Updated existing parameter "identity" to type string[] to configure Multiple MSIs (Azure#9782)

* Added new Parameter Identities to configure Multiple MSIs

* honor both identity and identities parameters to build policy json

* Fixed style failures

* Remove unused imports

* Revert changes related to identity type

* Commit recorded result for tests

* Changed id to identity_id

* Updated test and updated history, setup file

* Update the identity parameter from type string to string[]

* Updated Identity parameter type from string to string[]

* Fix identation

* Applied copilot suggestions

* Added live only parameter to tests

---------

Co-authored-by: Balashivaram Ganesan <bganesan@microsoft.com>

Author: Balashivaram

src/azure-firewall/HISTORY.rst

@@ -3,6 +3,11 @@
 Release History
 ===============
 
+2.2.0
+++++++
+* `az network firewall policy create` : Updated parameter `--identity` to support multiple MSIs
+* `az network firewall policy update` : Updated parameter `--identity` to support multiple MSIs
+
 2.1.1
 ++++++
 * Update AzureFirewall model to support extended location.

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_create.py

@@ -141,7 +141,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         )
         explicit_proxy.pac_file = AAZStrArg(
             options=["pac-file"],
-            help="SAS URL for PAC file.",
+            help="URL for PAC file.",
         )
         explicit_proxy.pac_file_port = AAZIntArg(
             options=["pac-file-port"],

src/azure-firewall/azext_firewall/aaz/latest/network/firewall/policy/_update.py

@@ -146,7 +146,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         )
         explicit_proxy.pac_file = AAZStrArg(
             options=["pac-file"],
-            help="SAS URL for PAC file.",
+            help="URL for PAC file.",
             nullable=True,
         )
         explicit_proxy.pac_file_port = AAZIntArg(

src/azure-firewall/azext_firewall/custom.py

@@ -172,7 +172,7 @@ def _build_arguments_schema(cls, *args, **kwargs):
         args_schema.pac_file = AAZStrArg(
             options=["--pac-file"],
             arg_group="Explicit Proxy",
-            help="SAS URL for PAC file.",
+            help="URL for PAC file.",
         )
         args_schema.m_public_ip._fmt = AAZResourceIdArgFormat(
             template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/Microsoft.Network"
@@ -890,11 +890,13 @@ def _output(self, *args, **kwargs):
 class AzureFirewallPoliciesCreate(_AzureFirewallPoliciesCreate):
     @classmethod
     def _build_arguments_schema(cls, *args, **kwargs):
-        from azure.cli.core.aaz import AAZResourceIdArg, AAZResourceIdArgFormat
+        from azure.cli.core.aaz import AAZListArg, AAZResourceIdArg, AAZResourceIdArgFormat
         args_schema = super()._build_arguments_schema(*args, **kwargs)
-        args_schema.identity = AAZResourceIdArg(
+        args_schema.identity = AAZListArg(
             options=['--identity'],
-            help="Name or ID of the ManagedIdentity Resource.",
+            help="Name or Space-separated list of ManagedIdentity Resource IDs.",
+        )
+        args_schema.identity.Element = AAZResourceIdArg(
             fmt=AAZResourceIdArgFormat(
                 template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/"
                          "Microsoft.ManagedIdentity/userAssignedIdentities/{}",
@@ -913,7 +915,9 @@ def pre_operations(self):
         args = self.ctx.args
         if has_value(args.identity):
             args.identity_type = "UserAssigned"
-            args.user_assigned_identities = {args.identity.to_serialized_data(): {}}
+            identities = []
+            identities.extend([identity_id.to_serialized_data() for identity_id in args.identity])
+            args.user_assigned_identities = {identity_id: {} for identity_id in identities}
 
         if has_value(args.dns_servers):
             if not has_value(args.enable_dns_proxy):
@@ -923,14 +927,16 @@ def pre_operations(self):
 class AzureFirewallPoliciesUpdate(_AzureFirewallPoliciesUpdate):
     @classmethod
     def _build_arguments_schema(cls, *args, **kwargs):
-        from azure.cli.core.aaz import AAZResourceIdArg, AAZResourceIdArgFormat
+        from azure.cli.core.aaz import AAZResourceIdArg, AAZResourceIdArgFormat, AAZListArg
         args_schema = super()._build_arguments_schema(*args, **kwargs)
-        args_schema.identity = AAZResourceIdArg(
+        args_schema.identity = AAZListArg(
             options=['--identity'],
-            help="Name or ID of the ManagedIdentity Resource.",
+            help="Name or Space-separated list of ManagedIdentity Resource IDs.",
+        )
+        args_schema.identity.Element = AAZResourceIdArg(
             fmt=AAZResourceIdArgFormat(
                 template="/subscriptions/{subscription}/resourceGroups/{resource_group}/providers/"
-                         "Microsoft.ManagedIdentity/userAssignedIdentities/{}",
+                "Microsoft.ManagedIdentity/userAssignedIdentities/{}",
             )
         )
         args_schema.identity_type._registered = False
@@ -941,9 +947,12 @@ def _build_arguments_schema(cls, *args, **kwargs):
 
     def pre_operations(self):
         args = self.ctx.args
+
         if has_value(args.identity):
             args.identity_type = "UserAssigned"
-            args.user_assigned_identities = {args.identity.to_serialized_data(): {}}
+            identities = []
+            identities.extend([identity_id.to_serialized_data() for identity_id in args.identity])
+            args.user_assigned_identities = {identity_id: {} for identity_id in identities}
         elif args.sku == 'Premium':
             args.identity_type = "None"
             args.user_assigned_identities = None