[KeyVault] Support `--hsm-name` for `az keyvault key encrypt/decrypt` (#15218)

src/azure-cli/azure/cli/command_modules/keyvault/_params.py

@@ -316,7 +316,7 @@ def load_arguments(self, _):
 
     # SDK functions
     for item in ['delete', 'list', 'list-deleted', 'list-versions', 'purge', 'recover',
-                 'set-attributes', 'show', 'show-deleted']:
+                 'set-attributes', 'show', 'show-deleted', 'encrypt', 'decrypt']:
         with self.argument_context('keyvault key {}'.format(item), arg_group='Id') as c:
             c.ignore('cls')
             if item in ['list', 'list-deleted']:

src/azure-cli/azure/cli/command_modules/keyvault/tests/latest/test_keyvault_commands.py

@@ -810,6 +810,20 @@ class KeyVaultHSMKeyUsingHSMNameScenarioTest(ScenarioTest):
         self.kwargs['hsm_kid1'] = hsm_key['key']['kid']
         self.kwargs['hsm_version1'] = self.kwargs['hsm_kid1'].rsplit('/', 1)[1]
 
+        # encrypt/decrypt
+        self.kwargs['plaintext_value'] = 'abcdef'
+        self.kwargs['base64_value'] = 'YWJjZGVm'
+        self.kwargs['encryption_result1'] = \
+            self.cmd('keyvault key encrypt -n {key} --hsm-name {hsm_name} -a RSA-OAEP --value "{plaintext_value}" '
+                     '--data-type plaintext').get_output_in_json()['result']
+        self.kwargs['encryption_result2'] = \
+            self.cmd('keyvault key encrypt -n {key} --hsm-name {hsm_name} -a RSA-OAEP --value "{base64_value}" '
+                     '--data-type base64').get_output_in_json()['result']
+        self.cmd('keyvault key decrypt -n {key} --hsm-name {hsm_name} -a RSA-OAEP --value "{encryption_result1}" '
+                 '--data-type plaintext', checks=self.check('result', '{plaintext_value}'))
+        self.cmd('keyvault key decrypt -n {key} --hsm-name {hsm_name} -a RSA-OAEP --value "{encryption_result2}" '
+                 '--data-type base64', checks=self.check('result', '{base64_value}'))
+
         # delete/recover
         deleted_key = self.cmd('keyvault key delete --hsm-name {hsm_name} -n {key}',
                                checks=self.check('key.kid', '{hsm_kid1}')).get_output_in_json()
@@ -962,6 +976,20 @@ class KeyVaultHSMKeyUsingHSMURLScenarioTest(ScenarioTest):
         self.kwargs['hsm_kid1'] = hsm_key['key']['kid']
         self.kwargs['hsm_version1'] = self.kwargs['hsm_kid1'].rsplit('/', 1)[1]
 
+        # encrypt/decrypt
+        self.kwargs['plaintext_value'] = 'abcdef'
+        self.kwargs['base64_value'] = 'YWJjZGVm'
+        self.kwargs['encryption_result1'] = \
+            self.cmd('keyvault key encrypt --id {hsm_url}/keys/{key} -a RSA-OAEP --value "{plaintext_value}" '
+                     '--data-type plaintext').get_output_in_json()['result']
+        self.kwargs['encryption_result2'] = \
+            self.cmd('keyvault key encrypt --id {hsm_url}/keys/{key} -a RSA-OAEP --value "{base64_value}" '
+                     '--data-type base64').get_output_in_json()['result']
+        self.cmd('keyvault key decrypt --id {hsm_url}/keys/{key} -a RSA-OAEP --value "{encryption_result1}" '
+                 '--data-type plaintext', checks=self.check('result', '{plaintext_value}'))
+        self.cmd('keyvault key decrypt --id {hsm_url}/keys/{key} -a RSA-OAEP --value "{encryption_result2}" '
+                 '--data-type base64', checks=self.check('result', '{base64_value}'))
+
         # delete/recover
         deleted_key = self.cmd('keyvault key delete --id {hsm_kid1}',
                                checks=self.check('key.kid', '{hsm_kid1}')).get_output_in_json()