Add --legacy-format flag to replace --sdk-auth, and extend its functionality to `az ad sp credential reset` and `list`

[codytipton-hpg]

Related commands az ad sp create-for-rbac az ad sp credential reset az ad sp credential list

Is your feature request related to a problem? Please describe. Amid pending deprecation of --sdk-auth I realized the old format, which we've built some boilerplate around (due to its past as the preferred login route for both Azure/login and terraform az module login usage), would require refactoring going forward. As well, as the --sdk-auth flag is only available with warning under create-for-rbac any credential resets for workflows expecting the old format will require either on-the-spot refactoring of the workflow or else manual translating of the credential format.

Describe the solution you'd like Should its inclusion be unproblematic from a data retrieval standpoint, rather than outright deprecation, a phased in move of the --sdk-auth flag to something like --legacy-auth-format (and extending the flag to credential reset and credential list subcommands) would be ideal. It would still encourage refactoring, while providing quick recourse for cases in which the sdk-auth format is still in use.

[yonzhan]

@jiasli for awareness

[jiasli]

Currently --sdk-auth is not going anywhere and you may keep using it.

Extending --sdk-auth to az ad sp credential list is simply not doable, because the underlying REST API doesn't return credentials anymore once created. For example:

https://docs.microsoft.com/en-us/graph/api/resources/passwordcredential?view=graph-rest-1.0