FIX wrong image adress and improving overall instructions

README.md

@@ -36,6 +36,8 @@ oc get storageclasses
 
 Install 3scale operator into `3scale` namespace. (Create new namespace)
 
+![3scale operator](support/images/3scale-operator.png)
+
 Set the cluster wildcard domain in `3scale/APIManager_3scale.yaml`
 
 Example wildcard domain: `apps.cluster-8glcz.8glcz.sandbox730.opentlc.com`
@@ -44,19 +46,31 @@ Example wildcard domain: `apps.cluster-8glcz.8glcz.sandbox730.opentlc.com`
 oc apply -f 3scale/APIManager_3scale.yaml -n 3scale
 ```
 
+You should see a screen like this:
+
+![3Scale Project Overview](support/images/3scale-project-overview.png)
+
 ## Provision OpenShift Service Mesh
 
 1. Install Elasticsearch operator all namespaces
 2. Install Jaeger operator all namespaces
 3. Install Kiali operator all namespaces
 4. Install OpenShift Service Mesh operator all namespaces
+
+![3scale operator](support/images/installed-operators.png)
+
 5. Create a namespace for the service mesh control plane
-5. Provision a control plane (see below)
+6. Provision a control plane (see below)
 
 ```
 oc new-project istio-system
 oc apply -f istio-system/ServiceMeshControlPlane_basic.yaml -n istio-system
 ```
+
+You should see a screen like this:
+
+![Istio System Project Overview](support/images/istio-system-project-overview.png)
+
 ## Provision BookInfo demo
 
 ### Deploy BookInfo
@@ -75,12 +89,19 @@ oc apply -f https://raw.githubusercontent.com/maistra/istio/maistra-2.1/samples/
 oc apply -f https://raw.githubusercontent.com/maistra/istio/maistra-2.1/samples/bookinfo/networking/bookinfo-gateway.yaml -n bookinfo
 ```
 
+You should see a screen like this:
+
+![Bookinfo Project Overview](support/images/bookinfo-project-overview.png)
+
+
 You can now verify that the bookinfo service is responding:
 
 ```
 curl -v http://istio-ingressgateway-istio-system.{cluster wildcard url}/productpage
 ```
 
+You should see `200` as HTTP code.
+
 ### Configure BookInfo 3scale Product
 
 Log into 3scale using the route whose hostname begins with `3scale-admin` in the `3scale` namespace.
@@ -98,15 +119,27 @@ NOTE: You will find the admin username and password in a secret called `system-s
 
 #### Configure 3scale URLs
 
-Find the URLs for the 3scale-admin and backend-3scale routes in the `3scale` namespace. Substitute those URLs into the ServiceEntry resources.
+Find the URLs for the 3scale-admin and backend-3scale routes in the `3scale` namespace. Substitute those URLs into the ServiceEntry resources (Line 7).
+
+```
+  - system-provider.3scale.svc.cluster.local
+```
+
+and 
+
+```
+  - backend-listener.3scale.svc.cluster.local
+```
+
+Apply the configuration:
 
 ```
 oc apply -f bookinfo/ServiceEntry_system-entry.yaml -f bookinfo/ServiceEntry_backend-entry.yaml -n bookinfo
 ```
 
 #### Configure system token
 
-Copy the `ADMIN_ACCESS_TOKEN` key of the `system-seed` secret in the `3scale` namespace and replace the value of `spec.config.system.token` in `bookinfo/ServiceMeshExtension_bookinfo.yaml`
+Copy the `ADMIN_ACCESS_TOKEN` key of the `system-seed` secret in the `3scale` namespace and replace the value of `spec.config.system.token` (Line 16) in `bookinfo/ServiceMeshExtension_bookinfo.yaml`
 
 #### Configure service
 
@@ -116,7 +149,9 @@ Use 3scale admin access token along with the 3scale product ID from the 3scale p
 curl https://3scale-admin.{cluster wildcard url}/admin/api/services/{product id}/proxy/configs/production/latest.json?access_token={access token} | jq '.proxy_config.content.backend_authentication_value'
 ```
 
-The output will be the service token. Modify the `id` and `token` of the `spec.config.services` entry in `bookinfo/ServiceMeshExtension_bookinfo.yaml`. The `id` value should be the product ID.
+The output will be the service token. Modify the `id` and `token` of the `spec.config.services` (line 33) entry in `bookinfo/ServiceMeshExtension_bookinfo.yaml`. The `id` value should be the product ID.
+
+![3scale product id](support/images/product-id.png)
 
 #### Apply extension
 
@@ -126,14 +161,18 @@ oc apply -f bookinfo/ServiceMeshExtension_bookinfo.yaml -n bookinfo
 
 ### Authorize an Application to Consume the API
 
-1. In 3scale, go to Audience
-2. Choose an account to authorize (you can use the default Developer account)
-3. Follow the Link at the top of the page that says `N Applications` (N being the number of applications the account has)
-4. Click Create Application
-5. Select the target application plan and provide a name, then create
+1. In 3scale, go to the Product overview
+2. Select `Applications > Listing` in the side menu
+3. Click on `Create Application` in the top right corner
+
+![3scale create application](support/images/3scale-create-application.png)
+
+2. Fill the form and create the application
 
 You should now have an API key that you can copy and use for authorization
 
+![3scale new application](support/images/3scale-new-application.png)
+
 ### Verify the policy enforcement
 
 Access without credentials:
@@ -142,7 +181,7 @@ Access without credentials:
 curl -v http://istio-ingressgateway-istio-system.{cluster wildcard url}/productpage`
 ```
 
-You should see an HTTP 401 response.
+You should see an HTTP 403 response.
 
 Access with credentials (from the previous step):
 
@@ -152,20 +191,27 @@ curl -v http://istio-ingressgateway-istio-system.{cluster wildcard url}/productp
 
 You should see an HTTP 200 response.
 
+![Test](support/images/policy-enforcement-test.png)
+
 ## Enable OIDC Authentication Flow
 
 ### Provision and configure Red Hat SSO
 
 Install the Red Hat SSO operator into the `keycloak` namespace.
 
+![RHSSO operator](support/images/rhsso-operator.png)
+
 Provision an instance of Keycloak.
 
 ```
+oc new-project keycloak
 oc apply -f keycloak/Keycloak_keycloak.yaml -n keycloak
 ```
 
 Wait for all pods to be in a running state.
 
+![Keycloak project overview](support/images/keycloak-project-overview.png)
+
 NOTE: The URL to the Keycloak admin console can be found by listing the routes in the `keycloak` namespace, and the administrator credentials can be found in the secret called `credential-keycloak`
 
 ### Keycloak Realm configuration
@@ -188,6 +234,8 @@ To add the permissions in the Red Hat SSO UI:
 4. Select `realm-management` from the `Client Roles` dropdown
 5. Select `manage-clients` from the `Available Roles` and add it to `Assigned Roles`
 
+![Keycloak Manage Roles](support/images/keycloak-manage-roles.png)
+
 ### Service Mesh OIDC Integration
 
 #### Configure BookInfo 3scale Product with OIDC authentication
@@ -209,6 +257,20 @@ NOTE: You will find the admin username and password in a secret called `system-s
 8. Go to Applications->Application Plans and publish the application plan
 9. Go to the Product Overview and take note of the ID given to the API by searching for text `ID for API calls is`(This will be used in later steps)
 
+![3Scale create product](support/images/3scale-create-product.png)
+
+![3Scale settings OIDC](support/images/3scale-settings-01.png)
+
+![3Scale settings OIDC](support/images/3scale-settings-02.png)
+
+![3Scale configuration](support/images/3scale-configuration.png)
+
+![3Scale application plan](support/images/3scale-application-plan.png)
+
+![3Scale application plan](support/images/3scale-application-plan-publish.png)
+
+![3Scale bookinfo oidc overview](support/images/bookinfo-overview-oidc.png)
+
 #### Enable API Policy Management for BookInfo
 
 If the `Service Entry` for 3scale system-provider and backend are not created earlier then please perform the below step

bookinfo/ServiceMeshExtension_bookinfo.yaml

@@ -3,7 +3,7 @@ kind: ServiceMeshExtension
 metadata:
  name: bookinfo
 spec:
- image: 'quay.io/3scale/threescale-wasm-auth@sha256:c26a879dcadbf1ad6f693d62b327685202bacade36cebca24e98e9d0f0a17e1f'
+ image: 'registry.redhat.io/openshift-service-mesh/3scale-auth-wasm-rhel8:0.0.1'
  phase: PostAuthZ
  priority: 100
  workloadSelector:
@@ -13,7 +13,7 @@ spec:
    api: v1
    system:
      name: system
-     token: VDG2U6c9kXwdetUH
+     token: GjVsCOshW6ZzbkSM
      upstream:
        name: >-
          outbound|3000||system-provider.3scale.svc.cluster.local
@@ -30,7 +30,7 @@ spec:
        url: 'http://backend-listener.3scale.svc.cluster.local'
    services:
      - id: '3'
-       token: cf939c57f946bb3c809508caabeac45db51782f1c671e4a2dd2dad57d29ba394
+       token: 1caab709c7ec596b390c1d6b77f37c03c39aabe809e71909e479836cbe058aa2
        authorities:
          - '*'
        credentials: