/agent/enroll, /agent/unenroll api (#967)

rest_client_zrok/agent/agent_client.go

@@ -100,11 +100,54 @@ func WithAcceptApplicationZrokV1JSON(r *runtime.ClientOperation) {
 
 // ClientService is the interface for Client methods
 type ClientService interface {
+	Enroll(params *EnrollParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnrollOK, error)
+
 	Ping(params *PingParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*PingOK, error)
 
+	Unenroll(params *UnenrollParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UnenrollOK, error)
+
 	SetTransport(transport runtime.ClientTransport)
 }
 
+/*
+Enroll enroll API
+*/
+func (a *Client) Enroll(params *EnrollParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*EnrollOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewEnrollParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "enroll",
+		Method:             "POST",
+		PathPattern:        "/agent/enroll",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &EnrollReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*EnrollOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for enroll: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 Ping ping API
 */
@@ -144,6 +187,45 @@ func (a *Client) Ping(params *PingParams, authInfo runtime.ClientAuthInfoWriter,
 	panic(msg)
 }
 
+/*
+Unenroll unenroll API
+*/
+func (a *Client) Unenroll(params *UnenrollParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*UnenrollOK, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewUnenrollParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "unenroll",
+		Method:             "POST",
+		PathPattern:        "/agent/unenroll",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &UnenrollReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*UnenrollOK)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for unenroll: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 // SetTransport changes the transport on the client
 func (a *Client) SetTransport(transport runtime.ClientTransport) {
 	a.transport = transport

rest_client_zrok/agent/enroll_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewEnrollParams creates a new EnrollParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewEnrollParams() *EnrollParams {
+	return &EnrollParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewEnrollParamsWithTimeout creates a new EnrollParams object
+// with the ability to set a timeout on a request.
+func NewEnrollParamsWithTimeout(timeout time.Duration) *EnrollParams {
+	return &EnrollParams{
+		timeout: timeout,
+	}
+}
+
+// NewEnrollParamsWithContext creates a new EnrollParams object
+// with the ability to set a context for a request.
+func NewEnrollParamsWithContext(ctx context.Context) *EnrollParams {
+	return &EnrollParams{
+		Context: ctx,
+	}
+}
+
+// NewEnrollParamsWithHTTPClient creates a new EnrollParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewEnrollParamsWithHTTPClient(client *http.Client) *EnrollParams {
+	return &EnrollParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+EnrollParams contains all the parameters to send to the API endpoint
+
+	for the enroll operation.
+
+	Typically these are written to a http.Request.
+*/
+type EnrollParams struct {
+
+	// Body.
+	Body EnrollBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the enroll params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *EnrollParams) WithDefaults() *EnrollParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the enroll params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *EnrollParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the enroll params
+func (o *EnrollParams) WithTimeout(timeout time.Duration) *EnrollParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the enroll params
+func (o *EnrollParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the enroll params
+func (o *EnrollParams) WithContext(ctx context.Context) *EnrollParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the enroll params
+func (o *EnrollParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the enroll params
+func (o *EnrollParams) WithHTTPClient(client *http.Client) *EnrollParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the enroll params
+func (o *EnrollParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the enroll params
+func (o *EnrollParams) WithBody(body EnrollBody) *EnrollParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the enroll params
+func (o *EnrollParams) SetBody(body EnrollBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *EnrollParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/agent/enroll_responses.go

@@ -0,0 +1,368 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// EnrollReader is a Reader for the Enroll structure.
+type EnrollReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *EnrollReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewEnrollOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewEnrollBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 401:
+		result := NewEnrollUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewEnrollInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /agent/enroll] enroll", response, response.Code())
+	}
+}
+
+// NewEnrollOK creates a EnrollOK with default headers values
+func NewEnrollOK() *EnrollOK {
+	return &EnrollOK{}
+}
+
+/*
+EnrollOK describes a response with status code 200, with default header values.
+
+ok
+*/
+type EnrollOK struct {
+	Payload *EnrollOKBody
+}
+
+// IsSuccess returns true when this enroll o k response has a 2xx status code
+func (o *EnrollOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this enroll o k response has a 3xx status code
+func (o *EnrollOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this enroll o k response has a 4xx status code
+func (o *EnrollOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this enroll o k response has a 5xx status code
+func (o *EnrollOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this enroll o k response a status code equal to that given
+func (o *EnrollOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the enroll o k response
+func (o *EnrollOK) Code() int {
+	return 200
+}
+
+func (o *EnrollOK) Error() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollOK %s", 200, payload)
+}
+
+func (o *EnrollOK) String() string {
+	payload, _ := json.Marshal(o.Payload)
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollOK %s", 200, payload)
+}
+
+func (o *EnrollOK) GetPayload() *EnrollOKBody {
+	return o.Payload
+}
+
+func (o *EnrollOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	o.Payload = new(EnrollOKBody)
+
+	// response payload
+	if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewEnrollBadRequest creates a EnrollBadRequest with default headers values
+func NewEnrollBadRequest() *EnrollBadRequest {
+	return &EnrollBadRequest{}
+}
+
+/*
+EnrollBadRequest describes a response with status code 400, with default header values.
+
+bad request; already enrolled
+*/
+type EnrollBadRequest struct {
+}
+
+// IsSuccess returns true when this enroll bad request response has a 2xx status code
+func (o *EnrollBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this enroll bad request response has a 3xx status code
+func (o *EnrollBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this enroll bad request response has a 4xx status code
+func (o *EnrollBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this enroll bad request response has a 5xx status code
+func (o *EnrollBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this enroll bad request response a status code equal to that given
+func (o *EnrollBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the enroll bad request response
+func (o *EnrollBadRequest) Code() int {
+	return 400
+}
+
+func (o *EnrollBadRequest) Error() string {
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollBadRequest", 400)
+}
+
+func (o *EnrollBadRequest) String() string {
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollBadRequest", 400)
+}
+
+func (o *EnrollBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewEnrollUnauthorized creates a EnrollUnauthorized with default headers values
+func NewEnrollUnauthorized() *EnrollUnauthorized {
+	return &EnrollUnauthorized{}
+}
+
+/*
+EnrollUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type EnrollUnauthorized struct {
+}
+
+// IsSuccess returns true when this enroll unauthorized response has a 2xx status code
+func (o *EnrollUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this enroll unauthorized response has a 3xx status code
+func (o *EnrollUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this enroll unauthorized response has a 4xx status code
+func (o *EnrollUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this enroll unauthorized response has a 5xx status code
+func (o *EnrollUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this enroll unauthorized response a status code equal to that given
+func (o *EnrollUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+// Code gets the status code for the enroll unauthorized response
+func (o *EnrollUnauthorized) Code() int {
+	return 401
+}
+
+func (o *EnrollUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollUnauthorized", 401)
+}
+
+func (o *EnrollUnauthorized) String() string {
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollUnauthorized", 401)
+}
+
+func (o *EnrollUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewEnrollInternalServerError creates a EnrollInternalServerError with default headers values
+func NewEnrollInternalServerError() *EnrollInternalServerError {
+	return &EnrollInternalServerError{}
+}
+
+/*
+EnrollInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type EnrollInternalServerError struct {
+}
+
+// IsSuccess returns true when this enroll internal server error response has a 2xx status code
+func (o *EnrollInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this enroll internal server error response has a 3xx status code
+func (o *EnrollInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this enroll internal server error response has a 4xx status code
+func (o *EnrollInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this enroll internal server error response has a 5xx status code
+func (o *EnrollInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this enroll internal server error response a status code equal to that given
+func (o *EnrollInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+// Code gets the status code for the enroll internal server error response
+func (o *EnrollInternalServerError) Code() int {
+	return 500
+}
+
+func (o *EnrollInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollInternalServerError", 500)
+}
+
+func (o *EnrollInternalServerError) String() string {
+	return fmt.Sprintf("[POST /agent/enroll][%d] enrollInternalServerError", 500)
+}
+
+func (o *EnrollInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+EnrollBody enroll body
+swagger:model EnrollBody
+*/
+type EnrollBody struct {
+
+	// env z Id
+	EnvZID string `json:"envZId,omitempty"`
+}
+
+// Validate validates this enroll body
+func (o *EnrollBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this enroll body based on context it is used
+func (o *EnrollBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *EnrollBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *EnrollBody) UnmarshalBinary(b []byte) error {
+	var res EnrollBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+/*
+EnrollOKBody enroll o k body
+swagger:model EnrollOKBody
+*/
+type EnrollOKBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this enroll o k body
+func (o *EnrollOKBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this enroll o k body based on context it is used
+func (o *EnrollOKBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *EnrollOKBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *EnrollOKBody) UnmarshalBinary(b []byte) error {
+	var res EnrollOKBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_client_zrok/agent/unenroll_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewUnenrollParams creates a new UnenrollParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewUnenrollParams() *UnenrollParams {
+	return &UnenrollParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewUnenrollParamsWithTimeout creates a new UnenrollParams object
+// with the ability to set a timeout on a request.
+func NewUnenrollParamsWithTimeout(timeout time.Duration) *UnenrollParams {
+	return &UnenrollParams{
+		timeout: timeout,
+	}
+}
+
+// NewUnenrollParamsWithContext creates a new UnenrollParams object
+// with the ability to set a context for a request.
+func NewUnenrollParamsWithContext(ctx context.Context) *UnenrollParams {
+	return &UnenrollParams{
+		Context: ctx,
+	}
+}
+
+// NewUnenrollParamsWithHTTPClient creates a new UnenrollParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewUnenrollParamsWithHTTPClient(client *http.Client) *UnenrollParams {
+	return &UnenrollParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+UnenrollParams contains all the parameters to send to the API endpoint
+
+	for the unenroll operation.
+
+	Typically these are written to a http.Request.
+*/
+type UnenrollParams struct {
+
+	// Body.
+	Body UnenrollBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the unenroll params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UnenrollParams) WithDefaults() *UnenrollParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the unenroll params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *UnenrollParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the unenroll params
+func (o *UnenrollParams) WithTimeout(timeout time.Duration) *UnenrollParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the unenroll params
+func (o *UnenrollParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the unenroll params
+func (o *UnenrollParams) WithContext(ctx context.Context) *UnenrollParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the unenroll params
+func (o *UnenrollParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the unenroll params
+func (o *UnenrollParams) WithHTTPClient(client *http.Client) *UnenrollParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the unenroll params
+func (o *UnenrollParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the unenroll params
+func (o *UnenrollParams) WithBody(body UnenrollBody) *UnenrollParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the unenroll params
+func (o *UnenrollParams) SetBody(body UnenrollBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *UnenrollParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/agent/unenroll_responses.go

@@ -0,0 +1,314 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UnenrollReader is a Reader for the Unenroll structure.
+type UnenrollReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *UnenrollReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 200:
+		result := NewUnenrollOK()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 400:
+		result := NewUnenrollBadRequest()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 401:
+		result := NewUnenrollUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewUnenrollInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /agent/unenroll] unenroll", response, response.Code())
+	}
+}
+
+// NewUnenrollOK creates a UnenrollOK with default headers values
+func NewUnenrollOK() *UnenrollOK {
+	return &UnenrollOK{}
+}
+
+/*
+UnenrollOK describes a response with status code 200, with default header values.
+
+ok
+*/
+type UnenrollOK struct {
+}
+
+// IsSuccess returns true when this unenroll o k response has a 2xx status code
+func (o *UnenrollOK) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this unenroll o k response has a 3xx status code
+func (o *UnenrollOK) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this unenroll o k response has a 4xx status code
+func (o *UnenrollOK) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this unenroll o k response has a 5xx status code
+func (o *UnenrollOK) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this unenroll o k response a status code equal to that given
+func (o *UnenrollOK) IsCode(code int) bool {
+	return code == 200
+}
+
+// Code gets the status code for the unenroll o k response
+func (o *UnenrollOK) Code() int {
+	return 200
+}
+
+func (o *UnenrollOK) Error() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollOK", 200)
+}
+
+func (o *UnenrollOK) String() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollOK", 200)
+}
+
+func (o *UnenrollOK) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewUnenrollBadRequest creates a UnenrollBadRequest with default headers values
+func NewUnenrollBadRequest() *UnenrollBadRequest {
+	return &UnenrollBadRequest{}
+}
+
+/*
+UnenrollBadRequest describes a response with status code 400, with default header values.
+
+bad request; not enrolled
+*/
+type UnenrollBadRequest struct {
+}
+
+// IsSuccess returns true when this unenroll bad request response has a 2xx status code
+func (o *UnenrollBadRequest) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this unenroll bad request response has a 3xx status code
+func (o *UnenrollBadRequest) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this unenroll bad request response has a 4xx status code
+func (o *UnenrollBadRequest) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this unenroll bad request response has a 5xx status code
+func (o *UnenrollBadRequest) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this unenroll bad request response a status code equal to that given
+func (o *UnenrollBadRequest) IsCode(code int) bool {
+	return code == 400
+}
+
+// Code gets the status code for the unenroll bad request response
+func (o *UnenrollBadRequest) Code() int {
+	return 400
+}
+
+func (o *UnenrollBadRequest) Error() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollBadRequest", 400)
+}
+
+func (o *UnenrollBadRequest) String() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollBadRequest", 400)
+}
+
+func (o *UnenrollBadRequest) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewUnenrollUnauthorized creates a UnenrollUnauthorized with default headers values
+func NewUnenrollUnauthorized() *UnenrollUnauthorized {
+	return &UnenrollUnauthorized{}
+}
+
+/*
+UnenrollUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type UnenrollUnauthorized struct {
+}
+
+// IsSuccess returns true when this unenroll unauthorized response has a 2xx status code
+func (o *UnenrollUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this unenroll unauthorized response has a 3xx status code
+func (o *UnenrollUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this unenroll unauthorized response has a 4xx status code
+func (o *UnenrollUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this unenroll unauthorized response has a 5xx status code
+func (o *UnenrollUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this unenroll unauthorized response a status code equal to that given
+func (o *UnenrollUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+// Code gets the status code for the unenroll unauthorized response
+func (o *UnenrollUnauthorized) Code() int {
+	return 401
+}
+
+func (o *UnenrollUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollUnauthorized", 401)
+}
+
+func (o *UnenrollUnauthorized) String() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollUnauthorized", 401)
+}
+
+func (o *UnenrollUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewUnenrollInternalServerError creates a UnenrollInternalServerError with default headers values
+func NewUnenrollInternalServerError() *UnenrollInternalServerError {
+	return &UnenrollInternalServerError{}
+}
+
+/*
+UnenrollInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type UnenrollInternalServerError struct {
+}
+
+// IsSuccess returns true when this unenroll internal server error response has a 2xx status code
+func (o *UnenrollInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this unenroll internal server error response has a 3xx status code
+func (o *UnenrollInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this unenroll internal server error response has a 4xx status code
+func (o *UnenrollInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this unenroll internal server error response has a 5xx status code
+func (o *UnenrollInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this unenroll internal server error response a status code equal to that given
+func (o *UnenrollInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+// Code gets the status code for the unenroll internal server error response
+func (o *UnenrollInternalServerError) Code() int {
+	return 500
+}
+
+func (o *UnenrollInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollInternalServerError", 500)
+}
+
+func (o *UnenrollInternalServerError) String() string {
+	return fmt.Sprintf("[POST /agent/unenroll][%d] unenrollInternalServerError", 500)
+}
+
+func (o *UnenrollInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+UnenrollBody unenroll body
+swagger:model UnenrollBody
+*/
+type UnenrollBody struct {
+
+	// env z Id
+	EnvZID string `json:"envZId,omitempty"`
+}
+
+// Validate validates this unenroll body
+func (o *UnenrollBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this unenroll body based on context it is used
+func (o *UnenrollBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *UnenrollBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *UnenrollBody) UnmarshalBinary(b []byte) error {
+	var res UnenrollBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/embedded_spec.go

@@ -185,6 +185,53 @@ func init() {
         }
       }
     },
+    "/agent/enroll": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "enroll",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "envZId": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "bad request; already enrolled"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/agent/ping": {
       "post": {
         "security": [
@@ -232,6 +279,46 @@ func init() {
         }
       }
     },
+    "/agent/unenroll": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "unenroll",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "envZId": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok"
+          },
+          "400": {
+            "description": "bad request; not enrolled"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/changePassword": {
       "post": {
         "security": [
@@ -2543,6 +2630,53 @@ func init() {
         }
       }
     },
+    "/agent/enroll": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "enroll",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "envZId": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "bad request; already enrolled"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/agent/ping": {
       "post": {
         "security": [
@@ -2590,6 +2724,46 @@ func init() {
         }
       }
     },
+    "/agent/unenroll": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "agent"
+        ],
+        "operationId": "unenroll",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "envZId": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "ok"
+          },
+          "400": {
+            "description": "bad request; not enrolled"
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/changePassword": {
       "post": {
         "security": [

rest_server_zrok/operations/agent/enroll.go

@@ -0,0 +1,148 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/openziti/zrok/rest_model_zrok"
+)
+
+// EnrollHandlerFunc turns a function with the right signature into a enroll handler
+type EnrollHandlerFunc func(EnrollParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn EnrollHandlerFunc) Handle(params EnrollParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// EnrollHandler interface for that can handle valid enroll params
+type EnrollHandler interface {
+	Handle(EnrollParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewEnroll creates a new http.Handler for the enroll operation
+func NewEnroll(ctx *middleware.Context, handler EnrollHandler) *Enroll {
+	return &Enroll{Context: ctx, Handler: handler}
+}
+
+/*
+	Enroll swagger:route POST /agent/enroll agent enroll
+
+Enroll enroll API
+*/
+type Enroll struct {
+	Context *middleware.Context
+	Handler EnrollHandler
+}
+
+func (o *Enroll) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewEnrollParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// EnrollBody enroll body
+//
+// swagger:model EnrollBody
+type EnrollBody struct {
+
+	// env z Id
+	EnvZID string `json:"envZId,omitempty"`
+}
+
+// Validate validates this enroll body
+func (o *EnrollBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this enroll body based on context it is used
+func (o *EnrollBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *EnrollBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *EnrollBody) UnmarshalBinary(b []byte) error {
+	var res EnrollBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+// EnrollOKBody enroll o k body
+//
+// swagger:model EnrollOKBody
+type EnrollOKBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this enroll o k body
+func (o *EnrollOKBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this enroll o k body based on context it is used
+func (o *EnrollOKBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *EnrollOKBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *EnrollOKBody) UnmarshalBinary(b []byte) error {
+	var res EnrollOKBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/agent/enroll_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewEnrollParams creates a new EnrollParams object
+//
+// There are no default values defined in the spec.
+func NewEnrollParams() EnrollParams {
+
+	return EnrollParams{}
+}
+
+// EnrollParams contains all the bound params for the enroll operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters enroll
+type EnrollParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body EnrollBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewEnrollParams() beforehand.
+func (o *EnrollParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body EnrollBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/agent/enroll_responses.go

@@ -0,0 +1,132 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// EnrollOKCode is the HTTP code returned for type EnrollOK
+const EnrollOKCode int = 200
+
+/*
+EnrollOK ok
+
+swagger:response enrollOK
+*/
+type EnrollOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *EnrollOKBody `json:"body,omitempty"`
+}
+
+// NewEnrollOK creates EnrollOK with default headers values
+func NewEnrollOK() *EnrollOK {
+
+	return &EnrollOK{}
+}
+
+// WithPayload adds the payload to the enroll o k response
+func (o *EnrollOK) WithPayload(payload *EnrollOKBody) *EnrollOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the enroll o k response
+func (o *EnrollOK) SetPayload(payload *EnrollOKBody) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *EnrollOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+// EnrollBadRequestCode is the HTTP code returned for type EnrollBadRequest
+const EnrollBadRequestCode int = 400
+
+/*
+EnrollBadRequest bad request; already enrolled
+
+swagger:response enrollBadRequest
+*/
+type EnrollBadRequest struct {
+}
+
+// NewEnrollBadRequest creates EnrollBadRequest with default headers values
+func NewEnrollBadRequest() *EnrollBadRequest {
+
+	return &EnrollBadRequest{}
+}
+
+// WriteResponse to the client
+func (o *EnrollBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(400)
+}
+
+// EnrollUnauthorizedCode is the HTTP code returned for type EnrollUnauthorized
+const EnrollUnauthorizedCode int = 401
+
+/*
+EnrollUnauthorized unauthorized
+
+swagger:response enrollUnauthorized
+*/
+type EnrollUnauthorized struct {
+}
+
+// NewEnrollUnauthorized creates EnrollUnauthorized with default headers values
+func NewEnrollUnauthorized() *EnrollUnauthorized {
+
+	return &EnrollUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *EnrollUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// EnrollInternalServerErrorCode is the HTTP code returned for type EnrollInternalServerError
+const EnrollInternalServerErrorCode int = 500
+
+/*
+EnrollInternalServerError internal server error
+
+swagger:response enrollInternalServerError
+*/
+type EnrollInternalServerError struct {
+}
+
+// NewEnrollInternalServerError creates EnrollInternalServerError with default headers values
+func NewEnrollInternalServerError() *EnrollInternalServerError {
+
+	return &EnrollInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *EnrollInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}

rest_server_zrok/operations/agent/enroll_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// EnrollURL generates an URL for the enroll operation
+type EnrollURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *EnrollURL) WithBasePath(bp string) *EnrollURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *EnrollURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *EnrollURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/agent/enroll"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *EnrollURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *EnrollURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *EnrollURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on EnrollURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on EnrollURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *EnrollURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/agent/unenroll.go

@@ -0,0 +1,111 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/openziti/zrok/rest_model_zrok"
+)
+
+// UnenrollHandlerFunc turns a function with the right signature into a unenroll handler
+type UnenrollHandlerFunc func(UnenrollParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn UnenrollHandlerFunc) Handle(params UnenrollParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// UnenrollHandler interface for that can handle valid unenroll params
+type UnenrollHandler interface {
+	Handle(UnenrollParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewUnenroll creates a new http.Handler for the unenroll operation
+func NewUnenroll(ctx *middleware.Context, handler UnenrollHandler) *Unenroll {
+	return &Unenroll{Context: ctx, Handler: handler}
+}
+
+/*
+	Unenroll swagger:route POST /agent/unenroll agent unenroll
+
+Unenroll unenroll API
+*/
+type Unenroll struct {
+	Context *middleware.Context
+	Handler UnenrollHandler
+}
+
+func (o *Unenroll) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewUnenrollParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// UnenrollBody unenroll body
+//
+// swagger:model UnenrollBody
+type UnenrollBody struct {
+
+	// env z Id
+	EnvZID string `json:"envZId,omitempty"`
+}
+
+// Validate validates this unenroll body
+func (o *UnenrollBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this unenroll body based on context it is used
+func (o *UnenrollBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *UnenrollBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *UnenrollBody) UnmarshalBinary(b []byte) error {
+	var res UnenrollBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/agent/unenroll_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewUnenrollParams creates a new UnenrollParams object
+//
+// There are no default values defined in the spec.
+func NewUnenrollParams() UnenrollParams {
+
+	return UnenrollParams{}
+}
+
+// UnenrollParams contains all the bound params for the unenroll operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters unenroll
+type UnenrollParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body UnenrollBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewUnenrollParams() beforehand.
+func (o *UnenrollParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body UnenrollBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/agent/unenroll_responses.go

@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// UnenrollOKCode is the HTTP code returned for type UnenrollOK
+const UnenrollOKCode int = 200
+
+/*
+UnenrollOK ok
+
+swagger:response unenrollOK
+*/
+type UnenrollOK struct {
+}
+
+// NewUnenrollOK creates UnenrollOK with default headers values
+func NewUnenrollOK() *UnenrollOK {
+
+	return &UnenrollOK{}
+}
+
+// WriteResponse to the client
+func (o *UnenrollOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
+
+// UnenrollBadRequestCode is the HTTP code returned for type UnenrollBadRequest
+const UnenrollBadRequestCode int = 400
+
+/*
+UnenrollBadRequest bad request; not enrolled
+
+swagger:response unenrollBadRequest
+*/
+type UnenrollBadRequest struct {
+}
+
+// NewUnenrollBadRequest creates UnenrollBadRequest with default headers values
+func NewUnenrollBadRequest() *UnenrollBadRequest {
+
+	return &UnenrollBadRequest{}
+}
+
+// WriteResponse to the client
+func (o *UnenrollBadRequest) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(400)
+}
+
+// UnenrollUnauthorizedCode is the HTTP code returned for type UnenrollUnauthorized
+const UnenrollUnauthorizedCode int = 401
+
+/*
+UnenrollUnauthorized unauthorized
+
+swagger:response unenrollUnauthorized
+*/
+type UnenrollUnauthorized struct {
+}
+
+// NewUnenrollUnauthorized creates UnenrollUnauthorized with default headers values
+func NewUnenrollUnauthorized() *UnenrollUnauthorized {
+
+	return &UnenrollUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *UnenrollUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// UnenrollInternalServerErrorCode is the HTTP code returned for type UnenrollInternalServerError
+const UnenrollInternalServerErrorCode int = 500
+
+/*
+UnenrollInternalServerError internal server error
+
+swagger:response unenrollInternalServerError
+*/
+type UnenrollInternalServerError struct {
+}
+
+// NewUnenrollInternalServerError creates UnenrollInternalServerError with default headers values
+func NewUnenrollInternalServerError() *UnenrollInternalServerError {
+
+	return &UnenrollInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *UnenrollInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}

rest_server_zrok/operations/agent/unenroll_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package agent
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// UnenrollURL generates an URL for the unenroll operation
+type UnenrollURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *UnenrollURL) WithBasePath(bp string) *UnenrollURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *UnenrollURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *UnenrollURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/agent/unenroll"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *UnenrollURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *UnenrollURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *UnenrollURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on UnenrollURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on UnenrollURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *UnenrollURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/zrok_api.go

@@ -89,6 +89,9 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		EnvironmentEnableHandler: environment.EnableHandlerFunc(func(params environment.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation environment.Enable has not yet been implemented")
 		}),
+		AgentEnrollHandler: agent.EnrollHandlerFunc(func(params agent.EnrollParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation agent.Enroll has not yet been implemented")
+		}),
 		MetadataGetAccountDetailHandler: metadata.GetAccountDetailHandlerFunc(func(params metadata.GetAccountDetailParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation metadata.GetAccountDetail has not yet been implemented")
 		}),
@@ -170,6 +173,9 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		ShareUnaccessHandler: share.UnaccessHandlerFunc(func(params share.UnaccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation share.Unaccess has not yet been implemented")
 		}),
+		AgentUnenrollHandler: agent.UnenrollHandlerFunc(func(params agent.UnenrollParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation agent.Unenroll has not yet been implemented")
+		}),
 		ShareUnshareHandler: share.UnshareHandlerFunc(func(params share.UnshareParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation share.Unshare has not yet been implemented")
 		}),
@@ -267,6 +273,8 @@ type ZrokAPI struct {
 	EnvironmentDisableHandler environment.DisableHandler
 	// EnvironmentEnableHandler sets the operation handler for the enable operation
 	EnvironmentEnableHandler environment.EnableHandler
+	// AgentEnrollHandler sets the operation handler for the enroll operation
+	AgentEnrollHandler agent.EnrollHandler
 	// MetadataGetAccountDetailHandler sets the operation handler for the get account detail operation
 	MetadataGetAccountDetailHandler metadata.GetAccountDetailHandler
 	// MetadataGetAccountMetricsHandler sets the operation handler for the get account metrics operation
@@ -321,6 +329,8 @@ type ZrokAPI struct {
 	ShareShareHandler share.ShareHandler
 	// ShareUnaccessHandler sets the operation handler for the unaccess operation
 	ShareUnaccessHandler share.UnaccessHandler
+	// AgentUnenrollHandler sets the operation handler for the unenroll operation
+	AgentUnenrollHandler agent.UnenrollHandler
 	// ShareUnshareHandler sets the operation handler for the unshare operation
 	ShareUnshareHandler share.UnshareHandler
 	// ShareUpdateAccessHandler sets the operation handler for the update access operation
@@ -455,6 +465,9 @@ func (o *ZrokAPI) Validate() error {
 	if o.EnvironmentEnableHandler == nil {
 		unregistered = append(unregistered, "environment.EnableHandler")
 	}
+	if o.AgentEnrollHandler == nil {
+		unregistered = append(unregistered, "agent.EnrollHandler")
+	}
 	if o.MetadataGetAccountDetailHandler == nil {
 		unregistered = append(unregistered, "metadata.GetAccountDetailHandler")
 	}
@@ -536,6 +549,9 @@ func (o *ZrokAPI) Validate() error {
 	if o.ShareUnaccessHandler == nil {
 		unregistered = append(unregistered, "share.UnaccessHandler")
 	}
+	if o.AgentUnenrollHandler == nil {
+		unregistered = append(unregistered, "agent.UnenrollHandler")
+	}
 	if o.ShareUnshareHandler == nil {
 		unregistered = append(unregistered, "share.UnshareHandler")
 	}
@@ -708,6 +724,10 @@ func (o *ZrokAPI) initHandlerCache() {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
 	o.handlers["POST"]["/enable"] = environment.NewEnable(o.context, o.EnvironmentEnableHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/agent/enroll"] = agent.NewEnroll(o.context, o.AgentEnrollHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
@@ -816,6 +836,10 @@ func (o *ZrokAPI) initHandlerCache() {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}
 	o.handlers["DELETE"]["/unaccess"] = share.NewUnaccess(o.context, o.ShareUnaccessHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/agent/unenroll"] = agent.NewUnenroll(o.context, o.AgentUnenrollHandler)
 	if o.handlers["DELETE"] == nil {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}

sdk/nodejs/sdk/src/api/.openapi-generator/FILES

@@ -21,6 +21,8 @@ models/CreateOrganization201Response.ts
 models/CreateOrganizationRequest.ts
 models/DisableRequest.ts
 models/EnableRequest.ts
+models/Enroll200Response.ts
+models/EnrollRequest.ts
 models/Environment.ts
 models/EnvironmentAndResources.ts
 models/Frontend.ts
@@ -41,7 +43,6 @@ models/MetricsSample.ts
 models/ModelConfiguration.ts
 models/Overview.ts
 models/Ping200Response.ts
-models/PingRequest.ts
 models/Principal.ts
 models/RegenerateAccountToken200Response.ts
 models/RegenerateAccountTokenRequest.ts

sdk/nodejs/sdk/src/api/apis/AgentApi.ts

@@ -15,18 +15,29 @@
 
 import * as runtime from '../runtime';
 import type {
+  Enroll200Response,
+  EnrollRequest,
   Ping200Response,
-  PingRequest,
 } from '../models/index';
 import {
+    Enroll200ResponseFromJSON,
+    Enroll200ResponseToJSON,
+    EnrollRequestFromJSON,
+    EnrollRequestToJSON,
     Ping200ResponseFromJSON,
     Ping200ResponseToJSON,
-    PingRequestFromJSON,
-    PingRequestToJSON,
 } from '../models/index';
 
-export interface PingOperationRequest {
+export interface EnrollOperationRequest {
-    body?: PingRequest;
+    body?: EnrollRequest;
+}
+
+export interface PingRequest {
+    body?: EnrollRequest;
+}
+
+export interface UnenrollRequest {
+    body?: EnrollRequest;
 }
 
 /**
@@ -36,7 +47,38 @@ export class AgentApi extends runtime.BaseAPI {
 
     /**
      */
-    async pingRaw(requestParameters: PingOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Ping200Response>> {
+    async enrollRaw(requestParameters: EnrollOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Enroll200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/enroll`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: EnrollRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => Enroll200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     */
+    async enroll(requestParameters: EnrollOperationRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Enroll200Response> {
+        const response = await this.enrollRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     */
+    async pingRaw(requestParameters: PingRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Ping200Response>> {
         const queryParameters: any = {};
 
         const headerParameters: runtime.HTTPHeaders = {};
@@ -52,7 +94,7 @@ export class AgentApi extends runtime.BaseAPI {
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: PingRequestToJSON(requestParameters['body']),
+            body: EnrollRequestToJSON(requestParameters['body']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => Ping200ResponseFromJSON(jsonValue));
@@ -60,9 +102,39 @@ export class AgentApi extends runtime.BaseAPI {
 
     /**
      */
-    async ping(requestParameters: PingOperationRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Ping200Response> {
+    async ping(requestParameters: PingRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Ping200Response> {
         const response = await this.pingRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
+    /**
+     */
+    async unenrollRaw(requestParameters: UnenrollRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<void>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/unenroll`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: EnrollRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.VoidApiResponse(response);
+    }
+
+    /**
+     */
+    async unenroll(requestParameters: UnenrollRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<void> {
+        await this.unenrollRaw(requestParameters, initOverrides);
+    }
+
 }

sdk/nodejs/sdk/src/api/models/Enroll200Response.ts

@@ -0,0 +1,65 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 1.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface Enroll200Response
+ */
+export interface Enroll200Response {
+    /**
+     * 
+     * @type {string}
+     * @memberof Enroll200Response
+     */
+    token?: string;
+}
+
+/**
+ * Check if a given object implements the Enroll200Response interface.
+ */
+export function instanceOfEnroll200Response(value: object): value is Enroll200Response {
+    return true;
+}
+
+export function Enroll200ResponseFromJSON(json: any): Enroll200Response {
+    return Enroll200ResponseFromJSONTyped(json, false);
+}
+
+export function Enroll200ResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): Enroll200Response {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'token': json['token'] == null ? undefined : json['token'],
+    };
+}
+
+export function Enroll200ResponseToJSON(json: any): Enroll200Response {
+    return Enroll200ResponseToJSONTyped(json, false);
+}
+
+export function Enroll200ResponseToJSONTyped(value?: Enroll200Response | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'token': value['token'],
+    };
+}
+

sdk/nodejs/sdk/src/api/models/EnrollRequest.ts

@@ -16,29 +16,29 @@ import { mapValues } from '../runtime';
 /**
  * 
  * @export
- * @interface PingRequest
+ * @interface EnrollRequest
  */
-export interface PingRequest {
+export interface EnrollRequest {
     /**
      * 
      * @type {string}
-     * @memberof PingRequest
+     * @memberof EnrollRequest
      */
     envZId?: string;
 }
 
 /**
- * Check if a given object implements the PingRequest interface.
+ * Check if a given object implements the EnrollRequest interface.
  */
-export function instanceOfPingRequest(value: object): value is PingRequest {
+export function instanceOfEnrollRequest(value: object): value is EnrollRequest {
     return true;
 }
 
-export function PingRequestFromJSON(json: any): PingRequest {
+export function EnrollRequestFromJSON(json: any): EnrollRequest {
-    return PingRequestFromJSONTyped(json, false);
+    return EnrollRequestFromJSONTyped(json, false);
 }
 
-export function PingRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): PingRequest {
+export function EnrollRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): EnrollRequest {
     if (json == null) {
         return json;
     }
@@ -48,11 +48,11 @@ export function PingRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean
     };
 }
 
-export function PingRequestToJSON(json: any): PingRequest {
+export function EnrollRequestToJSON(json: any): EnrollRequest {
-    return PingRequestToJSONTyped(json, false);
+    return EnrollRequestToJSONTyped(json, false);
 }
 
-export function PingRequestToJSONTyped(value?: PingRequest | null, ignoreDiscriminator: boolean = false): any {
+export function EnrollRequestToJSONTyped(value?: EnrollRequest | null, ignoreDiscriminator: boolean = false): any {
     if (value == null) {
         return value;
     }

sdk/nodejs/sdk/src/api/models/index.ts

@@ -14,6 +14,8 @@ export * from './CreateOrganization201Response';
 export * from './CreateOrganizationRequest';
 export * from './DisableRequest';
 export * from './EnableRequest';
+export * from './Enroll200Response';
+export * from './EnrollRequest';
 export * from './Environment';
 export * from './EnvironmentAndResources';
 export * from './Frontend';
@@ -34,7 +36,6 @@ export * from './MetricsSample';
 export * from './ModelConfiguration';
 export * from './Overview';
 export * from './Ping200Response';
-export * from './PingRequest';
 export * from './Principal';
 export * from './RegenerateAccountToken200Response';
 export * from './RegenerateAccountTokenRequest';

sdk/python/src/.openapi-generator/FILES

@@ -18,6 +18,8 @@ docs/CreateOrganization201Response.md
 docs/CreateOrganizationRequest.md
 docs/DisableRequest.md
 docs/EnableRequest.md
+docs/Enroll200Response.md
+docs/EnrollRequest.md
 docs/Environment.md
 docs/EnvironmentAndResources.md
 docs/EnvironmentApi.md
@@ -39,7 +41,6 @@ docs/Metrics.md
 docs/MetricsSample.md
 docs/Overview.md
 docs/Ping200Response.md
-docs/PingRequest.md
 docs/Principal.md
 docs/RegenerateAccountToken200Response.md
 docs/RegenerateAccountTokenRequest.md
@@ -80,6 +81,8 @@ test/test_create_organization201_response.py
 test/test_create_organization_request.py
 test/test_disable_request.py
 test/test_enable_request.py
+test/test_enroll200_response.py
+test/test_enroll_request.py
 test/test_environment.py
 test/test_environment_and_resources.py
 test/test_environment_api.py
@@ -101,7 +104,6 @@ test/test_metrics.py
 test/test_metrics_sample.py
 test/test_overview.py
 test/test_ping200_response.py
-test/test_ping_request.py
 test/test_principal.py
 test/test_regenerate_account_token200_response.py
 test/test_regenerate_account_token_request.py
@@ -149,6 +151,8 @@ zrok_api/models/create_organization201_response.py
 zrok_api/models/create_organization_request.py
 zrok_api/models/disable_request.py
 zrok_api/models/enable_request.py
+zrok_api/models/enroll200_response.py
+zrok_api/models/enroll_request.py
 zrok_api/models/environment.py
 zrok_api/models/environment_and_resources.py
 zrok_api/models/frontend.py
@@ -168,7 +172,6 @@ zrok_api/models/metrics.py
 zrok_api/models/metrics_sample.py
 zrok_api/models/overview.py
 zrok_api/models/ping200_response.py
-zrok_api/models/ping_request.py
 zrok_api/models/principal.py
 zrok_api/models/regenerate_account_token200_response.py
 zrok_api/models/regenerate_account_token_request.py

sdk/python/src/README.md

@@ -114,7 +114,9 @@ Class | Method | HTTP request | Description
 *AdminApi* | [**list_organizations**](docs/AdminApi.md#list_organizations) | **GET** /organizations | 
 *AdminApi* | [**remove_organization_member**](docs/AdminApi.md#remove_organization_member) | **POST** /organization/remove | 
 *AdminApi* | [**update_frontend**](docs/AdminApi.md#update_frontend) | **PATCH** /frontend | 
+*AgentApi* | [**enroll**](docs/AgentApi.md#enroll) | **POST** /agent/enroll | 
 *AgentApi* | [**ping**](docs/AgentApi.md#ping) | **POST** /agent/ping | 
+*AgentApi* | [**unenroll**](docs/AgentApi.md#unenroll) | **POST** /agent/unenroll | 
 *EnvironmentApi* | [**disable**](docs/EnvironmentApi.md#disable) | **POST** /disable | 
 *EnvironmentApi* | [**enable**](docs/EnvironmentApi.md#enable) | **POST** /enable | 
 *MetadataApi* | [**client_version_check**](docs/MetadataApi.md#client_version_check) | **POST** /clientVersionCheck | 
@@ -158,6 +160,8 @@ Class | Method | HTTP request | Description
  - [CreateOrganizationRequest](docs/CreateOrganizationRequest.md)
  - [DisableRequest](docs/DisableRequest.md)
  - [EnableRequest](docs/EnableRequest.md)
+ - [Enroll200Response](docs/Enroll200Response.md)
+ - [EnrollRequest](docs/EnrollRequest.md)
  - [Environment](docs/Environment.md)
  - [EnvironmentAndResources](docs/EnvironmentAndResources.md)
  - [Frontend](docs/Frontend.md)
@@ -177,7 +181,6 @@ Class | Method | HTTP request | Description
  - [MetricsSample](docs/MetricsSample.md)
  - [Overview](docs/Overview.md)
  - [Ping200Response](docs/Ping200Response.md)
- - [PingRequest](docs/PingRequest.md)
  - [Principal](docs/Principal.md)
  - [RegenerateAccountToken200Response](docs/RegenerateAccountToken200Response.md)
  - [RegenerateAccountTokenRequest](docs/RegenerateAccountTokenRequest.md)

sdk/python/src/docs/AgentApi.md

@@ -4,11 +4,13 @@ All URIs are relative to */api/v1*
 
 Method | HTTP request | Description
 ------------- | ------------- | -------------
+[**enroll**](AgentApi.md#enroll) | **POST** /agent/enroll | 
 [**ping**](AgentApi.md#ping) | **POST** /agent/ping | 
+[**unenroll**](AgentApi.md#unenroll) | **POST** /agent/unenroll | 
 
 
-# **ping**
+# **enroll**
-> Ping200Response ping(body=body)
+> Enroll200Response enroll(body=body)
 
 ### Example
 
@@ -16,8 +18,8 @@ Method | HTTP request | Description
 
 ```python
 import zrok_api
-from zrok_api.models.ping200_response import Ping200Response
+from zrok_api.models.enroll200_response import Enroll200Response
-from zrok_api.models.ping_request import PingRequest
+from zrok_api.models.enroll_request import EnrollRequest
 from zrok_api.rest import ApiException
 from pprint import pprint
 
@@ -42,7 +44,85 @@ configuration.api_key['key'] = os.environ["API_KEY"]
 with zrok_api.ApiClient(configuration) as api_client:
     # Create an instance of the API class
     api_instance = zrok_api.AgentApi(api_client)
-    body = zrok_api.PingRequest() # PingRequest |  (optional)
+    body = zrok_api.EnrollRequest() # EnrollRequest |  (optional)
+
+    try:
+        api_response = api_instance.enroll(body=body)
+        print("The response of AgentApi->enroll:\n")
+        pprint(api_response)
+    except Exception as e:
+        print("Exception when calling AgentApi->enroll: %s\n" % e)
+```
+
+
+
+### Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **body** | [**EnrollRequest**](EnrollRequest.md)|  | [optional] 
+
+### Return type
+
+[**Enroll200Response**](Enroll200Response.md)
+
+### Authorization
+
+[key](../README.md#key)
+
+### HTTP request headers
+
+ - **Content-Type**: application/zrok.v1+json
+ - **Accept**: application/zrok.v1+json
+
+### HTTP response details
+
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | ok |  -  |
+**400** | bad request; already enrolled |  -  |
+**401** | unauthorized |  -  |
+**500** | internal server error |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+
+# **ping**
+> Ping200Response ping(body=body)
+
+### Example
+
+* Api Key Authentication (key):
+
+```python
+import zrok_api
+from zrok_api.models.enroll_request import EnrollRequest
+from zrok_api.models.ping200_response import Ping200Response
+from zrok_api.rest import ApiException
+from pprint import pprint
+
+# Defining the host is optional and defaults to /api/v1
+# See configuration.py for a list of all supported configuration parameters.
+configuration = zrok_api.Configuration(
+    host = "/api/v1"
+)
+
+# The client must configure the authentication and authorization parameters
+# in accordance with the API server security policy.
+# Examples for each auth method are provided below, use the example that
+# satisfies your auth use case.
+
+# Configure API key authorization: key
+configuration.api_key['key'] = os.environ["API_KEY"]
+
+# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
+# configuration.api_key_prefix['key'] = 'Bearer'
+
+# Enter a context with an instance of the API client
+with zrok_api.ApiClient(configuration) as api_client:
+    # Create an instance of the API class
+    api_instance = zrok_api.AgentApi(api_client)
+    body = zrok_api.EnrollRequest() # EnrollRequest |  (optional)
 
     try:
         api_response = api_instance.ping(body=body)
@@ -59,7 +139,7 @@ with zrok_api.ApiClient(configuration) as api_client:
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
- **body** | [**PingRequest**](PingRequest.md)|  | [optional] 
+ **body** | [**EnrollRequest**](EnrollRequest.md)|  | [optional] 
 
 ### Return type
 
@@ -85,3 +165,78 @@ Name | Type | Description  | Notes
 
 [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
 
+# **unenroll**
+> unenroll(body=body)
+
+### Example
+
+* Api Key Authentication (key):
+
+```python
+import zrok_api
+from zrok_api.models.enroll_request import EnrollRequest
+from zrok_api.rest import ApiException
+from pprint import pprint
+
+# Defining the host is optional and defaults to /api/v1
+# See configuration.py for a list of all supported configuration parameters.
+configuration = zrok_api.Configuration(
+    host = "/api/v1"
+)
+
+# The client must configure the authentication and authorization parameters
+# in accordance with the API server security policy.
+# Examples for each auth method are provided below, use the example that
+# satisfies your auth use case.
+
+# Configure API key authorization: key
+configuration.api_key['key'] = os.environ["API_KEY"]
+
+# Uncomment below to setup prefix (e.g. Bearer) for API key, if needed
+# configuration.api_key_prefix['key'] = 'Bearer'
+
+# Enter a context with an instance of the API client
+with zrok_api.ApiClient(configuration) as api_client:
+    # Create an instance of the API class
+    api_instance = zrok_api.AgentApi(api_client)
+    body = zrok_api.EnrollRequest() # EnrollRequest |  (optional)
+
+    try:
+        api_instance.unenroll(body=body)
+    except Exception as e:
+        print("Exception when calling AgentApi->unenroll: %s\n" % e)
+```
+
+
+
+### Parameters
+
+
+Name | Type | Description  | Notes
+------------- | ------------- | ------------- | -------------
+ **body** | [**EnrollRequest**](EnrollRequest.md)|  | [optional] 
+
+### Return type
+
+void (empty response body)
+
+### Authorization
+
+[key](../README.md#key)
+
+### HTTP request headers
+
+ - **Content-Type**: application/zrok.v1+json
+ - **Accept**: Not defined
+
+### HTTP response details
+
+| Status code | Description | Response headers |
+|-------------|-------------|------------------|
+**200** | ok |  -  |
+**400** | bad request; not enrolled |  -  |
+**401** | unauthorized |  -  |
+**500** | internal server error |  -  |
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md)
+

sdk/python/src/docs/Enroll200Response.md

@@ -0,0 +1,29 @@
+# Enroll200Response
+
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**token** | **str** |  | [optional] 
+
+## Example
+
+```python
+from zrok_api.models.enroll200_response import Enroll200Response
+
+# TODO update the JSON string below
+json = "{}"
+# create an instance of Enroll200Response from a JSON string
+enroll200_response_instance = Enroll200Response.from_json(json)
+# print the JSON string representation of the object
+print(Enroll200Response.to_json())
+
+# convert the object into a dict
+enroll200_response_dict = enroll200_response_instance.to_dict()
+# create an instance of Enroll200Response from a dict
+enroll200_response_from_dict = Enroll200Response.from_dict(enroll200_response_dict)
+```
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+

sdk/python/src/docs/EnrollRequest.md

@@ -1,4 +1,4 @@
-# PingRequest
+# EnrollRequest
 
 
 ## Properties
@@ -10,19 +10,19 @@ Name | Type | Description | Notes
 ## Example
 
 ```python
-from zrok_api.models.ping_request import PingRequest
+from zrok_api.models.enroll_request import EnrollRequest
 
 # TODO update the JSON string below
 json = "{}"
-# create an instance of PingRequest from a JSON string
+# create an instance of EnrollRequest from a JSON string
-ping_request_instance = PingRequest.from_json(json)
+enroll_request_instance = EnrollRequest.from_json(json)
 # print the JSON string representation of the object
-print(PingRequest.to_json())
+print(EnrollRequest.to_json())
 
 # convert the object into a dict
-ping_request_dict = ping_request_instance.to_dict()
+enroll_request_dict = enroll_request_instance.to_dict()
-# create an instance of PingRequest from a dict
+# create an instance of EnrollRequest from a dict
-ping_request_from_dict = PingRequest.from_dict(ping_request_dict)
+enroll_request_from_dict = EnrollRequest.from_dict(enroll_request_dict)
 ```
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
 

sdk/python/src/test/test_agent_api.py

@@ -26,12 +26,24 @@ class TestAgentApi(unittest.TestCase):
     def tearDown(self) -> None:
         pass
 
+    def test_enroll(self) -> None:
+        """Test case for enroll
+
+        """
+        pass
+
     def test_ping(self) -> None:
         """Test case for ping
 
         """
         pass
 
+    def test_unenroll(self) -> None:
+        """Test case for unenroll
+
+        """
+        pass
+
 
 if __name__ == '__main__':
     unittest.main()

sdk/python/src/test/test_enroll200_response.py

@@ -0,0 +1,51 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access
+
+    The version of the OpenAPI document: 1.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+
+import unittest
+
+from zrok_api.models.enroll200_response import Enroll200Response
+
+class TestEnroll200Response(unittest.TestCase):
+    """Enroll200Response unit test stubs"""
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def make_instance(self, include_optional) -> Enroll200Response:
+        """Test Enroll200Response
+            include_optional is a boolean, when False only required
+            params are included, when True both required and
+            optional params are included """
+        # uncomment below to create an instance of `Enroll200Response`
+        """
+        model = Enroll200Response()
+        if include_optional:
+            return Enroll200Response(
+                token = ''
+            )
+        else:
+            return Enroll200Response(
+        )
+        """
+
+    def testEnroll200Response(self):
+        """Test Enroll200Response"""
+        # inst_req_only = self.make_instance(include_optional=False)
+        # inst_req_and_optional = self.make_instance(include_optional=True)
+
+if __name__ == '__main__':
+    unittest.main()

sdk/python/src/test/test_enroll_request.py

@@ -14,10 +14,10 @@
 
 import unittest
 
-from zrok_api.models.ping_request import PingRequest
+from zrok_api.models.enroll_request import EnrollRequest
 
-class TestPingRequest(unittest.TestCase):
+class TestEnrollRequest(unittest.TestCase):
-    """PingRequest unit test stubs"""
+    """EnrollRequest unit test stubs"""
 
     def setUp(self):
         pass
@@ -25,25 +25,25 @@ class TestPingRequest(unittest.TestCase):
     def tearDown(self):
         pass
 
-    def make_instance(self, include_optional) -> PingRequest:
+    def make_instance(self, include_optional) -> EnrollRequest:
-        """Test PingRequest
+        """Test EnrollRequest
             include_optional is a boolean, when False only required
             params are included, when True both required and
             optional params are included """
-        # uncomment below to create an instance of `PingRequest`
+        # uncomment below to create an instance of `EnrollRequest`
         """
-        model = PingRequest()
+        model = EnrollRequest()
         if include_optional:
-            return PingRequest(
+            return EnrollRequest(
                 env_zid = ''
             )
         else:
-            return PingRequest(
+            return EnrollRequest(
         )
         """
 
-    def testPingRequest(self):
+    def testEnrollRequest(self):
-        """Test PingRequest"""
+        """Test EnrollRequest"""
         # inst_req_only = self.make_instance(include_optional=False)
         # inst_req_and_optional = self.make_instance(include_optional=True)
 

sdk/python/src/zrok_api/__init__.py

@@ -51,6 +51,8 @@ from zrok_api.models.create_organization201_response import CreateOrganization20
 from zrok_api.models.create_organization_request import CreateOrganizationRequest
 from zrok_api.models.disable_request import DisableRequest
 from zrok_api.models.enable_request import EnableRequest
+from zrok_api.models.enroll200_response import Enroll200Response
+from zrok_api.models.enroll_request import EnrollRequest
 from zrok_api.models.environment import Environment
 from zrok_api.models.environment_and_resources import EnvironmentAndResources
 from zrok_api.models.frontend import Frontend
@@ -70,7 +72,6 @@ from zrok_api.models.metrics import Metrics
 from zrok_api.models.metrics_sample import MetricsSample
 from zrok_api.models.overview import Overview
 from zrok_api.models.ping200_response import Ping200Response
-from zrok_api.models.ping_request import PingRequest
 from zrok_api.models.principal import Principal
 from zrok_api.models.regenerate_account_token200_response import RegenerateAccountToken200Response
 from zrok_api.models.regenerate_account_token_request import RegenerateAccountTokenRequest

sdk/python/src/zrok_api/api/agent_api.py

@@ -17,8 +17,9 @@ from typing import Any, Dict, List, Optional, Tuple, Union
 from typing_extensions import Annotated
 
 from typing import Optional
+from zrok_api.models.enroll200_response import Enroll200Response
+from zrok_api.models.enroll_request import EnrollRequest
 from zrok_api.models.ping200_response import Ping200Response
-from zrok_api.models.ping_request import PingRequest
 
 from zrok_api.api_client import ApiClient, RequestSerialized
 from zrok_api.api_response import ApiResponse
@@ -38,10 +39,290 @@ class AgentApi:
         self.api_client = api_client
 
 
+    @validate_call
+    def enroll(
+        self,
+        body: Optional[EnrollRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> Enroll200Response:
+        """enroll
+
+
+        :param body:
+        :type body: EnrollRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._enroll_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': "Enroll200Response",
+            '400': None,
+            '401': None,
+            '500': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        ).data
+
+
+    @validate_call
+    def enroll_with_http_info(
+        self,
+        body: Optional[EnrollRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> ApiResponse[Enroll200Response]:
+        """enroll
+
+
+        :param body:
+        :type body: EnrollRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._enroll_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': "Enroll200Response",
+            '400': None,
+            '401': None,
+            '500': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        )
+
+
+    @validate_call
+    def enroll_without_preload_content(
+        self,
+        body: Optional[EnrollRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> RESTResponseType:
+        """enroll
+
+
+        :param body:
+        :type body: EnrollRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._enroll_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': "Enroll200Response",
+            '400': None,
+            '401': None,
+            '500': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        return response_data.response
+
+
+    def _enroll_serialize(
+        self,
+        body,
+        _request_auth,
+        _content_type,
+        _headers,
+        _host_index,
+    ) -> RequestSerialized:
+
+        _host = None
+
+        _collection_formats: Dict[str, str] = {
+        }
+
+        _path_params: Dict[str, str] = {}
+        _query_params: List[Tuple[str, str]] = []
+        _header_params: Dict[str, Optional[str]] = _headers or {}
+        _form_params: List[Tuple[str, str]] = []
+        _files: Dict[
+            str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]
+        ] = {}
+        _body_params: Optional[bytes] = None
+
+        # process the path parameters
+        # process the query parameters
+        # process the header parameters
+        # process the form parameters
+        # process the body parameter
+        if body is not None:
+            _body_params = body
+
+
+        # set the HTTP header `Accept`
+        if 'Accept' not in _header_params:
+            _header_params['Accept'] = self.api_client.select_header_accept(
+                [
+                    'application/zrok.v1+json'
+                ]
+            )
+
+        # set the HTTP header `Content-Type`
+        if _content_type:
+            _header_params['Content-Type'] = _content_type
+        else:
+            _default_content_type = (
+                self.api_client.select_header_content_type(
+                    [
+                        'application/zrok.v1+json'
+                    ]
+                )
+            )
+            if _default_content_type is not None:
+                _header_params['Content-Type'] = _default_content_type
+
+        # authentication setting
+        _auth_settings: List[str] = [
+            'key'
+        ]
+
+        return self.api_client.param_serialize(
+            method='POST',
+            resource_path='/agent/enroll',
+            path_params=_path_params,
+            query_params=_query_params,
+            header_params=_header_params,
+            body=_body_params,
+            post_params=_form_params,
+            files=_files,
+            auth_settings=_auth_settings,
+            collection_formats=_collection_formats,
+            _host=_host,
+            _request_auth=_request_auth
+        )
+
+
+
+
     @validate_call
     def ping(
         self,
-        body: Optional[PingRequest] = None,
+        body: Optional[EnrollRequest] = None,
         _request_timeout: Union[
             None,
             Annotated[StrictFloat, Field(gt=0)],
@@ -59,7 +340,7 @@ class AgentApi:
 
 
         :param body:
-        :type body: PingRequest
+        :type body: EnrollRequest
         :param _request_timeout: timeout setting for this request. If one
                                  number provided, it will be total request
                                  timeout. It can also be a pair (tuple) of
@@ -110,7 +391,7 @@ class AgentApi:
     @validate_call
     def ping_with_http_info(
         self,
-        body: Optional[PingRequest] = None,
+        body: Optional[EnrollRequest] = None,
         _request_timeout: Union[
             None,
             Annotated[StrictFloat, Field(gt=0)],
@@ -128,7 +409,7 @@ class AgentApi:
 
 
         :param body:
-        :type body: PingRequest
+        :type body: EnrollRequest
         :param _request_timeout: timeout setting for this request. If one
                                  number provided, it will be total request
                                  timeout. It can also be a pair (tuple) of
@@ -179,7 +460,7 @@ class AgentApi:
     @validate_call
     def ping_without_preload_content(
         self,
-        body: Optional[PingRequest] = None,
+        body: Optional[EnrollRequest] = None,
         _request_timeout: Union[
             None,
             Annotated[StrictFloat, Field(gt=0)],
@@ -197,7 +478,7 @@ class AgentApi:
 
 
         :param body:
-        :type body: PingRequest
+        :type body: EnrollRequest
         :param _request_timeout: timeout setting for this request. If one
                                  number provided, it will be total request
                                  timeout. It can also be a pair (tuple) of
@@ -316,3 +597,276 @@ class AgentApi:
         )
 
 
+
+
+    @validate_call
+    def unenroll(
+        self,
+        body: Optional[EnrollRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> None:
+        """unenroll
+
+
+        :param body:
+        :type body: EnrollRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._unenroll_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': None,
+            '400': None,
+            '401': None,
+            '500': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        ).data
+
+
+    @validate_call
+    def unenroll_with_http_info(
+        self,
+        body: Optional[EnrollRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> ApiResponse[None]:
+        """unenroll
+
+
+        :param body:
+        :type body: EnrollRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._unenroll_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': None,
+            '400': None,
+            '401': None,
+            '500': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        response_data.read()
+        return self.api_client.response_deserialize(
+            response_data=response_data,
+            response_types_map=_response_types_map,
+        )
+
+
+    @validate_call
+    def unenroll_without_preload_content(
+        self,
+        body: Optional[EnrollRequest] = None,
+        _request_timeout: Union[
+            None,
+            Annotated[StrictFloat, Field(gt=0)],
+            Tuple[
+                Annotated[StrictFloat, Field(gt=0)],
+                Annotated[StrictFloat, Field(gt=0)]
+            ]
+        ] = None,
+        _request_auth: Optional[Dict[StrictStr, Any]] = None,
+        _content_type: Optional[StrictStr] = None,
+        _headers: Optional[Dict[StrictStr, Any]] = None,
+        _host_index: Annotated[StrictInt, Field(ge=0, le=0)] = 0,
+    ) -> RESTResponseType:
+        """unenroll
+
+
+        :param body:
+        :type body: EnrollRequest
+        :param _request_timeout: timeout setting for this request. If one
+                                 number provided, it will be total request
+                                 timeout. It can also be a pair (tuple) of
+                                 (connection, read) timeouts.
+        :type _request_timeout: int, tuple(int, int), optional
+        :param _request_auth: set to override the auth_settings for an a single
+                              request; this effectively ignores the
+                              authentication in the spec for a single request.
+        :type _request_auth: dict, optional
+        :param _content_type: force content-type for the request.
+        :type _content_type: str, Optional
+        :param _headers: set to override the headers for a single
+                         request; this effectively ignores the headers
+                         in the spec for a single request.
+        :type _headers: dict, optional
+        :param _host_index: set to override the host_index for a single
+                            request; this effectively ignores the host_index
+                            in the spec for a single request.
+        :type _host_index: int, optional
+        :return: Returns the result object.
+        """ # noqa: E501
+
+        _param = self._unenroll_serialize(
+            body=body,
+            _request_auth=_request_auth,
+            _content_type=_content_type,
+            _headers=_headers,
+            _host_index=_host_index
+        )
+
+        _response_types_map: Dict[str, Optional[str]] = {
+            '200': None,
+            '400': None,
+            '401': None,
+            '500': None,
+        }
+        response_data = self.api_client.call_api(
+            *_param,
+            _request_timeout=_request_timeout
+        )
+        return response_data.response
+
+
+    def _unenroll_serialize(
+        self,
+        body,
+        _request_auth,
+        _content_type,
+        _headers,
+        _host_index,
+    ) -> RequestSerialized:
+
+        _host = None
+
+        _collection_formats: Dict[str, str] = {
+        }
+
+        _path_params: Dict[str, str] = {}
+        _query_params: List[Tuple[str, str]] = []
+        _header_params: Dict[str, Optional[str]] = _headers or {}
+        _form_params: List[Tuple[str, str]] = []
+        _files: Dict[
+            str, Union[str, bytes, List[str], List[bytes], List[Tuple[str, bytes]]]
+        ] = {}
+        _body_params: Optional[bytes] = None
+
+        # process the path parameters
+        # process the query parameters
+        # process the header parameters
+        # process the form parameters
+        # process the body parameter
+        if body is not None:
+            _body_params = body
+
+
+
+        # set the HTTP header `Content-Type`
+        if _content_type:
+            _header_params['Content-Type'] = _content_type
+        else:
+            _default_content_type = (
+                self.api_client.select_header_content_type(
+                    [
+                        'application/zrok.v1+json'
+                    ]
+                )
+            )
+            if _default_content_type is not None:
+                _header_params['Content-Type'] = _default_content_type
+
+        # authentication setting
+        _auth_settings: List[str] = [
+            'key'
+        ]
+
+        return self.api_client.param_serialize(
+            method='POST',
+            resource_path='/agent/unenroll',
+            path_params=_path_params,
+            query_params=_query_params,
+            header_params=_header_params,
+            body=_body_params,
+            post_params=_form_params,
+            files=_files,
+            auth_settings=_auth_settings,
+            collection_formats=_collection_formats,
+            _host=_host,
+            _request_auth=_request_auth
+        )
+
+

sdk/python/src/zrok_api/models/__init__.py

@@ -29,6 +29,8 @@ from zrok_api.models.create_organization201_response import CreateOrganization20
 from zrok_api.models.create_organization_request import CreateOrganizationRequest
 from zrok_api.models.disable_request import DisableRequest
 from zrok_api.models.enable_request import EnableRequest
+from zrok_api.models.enroll200_response import Enroll200Response
+from zrok_api.models.enroll_request import EnrollRequest
 from zrok_api.models.environment import Environment
 from zrok_api.models.environment_and_resources import EnvironmentAndResources
 from zrok_api.models.frontend import Frontend
@@ -48,7 +50,6 @@ from zrok_api.models.metrics import Metrics
 from zrok_api.models.metrics_sample import MetricsSample
 from zrok_api.models.overview import Overview
 from zrok_api.models.ping200_response import Ping200Response
-from zrok_api.models.ping_request import PingRequest
 from zrok_api.models.principal import Principal
 from zrok_api.models.regenerate_account_token200_response import RegenerateAccountToken200Response
 from zrok_api.models.regenerate_account_token_request import RegenerateAccountTokenRequest

sdk/python/src/zrok_api/models/enroll200_response.py

@@ -0,0 +1,87 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access
+
+    The version of the OpenAPI document: 1.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+
+from __future__ import annotations
+import pprint
+import re  # noqa: F401
+import json
+
+from pydantic import BaseModel, ConfigDict, StrictStr
+from typing import Any, ClassVar, Dict, List, Optional
+from typing import Optional, Set
+from typing_extensions import Self
+
+class Enroll200Response(BaseModel):
+    """
+    Enroll200Response
+    """ # noqa: E501
+    token: Optional[StrictStr] = None
+    __properties: ClassVar[List[str]] = ["token"]
+
+    model_config = ConfigDict(
+        populate_by_name=True,
+        validate_assignment=True,
+        protected_namespaces=(),
+    )
+
+
+    def to_str(self) -> str:
+        """Returns the string representation of the model using alias"""
+        return pprint.pformat(self.model_dump(by_alias=True))
+
+    def to_json(self) -> str:
+        """Returns the JSON representation of the model using alias"""
+        # TODO: pydantic v2: use .model_dump_json(by_alias=True, exclude_unset=True) instead
+        return json.dumps(self.to_dict())
+
+    @classmethod
+    def from_json(cls, json_str: str) -> Optional[Self]:
+        """Create an instance of Enroll200Response from a JSON string"""
+        return cls.from_dict(json.loads(json_str))
+
+    def to_dict(self) -> Dict[str, Any]:
+        """Return the dictionary representation of the model using alias.
+
+        This has the following differences from calling pydantic's
+        `self.model_dump(by_alias=True)`:
+
+        * `None` is only added to the output dict for nullable fields that
+          were set at model initialization. Other fields with value `None`
+          are ignored.
+        """
+        excluded_fields: Set[str] = set([
+        ])
+
+        _dict = self.model_dump(
+            by_alias=True,
+            exclude=excluded_fields,
+            exclude_none=True,
+        )
+        return _dict
+
+    @classmethod
+    def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
+        """Create an instance of Enroll200Response from a dict"""
+        if obj is None:
+            return None
+
+        if not isinstance(obj, dict):
+            return cls.model_validate(obj)
+
+        _obj = cls.model_validate({
+            "token": obj.get("token")
+        })
+        return _obj
+
+

sdk/python/src/zrok_api/models/enroll_request.py

@@ -22,9 +22,9 @@ from typing import Any, ClassVar, Dict, List, Optional
 from typing import Optional, Set
 from typing_extensions import Self
 
-class PingRequest(BaseModel):
+class EnrollRequest(BaseModel):
     """
-    PingRequest
+    EnrollRequest
     """ # noqa: E501
     env_zid: Optional[StrictStr] = Field(default=None, alias="envZId")
     __properties: ClassVar[List[str]] = ["envZId"]
@@ -47,7 +47,7 @@ class PingRequest(BaseModel):
 
     @classmethod
     def from_json(cls, json_str: str) -> Optional[Self]:
-        """Create an instance of PingRequest from a JSON string"""
+        """Create an instance of EnrollRequest from a JSON string"""
         return cls.from_dict(json.loads(json_str))
 
     def to_dict(self) -> Dict[str, Any]:
@@ -72,7 +72,7 @@ class PingRequest(BaseModel):
 
     @classmethod
     def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
-        """Create an instance of PingRequest from a dict"""
+        """Create an instance of EnrollRequest from a dict"""
         if obj is None:
             return None
 

specs/zrok.yml

@@ -616,6 +616,58 @@ paths:
   #
   # agent
   #
+  /agent/enroll:
+    post:
+      tags:
+        - agent
+      security:
+        - key: []
+      operationId: enroll
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              envZId:
+                type: string
+      responses:
+        200:
+          description: ok
+          schema:
+            properties:
+              token:
+                type: string
+        400:
+          description: bad request; already enrolled
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
+
+  /agent/unenroll:
+    post:
+      tags:
+        - agent
+      security:
+        - key: []
+      operationId: unenroll
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              envZId:
+                type: string
+      responses:
+        200:
+          description: ok
+        400:
+          description: bad request; not enrolled
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
+
   /agent/ping:
     post:
       tags:

ui/src/api/.openapi-generator/FILES

@@ -21,6 +21,8 @@ models/CreateOrganization201Response.ts
 models/CreateOrganizationRequest.ts
 models/DisableRequest.ts
 models/EnableRequest.ts
+models/Enroll200Response.ts
+models/EnrollRequest.ts
 models/Environment.ts
 models/EnvironmentAndResources.ts
 models/Frontend.ts
@@ -41,7 +43,6 @@ models/MetricsSample.ts
 models/ModelConfiguration.ts
 models/Overview.ts
 models/Ping200Response.ts
-models/PingRequest.ts
 models/Principal.ts
 models/RegenerateAccountToken200Response.ts
 models/RegenerateAccountTokenRequest.ts

ui/src/api/apis/AgentApi.ts

@@ -15,18 +15,29 @@
 
 import * as runtime from '../runtime';
 import type {
+  Enroll200Response,
+  EnrollRequest,
   Ping200Response,
-  PingRequest,
 } from '../models/index';
 import {
+    Enroll200ResponseFromJSON,
+    Enroll200ResponseToJSON,
+    EnrollRequestFromJSON,
+    EnrollRequestToJSON,
     Ping200ResponseFromJSON,
     Ping200ResponseToJSON,
-    PingRequestFromJSON,
-    PingRequestToJSON,
 } from '../models/index';
 
-export interface PingOperationRequest {
+export interface EnrollOperationRequest {
-    body?: PingRequest;
+    body?: EnrollRequest;
+}
+
+export interface PingRequest {
+    body?: EnrollRequest;
+}
+
+export interface UnenrollRequest {
+    body?: EnrollRequest;
 }
 
 /**
@@ -36,7 +47,38 @@ export class AgentApi extends runtime.BaseAPI {
 
     /**
      */
-    async pingRaw(requestParameters: PingOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Ping200Response>> {
+    async enrollRaw(requestParameters: EnrollOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Enroll200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/enroll`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: EnrollRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => Enroll200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     */
+    async enroll(requestParameters: EnrollOperationRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Enroll200Response> {
+        const response = await this.enrollRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     */
+    async pingRaw(requestParameters: PingRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Ping200Response>> {
         const queryParameters: any = {};
 
         const headerParameters: runtime.HTTPHeaders = {};
@@ -52,7 +94,7 @@ export class AgentApi extends runtime.BaseAPI {
             method: 'POST',
             headers: headerParameters,
             query: queryParameters,
-            body: PingRequestToJSON(requestParameters['body']),
+            body: EnrollRequestToJSON(requestParameters['body']),
         }, initOverrides);
 
         return new runtime.JSONApiResponse(response, (jsonValue) => Ping200ResponseFromJSON(jsonValue));
@@ -60,9 +102,39 @@ export class AgentApi extends runtime.BaseAPI {
 
     /**
      */
-    async ping(requestParameters: PingOperationRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Ping200Response> {
+    async ping(requestParameters: PingRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Ping200Response> {
         const response = await this.pingRaw(requestParameters, initOverrides);
         return await response.value();
     }
 
+    /**
+     */
+    async unenrollRaw(requestParameters: UnenrollRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<void>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/zrok.v1+json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["x-token"] = await this.configuration.apiKey("x-token"); // key authentication
+        }
+
+        const response = await this.request({
+            path: `/agent/unenroll`,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: EnrollRequestToJSON(requestParameters['body']),
+        }, initOverrides);
+
+        return new runtime.VoidApiResponse(response);
+    }
+
+    /**
+     */
+    async unenroll(requestParameters: UnenrollRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<void> {
+        await this.unenrollRaw(requestParameters, initOverrides);
+    }
+
 }

ui/src/api/models/Enroll200Response.ts

@@ -0,0 +1,65 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 1.0.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { mapValues } from '../runtime';
+/**
+ * 
+ * @export
+ * @interface Enroll200Response
+ */
+export interface Enroll200Response {
+    /**
+     * 
+     * @type {string}
+     * @memberof Enroll200Response
+     */
+    token?: string;
+}
+
+/**
+ * Check if a given object implements the Enroll200Response interface.
+ */
+export function instanceOfEnroll200Response(value: object): value is Enroll200Response {
+    return true;
+}
+
+export function Enroll200ResponseFromJSON(json: any): Enroll200Response {
+    return Enroll200ResponseFromJSONTyped(json, false);
+}
+
+export function Enroll200ResponseFromJSONTyped(json: any, ignoreDiscriminator: boolean): Enroll200Response {
+    if (json == null) {
+        return json;
+    }
+    return {
+        
+        'token': json['token'] == null ? undefined : json['token'],
+    };
+}
+
+export function Enroll200ResponseToJSON(json: any): Enroll200Response {
+    return Enroll200ResponseToJSONTyped(json, false);
+}
+
+export function Enroll200ResponseToJSONTyped(value?: Enroll200Response | null, ignoreDiscriminator: boolean = false): any {
+    if (value == null) {
+        return value;
+    }
+
+    return {
+        
+        'token': value['token'],
+    };
+}
+

ui/src/api/models/EnrollRequest.ts

@@ -16,29 +16,29 @@ import { mapValues } from '../runtime';
 /**
  * 
  * @export
- * @interface PingRequest
+ * @interface EnrollRequest
  */
-export interface PingRequest {
+export interface EnrollRequest {
     /**
      * 
      * @type {string}
-     * @memberof PingRequest
+     * @memberof EnrollRequest
      */
     envZId?: string;
 }
 
 /**
- * Check if a given object implements the PingRequest interface.
+ * Check if a given object implements the EnrollRequest interface.
  */
-export function instanceOfPingRequest(value: object): value is PingRequest {
+export function instanceOfEnrollRequest(value: object): value is EnrollRequest {
     return true;
 }
 
-export function PingRequestFromJSON(json: any): PingRequest {
+export function EnrollRequestFromJSON(json: any): EnrollRequest {
-    return PingRequestFromJSONTyped(json, false);
+    return EnrollRequestFromJSONTyped(json, false);
 }
 
-export function PingRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): PingRequest {
+export function EnrollRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean): EnrollRequest {
     if (json == null) {
         return json;
     }
@@ -48,11 +48,11 @@ export function PingRequestFromJSONTyped(json: any, ignoreDiscriminator: boolean
     };
 }
 
-export function PingRequestToJSON(json: any): PingRequest {
+export function EnrollRequestToJSON(json: any): EnrollRequest {
-    return PingRequestToJSONTyped(json, false);
+    return EnrollRequestToJSONTyped(json, false);
 }
 
-export function PingRequestToJSONTyped(value?: PingRequest | null, ignoreDiscriminator: boolean = false): any {
+export function EnrollRequestToJSONTyped(value?: EnrollRequest | null, ignoreDiscriminator: boolean = false): any {
     if (value == null) {
         return value;
     }

ui/src/api/models/index.ts

@@ -14,6 +14,8 @@ export * from './CreateOrganization201Response';
 export * from './CreateOrganizationRequest';
 export * from './DisableRequest';
 export * from './EnableRequest';
+export * from './Enroll200Response';
+export * from './EnrollRequest';
 export * from './Environment';
 export * from './EnvironmentAndResources';
 export * from './Frontend';
@@ -34,7 +36,6 @@ export * from './MetricsSample';
 export * from './ModelConfiguration';
 export * from './Overview';
 export * from './Ping200Response';
-export * from './PingRequest';
 export * from './Principal';
 export * from './RegenerateAccountToken200Response';
 export * from './RegenerateAccountTokenRequest';