api namespace/naming polish

2024-11-07 08:44:14 +01:00 · 2022-11-30 11:43:00 -05:00 · 2022-11-30 11:43:00 -05:00 · 0f9ed9dd68
commit 0f9ed9dd68
parent 64c3bdd3c1
62 changed files with 1165 additions and 1341 deletions
--- a/cmd/zrok/disable.go
+++ b/cmd/zrok/disable.go
@ -3,7 +3,7 @@ package main
 import (
 	"fmt"
 	httptransport "github.com/go-openapi/runtime/client"
-	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/environment"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 	"github.com/openziti-test-kitchen/zrok/zrokdir"
 	"github.com/sirupsen/logrus"
@ -45,11 +45,11 @@ func (cmd *disableCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
 	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
-	req := identity.NewDisableParams()
+	req := environment.NewDisableParams()
 	req.Body = &rest_model_zrok.DisableRequest{
 		Identity: env.ZId,
 	}
-	_, err = zrok.Identity.Disable(req, auth)
+	_, err = zrok.Environment.Disable(req, auth)
 	if err != nil {
 		logrus.Warnf("service cleanup failed (%v); will clean up local environment", err)
 	}
--- a/cmd/zrok/enable.go
+++ b/cmd/zrok/enable.go
@ -4,7 +4,7 @@ import (
 	"fmt"
 	"github.com/charmbracelet/lipgloss"
 	httptransport "github.com/go-openapi/runtime/client"
-	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/environment"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 	"github.com/openziti-test-kitchen/zrok/zrokdir"
 	"github.com/shirou/gopsutil/v3/host"
@ -61,12 +61,12 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
 	auth := httptransport.APIKeyAuth("X-TOKEN", "header", token)
-	req := identity.NewEnableParams()
+	req := environment.NewEnableParams()
 	req.Body = &rest_model_zrok.EnableRequest{
 		Description: cmd.description,
 		Host:        hostDetail,
 	}
-	resp, err := zrok.Identity.Enable(req, auth)
+	resp, err := zrok.Environment.Enable(req, auth)
 	if err != nil {
 		if !panicInstead {
 			showError("the zrok service returned an error", err)
--- a/cmd/zrok/invite.go
+++ b/cmd/zrok/invite.go
@ -2,7 +2,7 @@ package main
 import (
 	"fmt"
-	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/account"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 	"github.com/openziti-test-kitchen/zrok/util"
 	"github.com/openziti-test-kitchen/zrok/zrokdir"
@ -52,17 +52,17 @@ func (cmd *inviteCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	req := identity.NewCreateAccountParams()
+	req := account.NewInviteParams()
-	req.Body = &rest_model_zrok.AccountRequest{
+	req.Body = &rest_model_zrok.InviteRequest{
 		Email: email,
 	}
-	_, err = zrok.Identity.CreateAccount(req)
+	_, err = zrok.Account.Invite(req)
 	if err != nil {
 		if !panicInstead {
-			showError("error creating account", err)
+			showError("error creating invitation", err)
 		}
 		panic(err)
 	}
-	fmt.Printf("registration invitation sent to '%v'!\n", email)
+	fmt.Printf("invitation sent to '%v'!\n", email)
 }
--- a/controller/controller.go
+++ b/controller/controller.go
@ -6,7 +6,7 @@ import (
 	"github.com/openziti-test-kitchen/zrok/controller/store"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata"
 	"github.com/pkg/errors"
 )
@ -26,12 +26,12 @@ func Run(inCfg *Config) error {
 	api := operations.NewZrokAPI(swaggerSpec)
 	api.KeyAuth = ZrokAuthenticate
-	api.IdentityCreateAccountHandler = newCreateAccountHandler()
+	api.AccountInviteHandler = newInviteHandler()
-	api.IdentityEnableHandler = newEnableHandler()
+	api.AccountLoginHandler = account.LoginHandlerFunc(loginHandler)
-	api.IdentityDisableHandler = newDisableHandler()
+	api.AccountRegisterHandler = newRegisterHandler()
-	api.IdentityLoginHandler = identity.LoginHandlerFunc(loginHandler)
+	api.AccountVerifyHandler = newVerifyHandler()
-	api.IdentityRegisterHandler = newRegisterHandler()
+	api.EnvironmentEnableHandler = newEnableHandler()
-	api.IdentityVerifyHandler = newVerifyHandler()
+	api.EnvironmentDisableHandler = newDisableHandler()
 	api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler)
 	api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
 	api.ServiceAccessHandler = newAccessHandler()
--- a/controller/disable.go
+++ b/controller/disable.go
@ -4,7 +4,7 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/jmoiron/sqlx"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/environment"
 	"github.com/openziti/edge/rest_management_api_client"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -17,51 +17,51 @@ func newDisableHandler() *disableHandler {
 	return &disableHandler{}
 }
-func (self *disableHandler) Handle(params identity.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder {
+func (h *disableHandler) Handle(params environment.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder {
 	tx, err := str.Begin()
 	if err != nil {
 		logrus.Errorf("error starting transaction: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
 	defer func() { _ = tx.Rollback() }()
-	envId, err := self.checkZitiIdentity(params.Body.Identity, principal, tx)
+	envId, err := h.checkZitiIdentity(params.Body.Identity, principal, tx)
 	if err != nil {
 		logrus.Errorf("identity check failed: %v", err)
-		return identity.NewDisableUnauthorized()
+		return environment.NewDisableUnauthorized()
 	}
 	env, err := str.GetEnvironment(envId, tx)
 	if err != nil {
 		logrus.Errorf("error getting environment: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
 	edge, err := edgeClient()
 	if err != nil {
 		logrus.Errorf("error getting edge client: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
-	if err := self.removeServicesForEnvironment(envId, tx, edge); err != nil {
+	if err := h.removeServicesForEnvironment(envId, tx, edge); err != nil {
 		logrus.Errorf("error removing services for environment: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
-	if err := self.removeEnvironment(envId, tx); err != nil {
+	if err := h.removeEnvironment(envId, tx); err != nil {
 		logrus.Errorf("error removing environment: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
 	if err := deleteEdgeRouterPolicy(env.ZId, params.Body.Identity, edge); err != nil {
 		logrus.Errorf("error deleting edge router policy: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
 	if err := deleteIdentity(params.Body.Identity, edge); err != nil {
 		logrus.Errorf("error deleting identity: %v", err)
-		return identity.NewDisableInternalServerError()
+		return environment.NewDisableInternalServerError()
 	}
 	if err := tx.Commit(); err != nil {
 		logrus.Errorf("error committing: %v", err)
 	}
-	return identity.NewDisableOK()
+	return environment.NewDisableOK()
 }
-func (self *disableHandler) checkZitiIdentity(id string, principal *rest_model_zrok.Principal, tx *sqlx.Tx) (int, error) {
+func (h *disableHandler) checkZitiIdentity(id string, principal *rest_model_zrok.Principal, tx *sqlx.Tx) (int, error) {
 	envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx)
 	if err != nil {
 		return -1, err
@ -74,7 +74,7 @@ func (self *disableHandler) checkZitiIdentity(id string, principal *rest_model_z
 	return -1, errors.Errorf("no such environment '%v'", id)
 }
-func (self *disableHandler) removeServicesForEnvironment(envId int, tx *sqlx.Tx, edge *rest_management_api_client.ZitiEdgeManagement) error {
+func (h *disableHandler) removeServicesForEnvironment(envId int, tx *sqlx.Tx, edge *rest_management_api_client.ZitiEdgeManagement) error {
 	env, err := str.GetEnvironment(envId, tx)
 	if err != nil {
 		return err
@ -106,7 +106,7 @@ func (self *disableHandler) removeServicesForEnvironment(envId int, tx *sqlx.Tx,
 	return nil
 }
-func (self *disableHandler) removeEnvironment(envId int, tx *sqlx.Tx) error {
+func (h *disableHandler) removeEnvironment(envId int, tx *sqlx.Tx) error {
 	svcs, err := str.FindServicesForEnvironment(envId, tx)
 	if err != nil {
 		return errors.Wrapf(err, "error finding services for environment '%d'", envId)
--- a/controller/enable.go
+++ b/controller/enable.go
@ -9,7 +9,7 @@ import (
 	"github.com/openziti-test-kitchen/zrok/build"
 	"github.com/openziti-test-kitchen/zrok/controller/store"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/environment"
 	"github.com/openziti/edge/rest_management_api_client"
 	"github.com/openziti/edge/rest_management_api_client/edge_router_policy"
 	identity_edge "github.com/openziti/edge/rest_management_api_client/identity"
@ -27,32 +27,32 @@ func newEnableHandler() *enableHandler {
 	return &enableHandler{}
 }
-func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
+func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
 	// start transaction early; if it fails, don't bother creating ziti resources
 	tx, err := str.Begin()
 	if err != nil {
 		logrus.Errorf("error starting transaction: %v", err)
-		return identity.NewEnableInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
 	client, err := edgeClient()
 	if err != nil {
 		logrus.Errorf("error getting edge client: %v", err)
-		return identity.NewEnableInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
-	ident, err := self.createIdentity(principal.Email, client)
+	ident, err := h.createIdentity(principal.Email, client)
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewEnableInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
-	cfg, err := self.enrollIdentity(ident.Payload.Data.ID, client)
+	cfg, err := h.enrollIdentity(ident.Payload.Data.ID, client)
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewEnableInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
-	if err := self.createEdgeRouterPolicy(ident.Payload.Data.ID, client); err != nil {
+	if err := h.createEdgeRouterPolicy(ident.Payload.Data.ID, client); err != nil {
 		logrus.Error(err)
-		return identity.NewEnableInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
 	envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{
 		Description: params.Body.Description,
@ -63,15 +63,15 @@ func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_
 	if err != nil {
 		logrus.Errorf("error storing created identity: %v", err)
 		_ = tx.Rollback()
-		return identity.NewCreateAccountInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
 	if err := tx.Commit(); err != nil {
 		logrus.Errorf("error committing: %v", err)
-		return identity.NewCreateAccountInternalServerError()
+		return environment.NewEnableInternalServerError()
 	}
 	logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)
-	resp := identity.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
+	resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
 		Identity: ident.Payload.Data.ID,
 	})
@ -87,14 +87,14 @@ func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_
 	return resp
 }
-func (self *enableHandler) createIdentity(email string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
+func (h *enableHandler) createIdentity(email string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
 	iIsAdmin := false
 	name, err := createToken()
 	if err != nil {
 		return nil, err
 	}
 	identityType := rest_model_edge.IdentityTypeUser
-	tags := self.zrokTags()
+	tags := h.zrokTags()
 	tags.SubTags["zrokEmail"] = email
 	i := &rest_model_edge.IdentityCreate{
 		Enrollment:          &rest_model_edge.IdentityCreateEnrollment{Ott: true},
@ -114,7 +114,7 @@ func (self *enableHandler) createIdentity(email string, client *rest_management_
 	return resp, nil
 }
-func (_ *enableHandler) enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
+func (h *enableHandler) enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
 	p := &identity_edge.DetailIdentityParams{
 		Context: context.Background(),
 		ID:      id,
@ -139,7 +139,7 @@ func (_ *enableHandler) enrollIdentity(id string, client *rest_management_api_cl
 	return conf, nil
 }
-func (self *enableHandler) createEdgeRouterPolicy(id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
+func (h *enableHandler) createEdgeRouterPolicy(id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
 	edgeRouterRoles := []string{"#all"}
 	identityRoles := []string{fmt.Sprintf("@%v", id)}
 	semantic := rest_model_edge.SemanticAllOf
@ -148,7 +148,7 @@ func (self *enableHandler) createEdgeRouterPolicy(id string, edge *rest_manageme
 		IdentityRoles:   identityRoles,
 		Name:            &id,
 		Semantic:        &semantic,
-		Tags:            self.zrokTags(),
+		Tags:            h.zrokTags(),
 	}
 	req := &edge_router_policy.CreateEdgeRouterPolicyParams{
 		Policy:  erp,
@ -163,7 +163,7 @@ func (self *enableHandler) createEdgeRouterPolicy(id string, edge *rest_manageme
 	return nil
 }
-func (self *enableHandler) zrokTags() *rest_model_edge.Tags {
+func (h *enableHandler) zrokTags() *rest_model_edge.Tags {
 	return &rest_model_edge.Tags{
 		SubTags: map[string]interface{}{
 			"zrok": build.String(),
--- a/controller/account.go
+++ b/controller/account.go
@ -1,37 +1,35 @@
 package controller
 import (
 	"fmt"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/openziti-test-kitchen/zrok/controller/store"
-	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
 	"github.com/openziti-test-kitchen/zrok/util"
 	"github.com/sirupsen/logrus"
 )
-type createAccountHandler struct {
+type inviteHandler struct {
 }
-func newCreateAccountHandler() *createAccountHandler {
+func newInviteHandler() *inviteHandler {
-	return &createAccountHandler{}
+	return &inviteHandler{}
 }
-func (self *createAccountHandler) Handle(params identity.CreateAccountParams) middleware.Responder {
+func (self *inviteHandler) Handle(params account.InviteParams) middleware.Responder {
 	if params.Body == nil || params.Body.Email == "" {
 		logrus.Errorf("missing email")
-		return identity.NewCreateAccountBadRequest().WithPayload("missing email")
+		return account.NewInviteBadRequest()
 	}
 	if !util.IsValidEmail(params.Body.Email) {
 		logrus.Errorf("'%v' is not a valid email address", params.Body.Email)
-		return identity.NewCreateAccountBadRequest().WithPayload(rest_model_zrok.ErrorMessage(fmt.Sprintf("'%v' is not a valid email address", params.Body.Email)))
+		return account.NewInviteBadRequest()
 	}
 	logrus.Infof("received account request for email '%v'", params.Body.Email)
 	token, err := createToken()
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewCreateAccountInternalServerError()
+		return account.NewInviteInternalServerError()
 	}
 	ar := &store.AccountRequest{
 		Token:         token,
@ -42,13 +40,13 @@ func (self *createAccountHandler) Handle(params identity.CreateAccountParams) mi
 	tx, err := str.Begin()
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewCreateAccountInternalServerError()
+		return account.NewInviteInternalServerError()
 	}
 	defer func() { _ = tx.Rollback() }()
 	if _, err := str.FindAccountWithEmail(params.Body.Email, tx); err == nil {
 		logrus.Errorf("found account for '%v', cannot process account request", params.Body.Email)
-		return identity.NewCreateAccountBadRequest()
+		return account.NewInviteBadRequest()
 	} else {
 		logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
 	}
@ -57,7 +55,7 @@ func (self *createAccountHandler) Handle(params identity.CreateAccountParams) mi
 		logrus.Warnf("found previous account request for '%v', removing", params.Body.Email)
 		if err := str.DeleteAccountRequest(oldAr.Id, tx); err != nil {
 			logrus.Errorf("error deleteing previous account request for '%v': %v", params.Body.Email, err)
-			return identity.NewCreateAccountInternalServerError()
+			return account.NewInviteInternalServerError()
 		}
 	} else {
 		logrus.Warnf("error finding previous account request for '%v': %v", params.Body.Email, err)
@ -65,19 +63,19 @@ func (self *createAccountHandler) Handle(params identity.CreateAccountParams) mi
 	if _, err := str.CreateAccountRequest(ar, tx); err != nil {
 		logrus.Errorf("error creating account request for '%v': %v", params.Body.Email, err)
-		return identity.NewCreateAccountInternalServerError()
+		return account.NewInviteInternalServerError()
 	}
 	if err := tx.Commit(); err != nil {
 		logrus.Errorf("error committing account request for '%v': %v", params.Body.Email, err)
-		return identity.NewCreateAccountInternalServerError()
+		return account.NewInviteInternalServerError()
 	}
 	if err := sendVerificationEmail(params.Body.Email, token); err != nil {
 		logrus.Errorf("error sending verification email for '%v': %v", params.Body.Email, err)
-		return identity.NewCreateAccountInternalServerError()
+		return account.NewInviteInternalServerError()
 	}
 	logrus.Infof("account request for '%v' has registration token '%v'", params.Body.Email, ar.Token)
-	return identity.NewCreateAccountCreated()
+	return account.NewInviteInternalServerError()
 }
--- a/controller/login.go
+++ b/controller/login.go
@ -3,14 +3,14 @@ package controller
 import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
 	"github.com/sirupsen/logrus"
 )
-func loginHandler(params identity.LoginParams) middleware.Responder {
+func loginHandler(params account.LoginParams) middleware.Responder {
 	if params.Body == nil || params.Body.Email == "" || params.Body.Password == "" {
 		logrus.Errorf("missing email or password")
-		return identity.NewLoginUnauthorized()
+		return account.NewLoginUnauthorized()
 	}
 	logrus.Infof("received login request for email '%v'", params.Body.Email)
@ -18,18 +18,18 @@ func loginHandler(params identity.LoginParams) middleware.Responder {
 	tx, err := str.Begin()
 	if err != nil {
 		logrus.Errorf("error starting transaction: %v", err)
-		return identity.NewLoginUnauthorized()
+		return account.NewLoginUnauthorized()
 	}
 	defer func() { _ = tx.Rollback() }()
 	a, err := str.FindAccountWithEmail(params.Body.Email, tx)
 	if err != nil {
 		logrus.Errorf("error finding account '%v': %v", params.Body.Email, err)
-		return identity.NewLoginUnauthorized()
+		return account.NewLoginUnauthorized()
 	}
 	if a.Password != hashPassword(params.Body.Password) {
 		logrus.Errorf("password mismatch for account '%v'", params.Body.Email)
-		return identity.NewLoginUnauthorized()
+		return account.NewLoginUnauthorized()
 	}
-	return identity.NewLoginOK().WithPayload(rest_model_zrok.LoginResponse(a.Token))
+	return account.NewLoginOK().WithPayload(rest_model_zrok.LoginResponse(a.Token))
 }
--- a/controller/register.go
+++ b/controller/register.go
@ -4,7 +4,7 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/openziti-test-kitchen/zrok/controller/store"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
 	"github.com/sirupsen/logrus"
 )
@ -13,30 +13,30 @@ type registerHandler struct{}
 func newRegisterHandler() *registerHandler {
 	return &registerHandler{}
 }
-func (self *registerHandler) Handle(params identity.RegisterParams) middleware.Responder {
+func (self *registerHandler) Handle(params account.RegisterParams) middleware.Responder {
 	if params.Body == nil || params.Body.Token == "" || params.Body.Password == "" {
 		logrus.Error("missing token or password")
-		return identity.NewRegisterNotFound()
+		return account.NewRegisterNotFound()
 	}
 	logrus.Infof("received register request for token '%v'", params.Body.Token)
 	tx, err := str.Begin()
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewRegisterInternalServerError()
+		return account.NewRegisterInternalServerError()
 	}
 	defer func() { _ = tx.Rollback() }()
 	ar, err := str.FindAccountRequestWithToken(params.Body.Token, tx)
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewRegisterNotFound()
+		return account.NewRegisterNotFound()
 	}
 	token, err := createToken()
 	if err != nil {
 		logrus.Error(err)
-		return identity.NewRegisterInternalServerError()
+		return account.NewRegisterInternalServerError()
 	}
 	a := &store.Account{
 		Email:    ar.Email,
@ -45,20 +45,20 @@ func (self *registerHandler) Handle(params identity.RegisterParams) middleware.R
 	}
 	if _, err := str.CreateAccount(a, tx); err != nil {
 		logrus.Error(err)
-		return identity.NewRegisterInternalServerError()
+		return account.NewRegisterInternalServerError()
 	}
 	if err := str.DeleteAccountRequest(ar.Id, tx); err != nil {
 		logrus.Error(err)
-		return identity.NewRegisterInternalServerError()
+		return account.NewRegisterInternalServerError()
 	}
 	if err := tx.Commit(); err != nil {
 		logrus.Error(err)
-		return identity.NewCreateAccountInternalServerError()
+		return account.NewRegisterInternalServerError()
 	}
 	logrus.Infof("created account '%v' with token '%v'", a.Email, a.Token)
-	return identity.NewRegisterOK().WithPayload(&rest_model_zrok.RegisterResponse{Token: a.Token})
+	return account.NewRegisterOK().WithPayload(&rest_model_zrok.RegisterResponse{Token: a.Token})
 }
--- a/controller/verify.go
+++ b/controller/verify.go
@ -3,7 +3,7 @@ package controller
 import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
 	"github.com/sirupsen/logrus"
 )
@ -14,25 +14,24 @@ func newVerifyHandler() *verifyHandler {
 	return &verifyHandler{}
 }
-func (self *verifyHandler) Handle(params identity.VerifyParams) middleware.Responder {
+func (self *verifyHandler) Handle(params account.VerifyParams) middleware.Responder {
 	if params.Body != nil {
 		logrus.Debugf("received verify request for token '%v'", params.Body.Token)
 		tx, err := str.Begin()
 		if err != nil {
 			logrus.Errorf("error starting transaction: %v", err)
-			return identity.NewVerifyInternalServerError()
+			return account.NewVerifyInternalServerError()
 		}
 		defer func() { _ = tx.Rollback() }()
 		ar, err := str.FindAccountRequestWithToken(params.Body.Token, tx)
 		if err != nil {
 			logrus.Errorf("error finding account with token '%v': %v", params.Body.Token, err)
-			return identity.NewVerifyNotFound()
+			return account.NewVerifyNotFound()
 		}
-		return identity.NewVerifyOK().WithPayload(&rest_model_zrok.VerifyResponse{Email: ar.Email})
+		return account.NewVerifyOK().WithPayload(&rest_model_zrok.VerifyResponse{Email: ar.Email})
 	} else {
 		logrus.Error("empty verification request")
 		return identity.NewVerifyInternalServerError().WithPayload(rest_model_zrok.ErrorMessage("empty verification request"))
 	}
 	logrus.Error("empty verification request")
 	return account.NewVerifyInternalServerError()
 }
--- a/rest_client_zrok/identity/identity_client.go
+++ b/rest_client_zrok/identity/identity_client.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -12,13 +12,13 @@ import (
 	"github.com/go-openapi/strfmt"
 )
-// New creates a new identity API client.
+// New creates a new account API client.
 func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
 	return &Client{transport: transport, formats: formats}
 }
 /*
-Client for identity API
+Client for account API
 */
 type Client struct {
 	transport runtime.ClientTransport
@ -30,11 +30,7 @@ type ClientOption func(*runtime.ClientOperation)
 // ClientService is the interface for Client methods
 type ClientService interface {
-	CreateAccount(params *CreateAccountParams, opts ...ClientOption) (*CreateAccountCreated, error)
+	Invite(params *InviteParams, opts ...ClientOption) (*InviteCreated, error)
 	Disable(params *DisableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*DisableOK, error)
 	Enable(params *EnableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnableCreated, error)
 	Login(params *LoginParams, opts ...ClientOption) (*LoginOK, error)
@ -46,22 +42,22 @@ type ClientService interface {
 }
 /*
-CreateAccount create account API
+Invite invite API
 */
-func (a *Client) CreateAccount(params *CreateAccountParams, opts ...ClientOption) (*CreateAccountCreated, error) {
+func (a *Client) Invite(params *InviteParams, opts ...ClientOption) (*InviteCreated, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
-		params = NewCreateAccountParams()
+		params = NewInviteParams()
 	}
 	op := &runtime.ClientOperation{
-		ID:                 "createAccount",
+		ID:                 "invite",
 		Method:             "POST",
-		PathPattern:        "/account",
+		PathPattern:        "/invite",
 		ProducesMediaTypes: []string{"application/zrok.v1+json"},
 		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
 		Schemes:            []string{"http"},
 		Params:             params,
-		Reader:             &CreateAccountReader{formats: a.formats},
+		Reader:             &InviteReader{formats: a.formats},
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
@ -73,91 +69,13 @@ func (a *Client) CreateAccount(params *CreateAccountParams, opts ...ClientOption
 	if err != nil {
 		return nil, err
 	}
-	success, ok := result.(*CreateAccountCreated)
+	success, ok := result.(*InviteCreated)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
-	msg := fmt.Sprintf("unexpected success response for createAccount: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	msg := fmt.Sprintf("unexpected success response for invite: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 Disable disable API
 */
 func (a *Client) Disable(params *DisableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*DisableOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewDisableParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "disable",
 		Method:             "POST",
 		PathPattern:        "/disable",
 		ProducesMediaTypes: []string{"application/zrok.v1+json"},
 		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &DisableReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*DisableOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for disable: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 Enable enable API
 */
 func (a *Client) Enable(params *EnableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnableCreated, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewEnableParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "enable",
 		Method:             "POST",
 		PathPattern:        "/enable",
 		ProducesMediaTypes: []string{"application/zrok.v1+json"},
 		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &EnableReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*EnableCreated)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for enable: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
--- a/rest_client_zrok/account/invite_parameters.go
+++ b/rest_client_zrok/account/invite_parameters.go
@ -0,0 +1,150 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // NewInviteParams creates a new InviteParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewInviteParams() *InviteParams {
 	return &InviteParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewInviteParamsWithTimeout creates a new InviteParams object
 // with the ability to set a timeout on a request.
 func NewInviteParamsWithTimeout(timeout time.Duration) *InviteParams {
 	return &InviteParams{
 		timeout: timeout,
 	}
 }
 // NewInviteParamsWithContext creates a new InviteParams object
 // with the ability to set a context for a request.
 func NewInviteParamsWithContext(ctx context.Context) *InviteParams {
 	return &InviteParams{
 		Context: ctx,
 	}
 }
 // NewInviteParamsWithHTTPClient creates a new InviteParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewInviteParamsWithHTTPClient(client *http.Client) *InviteParams {
 	return &InviteParams{
 		HTTPClient: client,
 	}
 }
 /*
 InviteParams contains all the parameters to send to the API endpoint
 	for the invite operation.
 	Typically these are written to a http.Request.
 */
 type InviteParams struct {
 	// Body.
 	Body *rest_model_zrok.InviteRequest
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the invite params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *InviteParams) WithDefaults() *InviteParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the invite params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *InviteParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the invite params
 func (o *InviteParams) WithTimeout(timeout time.Duration) *InviteParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the invite params
 func (o *InviteParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the invite params
 func (o *InviteParams) WithContext(ctx context.Context) *InviteParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the invite params
 func (o *InviteParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the invite params
 func (o *InviteParams) WithHTTPClient(client *http.Client) *InviteParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the invite params
 func (o *InviteParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the invite params
 func (o *InviteParams) WithBody(body *rest_model_zrok.InviteRequest) *InviteParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the invite params
 func (o *InviteParams) SetBody(body *rest_model_zrok.InviteRequest) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *InviteParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if o.Body != nil {
 		if err := r.SetBodyParam(o.Body); err != nil {
 			return err
 		}
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/rest_client_zrok/account/invite_responses.go
+++ b/rest_client_zrok/account/invite_responses.go
@ -0,0 +1,197 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 )
 // InviteReader is a Reader for the Invite structure.
 type InviteReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *InviteReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 201:
 		result := NewInviteCreated()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewInviteBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	case 500:
 		result := NewInviteInternalServerError()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code())
 	}
 }
 // NewInviteCreated creates a InviteCreated with default headers values
 func NewInviteCreated() *InviteCreated {
 	return &InviteCreated{}
 }
 /*
 InviteCreated describes a response with status code 201, with default header values.
 invitation created
 */
 type InviteCreated struct {
 }
 // IsSuccess returns true when this invite created response has a 2xx status code
 func (o *InviteCreated) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this invite created response has a 3xx status code
 func (o *InviteCreated) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this invite created response has a 4xx status code
 func (o *InviteCreated) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this invite created response has a 5xx status code
 func (o *InviteCreated) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this invite created response a status code equal to that given
 func (o *InviteCreated) IsCode(code int) bool {
 	return code == 201
 }
 func (o *InviteCreated) Error() string {
 	return fmt.Sprintf("[POST /invite][%d] inviteCreated ", 201)
 }
 func (o *InviteCreated) String() string {
 	return fmt.Sprintf("[POST /invite][%d] inviteCreated ", 201)
 }
 func (o *InviteCreated) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	return nil
 }
 // NewInviteBadRequest creates a InviteBadRequest with default headers values
 func NewInviteBadRequest() *InviteBadRequest {
 	return &InviteBadRequest{}
 }
 /*
 InviteBadRequest describes a response with status code 400, with default header values.
 invitation not created (already exists)
 */
 type InviteBadRequest struct {
 }
 // IsSuccess returns true when this invite bad request response has a 2xx status code
 func (o *InviteBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this invite bad request response has a 3xx status code
 func (o *InviteBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this invite bad request response has a 4xx status code
 func (o *InviteBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this invite bad request response has a 5xx status code
 func (o *InviteBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this invite bad request response a status code equal to that given
 func (o *InviteBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 func (o *InviteBadRequest) Error() string {
 	return fmt.Sprintf("[POST /invite][%d] inviteBadRequest ", 400)
 }
 func (o *InviteBadRequest) String() string {
 	return fmt.Sprintf("[POST /invite][%d] inviteBadRequest ", 400)
 }
 func (o *InviteBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	return nil
 }
 // NewInviteInternalServerError creates a InviteInternalServerError with default headers values
 func NewInviteInternalServerError() *InviteInternalServerError {
 	return &InviteInternalServerError{}
 }
 /*
 InviteInternalServerError describes a response with status code 500, with default header values.
 internal server error
 */
 type InviteInternalServerError struct {
 }
 // IsSuccess returns true when this invite internal server error response has a 2xx status code
 func (o *InviteInternalServerError) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this invite internal server error response has a 3xx status code
 func (o *InviteInternalServerError) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this invite internal server error response has a 4xx status code
 func (o *InviteInternalServerError) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this invite internal server error response has a 5xx status code
 func (o *InviteInternalServerError) IsServerError() bool {
 	return true
 }
 // IsCode returns true when this invite internal server error response a status code equal to that given
 func (o *InviteInternalServerError) IsCode(code int) bool {
 	return code == 500
 }
 func (o *InviteInternalServerError) Error() string {
 	return fmt.Sprintf("[POST /invite][%d] inviteInternalServerError ", 500)
 }
 func (o *InviteInternalServerError) String() string {
 	return fmt.Sprintf("[POST /invite][%d] inviteInternalServerError ", 500)
 }
 func (o *InviteInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	return nil
 }
--- a/rest_client_zrok/identity/login_parameters.go
+++ b/rest_client_zrok/identity/login_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_client_zrok/identity/login_responses.go
+++ b/rest_client_zrok/identity/login_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_client_zrok/identity/register_parameters.go
+++ b/rest_client_zrok/identity/register_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_client_zrok/identity/register_responses.go
+++ b/rest_client_zrok/identity/register_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -171,7 +171,6 @@ RegisterInternalServerError describes a response with status code 500, with defa
 internal server error
 */
 type RegisterInternalServerError struct {
 	Payload rest_model_zrok.ErrorMessage
 }
 // IsSuccess returns true when this register internal server error response has a 2xx status code
@ -200,23 +199,14 @@ func (o *RegisterInternalServerError) IsCode(code int) bool {
 }
 func (o *RegisterInternalServerError) Error() string {
-	return fmt.Sprintf("[POST /register][%d] registerInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /register][%d] registerInternalServerError ", 500)
 }
 func (o *RegisterInternalServerError) String() string {
-	return fmt.Sprintf("[POST /register][%d] registerInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /register][%d] registerInternalServerError ", 500)
 }
 func (o *RegisterInternalServerError) GetPayload() rest_model_zrok.ErrorMessage {
 	return o.Payload
 }
 func (o *RegisterInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/rest_client_zrok/identity/verify_parameters.go
+++ b/rest_client_zrok/identity/verify_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_client_zrok/identity/verify_responses.go
+++ b/rest_client_zrok/identity/verify_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -171,7 +171,6 @@ VerifyInternalServerError describes a response with status code 500, with defaul
 internal server error
 */
 type VerifyInternalServerError struct {
 	Payload rest_model_zrok.ErrorMessage
 }
 // IsSuccess returns true when this verify internal server error response has a 2xx status code
@ -200,23 +199,14 @@ func (o *VerifyInternalServerError) IsCode(code int) bool {
 }
 func (o *VerifyInternalServerError) Error() string {
-	return fmt.Sprintf("[POST /verify][%d] verifyInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /verify][%d] verifyInternalServerError ", 500)
 }
 func (o *VerifyInternalServerError) String() string {
-	return fmt.Sprintf("[POST /verify][%d] verifyInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /verify][%d] verifyInternalServerError ", 500)
 }
 func (o *VerifyInternalServerError) GetPayload() rest_model_zrok.ErrorMessage {
 	return o.Payload
 }
 func (o *VerifyInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/rest_client_zrok/environment/disable_parameters.go
+++ b/rest_client_zrok/environment/disable_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_client_zrok/environment/disable_responses.go
+++ b/rest_client_zrok/environment/disable_responses.go
@ -1,18 +1,15 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // DisableReader is a Reader for the Disable structure.
@ -159,7 +156,6 @@ DisableInternalServerError describes a response with status code 500, with defau
 internal server error
 */
 type DisableInternalServerError struct {
 	Payload rest_model_zrok.ErrorMessage
 }
 // IsSuccess returns true when this disable internal server error response has a 2xx status code
@ -188,23 +184,14 @@ func (o *DisableInternalServerError) IsCode(code int) bool {
 }
 func (o *DisableInternalServerError) Error() string {
-	return fmt.Sprintf("[POST /disable][%d] disableInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /disable][%d] disableInternalServerError ", 500)
 }
 func (o *DisableInternalServerError) String() string {
-	return fmt.Sprintf("[POST /disable][%d] disableInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /disable][%d] disableInternalServerError ", 500)
 }
 func (o *DisableInternalServerError) GetPayload() rest_model_zrok.ErrorMessage {
 	return o.Payload
 }
 func (o *DisableInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/rest_client_zrok/environment/enable_parameters.go
+++ b/rest_client_zrok/environment/enable_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_client_zrok/environment/enable_responses.go
+++ b/rest_client_zrok/environment/enable_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -123,7 +123,7 @@ func NewEnableUnauthorized() *EnableUnauthorized {
 /*
 EnableUnauthorized describes a response with status code 401, with default header values.
-invalid api key
+unauthorized
 */
 type EnableUnauthorized struct {
 }
@ -228,7 +228,6 @@ EnableInternalServerError describes a response with status code 500, with defaul
 internal server error
 */
 type EnableInternalServerError struct {
 	Payload rest_model_zrok.ErrorMessage
 }
 // IsSuccess returns true when this enable internal server error response has a 2xx status code
@ -257,23 +256,14 @@ func (o *EnableInternalServerError) IsCode(code int) bool {
 }
 func (o *EnableInternalServerError) Error() string {
-	return fmt.Sprintf("[POST /enable][%d] enableInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /enable][%d] enableInternalServerError ", 500)
 }
 func (o *EnableInternalServerError) String() string {
-	return fmt.Sprintf("[POST /enable][%d] enableInternalServerError  %+v", 500, o.Payload)
+	return fmt.Sprintf("[POST /enable][%d] enableInternalServerError ", 500)
 }
 func (o *EnableInternalServerError) GetPayload() rest_model_zrok.ErrorMessage {
 	return o.Payload
 }
 func (o *EnableInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/rest_client_zrok/environment/environment_client.go
+++ b/rest_client_zrok/environment/environment_client.go
@ -0,0 +1,121 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 )
 // New creates a new environment API client.
 func New(transport runtime.ClientTransport, formats strfmt.Registry) ClientService {
 	return &Client{transport: transport, formats: formats}
 }
 /*
 Client for environment API
 */
 type Client struct {
 	transport runtime.ClientTransport
 	formats   strfmt.Registry
 }
 // ClientOption is the option for Client methods
 type ClientOption func(*runtime.ClientOperation)
 // ClientService is the interface for Client methods
 type ClientService interface {
 	Disable(params *DisableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*DisableOK, error)
 	Enable(params *EnableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnableCreated, error)
 	SetTransport(transport runtime.ClientTransport)
 }
 /*
 Disable disable API
 */
 func (a *Client) Disable(params *DisableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*DisableOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewDisableParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "disable",
 		Method:             "POST",
 		PathPattern:        "/disable",
 		ProducesMediaTypes: []string{"application/zrok.v1+json"},
 		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &DisableReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*DisableOK)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for disable: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 /*
 Enable enable API
 */
 func (a *Client) Enable(params *EnableParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnableCreated, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewEnableParams()
 	}
 	op := &runtime.ClientOperation{
 		ID:                 "enable",
 		Method:             "POST",
 		PathPattern:        "/enable",
 		ProducesMediaTypes: []string{"application/zrok.v1+json"},
 		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &EnableReader{formats: a.formats},
 		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}
 	for _, opt := range opts {
 		opt(op)
 	}
 	result, err := a.transport.Submit(op)
 	if err != nil {
 		return nil, err
 	}
 	success, ok := result.(*EnableCreated)
 	if ok {
 		return success, nil
 	}
 	// unexpected success response
 	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
 	msg := fmt.Sprintf("unexpected success response for enable: API contract not enforced by server. Client expected to get an error, but got: %T", result)
 	panic(msg)
 }
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport
 }
--- a/rest_client_zrok/identity/create_account_parameters.go
+++ b/rest_client_zrok/identity/create_account_parameters.go
@ -1,150 +0,0 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package identity
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"context"
 	"net/http"
 	"time"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	cr "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // NewCreateAccountParams creates a new CreateAccountParams object,
 // with the default timeout for this client.
 //
 // Default values are not hydrated, since defaults are normally applied by the API server side.
 //
 // To enforce default values in parameter, use SetDefaults or WithDefaults.
 func NewCreateAccountParams() *CreateAccountParams {
 	return &CreateAccountParams{
 		timeout: cr.DefaultTimeout,
 	}
 }
 // NewCreateAccountParamsWithTimeout creates a new CreateAccountParams object
 // with the ability to set a timeout on a request.
 func NewCreateAccountParamsWithTimeout(timeout time.Duration) *CreateAccountParams {
 	return &CreateAccountParams{
 		timeout: timeout,
 	}
 }
 // NewCreateAccountParamsWithContext creates a new CreateAccountParams object
 // with the ability to set a context for a request.
 func NewCreateAccountParamsWithContext(ctx context.Context) *CreateAccountParams {
 	return &CreateAccountParams{
 		Context: ctx,
 	}
 }
 // NewCreateAccountParamsWithHTTPClient creates a new CreateAccountParams object
 // with the ability to set a custom HTTPClient for a request.
 func NewCreateAccountParamsWithHTTPClient(client *http.Client) *CreateAccountParams {
 	return &CreateAccountParams{
 		HTTPClient: client,
 	}
 }
 /*
 CreateAccountParams contains all the parameters to send to the API endpoint
 	for the create account operation.
 	Typically these are written to a http.Request.
 */
 type CreateAccountParams struct {
 	// Body.
 	Body *rest_model_zrok.AccountRequest
 	timeout    time.Duration
 	Context    context.Context
 	HTTPClient *http.Client
 }
 // WithDefaults hydrates default values in the create account params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateAccountParams) WithDefaults() *CreateAccountParams {
 	o.SetDefaults()
 	return o
 }
 // SetDefaults hydrates default values in the create account params (not the query body).
 //
 // All values with no default are reset to their zero value.
 func (o *CreateAccountParams) SetDefaults() {
 	// no default values defined for this parameter
 }
 // WithTimeout adds the timeout to the create account params
 func (o *CreateAccountParams) WithTimeout(timeout time.Duration) *CreateAccountParams {
 	o.SetTimeout(timeout)
 	return o
 }
 // SetTimeout adds the timeout to the create account params
 func (o *CreateAccountParams) SetTimeout(timeout time.Duration) {
 	o.timeout = timeout
 }
 // WithContext adds the context to the create account params
 func (o *CreateAccountParams) WithContext(ctx context.Context) *CreateAccountParams {
 	o.SetContext(ctx)
 	return o
 }
 // SetContext adds the context to the create account params
 func (o *CreateAccountParams) SetContext(ctx context.Context) {
 	o.Context = ctx
 }
 // WithHTTPClient adds the HTTPClient to the create account params
 func (o *CreateAccountParams) WithHTTPClient(client *http.Client) *CreateAccountParams {
 	o.SetHTTPClient(client)
 	return o
 }
 // SetHTTPClient adds the HTTPClient to the create account params
 func (o *CreateAccountParams) SetHTTPClient(client *http.Client) {
 	o.HTTPClient = client
 }
 // WithBody adds the body to the create account params
 func (o *CreateAccountParams) WithBody(body *rest_model_zrok.AccountRequest) *CreateAccountParams {
 	o.SetBody(body)
 	return o
 }
 // SetBody adds the body to the create account params
 func (o *CreateAccountParams) SetBody(body *rest_model_zrok.AccountRequest) {
 	o.Body = body
 }
 // WriteToRequest writes these params to a swagger request
 func (o *CreateAccountParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
 	if err := r.SetTimeout(o.timeout); err != nil {
 		return err
 	}
 	var res []error
 	if o.Body != nil {
 		if err := r.SetBodyParam(o.Body); err != nil {
 			return err
 		}
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/rest_client_zrok/identity/create_account_responses.go
+++ b/rest_client_zrok/identity/create_account_responses.go
@ -1,220 +0,0 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package identity
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"fmt"
 	"io"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // CreateAccountReader is a Reader for the CreateAccount structure.
 type CreateAccountReader struct {
 	formats strfmt.Registry
 }
 // ReadResponse reads a server response into the received o.
 func (o *CreateAccountReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
 	switch response.Code() {
 	case 201:
 		result := NewCreateAccountCreated()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return result, nil
 	case 400:
 		result := NewCreateAccountBadRequest()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	case 500:
 		result := NewCreateAccountInternalServerError()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
 			return nil, err
 		}
 		return nil, result
 	default:
 		return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code())
 	}
 }
 // NewCreateAccountCreated creates a CreateAccountCreated with default headers values
 func NewCreateAccountCreated() *CreateAccountCreated {
 	return &CreateAccountCreated{}
 }
 /*
 CreateAccountCreated describes a response with status code 201, with default header values.
 account created
 */
 type CreateAccountCreated struct {
 }
 // IsSuccess returns true when this create account created response has a 2xx status code
 func (o *CreateAccountCreated) IsSuccess() bool {
 	return true
 }
 // IsRedirect returns true when this create account created response has a 3xx status code
 func (o *CreateAccountCreated) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create account created response has a 4xx status code
 func (o *CreateAccountCreated) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create account created response has a 5xx status code
 func (o *CreateAccountCreated) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create account created response a status code equal to that given
 func (o *CreateAccountCreated) IsCode(code int) bool {
 	return code == 201
 }
 func (o *CreateAccountCreated) Error() string {
 	return fmt.Sprintf("[POST /account][%d] createAccountCreated ", 201)
 }
 func (o *CreateAccountCreated) String() string {
 	return fmt.Sprintf("[POST /account][%d] createAccountCreated ", 201)
 }
 func (o *CreateAccountCreated) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	return nil
 }
 // NewCreateAccountBadRequest creates a CreateAccountBadRequest with default headers values
 func NewCreateAccountBadRequest() *CreateAccountBadRequest {
 	return &CreateAccountBadRequest{}
 }
 /*
 CreateAccountBadRequest describes a response with status code 400, with default header values.
 account not created (already exists)
 */
 type CreateAccountBadRequest struct {
 	Payload rest_model_zrok.ErrorMessage
 }
 // IsSuccess returns true when this create account bad request response has a 2xx status code
 func (o *CreateAccountBadRequest) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this create account bad request response has a 3xx status code
 func (o *CreateAccountBadRequest) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create account bad request response has a 4xx status code
 func (o *CreateAccountBadRequest) IsClientError() bool {
 	return true
 }
 // IsServerError returns true when this create account bad request response has a 5xx status code
 func (o *CreateAccountBadRequest) IsServerError() bool {
 	return false
 }
 // IsCode returns true when this create account bad request response a status code equal to that given
 func (o *CreateAccountBadRequest) IsCode(code int) bool {
 	return code == 400
 }
 func (o *CreateAccountBadRequest) Error() string {
 	return fmt.Sprintf("[POST /account][%d] createAccountBadRequest  %+v", 400, o.Payload)
 }
 func (o *CreateAccountBadRequest) String() string {
 	return fmt.Sprintf("[POST /account][%d] createAccountBadRequest  %+v", 400, o.Payload)
 }
 func (o *CreateAccountBadRequest) GetPayload() rest_model_zrok.ErrorMessage {
 	return o.Payload
 }
 func (o *CreateAccountBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
 // NewCreateAccountInternalServerError creates a CreateAccountInternalServerError with default headers values
 func NewCreateAccountInternalServerError() *CreateAccountInternalServerError {
 	return &CreateAccountInternalServerError{}
 }
 /*
 CreateAccountInternalServerError describes a response with status code 500, with default header values.
 internal server error
 */
 type CreateAccountInternalServerError struct {
 	Payload rest_model_zrok.ErrorMessage
 }
 // IsSuccess returns true when this create account internal server error response has a 2xx status code
 func (o *CreateAccountInternalServerError) IsSuccess() bool {
 	return false
 }
 // IsRedirect returns true when this create account internal server error response has a 3xx status code
 func (o *CreateAccountInternalServerError) IsRedirect() bool {
 	return false
 }
 // IsClientError returns true when this create account internal server error response has a 4xx status code
 func (o *CreateAccountInternalServerError) IsClientError() bool {
 	return false
 }
 // IsServerError returns true when this create account internal server error response has a 5xx status code
 func (o *CreateAccountInternalServerError) IsServerError() bool {
 	return true
 }
 // IsCode returns true when this create account internal server error response a status code equal to that given
 func (o *CreateAccountInternalServerError) IsCode(code int) bool {
 	return code == 500
 }
 func (o *CreateAccountInternalServerError) Error() string {
 	return fmt.Sprintf("[POST /account][%d] createAccountInternalServerError  %+v", 500, o.Payload)
 }
 func (o *CreateAccountInternalServerError) String() string {
 	return fmt.Sprintf("[POST /account][%d] createAccountInternalServerError  %+v", 500, o.Payload)
 }
 func (o *CreateAccountInternalServerError) GetPayload() rest_model_zrok.ErrorMessage {
 	return o.Payload
 }
 func (o *CreateAccountInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
 	// response payload
 	if err := consumer.Consume(response.Body(), &o.Payload); err != nil && err != io.EOF {
 		return err
 	}
 	return nil
 }
--- a/rest_client_zrok/zrok_client.go
+++ b/rest_client_zrok/zrok_client.go
@ -10,7 +10,8 @@ import (
 	httptransport "github.com/go-openapi/runtime/client"
 	"github.com/go-openapi/strfmt"
-	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/account"
 	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/environment"
 	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/metadata"
 	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
 )
@ -57,7 +58,8 @@ func New(transport runtime.ClientTransport, formats strfmt.Registry) *Zrok {
 	cli := new(Zrok)
 	cli.Transport = transport
-	cli.Identity = identity.New(transport, formats)
+	cli.Account = account.New(transport, formats)
 	cli.Environment = environment.New(transport, formats)
 	cli.Metadata = metadata.New(transport, formats)
 	cli.Service = service.New(transport, formats)
 	return cli
@ -104,7 +106,9 @@ func (cfg *TransportConfig) WithSchemes(schemes []string) *TransportConfig {
 // Zrok is a client for zrok
 type Zrok struct {
-	Identity identity.ClientService
+	Account account.ClientService
 	Environment environment.ClientService
 	Metadata metadata.ClientService
@ -116,7 +120,8 @@ type Zrok struct {
 // SetTransport changes the transport on the client and all its subresources
 func (c *Zrok) SetTransport(transport runtime.ClientTransport) {
 	c.Transport = transport
-	c.Identity.SetTransport(transport)
+	c.Account.SetTransport(transport)
 	c.Environment.SetTransport(transport)
 	c.Metadata.SetTransport(transport)
 	c.Service.SetTransport(transport)
 }
--- a/rest_model_zrok/account_request.go
+++ b/rest_model_zrok/account_request.go
@ -12,27 +12,27 @@ import (
 	"github.com/go-openapi/swag"
 )
-// AccountRequest account request
+// InviteRequest invite request
 //
-// swagger:model accountRequest
+// swagger:model inviteRequest
-type AccountRequest struct {
+type InviteRequest struct {
 	// email
 	Email string `json:"email,omitempty"`
 }
-// Validate validates this account request
+// Validate validates this invite request
-func (m *AccountRequest) Validate(formats strfmt.Registry) error {
+func (m *InviteRequest) Validate(formats strfmt.Registry) error {
 	return nil
 }
-// ContextValidate validates this account request based on context it is used
+// ContextValidate validates this invite request based on context it is used
-func (m *AccountRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+func (m *InviteRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	return nil
 }
 // MarshalBinary interface implementation
-func (m *AccountRequest) MarshalBinary() ([]byte, error) {
+func (m *InviteRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
 		return nil, nil
 	}
@ -40,8 +40,8 @@ func (m *AccountRequest) MarshalBinary() ([]byte, error) {
 }
 // UnmarshalBinary interface implementation
-func (m *AccountRequest) UnmarshalBinary(b []byte) error {
+func (m *InviteRequest) UnmarshalBinary(b []byte) error {
-	var res AccountRequest
+	var res InviteRequest
 	if err := swag.ReadJSON(b, &res); err != nil {
 		return err
 	}
--- a/rest_server_zrok/doc.go
+++ b/rest_server_zrok/doc.go
@ -7,7 +7,7 @@
 //	  http
 //	Host: localhost
 //	BasePath: /api/v1
-//	Version: 1.0.0
+//	Version: 0.3.0
 //
 //	Consumes:
 //	  - application/zrok.v1+json
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@ -31,7 +31,7 @@ func init() {
  "info": {
    "description": "zrok client access",
    "title": "zrok",
-    "version": "1.0.0"
+    "version": "0.3.0"
  },
  "basePath": "/api/v1",
  "paths": {
@ -74,40 +74,6 @@ func init() {
        }
      }
    },
    "/account": {
      "post": {
        "tags": [
          "identity"
        ],
        "operationId": "createAccount",
        "parameters": [
          {
            "name": "body",
            "in": "body",
            "schema": {
              "$ref": "#/definitions/accountRequest"
            }
          }
        ],
        "responses": {
          "201": {
            "description": "account created"
          },
          "400": {
            "description": "account not created (already exists)",
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          },
          "500": {
            "description": "internal server error",
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
    },
    "/disable": {
      "post": {
        "security": [
@ -116,7 +82,7 @@ func init() {
          }
        ],
        "tags": [
-          "identity"
+          "environment"
        ],
        "operationId": "disable",
        "parameters": [
@ -136,10 +102,7 @@ func init() {
            "description": "invalid environment"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
@ -152,7 +115,7 @@ func init() {
          }
        ],
        "tags": [
-          "identity"
+          "environment"
        ],
        "operationId": "enable",
        "parameters": [
@ -172,24 +135,49 @@ func init() {
            }
          },
          "401": {
-            "description": "invalid api key"
+            "description": "unauthorized"
          },
          "404": {
            "description": "account not found"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
          }
        }
      }
    },
    "/invite": {
      "post": {
        "tags": [
          "account"
        ],
        "operationId": "invite",
        "parameters": [
          {
            "name": "body",
            "in": "body",
            "schema": {
-              "$ref": "#/definitions/errorMessage"
+              "$ref": "#/definitions/inviteRequest"
            }
          }
        ],
        "responses": {
          "201": {
            "description": "invitation created"
          },
          "400": {
            "description": "invitation not created (already exists)"
          },
          "500": {
            "description": "internal server error"
          }
        }
      }
    },
    "/login": {
      "post": {
        "tags": [
-          "identity"
+          "account"
        ],
        "operationId": "login",
        "parameters": [
@ -244,7 +232,7 @@ func init() {
    "/register": {
      "post": {
        "tags": [
-          "identity"
+          "account"
        ],
        "operationId": "register",
        "parameters": [
@ -267,10 +255,7 @@ func init() {
            "description": "request not found"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
@ -431,7 +416,7 @@ func init() {
    "/verify": {
      "post": {
        "tags": [
-          "identity"
+          "account"
        ],
        "operationId": "verify",
        "parameters": [
@ -454,10 +439,7 @@ func init() {
            "description": "token not found"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
@ -499,14 +481,6 @@ func init() {
        }
      }
    },
    "accountRequest": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string"
        }
      }
    },
    "authUser": {
      "type": "object",
      "properties": {
@ -600,6 +574,14 @@ func init() {
    "errorMessage": {
      "type": "string"
    },
    "inviteRequest": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string"
        }
      }
    },
    "loginRequest": {
      "type": "object",
      "properties": {
@ -841,7 +823,7 @@ func init() {
  "info": {
    "description": "zrok client access",
    "title": "zrok",
-    "version": "1.0.0"
+    "version": "0.3.0"
  },
  "basePath": "/api/v1",
  "paths": {
@ -884,40 +866,6 @@ func init() {
        }
      }
    },
    "/account": {
      "post": {
        "tags": [
          "identity"
        ],
        "operationId": "createAccount",
        "parameters": [
          {
            "name": "body",
            "in": "body",
            "schema": {
              "$ref": "#/definitions/accountRequest"
            }
          }
        ],
        "responses": {
          "201": {
            "description": "account created"
          },
          "400": {
            "description": "account not created (already exists)",
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          },
          "500": {
            "description": "internal server error",
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
    },
    "/disable": {
      "post": {
        "security": [
@ -926,7 +874,7 @@ func init() {
          }
        ],
        "tags": [
-          "identity"
+          "environment"
        ],
        "operationId": "disable",
        "parameters": [
@ -946,10 +894,7 @@ func init() {
            "description": "invalid environment"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
@ -962,7 +907,7 @@ func init() {
          }
        ],
        "tags": [
-          "identity"
+          "environment"
        ],
        "operationId": "enable",
        "parameters": [
@ -982,24 +927,49 @@ func init() {
            }
          },
          "401": {
-            "description": "invalid api key"
+            "description": "unauthorized"
          },
          "404": {
            "description": "account not found"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
          }
        }
      }
    },
    "/invite": {
      "post": {
        "tags": [
          "account"
        ],
        "operationId": "invite",
        "parameters": [
          {
            "name": "body",
            "in": "body",
            "schema": {
-              "$ref": "#/definitions/errorMessage"
+              "$ref": "#/definitions/inviteRequest"
            }
          }
        ],
        "responses": {
          "201": {
            "description": "invitation created"
          },
          "400": {
            "description": "invitation not created (already exists)"
          },
          "500": {
            "description": "internal server error"
          }
        }
      }
    },
    "/login": {
      "post": {
        "tags": [
-          "identity"
+          "account"
        ],
        "operationId": "login",
        "parameters": [
@ -1054,7 +1024,7 @@ func init() {
    "/register": {
      "post": {
        "tags": [
-          "identity"
+          "account"
        ],
        "operationId": "register",
        "parameters": [
@ -1077,10 +1047,7 @@ func init() {
            "description": "request not found"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
@ -1241,7 +1208,7 @@ func init() {
    "/verify": {
      "post": {
        "tags": [
-          "identity"
+          "account"
        ],
        "operationId": "verify",
        "parameters": [
@ -1264,10 +1231,7 @@ func init() {
            "description": "token not found"
          },
          "500": {
-            "description": "internal server error",
+            "description": "internal server error"
            "schema": {
              "$ref": "#/definitions/errorMessage"
            }
          }
        }
      }
@ -1309,14 +1273,6 @@ func init() {
        }
      }
    },
    "accountRequest": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string"
        }
      }
    },
    "authUser": {
      "type": "object",
      "properties": {
@ -1410,6 +1366,14 @@ func init() {
    "errorMessage": {
      "type": "string"
    },
    "inviteRequest": {
      "type": "object",
      "properties": {
        "email": {
          "type": "string"
        }
      }
    },
    "loginRequest": {
      "type": "object",
      "properties": {
--- a/rest_server_zrok/operations/account/invite.go
+++ b/rest_server_zrok/operations/account/invite.go
@ -0,0 +1,56 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
 import (
 	"net/http"
 	"github.com/go-openapi/runtime/middleware"
 )
 // InviteHandlerFunc turns a function with the right signature into a invite handler
 type InviteHandlerFunc func(InviteParams) middleware.Responder
 // Handle executing the request and returning a response
 func (fn InviteHandlerFunc) Handle(params InviteParams) middleware.Responder {
 	return fn(params)
 }
 // InviteHandler interface for that can handle valid invite params
 type InviteHandler interface {
 	Handle(InviteParams) middleware.Responder
 }
 // NewInvite creates a new http.Handler for the invite operation
 func NewInvite(ctx *middleware.Context, handler InviteHandler) *Invite {
 	return &Invite{Context: ctx, Handler: handler}
 }
 /*
 	Invite swagger:route POST /invite account invite
 Invite invite API
 */
 type Invite struct {
 	Context *middleware.Context
 	Handler InviteHandler
 }
 func (o *Invite) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
 		*r = *rCtx
 	}
 	var Params = NewInviteParams()
 	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	res := o.Handler.Handle(Params) // actually handle the request
 	o.Context.Respond(rw, r, route.Produces, route, res)
 }
--- a/rest_server_zrok/operations/account/invite_parameters.go
+++ b/rest_server_zrok/operations/account/invite_parameters.go
@ -0,0 +1,76 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"net/http"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/validate"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // NewInviteParams creates a new InviteParams object
 //
 // There are no default values defined in the spec.
 func NewInviteParams() InviteParams {
 	return InviteParams{}
 }
 // InviteParams contains all the bound params for the invite operation
 // typically these are obtained from a http.Request
 //
 // swagger:parameters invite
 type InviteParams struct {
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
 	/*
 	  In: body
 	*/
 	Body *rest_model_zrok.InviteRequest
 }
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
 // To ensure default values, the struct must have been initialized with NewInviteParams() beforehand.
 func (o *InviteParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 	o.HTTPRequest = r
 	if runtime.HasBody(r) {
 		defer r.Body.Close()
 		var body rest_model_zrok.InviteRequest
 		if err := route.Consumer.Consume(r.Body, &body); err != nil {
 			res = append(res, errors.NewParseError("body", "body", "", err))
 		} else {
 			// validate body object
 			if err := body.Validate(route.Formats); err != nil {
 				res = append(res, err)
 			}
 			ctx := validate.WithOperationRequest(r.Context())
 			if err := body.ContextValidate(ctx, route.Formats); err != nil {
 				res = append(res, err)
 			}
 			if len(res) == 0 {
 				o.Body = &body
 			}
 		}
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/rest_server_zrok/operations/account/invite_responses.go
+++ b/rest_server_zrok/operations/account/invite_responses.go
@ -0,0 +1,87 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"net/http"
 	"github.com/go-openapi/runtime"
 )
 // InviteCreatedCode is the HTTP code returned for type InviteCreated
 const InviteCreatedCode int = 201
 /*
 InviteCreated invitation created
 swagger:response inviteCreated
 */
 type InviteCreated struct {
 }
 // NewInviteCreated creates InviteCreated with default headers values
 func NewInviteCreated() *InviteCreated {
 	return &InviteCreated{}
 }
 // WriteResponse to the client
 func (o *InviteCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(201)
 }
 // InviteBadRequestCode is the HTTP code returned for type InviteBadRequest
 const InviteBadRequestCode int = 400
 /*
 InviteBadRequest invitation not created (already exists)
 swagger:response inviteBadRequest
 */
 type InviteBadRequest struct {
 }
 // NewInviteBadRequest creates InviteBadRequest with default headers values
 func NewInviteBadRequest() *InviteBadRequest {
 	return &InviteBadRequest{}
 }
 // WriteResponse to the client
 func (o *InviteBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(400)
 }
 // InviteInternalServerErrorCode is the HTTP code returned for type InviteInternalServerError
 const InviteInternalServerErrorCode int = 500
 /*
 InviteInternalServerError internal server error
 swagger:response inviteInternalServerError
 */
 type InviteInternalServerError struct {
 }
 // NewInviteInternalServerError creates InviteInternalServerError with default headers values
 func NewInviteInternalServerError() *InviteInternalServerError {
 	return &InviteInternalServerError{}
 }
 // WriteResponse to the client
 func (o *InviteInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(500)
 }
--- a/rest_server_zrok/operations/identity/create_account_urlbuilder.go
+++ b/rest_server_zrok/operations/identity/create_account_urlbuilder.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@ -11,15 +11,15 @@ import (
 	golangswaggerpaths "path"
 )
-// CreateAccountURL generates an URL for the create account operation
+// InviteURL generates an URL for the invite operation
-type CreateAccountURL struct {
+type InviteURL struct {
 	_basePath string
 }
 // WithBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *CreateAccountURL) WithBasePath(bp string) *CreateAccountURL {
+func (o *InviteURL) WithBasePath(bp string) *InviteURL {
 	o.SetBasePath(bp)
 	return o
 }
@ -27,15 +27,15 @@ func (o *CreateAccountURL) WithBasePath(bp string) *CreateAccountURL {
 // SetBasePath sets the base path for this url builder, only required when it's different from the
 // base path specified in the swagger spec.
 // When the value of the base path is an empty string
-func (o *CreateAccountURL) SetBasePath(bp string) {
+func (o *InviteURL) SetBasePath(bp string) {
 	o._basePath = bp
 }
 // Build a url path and query string
-func (o *CreateAccountURL) Build() (*url.URL, error) {
+func (o *InviteURL) Build() (*url.URL, error) {
 	var _result url.URL
-	var _path = "/account"
+	var _path = "/invite"
 	_basePath := o._basePath
 	if _basePath == "" {
@ -47,7 +47,7 @@ func (o *CreateAccountURL) Build() (*url.URL, error) {
 }
 // Must is a helper function to panic when the url builder returns an error
-func (o *CreateAccountURL) Must(u *url.URL, err error) *url.URL {
+func (o *InviteURL) Must(u *url.URL, err error) *url.URL {
 	if err != nil {
 		panic(err)
 	}
@ -58,17 +58,17 @@ func (o *CreateAccountURL) Must(u *url.URL, err error) *url.URL {
 }
 // String returns the string representation of the path with query string
-func (o *CreateAccountURL) String() string {
+func (o *InviteURL) String() string {
 	return o.Must(o.Build()).String()
 }
 // BuildFull builds a full url with scheme, host, path and query string
-func (o *CreateAccountURL) BuildFull(scheme, host string) (*url.URL, error) {
+func (o *InviteURL) BuildFull(scheme, host string) (*url.URL, error) {
 	if scheme == "" {
-		return nil, errors.New("scheme is required for a full url on CreateAccountURL")
+		return nil, errors.New("scheme is required for a full url on InviteURL")
 	}
 	if host == "" {
-		return nil, errors.New("host is required for a full url on CreateAccountURL")
+		return nil, errors.New("host is required for a full url on InviteURL")
 	}
 	base, err := o.Build()
@ -82,6 +82,6 @@ func (o *CreateAccountURL) BuildFull(scheme, host string) (*url.URL, error) {
 }
 // StringFull returns the string representation of a complete url
-func (o *CreateAccountURL) StringFull(scheme, host string) string {
+func (o *InviteURL) StringFull(scheme, host string) string {
 	return o.Must(o.BuildFull(scheme, host)).String()
 }
--- a/rest_server_zrok/operations/identity/login.go
+++ b/rest_server_zrok/operations/identity/login.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@ -30,7 +30,7 @@ func NewLogin(ctx *middleware.Context, handler LoginHandler) *Login {
 }
 /*
-	Login swagger:route POST /login identity login
+	Login swagger:route POST /login account login
 Login login API
 */
--- a/rest_server_zrok/operations/identity/login_parameters.go
+++ b/rest_server_zrok/operations/identity/login_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_server_zrok/operations/identity/login_responses.go
+++ b/rest_server_zrok/operations/identity/login_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_server_zrok/operations/identity/login_urlbuilder.go
+++ b/rest_server_zrok/operations/identity/login_urlbuilder.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/rest_server_zrok/operations/identity/register.go
+++ b/rest_server_zrok/operations/identity/register.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@ -30,7 +30,7 @@ func NewRegister(ctx *middleware.Context, handler RegisterHandler) *Register {
 }
 /*
-	Register swagger:route POST /register identity register
+	Register swagger:route POST /register account register
 Register register API
 */
--- a/rest_server_zrok/operations/identity/register_parameters.go
+++ b/rest_server_zrok/operations/identity/register_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_server_zrok/operations/identity/register_responses.go
+++ b/rest_server_zrok/operations/identity/register_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -92,11 +92,6 @@ RegisterInternalServerError internal server error
 swagger:response registerInternalServerError
 */
 type RegisterInternalServerError struct {
 	/*
 	  In: Body
 	*/
 	Payload rest_model_zrok.ErrorMessage `json:"body,omitempty"`
 }
 // NewRegisterInternalServerError creates RegisterInternalServerError with default headers values
@ -105,23 +100,10 @@ func NewRegisterInternalServerError() *RegisterInternalServerError {
 	return &RegisterInternalServerError{}
 }
 // WithPayload adds the payload to the register internal server error response
 func (o *RegisterInternalServerError) WithPayload(payload rest_model_zrok.ErrorMessage) *RegisterInternalServerError {
 	o.Payload = payload
 	return o
 }
 // SetPayload sets the payload to the register internal server error response
 func (o *RegisterInternalServerError) SetPayload(payload rest_model_zrok.ErrorMessage) {
 	o.Payload = payload
 }
 // WriteResponse to the client
 func (o *RegisterInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(500)
 	payload := o.Payload
 	if err := producer.Produce(rw, payload); err != nil {
 		panic(err) // let the recovery middleware deal with this
 	}
 }
--- a/rest_server_zrok/operations/identity/register_urlbuilder.go
+++ b/rest_server_zrok/operations/identity/register_urlbuilder.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/rest_server_zrok/operations/identity/verify.go
+++ b/rest_server_zrok/operations/identity/verify.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@ -30,7 +30,7 @@ func NewVerify(ctx *middleware.Context, handler VerifyHandler) *Verify {
 }
 /*
-	Verify swagger:route POST /verify identity verify
+	Verify swagger:route POST /verify account verify
 Verify verify API
 */
--- a/rest_server_zrok/operations/identity/verify_parameters.go
+++ b/rest_server_zrok/operations/identity/verify_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_server_zrok/operations/identity/verify_responses.go
+++ b/rest_server_zrok/operations/identity/verify_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -92,11 +92,6 @@ VerifyInternalServerError internal server error
 swagger:response verifyInternalServerError
 */
 type VerifyInternalServerError struct {
 	/*
 	  In: Body
 	*/
 	Payload rest_model_zrok.ErrorMessage `json:"body,omitempty"`
 }
 // NewVerifyInternalServerError creates VerifyInternalServerError with default headers values
@ -105,23 +100,10 @@ func NewVerifyInternalServerError() *VerifyInternalServerError {
 	return &VerifyInternalServerError{}
 }
 // WithPayload adds the payload to the verify internal server error response
 func (o *VerifyInternalServerError) WithPayload(payload rest_model_zrok.ErrorMessage) *VerifyInternalServerError {
 	o.Payload = payload
 	return o
 }
 // SetPayload sets the payload to the verify internal server error response
 func (o *VerifyInternalServerError) SetPayload(payload rest_model_zrok.ErrorMessage) {
 	o.Payload = payload
 }
 // WriteResponse to the client
 func (o *VerifyInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(500)
 	payload := o.Payload
 	if err := producer.Produce(rw, payload); err != nil {
 		panic(err) // let the recovery middleware deal with this
 	}
 }
--- a/rest_server_zrok/operations/identity/verify_urlbuilder.go
+++ b/rest_server_zrok/operations/identity/verify_urlbuilder.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package account
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/rest_server_zrok/operations/environment/disable.go
+++ b/rest_server_zrok/operations/environment/disable.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@ -32,7 +32,7 @@ func NewDisable(ctx *middleware.Context, handler DisableHandler) *Disable {
 }
 /*
-	Disable swagger:route POST /disable identity disable
+	Disable swagger:route POST /disable environment disable
 Disable disable API
 */
--- a/rest_server_zrok/operations/environment/disable_parameters.go
+++ b/rest_server_zrok/operations/environment/disable_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_server_zrok/operations/environment/disable_responses.go
+++ b/rest_server_zrok/operations/environment/disable_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -9,8 +9,6 @@ import (
 	"net/http"
 	"github.com/go-openapi/runtime"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // DisableOKCode is the HTTP code returned for type DisableOK
@ -72,11 +70,6 @@ DisableInternalServerError internal server error
 swagger:response disableInternalServerError
 */
 type DisableInternalServerError struct {
 	/*
 	  In: Body
 	*/
 	Payload rest_model_zrok.ErrorMessage `json:"body,omitempty"`
 }
 // NewDisableInternalServerError creates DisableInternalServerError with default headers values
@ -85,23 +78,10 @@ func NewDisableInternalServerError() *DisableInternalServerError {
 	return &DisableInternalServerError{}
 }
 // WithPayload adds the payload to the disable internal server error response
 func (o *DisableInternalServerError) WithPayload(payload rest_model_zrok.ErrorMessage) *DisableInternalServerError {
 	o.Payload = payload
 	return o
 }
 // SetPayload sets the payload to the disable internal server error response
 func (o *DisableInternalServerError) SetPayload(payload rest_model_zrok.ErrorMessage) {
 	o.Payload = payload
 }
 // WriteResponse to the client
 func (o *DisableInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(500)
 	payload := o.Payload
 	if err := producer.Produce(rw, payload); err != nil {
 		panic(err) // let the recovery middleware deal with this
 	}
 }
--- a/rest_server_zrok/operations/environment/disable_urlbuilder.go
+++ b/rest_server_zrok/operations/environment/disable_urlbuilder.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/rest_server_zrok/operations/environment/enable.go
+++ b/rest_server_zrok/operations/environment/enable.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@ -32,7 +32,7 @@ func NewEnable(ctx *middleware.Context, handler EnableHandler) *Enable {
 }
 /*
-	Enable swagger:route POST /enable identity enable
+	Enable swagger:route POST /enable environment enable
 Enable enable API
 */
--- a/rest_server_zrok/operations/environment/enable_parameters.go
+++ b/rest_server_zrok/operations/environment/enable_parameters.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/rest_server_zrok/operations/environment/enable_responses.go
+++ b/rest_server_zrok/operations/environment/enable_responses.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
@ -62,7 +62,7 @@ func (o *EnableCreated) WriteResponse(rw http.ResponseWriter, producer runtime.P
 const EnableUnauthorizedCode int = 401
 /*
-EnableUnauthorized invalid api key
+EnableUnauthorized unauthorized
 swagger:response enableUnauthorized
 */
@ -117,11 +117,6 @@ EnableInternalServerError internal server error
 swagger:response enableInternalServerError
 */
 type EnableInternalServerError struct {
 	/*
 	  In: Body
 	*/
 	Payload rest_model_zrok.ErrorMessage `json:"body,omitempty"`
 }
 // NewEnableInternalServerError creates EnableInternalServerError with default headers values
@ -130,23 +125,10 @@ func NewEnableInternalServerError() *EnableInternalServerError {
 	return &EnableInternalServerError{}
 }
 // WithPayload adds the payload to the enable internal server error response
 func (o *EnableInternalServerError) WithPayload(payload rest_model_zrok.ErrorMessage) *EnableInternalServerError {
 	o.Payload = payload
 	return o
 }
 // SetPayload sets the payload to the enable internal server error response
 func (o *EnableInternalServerError) SetPayload(payload rest_model_zrok.ErrorMessage) {
 	o.Payload = payload
 }
 // WriteResponse to the client
 func (o *EnableInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(500)
 	payload := o.Payload
 	if err := producer.Produce(rw, payload); err != nil {
 		panic(err) // let the recovery middleware deal with this
 	}
 }
--- a/rest_server_zrok/operations/environment/enable_urlbuilder.go
+++ b/rest_server_zrok/operations/environment/enable_urlbuilder.go
@ -1,6 +1,6 @@
 // Code generated by go-swagger; DO NOT EDIT.
-package identity
+package environment
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/rest_server_zrok/operations/identity/create_account.go
+++ b/rest_server_zrok/operations/identity/create_account.go
@ -1,56 +0,0 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package identity
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
 import (
 	"net/http"
 	"github.com/go-openapi/runtime/middleware"
 )
 // CreateAccountHandlerFunc turns a function with the right signature into a create account handler
 type CreateAccountHandlerFunc func(CreateAccountParams) middleware.Responder
 // Handle executing the request and returning a response
 func (fn CreateAccountHandlerFunc) Handle(params CreateAccountParams) middleware.Responder {
 	return fn(params)
 }
 // CreateAccountHandler interface for that can handle valid create account params
 type CreateAccountHandler interface {
 	Handle(CreateAccountParams) middleware.Responder
 }
 // NewCreateAccount creates a new http.Handler for the create account operation
 func NewCreateAccount(ctx *middleware.Context, handler CreateAccountHandler) *CreateAccount {
 	return &CreateAccount{Context: ctx, Handler: handler}
 }
 /*
 	CreateAccount swagger:route POST /account identity createAccount
 CreateAccount create account API
 */
 type CreateAccount struct {
 	Context *middleware.Context
 	Handler CreateAccountHandler
 }
 func (o *CreateAccount) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 	route, rCtx, _ := o.Context.RouteInfo(r)
 	if rCtx != nil {
 		*r = *rCtx
 	}
 	var Params = NewCreateAccountParams()
 	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 	res := o.Handler.Handle(Params) // actually handle the request
 	o.Context.Respond(rw, r, route.Produces, route, res)
 }
--- a/rest_server_zrok/operations/identity/create_account_parameters.go
+++ b/rest_server_zrok/operations/identity/create_account_parameters.go
@ -1,76 +0,0 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package identity
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"net/http"
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/validate"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // NewCreateAccountParams creates a new CreateAccountParams object
 //
 // There are no default values defined in the spec.
 func NewCreateAccountParams() CreateAccountParams {
 	return CreateAccountParams{}
 }
 // CreateAccountParams contains all the bound params for the create account operation
 // typically these are obtained from a http.Request
 //
 // swagger:parameters createAccount
 type CreateAccountParams struct {
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
 	/*
 	  In: body
 	*/
 	Body *rest_model_zrok.AccountRequest
 }
 // BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
 // for simple values it will use straight method calls.
 //
 // To ensure default values, the struct must have been initialized with NewCreateAccountParams() beforehand.
 func (o *CreateAccountParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
 	var res []error
 	o.HTTPRequest = r
 	if runtime.HasBody(r) {
 		defer r.Body.Close()
 		var body rest_model_zrok.AccountRequest
 		if err := route.Consumer.Consume(r.Body, &body); err != nil {
 			res = append(res, errors.NewParseError("body", "body", "", err))
 		} else {
 			// validate body object
 			if err := body.Validate(route.Formats); err != nil {
 				res = append(res, err)
 			}
 			ctx := validate.WithOperationRequest(r.Context())
 			if err := body.ContextValidate(ctx, route.Formats); err != nil {
 				res = append(res, err)
 			}
 			if len(res) == 0 {
 				o.Body = &body
 			}
 		}
 	}
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
--- a/rest_server_zrok/operations/identity/create_account_responses.go
+++ b/rest_server_zrok/operations/identity/create_account_responses.go
@ -1,125 +0,0 @@
 // Code generated by go-swagger; DO NOT EDIT.
 package identity
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
 import (
 	"net/http"
 	"github.com/go-openapi/runtime"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 // CreateAccountCreatedCode is the HTTP code returned for type CreateAccountCreated
 const CreateAccountCreatedCode int = 201
 /*
 CreateAccountCreated account created
 swagger:response createAccountCreated
 */
 type CreateAccountCreated struct {
 }
 // NewCreateAccountCreated creates CreateAccountCreated with default headers values
 func NewCreateAccountCreated() *CreateAccountCreated {
 	return &CreateAccountCreated{}
 }
 // WriteResponse to the client
 func (o *CreateAccountCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
 	rw.WriteHeader(201)
 }
 // CreateAccountBadRequestCode is the HTTP code returned for type CreateAccountBadRequest
 const CreateAccountBadRequestCode int = 400
 /*
 CreateAccountBadRequest account not created (already exists)
 swagger:response createAccountBadRequest
 */
 type CreateAccountBadRequest struct {
 	/*
 	  In: Body
 	*/
 	Payload rest_model_zrok.ErrorMessage `json:"body,omitempty"`
 }
 // NewCreateAccountBadRequest creates CreateAccountBadRequest with default headers values
 func NewCreateAccountBadRequest() *CreateAccountBadRequest {
 	return &CreateAccountBadRequest{}
 }
 // WithPayload adds the payload to the create account bad request response
 func (o *CreateAccountBadRequest) WithPayload(payload rest_model_zrok.ErrorMessage) *CreateAccountBadRequest {
 	o.Payload = payload
 	return o
 }
 // SetPayload sets the payload to the create account bad request response
 func (o *CreateAccountBadRequest) SetPayload(payload rest_model_zrok.ErrorMessage) {
 	o.Payload = payload
 }
 // WriteResponse to the client
 func (o *CreateAccountBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.WriteHeader(400)
 	payload := o.Payload
 	if err := producer.Produce(rw, payload); err != nil {
 		panic(err) // let the recovery middleware deal with this
 	}
 }
 // CreateAccountInternalServerErrorCode is the HTTP code returned for type CreateAccountInternalServerError
 const CreateAccountInternalServerErrorCode int = 500
 /*
 CreateAccountInternalServerError internal server error
 swagger:response createAccountInternalServerError
 */
 type CreateAccountInternalServerError struct {
 	/*
 	  In: Body
 	*/
 	Payload rest_model_zrok.ErrorMessage `json:"body,omitempty"`
 }
 // NewCreateAccountInternalServerError creates CreateAccountInternalServerError with default headers values
 func NewCreateAccountInternalServerError() *CreateAccountInternalServerError {
 	return &CreateAccountInternalServerError{}
 }
 // WithPayload adds the payload to the create account internal server error response
 func (o *CreateAccountInternalServerError) WithPayload(payload rest_model_zrok.ErrorMessage) *CreateAccountInternalServerError {
 	o.Payload = payload
 	return o
 }
 // SetPayload sets the payload to the create account internal server error response
 func (o *CreateAccountInternalServerError) SetPayload(payload rest_model_zrok.ErrorMessage) {
 	o.Payload = payload
 }
 // WriteResponse to the client
 func (o *CreateAccountInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
 	rw.WriteHeader(500)
 	payload := o.Payload
 	if err := producer.Produce(rw, payload); err != nil {
 		panic(err) // let the recovery middleware deal with this
 	}
 }
--- a/rest_server_zrok/operations/zrok_api.go
+++ b/rest_server_zrok/operations/zrok_api.go
@ -20,7 +20,8 @@ import (
 	"github.com/go-openapi/swag"
 	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/account"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/environment"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata"
 	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/service"
 )
@ -50,26 +51,26 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		ServiceAccessHandler: service.AccessHandlerFunc(func(params service.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation service.Access has not yet been implemented")
 		}),
-		IdentityCreateAccountHandler: identity.CreateAccountHandlerFunc(func(params identity.CreateAccountParams) middleware.Responder {
+		EnvironmentDisableHandler: environment.DisableHandlerFunc(func(params environment.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation identity.CreateAccount has not yet been implemented")
+			return middleware.NotImplemented("operation environment.Disable has not yet been implemented")
 		}),
-		IdentityDisableHandler: identity.DisableHandlerFunc(func(params identity.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder {
+		EnvironmentEnableHandler: environment.EnableHandlerFunc(func(params environment.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation identity.Disable has not yet been implemented")
+			return middleware.NotImplemented("operation environment.Enable has not yet been implemented")
 		}),
 		IdentityEnableHandler: identity.EnableHandlerFunc(func(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation identity.Enable has not yet been implemented")
 		}),
 		ServiceGetServiceHandler: service.GetServiceHandlerFunc(func(params service.GetServiceParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation service.GetService has not yet been implemented")
 		}),
-		IdentityLoginHandler: identity.LoginHandlerFunc(func(params identity.LoginParams) middleware.Responder {
+		AccountInviteHandler: account.InviteHandlerFunc(func(params account.InviteParams) middleware.Responder {
-			return middleware.NotImplemented("operation identity.Login has not yet been implemented")
+			return middleware.NotImplemented("operation account.Invite has not yet been implemented")
 		}),
 		AccountLoginHandler: account.LoginHandlerFunc(func(params account.LoginParams) middleware.Responder {
 			return middleware.NotImplemented("operation account.Login has not yet been implemented")
 		}),
 		MetadataOverviewHandler: metadata.OverviewHandlerFunc(func(params metadata.OverviewParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation metadata.Overview has not yet been implemented")
 		}),
-		IdentityRegisterHandler: identity.RegisterHandlerFunc(func(params identity.RegisterParams) middleware.Responder {
+		AccountRegisterHandler: account.RegisterHandlerFunc(func(params account.RegisterParams) middleware.Responder {
-			return middleware.NotImplemented("operation identity.Register has not yet been implemented")
+			return middleware.NotImplemented("operation account.Register has not yet been implemented")
 		}),
 		ServiceShareHandler: service.ShareHandlerFunc(func(params service.ShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation service.Share has not yet been implemented")
@ -80,8 +81,8 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		ServiceUnshareHandler: service.UnshareHandlerFunc(func(params service.UnshareParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation service.Unshare has not yet been implemented")
 		}),
-		IdentityVerifyHandler: identity.VerifyHandlerFunc(func(params identity.VerifyParams) middleware.Responder {
+		AccountVerifyHandler: account.VerifyHandlerFunc(func(params account.VerifyParams) middleware.Responder {
-			return middleware.NotImplemented("operation identity.Verify has not yet been implemented")
+			return middleware.NotImplemented("operation account.Verify has not yet been implemented")
 		}),
 		MetadataVersionHandler: metadata.VersionHandlerFunc(func(params metadata.VersionParams) middleware.Responder {
 			return middleware.NotImplemented("operation metadata.Version has not yet been implemented")
@ -138,28 +139,28 @@ type ZrokAPI struct {
 	// ServiceAccessHandler sets the operation handler for the access operation
 	ServiceAccessHandler service.AccessHandler
-	// IdentityCreateAccountHandler sets the operation handler for the create account operation
+	// EnvironmentDisableHandler sets the operation handler for the disable operation
-	IdentityCreateAccountHandler identity.CreateAccountHandler
+	EnvironmentDisableHandler environment.DisableHandler
-	// IdentityDisableHandler sets the operation handler for the disable operation
+	// EnvironmentEnableHandler sets the operation handler for the enable operation
-	IdentityDisableHandler identity.DisableHandler
+	EnvironmentEnableHandler environment.EnableHandler
 	// IdentityEnableHandler sets the operation handler for the enable operation
 	IdentityEnableHandler identity.EnableHandler
 	// ServiceGetServiceHandler sets the operation handler for the get service operation
 	ServiceGetServiceHandler service.GetServiceHandler
-	// IdentityLoginHandler sets the operation handler for the login operation
+	// AccountInviteHandler sets the operation handler for the invite operation
-	IdentityLoginHandler identity.LoginHandler
+	AccountInviteHandler account.InviteHandler
 	// AccountLoginHandler sets the operation handler for the login operation
 	AccountLoginHandler account.LoginHandler
 	// MetadataOverviewHandler sets the operation handler for the overview operation
 	MetadataOverviewHandler metadata.OverviewHandler
-	// IdentityRegisterHandler sets the operation handler for the register operation
+	// AccountRegisterHandler sets the operation handler for the register operation
-	IdentityRegisterHandler identity.RegisterHandler
+	AccountRegisterHandler account.RegisterHandler
 	// ServiceShareHandler sets the operation handler for the share operation
 	ServiceShareHandler service.ShareHandler
 	// ServiceUnaccessHandler sets the operation handler for the unaccess operation
 	ServiceUnaccessHandler service.UnaccessHandler
 	// ServiceUnshareHandler sets the operation handler for the unshare operation
 	ServiceUnshareHandler service.UnshareHandler
-	// IdentityVerifyHandler sets the operation handler for the verify operation
+	// AccountVerifyHandler sets the operation handler for the verify operation
-	IdentityVerifyHandler identity.VerifyHandler
+	AccountVerifyHandler account.VerifyHandler
 	// MetadataVersionHandler sets the operation handler for the version operation
 	MetadataVersionHandler metadata.VersionHandler
@ -246,26 +247,26 @@ func (o *ZrokAPI) Validate() error {
 	if o.ServiceAccessHandler == nil {
 		unregistered = append(unregistered, "service.AccessHandler")
 	}
-	if o.IdentityCreateAccountHandler == nil {
+	if o.EnvironmentDisableHandler == nil {
-		unregistered = append(unregistered, "identity.CreateAccountHandler")
+		unregistered = append(unregistered, "environment.DisableHandler")
 	}
-	if o.IdentityDisableHandler == nil {
+	if o.EnvironmentEnableHandler == nil {
-		unregistered = append(unregistered, "identity.DisableHandler")
+		unregistered = append(unregistered, "environment.EnableHandler")
 	}
 	if o.IdentityEnableHandler == nil {
 		unregistered = append(unregistered, "identity.EnableHandler")
 	}
 	if o.ServiceGetServiceHandler == nil {
 		unregistered = append(unregistered, "service.GetServiceHandler")
 	}
-	if o.IdentityLoginHandler == nil {
+	if o.AccountInviteHandler == nil {
-		unregistered = append(unregistered, "identity.LoginHandler")
+		unregistered = append(unregistered, "account.InviteHandler")
 	}
 	if o.AccountLoginHandler == nil {
 		unregistered = append(unregistered, "account.LoginHandler")
 	}
 	if o.MetadataOverviewHandler == nil {
 		unregistered = append(unregistered, "metadata.OverviewHandler")
 	}
-	if o.IdentityRegisterHandler == nil {
+	if o.AccountRegisterHandler == nil {
-		unregistered = append(unregistered, "identity.RegisterHandler")
+		unregistered = append(unregistered, "account.RegisterHandler")
 	}
 	if o.ServiceShareHandler == nil {
 		unregistered = append(unregistered, "service.ShareHandler")
@ -276,8 +277,8 @@ func (o *ZrokAPI) Validate() error {
 	if o.ServiceUnshareHandler == nil {
 		unregistered = append(unregistered, "service.UnshareHandler")
 	}
-	if o.IdentityVerifyHandler == nil {
+	if o.AccountVerifyHandler == nil {
-		unregistered = append(unregistered, "identity.VerifyHandler")
+		unregistered = append(unregistered, "account.VerifyHandler")
 	}
 	if o.MetadataVersionHandler == nil {
 		unregistered = append(unregistered, "metadata.VersionHandler")
@ -388,15 +389,11 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/account"] = identity.NewCreateAccount(o.context, o.IdentityCreateAccountHandler)
+	o.handlers["POST"]["/disable"] = environment.NewDisable(o.context, o.EnvironmentDisableHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/disable"] = identity.NewDisable(o.context, o.IdentityDisableHandler)
+	o.handlers["POST"]["/enable"] = environment.NewEnable(o.context, o.EnvironmentEnableHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
 	o.handlers["POST"]["/enable"] = identity.NewEnable(o.context, o.IdentityEnableHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
@ -404,7 +401,11 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login"] = identity.NewLogin(o.context, o.IdentityLoginHandler)
+	o.handlers["POST"]["/invite"] = account.NewInvite(o.context, o.AccountInviteHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
 	o.handlers["POST"]["/login"] = account.NewLogin(o.context, o.AccountLoginHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
@ -412,7 +413,7 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/register"] = identity.NewRegister(o.context, o.IdentityRegisterHandler)
+	o.handlers["POST"]["/register"] = account.NewRegister(o.context, o.AccountRegisterHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
@ -428,7 +429,7 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/verify"] = identity.NewVerify(o.context, o.IdentityVerifyHandler)
+	o.handlers["POST"]["/verify"] = account.NewVerify(o.context, o.AccountVerifyHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@ -1,7 +1,7 @@
 info:
  description: zrok client access
  title: zrok
-  version: 1.0.0
+  version: 0.3.0
 basePath: /api/v1
@ -13,82 +13,30 @@ securityDefinitions:
 paths:
  #
-  # identity
+  # account
  #
-  /account:
+  /invite:
    post:
      tags:
-        - identity
+        - account
-      operationId: createAccount
+      operationId: invite
      parameters:
        - name: body
          in: body
          schema:
-            $ref: "#/definitions/accountRequest"
+            $ref: "#/definitions/inviteRequest"
      responses:
        201:
-          description: account created
+          description: invitation created
        400:
-          description: account not created (already exists)
+          description: invitation not created (already exists)
          schema:
            $ref: "#/definitions/errorMessage"
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"
  /enable:
    post:
      tags:
        - identity
      security:
        - key: []
      operationId: enable
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/enableRequest"
      responses:
        201:
          description: environment enabled
          schema:
            $ref: "#/definitions/enableResponse"
        401:
          description: invalid api key
        404:
          description: account not found
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"
  /disable:
    post:
      tags:
        - identity
      security:
        - key: []
      operationId: disable
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/disableRequest"
      responses:
        200:
          description: environment disabled
        401:
          description: invalid environment
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"
  /login:
    post:
      tags:
-        - identity
+        - account
      operationId: login
      parameters:
        - name: body
@ -106,7 +54,7 @@ paths:
  /register:
    post:
      tags:
-        - identity
+        - account
      operationId: register
      parameters:
        - name: body
@ -122,13 +70,11 @@ paths:
          description: request not found
        500:
          description: internal server error
          schema:
            $ref: "#/definitions/errorMessage"
  /verify:
    post:
      tags:
-        - identity
+        - account
      operationId: verify
      parameters:
        - name: body
@ -144,8 +90,54 @@ paths:
          description: token not found
        500:
          description: internal server error
  #
  # environment
  #
  /enable:
    post:
      tags:
        - environment
      security:
        - key: []
      operationId: enable
      parameters:
        - name: body
          in: body
          schema:
-            $ref: "#/definitions/errorMessage"
+            $ref: "#/definitions/enableRequest"
      responses:
        201:
          description: environment enabled
          schema:
            $ref: "#/definitions/enableResponse"
        401:
          description: unauthorized
        404:
          description: account not found
        500:
          description: internal server error
  /disable:
    post:
      tags:
        - environment
      security:
        - key: []
      operationId: disable
      parameters:
        - name: body
          in: body
          schema:
            $ref: "#/definitions/disableRequest"
      responses:
        200:
          description: environment disabled
        401:
          description: invalid environment
        500:
          description: internal server error
  #
  # metadata
  #
@ -312,12 +304,6 @@ definitions:
      frontendName:
        type: string
  accountRequest:
    type: object
    properties:
      email:
        type: string
  authUser:
    type: object
    properties:
@ -326,6 +312,12 @@ definitions:
      password:
        type: string
  disableRequest:
    type: object
    properties:
      identity:
        type: string
  enableRequest:
    type: object
    properties:
@ -333,6 +325,7 @@ definitions:
        type: string
      host:
        type: string
  enableResponse:
    type: object
    properties:
@ -341,12 +334,6 @@ definitions:
      cfg:
        type: string
  disableRequest:
    type: object
    properties:
      identity:
        type: string
  environment:
    type: object
    properties:
@ -386,6 +373,12 @@ definitions:
  errorMessage:
    type: string
  inviteRequest:
    type: object
    properties:
      email:
        type: string
  loginRequest:
    type: object
    properties:
--- a/ui/src/api/identity.js
+++ b/ui/src/api/identity.js
@ -1,50 +1,20 @@
-/** @module identity */
+/** @module account */
 // Auto-generated, edits will be overwritten
 import * as gateway from './gateway'
 /**
 * @param {object} options Optional options
- * @param {module:types.accountRequest} [options.body] 
+ * @param {module:types.inviteRequest} [options.body] 
- * @return {Promise<object>} account created
+ * @return {Promise<object>} invitation created
 */
-export function createAccount(options) {
+export function invite(options) {
  if (!options) options = {}
  const parameters = {
    body: {
      body: options.body
    }
  }
-  return gateway.request(createAccountOperation, parameters)
+  return gateway.request(inviteOperation, parameters)
 }
 /**
 * @param {object} options Optional options
 * @param {module:types.enableRequest} [options.body] 
 * @return {Promise<module:types.enableResponse>} environment enabled
 */
 export function enable(options) {
  if (!options) options = {}
  const parameters = {
    body: {
      body: options.body
    }
  }
  return gateway.request(enableOperation, parameters)
 }
 /**
 * @param {object} options Optional options
 * @param {module:types.disableRequest} [options.body] 
 * @return {Promise<object>} environment disabled
 */
 export function disable(options) {
  if (!options) options = {}
  const parameters = {
    body: {
      body: options.body
    }
  }
  return gateway.request(disableOperation, parameters)
 }
 /**
@ -92,34 +62,12 @@ export function verify(options) {
  return gateway.request(verifyOperation, parameters)
 }
-const createAccountOperation = {
+const inviteOperation = {
-  path: '/account',
+  path: '/invite',
  contentTypes: ['application/zrok.v1+json'],
  method: 'post'
 }
 const enableOperation = {
  path: '/enable',
  contentTypes: ['application/zrok.v1+json'],
  method: 'post',
  security: [
    {
      id: 'key'
    }
  ]
 }
 const disableOperation = {
  path: '/disable',
  contentTypes: ['application/zrok.v1+json'],
  method: 'post',
  security: [
    {
      id: 'key'
    }
  ]
 }
 const loginOperation = {
  path: '/login',
  contentTypes: ['application/zrok.v1+json'],
--- a/ui/src/api/environment.js
+++ b/ui/src/api/environment.js
@ -0,0 +1,55 @@
 /** @module environment */
 // Auto-generated, edits will be overwritten
 import * as gateway from './gateway'
 /**
 * @param {object} options Optional options
 * @param {module:types.enableRequest} [options.body] 
 * @return {Promise<module:types.enableResponse>} environment enabled
 */
 export function enable(options) {
  if (!options) options = {}
  const parameters = {
    body: {
      body: options.body
    }
  }
  return gateway.request(enableOperation, parameters)
 }
 /**
 * @param {object} options Optional options
 * @param {module:types.disableRequest} [options.body] 
 * @return {Promise<object>} environment disabled
 */
 export function disable(options) {
  if (!options) options = {}
  const parameters = {
    body: {
      body: options.body
    }
  }
  return gateway.request(disableOperation, parameters)
 }
 const enableOperation = {
  path: '/enable',
  contentTypes: ['application/zrok.v1+json'],
  method: 'post',
  security: [
    {
      id: 'key'
    }
  ]
 }
 const disableOperation = {
  path: '/disable',
  contentTypes: ['application/zrok.v1+json'],
  method: 'post',
  security: [
    {
      id: 'key'
    }
  ]
 }
--- a/ui/src/api/types.js
+++ b/ui/src/api/types.js
@ -16,13 +16,6 @@
 * @property {string} frontendName 
 */
 /**
 * @typedef accountRequest
 * @memberof module:types
 * 
 * @property {string} email 
 */
 /**
 * @typedef authUser
 * @memberof module:types
@ -31,6 +24,13 @@
 * @property {string} password 
 */
 /**
 * @typedef disableRequest
 * @memberof module:types
 * 
 * @property {string} identity 
 */
 /**
 * @typedef enableRequest
 * @memberof module:types
@ -47,13 +47,6 @@
 * @property {string} cfg 
 */
 /**
 * @typedef disableRequest
 * @memberof module:types
 * 
 * @property {string} identity 
 */
 /**
 * @typedef environment
 * @memberof module:types
@ -75,6 +68,13 @@
 * @property {module:types.services} services 
 */
 /**
 * @typedef inviteRequest
 * @memberof module:types
 * 
 * @property {string} email 
 */
 /**
 * @typedef loginRequest
 * @memberof module:types