d09
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_sign_parameters_py3.py
@@ -0,0 +1,44 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeySignParameters(Model):
+    """The key operations parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param algorithm: Required. The signing/verification algorithm identifier.
+     For more information on possible algorithm types, see
+     JsonWebKeySignatureAlgorithm. Possible values include: 'PS256', 'PS384',
+     'PS512', 'RS256', 'RS384', 'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512',
+     'ECDSA256'
+    :type algorithm: str or
+     ~azure.keyvault.models.JsonWebKeySignatureAlgorithm
+    :param value: Required.
+    :type value: bytes
+    """
+
+    _validation = {
+        'algorithm': {'required': True, 'min_length': 1},
+        'value': {'required': True},
+    }
+
+    _attribute_map = {
+        'algorithm': {'key': 'alg', 'type': 'str'},
+        'value': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, *, algorithm, value: bytes, **kwargs) -> None:
+        super(KeySignParameters, self).__init__(**kwargs)
+        self.algorithm = algorithm
+        self.value = value
diff --git a/azure-keyvault/azure/keyvault/models/key_update_parameters.py b/azure-keyvault/azure/keyvault/models/key_update_parameters.py
old mode 100755
new mode 100644
index 8383f77b03cf..976411447e50
--- a/azure-keyvault/azure/keyvault/models/key_update_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_update_parameters.py
@@ -17,13 +17,11 @@ class KeyUpdateParameters(Model):
 
     :param key_ops: Json web key operations. For more information on possible
      key operations, see JsonWebKeyOperation.
-    :type key_ops: list of str or :class:`JsonWebKeyOperation
-     <azure.keyvault.models.JsonWebKeyOperation>`
+    :type key_ops: list[str or ~azure.keyvault.models.JsonWebKeyOperation]
     :param key_attributes:
-    :type key_attributes: :class:`KeyAttributes
-     <azure.keyvault.models.KeyAttributes>`
+    :type key_attributes: ~azure.keyvault.models.KeyAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _attribute_map = {
@@ -32,7 +30,8 @@ class KeyUpdateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, key_ops=None, key_attributes=None, tags=None):
-        self.key_ops = key_ops
-        self.key_attributes = key_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(KeyUpdateParameters, self).__init__(**kwargs)
+        self.key_ops = kwargs.get('key_ops', None)
+        self.key_attributes = kwargs.get('key_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_update_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_update_parameters_py3.py
new file mode 100644
index 000000000000..0a6f96024f97
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_update_parameters_py3.py
@@ -0,0 +1,37 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyUpdateParameters(Model):
+    """The key update parameters.
+
+    :param key_ops: Json web key operations. For more information on possible
+     key operations, see JsonWebKeyOperation.
+    :type key_ops: list[str or ~azure.keyvault.models.JsonWebKeyOperation]
+    :param key_attributes:
+    :type key_attributes: ~azure.keyvault.models.KeyAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _attribute_map = {
+        'key_ops': {'key': 'key_ops', 'type': '[str]'},
+        'key_attributes': {'key': 'attributes', 'type': 'KeyAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, key_ops=None, key_attributes=None, tags=None, **kwargs) -> None:
+        super(KeyUpdateParameters, self).__init__(**kwargs)
+        self.key_ops = key_ops
+        self.key_attributes = key_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/key_vault_client_enums.py b/azure-keyvault/azure/keyvault/models/key_vault_client_enums.py
old mode 100755
new mode 100644
index e19fa1bbc999..98100904d78b
--- a/azure-keyvault/azure/keyvault/models/key_vault_client_enums.py
+++ b/azure-keyvault/azure/keyvault/models/key_vault_client_enums.py
@@ -12,23 +12,32 @@
 from enum import Enum
 
 
-class JsonWebKeyType(Enum):
+class JsonWebKeyType(str, Enum):
 
     ec = "EC"
+    ec_hsm = "EC-HSM"
     rsa = "RSA"
     rsa_hsm = "RSA-HSM"
     oct = "oct"
 
 
-class DeletionRecoveryLevel(Enum):
+class JsonWebKeyCurveName(str, Enum):
 
-    purgeable = "Purgeable"
-    recoverable_purgeable = "Recoverable+Purgeable"
-    recoverable = "Recoverable"
-    recoverable_protected_subscription = "Recoverable+ProtectedSubscription"
+    p_256 = "P-256"  #: The NIST P-256 elliptic curve, AKA SECG curve SECP256R1.
+    p_384 = "P-384"  #: The NIST P-384 elliptic curve, AKA SECG curve SECP384R1.
+    p_521 = "P-521"  #: The NIST P-521 elliptic curve, AKA SECG curve SECP521R1.
+    secp256_k1 = "SECP256K1"  #: The SECG SECP256K1 elliptic curve.
 
 
-class KeyUsageType(Enum):
+class DeletionRecoveryLevel(str, Enum):
+
+    purgeable = "Purgeable"  #: Soft-delete is not enabled for this vault. A DELETE operation results in immediate and irreversible data loss.
+    recoverable_purgeable = "Recoverable+Purgeable"  #: Soft-delete is enabled for this vault; A priveleged user may trigger an immediate, irreversible deletion(purge) of a deleted entity.
+    recoverable = "Recoverable"  #: Soft-delete is enabled for this vault and purge has been disabled. A deleted entity will remain in this state until recovered, or the end of the retention interval.
+    recoverable_protected_subscription = "Recoverable+ProtectedSubscription"  #: Soft-delete is enabled for this vault, and the subscription is protected against immediate deletion.
+
+
+class KeyUsageType(str, Enum):
 
     digital_signature = "digitalSignature"
     non_repudiation = "nonRepudiation"
@@ -41,13 +50,13 @@ class KeyUsageType(Enum):
     decipher_only = "decipherOnly"
 
 
-class ActionType(Enum):
+class ActionType(str, Enum):
 
     email_contacts = "EmailContacts"
     auto_renew = "AutoRenew"
 
 
-class JsonWebKeyOperation(Enum):
+class JsonWebKeyOperation(str, Enum):
 
     encrypt = "encrypt"
     decrypt = "decrypt"
@@ -57,14 +66,14 @@ class JsonWebKeyOperation(Enum):
     unwrap_key = "unwrapKey"
 
 
-class JsonWebKeyEncryptionAlgorithm(Enum):
+class JsonWebKeyEncryptionAlgorithm(str, Enum):
 
     rsa_oaep = "RSA-OAEP"
     rsa_oaep_256 = "RSA-OAEP-256"
     rsa1_5 = "RSA1_5"
 
 
-class JsonWebKeySignatureAlgorithm(Enum):
+class JsonWebKeySignatureAlgorithm(str, Enum):
 
     ps256 = "PS256"
     ps384 = "PS384"
@@ -73,3 +82,7 @@ class JsonWebKeySignatureAlgorithm(Enum):
     rs384 = "RS384"
     rs512 = "RS512"
     rsnull = "RSNULL"
+    es256 = "ES256"
+    es384 = "ES384"
+    es512 = "ES512"
+    ecdsa256 = "ECDSA256"
diff --git a/azure-keyvault/azure/keyvault/models/key_vault_error.py b/azure-keyvault/azure/keyvault/models/key_vault_error.py
old mode 100755
new mode 100644
index cd38f4a68a90..91500f293c84
--- a/azure-keyvault/azure/keyvault/models/key_vault_error.py
+++ b/azure-keyvault/azure/keyvault/models/key_vault_error.py
@@ -20,7 +20,7 @@ class KeyVaultError(Model):
     sending a request.
 
     :ivar error:
-    :vartype error: :class:`Error <azure.keyvault.models.Error>`
+    :vartype error: ~azure.keyvault.models.Error
     """
 
     _validation = {
@@ -31,7 +31,8 @@ class KeyVaultError(Model):
         'error': {'key': 'error', 'type': 'Error'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(KeyVaultError, self).__init__(**kwargs)
         self.error = None
 
 
diff --git a/azure-keyvault/azure/keyvault/models/key_vault_error_py3.py b/azure-keyvault/azure/keyvault/models/key_vault_error_py3.py
new file mode 100644
index 000000000000..288f1d24494c
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_vault_error_py3.py
@@ -0,0 +1,48 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+from msrest.exceptions import HttpOperationError
+
+
+class KeyVaultError(Model):
+    """The key vault error exception.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar error:
+    :vartype error: ~azure.keyvault.models.Error
+    """
+
+    _validation = {
+        'error': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'error': {'key': 'error', 'type': 'Error'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(KeyVaultError, self).__init__(**kwargs)
+        self.error = None
+
+
+class KeyVaultErrorException(HttpOperationError):
+    """Server responsed with exception of type: 'KeyVaultError'.
+
+    :param deserialize: A deserializer
+    :param response: Server response to be deserialized.
+    """
+
+    def __init__(self, deserialize, response, *args):
+
+        super(KeyVaultErrorException, self).__init__(deserialize, response, 'KeyVaultError', *args)
diff --git a/azure-keyvault/azure/keyvault/models/key_verify_parameters.py b/azure-keyvault/azure/keyvault/models/key_verify_parameters.py
old mode 100755
new mode 100644
index 6201ad1a3e5b..524c6be9f9cb
--- a/azure-keyvault/azure/keyvault/models/key_verify_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/key_verify_parameters.py
@@ -15,15 +15,17 @@
 class KeyVerifyParameters(Model):
     """The key verify parameters.
 
-    :param algorithm: The signing/verification algorithm. For more information
-     on possible algorithm types, see JsonWebKeySignatureAlgorithm. Possible
-     values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512',
-     'RSNULL'
-    :type algorithm: str or :class:`JsonWebKeySignatureAlgorithm
-     <azure.keyvault.models.JsonWebKeySignatureAlgorithm>`
-    :param digest: The digest used for signing.
+    All required parameters must be populated in order to send to Azure.
+
+    :param algorithm: Required. The signing/verification algorithm. For more
+     information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
+     Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384',
+     'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ECDSA256'
+    :type algorithm: str or
+     ~azure.keyvault.models.JsonWebKeySignatureAlgorithm
+    :param digest: Required. The digest used for signing.
     :type digest: bytes
-    :param signature: The signature to be verified.
+    :param signature: Required. The signature to be verified.
     :type signature: bytes
     """
 
@@ -39,7 +41,8 @@ class KeyVerifyParameters(Model):
         'signature': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self, algorithm, digest, signature):
-        self.algorithm = algorithm
-        self.digest = digest
-        self.signature = signature
+    def __init__(self, **kwargs):
+        super(KeyVerifyParameters, self).__init__(**kwargs)
+        self.algorithm = kwargs.get('algorithm', None)
+        self.digest = kwargs.get('digest', None)
+        self.signature = kwargs.get('signature', None)
diff --git a/azure-keyvault/azure/keyvault/models/key_verify_parameters_py3.py b/azure-keyvault/azure/keyvault/models/key_verify_parameters_py3.py
new file mode 100644
index 000000000000..c5dd9819f053
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_verify_parameters_py3.py
@@ -0,0 +1,48 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyVerifyParameters(Model):
+    """The key verify parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param algorithm: Required. The signing/verification algorithm. For more
+     information on possible algorithm types, see JsonWebKeySignatureAlgorithm.
+     Possible values include: 'PS256', 'PS384', 'PS512', 'RS256', 'RS384',
+     'RS512', 'RSNULL', 'ES256', 'ES384', 'ES512', 'ECDSA256'
+    :type algorithm: str or
+     ~azure.keyvault.models.JsonWebKeySignatureAlgorithm
+    :param digest: Required. The digest used for signing.
+    :type digest: bytes
+    :param signature: Required. The signature to be verified.
+    :type signature: bytes
+    """
+
+    _validation = {
+        'algorithm': {'required': True, 'min_length': 1},
+        'digest': {'required': True},
+        'signature': {'required': True},
+    }
+
+    _attribute_map = {
+        'algorithm': {'key': 'alg', 'type': 'str'},
+        'digest': {'key': 'digest', 'type': 'base64'},
+        'signature': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, *, algorithm, digest: bytes, signature: bytes, **kwargs) -> None:
+        super(KeyVerifyParameters, self).__init__(**kwargs)
+        self.algorithm = algorithm
+        self.digest = digest
+        self.signature = signature
diff --git a/azure-keyvault/azure/keyvault/models/key_verify_result.py b/azure-keyvault/azure/keyvault/models/key_verify_result.py
old mode 100755
new mode 100644
index 4a6296f65a33..baffb85589cc
--- a/azure-keyvault/azure/keyvault/models/key_verify_result.py
+++ b/azure-keyvault/azure/keyvault/models/key_verify_result.py
@@ -30,5 +30,6 @@ class KeyVerifyResult(Model):
         'value': {'key': 'value', 'type': 'bool'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(KeyVerifyResult, self).__init__(**kwargs)
         self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/key_verify_result_py3.py b/azure-keyvault/azure/keyvault/models/key_verify_result_py3.py
new file mode 100644
index 000000000000..33a7a7ebaefa
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/key_verify_result_py3.py
@@ -0,0 +1,35 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class KeyVerifyResult(Model):
+    """The key verify result.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar value: True if the signature is verified, otherwise false.
+    :vartype value: bool
+    """
+
+    _validation = {
+        'value': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'bool'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(KeyVerifyResult, self).__init__(**kwargs)
+        self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/lifetime_action.py b/azure-keyvault/azure/keyvault/models/lifetime_action.py
old mode 100755
new mode 100644
index 1347cbe13c47..c7470e260f30
--- a/azure-keyvault/azure/keyvault/models/lifetime_action.py
+++ b/azure-keyvault/azure/keyvault/models/lifetime_action.py
@@ -17,9 +17,9 @@ class LifetimeAction(Model):
     lifetime of a certificate.
 
     :param trigger: The condition that will execute the action.
-    :type trigger: :class:`Trigger <azure.keyvault.models.Trigger>`
+    :type trigger: ~azure.keyvault.models.Trigger
     :param action: The action that will be executed.
-    :type action: :class:`Action <azure.keyvault.models.Action>`
+    :type action: ~azure.keyvault.models.Action
     """
 
     _attribute_map = {
@@ -27,6 +27,7 @@ class LifetimeAction(Model):
         'action': {'key': 'action', 'type': 'Action'},
     }
 
-    def __init__(self, trigger=None, action=None):
-        self.trigger = trigger
-        self.action = action
+    def __init__(self, **kwargs):
+        super(LifetimeAction, self).__init__(**kwargs)
+        self.trigger = kwargs.get('trigger', None)
+        self.action = kwargs.get('action', None)
diff --git a/azure-keyvault/azure/keyvault/models/lifetime_action_py3.py b/azure-keyvault/azure/keyvault/models/lifetime_action_py3.py
new file mode 100644
index 000000000000..a63470077a56
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/lifetime_action_py3.py
@@ -0,0 +1,33 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class LifetimeAction(Model):
+    """Action and its trigger that will be performed by Key Vault over the
+    lifetime of a certificate.
+
+    :param trigger: The condition that will execute the action.
+    :type trigger: ~azure.keyvault.models.Trigger
+    :param action: The action that will be executed.
+    :type action: ~azure.keyvault.models.Action
+    """
+
+    _attribute_map = {
+        'trigger': {'key': 'trigger', 'type': 'Trigger'},
+        'action': {'key': 'action', 'type': 'Action'},
+    }
+
+    def __init__(self, *, trigger=None, action=None, **kwargs) -> None:
+        super(LifetimeAction, self).__init__(**kwargs)
+        self.trigger = trigger
+        self.action = action
diff --git a/azure-keyvault/azure/keyvault/models/organization_details.py b/azure-keyvault/azure/keyvault/models/organization_details.py
old mode 100755
new mode 100644
index 3373b26a7653..c9275d5e9727
--- a/azure-keyvault/azure/keyvault/models/organization_details.py
+++ b/azure-keyvault/azure/keyvault/models/organization_details.py
@@ -18,8 +18,7 @@ class OrganizationDetails(Model):
     :param id: Id of the organization.
     :type id: str
     :param admin_details: Details of the organization administrator.
-    :type admin_details: list of :class:`AdministratorDetails
-     <azure.keyvault.models.AdministratorDetails>`
+    :type admin_details: list[~azure.keyvault.models.AdministratorDetails]
     """
 
     _attribute_map = {
@@ -27,6 +26,7 @@ class OrganizationDetails(Model):
         'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'},
     }
 
-    def __init__(self, id=None, admin_details=None):
-        self.id = id
-        self.admin_details = admin_details
+    def __init__(self, **kwargs):
+        super(OrganizationDetails, self).__init__(**kwargs)
+        self.id = kwargs.get('id', None)
+        self.admin_details = kwargs.get('admin_details', None)
diff --git a/azure-keyvault/azure/keyvault/models/organization_details_py3.py b/azure-keyvault/azure/keyvault/models/organization_details_py3.py
new file mode 100644
index 000000000000..46772a5c718d
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/organization_details_py3.py
@@ -0,0 +1,32 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class OrganizationDetails(Model):
+    """Details of the organization of the certificate issuer.
+
+    :param id: Id of the organization.
+    :type id: str
+    :param admin_details: Details of the organization administrator.
+    :type admin_details: list[~azure.keyvault.models.AdministratorDetails]
+    """
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'admin_details': {'key': 'admin_details', 'type': '[AdministratorDetails]'},
+    }
+
+    def __init__(self, *, id: str=None, admin_details=None, **kwargs) -> None:
+        super(OrganizationDetails, self).__init__(**kwargs)
+        self.id = id
+        self.admin_details = admin_details
diff --git a/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result.py b/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result.py
old mode 100755
new mode 100644
index a870d85d0257..2bea9bfcdd61
--- a/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result.py
+++ b/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result.py
@@ -31,5 +31,6 @@ class PendingCertificateSigningRequestResult(Model):
         'value': {'key': 'value', 'type': 'str'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(PendingCertificateSigningRequestResult, self).__init__(**kwargs)
         self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result_py3.py b/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result_py3.py
new file mode 100644
index 000000000000..2895d5a77a03
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/pending_certificate_signing_request_result_py3.py
@@ -0,0 +1,36 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class PendingCertificateSigningRequestResult(Model):
+    """The pending certificate signing request result.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar value: The pending certificate signing request as Base64 encoded
+     string.
+    :vartype value: str
+    """
+
+    _validation = {
+        'value': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'str'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(PendingCertificateSigningRequestResult, self).__init__(**kwargs)
+        self.value = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_attributes.py b/azure-keyvault/azure/keyvault/models/sas_definition_attributes.py
old mode 100755
new mode 100644
index 46c31d2ed361..f88bd466ba4b
--- a/azure-keyvault/azure/keyvault/models/sas_definition_attributes.py
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_attributes.py
@@ -37,7 +37,8 @@ class SasDefinitionAttributes(Model):
         'updated': {'key': 'updated', 'type': 'unix-time'},
     }
 
-    def __init__(self, enabled=None):
-        self.enabled = enabled
+    def __init__(self, **kwargs):
+        super(SasDefinitionAttributes, self).__init__(**kwargs)
+        self.enabled = kwargs.get('enabled', None)
         self.created = None
         self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_attributes_py3.py b/azure-keyvault/azure/keyvault/models/sas_definition_attributes_py3.py
new file mode 100644
index 000000000000..e39796d6c7ee
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_attributes_py3.py
@@ -0,0 +1,44 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SasDefinitionAttributes(Model):
+    """The SAS definition management attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: the enabled state of the object.
+    :type enabled: bool
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, enabled: bool=None, **kwargs) -> None:
+        super(SasDefinitionAttributes, self).__init__(**kwargs)
+        self.enabled = enabled
+        self.created = None
+        self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_bundle.py b/azure-keyvault/azure/keyvault/models/sas_definition_bundle.py
old mode 100755
new mode 100644
index 2372dc4f8e11..a9175a3d8634
--- a/azure-keyvault/azure/keyvault/models/sas_definition_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_bundle.py
@@ -25,12 +25,11 @@ class SasDefinitionBundle(Model):
     :vartype secret_id: str
     :ivar parameters: The SAS definition metadata in the form of key-value
      pairs.
-    :vartype parameters: dict
+    :vartype parameters: dict[str, str]
     :ivar attributes: The SAS definition attributes.
-    :vartype attributes: :class:`SasDefinitionAttributes
-     <azure.keyvault.models.SasDefinitionAttributes>`
+    :vartype attributes: ~azure.keyvault.models.SasDefinitionAttributes
     :ivar tags: Application specific metadata in the form of key-value pairs
-    :vartype tags: dict
+    :vartype tags: dict[str, str]
     """
 
     _validation = {
@@ -49,7 +48,8 @@ class SasDefinitionBundle(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(SasDefinitionBundle, self).__init__(**kwargs)
         self.id = None
         self.secret_id = None
         self.parameters = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_bundle_py3.py b/azure-keyvault/azure/keyvault/models/sas_definition_bundle_py3.py
new file mode 100644
index 000000000000..075ea213c082
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_bundle_py3.py
@@ -0,0 +1,57 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SasDefinitionBundle(Model):
+    """A SAS definition bundle consists of key vault SAS definition details plus
+    its attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The SAS definition id.
+    :vartype id: str
+    :ivar secret_id: Storage account SAS definition secret id.
+    :vartype secret_id: str
+    :ivar parameters: The SAS definition metadata in the form of key-value
+     pairs.
+    :vartype parameters: dict[str, str]
+    :ivar attributes: The SAS definition attributes.
+    :vartype attributes: ~azure.keyvault.models.SasDefinitionAttributes
+    :ivar tags: Application specific metadata in the form of key-value pairs
+    :vartype tags: dict[str, str]
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+        'secret_id': {'readonly': True},
+        'parameters': {'readonly': True},
+        'attributes': {'readonly': True},
+        'tags': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'secret_id': {'key': 'sid', 'type': 'str'},
+        'parameters': {'key': 'parameters', 'type': '{str}'},
+        'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(SasDefinitionBundle, self).__init__(**kwargs)
+        self.id = None
+        self.secret_id = None
+        self.parameters = None
+        self.attributes = None
+        self.tags = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters.py b/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters.py
old mode 100755
new mode 100644
index a8e6cd3e7b7c..e9b5b50c657f
--- a/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters.py
@@ -15,14 +15,16 @@
 class SasDefinitionCreateParameters(Model):
     """The SAS definition create parameters.
 
-    :param parameters: Sas definition creation metadata in the form of
-     key-value pairs.
-    :type parameters: dict
+    All required parameters must be populated in order to send to Azure.
+
+    :param parameters: Required. Sas definition creation metadata in the form
+     of key-value pairs.
+    :type parameters: dict[str, str]
     :param sas_definition_attributes: The attributes of the SAS definition.
-    :type sas_definition_attributes: :class:`SasDefinitionAttributes
-     <azure.keyvault.models.SasDefinitionAttributes>`
+    :type sas_definition_attributes:
+     ~azure.keyvault.models.SasDefinitionAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _validation = {
@@ -35,7 +37,8 @@ class SasDefinitionCreateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, parameters, sas_definition_attributes=None, tags=None):
-        self.parameters = parameters
-        self.sas_definition_attributes = sas_definition_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(SasDefinitionCreateParameters, self).__init__(**kwargs)
+        self.parameters = kwargs.get('parameters', None)
+        self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters_py3.py b/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters_py3.py
new file mode 100644
index 000000000000..3f2410a88cd2
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_create_parameters_py3.py
@@ -0,0 +1,44 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SasDefinitionCreateParameters(Model):
+    """The SAS definition create parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param parameters: Required. Sas definition creation metadata in the form
+     of key-value pairs.
+    :type parameters: dict[str, str]
+    :param sas_definition_attributes: The attributes of the SAS definition.
+    :type sas_definition_attributes:
+     ~azure.keyvault.models.SasDefinitionAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _validation = {
+        'parameters': {'required': True},
+    }
+
+    _attribute_map = {
+        'parameters': {'key': 'parameters', 'type': '{str}'},
+        'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, parameters, sas_definition_attributes=None, tags=None, **kwargs) -> None:
+        super(SasDefinitionCreateParameters, self).__init__(**kwargs)
+        self.parameters = parameters
+        self.sas_definition_attributes = sas_definition_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_item.py b/azure-keyvault/azure/keyvault/models/sas_definition_item.py
old mode 100755
new mode 100644
index 668c550e8eec..ad3715ad18dd
--- a/azure-keyvault/azure/keyvault/models/sas_definition_item.py
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_item.py
@@ -23,10 +23,9 @@ class SasDefinitionItem(Model):
     :ivar secret_id: The storage account SAS definition secret id.
     :vartype secret_id: str
     :ivar attributes: The SAS definition management attributes.
-    :vartype attributes: :class:`SasDefinitionAttributes
-     <azure.keyvault.models.SasDefinitionAttributes>`
+    :vartype attributes: ~azure.keyvault.models.SasDefinitionAttributes
     :ivar tags: Application specific metadata in the form of key-value pairs.
-    :vartype tags: dict
+    :vartype tags: dict[str, str]
     """
 
     _validation = {
@@ -43,7 +42,8 @@ class SasDefinitionItem(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(SasDefinitionItem, self).__init__(**kwargs)
         self.id = None
         self.secret_id = None
         self.attributes = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_item_paged.py b/azure-keyvault/azure/keyvault/models/sas_definition_item_paged.py
old mode 100755
new mode 100644
index bac7f70a3c6a..e15f77ecd3d1
--- a/azure-keyvault/azure/keyvault/models/sas_definition_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_item_paged.py
@@ -14,7 +14,7 @@
 
 class SasDefinitionItemPaged(Paged):
     """
-    A paging container for iterating over a list of SasDefinitionItem object
+    A paging container for iterating over a list of :class:`SasDefinitionItem <azure.keyvault.models.SasDefinitionItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_item_py3.py b/azure-keyvault/azure/keyvault/models/sas_definition_item_py3.py
new file mode 100644
index 000000000000..d4e4ed7ff394
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_item_py3.py
@@ -0,0 +1,50 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SasDefinitionItem(Model):
+    """The SAS definition item containing storage SAS definition metadata.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The storage SAS identifier.
+    :vartype id: str
+    :ivar secret_id: The storage account SAS definition secret id.
+    :vartype secret_id: str
+    :ivar attributes: The SAS definition management attributes.
+    :vartype attributes: ~azure.keyvault.models.SasDefinitionAttributes
+    :ivar tags: Application specific metadata in the form of key-value pairs.
+    :vartype tags: dict[str, str]
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+        'secret_id': {'readonly': True},
+        'attributes': {'readonly': True},
+        'tags': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'secret_id': {'key': 'sid', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(SasDefinitionItem, self).__init__(**kwargs)
+        self.id = None
+        self.secret_id = None
+        self.attributes = None
+        self.tags = None
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters.py b/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters.py
old mode 100755
new mode 100644
index a058d7d5fa1f..0ca9f5f686da
--- a/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters.py
@@ -17,12 +17,12 @@ class SasDefinitionUpdateParameters(Model):
 
     :param parameters: Sas definition update metadata in the form of key-value
      pairs.
-    :type parameters: dict
+    :type parameters: dict[str, str]
     :param sas_definition_attributes: The attributes of the SAS definition.
-    :type sas_definition_attributes: :class:`SasDefinitionAttributes
-     <azure.keyvault.models.SasDefinitionAttributes>`
+    :type sas_definition_attributes:
+     ~azure.keyvault.models.SasDefinitionAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _attribute_map = {
@@ -31,7 +31,8 @@ class SasDefinitionUpdateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, parameters=None, sas_definition_attributes=None, tags=None):
-        self.parameters = parameters
-        self.sas_definition_attributes = sas_definition_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(SasDefinitionUpdateParameters, self).__init__(**kwargs)
+        self.parameters = kwargs.get('parameters', None)
+        self.sas_definition_attributes = kwargs.get('sas_definition_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters_py3.py b/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters_py3.py
new file mode 100644
index 000000000000..88f5049fd301
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/sas_definition_update_parameters_py3.py
@@ -0,0 +1,38 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SasDefinitionUpdateParameters(Model):
+    """The SAS definition update parameters.
+
+    :param parameters: Sas definition update metadata in the form of key-value
+     pairs.
+    :type parameters: dict[str, str]
+    :param sas_definition_attributes: The attributes of the SAS definition.
+    :type sas_definition_attributes:
+     ~azure.keyvault.models.SasDefinitionAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _attribute_map = {
+        'parameters': {'key': 'parameters', 'type': '{str}'},
+        'sas_definition_attributes': {'key': 'attributes', 'type': 'SasDefinitionAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, parameters=None, sas_definition_attributes=None, tags=None, **kwargs) -> None:
+        super(SasDefinitionUpdateParameters, self).__init__(**kwargs)
+        self.parameters = parameters
+        self.sas_definition_attributes = sas_definition_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/secret_attributes.py b/azure-keyvault/azure/keyvault/models/secret_attributes.py
old mode 100755
new mode 100644
index f56a8b71f61b..58d6325b81b0
--- a/azure-keyvault/azure/keyvault/models/secret_attributes.py
+++ b/azure-keyvault/azure/keyvault/models/secret_attributes.py
@@ -34,8 +34,8 @@ class SecretAttributes(Attributes):
      the system can purge the secret, at the end of the retention interval.
      Possible values include: 'Purgeable', 'Recoverable+Purgeable',
      'Recoverable', 'Recoverable+ProtectedSubscription'
-    :vartype recovery_level: str or :class:`DeletionRecoveryLevel
-     <azure.keyvault.models.DeletionRecoveryLevel>`
+    :vartype recovery_level: str or
+     ~azure.keyvault.models.DeletionRecoveryLevel
     """
 
     _validation = {
@@ -53,6 +53,6 @@ class SecretAttributes(Attributes):
         'recovery_level': {'key': 'recoveryLevel', 'type': 'str'},
     }
 
-    def __init__(self, enabled=None, not_before=None, expires=None):
-        super(SecretAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires)
+    def __init__(self, **kwargs):
+        super(SecretAttributes, self).__init__(**kwargs)
         self.recovery_level = None
diff --git a/azure-keyvault/azure/keyvault/models/secret_attributes_py3.py b/azure-keyvault/azure/keyvault/models/secret_attributes_py3.py
new file mode 100644
index 000000000000..4c81c14e83c6
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_attributes_py3.py
@@ -0,0 +1,58 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from .attributes_py3 import Attributes
+
+
+class SecretAttributes(Attributes):
+    """The secret management attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: Determines whether the object is enabled.
+    :type enabled: bool
+    :param not_before: Not before date in UTC.
+    :type not_before: datetime
+    :param expires: Expiry date in UTC.
+    :type expires: datetime
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    :ivar recovery_level: Reflects the deletion recovery level currently in
+     effect for secrets in the current vault. If it contains 'Purgeable', the
+     secret can be permanently deleted by a privileged user; otherwise, only
+     the system can purge the secret, at the end of the retention interval.
+     Possible values include: 'Purgeable', 'Recoverable+Purgeable',
+     'Recoverable', 'Recoverable+ProtectedSubscription'
+    :vartype recovery_level: str or
+     ~azure.keyvault.models.DeletionRecoveryLevel
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+        'recovery_level': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'not_before': {'key': 'nbf', 'type': 'unix-time'},
+        'expires': {'key': 'exp', 'type': 'unix-time'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+        'recovery_level': {'key': 'recoveryLevel', 'type': 'str'},
+    }
+
+    def __init__(self, *, enabled: bool=None, not_before=None, expires=None, **kwargs) -> None:
+        super(SecretAttributes, self).__init__(enabled=enabled, not_before=not_before, expires=expires, **kwargs)
+        self.recovery_level = None
diff --git a/azure-keyvault/azure/keyvault/models/secret_bundle.py b/azure-keyvault/azure/keyvault/models/secret_bundle.py
old mode 100755
new mode 100644
index 99da33ff8658..53125d49292f
--- a/azure-keyvault/azure/keyvault/models/secret_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/secret_bundle.py
@@ -25,10 +25,9 @@ class SecretBundle(Model):
     :param content_type: The content type of the secret.
     :type content_type: str
     :param attributes: The secret management attributes.
-    :type attributes: :class:`SecretAttributes
-     <azure.keyvault.models.SecretAttributes>`
+    :type attributes: ~azure.keyvault.models.SecretAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :ivar kid: If this is a secret backing a KV certificate, then this field
      specifies the corresponding key backing the KV certificate.
     :vartype kid: str
@@ -52,11 +51,12 @@ class SecretBundle(Model):
         'managed': {'key': 'managed', 'type': 'bool'},
     }
 
-    def __init__(self, value=None, id=None, content_type=None, attributes=None, tags=None):
-        self.value = value
-        self.id = id
-        self.content_type = content_type
-        self.attributes = attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(SecretBundle, self).__init__(**kwargs)
+        self.value = kwargs.get('value', None)
+        self.id = kwargs.get('id', None)
+        self.content_type = kwargs.get('content_type', None)
+        self.attributes = kwargs.get('attributes', None)
+        self.tags = kwargs.get('tags', None)
         self.kid = None
         self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/secret_bundle_py3.py b/azure-keyvault/azure/keyvault/models/secret_bundle_py3.py
new file mode 100644
index 000000000000..63194a95a9b8
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_bundle_py3.py
@@ -0,0 +1,62 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SecretBundle(Model):
+    """A secret consisting of a value, id and its attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param value: The secret value.
+    :type value: str
+    :param id: The secret id.
+    :type id: str
+    :param content_type: The content type of the secret.
+    :type content_type: str
+    :param attributes: The secret management attributes.
+    :type attributes: ~azure.keyvault.models.SecretAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :ivar kid: If this is a secret backing a KV certificate, then this field
+     specifies the corresponding key backing the KV certificate.
+    :vartype kid: str
+    :ivar managed: True if the secret's lifetime is managed by key vault. If
+     this is a secret backing a certificate, then managed will be true.
+    :vartype managed: bool
+    """
+
+    _validation = {
+        'kid': {'readonly': True},
+        'managed': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'str'},
+        'id': {'key': 'id', 'type': 'str'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'kid': {'key': 'kid', 'type': 'str'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+    }
+
+    def __init__(self, *, value: str=None, id: str=None, content_type: str=None, attributes=None, tags=None, **kwargs) -> None:
+        super(SecretBundle, self).__init__(**kwargs)
+        self.value = value
+        self.id = id
+        self.content_type = content_type
+        self.attributes = attributes
+        self.tags = tags
+        self.kid = None
+        self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/secret_item.py b/azure-keyvault/azure/keyvault/models/secret_item.py
old mode 100755
new mode 100644
index 9c959957fbaa..941d1690b793
--- a/azure-keyvault/azure/keyvault/models/secret_item.py
+++ b/azure-keyvault/azure/keyvault/models/secret_item.py
@@ -21,10 +21,9 @@ class SecretItem(Model):
     :param id: Secret identifier.
     :type id: str
     :param attributes: The secret management attributes.
-    :type attributes: :class:`SecretAttributes
-     <azure.keyvault.models.SecretAttributes>`
+    :type attributes: ~azure.keyvault.models.SecretAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :param content_type: Type of the secret value such as a password.
     :type content_type: str
     :ivar managed: True if the secret's lifetime is managed by key vault. If
@@ -44,9 +43,10 @@ class SecretItem(Model):
         'managed': {'key': 'managed', 'type': 'bool'},
     }
 
-    def __init__(self, id=None, attributes=None, tags=None, content_type=None):
-        self.id = id
-        self.attributes = attributes
-        self.tags = tags
-        self.content_type = content_type
+    def __init__(self, **kwargs):
+        super(SecretItem, self).__init__(**kwargs)
+        self.id = kwargs.get('id', None)
+        self.attributes = kwargs.get('attributes', None)
+        self.tags = kwargs.get('tags', None)
+        self.content_type = kwargs.get('content_type', None)
         self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/secret_item_paged.py b/azure-keyvault/azure/keyvault/models/secret_item_paged.py
old mode 100755
new mode 100644
index ac6f035c3cb0..a558156b2015
--- a/azure-keyvault/azure/keyvault/models/secret_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/secret_item_paged.py
@@ -14,7 +14,7 @@
 
 class SecretItemPaged(Paged):
     """
-    A paging container for iterating over a list of SecretItem object
+    A paging container for iterating over a list of :class:`SecretItem <azure.keyvault.models.SecretItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/secret_item_py3.py b/azure-keyvault/azure/keyvault/models/secret_item_py3.py
new file mode 100644
index 000000000000..3f5f08581326
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_item_py3.py
@@ -0,0 +1,52 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SecretItem(Model):
+    """The secret item containing secret metadata.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param id: Secret identifier.
+    :type id: str
+    :param attributes: The secret management attributes.
+    :type attributes: ~azure.keyvault.models.SecretAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :param content_type: Type of the secret value such as a password.
+    :type content_type: str
+    :ivar managed: True if the secret's lifetime is managed by key vault. If
+     this is a key backing a certificate, then managed will be true.
+    :vartype managed: bool
+    """
+
+    _validation = {
+        'managed': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'managed': {'key': 'managed', 'type': 'bool'},
+    }
+
+    def __init__(self, *, id: str=None, attributes=None, tags=None, content_type: str=None, **kwargs) -> None:
+        super(SecretItem, self).__init__(**kwargs)
+        self.id = id
+        self.attributes = attributes
+        self.tags = tags
+        self.content_type = content_type
+        self.managed = None
diff --git a/azure-keyvault/azure/keyvault/models/secret_properties.py b/azure-keyvault/azure/keyvault/models/secret_properties.py
old mode 100755
new mode 100644
index a59b804491e2..03794579e47c
--- a/azure-keyvault/azure/keyvault/models/secret_properties.py
+++ b/azure-keyvault/azure/keyvault/models/secret_properties.py
@@ -23,5 +23,6 @@ class SecretProperties(Model):
         'content_type': {'key': 'contentType', 'type': 'str'},
     }
 
-    def __init__(self, content_type=None):
-        self.content_type = content_type
+    def __init__(self, **kwargs):
+        super(SecretProperties, self).__init__(**kwargs)
+        self.content_type = kwargs.get('content_type', None)
diff --git a/azure-keyvault/azure/keyvault/models/secret_properties_py3.py b/azure-keyvault/azure/keyvault/models/secret_properties_py3.py
new file mode 100644
index 000000000000..f071d84220b8
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_properties_py3.py
@@ -0,0 +1,28 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SecretProperties(Model):
+    """Properties of the key backing a certificate.
+
+    :param content_type: The media type (MIME type).
+    :type content_type: str
+    """
+
+    _attribute_map = {
+        'content_type': {'key': 'contentType', 'type': 'str'},
+    }
+
+    def __init__(self, *, content_type: str=None, **kwargs) -> None:
+        super(SecretProperties, self).__init__(**kwargs)
+        self.content_type = content_type
diff --git a/azure-keyvault/azure/keyvault/models/secret_restore_parameters.py b/azure-keyvault/azure/keyvault/models/secret_restore_parameters.py
old mode 100755
new mode 100644
index 5994bca6fb2a..9e34c4259edc
--- a/azure-keyvault/azure/keyvault/models/secret_restore_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/secret_restore_parameters.py
@@ -15,8 +15,10 @@
 class SecretRestoreParameters(Model):
     """The secret restore parameters.
 
-    :param secret_bundle_backup: The backup blob associated with a secret
-     bundle.
+    All required parameters must be populated in order to send to Azure.
+
+    :param secret_bundle_backup: Required. The backup blob associated with a
+     secret bundle.
     :type secret_bundle_backup: bytes
     """
 
@@ -28,5 +30,6 @@ class SecretRestoreParameters(Model):
         'secret_bundle_backup': {'key': 'value', 'type': 'base64'},
     }
 
-    def __init__(self, secret_bundle_backup):
-        self.secret_bundle_backup = secret_bundle_backup
+    def __init__(self, **kwargs):
+        super(SecretRestoreParameters, self).__init__(**kwargs)
+        self.secret_bundle_backup = kwargs.get('secret_bundle_backup', None)
diff --git a/azure-keyvault/azure/keyvault/models/secret_restore_parameters_py3.py b/azure-keyvault/azure/keyvault/models/secret_restore_parameters_py3.py
new file mode 100644
index 000000000000..0c81a9b890aa
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_restore_parameters_py3.py
@@ -0,0 +1,35 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SecretRestoreParameters(Model):
+    """The secret restore parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param secret_bundle_backup: Required. The backup blob associated with a
+     secret bundle.
+    :type secret_bundle_backup: bytes
+    """
+
+    _validation = {
+        'secret_bundle_backup': {'required': True},
+    }
+
+    _attribute_map = {
+        'secret_bundle_backup': {'key': 'value', 'type': 'base64'},
+    }
+
+    def __init__(self, *, secret_bundle_backup: bytes, **kwargs) -> None:
+        super(SecretRestoreParameters, self).__init__(**kwargs)
+        self.secret_bundle_backup = secret_bundle_backup
diff --git a/azure-keyvault/azure/keyvault/models/secret_set_parameters.py b/azure-keyvault/azure/keyvault/models/secret_set_parameters.py
old mode 100755
new mode 100644
index cd323afbb597..39ae435e2bd5
--- a/azure-keyvault/azure/keyvault/models/secret_set_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/secret_set_parameters.py
@@ -15,15 +15,16 @@
 class SecretSetParameters(Model):
     """The secret set parameters.
 
-    :param value: The value of the secret.
+    All required parameters must be populated in order to send to Azure.
+
+    :param value: Required. The value of the secret.
     :type value: str
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     :param content_type: Type of the secret value such as a password.
     :type content_type: str
     :param secret_attributes: The secret management attributes.
-    :type secret_attributes: :class:`SecretAttributes
-     <azure.keyvault.models.SecretAttributes>`
+    :type secret_attributes: ~azure.keyvault.models.SecretAttributes
     """
 
     _validation = {
@@ -37,8 +38,9 @@ class SecretSetParameters(Model):
         'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
     }
 
-    def __init__(self, value, tags=None, content_type=None, secret_attributes=None):
-        self.value = value
-        self.tags = tags
-        self.content_type = content_type
-        self.secret_attributes = secret_attributes
+    def __init__(self, **kwargs):
+        super(SecretSetParameters, self).__init__(**kwargs)
+        self.value = kwargs.get('value', None)
+        self.tags = kwargs.get('tags', None)
+        self.content_type = kwargs.get('content_type', None)
+        self.secret_attributes = kwargs.get('secret_attributes', None)
diff --git a/azure-keyvault/azure/keyvault/models/secret_set_parameters_py3.py b/azure-keyvault/azure/keyvault/models/secret_set_parameters_py3.py
new file mode 100644
index 000000000000..81a5478776ef
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_set_parameters_py3.py
@@ -0,0 +1,46 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SecretSetParameters(Model):
+    """The secret set parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param value: Required. The value of the secret.
+    :type value: str
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    :param content_type: Type of the secret value such as a password.
+    :type content_type: str
+    :param secret_attributes: The secret management attributes.
+    :type secret_attributes: ~azure.keyvault.models.SecretAttributes
+    """
+
+    _validation = {
+        'value': {'required': True},
+    }
+
+    _attribute_map = {
+        'value': {'key': 'value', 'type': 'str'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
+    }
+
+    def __init__(self, *, value: str, tags=None, content_type: str=None, secret_attributes=None, **kwargs) -> None:
+        super(SecretSetParameters, self).__init__(**kwargs)
+        self.value = value
+        self.tags = tags
+        self.content_type = content_type
+        self.secret_attributes = secret_attributes
diff --git a/azure-keyvault/azure/keyvault/models/secret_update_parameters.py b/azure-keyvault/azure/keyvault/models/secret_update_parameters.py
old mode 100755
new mode 100644
index 02729a149336..c4935f4899ea
--- a/azure-keyvault/azure/keyvault/models/secret_update_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/secret_update_parameters.py
@@ -18,10 +18,9 @@ class SecretUpdateParameters(Model):
     :param content_type: Type of the secret value such as a password.
     :type content_type: str
     :param secret_attributes: The secret management attributes.
-    :type secret_attributes: :class:`SecretAttributes
-     <azure.keyvault.models.SecretAttributes>`
+    :type secret_attributes: ~azure.keyvault.models.SecretAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _attribute_map = {
@@ -30,7 +29,8 @@ class SecretUpdateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, content_type=None, secret_attributes=None, tags=None):
-        self.content_type = content_type
-        self.secret_attributes = secret_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(SecretUpdateParameters, self).__init__(**kwargs)
+        self.content_type = kwargs.get('content_type', None)
+        self.secret_attributes = kwargs.get('secret_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/secret_update_parameters_py3.py b/azure-keyvault/azure/keyvault/models/secret_update_parameters_py3.py
new file mode 100644
index 000000000000..dfe4a1028627
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/secret_update_parameters_py3.py
@@ -0,0 +1,36 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SecretUpdateParameters(Model):
+    """The secret update parameters.
+
+    :param content_type: Type of the secret value such as a password.
+    :type content_type: str
+    :param secret_attributes: The secret management attributes.
+    :type secret_attributes: ~azure.keyvault.models.SecretAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _attribute_map = {
+        'content_type': {'key': 'contentType', 'type': 'str'},
+        'secret_attributes': {'key': 'attributes', 'type': 'SecretAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, content_type: str=None, secret_attributes=None, tags=None, **kwargs) -> None:
+        super(SecretUpdateParameters, self).__init__(**kwargs)
+        self.content_type = content_type
+        self.secret_attributes = secret_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_attributes.py b/azure-keyvault/azure/keyvault/models/storage_account_attributes.py
old mode 100755
new mode 100644
index f5a4fda19084..736235e71f12
--- a/azure-keyvault/azure/keyvault/models/storage_account_attributes.py
+++ b/azure-keyvault/azure/keyvault/models/storage_account_attributes.py
@@ -37,7 +37,8 @@ class StorageAccountAttributes(Model):
         'updated': {'key': 'updated', 'type': 'unix-time'},
     }
 
-    def __init__(self, enabled=None):
-        self.enabled = enabled
+    def __init__(self, **kwargs):
+        super(StorageAccountAttributes, self).__init__(**kwargs)
+        self.enabled = kwargs.get('enabled', None)
         self.created = None
         self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_attributes_py3.py b/azure-keyvault/azure/keyvault/models/storage_account_attributes_py3.py
new file mode 100644
index 000000000000..86f559fd7bd2
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/storage_account_attributes_py3.py
@@ -0,0 +1,44 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class StorageAccountAttributes(Model):
+    """The storage account management attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :param enabled: the enabled state of the object.
+    :type enabled: bool
+    :ivar created: Creation time in UTC.
+    :vartype created: datetime
+    :ivar updated: Last updated time in UTC.
+    :vartype updated: datetime
+    """
+
+    _validation = {
+        'created': {'readonly': True},
+        'updated': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'enabled': {'key': 'enabled', 'type': 'bool'},
+        'created': {'key': 'created', 'type': 'unix-time'},
+        'updated': {'key': 'updated', 'type': 'unix-time'},
+    }
+
+    def __init__(self, *, enabled: bool=None, **kwargs) -> None:
+        super(StorageAccountAttributes, self).__init__(**kwargs)
+        self.enabled = enabled
+        self.created = None
+        self.updated = None
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_create_parameters.py b/azure-keyvault/azure/keyvault/models/storage_account_create_parameters.py
old mode 100755
new mode 100644
index 9ad8358a8967..bed4c83a744a
--- a/azure-keyvault/azure/keyvault/models/storage_account_create_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/storage_account_create_parameters.py
@@ -15,21 +15,23 @@
 class StorageAccountCreateParameters(Model):
     """The storage account create parameters.
 
-    :param resource_id: Storage account resource id.
+    All required parameters must be populated in order to send to Azure.
+
+    :param resource_id: Required. Storage account resource id.
     :type resource_id: str
-    :param active_key_name: Current active storage account key name.
+    :param active_key_name: Required. Current active storage account key name.
     :type active_key_name: str
-    :param auto_regenerate_key: whether keyvault should manage the storage
-     account for the user.
+    :param auto_regenerate_key: Required. whether keyvault should manage the
+     storage account for the user.
     :type auto_regenerate_key: bool
     :param regeneration_period: The key regeneration time duration specified
      in ISO-8601 format.
     :type regeneration_period: str
     :param storage_account_attributes: The attributes of the storage account.
-    :type storage_account_attributes: :class:`StorageAccountAttributes
-     <azure.keyvault.models.StorageAccountAttributes>`
+    :type storage_account_attributes:
+     ~azure.keyvault.models.StorageAccountAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _validation = {
@@ -47,10 +49,11 @@ class StorageAccountCreateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, resource_id, active_key_name, auto_regenerate_key, regeneration_period=None, storage_account_attributes=None, tags=None):
-        self.resource_id = resource_id
-        self.active_key_name = active_key_name
-        self.auto_regenerate_key = auto_regenerate_key
-        self.regeneration_period = regeneration_period
-        self.storage_account_attributes = storage_account_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(StorageAccountCreateParameters, self).__init__(**kwargs)
+        self.resource_id = kwargs.get('resource_id', None)
+        self.active_key_name = kwargs.get('active_key_name', None)
+        self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None)
+        self.regeneration_period = kwargs.get('regeneration_period', None)
+        self.storage_account_attributes = kwargs.get('storage_account_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_create_parameters_py3.py b/azure-keyvault/azure/keyvault/models/storage_account_create_parameters_py3.py
new file mode 100644
index 000000000000..eb75276dc5d5
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/storage_account_create_parameters_py3.py
@@ -0,0 +1,59 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class StorageAccountCreateParameters(Model):
+    """The storage account create parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param resource_id: Required. Storage account resource id.
+    :type resource_id: str
+    :param active_key_name: Required. Current active storage account key name.
+    :type active_key_name: str
+    :param auto_regenerate_key: Required. whether keyvault should manage the
+     storage account for the user.
+    :type auto_regenerate_key: bool
+    :param regeneration_period: The key regeneration time duration specified
+     in ISO-8601 format.
+    :type regeneration_period: str
+    :param storage_account_attributes: The attributes of the storage account.
+    :type storage_account_attributes:
+     ~azure.keyvault.models.StorageAccountAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _validation = {
+        'resource_id': {'required': True},
+        'active_key_name': {'required': True},
+        'auto_regenerate_key': {'required': True},
+    }
+
+    _attribute_map = {
+        'resource_id': {'key': 'resourceId', 'type': 'str'},
+        'active_key_name': {'key': 'activeKeyName', 'type': 'str'},
+        'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'},
+        'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'},
+        'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, resource_id: str, active_key_name: str, auto_regenerate_key: bool, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None:
+        super(StorageAccountCreateParameters, self).__init__(**kwargs)
+        self.resource_id = resource_id
+        self.active_key_name = active_key_name
+        self.auto_regenerate_key = auto_regenerate_key
+        self.regeneration_period = regeneration_period
+        self.storage_account_attributes = storage_account_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_item.py b/azure-keyvault/azure/keyvault/models/storage_account_item.py
old mode 100755
new mode 100644
index 93d16a6b1159..1a3057e7bf17
--- a/azure-keyvault/azure/keyvault/models/storage_account_item.py
+++ b/azure-keyvault/azure/keyvault/models/storage_account_item.py
@@ -23,10 +23,9 @@ class StorageAccountItem(Model):
     :ivar resource_id: Storage account resource Id.
     :vartype resource_id: str
     :ivar attributes: The storage account management attributes.
-    :vartype attributes: :class:`StorageAccountAttributes
-     <azure.keyvault.models.StorageAccountAttributes>`
+    :vartype attributes: ~azure.keyvault.models.StorageAccountAttributes
     :ivar tags: Application specific metadata in the form of key-value pairs.
-    :vartype tags: dict
+    :vartype tags: dict[str, str]
     """
 
     _validation = {
@@ -43,7 +42,8 @@ class StorageAccountItem(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(StorageAccountItem, self).__init__(**kwargs)
         self.id = None
         self.resource_id = None
         self.attributes = None
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_item_paged.py b/azure-keyvault/azure/keyvault/models/storage_account_item_paged.py
old mode 100755
new mode 100644
index d7754e4f7cab..985cd5a5f610
--- a/azure-keyvault/azure/keyvault/models/storage_account_item_paged.py
+++ b/azure-keyvault/azure/keyvault/models/storage_account_item_paged.py
@@ -14,7 +14,7 @@
 
 class StorageAccountItemPaged(Paged):
     """
-    A paging container for iterating over a list of StorageAccountItem object
+    A paging container for iterating over a list of :class:`StorageAccountItem <azure.keyvault.models.StorageAccountItem>` object
     """
 
     _attribute_map = {
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_item_py3.py b/azure-keyvault/azure/keyvault/models/storage_account_item_py3.py
new file mode 100644
index 000000000000..0dbd0edd7687
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/storage_account_item_py3.py
@@ -0,0 +1,50 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class StorageAccountItem(Model):
+    """The storage account item containing storage account metadata.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: Storage identifier.
+    :vartype id: str
+    :ivar resource_id: Storage account resource Id.
+    :vartype resource_id: str
+    :ivar attributes: The storage account management attributes.
+    :vartype attributes: ~azure.keyvault.models.StorageAccountAttributes
+    :ivar tags: Application specific metadata in the form of key-value pairs.
+    :vartype tags: dict[str, str]
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+        'resource_id': {'readonly': True},
+        'attributes': {'readonly': True},
+        'tags': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'resource_id': {'key': 'resourceId', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(StorageAccountItem, self).__init__(**kwargs)
+        self.id = None
+        self.resource_id = None
+        self.attributes = None
+        self.tags = None
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters.py b/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters.py
old mode 100755
new mode 100644
index 2148624ec1f9..459103c575aa
--- a/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters.py
@@ -15,7 +15,9 @@
 class StorageAccountRegenerteKeyParameters(Model):
     """The storage account key regenerate parameters.
 
-    :param key_name: The storage account key name.
+    All required parameters must be populated in order to send to Azure.
+
+    :param key_name: Required. The storage account key name.
     :type key_name: str
     """
 
@@ -27,5 +29,6 @@ class StorageAccountRegenerteKeyParameters(Model):
         'key_name': {'key': 'keyName', 'type': 'str'},
     }
 
-    def __init__(self, key_name):
-        self.key_name = key_name
+    def __init__(self, **kwargs):
+        super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs)
+        self.key_name = kwargs.get('key_name', None)
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters_py3.py b/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters_py3.py
new file mode 100644
index 000000000000..1403108fbac0
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/storage_account_regenerte_key_parameters_py3.py
@@ -0,0 +1,34 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class StorageAccountRegenerteKeyParameters(Model):
+    """The storage account key regenerate parameters.
+
+    All required parameters must be populated in order to send to Azure.
+
+    :param key_name: Required. The storage account key name.
+    :type key_name: str
+    """
+
+    _validation = {
+        'key_name': {'required': True},
+    }
+
+    _attribute_map = {
+        'key_name': {'key': 'keyName', 'type': 'str'},
+    }
+
+    def __init__(self, *, key_name: str, **kwargs) -> None:
+        super(StorageAccountRegenerteKeyParameters, self).__init__(**kwargs)
+        self.key_name = key_name
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_update_parameters.py b/azure-keyvault/azure/keyvault/models/storage_account_update_parameters.py
old mode 100755
new mode 100644
index 2dcbd91da1d0..8b9b5ecb907f
--- a/azure-keyvault/azure/keyvault/models/storage_account_update_parameters.py
+++ b/azure-keyvault/azure/keyvault/models/storage_account_update_parameters.py
@@ -24,10 +24,10 @@ class StorageAccountUpdateParameters(Model):
      in ISO-8601 format.
     :type regeneration_period: str
     :param storage_account_attributes: The attributes of the storage account.
-    :type storage_account_attributes: :class:`StorageAccountAttributes
-     <azure.keyvault.models.StorageAccountAttributes>`
+    :type storage_account_attributes:
+     ~azure.keyvault.models.StorageAccountAttributes
     :param tags: Application specific metadata in the form of key-value pairs.
-    :type tags: dict
+    :type tags: dict[str, str]
     """
 
     _attribute_map = {
@@ -38,9 +38,10 @@ class StorageAccountUpdateParameters(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self, active_key_name=None, auto_regenerate_key=None, regeneration_period=None, storage_account_attributes=None, tags=None):
-        self.active_key_name = active_key_name
-        self.auto_regenerate_key = auto_regenerate_key
-        self.regeneration_period = regeneration_period
-        self.storage_account_attributes = storage_account_attributes
-        self.tags = tags
+    def __init__(self, **kwargs):
+        super(StorageAccountUpdateParameters, self).__init__(**kwargs)
+        self.active_key_name = kwargs.get('active_key_name', None)
+        self.auto_regenerate_key = kwargs.get('auto_regenerate_key', None)
+        self.regeneration_period = kwargs.get('regeneration_period', None)
+        self.storage_account_attributes = kwargs.get('storage_account_attributes', None)
+        self.tags = kwargs.get('tags', None)
diff --git a/azure-keyvault/azure/keyvault/models/storage_account_update_parameters_py3.py b/azure-keyvault/azure/keyvault/models/storage_account_update_parameters_py3.py
new file mode 100644
index 000000000000..c6e860fbb526
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/storage_account_update_parameters_py3.py
@@ -0,0 +1,47 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class StorageAccountUpdateParameters(Model):
+    """The storage account update parameters.
+
+    :param active_key_name: The current active storage account key name.
+    :type active_key_name: str
+    :param auto_regenerate_key: whether keyvault should manage the storage
+     account for the user.
+    :type auto_regenerate_key: bool
+    :param regeneration_period: The key regeneration time duration specified
+     in ISO-8601 format.
+    :type regeneration_period: str
+    :param storage_account_attributes: The attributes of the storage account.
+    :type storage_account_attributes:
+     ~azure.keyvault.models.StorageAccountAttributes
+    :param tags: Application specific metadata in the form of key-value pairs.
+    :type tags: dict[str, str]
+    """
+
+    _attribute_map = {
+        'active_key_name': {'key': 'activeKeyName', 'type': 'str'},
+        'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'},
+        'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'},
+        'storage_account_attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, *, active_key_name: str=None, auto_regenerate_key: bool=None, regeneration_period: str=None, storage_account_attributes=None, tags=None, **kwargs) -> None:
+        super(StorageAccountUpdateParameters, self).__init__(**kwargs)
+        self.active_key_name = active_key_name
+        self.auto_regenerate_key = auto_regenerate_key
+        self.regeneration_period = regeneration_period
+        self.storage_account_attributes = storage_account_attributes
+        self.tags = tags
diff --git a/azure-keyvault/azure/keyvault/models/storage_bundle.py b/azure-keyvault/azure/keyvault/models/storage_bundle.py
old mode 100755
new mode 100644
index a455bc23deeb..cf5d645ba4a8
--- a/azure-keyvault/azure/keyvault/models/storage_bundle.py
+++ b/azure-keyvault/azure/keyvault/models/storage_bundle.py
@@ -32,10 +32,9 @@ class StorageBundle(Model):
      ISO-8601 format.
     :vartype regeneration_period: str
     :ivar attributes: The storage account attributes.
-    :vartype attributes: :class:`StorageAccountAttributes
-     <azure.keyvault.models.StorageAccountAttributes>`
+    :vartype attributes: ~azure.keyvault.models.StorageAccountAttributes
     :ivar tags: Application specific metadata in the form of key-value pairs
-    :vartype tags: dict
+    :vartype tags: dict[str, str]
     """
 
     _validation = {
@@ -58,7 +57,8 @@ class StorageBundle(Model):
         'tags': {'key': 'tags', 'type': '{str}'},
     }
 
-    def __init__(self):
+    def __init__(self, **kwargs):
+        super(StorageBundle, self).__init__(**kwargs)
         self.id = None
         self.resource_id = None
         self.active_key_name = None
diff --git a/azure-keyvault/azure/keyvault/models/storage_bundle_py3.py b/azure-keyvault/azure/keyvault/models/storage_bundle_py3.py
new file mode 100644
index 000000000000..1b54975ba292
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/storage_bundle_py3.py
@@ -0,0 +1,68 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class StorageBundle(Model):
+    """A Storage account bundle consists of key vault storage account details plus
+    its attributes.
+
+    Variables are only populated by the server, and will be ignored when
+    sending a request.
+
+    :ivar id: The storage account id.
+    :vartype id: str
+    :ivar resource_id: The storage account resource id.
+    :vartype resource_id: str
+    :ivar active_key_name: The current active storage account key name.
+    :vartype active_key_name: str
+    :ivar auto_regenerate_key: whether keyvault should manage the storage
+     account for the user.
+    :vartype auto_regenerate_key: bool
+    :ivar regeneration_period: The key regeneration time duration specified in
+     ISO-8601 format.
+    :vartype regeneration_period: str
+    :ivar attributes: The storage account attributes.
+    :vartype attributes: ~azure.keyvault.models.StorageAccountAttributes
+    :ivar tags: Application specific metadata in the form of key-value pairs
+    :vartype tags: dict[str, str]
+    """
+
+    _validation = {
+        'id': {'readonly': True},
+        'resource_id': {'readonly': True},
+        'active_key_name': {'readonly': True},
+        'auto_regenerate_key': {'readonly': True},
+        'regeneration_period': {'readonly': True},
+        'attributes': {'readonly': True},
+        'tags': {'readonly': True},
+    }
+
+    _attribute_map = {
+        'id': {'key': 'id', 'type': 'str'},
+        'resource_id': {'key': 'resourceId', 'type': 'str'},
+        'active_key_name': {'key': 'activeKeyName', 'type': 'str'},
+        'auto_regenerate_key': {'key': 'autoRegenerateKey', 'type': 'bool'},
+        'regeneration_period': {'key': 'regenerationPeriod', 'type': 'str'},
+        'attributes': {'key': 'attributes', 'type': 'StorageAccountAttributes'},
+        'tags': {'key': 'tags', 'type': '{str}'},
+    }
+
+    def __init__(self, **kwargs) -> None:
+        super(StorageBundle, self).__init__(**kwargs)
+        self.id = None
+        self.resource_id = None
+        self.active_key_name = None
+        self.auto_regenerate_key = None
+        self.regeneration_period = None
+        self.attributes = None
+        self.tags = None
diff --git a/azure-keyvault/azure/keyvault/models/subject_alternative_names.py b/azure-keyvault/azure/keyvault/models/subject_alternative_names.py
old mode 100755
new mode 100644
index ed6349548668..0ff2911550df
--- a/azure-keyvault/azure/keyvault/models/subject_alternative_names.py
+++ b/azure-keyvault/azure/keyvault/models/subject_alternative_names.py
@@ -16,11 +16,11 @@ class SubjectAlternativeNames(Model):
     """The subject alternate names of a X509 object.
 
     :param emails: Email addresses.
-    :type emails: list of str
+    :type emails: list[str]
     :param dns_names: Domain names.
-    :type dns_names: list of str
+    :type dns_names: list[str]
     :param upns: User principal names.
-    :type upns: list of str
+    :type upns: list[str]
     """
 
     _attribute_map = {
@@ -29,7 +29,8 @@ class SubjectAlternativeNames(Model):
         'upns': {'key': 'upns', 'type': '[str]'},
     }
 
-    def __init__(self, emails=None, dns_names=None, upns=None):
-        self.emails = emails
-        self.dns_names = dns_names
-        self.upns = upns
+    def __init__(self, **kwargs):
+        super(SubjectAlternativeNames, self).__init__(**kwargs)
+        self.emails = kwargs.get('emails', None)
+        self.dns_names = kwargs.get('dns_names', None)
+        self.upns = kwargs.get('upns', None)
diff --git a/azure-keyvault/azure/keyvault/models/subject_alternative_names_py3.py b/azure-keyvault/azure/keyvault/models/subject_alternative_names_py3.py
new file mode 100644
index 000000000000..a2870854d559
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/subject_alternative_names_py3.py
@@ -0,0 +1,36 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class SubjectAlternativeNames(Model):
+    """The subject alternate names of a X509 object.
+
+    :param emails: Email addresses.
+    :type emails: list[str]
+    :param dns_names: Domain names.
+    :type dns_names: list[str]
+    :param upns: User principal names.
+    :type upns: list[str]
+    """
+
+    _attribute_map = {
+        'emails': {'key': 'emails', 'type': '[str]'},
+        'dns_names': {'key': 'dns_names', 'type': '[str]'},
+        'upns': {'key': 'upns', 'type': '[str]'},
+    }
+
+    def __init__(self, *, emails=None, dns_names=None, upns=None, **kwargs) -> None:
+        super(SubjectAlternativeNames, self).__init__(**kwargs)
+        self.emails = emails
+        self.dns_names = dns_names
+        self.upns = upns
diff --git a/azure-keyvault/azure/keyvault/models/trigger.py b/azure-keyvault/azure/keyvault/models/trigger.py
old mode 100755
new mode 100644
index b60cb21182d5..a68686f8303e
--- a/azure-keyvault/azure/keyvault/models/trigger.py
+++ b/azure-keyvault/azure/keyvault/models/trigger.py
@@ -18,7 +18,10 @@ class Trigger(Model):
     :param lifetime_percentage: Percentage of lifetime at which to trigger.
      Value should be between 1 and 99.
     :type lifetime_percentage: int
-    :param days_before_expiry: Days before expiry.
+    :param days_before_expiry: Days before expiry to attempt renewal. Value
+     should be between 1 and validity_in_months multiplied by 27. If
+     validity_in_months is 36, then value should be between 1 and 972 (36 *
+     27).
     :type days_before_expiry: int
     """
 
@@ -31,6 +34,7 @@ class Trigger(Model):
         'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'},
     }
 
-    def __init__(self, lifetime_percentage=None, days_before_expiry=None):
-        self.lifetime_percentage = lifetime_percentage
-        self.days_before_expiry = days_before_expiry
+    def __init__(self, **kwargs):
+        super(Trigger, self).__init__(**kwargs)
+        self.lifetime_percentage = kwargs.get('lifetime_percentage', None)
+        self.days_before_expiry = kwargs.get('days_before_expiry', None)
diff --git a/azure-keyvault/azure/keyvault/models/trigger_py3.py b/azure-keyvault/azure/keyvault/models/trigger_py3.py
new file mode 100644
index 000000000000..38faa3471773
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/trigger_py3.py
@@ -0,0 +1,40 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class Trigger(Model):
+    """A condition to be satisfied for an action to be executed.
+
+    :param lifetime_percentage: Percentage of lifetime at which to trigger.
+     Value should be between 1 and 99.
+    :type lifetime_percentage: int
+    :param days_before_expiry: Days before expiry to attempt renewal. Value
+     should be between 1 and validity_in_months multiplied by 27. If
+     validity_in_months is 36, then value should be between 1 and 972 (36 *
+     27).
+    :type days_before_expiry: int
+    """
+
+    _validation = {
+        'lifetime_percentage': {'maximum': 99, 'minimum': 1},
+    }
+
+    _attribute_map = {
+        'lifetime_percentage': {'key': 'lifetime_percentage', 'type': 'int'},
+        'days_before_expiry': {'key': 'days_before_expiry', 'type': 'int'},
+    }
+
+    def __init__(self, *, lifetime_percentage: int=None, days_before_expiry: int=None, **kwargs) -> None:
+        super(Trigger, self).__init__(**kwargs)
+        self.lifetime_percentage = lifetime_percentage
+        self.days_before_expiry = days_before_expiry
diff --git a/azure-keyvault/azure/keyvault/models/x509_certificate_properties.py b/azure-keyvault/azure/keyvault/models/x509_certificate_properties.py
old mode 100755
new mode 100644
index fa9c3633a230..c8370d3817f0
--- a/azure-keyvault/azure/keyvault/models/x509_certificate_properties.py
+++ b/azure-keyvault/azure/keyvault/models/x509_certificate_properties.py
@@ -19,13 +19,12 @@ class X509CertificateProperties(Model):
      Name.
     :type subject: str
     :param ekus: The enhanced key usage.
-    :type ekus: list of str
+    :type ekus: list[str]
     :param subject_alternative_names: The subject alternative names.
-    :type subject_alternative_names: :class:`SubjectAlternativeNames
-     <azure.keyvault.models.SubjectAlternativeNames>`
+    :type subject_alternative_names:
+     ~azure.keyvault.models.SubjectAlternativeNames
     :param key_usage: List of key usages.
-    :type key_usage: list of str or :class:`KeyUsageType
-     <azure.keyvault.models.KeyUsageType>`
+    :type key_usage: list[str or ~azure.keyvault.models.KeyUsageType]
     :param validity_in_months: The duration that the ceritifcate is valid in
      months.
     :type validity_in_months: int
@@ -43,9 +42,10 @@ class X509CertificateProperties(Model):
         'validity_in_months': {'key': 'validity_months', 'type': 'int'},
     }
 
-    def __init__(self, subject=None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months=None):
-        self.subject = subject
-        self.ekus = ekus
-        self.subject_alternative_names = subject_alternative_names
-        self.key_usage = key_usage
-        self.validity_in_months = validity_in_months
+    def __init__(self, **kwargs):
+        super(X509CertificateProperties, self).__init__(**kwargs)
+        self.subject = kwargs.get('subject', None)
+        self.ekus = kwargs.get('ekus', None)
+        self.subject_alternative_names = kwargs.get('subject_alternative_names', None)
+        self.key_usage = kwargs.get('key_usage', None)
+        self.validity_in_months = kwargs.get('validity_in_months', None)
diff --git a/azure-keyvault/azure/keyvault/models/x509_certificate_properties_py3.py b/azure-keyvault/azure/keyvault/models/x509_certificate_properties_py3.py
new file mode 100644
index 000000000000..d3337a152955
--- /dev/null
+++ b/azure-keyvault/azure/keyvault/models/x509_certificate_properties_py3.py
@@ -0,0 +1,51 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+#
+# Code generated by Microsoft (R) AutoRest Code Generator.
+# Changes may cause incorrect behavior and will be lost if the code is
+# regenerated.
+# --------------------------------------------------------------------------
+
+from msrest.serialization import Model
+
+
+class X509CertificateProperties(Model):
+    """Properties of the X509 component of a certificate.
+
+    :param subject: The subject name. Should be a valid X509 distinguished
+     Name.
+    :type subject: str
+    :param ekus: The enhanced key usage.
+    :type ekus: list[str]
+    :param subject_alternative_names: The subject alternative names.
+    :type subject_alternative_names:
+     ~azure.keyvault.models.SubjectAlternativeNames
+    :param key_usage: List of key usages.
+    :type key_usage: list[str or ~azure.keyvault.models.KeyUsageType]
+    :param validity_in_months: The duration that the ceritifcate is valid in
+     months.
+    :type validity_in_months: int
+    """
+
+    _validation = {
+        'validity_in_months': {'minimum': 0},
+    }
+
+    _attribute_map = {
+        'subject': {'key': 'subject', 'type': 'str'},
+        'ekus': {'key': 'ekus', 'type': '[str]'},
+        'subject_alternative_names': {'key': 'sans', 'type': 'SubjectAlternativeNames'},
+        'key_usage': {'key': 'key_usage', 'type': '[str]'},
+        'validity_in_months': {'key': 'validity_months', 'type': 'int'},
+    }
+
+    def __init__(self, *, subject: str=None, ekus=None, subject_alternative_names=None, key_usage=None, validity_in_months: int=None, **kwargs) -> None:
+        super(X509CertificateProperties, self).__init__(**kwargs)
+        self.subject = subject
+        self.ekus = ekus
+        self.subject_alternative_names = subject_alternative_names
+        self.key_usage = key_usage
+        self.validity_in_months = validity_in_months
diff --git a/azure-keyvault/azure/keyvault/version.py b/azure-keyvault/azure/keyvault/version.py
old mode 100755
new mode 100644
index 3b613fee836a..20ba78005d47
--- a/azure-keyvault/azure/keyvault/version.py
+++ b/azure-keyvault/azure/keyvault/version.py
@@ -9,5 +9,5 @@
 # regenerated.
 # --------------------------------------------------------------------------
 
-VERSION = "0.3.7"
+VERSION = "2016-10-01"
 
diff --git a/azure-keyvault/build.json b/azure-keyvault/build.json
index d978484e0944..37377527b4fe 100644
--- a/azure-keyvault/build.json
+++ b/azure-keyvault/build.json
@@ -1,5 +1,518 @@
 {
-    "autorest": "1.0.1-20170417-2300-nightly",
-    "date": "2017-04-18T20:13:42Z",
-    "version": "0.2.0"
+  "autorest": [
+    {
+      "resolvedInfo": null,
+      "packageMetadata": {
+        "name": "@microsoft.azure/autorest-core",
+        "version": "2.0.4278",
+        "engines": {
+          "node": ">=7.10.0"
+        },
+        "dependencies": {
+          "typescript": "2.6.2"
+        },
+        "optionalDependencies": {},
+        "devDependencies": {
+          "@types/commonmark": "^0.27.0",
+          "@types/jsonpath": "^0.1.29",
+          "@types/node": "^8.0.53",
+          "@types/source-map": "0.5.0",
+          "@types/yargs": "^8.0.2",
+          "@types/z-schema": "^3.16.31",
+          "dts-generator": "^2.1.0",
+          "mocha": "^4.0.1",
+          "mocha-typescript": "^1.1.7",
+          "shx": "0.2.2",
+          "static-link": "^0.2.3",
+          "vscode-jsonrpc": "^3.3.1"
+        },
+        "bundleDependencies": false,
+        "peerDependencies": {},
+        "deprecated": false,
+        "_resolved": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+        "_integrity": null,
+        "_shasum": "4832bd936bb0844ed6a5fea202575fb4adb5c249",
+        "_shrinkwrap": null,
+        "bin": {
+          "autorest-core": "./dist/app.js",
+          "autorest-language-service": "dist/language-service/language-service.js"
+        },
+        "_id": "@microsoft.azure/autorest-core@2.0.4278",
+        "_from": "file:/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+        "_requested": {
+          "type": "directory",
+          "where": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+          "raw": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+          "rawSpec": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+          "saveSpec": "file:/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+          "fetchSpec": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core"
+        },
+        "_spec": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core",
+        "_where": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4278/node_modules/@microsoft.azure/autorest-core"
+      },
+      "extensionManager": {
+        "installationPath": "/root/.autorest",
+        "sharedLock": {
+          "name": "/root/.autorest",
+          "exclusiveLock": {
+            "name": "_root_.autorest.exclusive-lock",
+            "options": {
+              "port": 45234,
+              "host": "2130706813",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.exclusive-lock:45234"
+          },
+          "busyLock": {
+            "name": "_root_.autorest.busy-lock",
+            "options": {
+              "port": 37199,
+              "host": "2130756895",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.busy-lock:37199"
+          },
+          "personalLock": {
+            "name": "_root_.autorest.5839.871434054468.personal-lock",
+            "options": {
+              "port": 53518,
+              "host": "2130749776",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.5839.871434054468.personal-lock:53518"
+          },
+          "file": "/tmp/_root_.autorest.lock"
+        },
+        "dotnetPath": "/root/.dotnet"
+      },
+      "installationPath": "/root/.autorest"
+    },
+    {
+      "resolvedInfo": null,
+      "packageMetadata": {
+        "name": "@microsoft.azure/autorest-core",
+        "version": "2.0.4279",
+        "engines": {
+          "node": ">=7.10.0"
+        },
+        "dependencies": {
+          "typescript": "2.6.2"
+        },
+        "optionalDependencies": {},
+        "devDependencies": {
+          "@types/commonmark": "^0.27.0",
+          "@types/jsonpath": "^0.1.29",
+          "@types/mocha": "5.2.0",
+          "@types/node": "^8.0.53",
+          "@types/source-map": "0.5.0",
+          "@types/yargs": "^8.0.2",
+          "@types/z-schema": "^3.16.31",
+          "dts-generator": "^2.1.0",
+          "mocha": "5.2.0",
+          "mocha-typescript": "1.1.14",
+          "shx": "0.2.2",
+          "static-link": "^0.2.3",
+          "vscode-jsonrpc": "^3.3.1"
+        },
+        "bundleDependencies": false,
+        "peerDependencies": {},
+        "deprecated": false,
+        "_resolved": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+        "_integrity": null,
+        "_shasum": "1a2a6b2c98ac14373692035cfcf914a62b921583",
+        "_shrinkwrap": null,
+        "bin": {
+          "autorest-core": "./dist/app.js",
+          "autorest-language-service": "dist/language-service/language-service.js"
+        },
+        "_id": "@microsoft.azure/autorest-core@2.0.4279",
+        "_from": "file:/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+        "_requested": {
+          "type": "directory",
+          "where": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+          "raw": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+          "rawSpec": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+          "saveSpec": "file:/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+          "fetchSpec": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core"
+        },
+        "_spec": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core",
+        "_where": "/root/.autorest/@microsoft.azure_autorest-core@2.0.4279/node_modules/@microsoft.azure/autorest-core"
+      },
+      "extensionManager": {
+        "installationPath": "/root/.autorest",
+        "sharedLock": {
+          "name": "/root/.autorest",
+          "exclusiveLock": {
+            "name": "_root_.autorest.exclusive-lock",
+            "options": {
+              "port": 45234,
+              "host": "2130706813",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.exclusive-lock:45234"
+          },
+          "busyLock": {
+            "name": "_root_.autorest.busy-lock",
+            "options": {
+              "port": 37199,
+              "host": "2130756895",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.busy-lock:37199"
+          },
+          "personalLock": {
+            "name": "_root_.autorest.5839.871434054468.personal-lock",
+            "options": {
+              "port": 53518,
+              "host": "2130749776",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.5839.871434054468.personal-lock:53518"
+          },
+          "file": "/tmp/_root_.autorest.lock"
+        },
+        "dotnetPath": "/root/.dotnet"
+      },
+      "installationPath": "/root/.autorest"
+    },
+    {
+      "resolvedInfo": null,
+      "packageMetadata": {
+        "name": "@microsoft.azure/autorest.modeler",
+        "version": "2.0.21",
+        "dependencies": {
+          "dotnet-2.0.0": "^1.3.2"
+        },
+        "optionalDependencies": {},
+        "devDependencies": {
+          "coffee-script": "^1.11.1",
+          "dotnet-sdk-2.0.0": "^1.1.1",
+          "gulp": "^3.9.1",
+          "gulp-filter": "^5.0.0",
+          "gulp-line-ending-corrector": "^1.0.1",
+          "iced-coffee-script": "^108.0.11",
+          "marked": "^0.3.6",
+          "marked-terminal": "^2.0.0",
+          "moment": "^2.17.1",
+          "run-sequence": "*",
+          "shx": "^0.2.2",
+          "through2-parallel": "^0.1.3",
+          "yargs": "^8.0.2",
+          "yarn": "^1.0.2"
+        },
+        "bundleDependencies": false,
+        "peerDependencies": {},
+        "deprecated": false,
+        "_resolved": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+        "_integrity": null,
+        "_shasum": "3ce7d3939124b31830be15e5de99b9b7768afb90",
+        "_shrinkwrap": null,
+        "bin": null,
+        "_id": "@microsoft.azure/autorest.modeler@2.0.21",
+        "_from": "file:/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+        "_requested": {
+          "type": "directory",
+          "where": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+          "raw": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+          "rawSpec": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+          "saveSpec": "file:/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+          "fetchSpec": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler"
+        },
+        "_spec": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler",
+        "_where": "/root/.autorest/@microsoft.azure_autorest.modeler@2.0.21/node_modules/@microsoft.azure/autorest.modeler"
+      },
+      "extensionManager": {
+        "installationPath": "/root/.autorest",
+        "sharedLock": {
+          "name": "/root/.autorest",
+          "exclusiveLock": {
+            "name": "_root_.autorest.exclusive-lock",
+            "options": {
+              "port": 45234,
+              "host": "2130706813",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.exclusive-lock:45234"
+          },
+          "busyLock": {
+            "name": "_root_.autorest.busy-lock",
+            "options": {
+              "port": 37199,
+              "host": "2130756895",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.busy-lock:37199"
+          },
+          "personalLock": {
+            "name": "_root_.autorest.5839.871434054468.personal-lock",
+            "options": {
+              "port": 53518,
+              "host": "2130749776",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.5839.871434054468.personal-lock:53518"
+          },
+          "file": "/tmp/_root_.autorest.lock"
+        },
+        "dotnetPath": "/root/.dotnet"
+      },
+      "installationPath": "/root/.autorest"
+    },
+    {
+      "resolvedInfo": null,
+      "packageMetadata": {
+        "name": "@microsoft.azure/autorest.modeler",
+        "version": "2.3.44",
+        "dependencies": {
+          "dotnet-2.0.0": "^1.4.4"
+        },
+        "optionalDependencies": {},
+        "devDependencies": {
+          "@microsoft.azure/autorest.testserver": "2.3.17",
+          "autorest": "^2.0.4225",
+          "coffee-script": "^1.11.1",
+          "dotnet-sdk-2.0.0": "^1.4.4",
+          "gulp": "^3.9.1",
+          "gulp-filter": "^5.0.0",
+          "gulp-line-ending-corrector": "^1.0.1",
+          "iced-coffee-script": "^108.0.11",
+          "marked": "^0.3.6",
+          "marked-terminal": "^2.0.0",
+          "moment": "^2.17.1",
+          "run-sequence": "*",
+          "shx": "^0.2.2",
+          "through2-parallel": "^0.1.3",
+          "yargs": "^8.0.2",
+          "yarn": "^1.0.2"
+        },
+        "bundleDependencies": false,
+        "peerDependencies": {},
+        "deprecated": false,
+        "_resolved": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+        "_integrity": null,
+        "_shasum": "9b5a880a77467be33a77f002f03230d3ccc21266",
+        "_shrinkwrap": null,
+        "bin": null,
+        "_id": "@microsoft.azure/autorest.modeler@2.3.44",
+        "_from": "file:/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+        "_requested": {
+          "type": "directory",
+          "where": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+          "raw": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+          "rawSpec": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+          "saveSpec": "file:/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+          "fetchSpec": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler"
+        },
+        "_spec": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler",
+        "_where": "/root/.autorest/@microsoft.azure_autorest.modeler@2.3.44/node_modules/@microsoft.azure/autorest.modeler"
+      },
+      "extensionManager": {
+        "installationPath": "/root/.autorest",
+        "sharedLock": {
+          "name": "/root/.autorest",
+          "exclusiveLock": {
+            "name": "_root_.autorest.exclusive-lock",
+            "options": {
+              "port": 45234,
+              "host": "2130706813",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.exclusive-lock:45234"
+          },
+          "busyLock": {
+            "name": "_root_.autorest.busy-lock",
+            "options": {
+              "port": 37199,
+              "host": "2130756895",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.busy-lock:37199"
+          },
+          "personalLock": {
+            "name": "_root_.autorest.5839.871434054468.personal-lock",
+            "options": {
+              "port": 53518,
+              "host": "2130749776",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.5839.871434054468.personal-lock:53518"
+          },
+          "file": "/tmp/_root_.autorest.lock"
+        },
+        "dotnetPath": "/root/.dotnet"
+      },
+      "installationPath": "/root/.autorest"
+    },
+    {
+      "resolvedInfo": null,
+      "packageMetadata": {
+        "name": "@microsoft.azure/autorest.python",
+        "version": "2.1.40",
+        "dependencies": {
+          "dotnet-2.0.0": "^1.4.4"
+        },
+        "optionalDependencies": {},
+        "devDependencies": {
+          "@microsoft.azure/autorest.testserver": "^2.4.0",
+          "autorest": "^2.0.4203",
+          "coffee-script": "^1.11.1",
+          "dotnet-sdk-2.0.0": "^1.4.4",
+          "gulp": "^3.9.1",
+          "gulp-filter": "^5.0.0",
+          "gulp-line-ending-corrector": "^1.0.1",
+          "iced-coffee-script": "^108.0.11",
+          "marked": "^0.3.6",
+          "marked-terminal": "^2.0.0",
+          "moment": "^2.17.1",
+          "run-sequence": "*",
+          "shx": "^0.2.2",
+          "through2-parallel": "^0.1.3",
+          "yargs": "^8.0.2",
+          "yarn": "^1.0.2"
+        },
+        "bundleDependencies": false,
+        "peerDependencies": {},
+        "deprecated": false,
+        "_resolved": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+        "_integrity": null,
+        "_shasum": "9b3f08c892d725ac571b3a7dc8f781d76da64397",
+        "_shrinkwrap": null,
+        "bin": null,
+        "_id": "@microsoft.azure/autorest.python@2.1.40",
+        "_from": "file:/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+        "_requested": {
+          "type": "directory",
+          "where": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+          "raw": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+          "rawSpec": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+          "saveSpec": "file:/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+          "fetchSpec": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python"
+        },
+        "_spec": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python",
+        "_where": "/root/.autorest/@microsoft.azure_autorest.python@2.1.40/node_modules/@microsoft.azure/autorest.python"
+      },
+      "extensionManager": {
+        "installationPath": "/root/.autorest",
+        "sharedLock": {
+          "name": "/root/.autorest",
+          "exclusiveLock": {
+            "name": "_root_.autorest.exclusive-lock",
+            "options": {
+              "port": 45234,
+              "host": "2130706813",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.exclusive-lock:45234"
+          },
+          "busyLock": {
+            "name": "_root_.autorest.busy-lock",
+            "options": {
+              "port": 37199,
+              "host": "2130756895",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.busy-lock:37199"
+          },
+          "personalLock": {
+            "name": "_root_.autorest.5839.871434054468.personal-lock",
+            "options": {
+              "port": 53518,
+              "host": "2130749776",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.5839.871434054468.personal-lock:53518"
+          },
+          "file": "/tmp/_root_.autorest.lock"
+        },
+        "dotnetPath": "/root/.dotnet"
+      },
+      "installationPath": "/root/.autorest"
+    },
+    {
+      "resolvedInfo": null,
+      "packageMetadata": {
+        "name": "@microsoft.azure/autorest.python",
+        "version": "3.0.51",
+        "dependencies": {
+          "dotnet-2.0.0": "^1.4.4"
+        },
+        "optionalDependencies": {},
+        "devDependencies": {
+          "@microsoft.azure/autorest.testserver": "^2.5.6",
+          "autorest": "^2.0.4203",
+          "coffee-script": "^1.11.1",
+          "dotnet-sdk-2.0.0": "^1.4.4",
+          "gulp": "^3.9.1",
+          "gulp-filter": "^5.0.0",
+          "gulp-line-ending-corrector": "^1.0.1",
+          "iced-coffee-script": "^108.0.11",
+          "marked": "^0.3.6",
+          "marked-terminal": "^2.0.0",
+          "moment": "^2.17.1",
+          "run-sequence": "*",
+          "shx": "^0.2.2",
+          "through2-parallel": "^0.1.3",
+          "yargs": "^8.0.2",
+          "yarn": "^1.0.2"
+        },
+        "bundleDependencies": false,
+        "peerDependencies": {},
+        "deprecated": false,
+        "_resolved": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+        "_integrity": null,
+        "_shasum": "edbae1c0462026e20a8efafd3b4b6cd9e3d111ac",
+        "_shrinkwrap": null,
+        "bin": null,
+        "_id": "@microsoft.azure/autorest.python@3.0.51",
+        "_from": "file:/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+        "_requested": {
+          "type": "directory",
+          "where": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+          "raw": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+          "rawSpec": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+          "saveSpec": "file:/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+          "fetchSpec": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python"
+        },
+        "_spec": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python",
+        "_where": "/root/.autorest/@microsoft.azure_autorest.python@3.0.51/node_modules/@microsoft.azure/autorest.python"
+      },
+      "extensionManager": {
+        "installationPath": "/root/.autorest",
+        "sharedLock": {
+          "name": "/root/.autorest",
+          "exclusiveLock": {
+            "name": "_root_.autorest.exclusive-lock",
+            "options": {
+              "port": 45234,
+              "host": "2130706813",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.exclusive-lock:45234"
+          },
+          "busyLock": {
+            "name": "_root_.autorest.busy-lock",
+            "options": {
+              "port": 37199,
+              "host": "2130756895",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.busy-lock:37199"
+          },
+          "personalLock": {
+            "name": "_root_.autorest.5839.871434054468.personal-lock",
+            "options": {
+              "port": 53518,
+              "host": "2130749776",
+              "exclusive": true
+            },
+            "pipe": "/tmp/pipe__root_.autorest.5839.871434054468.personal-lock:53518"
+          },
+          "file": "/tmp/_root_.autorest.lock"
+        },
+        "dotnetPath": "/root/.dotnet"
+      },
+      "installationPath": "/root/.autorest"
+    }
+  ],
+  "autorest_bootstrap": {}
 }
\ No newline at end of file