[Keyvault] Fix #20520 az keyvault network-rule: Support removing multiple IP (#22025)

* [Keyvault] Fix #20520 `az keyvault network-rule`: Support removing multiple ip

* Minor fix

Co-authored-by: Hang Lei <2227874+bebound@users.noreply.github.com>

Author: bebound

src/azure-cli/azure/cli/command_modules/keyvault/_params.py

@@ -244,8 +244,10 @@ class CLISecurityDomainOperation(str, Enum):
         c.argument('subnet', help='Name or ID of subnet. If name is supplied, `--vnet-name` must be supplied.')
         c.argument('vnet_name', help='Name of a virtual network.', validator=validate_subnet)
 
-    with self.argument_context('keyvault network-rule add', min_api='2018-02-14') as c:
-        c.argument('ip_address', nargs='*', help='IPv4 address or CIDR range. Can supply a list: --ip-address ip1 [ip2]...', validator=validate_ip_address)
+    for item in ['add', 'remove']:
+        with self.argument_context('keyvault network-rule {}'.format(item), min_api='2018-02-14') as c:
+            c.argument('ip_address', nargs='*', help='IPv4 address or CIDR range. Can supply a list: --ip-address ip1 '
+                                                     '[ip2]...', validator=validate_ip_address)
 
     for item in ['approve', 'reject', 'delete', 'show', 'wait']:
         with self.argument_context('keyvault private-endpoint-connection {}'.format(item), min_api='2018-02-14') as c:

src/azure-cli/azure/cli/command_modules/keyvault/custom.py

@@ -1068,7 +1068,8 @@ def remove_network_rule(cmd, client, resource_group_name, vault_name, ip_address
             rules.virtual_network_rules = new_rules
 
     if ip_address and rules.ip_rules:
-        new_rules = [x for x in rules.ip_rules if ip_network(x.value) != ip_network(ip_address)]
+        to_remove = [ip_network(x) for x in ip_address]
+        new_rules = list(filter(lambda x: all(ip_network(x.value) != i for i in to_remove), rules.ip_rules))
         to_modify |= len(new_rules) != len(rules.ip_rules)
         if to_modify:
             rules.ip_rules = new_rules