Update-AzKeyVaultKey cannot update "key ops" on Managed HSM

[daviddesberg]

Description

When attempting to set the key ops on a Managed HSM instance, powershell fails with "Update-AzKeyVaultKey : Specified cast is not valid."

Issue script & Debug output

PS C:\Users\dadesber> $ops
wrapKey
verify
sign
unwrapKey
encrypt
decrypt
PS C:\Users\dadesber> Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Update-AzKeyVaultKey : Specified cast is not valid.
At line:1 char:1
+ Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Update-AzKeyVaultKey], InvalidCastException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey

PS C:\Users\dadesber>

Environment data

PS C:\Users\dadesber> $ops
wrapKey
verify
sign
unwrapKey
encrypt
decrypt
PS C:\Users\dadesber> Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Update-AzKeyVaultKey : Specified cast is not valid.
At line:1 char:1
+ Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Update-AzKeyVaultKey], InvalidCastException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey

PS C:\Users\dadesber>

Module versions

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.7.1      Az.Accounts                         {Add-AzEnvironment, Clear-AzContext, Clear-AzDefault, Conn...
Script     4.2.0      Az.KeyVault                         {Add-AzKeyVaultCertificate, Add-AzKeyVaultCertificateConta...

Error output

HistoryId: 39


Message        : Specified cast is not valid.
StackTrace     :    at Microsoft.Azure.Commands.KeyVault.Track2Models.Track2HsmClient.UpdateKey(KeyClient client,
                 String keyName, String keyVersion, PSKeyVaultKeyAttributes keyAttributes)
                    at Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidCastException
InvocationInfo : {Update-AzKeyVaultKey}
Line           : Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Position       : At line:1 char:1
                 + Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 39



   HistoryId: 37


Message        : Specified cast is not valid.
StackTrace     :    at Microsoft.Azure.Commands.KeyVault.Track2Models.Track2HsmClient.UpdateKey(KeyClient client,
                 String keyName, String keyVersion, PSKeyVaultKeyAttributes keyAttributes)
                    at Microsoft.Azure.Commands.KeyVault.UpdateAzureKeyVaultKey.ExecuteCmdlet()
                    at Microsoft.WindowsAzure.Commands.Utilities.Common.AzurePSCmdlet.ProcessRecord()
Exception      : System.InvalidCastException
InvocationInfo : {Update-AzKeyVaultKey}
Line           : Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps $ops
Position       : At line:1 char:1
                 + Update-AzKeyVaultKey -HsmName mhsmpartnertest -name rsatest1 -KeyOps  ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 37