[AKS] Fix addon's permission issue after updating to MSI cluster

[norshtein]

---

For clusters updating from SPN cluster to MSI cluster, if the cluster is using addons before updating, when updating finishes, each addon will get a dedicated user assigned identity. Some permission is needed on the user assigned identity to make the addon correctly running. However, currently the permission is not grant, so this PR adds extracts a function _put_managed_cluster_ensuring_permission from creating path and execute it in updating path to ensure permission.

This checklist is used to make sure that common guidelines for a pull request are followed.

General Guidelines

• Have you run azdev style <YOUR_EXT> locally? (pip install azdev required)
• Have you run python scripts/ci/test_index.py -q locally?

For new extensions:

• My extension description/summary conforms to the Extension Summary Guidelines.

About Extension Publish

There is a pipeline to automatically build, upload and publish extension wheels.
Once your PR is merged into master branch, a new PR will be created to update src/index.json automatically.
The precondition is to put your code inside this repo and upgrade the version in the PR but do not modify src/index.json.

[azuresdkci]

If this PR is for a new extension or change to an existing extension, use the following to try out the changes in this PR:

docker run -it mcr.microsoft.com/azure-cli:latest
export EXT=<NAME>
pip install --upgrade --target ~/.azure/cliextensions/$EXT "git+https://github.com/norshtein/azure-cli-extensions.git@tosi/spn-to-msi-post-update-permission#subdirectory=src/$EXT&egg=$EXT"

[yonzhan]

AKS

[arrownj]

Can managed_cluster.identity.type be None ?

[norshtein]

Yes, it can be 'None', when it is set to 'None', the cluster is not an MSI cluster so this function should return false.

[arrownj]

The code will raise exception if managed_cluster.identity.type is None, right ?