[AD] az ad app/sp update: Add --parameters to replace generic update arguments

[jiasli]

Description

During Microsoft Graph migration (#22432), Azure CLI switched to a lightweight model-less GraphClient for Microsoft Graph interaction because:

• Autorest for Python doesn't support openapi 3.0
• Azure CLI code-gen doesn't support openapi 3.0
• No Python SDK

Even though this architecture enables Azure CLI to freely call Graph service, it is not compatible with generic update, because the schema of the object is unknown. The best we can do is to allow calling --set on root-level properties (#22798). For other unsupported operations --add, --remove, the current workaround is to use az rest which is not very friendly to those who are not familiar with the underlying REST API.

This PR proposes a more powerful way to update a Graph object - using --parameters to update Graph objects directly with a JSON, similar to az rest but without HTTP protocol details. We experimented with this approach in az ad app federated-credential create/update commands and customers' feedback is positive.

> az ad app federated-credential update -h

Command
    az ad app federated-credential update : Update application federated identity credential.

Arguments
    --federated-credential-id [Required] : ID or name of the federated identity credential.
    --id                      [Required] : Application's appId, identifierUri, or id (formerly known
                                           as objectId).
    --parameters              [Required] : Parameters for creating federated identity credential.
                                           Should be JSON file path or in-line JSON string. See
                                           examples below for details.

Unlike ARM which uses PUT for creating and updating, Graph API uses POST and PATCH for creating and updating, thus not idempotent, such as

• Create application - POST
• Update application - PATCH

This enables us to update the application without getting it first.

For the original generic update argument:

• Using --set on root properties are preserved.
• Unsupported generic update argument --remove and --add are removed. Actually, they stopped working since MS Graph migration (2.37.0) (as documented in Known issues), and we received very few complaints, so we can assume its usage is not necessary.

Testing Guide

az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --set groupMembershipClaims=All
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --parameters '{"groupMembershipClaims": "All"}'

az ad sp update --id 00000000-0000-0000-0000-000000000000 --set appRoleAssignmentRequired=true
az ad sp update --id 00000000-0000-0000-0000-000000000000 --parameters '{"appRoleAssignmentRequired": true}'

TODO

• --set and --parameters are only supported on az ad app/sp update. Other Graph object type user, group don't support generic update from the beginning.
• We may also extent --set and --parameters to create commands.

[yonzhan]

AD

[alexdrenea]

@jiasli this looks great!
Just a couple of comments or potential improvements.

1. can you use --parameters to set "deep" properties? i.e. api.acceptMappedClaims? or web.logoutUrl? If yes, maybe add it to the Testing Guide as an example
2. can we enable the --parameters flag on create? so that you can create your application in one az ad app call and not have to do create and update as two operations (if MS Graph supports it)

[jiasli]

can you use --parameters to set "deep" properties? i.e. api.acceptMappedClaims? or web.logoutUrl? If yes, maybe add it to the Testing Guide as an example

I don't think it will be possible to implement setting "deep" properties, because Azure CLI doesn't keep a model of the app object, so it can't build the JSON only from the path and value that are given.

can we enable the --parameters flag on create? so that you can create your application in one az ad app call and not have to do create and update as two operations (if MS Graph supports it)

Yes, this will be doable. I will revisit this PR when it gets planned.