GeneralBots/gb
1
0
Fork 0
Code Activity Actions 1

docs: Add Zitadel directory management section to PROD.md

Browse source 
- Add API v2 commands for user management (create, list, update password, delete)
- Add quick reference table for common directory operations
- Add production credentials section with admin and test user accounts
- Document PAT retrieval and usage patterns

Refs: seplagse bot setup and anomaly detection testing
This commit is contained in:
Rodrigo Rodriguez (Pragmatismo) 2026-04-17 08:41:33 -03:00
parent 1f5b06ffd0
commit 645f43be9d
1 changed files with 78 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
PROD.md
View file

@ -36,6 +36,84 @@ To obtain a PAT for Zitadel API access, check /opt/gbo/conf/directory/admin-pat.
--- ---
## Directory Management (Zitadel)
### Getting Admin PAT (Personal Access Token)
```bash
# Get the admin PAT from directory container
PAT=$(ssh administrator@<hostname> "sudo incus exec directory -- cat /opt/gbo/conf/directory/admin-pat.txt")
```
### User Management via API (v2)
**Create a Human User:**
```bash
curl -X POST "http://<directory-ip>:8080/v2/users/human" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $PAT" \
-H "Host: <directory-ip>" \
-d '{
"username": "testuser",
"profile": {"givenName": "Test", "familyName": "User"},
"email": {"email": "test@example.com", "isVerified": true},
"password": {"password": "SecurePass123!", "changeRequired": false}
}'
```
**List Users:**
```bash
curl -X POST "http://<directory-ip>:8080/v2/users" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $PAT" \
-H "Host: <directory-ip>" \
-d '{"query": {"offset": 0, "limit": 100}}'
```
**Update User Password:**
```bash
curl -X POST "http://<directory-ip>:8080/v2/users/<user-id>/password" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $PAT" \
-H "Host: <directory-ip>" \
-d '{
"newPassword": {"password": "NewPass123!", "changeRequired": false}
}'
```
**Delete User:**
```bash
curl -X DELETE "http://<directory-ip>:8080/v2/users/<user-id>" \
-H "Authorization: Bearer $PAT" \
-H "Host: <directory-ip>"
```
### Directory Quick Reference
| Task | Command |
|------|---------|
| Get PAT | `sudo incus exec directory -- cat /opt/gbo/conf/directory/admin-pat.txt` |
| Check health | `curl -sf http://<directory-ip>:8080/debug/healthz` |
| Console UI | `http://<host-ip>:9000/ui/console` |
| Create user | `POST /v2/users/human` |
| List users | `POST /v2/users` |
| Update password | `POST /v2/users/{id}/password` |
### Production Credentials
**Admin Account:**
- Username: `admin`
- Password: `Admin123!`
- Access: `https://<login-domain>/ui/console`
**Test User Account (created via API):**
- Username: `rodriguez`
- Password: `SecurePass2026!`
- User ID: `368981346720188144`
- Access: Use with any bot login page
---
## Common Operations ## Common Operations
**Check status:** `sudo incus exec system -- systemctl status botserver --no-pager` (same for `ui`). To check process existence: `sudo incus exec system -- pgrep -f botserver`. **Check status:** `sudo incus exec system -- systemctl status botserver --no-pager` (same for `ui`). To check process existence: `sudo incus exec system -- pgrep -f botserver`.