The parameter '--keyvault' is invalid and an error will be reported in `az batch account create`

[BigCat20196]

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Describe the bug

When I execute this command, I get the following error.

az batch account create --resource-group myResourceGroup1 --name mybatchaccount1 --location westeurope --keyvault mykevault11

Azure Error: InvalidKeyVaultReference Message: The specified Key Vault reference is invalid. RequestId:23249e92-4412-4740-a95e-25e5e8ec67b2 Time:2021-05-25T03:00:29.4081165Z Target: BatchAccount Exception Details: Error Code: Reason Message: The specified Key Vault /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/myResourceGroup1/providers/Microsoft.KeyVault/vaults/mykevault11 does not have the Batch Service in access policies.

To Reproduce

`
az group create --name myResourceGroup1 --location westeurope

az keyvault create --resource-group myResourceGroup1 --name mykevault11 --location westeurope --enabled-for-deployment true --enabled-for-disk-encryption true --enabled-for-template-deployment true

az keyvault set-policy --resource-group myResourceGroup1 --name mykevault11 --object-id 3835f2fd-0701-4221-8a47-a8298114e26d --key-permissions encrypt decrypt wrapKey unwrapKey sign verify get list create update import delete backup restore recover purge --secret-permissions get list set delete backup restore recover purge

az batch account create --resource-group myResourceGroup1 --name mybatchaccount1 --location westeurope --keyvault mykevault11
`

Expected behavior

Command is executed successfully, and batch account is created.

Environment summary

python
Windows-10-10.0.19041
Python 3.8.8
Installer: pip

azure-cli 2.23.0

Additional context

'all' is not a valid value for --key-permissions or --secret-permissions
This example need to update: https://docs.microsoft.com/en-us/azure/batch/scripts/batch-cli-sample-create-user-subscription-account

[BigCat20196]

Then I create batch account through portal and specify keyvault, and the result is still failed.

I guess this may be because keyvault does not have access policies. After that, I check all permissions and still prompt that there are no permissions. I wonder if this feature was broken in an upgrade.

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @cRui861, @paterasMSFT, @gingi, @dpwatrous.

Issue Details

---

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Describe the bug

When I execute this command, I get the following error.

az batch account create --resource-group myResourceGroup1 --name mybatchaccount1 --location westeurope --keyvault mykevault11

Azure Error: InvalidKeyVaultReference Message: The specified Key Vault reference is invalid. RequestId:23249e92-4412-4740-a95e-25e5e8ec67b2 Time:2021-05-25T03:00:29.4081165Z Target: BatchAccount Exception Details: Error Code: Reason Message: The specified Key Vault /subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/myResourceGroup1/providers/Microsoft.KeyVault/vaults/mykevault11 does not have the Batch Service in access policies.

To Reproduce

`
az group create --name myResourceGroup1 --location westeurope

az keyvault create --resource-group myResourceGroup1 --name mykevault11 --location westeurope --enabled-for-deployment true --enabled-for-disk-encryption true --enabled-for-template-deployment true

az keyvault set-policy --resource-group myResourceGroup1 --name mykevault11 --object-id 3835f2fd-0701-4221-8a47-a8298114e26d --key-permissions encrypt decrypt wrapKey unwrapKey sign verify get list create update import delete backup restore recover purge --secret-permissions get list set delete backup restore recover purge

az batch account create --resource-group myResourceGroup1 --name mybatchaccount1 --location westeurope --keyvault mykevault11
`

Expected behavior

Command is executed successfully, and batch account is created.

Environment summary

python
Windows-10-10.0.19041
Python 3.8.8
Installer: pip

azure-cli 2.23.0

Additional context

'all' is not a valid value for --key-permissions or --secret-permissions
This example need to update: https://docs.microsoft.com/en-us/azure/batch/scripts/batch-cli-sample-create-user-subscription-account

Author:	BigCat20196
Assignees:	-
Labels:	Batch, Service Attention, needs-triage
Milestone:	-

[yonzhan]

route to service team