Updated Entar ID authentication client (#2574)

#### Details

Configure the 'Password' form authentication option to be optional.

#### Pull request checklist
<!-- If a checklist item is not applicable to this change, write "n/a"
in the checkbox -->

- [ ] Addresses an existing issue: Fixes #0000
- [x] Added relevant unit test for your changes. (`yarn test`)
- [ ] Verified code coverage for the changes made. Check coverage report
at: `<rootDir>/test-results/unit/coverage`
- [x] Ran precheckin (`yarn precheckin`)
- [ ] Validated in an Azure resource group

packages/resource-deployment/scripts/create-batch-account.sh

@@ -77,9 +77,8 @@ fi
 . "${0%/*}/get-resource-names.sh"
 
 echo "Setting up batch account ${batchAccountName}"
-
 setParameterFilePath
-
+. "${0%/*}/enable-batch-node-identity.sh"
 . "${0%/*}/delete-pools-if-needed.sh"
 
 # Create Batch pool static public IP
@@ -88,7 +87,4 @@ createPublicIp "on-demand-url-scan-pool"
 createPublicIp "privacy-scan-pool"
 
 deployBatch
-
-. "${0%/*}/setup-batch-pools.sh"
-
 echo "The ${batchAccountName} Azure Batch account successfully deployed."

packages/resource-deployment/scripts/enable-batch-node-identity.sh

@@ -9,7 +9,7 @@ export resourceGroupName
 
 exitWithUsageInfo() {
     echo "
-Usage: ${BASH_SOURCE} -r <resource group>
+Usage: ${BASH_SOURCE} -r <resource group> [-o <Batch node managed identity object (principal) ID>]
 "
     exit 1
 }
@@ -74,8 +74,9 @@ function enableAccess() {
 }
 
 # Read script arguments
-while getopts ":r:" option; do
+while getopts ":r:o:" option; do
     case ${option} in
+    o) principalId=${OPTARG} ;;
     r) resourceGroupName=${OPTARG} ;;
     *) exitWithUsageInfo ;;
     esac
@@ -86,13 +87,12 @@ if [[ -z ${resourceGroupName} ]]; then
     exitWithUsageInfo
 fi
 
+if [[ -z ${principalId} ]]; then
+    principalId=$(az identity show --name "${batchNodeManagedIdentityName}" --resource-group "${resourceGroupName}" --query principalId -o tsv)
+fi
+
 . "${0%/*}/process-utilities.sh"
 . "${0%/*}/get-resource-names.sh"
 
-echo "Logging into ${batchAccountName} Azure Batch account"
-az batch account login --name "${batchAccountName}" --resource-group "${resourceGroupName}"
-
-principalId=$(az identity show --name "${batchNodeManagedIdentityName}" --resource-group "${resourceGroupName}" --query principalId -o tsv)
-
 enableAccess
-echo "Successfully setup pools for Azure Batch account ${batchAccountName}"
+echo "Successfully enabled Batch node managed identity ${principalId}"

packages/scanner-global-library/src/authenticator/azure-login-page-client.spec.ts

@@ -5,6 +5,7 @@ import 'reflect-metadata';
 
 import { IMock, Mock, It, Times } from 'typemoq';
 import * as Puppeteer from 'puppeteer';
+import { GlobalLogger } from 'logger';
 import { PageNavigator, NavigationResponse } from '../page-navigator';
 import { AzureLoginPageClient } from './azure-login-page-client';
 import { ServicePrincipalCredentialProvider, ServicePrincipalCredential } from './service-principal-credential-provider';
@@ -17,6 +18,7 @@ let servicePrincipalCredential: ServicePrincipalCredential;
 let azureLoginPageClient: AzureLoginPageClient;
 let puppeteerPageMock: IMock<Puppeteer.Page>;
 let puppeteerKeyboardMock: IMock<Puppeteer.Keyboard>;
+let loggerMock: IMock<GlobalLogger>;
 
 describe(AzureLoginPageClient, () => {
     beforeEach(() => {
@@ -28,13 +30,18 @@ describe(AzureLoginPageClient, () => {
         pageNavigatorMock = Mock.ofType<PageNavigator>();
         servicePrincipalCredentialProviderMock = Mock.ofType<ServicePrincipalCredentialProvider>();
         puppeteerKeyboardMock = Mock.ofType<Puppeteer.Keyboard>();
+        loggerMock = Mock.ofType<GlobalLogger>();
         puppeteerPageMock.setup((o) => o.keyboard).returns(() => puppeteerKeyboardMock.object);
         servicePrincipalCredentialProviderMock
             .setup((o) => o.getAzureAuthClientCredential())
             .returns(() => Promise.resolve(servicePrincipalCredential))
             .verifiable();
 
-        azureLoginPageClient = new AzureLoginPageClient(pageNavigatorMock.object, servicePrincipalCredentialProviderMock.object);
+        azureLoginPageClient = new AzureLoginPageClient(
+            pageNavigatorMock.object,
+            servicePrincipalCredentialProviderMock.object,
+            loggerMock.object,
+        );
     });
 
     afterEach(() => {
@@ -42,6 +49,7 @@ describe(AzureLoginPageClient, () => {
         pageNavigatorMock.verifyAll();
         servicePrincipalCredentialProviderMock.verifyAll();
         puppeteerKeyboardMock.verifyAll();
+        loggerMock.verifyAll();
     });
 
     it('should complete authentication workflow', async () => {

packages/scanner-global-library/src/authenticator/azure-login-page-client.ts

@@ -4,6 +4,8 @@
 import * as Puppeteer from 'puppeteer';
 import { inject, optional, injectable } from 'inversify';
 import { AuthenticationType } from 'storage-documents';
+import { GlobalLogger } from 'logger';
+import { System } from 'common';
 import { PageNavigator, NavigationResponse } from '../page-navigator';
 import { ServicePrincipalCredentialProvider } from './service-principal-credential-provider';
 
@@ -26,6 +28,7 @@ export class AzureLoginPageClient implements LoginPageClient {
         @inject(ServicePrincipalCredentialProvider)
         @optional()
         private readonly servicePrincipalCredentialProvider: ServicePrincipalCredentialProvider = new ServicePrincipalCredentialProvider(),
+        @inject(GlobalLogger) @optional() private readonly logger: GlobalLogger,
     ) {}
 
     public async login(page: Puppeteer.Page): Promise<NavigationResponse> {
@@ -52,18 +55,15 @@ export class AzureLoginPageClient implements LoginPageClient {
             return this.getErrorResponse(navigationResponse, page, '#usernameError');
         }
 
-        // Select 'Password' authentication option
+        // Select optional 'Password' authentication option
         try {
             await page.waitForSelector('#FormsAuthentication', { timeout: this.selectorTimeoutMsec });
             await page.click('#FormsAuthentication');
         } catch (error) {
-            return {
-                browserError: {
-                    errorType: 'AuthenticationError',
-                    message: error.name === 'TimeoutError' ? 'Password authentication option is not presented.' : error.message,
-                    stack: error.stack,
-                },
-            };
+            this.logger?.logWarn('Password authentication option is not presented.', {
+                selector: '#FormsAuthentication',
+                error: System.serializeError(error),
+            });
         }
 
         // Enter account password