Fix: Handle Nullable Parameters for Certificate Auto-Renewal

[notyashhh]

Description

This PR addresses issue #25649, where users were unable to disable auto-renewal on a KeyVault certificate policy. The changes include:

• Manual Validation for Nullable Parameters: The parameters RenewAtNumberOfDaysBeforeExpiry and RenewAtPercentageLifetime were originally set with ValidateRange attributes, which caused issues when trying to set them to null. The validation logic has been moved to the ExecuteCmdlet method to manually validate these parameters only when they are not null.

• Updated Command Behavior: Adjusted the behavior of Set-AzKeyVaultCertificatePolicy to allow for proper handling of nullable parameters, ensuring that users can disable auto-renewal by setting these parameters to null.

• Improved Pipeline Handling: Addressed an issue where the Curve, KeySize, and CertificateTransparency properties were incorrectly being validated from the pipeline due to ValueFromPipelineByPropertyName. These validations have been adjusted to prevent incorrect mappings and allow the command to function as expected.

Mandatory Checklist

• Please choose the target release of Azure PowerShell. (⚠️Target release is a different concept from API readiness. Please click below links for details.)

  • [x] General release
  • [ ] Public preview
  • [ ] Private preview
  • [ ] Engineering build
  • [ ] No need for a release

• [x] Check this box to confirm: I have read the Submitting Changes section of CONTRIBUTING.md and reviewed the following information:

Additional Notes:

• This change resolves an issue where the Azure portal did not reflect the actual state of the certificate policy after modifying renewal settings through PowerShell. This ensures consistency across PowerShell and the Azure portal.
• Users can now effectively disable auto-renewal by setting the appropriate parameters to null without encountering validation errors.

This PR improves the usability of the Set-AzKeyVaultCertificatePolicy cmdlet and ensures that it behaves as expected when managing certificate policies within Azure KeyVault.

• SHOULD update ChangeLog.md file(s) appropriately
  • For SDK-based development mode, update src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense.
  • For autorest-based development mode, include the changelog in the PR description.
  • Should not change ChangeLog.md if no new release is required, such as fixing test case only.
• SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
• SHOULD have proper test coverage for changes in pull request.
• SHOULD NOT adjust version of module manually in pull request

[azure-client-tools-bot-prd[bot]]

️✔️Az.Accounts

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.Compute

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Test

️✔️ - Linux

️✔️ - MacOS

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.CosmosDB

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Test

️✔️ - Linux

️✔️ - MacOS

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.EventHub

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Test

️✔️ - Linux

️✔️ - MacOS

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

⚠️Az.KeyVault

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Breaking Change Check

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

⚠️Signature Check

⚠️PowerShell Core - Windows

Type	Cmdlet	Description	Remediation
⚠️	Get-AzKeyVaultManagedHsmRegion	Get-AzKeyVaultManagedHsmRegion Changes the ConfirmImpact but does not set the SupportsShouldProcess property to true in the cmdlet attribute.	Determine if the cmdlet should implement ShouldProcess and if so determine if it should implement Force / ShouldContinue
⚠️	Get-AzKeyVaultManagedHsmRegion	Get-AzKeyVaultManagedHsmRegion changes the confirm impact. Please ensure that the change in ConfirmImpact is justified	Verify that ConfirmImpact is changed appropriately by the cmdlet. It is very rare for a cmdlet to change the ConfirmImpact.

⚠️Windows PowerShell - Windows

Type	Cmdlet	Description	Remediation
⚠️	Get-AzKeyVaultManagedHsmRegion	Get-AzKeyVaultManagedHsmRegion Changes the ConfirmImpact but does not set the SupportsShouldProcess property to true in the cmdlet attribute.	Determine if the cmdlet should implement ShouldProcess and if so determine if it should implement Force / ShouldContinue
⚠️	Get-AzKeyVaultManagedHsmRegion	Get-AzKeyVaultManagedHsmRegion changes the confirm impact. Please ensure that the change in ConfirmImpact is justified	Verify that ConfirmImpact is changed appropriately by the cmdlet. It is very rare for a cmdlet to change the ConfirmImpact.

️✔️Help Example Check

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Help File Existence Check

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️File Change Check

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️UX Metadata Check

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

⚠️Test

⚠️ - Linux

Type	Title	Current Coverage	Description
⚠️	Test Coverage Less Than 50%	22.09 %	Test coverage for the module cannot be lower than 50%.

⚠️ - MacOS

Type	Title	Current Coverage	Description
⚠️	Test Coverage Less Than 50%	22.09%	Test coverage for the module cannot be lower than 50%.

⚠️PowerShell Core - Windows

Type	Title	Current Coverage	Description
⚠️	Test Coverage Less Than 50%	22.09%	Test coverage for the module cannot be lower than 50%.

⚠️Windows PowerShell - Windows

Type	Title	Current Coverage	Description
⚠️	Test Coverage Less Than 50%	22.09%	Test coverage for the module cannot be lower than 50%.

️✔️Az.ManagedServiceIdentity

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.Monitor

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.Network

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Test

️✔️ - Linux

️✔️ - MacOS

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.OperationalInsights

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.PrivateDns

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.Resources

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.ServiceBus

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Test

️✔️ - Linux

️✔️ - MacOS

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.Sql

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Test

️✔️ - Linux

️✔️ - MacOS

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

️✔️Az.Storage

️✔️Build

️✔️PowerShell Core - Windows

️✔️Windows PowerShell - Windows

[github-actions[bot]]

This PR was labeled "needs-revision" because it has unresolved review comments or CI failures. Please resolve all open review comments and make sure all CI checks are green. Refer to our guide to troubleshoot common CI failures.