Re-running create-for-rbac Overwrites Existing 'rbac' Credential

[nerddtvg]

Using az ad sp create-for-rbac and generating a password credential enters a credential with the description or customKeyIdentifer value rbac. When re-running this and an existing application is patched by adding a new credential, the patch process sees the same customKeyIdentifer value and overwrites the existing credential password.

Either this needs to be called out in the documentation (currently the documentation doesn't state it will patch/update an existing application or fail out) or the default behavior should be changed. Possibly changing the description value to rbac-YYYY-MM-DD or something similar would be appropriate. The description could also be a CLI parameter.

Description is set here:

azure-cli/src/azure-cli/azure/cli/command_modules/role/custom.py

Lines 1438 to 1445 in 3c34079

	aad_application = create_application(cmd,
	display_name=app_display_name,
	available_to_other_tenants=False,
	password=password,
	key_value=public_cert_string,
	start_date=app_start_date,
	end_date=app_end_date,
	credential_description='rbac')

The customKeyIdentifer is encoded here:

azure-cli/src/azure-cli/azure/cli/command_modules/role/custom.py

Lines 1204 to 1205 in 3c34079

	if key_description and password:
	custom_key_id = _encode_custom_key_description(key_description)

Documentation here:
latest/docs-ref-autogen/ad/sp.yml](https://github.com/MicrosoftDocs/azure-docs-cli/blob/master/latest/docs-ref-autogen/ad/sp.yml

[yonzhan]

@jiasli for awareness