Improve AKS SSH key handling and help text

Enhanced the logic for SSH key validation in AKS cluster creation to default to server-side generated keys if no local public key is found and no value is provided. Updated help documentation to clarify SSH key behavior. Added a test and recording for AKS creation without an SSH key.

Author: a0x1ab

src/azure-cli/azure/cli/command_modules/acs/_help.py

@@ -95,6 +95,10 @@
   - name: --ssh-key-value
     type: string
     short-summary: Public key path or key contents to install on node VMs for SSH access. For example, 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'.
+    long-summary: |-
+      If omitted:
+          - The CLI will use '~/.ssh/id_rsa.pub' when present
+          - If that file is not present the CLI will default to server-side generated keys (equivalent to using --no-ssh-key)
   - name: --admin-username -u
     type: string
     short-summary: User account to create on node VMs for SSH access.
@@ -263,7 +267,7 @@
   - name: --no-ssh-key -x
     type: string
     short-summary: Do not use or create a local SSH key.
-    long-summary: To access nodes after creating a cluster with this option, use the Azure Portal.
+    long-summary: If omitted and no local public key exists, the CLI will default to this behavior. To access nodes after creating a cluster with this option, use the Azure Portal.
   - name: --pod-cidr
     type: string
     short-summary: A CIDR notation IP range from which to assign pod IPs when Azure CNI Overlay or Kubenet is used (On 31 March 2028, Kubenet will be retired).

src/azure-cli/azure/cli/command_modules/acs/_validators.py

@@ -42,14 +42,28 @@
 def validate_ssh_key(namespace):
     if hasattr(namespace, 'no_ssh_key') and namespace.no_ssh_key:
         return
-    string_or_file = (namespace.ssh_key_value or
-                      os.path.join(os.path.expanduser('~'), '.ssh', 'id_rsa.pub'))
+
+    exists = os.path.exists(
+        string_or_file := (
+            namespace.ssh_key_value
+            or os.path.join(os.path.expanduser('~'), '.ssh', 'id_rsa.pub')
+        )
+    )
     content = string_or_file
-    if os.path.exists(string_or_file):
+
+    if exists:
         logger.info('Use existing SSH public key file: %s', string_or_file)
         with open(string_or_file, 'r') as f:
             content = f.read()
-    elif not keys.is_valid_ssh_rsa_public_key(content):
+
+    if not (namespace.ssh_key_value or namespace.generate_ssh_keys):
+        if exists:
+            namespace.ssh_key_value = content
+            return
+        namespace.no_ssh_key = True
+        return
+
+    if not exists and not keys.is_valid_ssh_rsa_public_key(content):
         if namespace.generate_ssh_keys:
             # figure out appropriate file names:
             # 'base_name'(with private keys), and 'base_name.pub'(with public keys)