Updated Keycloak version to 22.0.1 and fixed broken REST API usage

csw-aas/csw-aas-core/src/main/resources/reference.conf

@@ -1,5 +1,5 @@
 auth-config {
   realm = TMT
-  auth-server-url = "http://localhost:8081/auth"
+  auth-server-url = "http://localhost:8081"
   client-id = "test-resource"
 }

csw-aas/csw-aas-core/src/main/scala/csw/aas/core/deployment/AuthServiceLocation.scala

@@ -35,7 +35,7 @@ private[csw] class AuthServiceLocation(locationService: LocationService) {
     }
 
   private[csw] def register(authServicePort: Int): Future[RegistrationResult] = {
-    val authServicePath    = "auth"
+    val authServicePath    = ""
     val httpRegistration   = HttpRegistration(AASConnection.value, authServicePort, authServicePath, NetworkType.Outside)
     val registrationResult = locationService.register(httpRegistration)
     registrationResult

csw-aas/csw-aas-installed/src/main/scala/csw/aas/installed/api/InstalledAppAuthAdapter.scala

@@ -32,22 +32,22 @@ trait InstalledAppAuthAdapter {
    */
   def loginManual(): Unit
 
-  /**
-   * User logs in by entering credentials on console. This however is not Resource Owner Credentials Password grant.
-   * This method uses www-authenticate mechanism to post user credentials to auth server. It can also work with OTP.
-   *
-   * @return login successful or not
-   */
-  def loginCommandLine(): Boolean
-
-  /**
-   * User logs in by entering credentials on console. This however is not Resource Owner Credentials Password grant.
-   * This method uses www-authenticate mechanism to post user credentials to auth server. It can also work with OTP.
-   *
-   * @param redirectUri callback uri where you want to receive token response from auth server
-   * @return login successful or not
-   */
-  def loginCommandLine(redirectUri: String): Boolean
+//  /**
+//   * User logs in by entering credentials on console. This however is not Resource Owner Credentials Password grant.
+//   * This method uses www-authenticate mechanism to post user credentials to auth server. It can also work with OTP.
+//   *
+//   * @return login successful or not
+//   */
+//  def loginCommandLine(): Boolean
+
+//  /**
+//   * User logs in by entering credentials on console. This however is not Resource Owner Credentials Password grant.
+//   * This method uses www-authenticate mechanism to post user credentials to auth server. It can also work with OTP.
+//   *
+//   * @param redirectUri callback uri where you want to receive token response from auth server
+//   * @return login successful or not
+//   */
+//  def loginCommandLine(redirectUri: String): Boolean
 
   /**
    * Get [[msocket.security.models.AccessToken]] converted from raw access token string fetched from [[AuthStore]]

csw-aas/csw-aas-installed/src/main/scala/csw/aas/installed/internal/InstalledAppAuthAdapterImpl.scala

@@ -47,19 +47,19 @@ private[aas] class InstalledAppAuthAdapterImpl(
     updateAuthStore()
   }
 
-  override def loginCommandLine(): Boolean = {
-    require(keycloakInstalled.getDeployment != null, "keycloak deployment is null")
-    require(keycloakInstalled.getDeployment.getAuthUrl != null, "auth url is not set")
-    val bool = keycloakInstalled.loginCommandLine()
-    if (bool) updateAuthStore()
-    bool
-  }
-
-  override def loginCommandLine(redirectUri: String): Boolean = {
-    val bool = keycloakInstalled.loginCommandLine(redirectUri)
-    if (bool) updateAuthStore()
-    bool
-  }
+//  override def loginCommandLine(): Boolean = {
+//    require(keycloakInstalled.getDeployment != null, "keycloak deployment is null")
+//    require(keycloakInstalled.getDeployment.getAuthUrl != null, "auth url is not set")
+//    val bool = keycloakInstalled.loginCommandLine()
+//    if (bool) updateAuthStore()
+//    bool
+//  }
+
+//  override def loginCommandLine(redirectUri: String): Boolean = {
+//    val bool = keycloakInstalled.loginCommandLine(redirectUri)
+//    if (bool) updateAuthStore()
+//    bool
+//  }
 
   override def getAccessToken(minValidity: FiniteDuration = 0.seconds): Option[AccessToken] = {
     def getNewToken: Option[AccessToken] = {

csw-config/csw-config-cli/src/main/scala/csw/config/cli/CommandLineRunner.scala

@@ -28,8 +28,7 @@ class CommandLineRunner(
   import actorRuntime._
 
   def login(options: Options): Unit = {
-    if (options.console) nativeAuthAdapter.loginCommandLine()
-    else nativeAuthAdapter.login()
+    nativeAuthAdapter.login()
     printLine(s"SUCCESS : Logged in successfully")
   }
 

csw-config/csw-config-cli/src/main/scala/csw/config/cli/args/ArgsParser.scala

@@ -22,11 +22,7 @@ class ArgsParser(name: String) {
     // login operation
     cmd("login") action { (_, c) =>
       c.copy(op = "login")
-    } text "login to access admin API's" children (
-      opt[Unit]("consoleLogin") action { (_, c) =>
-        c.copy(console = true)
-      } text "optional:: add this option to login from command line instead of browser"
-    )
+    } text "login to access admin API's"
 
     // logout operation
     cmd("logout") action { (_, c) =>

csw-config/csw-config-cli/src/main/scala/csw/config/cli/args/Options.scala

@@ -36,6 +36,5 @@ case class Options(
     latest: Boolean = false,
     pattern: Option[String] = None,
     normal: Boolean = false,
-    locationHost: String = "localhost",
-    console: Boolean = false
+    locationHost: String = "localhost"
 )

csw-config/csw-config-server/src/test/scala/csw/config/server/MainTest.scala

@@ -37,7 +37,7 @@ class MainTest extends HTTPLocationService {
     super.beforeAll()
     testFileUtils.deleteServerFiles()
     // register AAS with location service
-    locationService.register(models.HttpRegistration(AASConnection.value, AASPort, "auth"))
+    locationService.register(models.HttpRegistration(AASConnection.value, AASPort, ""))
   }
 
   override def afterEach(): Unit = testFileUtils.deleteServerFiles()

csw-config/csw-config-server/src/test/scala/csw/config/server/http/HttpServiceTest.scala

@@ -31,7 +31,7 @@ class HttpServiceTest extends HTTPLocationService {
 
   override def beforeAll(): Unit = {
     super.beforeAll()
-    testLocationService.register(models.HttpRegistration(AASConnection.value, AASPort, "auth")).futureValue
+    testLocationService.register(models.HttpRegistration(AASConnection.value, AASPort, "")).futureValue
   }
 
   override def afterAll(): Unit = {

csw-location/csw-location-server/src/main/scala/csw/location/server/internal/ServerWiring.scala

@@ -20,11 +20,11 @@ import msocket.jvm.metrics.LabelExtractor
 
 // $COVERAGE-OFF$
 private[csw] class ServerWiring(enableAuth: Boolean) extends LocationServiceCodecs {
-  lazy val config: Config                                      = ConfigFactory.load()
-  lazy val settings                                            = new Settings(config)
-  lazy val clusterSettings: ClusterSettings                    = ClusterAwareSettings.onPort(settings.clusterPort)
-  implicit val actorSystem: ActorSystem[SpawnProtocol.Command] = clusterSettings.system
-  val actorRuntime                                             = new ActorRuntime(actorSystem)
+  lazy val config: Config                                                 = ConfigFactory.load()
+  lazy val settings                                                       = new Settings(config)
+  lazy val clusterSettings: ClusterSettings                               = ClusterAwareSettings.onPort(settings.clusterPort)
+  implicit final lazy val actorSystem: ActorSystem[SpawnProtocol.Command] = clusterSettings.system
+  final lazy val actorRuntime                                             = new ActorRuntime(actorSystem)
   import actorSystem.executionContext
   lazy val locationService: LocationService = LocationServiceFactory.make(clusterSettings)
 

csw-location/csw-location-server/src/test/scala/csw/location/server/MainTest.scala

@@ -47,7 +47,7 @@ class MainTest extends AnyFunSuiteLike with Matchers with ScalaFutures {
 
     val (binding, wiring) = Main.start(startLogging = false, options = options)
     // AAS location is registered here to make sure, it does not give AASResolution Failed error
-    wiring.locationService.register(HttpRegistration(AASConnection.value, SocketUtils.getFreePort, "auth")).futureValue
+    wiring.locationService.register(HttpRegistration(AASConnection.value, SocketUtils.getFreePort, "")).futureValue
 
     // assert location server running at hostname
     binding.localAddress.getAddress.getHostAddress shouldBe hostname

csw-location/csw-location-server/src/test/scala/csw/location/server/http/LocationAuthTestWithKeycloak.scala

@@ -46,7 +46,7 @@ class LocationAuthTestWithKeycloak
   override def beforeAll(): Unit = {
     super.beforeAll()
     keycloakStopHandle = startKeycloak(aasPort)
-    locationWiring.get.locationService.register(HttpRegistration(AASConnection.value, aasPort, "auth")).futureValue
+    locationWiring.get.locationService.register(HttpRegistration(AASConnection.value, aasPort, "")).futureValue
   }
 
   private implicit def actorSystem: ActorSystem[SpawnProtocol.Command] = locationWiring.get.actorSystem

docs/src/main/apps/cswconfigcli.md

@@ -55,7 +55,7 @@ These credentials will not be available in actual production environment.
 
 ### Examples of login api
 
-1.  The command below opens up default browser on your machine and asks you to provide username and password. 
+The command below opens up default browser on your machine and asks you to provide username and password. 
 Once you provide valid credentials, AAS will respond with an access token, refresh token etc. which get stored on the local filesystem.
 So next time when you use any of the above admin protected commands, this access token gets retrieved from local filesystem and is implicitly passed in a request sent to 
 the Config Server.
@@ -64,12 +64,6 @@ the Config Server.
     csw-config-cli login
     ``` 
 
-2.  Instead of opening the default browser on your machine, this will prompt for username and password on the console. (You do not need to leave console in this case.)
-
-    ```bash
-    csw-config-cli login --consoleLogin
-    ``` 
-
 ## logout
 Use this command to logout if you are already logged in or you want to re-login with different credentials.
 

examples/src/main/scala/example/auth/keycloak/example-realm-export.json

@@ -464,7 +464,7 @@
       "id": "b3be9eaf-cda3-4460-bb5c-134a2db58ecd",
       "clientId": "account",
       "name": "${client_account}",
-      "baseUrl": "/auth/realms/example/account",
+      "baseUrl": "/admin/realms/example/account",
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
@@ -474,7 +474,7 @@
         "view-profile"
       ],
       "redirectUris": [
-        "/auth/realms/example/account/*"
+        "/admin/realms/example/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,

examples/src/main/scala/example/auth/postman/collection/example-app.postman_collection.json

@@ -69,7 +69,7 @@
 					]
 				},
 				"url": {
-					"raw": "http://localhost:8080/auth/realms/{{realm}}/protocol/openid-connect/token",
+					"raw": "http://localhost:8080/admin/realms/{{realm}}/protocol/openid-connect/token",
 					"protocol": "http",
 					"host": [
 						"localhost"

project/Dependencies.scala

@@ -389,7 +389,7 @@ object Dependencies {
     Seq(
       Libs.`config`,
       Keycloak.`keycloak-installed`,
-//      Keycloak.`keycloak-policy-enforcer`, // Needed for keycloak-22.0.1!
+      Keycloak.`keycloak-policy-enforcer`, // Needed for keycloak-22.0.1!
       Libs.`os-lib`,
       // (legacy dependencies) required*
       Libs.`scalatest`.value % Test,
@@ -409,8 +409,8 @@ object Dependencies {
       Libs.`dotty-cps-async`.value,
       // (legacy dependencies) required*
       Libs.`jboss-logging`,
-//      Libs.httpclient5,
-      Libs.httpclient,
+      Libs.httpclient5,
+//      Libs.httpclient,
       Libs.`scalatest`.value % Test,
       Libs.`mockito`         % Test
     )

project/Libs.scala

@@ -15,7 +15,7 @@ object Libs {
   val `logback-classic` = "ch.qos.logback" % "logback-classic" % "1.4.7"
 
   val `sourcecode`        = "com.lihaoyi"                              %% "sourcecode"        % "0.3.0"
-  val `embedded-keycloak` = "com.github.tmtsoftware.embedded-keycloak" %% "embedded-keycloak" % "590c5e7" // Apache 2.0
+  val `embedded-keycloak` = "com.github.tmtsoftware.embedded-keycloak" %% "embedded-keycloak" % "b339ef1" // Apache 2.0
   val `pekko-management`  = "org.apache.pekko"                         %% "pekko-management"  % "1.0.0"
   val `svnkit`        = "org.tmatesoft.svnkit" % "svnkit"        % "1.10.11"    // TMate Open Source License
   val `commons-codec` = "commons-codec"        % "commons-codec" % "1.15"       // Apache 2.0š
@@ -47,8 +47,8 @@ object Libs {
   val `postgresql`    = "org.postgresql"            % "postgresql"        % "42.6.0"
   val `hikaricp`      = "com.zaxxer"                % "HikariCP"          % "5.0.1" // Apache License 2.0
   val `io.zonky.test` = "io.zonky.test"             % "embedded-postgres" % "2.0.4"
-  val httpclient      = "org.apache.httpcomponents" % "httpclient"        % "4.5.14"
-//  val httpclient          = "org.apache.httpcomponents.client5" % "httpclient5"   % "5.2.1"
+//  val httpclient      = "org.apache.httpcomponents" % "httpclient"        % "4.5.14"
+  val httpclient5          = "org.apache.httpcomponents.client5" % "httpclient5"   % "5.2.1"
   val `jboss-logging`     = "org.jboss.logging"             % "jboss-logging" % "3.5.3.Final"
   val `config`            = "com.typesafe"                  % "config"        % "1.4.2"
   val `os-lib`            = "com.lihaoyi"                  %% "os-lib"        % "0.9.1"
@@ -111,8 +111,8 @@ object PekkoHttp {
 }
 
 object Keycloak {
-//  val Version = "22.0.1"
-  val Version = "16.1.0"
+  val Version = "22.0.1"
+//  val Version = "16.1.0"
 
   val `keycloak-adapter-core`    = "org.keycloak" % "keycloak-adapter-core"      % Version
   val `keycloak-core`            = "org.keycloak" % "keycloak-core"              % Version

scripts/conf/auth_service/tmt-realm-export.json

@@ -602,7 +602,7 @@
       "clientId": "account",
       "name": "${client_account}",
       "rootUrl": "${authBaseUrl}",
-      "baseUrl": "/realms/TMT/account/",
+      "baseUrl": "admin/realms/TMT/account/",
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
@@ -612,7 +612,7 @@
         "view-profile"
       ],
       "redirectUris": [
-        "/realms/TMT/account/*"
+        "admin/realms/TMT/account/*"
       ],
       "webOrigins": [],
       "notBefore": 0,

scripts/csw-auth/prod/start-aas.sh

@@ -121,7 +121,7 @@ function addAdminUser {
 }
 
 function is_AAS_running {
-    local http_code=$(curl -s -o /dev/null -w "%{http_code}" http://${host}:${port}/auth/admin/realms)
+    local http_code=$(curl -s -o /dev/null -w "%{http_code}" http://${host}:${port}/admin/realms)
     if [[ $http_code -eq 401 ]]; then
         return 0
     else
@@ -149,7 +149,7 @@ function addTestUsers {
 function associateRoleToTestUsers {
     wait_till_AAS_starts
     cd ${keycloakDir}/${keycloakBinaryUnzipped}/bin
-        ./kcadm.sh config credentials --server http://${host}:${port}/auth --realm master --user ${userName} --password ${password}
+        ./kcadm.sh config credentials --server http://${host}:${port} --realm master --user ${userName} --password ${password}
     echo "[INFO] Associate roles to test users"
     ./kcadm.sh add-roles --uusername "config-admin" --rolename admin --cclientid csw-config-server -r TMT
 }

scripts/csw-services-old.sh

@@ -256,7 +256,7 @@ function enableAllServicesForRunning() {
 }
 
 function is_AAS_running() {
-    local http_code=$(curl -s -o /dev/null -w "%{http_code}" http://0.0.0.0:${aas_port}/auth/admin/realms)
+    local http_code=$(curl -s -o /dev/null -w "%{http_code}" http://0.0.0.0:${aas_port}/admin/realms)
     if [[ ${http_code} -eq 401 ]]; then
         return 0
     else

tools/postman/csw.postman_collection.json

@@ -1401,7 +1401,7 @@
               "raw": "[\n  {\n    \"resource_id\": \"e1718e9c-285d-4661-9c89-829c7dc62b87\",\n    \"resource_scopes\": [\n      \"read\"\n    ]\n  }\n]"
             },
             "url": {
-              "raw": "http://{{hostname}}:{{keycloak_port}}/auth/realms/TMT/authz/protection/permission",
+              "raw": "http://{{hostname}}:{{keycloak_port}}/admin/realms/TMT/authz/protection/permission",
               "protocol": "http",
               "host": [
                 "{{hostname}}"
@@ -1449,7 +1449,7 @@
               ]
             },
             "url": {
-              "raw": "http://{{hostname}}:{{keycloak_port}}/auth/realms/TMT/protocol/openid-connect/token",
+              "raw": "http://{{hostname}}:{{keycloak_port}}/admin/realms/TMT/protocol/openid-connect/token",
               "protocol": "http",
               "host": [
                 "{{hostname}}"
@@ -1526,7 +1526,7 @@
               ]
             },
             "url": {
-              "raw": "http://{{hostname}}:{{keycloak_port}}/auth/realms/TMT/protocol/openid-connect/token",
+              "raw": "http://{{hostname}}:{{keycloak_port}}/admin/realms/TMT/protocol/openid-connect/token",
               "protocol": "http",
               "host": [
                 "{{hostname}}"