agent remote share, remote unshare api stubs (#967)

agent/agent.go

@@ -172,7 +172,7 @@ func (a *Agent) remoteAgent() {
 		return
 	}
 
-	logrus.Infof("listening for remote agent at '%v'", enrollment.Token)
+	logrus.Infof("listening for remote commands at '%v'", enrollment.Token)
 
 	l, err := sdk.NewListener(enrollment.Token, a.root)
 	if err != nil {

rest_client_zrok/agent/agent_client.go

@@ -104,6 +104,10 @@ type ClientService interface {
 
 	Ping(params *PingParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*PingOK, error)
 
+	RemoteShare(params *RemoteShareParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*RemoteShareOK, error)
+
+	RemoteUnshare(params *RemoteUnshareParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*RemoteUnshareOK, error)
+
 	Unenroll(params *UnenrollParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UnenrollOK, error)
 
 	SetTransport(transport runtime.ClientTransport)
@@ -187,6 +191,84 @@ func (a *Client) Ping(params *PingParams, authInfo runtime.ClientAuthInfoWriter,
 	panic(msg)
 }
 
+/*
+RemoteShare remote share API
+*/
+func (a *Client) RemoteShare(params *RemoteShareParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*RemoteShareOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewRemoteShareParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "remoteShare",
+		Method:             "POST",
+		PathPattern:        "/agent/share",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &RemoteShareReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*RemoteShareOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for remoteShare: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
+/*
+RemoteUnshare remote unshare API
+*/
+func (a *Client) RemoteUnshare(params *RemoteUnshareParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*RemoteUnshareOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewRemoteUnshareParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "remoteUnshare",
+		Method:             "POST",
+		PathPattern:        "/agent/unshare",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &RemoteUnshareReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*RemoteUnshareOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for remoteUnshare: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 Unenroll unenroll API
 */

rest_client_zrok/agent/remote_share_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewRemoteShareParams creates a new RemoteShareParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewRemoteShareParams() *RemoteShareParams {
+	return &RemoteShareParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewRemoteShareParamsWithTimeout creates a new RemoteShareParams object
+// with the ability to set a timeout on a request.
+func NewRemoteShareParamsWithTimeout(timeout time.Duration) *RemoteShareParams {
+	return &RemoteShareParams{
+		timeout: timeout,
+	}
+}
+
+// NewRemoteShareParamsWithContext creates a new RemoteShareParams object
+// with the ability to set a context for a request.
+func NewRemoteShareParamsWithContext(ctx context.Context) *RemoteShareParams {
+	return &RemoteShareParams{
+		Context: ctx,
+	}
+}
+
+// NewRemoteShareParamsWithHTTPClient creates a new RemoteShareParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewRemoteShareParamsWithHTTPClient(client *http.Client) *RemoteShareParams {
+	return &RemoteShareParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+RemoteShareParams contains all the parameters to send to the API endpoint
+
+	for the remote share operation.
+
+	Typically these are written to a http.Request.
+*/
+type RemoteShareParams struct {
+
+	// Body.
+	Body RemoteShareBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the remote share params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *RemoteShareParams) WithDefaults() *RemoteShareParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the remote share params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *RemoteShareParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the remote share params
+func (o *RemoteShareParams) WithTimeout(timeout time.Duration) *RemoteShareParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the remote share params
+func (o *RemoteShareParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the remote share params
+func (o *RemoteShareParams) WithContext(ctx context.Context) *RemoteShareParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the remote share params
+func (o *RemoteShareParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the remote share params
+func (o *RemoteShareParams) WithHTTPClient(client *http.Client) *RemoteShareParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the remote share params
+func (o *RemoteShareParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the remote share params
+func (o *RemoteShareParams) WithBody(body RemoteShareBody) *RemoteShareParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the remote share params
+func (o *RemoteShareParams) SetBody(body RemoteShareBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *RemoteShareParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/agent/remote_share_responses.go

@@ -0,0 +1,476 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// RemoteShareReader is a Reader for the RemoteShare structure.
+type RemoteShareReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *RemoteShareReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewRemoteShareOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 401:
+		result := NewRemoteShareUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewRemoteShareInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 502:
+		result := NewRemoteShareBadGateway()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /agent/share] remoteShare", response, response.Code())
+	}
+}
+
+// NewRemoteShareOK creates a RemoteShareOK with default headers values
+func NewRemoteShareOK() *RemoteShareOK {
+	return &RemoteShareOK{}
+}
+
+/*
+RemoteShareOK describes a response with status code 200, with default header values.
+
+ok
+*/
+type RemoteShareOK struct {
+	Payload *RemoteShareOKBody
+}
+
+// IsSuccess returns true when this remote share o k response has a 2xx status code
+func (o *RemoteShareOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this remote share o k response has a 3xx status code
+func (o *RemoteShareOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote share o k response has a 4xx status code
+func (o *RemoteShareOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this remote share o k response has a 5xx status code
+func (o *RemoteShareOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this remote share o k response a status code equal to that given
+func (o *RemoteShareOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the remote share o k response
+func (o *RemoteShareOK) Code() int {
+	return 200
+}
+
+func (o *RemoteShareOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareOK %s", 200, payload)
+}
+
+func (o *RemoteShareOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareOK %s", 200, payload)
+}
+
+func (o *RemoteShareOK) GetPayload() *RemoteShareOKBody {
+	return o.Payload
+}
+
+func (o *RemoteShareOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	o.Payload = new(RemoteShareOKBody)
+
+	// response payload
+	if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewRemoteShareUnauthorized creates a RemoteShareUnauthorized with default headers values
+func NewRemoteShareUnauthorized() *RemoteShareUnauthorized {
+	return &RemoteShareUnauthorized{}
+}
+
+/*
+RemoteShareUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type RemoteShareUnauthorized struct {
+}
+
+// IsSuccess returns true when this remote share unauthorized response has a 2xx status code
+func (o *RemoteShareUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this remote share unauthorized response has a 3xx status code
+func (o *RemoteShareUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote share unauthorized response has a 4xx status code
+func (o *RemoteShareUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this remote share unauthorized response has a 5xx status code
+func (o *RemoteShareUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this remote share unauthorized response a status code equal to that given
+func (o *RemoteShareUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+// Code gets the status code for the remote share unauthorized response
+func (o *RemoteShareUnauthorized) Code() int {
+	return 401
+}
+
+func (o *RemoteShareUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareUnauthorized", 401)
+}
+
+func (o *RemoteShareUnauthorized) String() string {
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareUnauthorized", 401)
+}
+
+func (o *RemoteShareUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewRemoteShareInternalServerError creates a RemoteShareInternalServerError with default headers values
+func NewRemoteShareInternalServerError() *RemoteShareInternalServerError {
+	return &RemoteShareInternalServerError{}
+}
+
+/*
+RemoteShareInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type RemoteShareInternalServerError struct {
+}
+
+// IsSuccess returns true when this remote share internal server error response has a 2xx status code
+func (o *RemoteShareInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this remote share internal server error response has a 3xx status code
+func (o *RemoteShareInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote share internal server error response has a 4xx status code
+func (o *RemoteShareInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this remote share internal server error response has a 5xx status code
+func (o *RemoteShareInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this remote share internal server error response a status code equal to that given
+func (o *RemoteShareInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+// Code gets the status code for the remote share internal server error response
+func (o *RemoteShareInternalServerError) Code() int {
+	return 500
+}
+
+func (o *RemoteShareInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareInternalServerError", 500)
+}
+
+func (o *RemoteShareInternalServerError) String() string {
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareInternalServerError", 500)
+}
+
+func (o *RemoteShareInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewRemoteShareBadGateway creates a RemoteShareBadGateway with default headers values
+func NewRemoteShareBadGateway() *RemoteShareBadGateway {
+	return &RemoteShareBadGateway{}
+}
+
+/*
+RemoteShareBadGateway describes a response with status code 502, with default header values.
+
+bad gateway; agent not reachable
+*/
+type RemoteShareBadGateway struct {
+}
+
+// IsSuccess returns true when this remote share bad gateway response has a 2xx status code
+func (o *RemoteShareBadGateway) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this remote share bad gateway response has a 3xx status code
+func (o *RemoteShareBadGateway) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote share bad gateway response has a 4xx status code
+func (o *RemoteShareBadGateway) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this remote share bad gateway response has a 5xx status code
+func (o *RemoteShareBadGateway) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this remote share bad gateway response a status code equal to that given
+func (o *RemoteShareBadGateway) IsCode(code int) bool {
+	return code == 502
+}
+
+// Code gets the status code for the remote share bad gateway response
+func (o *RemoteShareBadGateway) Code() int {
+	return 502
+}
+
+func (o *RemoteShareBadGateway) Error() string {
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareBadGateway", 502)
+}
+
+func (o *RemoteShareBadGateway) String() string {
+	return fmt.Sprintf("[POST /agent/share][%d] remoteShareBadGateway", 502)
+}
+
+func (o *RemoteShareBadGateway) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+RemoteShareBody remote share body
+swagger:model RemoteShareBody
+*/
+type RemoteShareBody struct {
+
+	// access grants
+	AccessGrants []string `json:"accessGrants"`
+
+	// backend mode
+	// Enum: ["proxy","web","tcpTunnel","udpTunnel","caddy","drive","socks","vpn"]
+	BackendMode string `json:"backendMode,omitempty"`
+
+	// basic auth
+	BasicAuth []string `json:"basicAuth"`
+
+	// frontend selection
+	FrontendSelection []string `json:"frontendSelection"`
+
+	// insecure
+	Insecure bool `json:"insecure,omitempty"`
+
+	// oauth check interval
+	OauthCheckInterval string `json:"oauthCheckInterval,omitempty"`
+
+	// oauth email address patterns
+	OauthEmailAddressPatterns []string `json:"oauthEmailAddressPatterns"`
+
+	// oauth provider
+	OauthProvider string `json:"oauthProvider,omitempty"`
+
+	// open
+	Open bool `json:"open,omitempty"`
+
+	// share mode
+	ShareMode string `json:"shareMode,omitempty"`
+
+	// target
+	Target string `json:"target,omitempty"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this remote share body
+func (o *RemoteShareBody) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := o.validateBackendMode(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+var remoteShareBodyTypeBackendModePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["proxy","web","tcpTunnel","udpTunnel","caddy","drive","socks","vpn"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		remoteShareBodyTypeBackendModePropEnum = append(remoteShareBodyTypeBackendModePropEnum, v)
+	}
+}
+
+const (
+
+	// RemoteShareBodyBackendModeProxy captures enum value "proxy"
+	RemoteShareBodyBackendModeProxy string = "proxy"
+
+	// RemoteShareBodyBackendModeWeb captures enum value "web"
+	RemoteShareBodyBackendModeWeb string = "web"
+
+	// RemoteShareBodyBackendModeTCPTunnel captures enum value "tcpTunnel"
+	RemoteShareBodyBackendModeTCPTunnel string = "tcpTunnel"
+
+	// RemoteShareBodyBackendModeUDPTunnel captures enum value "udpTunnel"
+	RemoteShareBodyBackendModeUDPTunnel string = "udpTunnel"
+
+	// RemoteShareBodyBackendModeCaddy captures enum value "caddy"
+	RemoteShareBodyBackendModeCaddy string = "caddy"
+
+	// RemoteShareBodyBackendModeDrive captures enum value "drive"
+	RemoteShareBodyBackendModeDrive string = "drive"
+
+	// RemoteShareBodyBackendModeSocks captures enum value "socks"
+	RemoteShareBodyBackendModeSocks string = "socks"
+
+	// RemoteShareBodyBackendModeVpn captures enum value "vpn"
+	RemoteShareBodyBackendModeVpn string = "vpn"
+)
+
+// prop value enum
+func (o *RemoteShareBody) validateBackendModeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, remoteShareBodyTypeBackendModePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (o *RemoteShareBody) validateBackendMode(formats strfmt.Registry) error {
+	if swag.IsZero(o.BackendMode) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := o.validateBackendModeEnum("body"+"."+"backendMode", "body", o.BackendMode); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this remote share body based on context it is used
+func (o *RemoteShareBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *RemoteShareBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *RemoteShareBody) UnmarshalBinary(b []byte) error {
+	var res RemoteShareBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+/*
+RemoteShareOKBody remote share o k body
+swagger:model RemoteShareOKBody
+*/
+type RemoteShareOKBody struct {
+
+	// frontend endpoints
+	FrontendEndpoints []string `json:"frontendEndpoints"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this remote share o k body
+func (o *RemoteShareOKBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this remote share o k body based on context it is used
+func (o *RemoteShareOKBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *RemoteShareOKBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *RemoteShareOKBody) UnmarshalBinary(b []byte) error {
+	var res RemoteShareOKBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_client_zrok/agent/remote_unshare_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewRemoteUnshareParams creates a new RemoteUnshareParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewRemoteUnshareParams() *RemoteUnshareParams {
+	return &RemoteUnshareParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewRemoteUnshareParamsWithTimeout creates a new RemoteUnshareParams object
+// with the ability to set a timeout on a request.
+func NewRemoteUnshareParamsWithTimeout(timeout time.Duration) *RemoteUnshareParams {
+	return &RemoteUnshareParams{
+		timeout: timeout,
+	}
+}
+
+// NewRemoteUnshareParamsWithContext creates a new RemoteUnshareParams object
+// with the ability to set a context for a request.
+func NewRemoteUnshareParamsWithContext(ctx context.Context) *RemoteUnshareParams {
+	return &RemoteUnshareParams{
+		Context: ctx,
+	}
+}
+
+// NewRemoteUnshareParamsWithHTTPClient creates a new RemoteUnshareParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewRemoteUnshareParamsWithHTTPClient(client *http.Client) *RemoteUnshareParams {
+	return &RemoteUnshareParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+RemoteUnshareParams contains all the parameters to send to the API endpoint
+
+	for the remote unshare operation.
+
+	Typically these are written to a http.Request.
+*/
+type RemoteUnshareParams struct {
+
+	// Body.
+	Body RemoteUnshareBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the remote unshare params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *RemoteUnshareParams) WithDefaults() *RemoteUnshareParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the remote unshare params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *RemoteUnshareParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the remote unshare params
+func (o *RemoteUnshareParams) WithTimeout(timeout time.Duration) *RemoteUnshareParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the remote unshare params
+func (o *RemoteUnshareParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the remote unshare params
+func (o *RemoteUnshareParams) WithContext(ctx context.Context) *RemoteUnshareParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the remote unshare params
+func (o *RemoteUnshareParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the remote unshare params
+func (o *RemoteUnshareParams) WithHTTPClient(client *http.Client) *RemoteUnshareParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the remote unshare params
+func (o *RemoteUnshareParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the remote unshare params
+func (o *RemoteUnshareParams) WithBody(body RemoteUnshareBody) *RemoteUnshareParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the remote unshare params
+func (o *RemoteUnshareParams) SetBody(body RemoteUnshareBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *RemoteUnshareParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/agent/remote_unshare_responses.go

@@ -0,0 +1,314 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// RemoteUnshareReader is a Reader for the RemoteUnshare structure.
+type RemoteUnshareReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *RemoteUnshareReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewRemoteUnshareOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 401:
+		result := NewRemoteUnshareUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewRemoteUnshareInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 502:
+		result := NewRemoteUnshareBadGateway()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /agent/unshare] remoteUnshare", response, response.Code())
+	}
+}
+
+// NewRemoteUnshareOK creates a RemoteUnshareOK with default headers values
+func NewRemoteUnshareOK() *RemoteUnshareOK {
+	return &RemoteUnshareOK{}
+}
+
+/*
+RemoteUnshareOK describes a response with status code 200, with default header values.
+
+ok
+*/
+type RemoteUnshareOK struct {
+}
+
+// IsSuccess returns true when this remote unshare o k response has a 2xx status code
+func (o *RemoteUnshareOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this remote unshare o k response has a 3xx status code
+func (o *RemoteUnshareOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote unshare o k response has a 4xx status code
+func (o *RemoteUnshareOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this remote unshare o k response has a 5xx status code
+func (o *RemoteUnshareOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this remote unshare o k response a status code equal to that given
+func (o *RemoteUnshareOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the remote unshare o k response
+func (o *RemoteUnshareOK) Code() int {
+	return 200
+}
+
+func (o *RemoteUnshareOK) Error() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareOK", 200)
+}
+
+func (o *RemoteUnshareOK) String() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareOK", 200)
+}
+
+func (o *RemoteUnshareOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewRemoteUnshareUnauthorized creates a RemoteUnshareUnauthorized with default headers values
+func NewRemoteUnshareUnauthorized() *RemoteUnshareUnauthorized {
+	return &RemoteUnshareUnauthorized{}
+}
+
+/*
+RemoteUnshareUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type RemoteUnshareUnauthorized struct {
+}
+
+// IsSuccess returns true when this remote unshare unauthorized response has a 2xx status code
+func (o *RemoteUnshareUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this remote unshare unauthorized response has a 3xx status code
+func (o *RemoteUnshareUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote unshare unauthorized response has a 4xx status code
+func (o *RemoteUnshareUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this remote unshare unauthorized response has a 5xx status code
+func (o *RemoteUnshareUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this remote unshare unauthorized response a status code equal to that given
+func (o *RemoteUnshareUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+// Code gets the status code for the remote unshare unauthorized response
+func (o *RemoteUnshareUnauthorized) Code() int {
+	return 401
+}
+
+func (o *RemoteUnshareUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareUnauthorized", 401)
+}
+
+func (o *RemoteUnshareUnauthorized) String() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareUnauthorized", 401)
+}
+
+func (o *RemoteUnshareUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewRemoteUnshareInternalServerError creates a RemoteUnshareInternalServerError with default headers values
+func NewRemoteUnshareInternalServerError() *RemoteUnshareInternalServerError {
+	return &RemoteUnshareInternalServerError{}
+}
+
+/*
+RemoteUnshareInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type RemoteUnshareInternalServerError struct {
+}
+
+// IsSuccess returns true when this remote unshare internal server error response has a 2xx status code
+func (o *RemoteUnshareInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this remote unshare internal server error response has a 3xx status code
+func (o *RemoteUnshareInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote unshare internal server error response has a 4xx status code
+func (o *RemoteUnshareInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this remote unshare internal server error response has a 5xx status code
+func (o *RemoteUnshareInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this remote unshare internal server error response a status code equal to that given
+func (o *RemoteUnshareInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+// Code gets the status code for the remote unshare internal server error response
+func (o *RemoteUnshareInternalServerError) Code() int {
+	return 500
+}
+
+func (o *RemoteUnshareInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareInternalServerError", 500)
+}
+
+func (o *RemoteUnshareInternalServerError) String() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareInternalServerError", 500)
+}
+
+func (o *RemoteUnshareInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewRemoteUnshareBadGateway creates a RemoteUnshareBadGateway with default headers values
+func NewRemoteUnshareBadGateway() *RemoteUnshareBadGateway {
+	return &RemoteUnshareBadGateway{}
+}
+
+/*
+RemoteUnshareBadGateway describes a response with status code 502, with default header values.
+
+bad gateway; agent not reachable
+*/
+type RemoteUnshareBadGateway struct {
+}
+
+// IsSuccess returns true when this remote unshare bad gateway response has a 2xx status code
+func (o *RemoteUnshareBadGateway) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this remote unshare bad gateway response has a 3xx status code
+func (o *RemoteUnshareBadGateway) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this remote unshare bad gateway response has a 4xx status code
+func (o *RemoteUnshareBadGateway) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this remote unshare bad gateway response has a 5xx status code
+func (o *RemoteUnshareBadGateway) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this remote unshare bad gateway response a status code equal to that given
+func (o *RemoteUnshareBadGateway) IsCode(code int) bool {
+	return code == 502
+}
+
+// Code gets the status code for the remote unshare bad gateway response
+func (o *RemoteUnshareBadGateway) Code() int {
+	return 502
+}
+
+func (o *RemoteUnshareBadGateway) Error() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareBadGateway", 502)
+}
+
+func (o *RemoteUnshareBadGateway) String() string {
+	return fmt.Sprintf("[POST /agent/unshare][%d] remoteUnshareBadGateway", 502)
+}
+
+func (o *RemoteUnshareBadGateway) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+RemoteUnshareBody remote unshare body
+swagger:model RemoteUnshareBody
+*/
+type RemoteUnshareBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this remote unshare body
+func (o *RemoteUnshareBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this remote unshare body based on context it is used
+func (o *RemoteUnshareBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *RemoteUnshareBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *RemoteUnshareBody) UnmarshalBinary(b []byte) error {
+	var res RemoteUnshareBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_client_zrok/agent/unenroll_responses.go

@@ -227,7 +227,7 @@ func NewUnenrollInternalServerError() *UnenrollInternalServerError {
 /*
 UnenrollInternalServerError describes a response with status code 500, with default header values.
 
-internal server error
+internal server er
 */
 type UnenrollInternalServerError struct {
 }

rest_server_zrok/embedded_spec.go

@@ -279,6 +279,114 @@ func init() {
         }
       }
     },
+    "/agent/share": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "remoteShare",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "accessGrants": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "backendMode": {
+                  "type": "string",
+                  "enum": [
+                    "proxy",
+                    "web",
+                    "tcpTunnel",
+                    "udpTunnel",
+                    "caddy",
+                    "drive",
+                    "socks",
+                    "vpn"
+                  ]
+                },
+                "basicAuth": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "frontendSelection": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "insecure": {
+                  "type": "boolean"
+                },
+                "oauthCheckInterval": {
+                  "type": "string"
+                },
+                "oauthEmailAddressPatterns": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "oauthProvider": {
+                  "type": "string"
+                },
+                "open": {
+                  "type": "boolean"
+                },
+                "shareMode": {
+                  "type": "string"
+                },
+                "target": {
+                  "type": "string"
+                },
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok",
+            "schema": {
+              "properties": {
+                "frontendEndpoints": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          },
+          "502": {
+            "description": "bad gateway; agent not reachable"
+          }
+        }
+      }
+    },
     "/agent/unenroll": {
       "post": {
         "security": [
@@ -313,8 +421,48 @@ func init() {
           "401": {
             "description": "unauthorized"
           },
+          "500": {
+            "description": "internal server er"
+          }
+        }
+      }
+    },
+    "/agent/unshare": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "remoteUnshare",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
           "500": {
             "description": "internal server error"
+          },
+          "502": {
+            "description": "bad gateway; agent not reachable"
           }
         }
       }
@@ -2724,6 +2872,114 @@ func init() {
         }
       }
     },
+    "/agent/share": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "remoteShare",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "accessGrants": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "backendMode": {
+                  "type": "string",
+                  "enum": [
+                    "proxy",
+                    "web",
+                    "tcpTunnel",
+                    "udpTunnel",
+                    "caddy",
+                    "drive",
+                    "socks",
+                    "vpn"
+                  ]
+                },
+                "basicAuth": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "frontendSelection": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "insecure": {
+                  "type": "boolean"
+                },
+                "oauthCheckInterval": {
+                  "type": "string"
+                },
+                "oauthEmailAddressPatterns": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "oauthProvider": {
+                  "type": "string"
+                },
+                "open": {
+                  "type": "boolean"
+                },
+                "shareMode": {
+                  "type": "string"
+                },
+                "target": {
+                  "type": "string"
+                },
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok",
+            "schema": {
+              "properties": {
+                "frontendEndpoints": {
+                  "type": "array",
+                  "items": {
+                    "type": "string"
+                  }
+                },
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          },
+          "502": {
+            "description": "bad gateway; agent not reachable"
+          }
+        }
+      }
+    },
     "/agent/unenroll": {
       "post": {
         "security": [
@@ -2758,8 +3014,48 @@ func init() {
           "401": {
             "description": "unauthorized"
           },
+          "500": {
+            "description": "internal server er"
+          }
+        }
+      }
+    },
+    "/agent/unshare": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "remoteUnshare",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
           "500": {
             "description": "internal server error"
+          },
+          "502": {
+            "description": "bad gateway; agent not reachable"
           }
         }
       }

rest_server_zrok/operations/agent/remote_share.go

@@ -0,0 +1,257 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+
+	"github.com/openziti/zrok/rest_model_zrok"
+)
+
+// RemoteShareHandlerFunc turns a function with the right signature into a remote share handler
+type RemoteShareHandlerFunc func(RemoteShareParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn RemoteShareHandlerFunc) Handle(params RemoteShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// RemoteShareHandler interface for that can handle valid remote share params
+type RemoteShareHandler interface {
+	Handle(RemoteShareParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewRemoteShare creates a new http.Handler for the remote share operation
+func NewRemoteShare(ctx *middleware.Context, handler RemoteShareHandler) *RemoteShare {
+	return &RemoteShare{Context: ctx, Handler: handler}
+}
+
+/*
+	RemoteShare swagger:route POST /agent/share agent remoteShare
+
+RemoteShare remote share API
+*/
+type RemoteShare struct {
+	Context *middleware.Context
+	Handler RemoteShareHandler
+}
+
+func (o *RemoteShare) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewRemoteShareParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// RemoteShareBody remote share body
+//
+// swagger:model RemoteShareBody
+type RemoteShareBody struct {
+
+	// access grants
+	AccessGrants []string `json:"accessGrants"`
+
+	// backend mode
+	// Enum: ["proxy","web","tcpTunnel","udpTunnel","caddy","drive","socks","vpn"]
+	BackendMode string `json:"backendMode,omitempty"`
+
+	// basic auth
+	BasicAuth []string `json:"basicAuth"`
+
+	// frontend selection
+	FrontendSelection []string `json:"frontendSelection"`
+
+	// insecure
+	Insecure bool `json:"insecure,omitempty"`
+
+	// oauth check interval
+	OauthCheckInterval string `json:"oauthCheckInterval,omitempty"`
+
+	// oauth email address patterns
+	OauthEmailAddressPatterns []string `json:"oauthEmailAddressPatterns"`
+
+	// oauth provider
+	OauthProvider string `json:"oauthProvider,omitempty"`
+
+	// open
+	Open bool `json:"open,omitempty"`
+
+	// share mode
+	ShareMode string `json:"shareMode,omitempty"`
+
+	// target
+	Target string `json:"target,omitempty"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this remote share body
+func (o *RemoteShareBody) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := o.validateBackendMode(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+var remoteShareBodyTypeBackendModePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["proxy","web","tcpTunnel","udpTunnel","caddy","drive","socks","vpn"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		remoteShareBodyTypeBackendModePropEnum = append(remoteShareBodyTypeBackendModePropEnum, v)
+	}
+}
+
+const (
+
+	// RemoteShareBodyBackendModeProxy captures enum value "proxy"
+	RemoteShareBodyBackendModeProxy string = "proxy"
+
+	// RemoteShareBodyBackendModeWeb captures enum value "web"
+	RemoteShareBodyBackendModeWeb string = "web"
+
+	// RemoteShareBodyBackendModeTCPTunnel captures enum value "tcpTunnel"
+	RemoteShareBodyBackendModeTCPTunnel string = "tcpTunnel"
+
+	// RemoteShareBodyBackendModeUDPTunnel captures enum value "udpTunnel"
+	RemoteShareBodyBackendModeUDPTunnel string = "udpTunnel"
+
+	// RemoteShareBodyBackendModeCaddy captures enum value "caddy"
+	RemoteShareBodyBackendModeCaddy string = "caddy"
+
+	// RemoteShareBodyBackendModeDrive captures enum value "drive"
+	RemoteShareBodyBackendModeDrive string = "drive"
+
+	// RemoteShareBodyBackendModeSocks captures enum value "socks"
+	RemoteShareBodyBackendModeSocks string = "socks"
+
+	// RemoteShareBodyBackendModeVpn captures enum value "vpn"
+	RemoteShareBodyBackendModeVpn string = "vpn"
+)
+
+// prop value enum
+func (o *RemoteShareBody) validateBackendModeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, remoteShareBodyTypeBackendModePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (o *RemoteShareBody) validateBackendMode(formats strfmt.Registry) error {
+	if swag.IsZero(o.BackendMode) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := o.validateBackendModeEnum("body"+"."+"backendMode", "body", o.BackendMode); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this remote share body based on context it is used
+func (o *RemoteShareBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *RemoteShareBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *RemoteShareBody) UnmarshalBinary(b []byte) error {
+	var res RemoteShareBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+// RemoteShareOKBody remote share o k body
+//
+// swagger:model RemoteShareOKBody
+type RemoteShareOKBody struct {
+
+	// frontend endpoints
+	FrontendEndpoints []string `json:"frontendEndpoints"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this remote share o k body
+func (o *RemoteShareOKBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this remote share o k body based on context it is used
+func (o *RemoteShareOKBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *RemoteShareOKBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *RemoteShareOKBody) UnmarshalBinary(b []byte) error {
+	var res RemoteShareOKBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/agent/remote_share_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewRemoteShareParams creates a new RemoteShareParams object
+//
+// There are no default values defined in the spec.
+func NewRemoteShareParams() RemoteShareParams {
+
+	return RemoteShareParams{}
+}
+
+// RemoteShareParams contains all the bound params for the remote share operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters remoteShare
+type RemoteShareParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body RemoteShareBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewRemoteShareParams() beforehand.
+func (o *RemoteShareParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body RemoteShareBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/agent/remote_share_responses.go

@@ -0,0 +1,132 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// RemoteShareOKCode is the HTTP code returned for type RemoteShareOK
+const RemoteShareOKCode int = 200
+
+/*
+RemoteShareOK ok
+
+swagger:response remoteShareOK
+*/
+type RemoteShareOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *RemoteShareOKBody `json:"body,omitempty"`
+}
+
+// NewRemoteShareOK creates RemoteShareOK with default headers values
+func NewRemoteShareOK() *RemoteShareOK {
+
+	return &RemoteShareOK{}
+}
+
+// WithPayload adds the payload to the remote share o k response
+func (o *RemoteShareOK) WithPayload(payload *RemoteShareOKBody) *RemoteShareOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the remote share o k response
+func (o *RemoteShareOK) SetPayload(payload *RemoteShareOKBody) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *RemoteShareOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+// RemoteShareUnauthorizedCode is the HTTP code returned for type RemoteShareUnauthorized
+const RemoteShareUnauthorizedCode int = 401
+
+/*
+RemoteShareUnauthorized unauthorized
+
+swagger:response remoteShareUnauthorized
+*/
+type RemoteShareUnauthorized struct {
+}
+
+// NewRemoteShareUnauthorized creates RemoteShareUnauthorized with default headers values
+func NewRemoteShareUnauthorized() *RemoteShareUnauthorized {
+
+	return &RemoteShareUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *RemoteShareUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// RemoteShareInternalServerErrorCode is the HTTP code returned for type RemoteShareInternalServerError
+const RemoteShareInternalServerErrorCode int = 500
+
+/*
+RemoteShareInternalServerError internal server error
+
+swagger:response remoteShareInternalServerError
+*/
+type RemoteShareInternalServerError struct {
+}
+
+// NewRemoteShareInternalServerError creates RemoteShareInternalServerError with default headers values
+func NewRemoteShareInternalServerError() *RemoteShareInternalServerError {
+
+	return &RemoteShareInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *RemoteShareInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}
+
+// RemoteShareBadGatewayCode is the HTTP code returned for type RemoteShareBadGateway
+const RemoteShareBadGatewayCode int = 502
+
+/*
+RemoteShareBadGateway bad gateway; agent not reachable
+
+swagger:response remoteShareBadGateway
+*/
+type RemoteShareBadGateway struct {
+}
+
+// NewRemoteShareBadGateway creates RemoteShareBadGateway with default headers values
+func NewRemoteShareBadGateway() *RemoteShareBadGateway {
+
+	return &RemoteShareBadGateway{}
+}
+
+// WriteResponse to the client
+func (o *RemoteShareBadGateway) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(502)
+}

rest_server_zrok/operations/agent/remote_share_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// RemoteShareURL generates an URL for the remote share operation
+type RemoteShareURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *RemoteShareURL) WithBasePath(bp string) *RemoteShareURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *RemoteShareURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *RemoteShareURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/agent/share"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *RemoteShareURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *RemoteShareURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *RemoteShareURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on RemoteShareURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on RemoteShareURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *RemoteShareURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/agent/remote_unshare.go

@@ -0,0 +1,111 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/openziti/zrok/rest_model_zrok"
+)
+
+// RemoteUnshareHandlerFunc turns a function with the right signature into a remote unshare handler
+type RemoteUnshareHandlerFunc func(RemoteUnshareParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn RemoteUnshareHandlerFunc) Handle(params RemoteUnshareParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// RemoteUnshareHandler interface for that can handle valid remote unshare params
+type RemoteUnshareHandler interface {
+	Handle(RemoteUnshareParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewRemoteUnshare creates a new http.Handler for the remote unshare operation
+func NewRemoteUnshare(ctx *middleware.Context, handler RemoteUnshareHandler) *RemoteUnshare {
+	return &RemoteUnshare{Context: ctx, Handler: handler}
+}
+
+/*
+	RemoteUnshare swagger:route POST /agent/unshare agent remoteUnshare
+
+RemoteUnshare remote unshare API
+*/
+type RemoteUnshare struct {
+	Context *middleware.Context
+	Handler RemoteUnshareHandler
+}
+
+func (o *RemoteUnshare) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewRemoteUnshareParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// RemoteUnshareBody remote unshare body
+//
+// swagger:model RemoteUnshareBody
+type RemoteUnshareBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this remote unshare body
+func (o *RemoteUnshareBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this remote unshare body based on context it is used
+func (o *RemoteUnshareBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *RemoteUnshareBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *RemoteUnshareBody) UnmarshalBinary(b []byte) error {
+	var res RemoteUnshareBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/agent/remote_unshare_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewRemoteUnshareParams creates a new RemoteUnshareParams object
+//
+// There are no default values defined in the spec.
+func NewRemoteUnshareParams() RemoteUnshareParams {
+
+	return RemoteUnshareParams{}
+}
+
+// RemoteUnshareParams contains all the bound params for the remote unshare operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters remoteUnshare
+type RemoteUnshareParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body RemoteUnshareBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewRemoteUnshareParams() beforehand.
+func (o *RemoteUnshareParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body RemoteUnshareBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/agent/remote_unshare_responses.go

@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// RemoteUnshareOKCode is the HTTP code returned for type RemoteUnshareOK
+const RemoteUnshareOKCode int = 200
+
+/*
+RemoteUnshareOK ok
+
+swagger:response remoteUnshareOK
+*/
+type RemoteUnshareOK struct {
+}
+
+// NewRemoteUnshareOK creates RemoteUnshareOK with default headers values
+func NewRemoteUnshareOK() *RemoteUnshareOK {
+
+	return &RemoteUnshareOK{}
+}
+
+// WriteResponse to the client
+func (o *RemoteUnshareOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
+
+// RemoteUnshareUnauthorizedCode is the HTTP code returned for type RemoteUnshareUnauthorized
+const RemoteUnshareUnauthorizedCode int = 401
+
+/*
+RemoteUnshareUnauthorized unauthorized
+
+swagger:response remoteUnshareUnauthorized
+*/
+type RemoteUnshareUnauthorized struct {
+}
+
+// NewRemoteUnshareUnauthorized creates RemoteUnshareUnauthorized with default headers values
+func NewRemoteUnshareUnauthorized() *RemoteUnshareUnauthorized {
+
+	return &RemoteUnshareUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *RemoteUnshareUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// RemoteUnshareInternalServerErrorCode is the HTTP code returned for type RemoteUnshareInternalServerError
+const RemoteUnshareInternalServerErrorCode int = 500
+
+/*
+RemoteUnshareInternalServerError internal server error
+
+swagger:response remoteUnshareInternalServerError
+*/
+type RemoteUnshareInternalServerError struct {
+}
+
+// NewRemoteUnshareInternalServerError creates RemoteUnshareInternalServerError with default headers values
+func NewRemoteUnshareInternalServerError() *RemoteUnshareInternalServerError {
+
+	return &RemoteUnshareInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *RemoteUnshareInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}
+
+// RemoteUnshareBadGatewayCode is the HTTP code returned for type RemoteUnshareBadGateway
+const RemoteUnshareBadGatewayCode int = 502
+
+/*
+RemoteUnshareBadGateway bad gateway; agent not reachable
+
+swagger:response remoteUnshareBadGateway
+*/
+type RemoteUnshareBadGateway struct {
+}
+
+// NewRemoteUnshareBadGateway creates RemoteUnshareBadGateway with default headers values
+func NewRemoteUnshareBadGateway() *RemoteUnshareBadGateway {
+
+	return &RemoteUnshareBadGateway{}
+}
+
+// WriteResponse to the client
+func (o *RemoteUnshareBadGateway) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(502)
+}

rest_server_zrok/operations/agent/remote_unshare_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// RemoteUnshareURL generates an URL for the remote unshare operation
+type RemoteUnshareURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *RemoteUnshareURL) WithBasePath(bp string) *RemoteUnshareURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *RemoteUnshareURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *RemoteUnshareURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/agent/unshare"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *RemoteUnshareURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *RemoteUnshareURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *RemoteUnshareURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on RemoteUnshareURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on RemoteUnshareURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *RemoteUnshareURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/agent/unenroll_responses.go

@@ -90,7 +90,7 @@ func (o *UnenrollUnauthorized) WriteResponse(rw http.ResponseWriter, producer ru
 const UnenrollInternalServerErrorCode int = 500
 
 /*
-UnenrollInternalServerError internal server error
+UnenrollInternalServerError internal server er
 
 swagger:response unenrollInternalServerError
 */

rest_server_zrok/operations/zrok_api.go

@@ -158,6 +158,12 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		AccountRegisterHandler: account.RegisterHandlerFunc(func(params account.RegisterParams) middleware.Responder {
 			return middleware.NotImplemented("operation account.Register has not yet been implemented")
 		}),
+		AgentRemoteShareHandler: agent.RemoteShareHandlerFunc(func(params agent.RemoteShareParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation agent.RemoteShare has not yet been implemented")
+		}),
+		AgentRemoteUnshareHandler: agent.RemoteUnshareHandlerFunc(func(params agent.RemoteUnshareParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation agent.RemoteUnshare has not yet been implemented")
+		}),
 		AdminRemoveOrganizationMemberHandler: admin.RemoveOrganizationMemberHandlerFunc(func(params admin.RemoveOrganizationMemberParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin.RemoveOrganizationMember has not yet been implemented")
 		}),
@@ -319,6 +325,10 @@ type ZrokAPI struct {
 	AccountRegenerateAccountTokenHandler account.RegenerateAccountTokenHandler
 	// AccountRegisterHandler sets the operation handler for the register operation
 	AccountRegisterHandler account.RegisterHandler
+	// AgentRemoteShareHandler sets the operation handler for the remote share operation
+	AgentRemoteShareHandler agent.RemoteShareHandler
+	// AgentRemoteUnshareHandler sets the operation handler for the remote unshare operation
+	AgentRemoteUnshareHandler agent.RemoteUnshareHandler
 	// AdminRemoveOrganizationMemberHandler sets the operation handler for the remove organization member operation
 	AdminRemoveOrganizationMemberHandler admin.RemoveOrganizationMemberHandler
 	// AccountResetPasswordHandler sets the operation handler for the reset password operation
@@ -534,6 +544,12 @@ func (o *ZrokAPI) Validate() error {
 	if o.AccountRegisterHandler == nil {
 		unregistered = append(unregistered, "account.RegisterHandler")
 	}
+	if o.AgentRemoteShareHandler == nil {
+		unregistered = append(unregistered, "agent.RemoteShareHandler")
+	}
+	if o.AgentRemoteUnshareHandler == nil {
+		unregistered = append(unregistered, "agent.RemoteUnshareHandler")
+	}
 	if o.AdminRemoveOrganizationMemberHandler == nil {
 		unregistered = append(unregistered, "admin.RemoveOrganizationMemberHandler")
 	}
@@ -819,6 +835,14 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
+	o.handlers["POST"]["/agent/share"] = agent.NewRemoteShare(o.context, o.AgentRemoteShareHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/agent/unshare"] = agent.NewRemoteUnshare(o.context, o.AgentRemoteUnshareHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
 	o.handlers["POST"]["/organization/remove"] = admin.NewRemoveOrganizationMember(o.context, o.AdminRemoveOrganizationMemberHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)

sdk/nodejs/sdk/src/api/.openapi-generator/FILES

@@ -47,6 +47,8 @@ models/Principal.ts
 models/RegenerateAccountToken200Response.ts
 models/RegenerateAccountTokenRequest.ts
 models/RegisterRequest.ts
+models/RemoteShare200Response.ts
+models/RemoteShareRequest.ts
 models/RemoveOrganizationMemberRequest.ts
 models/ResetPasswordRequest.ts
 models/Share.ts

sdk/nodejs/sdk/src/api/apis/AgentApi.ts

@@ -18,6 +18,8 @@ import type {
   Enroll200Response,
   EnrollRequest,
   Ping200Response,
+  RemoteShare200Response,
+  RemoteShareRequest,
 } from '../models/index';
 import {
     Enroll200ResponseFromJSON,
@@ -26,6 +28,10 @@ import {
     EnrollRequestToJSON,
     Ping200ResponseFromJSON,
     Ping200ResponseToJSON,
+    RemoteShare200ResponseFromJSON,
+    RemoteShare200ResponseToJSON,
+    RemoteShareRequestFromJSON,
+    RemoteShareRequestToJSON,
 } from '../models/index';
 
 export interface EnrollOperationRequest {
@@ -36,6 +42,14 @@ export interface PingRequest {
     body?: EnrollRequest;
 }
 
+export interface RemoteShareOperationRequest {
+    body?: RemoteShareRequest;
+}
+
+export interface RemoteUnshareRequest {
+    body?: Enroll200Response;
+}
+
 export interface UnenrollRequest {
     body?: EnrollRequest;
 }
@@ -107,6 +121,67 @@ export class AgentApi extends runtime.BaseAPI {
         return await response.value();
     }
 
+    /**
+     */
+    async remoteShareRaw(requestParameters: RemoteShareOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RemoteShare200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/share`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: RemoteShareRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RemoteShare200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     */
+    async remoteShare(requestParameters: RemoteShareOperationRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RemoteShare200Response> {
+        const response = await this.remoteShareRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     */
+    async remoteUnshareRaw(requestParameters: RemoteUnshareRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<void>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/unshare`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: Enroll200ResponseToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.VoidApiResponse(response);
+    }
+
+    /**
+     */
+    async remoteUnshare(requestParameters: RemoteUnshareRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<void> {
+        await this.remoteUnshareRaw(requestParameters, initOverrides);
+    }
+
     /**
      */
     async unenrollRaw(requestParameters: UnenrollRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<void>> {

sdk/nodejs/sdk/src/api/models/RemoteShare200Response.ts

@@ -0,0 +1,73 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 1.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface RemoteShare200Response
+ */
+export interface RemoteShare200Response {
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShare200Response
+     */
+    token?: string;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShare200Response
+     */
+    frontendEndpoints?: Array<string>;
+}
+
+/**
+ * Check if a given object implements the RemoteShare200Response interface.
+ */
+export function instanceOfRemoteShare200Response(value: object): value is RemoteShare200Response {
+    return true;
+}
+
+export function RemoteShare200ResponseFromJSON(json: any): RemoteShare200Response {
+    return RemoteShare200ResponseFromJSONTyped(json, false);
+}
+
+export function RemoteShare200ResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): RemoteShare200Response {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'token': json['token'] == null ? undefined : json['token'],
+        'frontendEndpoints': json['frontendEndpoints'] == null ? undefined : json['frontendEndpoints'],
+    };
+}
+
+export function RemoteShare200ResponseToJSON(json: any): RemoteShare200Response {
+    return RemoteShare200ResponseToJSONTyped(json, false);
+}
+
+export function RemoteShare200ResponseToJSONTyped(value?: RemoteShare200Response | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'token': value['token'],
+        'frontendEndpoints': value['frontendEndpoints'],
+    };
+}
+

sdk/nodejs/sdk/src/api/models/RemoteShareRequest.ts

@@ -0,0 +1,170 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 1.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface RemoteShareRequest
+ */
+export interface RemoteShareRequest {
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    shareMode?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    token?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    target?: string;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    basicAuth?: Array<string>;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    frontendSelection?: Array<string>;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    backendMode?: RemoteShareRequestBackendModeEnum;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof RemoteShareRequest
+     */
+    insecure?: boolean;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    oauthProvider?: string;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    oauthEmailAddressPatterns?: Array<string>;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    oauthCheckInterval?: string;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof RemoteShareRequest
+     */
+    open?: boolean;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    accessGrants?: Array<string>;
+}
+
+
+/**
+ * @export
+ */
+export const RemoteShareRequestBackendModeEnum = {
+    Proxy: 'proxy',
+    Web: 'web',
+    TcpTunnel: 'tcpTunnel',
+    UdpTunnel: 'udpTunnel',
+    Caddy: 'caddy',
+    Drive: 'drive',
+    Socks: 'socks',
+    Vpn: 'vpn'
+} as const;
+export type RemoteShareRequestBackendModeEnum = typeof RemoteShareRequestBackendModeEnum[keyof typeof RemoteShareRequestBackendModeEnum];
+
+
+/**
+ * Check if a given object implements the RemoteShareRequest interface.
+ */
+export function instanceOfRemoteShareRequest(value: object): value is RemoteShareRequest {
+    return true;
+}
+
+export function RemoteShareRequestFromJSON(json: any): RemoteShareRequest {
+    return RemoteShareRequestFromJSONTyped(json, false);
+}
+
+export function RemoteShareRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): RemoteShareRequest {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'shareMode': json['shareMode'] == null ? undefined : json['shareMode'],
+        'token': json['token'] == null ? undefined : json['token'],
+        'target': json['target'] == null ? undefined : json['target'],
+        'basicAuth': json['basicAuth'] == null ? undefined : json['basicAuth'],
+        'frontendSelection': json['frontendSelection'] == null ? undefined : json['frontendSelection'],
+        'backendMode': json['backendMode'] == null ? undefined : json['backendMode'],
+        'insecure': json['insecure'] == null ? undefined : json['insecure'],
+        'oauthProvider': json['oauthProvider'] == null ? undefined : json['oauthProvider'],
+        'oauthEmailAddressPatterns': json['oauthEmailAddressPatterns'] == null ? undefined : json['oauthEmailAddressPatterns'],
+        'oauthCheckInterval': json['oauthCheckInterval'] == null ? undefined : json['oauthCheckInterval'],
+        'open': json['open'] == null ? undefined : json['open'],
+        'accessGrants': json['accessGrants'] == null ? undefined : json['accessGrants'],
+    };
+}
+
+export function RemoteShareRequestToJSON(json: any): RemoteShareRequest {
+    return RemoteShareRequestToJSONTyped(json, false);
+}
+
+export function RemoteShareRequestToJSONTyped(value?: RemoteShareRequest | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'shareMode': value['shareMode'],
+        'token': value['token'],
+        'target': value['target'],
+        'basicAuth': value['basicAuth'],
+        'frontendSelection': value['frontendSelection'],
+        'backendMode': value['backendMode'],
+        'insecure': value['insecure'],
+        'oauthProvider': value['oauthProvider'],
+        'oauthEmailAddressPatterns': value['oauthEmailAddressPatterns'],
+        'oauthCheckInterval': value['oauthCheckInterval'],
+        'open': value['open'],
+        'accessGrants': value['accessGrants'],
+    };
+}
+

sdk/nodejs/sdk/src/api/models/index.ts

@@ -40,6 +40,8 @@ export * from './Principal';
 export * from './RegenerateAccountToken200Response';
 export * from './RegenerateAccountTokenRequest';
 export * from './RegisterRequest';
+export * from './RemoteShare200Response';
+export * from './RemoteShareRequest';
 export * from './RemoveOrganizationMemberRequest';
 export * from './ResetPasswordRequest';
 export * from './Share';

sdk/python/src/.openapi-generator/FILES

@@ -45,6 +45,8 @@ docs/Principal.md
 docs/RegenerateAccountToken200Response.md
 docs/RegenerateAccountTokenRequest.md
 docs/RegisterRequest.md
+docs/RemoteShare200Response.md
+docs/RemoteShareRequest.md
 docs/RemoveOrganizationMemberRequest.md
 docs/ResetPasswordRequest.md
 docs/Share.md
@@ -108,6 +110,8 @@ test/test_principal.py
 test/test_regenerate_account_token200_response.py
 test/test_regenerate_account_token_request.py
 test/test_register_request.py
+test/test_remote_share200_response.py
+test/test_remote_share_request.py
 test/test_remove_organization_member_request.py
 test/test_reset_password_request.py
 test/test_share.py
@@ -176,6 +180,8 @@ zrok_api/models/principal.py
 zrok_api/models/regenerate_account_token200_response.py
 zrok_api/models/regenerate_account_token_request.py
 zrok_api/models/register_request.py
+zrok_api/models/remote_share200_response.py
+zrok_api/models/remote_share_request.py
 zrok_api/models/remove_organization_member_request.py
 zrok_api/models/reset_password_request.py
 zrok_api/models/share.py

sdk/python/src/README.md

@@ -116,6 +116,8 @@ Class | Method | HTTP request | Description
 *AdminApi* | [**update_frontend**](docs/AdminApi.md#update_frontend) | **PATCH** /frontend | 
 *AgentApi* | [**enroll**](docs/AgentApi.md#enroll) | **POST** /agent/enroll | 
 *AgentApi* | [**ping**](docs/AgentApi.md#ping) | **POST** /agent/ping | 
+*AgentApi* | [**remote_share**](docs/AgentApi.md#remote_share) | **POST** /agent/share | 
+*AgentApi* | [**remote_unshare**](docs/AgentApi.md#remote_unshare) | **POST** /agent/unshare | 
 *AgentApi* | [**unenroll**](docs/AgentApi.md#unenroll) | **POST** /agent/unenroll | 
 *EnvironmentApi* | [**disable**](docs/EnvironmentApi.md#disable) | **POST** /disable | 
 *EnvironmentApi* | [**enable**](docs/EnvironmentApi.md#enable) | **POST** /enable | 
@@ -185,6 +187,8 @@ Class | Method | HTTP request | Description
  - [RegenerateAccountToken200Response](docs/RegenerateAccountToken200Response.md)
  - [RegenerateAccountTokenRequest](docs/RegenerateAccountTokenRequest.md)
  - [RegisterRequest](docs/RegisterRequest.md)
+ - [RemoteShare200Response](docs/RemoteShare200Response.md)
+ - [RemoteShareRequest](docs/RemoteShareRequest.md)
  - [RemoveOrganizationMemberRequest](docs/RemoveOrganizationMemberRequest.md)
  - [ResetPasswordRequest](docs/ResetPasswordRequest.md)
  - [Share](docs/Share.md)

sdk/python/src/docs/AgentApi.md

@@ -6,6 +6,8 @@ Method | HTTP request | Description
 ------------- | ------------- | -------------
 [**enroll**](AgentApi.md#enroll) | **POST** /agent/enroll | 
 [**ping**](AgentApi.md#ping) | **POST** /agent/ping | 
+[**remote_share**](AgentApi.md#remote_share) | **POST** /agent/share | 
+[**remote_unshare**](AgentApi.md#remote_unshare) | **POST** /agent/unshare | 
 [**unenroll**](AgentApi.md#unenroll) | **POST** /agent/unenroll | 
 
 
@@ -165,6 +167,159 @@ Name | Type | Description  | Notes
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
+# **remote_share**
+> RemoteShare200Response remote_share(body=body)
+
+### Example
+
+* Api Key Authentication (key):
+
+```python
+import zrok_api
+from zrok_api.models.remote_share200_response import RemoteShare200Response
+from zrok_api.models.remote_share_request import RemoteShareRequest
+from zrok_api.rest import ApiException
+from pprint import pprint
+
+# Defining the host is optional and defaults to /api/v1
+# See configuration.py for a list of all supported configuration parameters.
+configuration = zrok_api.Configuration(
+    host = "/api/v1"
+)
+
+# The client must configure the authentication and authorization parameters
+# in accordance with the API server security policy.
+# Examples for each auth method are provided below, use the example that
+# satisfies your auth use case.
+
+# Configure API key authorization: key
+configuration.api_key['key'] = os.environ["API_KEY"]
+
+# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
+# configuration.api_key_prefix['key'] = 'Bearer'
+
+# Enter a context with an instance of the API client
+with zrok_api.ApiClient(configuration) as api_client:
+    # Create an instance of the API class
+    api_instance = zrok_api.AgentApi(api_client)
+    body = zrok_api.RemoteShareRequest() # RemoteShareRequest |  (optional)
+
+    try:
+        api_response = api_instance.remote_share(body=body)
+        print("The response of AgentApi->remote_share:\n")
+        pprint(api_response)
+    except Exception as e:
+        print("Exception when calling AgentApi->remote_share: %s\n" % e)
+```
+
+
+
+### Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **body** | [**RemoteShareRequest**](RemoteShareRequest.md)|  | [optional] 
+
+### Return type
+
+[**RemoteShare200Response**](RemoteShare200Response.md)
+
+### Authorization
+
+[key](../README.md#key)
+
+### HTTP request headers
+
+ - **Content-Type**: application/zrok.v1+json
+ - **Accept**: application/zrok.v1+json
+
+### HTTP response details
+
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | ok |  -  |
+**401** | unauthorized |  -  |
+**500** | internal server error |  -  |
+**502** | bad gateway; agent not reachable |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+# **remote_unshare**
+> remote_unshare(body=body)
+
+### Example
+
+* Api Key Authentication (key):
+
+```python
+import zrok_api
+from zrok_api.models.enroll200_response import Enroll200Response
+from zrok_api.rest import ApiException
+from pprint import pprint
+
+# Defining the host is optional and defaults to /api/v1
+# See configuration.py for a list of all supported configuration parameters.
+configuration = zrok_api.Configuration(
+    host = "/api/v1"
+)
+
+# The client must configure the authentication and authorization parameters
+# in accordance with the API server security policy.
+# Examples for each auth method are provided below, use the example that
+# satisfies your auth use case.
+
+# Configure API key authorization: key
+configuration.api_key['key'] = os.environ["API_KEY"]
+
+# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
+# configuration.api_key_prefix['key'] = 'Bearer'
+
+# Enter a context with an instance of the API client
+with zrok_api.ApiClient(configuration) as api_client:
+    # Create an instance of the API class
+    api_instance = zrok_api.AgentApi(api_client)
+    body = zrok_api.Enroll200Response() # Enroll200Response |  (optional)
+
+    try:
+        api_instance.remote_unshare(body=body)
+    except Exception as e:
+        print("Exception when calling AgentApi->remote_unshare: %s\n" % e)
+```
+
+
+
+### Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **body** | [**Enroll200Response**](Enroll200Response.md)|  | [optional] 
+
+### Return type
+
+void (empty response body)
+
+### Authorization
+
+[key](../README.md#key)
+
+### HTTP request headers
+
+ - **Content-Type**: application/zrok.v1+json
+ - **Accept**: Not defined
+
+### HTTP response details
+
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | ok |  -  |
+**401** | unauthorized |  -  |
+**500** | internal server error |  -  |
+**502** | bad gateway; agent not reachable |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
 # **unenroll**
 > unenroll(body=body)
 
@@ -236,7 +391,7 @@ void (empty response body)
 **200** | ok |  -  |
 **400** | bad request; not enrolled |  -  |
 **401** | unauthorized |  -  |
-**500** | internal server error |  -  |
+**500** | internal server er |  -  |
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 

sdk/python/src/docs/RemoteShare200Response.md

@@ -0,0 +1,30 @@
+# RemoteShare200Response
+
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**token** | **str** |  | [optional] 
+**frontend_endpoints** | **List[str]** |  | [optional] 
+
+## Example
+
+```python
+from zrok_api.models.remote_share200_response import RemoteShare200Response
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of RemoteShare200Response from a JSON string
+remote_share200_response_instance = RemoteShare200Response.from_json(json)
+# print the JSON string representation of the object
+print(RemoteShare200Response.to_json())
+
+# convert the object into a dict
+remote_share200_response_dict = remote_share200_response_instance.to_dict()
+# create an instance of RemoteShare200Response from a dict
+remote_share200_response_from_dict = RemoteShare200Response.from_dict(remote_share200_response_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

sdk/python/src/docs/RemoteShareRequest.md

@@ -0,0 +1,40 @@
+# RemoteShareRequest
+
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**share_mode** | **str** |  | [optional] 
+**token** | **str** |  | [optional] 
+**target** | **str** |  | [optional] 
+**basic_auth** | **List[str]** |  | [optional] 
+**frontend_selection** | **List[str]** |  | [optional] 
+**backend_mode** | **str** |  | [optional] 
+**insecure** | **bool** |  | [optional] 
+**oauth_provider** | **str** |  | [optional] 
+**oauth_email_address_patterns** | **List[str]** |  | [optional] 
+**oauth_check_interval** | **str** |  | [optional] 
+**open** | **bool** |  | [optional] 
+**access_grants** | **List[str]** |  | [optional] 
+
+## Example
+
+```python
+from zrok_api.models.remote_share_request import RemoteShareRequest
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of RemoteShareRequest from a JSON string
+remote_share_request_instance = RemoteShareRequest.from_json(json)
+# print the JSON string representation of the object
+print(RemoteShareRequest.to_json())
+
+# convert the object into a dict
+remote_share_request_dict = remote_share_request_instance.to_dict()
+# create an instance of RemoteShareRequest from a dict
+remote_share_request_from_dict = RemoteShareRequest.from_dict(remote_share_request_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

sdk/python/src/test/test_agent_api.py

@@ -38,6 +38,18 @@ class TestAgentApi(unittest.TestCase):
         """
         pass
 
+    def test_remote_share(self) -> None:
+        """Test case for remote_share
+
+        """
+        pass
+
+    def test_remote_unshare(self) -> None:
+        """Test case for remote_unshare
+
+        """
+        pass
+
     def test_unenroll(self) -> None:
         """Test case for unenroll
 

sdk/python/src/test/test_remote_share200_response.py

@@ -0,0 +1,54 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access
+
+    The version of the OpenAPI document: 1.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+
+import unittest
+
+from zrok_api.models.remote_share200_response import RemoteShare200Response
+
+class TestRemoteShare200Response(unittest.TestCase):
+    """RemoteShare200Response unit test stubs"""
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def make_instance(self, include_optional) -> RemoteShare200Response:
+        """Test RemoteShare200Response
+            include_optional is a boolean, when False only required
+            params are included, when True both required and
+            optional params are included """
+        # uncomment below to create an instance of `RemoteShare200Response`
+        """
+        model = RemoteShare200Response()
+        if include_optional:
+            return RemoteShare200Response(
+                token = '',
+                frontend_endpoints = [
+                    ''
+                    ]
+            )
+        else:
+            return RemoteShare200Response(
+        )
+        """
+
+    def testRemoteShare200Response(self):
+        """Test RemoteShare200Response"""
+        # inst_req_only = self.make_instance(include_optional=False)
+        # inst_req_and_optional = self.make_instance(include_optional=True)
+
+if __name__ == '__main__':
+    unittest.main()

sdk/python/src/test/test_remote_share_request.py

@@ -0,0 +1,70 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access
+
+    The version of the OpenAPI document: 1.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+
+import unittest
+
+from zrok_api.models.remote_share_request import RemoteShareRequest
+
+class TestRemoteShareRequest(unittest.TestCase):
+    """RemoteShareRequest unit test stubs"""
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def make_instance(self, include_optional) -> RemoteShareRequest:
+        """Test RemoteShareRequest
+            include_optional is a boolean, when False only required
+            params are included, when True both required and
+            optional params are included """
+        # uncomment below to create an instance of `RemoteShareRequest`
+        """
+        model = RemoteShareRequest()
+        if include_optional:
+            return RemoteShareRequest(
+                share_mode = '',
+                token = '',
+                target = '',
+                basic_auth = [
+                    ''
+                    ],
+                frontend_selection = [
+                    ''
+                    ],
+                backend_mode = 'proxy',
+                insecure = True,
+                oauth_provider = '',
+                oauth_email_address_patterns = [
+                    ''
+                    ],
+                oauth_check_interval = '',
+                open = True,
+                access_grants = [
+                    ''
+                    ]
+            )
+        else:
+            return RemoteShareRequest(
+        )
+        """
+
+    def testRemoteShareRequest(self):
+        """Test RemoteShareRequest"""
+        # inst_req_only = self.make_instance(include_optional=False)
+        # inst_req_and_optional = self.make_instance(include_optional=True)
+
+if __name__ == '__main__':
+    unittest.main()

sdk/python/src/zrok_api/__init__.py

@@ -76,6 +76,8 @@ from zrok_api.models.principal import Principal
 from zrok_api.models.regenerate_account_token200_response import RegenerateAccountToken200Response
 from zrok_api.models.regenerate_account_token_request import RegenerateAccountTokenRequest
 from zrok_api.models.register_request import RegisterRequest
+from zrok_api.models.remote_share200_response import RemoteShare200Response
+from zrok_api.models.remote_share_request import RemoteShareRequest
 from zrok_api.models.remove_organization_member_request import RemoveOrganizationMemberRequest
 from zrok_api.models.reset_password_request import ResetPasswordRequest
 from zrok_api.models.share import Share

sdk/python/src/zrok_api/api/agent_api.py

@@ -20,6 +20,8 @@ from typing import Optional
 from zrok_api.models.enroll200_response import Enroll200Response
 from zrok_api.models.enroll_request import EnrollRequest
 from zrok_api.models.ping200_response import Ping200Response
+from zrok_api.models.remote_share200_response import RemoteShare200Response
+from zrok_api.models.remote_share_request import RemoteShareRequest
 
 from zrok_api.api_client import ApiClient, RequestSerialized
 from zrok_api.api_response import ApiResponse
@@ -599,6 +601,559 @@ class AgentApi:
 
 
 
+    @validate_call
+    def remote_share(
+        self,
+        body: Optional[RemoteShareRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> RemoteShare200Response:
+        """remote_share
+
+
+        :param body:
+        :type body: RemoteShareRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._remote_share_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': "RemoteShare200Response",
+            '401': None,
+            '500': None,
+            '502': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        ).data
+
+
+    @validate_call
+    def remote_share_with_http_info(
+        self,
+        body: Optional[RemoteShareRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> ApiResponse[RemoteShare200Response]:
+        """remote_share
+
+
+        :param body:
+        :type body: RemoteShareRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._remote_share_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': "RemoteShare200Response",
+            '401': None,
+            '500': None,
+            '502': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        )
+
+
+    @validate_call
+    def remote_share_without_preload_content(
+        self,
+        body: Optional[RemoteShareRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> RESTResponseType:
+        """remote_share
+
+
+        :param body:
+        :type body: RemoteShareRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._remote_share_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': "RemoteShare200Response",
+            '401': None,
+            '500': None,
+            '502': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        return response_data.response
+
+
+    def _remote_share_serialize(
+        self,
+        body,
+        _request_auth,
+        _content_type,
+        _headers,
+        _host_index,
+    ) -> RequestSerialized:
+
+        _host = None
+
+        _collection_formats: Dict[str, str] = {
+        }
+
+        _path_params: Dict[str, str] = {}
+        _query_params: List[Tuple[str, str]] = []
+        _header_params: Dict[str, Optional[str]] = _headers or {}
+        _form_params: List[Tuple[str, str]] = []
+        _files: Dict[
+            str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]
+        ] = {}
+        _body_params: Optional[bytes] = None
+
+        # process the path parameters
+        # process the query parameters
+        # process the header parameters
+        # process the form parameters
+        # process the body parameter
+        if body is not None:
+            _body_params = body
+
+
+        # set the HTTP header `Accept`
+        if 'Accept' not in _header_params:
+            _header_params['Accept'] = self.api_client.select_header_accept(
+                [
+                    'application/zrok.v1+json'
+                ]
+            )
+
+        # set the HTTP header `Content-Type`
+        if _content_type:
+            _header_params['Content-Type'] = _content_type
+        else:
+            _default_content_type = (
+                self.api_client.select_header_content_type(
+                    [
+                        'application/zrok.v1+json'
+                    ]
+                )
+            )
+            if _default_content_type is not None:
+                _header_params['Content-Type'] = _default_content_type
+
+        # authentication setting
+        _auth_settings: List[str] = [
+            'key'
+        ]
+
+        return self.api_client.param_serialize(
+            method='POST',
+            resource_path='/agent/share',
+            path_params=_path_params,
+            query_params=_query_params,
+            header_params=_header_params,
+            body=_body_params,
+            post_params=_form_params,
+            files=_files,
+            auth_settings=_auth_settings,
+            collection_formats=_collection_formats,
+            _host=_host,
+            _request_auth=_request_auth
+        )
+
+
+
+
+    @validate_call
+    def remote_unshare(
+        self,
+        body: Optional[Enroll200Response] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> None:
+        """remote_unshare
+
+
+        :param body:
+        :type body: Enroll200Response
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._remote_unshare_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': None,
+            '401': None,
+            '500': None,
+            '502': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        ).data
+
+
+    @validate_call
+    def remote_unshare_with_http_info(
+        self,
+        body: Optional[Enroll200Response] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> ApiResponse[None]:
+        """remote_unshare
+
+
+        :param body:
+        :type body: Enroll200Response
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._remote_unshare_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': None,
+            '401': None,
+            '500': None,
+            '502': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        )
+
+
+    @validate_call
+    def remote_unshare_without_preload_content(
+        self,
+        body: Optional[Enroll200Response] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> RESTResponseType:
+        """remote_unshare
+
+
+        :param body:
+        :type body: Enroll200Response
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._remote_unshare_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': None,
+            '401': None,
+            '500': None,
+            '502': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        return response_data.response
+
+
+    def _remote_unshare_serialize(
+        self,
+        body,
+        _request_auth,
+        _content_type,
+        _headers,
+        _host_index,
+    ) -> RequestSerialized:
+
+        _host = None
+
+        _collection_formats: Dict[str, str] = {
+        }
+
+        _path_params: Dict[str, str] = {}
+        _query_params: List[Tuple[str, str]] = []
+        _header_params: Dict[str, Optional[str]] = _headers or {}
+        _form_params: List[Tuple[str, str]] = []
+        _files: Dict[
+            str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]
+        ] = {}
+        _body_params: Optional[bytes] = None
+
+        # process the path parameters
+        # process the query parameters
+        # process the header parameters
+        # process the form parameters
+        # process the body parameter
+        if body is not None:
+            _body_params = body
+
+
+
+        # set the HTTP header `Content-Type`
+        if _content_type:
+            _header_params['Content-Type'] = _content_type
+        else:
+            _default_content_type = (
+                self.api_client.select_header_content_type(
+                    [
+                        'application/zrok.v1+json'
+                    ]
+                )
+            )
+            if _default_content_type is not None:
+                _header_params['Content-Type'] = _default_content_type
+
+        # authentication setting
+        _auth_settings: List[str] = [
+            'key'
+        ]
+
+        return self.api_client.param_serialize(
+            method='POST',
+            resource_path='/agent/unshare',
+            path_params=_path_params,
+            query_params=_query_params,
+            header_params=_header_params,
+            body=_body_params,
+            post_params=_form_params,
+            files=_files,
+            auth_settings=_auth_settings,
+            collection_formats=_collection_formats,
+            _host=_host,
+            _request_auth=_request_auth
+        )
+
+
+
+
     @validate_call
     def unenroll(
         self,

sdk/python/src/zrok_api/models/__init__.py

@@ -54,6 +54,8 @@ from zrok_api.models.principal import Principal
 from zrok_api.models.regenerate_account_token200_response import RegenerateAccountToken200Response
 from zrok_api.models.regenerate_account_token_request import RegenerateAccountTokenRequest
 from zrok_api.models.register_request import RegisterRequest
+from zrok_api.models.remote_share200_response import RemoteShare200Response
+from zrok_api.models.remote_share_request import RemoteShareRequest
 from zrok_api.models.remove_organization_member_request import RemoveOrganizationMemberRequest
 from zrok_api.models.reset_password_request import ResetPasswordRequest
 from zrok_api.models.share import Share

sdk/python/src/zrok_api/models/remote_share200_response.py

@@ -0,0 +1,89 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access
+
+    The version of the OpenAPI document: 1.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+
+from __future__ import annotations
+import pprint
+import re  # noqa: F401
+import json
+
+from pydantic import BaseModel, ConfigDict, Field, StrictStr
+from typing import Any, ClassVar, Dict, List, Optional
+from typing import Optional, Set
+from typing_extensions import Self
+
+class RemoteShare200Response(BaseModel):
+    """
+    RemoteShare200Response
+    """ # noqa: E501
+    token: Optional[StrictStr] = None
+    frontend_endpoints: Optional[List[StrictStr]] = Field(default=None, alias="frontendEndpoints")
+    __properties: ClassVar[List[str]] = ["token", "frontendEndpoints"]
+
+    model_config = ConfigDict(
+        populate_by_name=True,
+        validate_assignment=True,
+        protected_namespaces=(),
+    )
+
+
+    def to_str(self) -> str:
+        """Returns the string representation of the model using alias"""
+        return pprint.pformat(self.model_dump(by_alias=True))
+
+    def to_json(self) -> str:
+        """Returns the JSON representation of the model using alias"""
+        # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead
+        return json.dumps(self.to_dict())
+
+    @classmethod
+    def from_json(cls, json_str: str) -> Optional[Self]:
+        """Create an instance of RemoteShare200Response from a JSON string"""
+        return cls.from_dict(json.loads(json_str))
+
+    def to_dict(self) -> Dict[str, Any]:
+        """Return the dictionary representation of the model using alias.
+
+        This has the following differences from calling pydantic's
+        `self.model_dump(by_alias=True)`:
+
+        * `None` is only added to the output dict for nullable fields that
+          were set at model initialization. Other fields with value `None`
+          are ignored.
+        """
+        excluded_fields: Set[str] = set([
+        ])
+
+        _dict = self.model_dump(
+            by_alias=True,
+            exclude=excluded_fields,
+            exclude_none=True,
+        )
+        return _dict
+
+    @classmethod
+    def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
+        """Create an instance of RemoteShare200Response from a dict"""
+        if obj is None:
+            return None
+
+        if not isinstance(obj, dict):
+            return cls.model_validate(obj)
+
+        _obj = cls.model_validate({
+            "token": obj.get("token"),
+            "frontendEndpoints": obj.get("frontendEndpoints")
+        })
+        return _obj
+
+

sdk/python/src/zrok_api/models/remote_share_request.py

@@ -0,0 +1,119 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access
+
+    The version of the OpenAPI document: 1.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+
+from __future__ import annotations
+import pprint
+import re  # noqa: F401
+import json
+
+from pydantic import BaseModel, ConfigDict, Field, StrictBool, StrictStr, field_validator
+from typing import Any, ClassVar, Dict, List, Optional
+from typing import Optional, Set
+from typing_extensions import Self
+
+class RemoteShareRequest(BaseModel):
+    """
+    RemoteShareRequest
+    """ # noqa: E501
+    share_mode: Optional[StrictStr] = Field(default=None, alias="shareMode")
+    token: Optional[StrictStr] = None
+    target: Optional[StrictStr] = None
+    basic_auth: Optional[List[StrictStr]] = Field(default=None, alias="basicAuth")
+    frontend_selection: Optional[List[StrictStr]] = Field(default=None, alias="frontendSelection")
+    backend_mode: Optional[StrictStr] = Field(default=None, alias="backendMode")
+    insecure: Optional[StrictBool] = None
+    oauth_provider: Optional[StrictStr] = Field(default=None, alias="oauthProvider")
+    oauth_email_address_patterns: Optional[List[StrictStr]] = Field(default=None, alias="oauthEmailAddressPatterns")
+    oauth_check_interval: Optional[StrictStr] = Field(default=None, alias="oauthCheckInterval")
+    open: Optional[StrictBool] = None
+    access_grants: Optional[List[StrictStr]] = Field(default=None, alias="accessGrants")
+    __properties: ClassVar[List[str]] = ["shareMode", "token", "target", "basicAuth", "frontendSelection", "backendMode", "insecure", "oauthProvider", "oauthEmailAddressPatterns", "oauthCheckInterval", "open", "accessGrants"]
+
+    @field_validator('backend_mode')
+    def backend_mode_validate_enum(cls, value):
+        """Validates the enum"""
+        if value is None:
+            return value
+
+        if value not in set(['proxy', 'web', 'tcpTunnel', 'udpTunnel', 'caddy', 'drive', 'socks', 'vpn']):
+            raise ValueError("must be one of enum values ('proxy', 'web', 'tcpTunnel', 'udpTunnel', 'caddy', 'drive', 'socks', 'vpn')")
+        return value
+
+    model_config = ConfigDict(
+        populate_by_name=True,
+        validate_assignment=True,
+        protected_namespaces=(),
+    )
+
+
+    def to_str(self) -> str:
+        """Returns the string representation of the model using alias"""
+        return pprint.pformat(self.model_dump(by_alias=True))
+
+    def to_json(self) -> str:
+        """Returns the JSON representation of the model using alias"""
+        # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead
+        return json.dumps(self.to_dict())
+
+    @classmethod
+    def from_json(cls, json_str: str) -> Optional[Self]:
+        """Create an instance of RemoteShareRequest from a JSON string"""
+        return cls.from_dict(json.loads(json_str))
+
+    def to_dict(self) -> Dict[str, Any]:
+        """Return the dictionary representation of the model using alias.
+
+        This has the following differences from calling pydantic's
+        `self.model_dump(by_alias=True)`:
+
+        * `None` is only added to the output dict for nullable fields that
+          were set at model initialization. Other fields with value `None`
+          are ignored.
+        """
+        excluded_fields: Set[str] = set([
+        ])
+
+        _dict = self.model_dump(
+            by_alias=True,
+            exclude=excluded_fields,
+            exclude_none=True,
+        )
+        return _dict
+
+    @classmethod
+    def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
+        """Create an instance of RemoteShareRequest from a dict"""
+        if obj is None:
+            return None
+
+        if not isinstance(obj, dict):
+            return cls.model_validate(obj)
+
+        _obj = cls.model_validate({
+            "shareMode": obj.get("shareMode"),
+            "token": obj.get("token"),
+            "target": obj.get("target"),
+            "basicAuth": obj.get("basicAuth"),
+            "frontendSelection": obj.get("frontendSelection"),
+            "backendMode": obj.get("backendMode"),
+            "insecure": obj.get("insecure"),
+            "oauthProvider": obj.get("oauthProvider"),
+            "oauthEmailAddressPatterns": obj.get("oauthEmailAddressPatterns"),
+            "oauthCheckInterval": obj.get("oauthCheckInterval"),
+            "open": obj.get("open"),
+            "accessGrants": obj.get("accessGrants")
+        })
+        return _obj
+
+

specs/zrok.yml

@@ -666,7 +666,7 @@ paths:
         401:
           description: unauthorized
         500:
-          description: internal server error
+          description: internal server er
 
   /agent/ping:
     post:
@@ -696,6 +696,93 @@ paths:
         502:
           description: bad gateway; agent not reachable
           
+  /agent/share:
+    post:
+      tags:
+        - agent
+      security:
+        - key: []
+      operationId: remoteShare
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              shareMode:
+                type: string
+              token:
+                type: string
+              target:
+                type: string
+              basicAuth:
+                type: array
+                items:
+                  type: string
+              frontendSelection:
+                type: array
+                items:
+                  type: string
+              backendMode:
+                type: string
+                enum: ["proxy", "web", "tcpTunnel", "udpTunnel", "caddy", "drive", "socks", "vpn"]
+              insecure:
+                type: boolean
+              oauthProvider:
+                type: string
+              oauthEmailAddressPatterns:
+                type: array
+                items:
+                  type: string
+              oauthCheckInterval:
+                type: string
+              open:
+                type: boolean
+              accessGrants:
+                type: array
+                items:
+                  type: string
+      responses:
+        200:
+          description: ok
+          schema:
+            properties:
+              token:
+                type: string
+              frontendEndpoints:
+                type: array
+                items:
+                  type: string
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
+        502:
+          description: bad gateway; agent not reachable
+
+  /agent/unshare:
+    post:
+      tags:
+        - agent
+      security:
+        - key: []
+      operationId: remoteUnshare
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              token:
+                type: string
+      responses:
+        200:
+          description: ok
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
+        502:
+          description: bad gateway; agent not reachable
+
   #
   # environment
   #

ui/src/api/.openapi-generator/FILES

@@ -47,6 +47,8 @@ models/Principal.ts
 models/RegenerateAccountToken200Response.ts
 models/RegenerateAccountTokenRequest.ts
 models/RegisterRequest.ts
+models/RemoteShare200Response.ts
+models/RemoteShareRequest.ts
 models/RemoveOrganizationMemberRequest.ts
 models/ResetPasswordRequest.ts
 models/Share.ts

ui/src/api/apis/AgentApi.ts

@@ -18,6 +18,8 @@ import type {
   Enroll200Response,
   EnrollRequest,
   Ping200Response,
+  RemoteShare200Response,
+  RemoteShareRequest,
 } from '../models/index';
 import {
     Enroll200ResponseFromJSON,
@@ -26,6 +28,10 @@ import {
     EnrollRequestToJSON,
     Ping200ResponseFromJSON,
     Ping200ResponseToJSON,
+    RemoteShare200ResponseFromJSON,
+    RemoteShare200ResponseToJSON,
+    RemoteShareRequestFromJSON,
+    RemoteShareRequestToJSON,
 } from '../models/index';
 
 export interface EnrollOperationRequest {
@@ -36,6 +42,14 @@ export interface PingRequest {
     body?: EnrollRequest;
 }
 
+export interface RemoteShareOperationRequest {
+    body?: RemoteShareRequest;
+}
+
+export interface RemoteUnshareRequest {
+    body?: Enroll200Response;
+}
+
 export interface UnenrollRequest {
     body?: EnrollRequest;
 }
@@ -107,6 +121,67 @@ export class AgentApi extends runtime.BaseAPI {
         return await response.value();
     }
 
+    /**
+     */
+    async remoteShareRaw(requestParameters: RemoteShareOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<RemoteShare200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/share`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: RemoteShareRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => RemoteShare200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     */
+    async remoteShare(requestParameters: RemoteShareOperationRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<RemoteShare200Response> {
+        const response = await this.remoteShareRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     */
+    async remoteUnshareRaw(requestParameters: RemoteUnshareRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<void>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/unshare`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: Enroll200ResponseToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.VoidApiResponse(response);
+    }
+
+    /**
+     */
+    async remoteUnshare(requestParameters: RemoteUnshareRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<void> {
+        await this.remoteUnshareRaw(requestParameters, initOverrides);
+    }
+
     /**
      */
     async unenrollRaw(requestParameters: UnenrollRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<void>> {

ui/src/api/models/RemoteShare200Response.ts

@@ -0,0 +1,73 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 1.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface RemoteShare200Response
+ */
+export interface RemoteShare200Response {
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShare200Response
+     */
+    token?: string;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShare200Response
+     */
+    frontendEndpoints?: Array<string>;
+}
+
+/**
+ * Check if a given object implements the RemoteShare200Response interface.
+ */
+export function instanceOfRemoteShare200Response(value: object): value is RemoteShare200Response {
+    return true;
+}
+
+export function RemoteShare200ResponseFromJSON(json: any): RemoteShare200Response {
+    return RemoteShare200ResponseFromJSONTyped(json, false);
+}
+
+export function RemoteShare200ResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): RemoteShare200Response {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'token': json['token'] == null ? undefined : json['token'],
+        'frontendEndpoints': json['frontendEndpoints'] == null ? undefined : json['frontendEndpoints'],
+    };
+}
+
+export function RemoteShare200ResponseToJSON(json: any): RemoteShare200Response {
+    return RemoteShare200ResponseToJSONTyped(json, false);
+}
+
+export function RemoteShare200ResponseToJSONTyped(value?: RemoteShare200Response | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'token': value['token'],
+        'frontendEndpoints': value['frontendEndpoints'],
+    };
+}
+

ui/src/api/models/RemoteShareRequest.ts

@@ -0,0 +1,170 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 1.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface RemoteShareRequest
+ */
+export interface RemoteShareRequest {
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    shareMode?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    token?: string;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    target?: string;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    basicAuth?: Array<string>;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    frontendSelection?: Array<string>;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    backendMode?: RemoteShareRequestBackendModeEnum;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof RemoteShareRequest
+     */
+    insecure?: boolean;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    oauthProvider?: string;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    oauthEmailAddressPatterns?: Array<string>;
+    /**
+     * 
+     * @type {string}
+     * @memberof RemoteShareRequest
+     */
+    oauthCheckInterval?: string;
+    /**
+     * 
+     * @type {boolean}
+     * @memberof RemoteShareRequest
+     */
+    open?: boolean;
+    /**
+     * 
+     * @type {Array<string>}
+     * @memberof RemoteShareRequest
+     */
+    accessGrants?: Array<string>;
+}
+
+
+/**
+ * @export
+ */
+export const RemoteShareRequestBackendModeEnum = {
+    Proxy: 'proxy',
+    Web: 'web',
+    TcpTunnel: 'tcpTunnel',
+    UdpTunnel: 'udpTunnel',
+    Caddy: 'caddy',
+    Drive: 'drive',
+    Socks: 'socks',
+    Vpn: 'vpn'
+} as const;
+export type RemoteShareRequestBackendModeEnum = typeof RemoteShareRequestBackendModeEnum[keyof typeof RemoteShareRequestBackendModeEnum];
+
+
+/**
+ * Check if a given object implements the RemoteShareRequest interface.
+ */
+export function instanceOfRemoteShareRequest(value: object): value is RemoteShareRequest {
+    return true;
+}
+
+export function RemoteShareRequestFromJSON(json: any): RemoteShareRequest {
+    return RemoteShareRequestFromJSONTyped(json, false);
+}
+
+export function RemoteShareRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): RemoteShareRequest {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'shareMode': json['shareMode'] == null ? undefined : json['shareMode'],
+        'token': json['token'] == null ? undefined : json['token'],
+        'target': json['target'] == null ? undefined : json['target'],
+        'basicAuth': json['basicAuth'] == null ? undefined : json['basicAuth'],
+        'frontendSelection': json['frontendSelection'] == null ? undefined : json['frontendSelection'],
+        'backendMode': json['backendMode'] == null ? undefined : json['backendMode'],
+        'insecure': json['insecure'] == null ? undefined : json['insecure'],
+        'oauthProvider': json['oauthProvider'] == null ? undefined : json['oauthProvider'],
+        'oauthEmailAddressPatterns': json['oauthEmailAddressPatterns'] == null ? undefined : json['oauthEmailAddressPatterns'],
+        'oauthCheckInterval': json['oauthCheckInterval'] == null ? undefined : json['oauthCheckInterval'],
+        'open': json['open'] == null ? undefined : json['open'],
+        'accessGrants': json['accessGrants'] == null ? undefined : json['accessGrants'],
+    };
+}
+
+export function RemoteShareRequestToJSON(json: any): RemoteShareRequest {
+    return RemoteShareRequestToJSONTyped(json, false);
+}
+
+export function RemoteShareRequestToJSONTyped(value?: RemoteShareRequest | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'shareMode': value['shareMode'],
+        'token': value['token'],
+        'target': value['target'],
+        'basicAuth': value['basicAuth'],
+        'frontendSelection': value['frontendSelection'],
+        'backendMode': value['backendMode'],
+        'insecure': value['insecure'],
+        'oauthProvider': value['oauthProvider'],
+        'oauthEmailAddressPatterns': value['oauthEmailAddressPatterns'],
+        'oauthCheckInterval': value['oauthCheckInterval'],
+        'open': value['open'],
+        'accessGrants': value['accessGrants'],
+    };
+}
+

ui/src/api/models/index.ts

@@ -40,6 +40,8 @@ export * from './Principal';
 export * from './RegenerateAccountToken200Response';
 export * from './RegenerateAccountTokenRequest';
 export * from './RegisterRequest';
+export * from './RemoteShare200Response';
+export * from './RemoteShareRequest';
 export * from './RemoveOrganizationMemberRequest';
 export * from './ResetPasswordRequest';
 export * from './Share';