[Microsoft Entra ID] az ad sp create-for-rbac: Add --service-management-reference argument (#31212)

Author: jiasli

src/azure-cli/azure/cli/command_modules/role/_help.py

@@ -516,7 +516,9 @@
 
 helps['ad sp create-for-rbac'] = """
 type: command
-short-summary: Create a service principal and configure its access to Azure resources.
+short-summary: >
+    Create an application and its associated service principal, optionally configure the service principal's
+    RBAC role assignments.
 long-summary: >-
     The output includes credentials that you must protect. Be sure that you do not include these credentials
     in your code or check the credentials into your source control. As an alternative, consider using

src/azure-cli/azure/cli/command_modules/role/_params.py

@@ -198,6 +198,10 @@ def load_arguments(self, _):
                    deprecate_info=c.deprecate(target='--sdk-auth'),
                    help='Output service principal credential along with cloud endpoints in JSON format. ',
                    arg_type=get_three_state_flag())
+        c.argument('service_management_reference',
+                   help='Set the serviceManagementReference property of the created application. '
+                        'Reference application or service contact information from a Service or Asset Management '
+                        'database.')
 
     with self.argument_context('ad sp owner list') as c:
         c.argument('identifier', options_list=['--id'], help='service principal name, or object id or the service principal')

src/azure-cli/azure/cli/command_modules/role/custom.py

@@ -1217,7 +1217,9 @@ def list_service_principal_owners(client, identifier):
 # pylint: disable=inconsistent-return-statements
 def create_service_principal_for_rbac(
         # pylint:disable=too-many-statements,too-many-locals, too-many-branches, unused-argument
-        cmd, display_name=None, years=None, create_cert=False, cert=None, scopes=None, role=None,
+        cmd, display_name=None,
+        service_management_reference=None,
+        years=None, create_cert=False, cert=None, scopes=None, role=None,
         show_auth_in_json=None, skip_assignment=False, keyvault=None):
     import time
 
@@ -1261,6 +1263,7 @@ def create_service_principal_for_rbac(
     aad_application = create_application(cmd,
                                          graph_client,
                                          app_display_name,
+                                         service_management_reference=service_management_reference,
                                          key_value=public_cert_string,
                                          start_date=app_start_date,
                                          end_date=app_end_date)

src/azure-cli/azure/cli/command_modules/role/linter_exclusions.yml

@@ -66,6 +66,11 @@ ad app federated-credential delete:
         federated_identity_credential_id_or_name:
             rule_exclusions:
             - option_length_too_long
+ad sp create-for-rbac:
+    parameters:
+        service_management_reference:
+            rule_exclusions:
+            - option_length_too_long
 role assignment list:
     parameters:
         fill_role_definition_name: