az network private-link-service create - "visibility" parameter's allowed values are not working properly when use with "auto-approval".

[wviriya]

az feedback auto-generates most of the information requested below, as of CLI version 2.0.62

Related command

Describe the bug

az network private-link-service create - the visibility parameter should allow null, "*", or a list of subscription ID

To Reproduce

PREFIX="pls"
RESOURCE_GROUP="${PREFIX}-rg"
LOCATION="australiaeast"
PRIVATE_LINK_SERVICE="${PREFIX}-pls"
VNET_NAME="${PREFIX}-custom-vnet"
SUBNET_NAME="pls-subnet"
LB_NAME="${PREFIX}-lb"

az group create
--name $RESOURCE_GROUP
--location $LOCATION

az network vnet create
--resource-group $RESOURCE_GROUP
--name $VNET_NAME
--location $LOCATION
--subnet-name $SUBNET_NAME
--subnet-prefixes 10.0.0.0/24
--address-prefix 10.0.0.0/23

az network vnet subnet update
--resource-group $RESOURCE_GROUP
--name $SUBNET_NAME
--vnet-name $VNET_NAME
--disable-private-link-service-network-policies true

az network lb create
--resource-group $RESOURCE_GROUP
--name $LB_NAME
--sku Standard
--vnet-name $VNET_NAME
--subnet $SUBNET_NAME
--frontend-ip-name myFrontEnd
--backend-pool-name myBackEndPool

az network lb probe create
--resource-group $RESOURCE_GROUP
--lb-name $LB_NAME
--name myHealthProbe
--protocol tcp
--port 80

az network lb rule create
--resource-group $RESOURCE_GROUP
--lb-name $LB_NAME
--name myHTTPRule
--protocol tcp
--frontend-port 80
--backend-port 80
--frontend-ip-name myFrontEnd
--backend-pool-name myBackEndPool
--probe-name myHealthProbe
--idle-timeout 15
--enable-tcp-reset true

LB_FRONTEND_IP_CONFIG=az network lb frontend-ip list \ --resource-group $RESOURCE_GROUP \ --lb-name $LB_NAME \ --query [0].id --out tsv

SUBNET_ID=az network vnet subnet show \ --resource-group $RESOURCE_GROUP \ --vnet-name $VNET_NAME \ --name $SUBNET_NAME \ --query "id" --out tsv

SUBSCRIPTION_ID=az account show --query id --out tsv

az network private-link-service create
--resource-group $RESOURCE_GROUP
--name $PRIVATE_LINK_SERVICE
--subnet $SUBNET_ID
--lb-frontend-ip-configs $LB_FRONTEND_IP_CONFIG
--location $LOCATION
--visibility $SUBSCRIPTION_ID
--auto-approval $SUBSCRIPTION_ID

Expected behavior

A Private Link Service is created with the following properties:
visibility = array of subscription ID
auto-approval = array of subscription ID

Environment summary

Azure CLI
{
"azure-cli": "2.40.0",
"azure-cli-core": "2.40.0",
"azure-cli-telemetry": "1.0.8",
"extensions": {
"containerapp": "0.3.11",
"front-door": "1.0.17"
}
}

WSL2 distro: Ubuntu-20.04 on Windows 11

Error received

(InvalidCorrelationBetweenAutoApprovalAndVisibility) The subscriptions  in property AutoApproval has invalid correlation with the subscriptions SUBSCRIPTION_ID in property Visibility for this private link service /subscriptions/SUBSCRIPTION_ID /resourceGroups/plssvc1-rg/providers/Microsoft.Network/privateLinkServices/plssvc1-pls. Please make sure the subscriptions of AutoApproval is subset of subscriptions in Visibility or "" or empty.
Code: InvalidCorrelationBetweenAutoApprovalAndVisibility
Message: The subscriptions  in property AutoApproval has invalid correlation with the subscriptions SUBSCRIPTION_ID in property Visibility for this private link service /subscriptions/SUBSCRIPTION_ID/resourceGroups/plssvc1-rg/providers/Microsoft.Network/privateLinkServices/plssvc1-pls. Please make sure the subscriptions of AutoApproval is subset of subscriptions in Visibility or "" or empty.

Additional context

I believe that the allowed values for parameter visibility and auto-approval are swap. The visibility parameter should accept null, "*", or an array of subscription ID. The auto-approval should also accept null or a subset of an array of subscription ID in visibility parameter.

[yonzhan]

@necusjz for awareness