{AKS} Fix ACNS update to preserve existing advanced networking settings

The update_network_profile_advanced_networking method was creating a
new AdvancedNetworking object on every update, discarding existing
sub-properties (observability, security, transit encryption) that the
user didn't explicitly specify. This changes the method to modify the
existing object in-place, only overwriting fields the user provided.
When disabling ACNS, sub-features are explicitly set to disabled to
ensure a consistent payload.

Signed-off-by: Quang Nguyen <nguyenquang@microsoft.com>

Author: nddq

src/azure-cli/azure/cli/command_modules/acs/managed_cluster_decorator.py

@@ -8316,31 +8316,46 @@ def update_network_profile_advanced_networking(self, mc: ManagedCluster) -> Mana
         acns_advanced_networkpolicies = self.context.get_acns_advanced_networkpolicies()
         acns_transit_encryption = self.context.get_acns_transit_encryption_type()
         if acns_enabled is not None:
-            acns = self.models.AdvancedNetworking(
-                enabled=acns_enabled,
-            )
+            # Preserve existing advanced_networking settings, only overwrite fields the user specified
+            if mc.network_profile.advanced_networking is None:
+                mc.network_profile.advanced_networking = self.models.AdvancedNetworking()
+            mc.network_profile.advanced_networking.enabled = acns_enabled
+            # When disabling ACNS, explicitly disable sub-features for a consistent payload
+            if not acns_enabled:
+                if mc.network_profile.advanced_networking.observability is not None:
+                    mc.network_profile.advanced_networking.observability.enabled = False
+                if mc.network_profile.advanced_networking.security is not None:
+                    mc.network_profile.advanced_networking.security.enabled = False
             if acns_observability is not None:
-                acns.observability = self.models.AdvancedNetworkingObservability(
-                    enabled=acns_observability,
-                )
+                if mc.network_profile.advanced_networking.observability is None:
+                    mc.network_profile.advanced_networking.observability = (
+                        self.models.AdvancedNetworkingObservability()
+                    )
+                mc.network_profile.advanced_networking.observability.enabled = acns_observability
             if acns_security is not None:
-                acns.security = self.models.AdvancedNetworkingSecurity(
-                    enabled=acns_security,
-                )
+                if mc.network_profile.advanced_networking.security is None:
+                    mc.network_profile.advanced_networking.security = (
+                        self.models.AdvancedNetworkingSecurity()
+                    )
+                mc.network_profile.advanced_networking.security.enabled = acns_security
             if acns_advanced_networkpolicies is not None:
-                if acns.security is None:
-                    acns.security = self.models.AdvancedNetworkingSecurity(
-                        advanced_network_policies=acns_advanced_networkpolicies
+                if mc.network_profile.advanced_networking.security is None:
+                    mc.network_profile.advanced_networking.security = (
+                        self.models.AdvancedNetworkingSecurity()
                     )
-                else:
-                    acns.security.advanced_network_policies = acns_advanced_networkpolicies
+                mc.network_profile.advanced_networking.security.advanced_network_policies = (
+                    acns_advanced_networkpolicies
+                )
             if acns_transit_encryption is not None:
-                if acns.security is None:
-                    acns.security = self.models.AdvancedNetworkingSecurity()
-                acns.security.transit_encryption = self.models.AdvancedNetworkingSecurityTransitEncryption(
-                    type=acns_transit_encryption,
+                if mc.network_profile.advanced_networking.security is None:
+                    mc.network_profile.advanced_networking.security = (
+                        self.models.AdvancedNetworkingSecurity()
+                    )
+                mc.network_profile.advanced_networking.security.transit_encryption = (
+                    self.models.AdvancedNetworkingSecurityTransitEncryption(
+                        type=acns_transit_encryption,
+                    )
                 )
-            mc.network_profile.advanced_networking = acns
         elif acns_transit_encryption is not None:
             if (mc.network_profile.advanced_networking is None or
                     not mc.network_profile.advanced_networking.enabled):