basic 'admin create identity' infrastructure (#130)

cmd/zrok/admin_create_identity.go

@@ -0,0 +1,62 @@
+package main
+
+import (
+	"fmt"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/admin"
+	"github.com/openziti-test-kitchen/zrok/zrokdir"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"os"
+)
+
+func init() {
+	adminCreateCmd.AddCommand(newAdminCreateIdentity().cmd)
+}
+
+type adminCreateIdentity struct {
+	cmd *cobra.Command
+}
+
+func newAdminCreateIdentity() *adminCreateIdentity {
+	cmd := &cobra.Command{
+		Use:     "identity <name>",
+		Aliases: []string{"id"},
+		Short:   "Create an identity and basic edge policies",
+		Args:    cobra.ExactArgs(1),
+	}
+	command := &adminCreateIdentity{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *adminCreateIdentity) run(_ *cobra.Command, args []string) {
+	name := args[0]
+
+	zif, err := zrokdir.ZitiIdentityFile(name)
+	if err != nil {
+		panic(err)
+	}
+	if _, err := os.Stat(zif); err == nil {
+		logrus.Errorf("identity '%v' already exists at '%v'", name, zif)
+		os.Exit(1)
+	}
+
+	zrok, err := zrokdir.ZrokClient(apiEndpoint)
+	if err != nil {
+		panic(err)
+	}
+
+	req := admin.NewCreateIdentityParams()
+	req.Body.Name = name
+
+	resp, err := zrok.Admin.CreateIdentity(req, mustGetAdminAuth())
+	if err != nil {
+		panic(err)
+	}
+
+	if err := zrokdir.SaveZitiIdentity(name, resp.Payload.Cfg); err != nil {
+		panic(err)
+	}
+
+	fmt.Printf("zrok identity '%v' created with ziti id '%v'\n", name, resp.Payload.Identity)
+}

cmd/zrok/main.go

@@ -16,7 +16,6 @@ func init() {
 	rootCmd.PersistentFlags().BoolVarP(&panicInstead, "panic", "p", false, "Panic instead of showing pretty errors")
 	zrokdir.AddZrokApiEndpointFlag(&apiEndpoint, rootCmd.PersistentFlags())
 	rootCmd.AddCommand(accessCmd)
-	adminCreateCmd.AddCommand(adminCreateIdentity)
 	adminCmd.AddCommand(adminCreateCmd)
 	adminCmd.AddCommand(adminDeleteCmd)
 	adminCmd.AddCommand(adminListCmd)
@@ -54,11 +53,6 @@ var adminCreateCmd = &cobra.Command{
 	Short: "Create global resources",
 }
 
-var adminCreateIdentity = &cobra.Command{
-	Use:   "identity",
-	Short: "Create global identities",
-}
-
 var adminDeleteCmd = &cobra.Command{
 	Use:   "delete",
 	Short: "Delete global resources",

controller/controller.go

@@ -32,6 +32,7 @@ func Run(inCfg *Config) error {
 	api.AccountRegisterHandler = newRegisterHandler()
 	api.AccountVerifyHandler = newVerifyHandler()
 	api.AdminCreateFrontendHandler = newCreateFrontendHandler()
+	api.AdminCreateIdentityHandler = newCreateIdentityHandler()
 	api.AdminDeleteFrontendHandler = newDeleteFrontendHandler()
 	api.AdminListFrontendsHandler = newListFrontendsHandler()
 	api.AdminUpdateFrontendHandler = newUpdateFrontendHandler()

controller/create_identity.go

@@ -0,0 +1,64 @@
+package controller
+
+import (
+	"bytes"
+	"encoding/json"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/admin"
+	rest_model_edge "github.com/openziti/edge/rest_model"
+	"github.com/sirupsen/logrus"
+)
+
+type createIdentityHandler struct{}
+
+func newCreateIdentityHandler() *createIdentityHandler {
+	return &createIdentityHandler{}
+}
+
+func (h *createIdentityHandler) Handle(params admin.CreateIdentityParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	name := params.Body.Name
+
+	if !principal.Admin {
+		logrus.Errorf("invalid admin principal")
+		return admin.NewCreateIdentityUnauthorized()
+	}
+
+	edge, err := edgeClient()
+	if err != nil {
+		logrus.Errorf("error getting edge client: %v", err)
+		return admin.NewCreateIdentityInternalServerError()
+	}
+
+	idc, err := createIdentity(name, rest_model_edge.IdentityTypeService, nil, edge)
+	if err != nil {
+		logrus.Errorf("error creating identity: %v", err)
+		return admin.NewCreateIdentityInternalServerError()
+	}
+
+	zId := idc.Payload.Data.ID
+	cfg, err := enrollIdentity(zId, edge)
+	if err != nil {
+		logrus.Errorf("error enrolling identity: %v", err)
+		return admin.NewCreateIdentityInternalServerError()
+	}
+
+	if err := createEdgeRouterPolicy(name, zId, edge); err != nil {
+		logrus.Errorf("error creating edge router policy for identity: %v", err)
+		return admin.NewCreateIdentityInternalServerError()
+	}
+
+	var out bytes.Buffer
+	enc := json.NewEncoder(&out)
+	enc.SetEscapeHTML(false)
+	err = enc.Encode(&cfg)
+	if err != nil {
+		logrus.Errorf("error encoding identity config: %v", err)
+		return admin.NewCreateFrontendInternalServerError()
+	}
+
+	return admin.NewCreateIdentityCreated().WithPayload(&admin.CreateIdentityCreatedBody{
+		Identity: zId,
+		Cfg:      out.String(),
+	})
+}

rest_client_zrok/admin/admin_client.go

@@ -32,6 +32,8 @@ type ClientOption func(*runtime.ClientOperation)
 type ClientService interface {
 	CreateFrontend(params *CreateFrontendParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateFrontendCreated, error)
 
+	CreateIdentity(params *CreateIdentityParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateIdentityCreated, error)
+
 	DeleteFrontend(params *DeleteFrontendParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*DeleteFrontendOK, error)
 
 	ListFrontends(params *ListFrontendsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListFrontendsOK, error)
@@ -80,6 +82,45 @@ func (a *Client) CreateFrontend(params *CreateFrontendParams, authInfo runtime.C
 	panic(msg)
 }
 
+/*
+CreateIdentity create identity API
+*/
+func (a *Client) CreateIdentity(params *CreateIdentityParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateIdentityCreated, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateIdentityParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "createIdentity",
+		Method:             "POST",
+		PathPattern:        "/identity",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateIdentityReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateIdentityCreated)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for createIdentity: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 DeleteFrontend delete frontend API
 */

rest_client_zrok/admin/create_identity_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewCreateIdentityParams creates a new CreateIdentityParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateIdentityParams() *CreateIdentityParams {
+	return &CreateIdentityParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateIdentityParamsWithTimeout creates a new CreateIdentityParams object
+// with the ability to set a timeout on a request.
+func NewCreateIdentityParamsWithTimeout(timeout time.Duration) *CreateIdentityParams {
+	return &CreateIdentityParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateIdentityParamsWithContext creates a new CreateIdentityParams object
+// with the ability to set a context for a request.
+func NewCreateIdentityParamsWithContext(ctx context.Context) *CreateIdentityParams {
+	return &CreateIdentityParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateIdentityParamsWithHTTPClient creates a new CreateIdentityParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateIdentityParamsWithHTTPClient(client *http.Client) *CreateIdentityParams {
+	return &CreateIdentityParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateIdentityParams contains all the parameters to send to the API endpoint
+
+	for the create identity operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateIdentityParams struct {
+
+	// Body.
+	Body CreateIdentityBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create identity params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateIdentityParams) WithDefaults() *CreateIdentityParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create identity params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateIdentityParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create identity params
+func (o *CreateIdentityParams) WithTimeout(timeout time.Duration) *CreateIdentityParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create identity params
+func (o *CreateIdentityParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create identity params
+func (o *CreateIdentityParams) WithContext(ctx context.Context) *CreateIdentityParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create identity params
+func (o *CreateIdentityParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create identity params
+func (o *CreateIdentityParams) WithHTTPClient(client *http.Client) *CreateIdentityParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create identity params
+func (o *CreateIdentityParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create identity params
+func (o *CreateIdentityParams) WithBody(body CreateIdentityBody) *CreateIdentityParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create identity params
+func (o *CreateIdentityParams) SetBody(body CreateIdentityBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateIdentityParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/admin/create_identity_responses.go

@@ -0,0 +1,291 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CreateIdentityReader is a Reader for the CreateIdentity structure.
+type CreateIdentityReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateIdentityReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 201:
+		result := NewCreateIdentityCreated()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 401:
+		result := NewCreateIdentityUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewCreateIdentityInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code())
+	}
+}
+
+// NewCreateIdentityCreated creates a CreateIdentityCreated with default headers values
+func NewCreateIdentityCreated() *CreateIdentityCreated {
+	return &CreateIdentityCreated{}
+}
+
+/*
+CreateIdentityCreated describes a response with status code 201, with default header values.
+
+created
+*/
+type CreateIdentityCreated struct {
+	Payload *CreateIdentityCreatedBody
+}
+
+// IsSuccess returns true when this create identity created response has a 2xx status code
+func (o *CreateIdentityCreated) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create identity created response has a 3xx status code
+func (o *CreateIdentityCreated) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create identity created response has a 4xx status code
+func (o *CreateIdentityCreated) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create identity created response has a 5xx status code
+func (o *CreateIdentityCreated) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create identity created response a status code equal to that given
+func (o *CreateIdentityCreated) IsCode(code int) bool {
+	return code == 201
+}
+
+func (o *CreateIdentityCreated) Error() string {
+	return fmt.Sprintf("[POST /identity][%d] createIdentityCreated  %+v", 201, o.Payload)
+}
+
+func (o *CreateIdentityCreated) String() string {
+	return fmt.Sprintf("[POST /identity][%d] createIdentityCreated  %+v", 201, o.Payload)
+}
+
+func (o *CreateIdentityCreated) GetPayload() *CreateIdentityCreatedBody {
+	return o.Payload
+}
+
+func (o *CreateIdentityCreated) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	o.Payload = new(CreateIdentityCreatedBody)
+
+	// response payload
+	if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateIdentityUnauthorized creates a CreateIdentityUnauthorized with default headers values
+func NewCreateIdentityUnauthorized() *CreateIdentityUnauthorized {
+	return &CreateIdentityUnauthorized{}
+}
+
+/*
+CreateIdentityUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type CreateIdentityUnauthorized struct {
+}
+
+// IsSuccess returns true when this create identity unauthorized response has a 2xx status code
+func (o *CreateIdentityUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this create identity unauthorized response has a 3xx status code
+func (o *CreateIdentityUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create identity unauthorized response has a 4xx status code
+func (o *CreateIdentityUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this create identity unauthorized response has a 5xx status code
+func (o *CreateIdentityUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create identity unauthorized response a status code equal to that given
+func (o *CreateIdentityUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+func (o *CreateIdentityUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /identity][%d] createIdentityUnauthorized ", 401)
+}
+
+func (o *CreateIdentityUnauthorized) String() string {
+	return fmt.Sprintf("[POST /identity][%d] createIdentityUnauthorized ", 401)
+}
+
+func (o *CreateIdentityUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewCreateIdentityInternalServerError creates a CreateIdentityInternalServerError with default headers values
+func NewCreateIdentityInternalServerError() *CreateIdentityInternalServerError {
+	return &CreateIdentityInternalServerError{}
+}
+
+/*
+CreateIdentityInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type CreateIdentityInternalServerError struct {
+}
+
+// IsSuccess returns true when this create identity internal server error response has a 2xx status code
+func (o *CreateIdentityInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this create identity internal server error response has a 3xx status code
+func (o *CreateIdentityInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create identity internal server error response has a 4xx status code
+func (o *CreateIdentityInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create identity internal server error response has a 5xx status code
+func (o *CreateIdentityInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this create identity internal server error response a status code equal to that given
+func (o *CreateIdentityInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+func (o *CreateIdentityInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /identity][%d] createIdentityInternalServerError ", 500)
+}
+
+func (o *CreateIdentityInternalServerError) String() string {
+	return fmt.Sprintf("[POST /identity][%d] createIdentityInternalServerError ", 500)
+}
+
+func (o *CreateIdentityInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+CreateIdentityBody create identity body
+swagger:model CreateIdentityBody
+*/
+type CreateIdentityBody struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+}
+
+// Validate validates this create identity body
+func (o *CreateIdentityBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create identity body based on context it is used
+func (o *CreateIdentityBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateIdentityBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateIdentityBody) UnmarshalBinary(b []byte) error {
+	var res CreateIdentityBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+/*
+CreateIdentityCreatedBody create identity created body
+swagger:model CreateIdentityCreatedBody
+*/
+type CreateIdentityCreatedBody struct {
+
+	// cfg
+	Cfg string `json:"cfg,omitempty"`
+
+	// identity
+	Identity string `json:"identity,omitempty"`
+}
+
+// Validate validates this create identity created body
+func (o *CreateIdentityCreatedBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create identity created body based on context it is used
+func (o *CreateIdentityCreatedBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateIdentityCreatedBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateIdentityCreatedBody) UnmarshalBinary(b []byte) error {
+	var res CreateIdentityCreatedBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/embedded_spec.go

@@ -280,6 +280,53 @@ func init() {
         }
       }
     },
+    "/identity": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "admin"
+        ],
+        "operationId": "createIdentity",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "name": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "created",
+            "schema": {
+              "properties": {
+                "cfg": {
+                  "type": "string"
+                },
+                "identity": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/invite": {
       "post": {
         "tags": [
@@ -1325,6 +1372,53 @@ func init() {
         }
       }
     },
+    "/identity": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "admin"
+        ],
+        "operationId": "createIdentity",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "name": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "created",
+            "schema": {
+              "properties": {
+                "cfg": {
+                  "type": "string"
+                },
+                "identity": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/invite": {
       "post": {
         "tags": [

rest_server_zrok/operations/admin/create_identity.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+)
+
+// CreateIdentityHandlerFunc turns a function with the right signature into a create identity handler
+type CreateIdentityHandlerFunc func(CreateIdentityParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn CreateIdentityHandlerFunc) Handle(params CreateIdentityParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// CreateIdentityHandler interface for that can handle valid create identity params
+type CreateIdentityHandler interface {
+	Handle(CreateIdentityParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewCreateIdentity creates a new http.Handler for the create identity operation
+func NewCreateIdentity(ctx *middleware.Context, handler CreateIdentityHandler) *CreateIdentity {
+	return &CreateIdentity{Context: ctx, Handler: handler}
+}
+
+/*
+	CreateIdentity swagger:route POST /identity admin createIdentity
+
+CreateIdentity create identity API
+*/
+type CreateIdentity struct {
+	Context *middleware.Context
+	Handler CreateIdentityHandler
+}
+
+func (o *CreateIdentity) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewCreateIdentityParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// CreateIdentityBody create identity body
+//
+// swagger:model CreateIdentityBody
+type CreateIdentityBody struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+}
+
+// Validate validates this create identity body
+func (o *CreateIdentityBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create identity body based on context it is used
+func (o *CreateIdentityBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateIdentityBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateIdentityBody) UnmarshalBinary(b []byte) error {
+	var res CreateIdentityBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+// CreateIdentityCreatedBody create identity created body
+//
+// swagger:model CreateIdentityCreatedBody
+type CreateIdentityCreatedBody struct {
+
+	// cfg
+	Cfg string `json:"cfg,omitempty"`
+
+	// identity
+	Identity string `json:"identity,omitempty"`
+}
+
+// Validate validates this create identity created body
+func (o *CreateIdentityCreatedBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create identity created body based on context it is used
+func (o *CreateIdentityCreatedBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateIdentityCreatedBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateIdentityCreatedBody) UnmarshalBinary(b []byte) error {
+	var res CreateIdentityCreatedBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/admin/create_identity_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewCreateIdentityParams creates a new CreateIdentityParams object
+//
+// There are no default values defined in the spec.
+func NewCreateIdentityParams() CreateIdentityParams {
+
+	return CreateIdentityParams{}
+}
+
+// CreateIdentityParams contains all the bound params for the create identity operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters createIdentity
+type CreateIdentityParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body CreateIdentityBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewCreateIdentityParams() beforehand.
+func (o *CreateIdentityParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body CreateIdentityBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/admin/create_identity_responses.go

@@ -0,0 +1,107 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// CreateIdentityCreatedCode is the HTTP code returned for type CreateIdentityCreated
+const CreateIdentityCreatedCode int = 201
+
+/*
+CreateIdentityCreated created
+
+swagger:response createIdentityCreated
+*/
+type CreateIdentityCreated struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *CreateIdentityCreatedBody `json:"body,omitempty"`
+}
+
+// NewCreateIdentityCreated creates CreateIdentityCreated with default headers values
+func NewCreateIdentityCreated() *CreateIdentityCreated {
+
+	return &CreateIdentityCreated{}
+}
+
+// WithPayload adds the payload to the create identity created response
+func (o *CreateIdentityCreated) WithPayload(payload *CreateIdentityCreatedBody) *CreateIdentityCreated {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the create identity created response
+func (o *CreateIdentityCreated) SetPayload(payload *CreateIdentityCreatedBody) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *CreateIdentityCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(201)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+// CreateIdentityUnauthorizedCode is the HTTP code returned for type CreateIdentityUnauthorized
+const CreateIdentityUnauthorizedCode int = 401
+
+/*
+CreateIdentityUnauthorized unauthorized
+
+swagger:response createIdentityUnauthorized
+*/
+type CreateIdentityUnauthorized struct {
+}
+
+// NewCreateIdentityUnauthorized creates CreateIdentityUnauthorized with default headers values
+func NewCreateIdentityUnauthorized() *CreateIdentityUnauthorized {
+
+	return &CreateIdentityUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *CreateIdentityUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// CreateIdentityInternalServerErrorCode is the HTTP code returned for type CreateIdentityInternalServerError
+const CreateIdentityInternalServerErrorCode int = 500
+
+/*
+CreateIdentityInternalServerError internal server error
+
+swagger:response createIdentityInternalServerError
+*/
+type CreateIdentityInternalServerError struct {
+}
+
+// NewCreateIdentityInternalServerError creates CreateIdentityInternalServerError with default headers values
+func NewCreateIdentityInternalServerError() *CreateIdentityInternalServerError {
+
+	return &CreateIdentityInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *CreateIdentityInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}

rest_server_zrok/operations/admin/create_identity_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// CreateIdentityURL generates an URL for the create identity operation
+type CreateIdentityURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *CreateIdentityURL) WithBasePath(bp string) *CreateIdentityURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *CreateIdentityURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *CreateIdentityURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/identity"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *CreateIdentityURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *CreateIdentityURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *CreateIdentityURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on CreateIdentityURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on CreateIdentityURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *CreateIdentityURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/zrok_api.go

@@ -55,6 +55,9 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		AdminCreateFrontendHandler: admin.CreateFrontendHandlerFunc(func(params admin.CreateFrontendParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin.CreateFrontend has not yet been implemented")
 		}),
+		AdminCreateIdentityHandler: admin.CreateIdentityHandlerFunc(func(params admin.CreateIdentityParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin.CreateIdentity has not yet been implemented")
+		}),
 		AdminDeleteFrontendHandler: admin.DeleteFrontendHandlerFunc(func(params admin.DeleteFrontendParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin.DeleteFrontend has not yet been implemented")
 		}),
@@ -157,6 +160,8 @@ type ZrokAPI struct {
 	ServiceAccessHandler service.AccessHandler
 	// AdminCreateFrontendHandler sets the operation handler for the create frontend operation
 	AdminCreateFrontendHandler admin.CreateFrontendHandler
+	// AdminCreateIdentityHandler sets the operation handler for the create identity operation
+	AdminCreateIdentityHandler admin.CreateIdentityHandler
 	// AdminDeleteFrontendHandler sets the operation handler for the delete frontend operation
 	AdminDeleteFrontendHandler admin.DeleteFrontendHandler
 	// EnvironmentDisableHandler sets the operation handler for the disable operation
@@ -276,6 +281,9 @@ func (o *ZrokAPI) Validate() error {
 	if o.AdminCreateFrontendHandler == nil {
 		unregistered = append(unregistered, "admin.CreateFrontendHandler")
 	}
+	if o.AdminCreateIdentityHandler == nil {
+		unregistered = append(unregistered, "admin.CreateIdentityHandler")
+	}
 	if o.AdminDeleteFrontendHandler == nil {
 		unregistered = append(unregistered, "admin.DeleteFrontendHandler")
 	}
@@ -431,6 +439,10 @@ func (o *ZrokAPI) initHandlerCache() {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
 	o.handlers["POST"]["/frontend"] = admin.NewCreateFrontend(o.context, o.AdminCreateFrontendHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/identity"] = admin.NewCreateIdentity(o.context, o.AdminCreateIdentityHandler)
 	if o.handlers["DELETE"] == nil {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}

specs/zrok.yml

@@ -174,6 +174,34 @@ paths:
           description: unauthorized
         500:
           description: internal server error
+
+  /identity:
+    post:
+      tags:
+        - admin
+      security:
+        - key: []
+      operationId: createIdentity
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              name:
+                type: string
+      responses:
+        201:
+          description: created
+          schema:
+            properties:
+              identity:
+                type: string
+              cfg:
+                type: string
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
   #
   # environment
   #

ui/src/api/admin.js

@@ -53,6 +53,21 @@ export function listFrontends() {
   return gateway.request(listFrontendsOperation)
 }
 
+/**
+ * @param {object} options Optional options
+ * @param {object} [options.body] 
+ * @return {Promise<object>} created
+ */
+export function createIdentity(options) {
+  if (!options) options = {}
+  const parameters = {
+    body: {
+      body: options.body
+    }
+  }
+  return gateway.request(createIdentityOperation, parameters)
+}
+
 const createFrontendOperation = {
   path: '/frontend',
   contentTypes: ['application/zrok.v1+json'],
@@ -95,3 +110,14 @@ const listFrontendsOperation = {
     }
   ]
 }
+
+const createIdentityOperation = {
+  path: '/identity',
+  contentTypes: ['application/zrok.v1+json'],
+  method: 'post',
+  security: [
+    {
+      id: 'key'
+    }
+  ]
+}