Merge branch 'main' into v1_0_0

CHANGELOG.md

@@ -6,6 +6,8 @@ MAJOR RELEASE: zrok reaches version 1.0.0!
 
 ## v0.4.39
 
+FEATURE: New API endpoint allowing direct creation of accounts in the zrok database. Requires an admin token (specified in the controller configuration yaml) for authentication. See the OpenAPI spec for details of the API endpoint. The `zrok admin create account` CLI was also updated to call the API endpoint, rather than directly operating on the underlying database (https://github.com/openziti/zrok/issues/734). The [Docker](https://github.com/openziti/zrok/pull/736) and [Kubernetes](https://github.com/openziti/helm-charts/pull/249) zrok instance deployments were adapted to the new CLI parameter shape.
+
 FEATURE: Support `html_path` directive in `interstitial` stanza of public frontend configuration to support using an external HTML file for the interstitial page (https://github.com/openziti/zrok/issues/716)
 
 FEATURE: `zrok access private` now includes a `--response-header` flag to add headers to the response for HTTP-based backends. Add flag multiple times to add multiple headers to the response. Expects `key:value` header definitions in this format: `--response-header "Access-Control-Allow-Origin: *"` (https://github.com/openziti/zrok/issues/522)

cmd/zrok/adminCreateAccount.go

@@ -2,9 +2,8 @@ package main
 
 import (
 	"fmt"
-	"github.com/openziti/zrok/controller"
+	"github.com/openziti/zrok/environment"
-	"github.com/openziti/zrok/controller/config"
+	"github.com/openziti/zrok/rest_client_zrok/admin"
-	"github.com/openziti/zrok/controller/store"
 	"github.com/spf13/cobra"
 )
 
@@ -18,9 +17,9 @@ type adminCreateAccount struct {
 
 func newAdminCreateAccount() *adminCreateAccount {
 	cmd := &cobra.Command{
-		Use:   "account <configPath}> <email> <password>",
+		Use:   "account <email> <password>",
 		Short: "Pre-populate an account in the database; returns an enable token for the account",
-		Args:  cobra.ExactArgs(3),
+		Args:  cobra.ExactArgs(2),
 	}
 	command := &adminCreateAccount{cmd: cmd}
 	cmd.Run = command.run
@@ -28,39 +27,24 @@ func newAdminCreateAccount() *adminCreateAccount {
 }
 
 func (cmd *adminCreateAccount) run(_ *cobra.Command, args []string) {
-	cfg, err := config.LoadConfig(args[0])
+	env, err := environment.LoadRoot()
 	if err != nil {
 		panic(err)
 	}
-	str, err := store.Open(cfg.Store)
+
+	zrok, err := env.Client()
 	if err != nil {
 		panic(err)
 	}
-	token, err := controller.CreateToken()
+
+	req := admin.NewCreateAccountParams()
+	req.Body.Email = args[0]
+	req.Body.Password = args[1]
+
+	resp, err := zrok.Admin.CreateAccount(req, mustGetAdminAuth())
 	if err != nil {
 		panic(err)
 	}
-	hpwd, err := controller.HashPassword(args[2])
+
-	if err != nil {
+	fmt.Println(resp.GetPayload().Token)
-		panic(err)
-	}
-	trx, err := str.Begin()
-	if err != nil {
-		panic(err)
-	}
-	defer func() {
-		if err := trx.Commit(); err != nil {
-			panic(err)
-		}
-	}()
-	a := &store.Account{
-		Email:    args[1],
-		Salt:     hpwd.Salt,
-		Password: hpwd.Password,
-		Token:    token,
-	}
-	if _, err := str.CreateAccount(a, trx); err != nil {
-		panic(err)
-	}
-	fmt.Println(token)
 }

controller/controller.go

@@ -52,6 +52,7 @@ func Run(inCfg *config.Config) error {
 	api.AccountResetPasswordHandler = newResetPasswordHandler(cfg)
 	api.AccountResetPasswordRequestHandler = newResetPasswordRequestHandler()
 	api.AccountVerifyHandler = newVerifyHandler()
+	api.AdminCreateAccountHandler = newCreateAccountHandler()
 	api.AdminCreateFrontendHandler = newCreateFrontendHandler()
 	api.AdminCreateIdentityHandler = newCreateIdentityHandler()
 	api.AdminDeleteFrontendHandler = newDeleteFrontendHandler()

controller/createAccount.go

@@ -0,0 +1,59 @@
+package controller
+
+import (
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti/zrok/controller/store"
+	"github.com/openziti/zrok/rest_model_zrok"
+	"github.com/openziti/zrok/rest_server_zrok/operations/admin"
+	"github.com/sirupsen/logrus"
+)
+
+type createAccountHandler struct{}
+
+func newCreateAccountHandler() *createAccountHandler {
+	return &createAccountHandler{}
+}
+
+func (h *createAccountHandler) Handle(params admin.CreateAccountParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	if !principal.Admin {
+		logrus.Errorf("invalid admin principal")
+		return admin.NewCreateAccountUnauthorized()
+	}
+
+	token, err := CreateToken()
+	if err != nil {
+		logrus.Errorf("error creating token: %v", err)
+		return admin.NewCreateAccountInternalServerError()
+	}
+	hpwd, err := HashPassword(params.Body.Password)
+	if err != nil {
+		logrus.Errorf("error hashing password: %v", err)
+		return admin.NewCreateAccountInternalServerError()
+	}
+
+	trx, err := str.Begin()
+	if err != nil {
+		logrus.Errorf("error starting transaction: %v", err)
+		return admin.NewCreateAccountInternalServerError()
+	}
+	defer func() {
+		_ = trx.Rollback()
+	}()
+	a := &store.Account{
+		Email:    params.Body.Email,
+		Salt:     hpwd.Salt,
+		Password: hpwd.Password,
+		Token:    token,
+	}
+	if _, err := str.CreateAccount(a, trx); err != nil {
+		logrus.Errorf("error creating account: %v", err)
+		return admin.NewCreateAccountInternalServerError()
+	}
+	if err := trx.Commit(); err != nil {
+		logrus.Errorf("error committing transaction: %v", err)
+	}
+
+	logrus.Infof("administratively created account '%v'", params.Body.Email)
+
+	return admin.NewCreateAccountCreated().WithPayload(&admin.CreateAccountCreatedBody{Token: token})
+}

docker/compose/zrok-instance/README.md

@@ -11,7 +11,7 @@ This Docker Compose project creates a zrok instance and includes a ziti controll
 
 #### Additional DNS Configuration for Caddy TLS
 
-The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `caddy.compose.override.yml` as `compose.override.yml`.
+The included Caddy container can automatically manage a wildcard certificate for your zrok instance. You can enable Caddy in this compose project by renaming `compose.caddy.yml` as `compose.override.yml`.
 
 1. Ensure A Caddy DNS plugin is available for your DNS provider (see [github.com/caddy-dns](https://github.com/orgs/caddy-dns/repositories?type=all&q=sort%3Aname-asc)).
 1. Designate A DNS zone for zrok, e.g. `example.com` or `share.example.com` and create the zone on your DNS provider's platform.
@@ -64,7 +64,7 @@ ZROK_ADMIN_TOKEN=zroktoken
 ```
 
 ```bash title=".env options"
-# Caddy TLS option: rename caddy.compose.override.yml to compose.override.yml and set these vars; allow 80,443 in firewall
+# Caddy TLS option: rename compose.caddy.yml to compose.override.yml and set these vars; allow 80,443 in firewall
 # plugin name for your DNS provider
 CADDY_DNS_PLUGIN=cloudflare
 # API token from your DNS provider
@@ -110,11 +110,11 @@ ZITI_CLI_TAG=latest
 This step creates a user account. You will log in to the zrok web console with the account password created in this step. The ZROK_USER_EMAIL and ZROK_USER_PWD variables are set in the `.env` file. You can create more user accounts the same way by substituting a different email and password.
 
 ```bash title="Create the first user account"
-docker compose exec zrok-controller bash -xc 'zrok admin create account /etc/zrok-controller/config.yml ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
+docker compose exec zrok-controller bash -xc 'zrok admin create account ${ZROK_USER_EMAIL} ${ZROK_USER_PWD}'
 ```
 
 ```buttonless title="Example output"
-+ zrok admin create account /etc/zrok-controller/config.yml me@example.com zrokuserpw
++ zrok admin create account me@example.com zrokuserpw
 [   0.000]    INFO zrok/controller/store.Open: database connected
 [   0.002]    INFO zrok/controller/store.(*Store).migrate: applied 0 migrations
 heMqncCyxZcx
@@ -123,7 +123,7 @@ heMqncCyxZcx
 Create additional users by running the command again with a different email and password.
 
 ```bash title="Create another user"
-docker compose exec zrok-controller zrok admin create account /etc/zrok-controller/config.yml <email> <password>
+docker compose exec zrok-controller zrok admin create account <email> <password>
 ```
 
 ### Enable the User Environment

docker/compose/zrok-instance/compose.yml

@@ -114,6 +114,8 @@ services:
     environment:
       ZROK_USER_PWD: ${ZROK_USER_PWD} # admin account password     (initial user account)
       ZROK_USER_EMAIL: ${ZROK_USER_EMAIL}  # login email address (initial user account)
+      ZROK_ADMIN_TOKEN: ${ZROK_ADMIN_TOKEN} # zrok controller admin password
+      ZROK_API_ENDPOINT: http://zrok-controller:${ZROK_CTRL_PORT:-18080} # bridge address of the zrok controller
 
   zrok-frontend:
     depends_on:

docs/guides/self-hosting/linux/index.mdx

@@ -231,7 +231,7 @@ address:            0.0.0.0:8080
 
 This frontend config file has a `host_match` pattern that represents the DNS zone you're using with this instance of `zrok`. Incoming HTTP requests with a matching `Host` header will be handled by this frontend. You may also specify the interface address where the frontend will listen for public access requests.
 
-The frontend does not provide server TLS, but you may front the server with a reverse proxy. It is essential the reverse proxy forwards the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
+The frontend does not provide server TLS, but you may front the server with a reverse proxy. The reverse proxy must forward the `Host` header supplied by the viewer. This example will expose the non-TLS listener for the frontend.
 
 You can also specify an `oauth` configuration in this file, full details of are found in [OAuth Public Frontend Configuration](/guides/self-hosting/oauth/configuring-oauth.md#configuring-your-public-frontend).
 
@@ -254,7 +254,7 @@ The `zrok` frontend uses the `public` identity created during the bootstrap proc
 With our `ZROK_ADMIN_TOKEN` and `ZROK_API_ENDPOINT` environment variables set, we can create our first user account.
 
 ```bash
-zrok admin create account etc/ctrl.yml <email> <password>
+zrok admin create account <email> <password>
 ```
 
 The output is the account token you will use to enable each device's zrok environment.

openapitools.json

@@ -0,0 +1,7 @@
+{
+  "$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
+  "spaces": 2,
+  "generator-cli": {
+    "version": "7.7.0"
+  }
+}

rest_client_zrok/admin/admin_client.go

@@ -30,6 +30,8 @@ type ClientOption func(*runtime.ClientOperation)
 
 // ClientService is the interface for Client methods
 type ClientService interface {
+	CreateAccount(params *CreateAccountParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateAccountCreated, error)
+
 	CreateFrontend(params *CreateFrontendParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateFrontendCreated, error)
 
 	CreateIdentity(params *CreateIdentityParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateIdentityCreated, error)
@@ -45,6 +47,45 @@ type ClientService interface {
 	SetTransport(transport runtime.ClientTransport)
 }
 
+/*
+CreateAccount create account API
+*/
+func (a *Client) CreateAccount(params *CreateAccountParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*CreateAccountCreated, error) {
+	// TODO: Validate the params before sending
+	if params == nil {
+		params = NewCreateAccountParams()
+	}
+	op := &runtime.ClientOperation{
+		ID:                 "createAccount",
+		Method:             "POST",
+		PathPattern:        "/account",
+		ProducesMediaTypes: []string{"application/zrok.v1+json"},
+		ConsumesMediaTypes: []string{"application/zrok.v1+json"},
+		Schemes:            []string{"http"},
+		Params:             params,
+		Reader:             &CreateAccountReader{formats: a.formats},
+		AuthInfo:           authInfo,
+		Context:            params.Context,
+		Client:             params.HTTPClient,
+	}
+	for _, opt := range opts {
+		opt(op)
+	}
+
+	result, err := a.transport.Submit(op)
+	if err != nil {
+		return nil, err
+	}
+	success, ok := result.(*CreateAccountCreated)
+	if ok {
+		return success, nil
+	}
+	// unexpected success response
+	// safeguard: normally, absent a default response, unknown success responses return an error above: so this is a codegen issue
+	msg := fmt.Sprintf("unexpected success response for createAccount: API contract not enforced by server. Client expected to get an error, but got: %T", result)
+	panic(msg)
+}
+
 /*
 CreateFrontend create frontend API
 */

rest_client_zrok/admin/create_account_parameters.go

@@ -0,0 +1,146 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	cr "github.com/go-openapi/runtime/client"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewCreateAccountParams creates a new CreateAccountParams object,
+// with the default timeout for this client.
+//
+// Default values are not hydrated, since defaults are normally applied by the API server side.
+//
+// To enforce default values in parameter, use SetDefaults or WithDefaults.
+func NewCreateAccountParams() *CreateAccountParams {
+	return &CreateAccountParams{
+		timeout: cr.DefaultTimeout,
+	}
+}
+
+// NewCreateAccountParamsWithTimeout creates a new CreateAccountParams object
+// with the ability to set a timeout on a request.
+func NewCreateAccountParamsWithTimeout(timeout time.Duration) *CreateAccountParams {
+	return &CreateAccountParams{
+		timeout: timeout,
+	}
+}
+
+// NewCreateAccountParamsWithContext creates a new CreateAccountParams object
+// with the ability to set a context for a request.
+func NewCreateAccountParamsWithContext(ctx context.Context) *CreateAccountParams {
+	return &CreateAccountParams{
+		Context: ctx,
+	}
+}
+
+// NewCreateAccountParamsWithHTTPClient creates a new CreateAccountParams object
+// with the ability to set a custom HTTPClient for a request.
+func NewCreateAccountParamsWithHTTPClient(client *http.Client) *CreateAccountParams {
+	return &CreateAccountParams{
+		HTTPClient: client,
+	}
+}
+
+/*
+CreateAccountParams contains all the parameters to send to the API endpoint
+
+	for the create account operation.
+
+	Typically these are written to a http.Request.
+*/
+type CreateAccountParams struct {
+
+	// Body.
+	Body CreateAccountBody
+
+	timeout    time.Duration
+	Context    context.Context
+	HTTPClient *http.Client
+}
+
+// WithDefaults hydrates default values in the create account params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateAccountParams) WithDefaults() *CreateAccountParams {
+	o.SetDefaults()
+	return o
+}
+
+// SetDefaults hydrates default values in the create account params (not the query body).
+//
+// All values with no default are reset to their zero value.
+func (o *CreateAccountParams) SetDefaults() {
+	// no default values defined for this parameter
+}
+
+// WithTimeout adds the timeout to the create account params
+func (o *CreateAccountParams) WithTimeout(timeout time.Duration) *CreateAccountParams {
+	o.SetTimeout(timeout)
+	return o
+}
+
+// SetTimeout adds the timeout to the create account params
+func (o *CreateAccountParams) SetTimeout(timeout time.Duration) {
+	o.timeout = timeout
+}
+
+// WithContext adds the context to the create account params
+func (o *CreateAccountParams) WithContext(ctx context.Context) *CreateAccountParams {
+	o.SetContext(ctx)
+	return o
+}
+
+// SetContext adds the context to the create account params
+func (o *CreateAccountParams) SetContext(ctx context.Context) {
+	o.Context = ctx
+}
+
+// WithHTTPClient adds the HTTPClient to the create account params
+func (o *CreateAccountParams) WithHTTPClient(client *http.Client) *CreateAccountParams {
+	o.SetHTTPClient(client)
+	return o
+}
+
+// SetHTTPClient adds the HTTPClient to the create account params
+func (o *CreateAccountParams) SetHTTPClient(client *http.Client) {
+	o.HTTPClient = client
+}
+
+// WithBody adds the body to the create account params
+func (o *CreateAccountParams) WithBody(body CreateAccountBody) *CreateAccountParams {
+	o.SetBody(body)
+	return o
+}
+
+// SetBody adds the body to the create account params
+func (o *CreateAccountParams) SetBody(body CreateAccountBody) {
+	o.Body = body
+}
+
+// WriteToRequest writes these params to a swagger request
+func (o *CreateAccountParams) WriteToRequest(r runtime.ClientRequest, reg strfmt.Registry) error {
+
+	if err := r.SetTimeout(o.timeout); err != nil {
+		return err
+	}
+	var res []error
+	if err := r.SetBodyParam(o.Body); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_client_zrok/admin/create_account_responses.go

@@ -0,0 +1,306 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CreateAccountReader is a Reader for the CreateAccount structure.
+type CreateAccountReader struct {
+	formats strfmt.Registry
+}
+
+// ReadResponse reads a server response into the received o.
+func (o *CreateAccountReader) ReadResponse(response runtime.ClientResponse, consumer runtime.Consumer) (interface{}, error) {
+	switch response.Code() {
+	case 201:
+		result := NewCreateAccountCreated()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return result, nil
+	case 401:
+		result := NewCreateAccountUnauthorized()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	case 500:
+		result := NewCreateAccountInternalServerError()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
+	default:
+		return nil, runtime.NewAPIError("[POST /account] createAccount", response, response.Code())
+	}
+}
+
+// NewCreateAccountCreated creates a CreateAccountCreated with default headers values
+func NewCreateAccountCreated() *CreateAccountCreated {
+	return &CreateAccountCreated{}
+}
+
+/*
+CreateAccountCreated describes a response with status code 201, with default header values.
+
+created
+*/
+type CreateAccountCreated struct {
+	Payload *CreateAccountCreatedBody
+}
+
+// IsSuccess returns true when this create account created response has a 2xx status code
+func (o *CreateAccountCreated) IsSuccess() bool {
+	return true
+}
+
+// IsRedirect returns true when this create account created response has a 3xx status code
+func (o *CreateAccountCreated) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create account created response has a 4xx status code
+func (o *CreateAccountCreated) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create account created response has a 5xx status code
+func (o *CreateAccountCreated) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create account created response a status code equal to that given
+func (o *CreateAccountCreated) IsCode(code int) bool {
+	return code == 201
+}
+
+// Code gets the status code for the create account created response
+func (o *CreateAccountCreated) Code() int {
+	return 201
+}
+
+func (o *CreateAccountCreated) Error() string {
+	return fmt.Sprintf("[POST /account][%d] createAccountCreated  %+v", 201, o.Payload)
+}
+
+func (o *CreateAccountCreated) String() string {
+	return fmt.Sprintf("[POST /account][%d] createAccountCreated  %+v", 201, o.Payload)
+}
+
+func (o *CreateAccountCreated) GetPayload() *CreateAccountCreatedBody {
+	return o.Payload
+}
+
+func (o *CreateAccountCreated) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	o.Payload = new(CreateAccountCreatedBody)
+
+	// response payload
+	if err := consumer.Consume(response.Body(), o.Payload); err != nil && err != io.EOF {
+		return err
+	}
+
+	return nil
+}
+
+// NewCreateAccountUnauthorized creates a CreateAccountUnauthorized with default headers values
+func NewCreateAccountUnauthorized() *CreateAccountUnauthorized {
+	return &CreateAccountUnauthorized{}
+}
+
+/*
+CreateAccountUnauthorized describes a response with status code 401, with default header values.
+
+unauthorized
+*/
+type CreateAccountUnauthorized struct {
+}
+
+// IsSuccess returns true when this create account unauthorized response has a 2xx status code
+func (o *CreateAccountUnauthorized) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this create account unauthorized response has a 3xx status code
+func (o *CreateAccountUnauthorized) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create account unauthorized response has a 4xx status code
+func (o *CreateAccountUnauthorized) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this create account unauthorized response has a 5xx status code
+func (o *CreateAccountUnauthorized) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this create account unauthorized response a status code equal to that given
+func (o *CreateAccountUnauthorized) IsCode(code int) bool {
+	return code == 401
+}
+
+// Code gets the status code for the create account unauthorized response
+func (o *CreateAccountUnauthorized) Code() int {
+	return 401
+}
+
+func (o *CreateAccountUnauthorized) Error() string {
+	return fmt.Sprintf("[POST /account][%d] createAccountUnauthorized ", 401)
+}
+
+func (o *CreateAccountUnauthorized) String() string {
+	return fmt.Sprintf("[POST /account][%d] createAccountUnauthorized ", 401)
+}
+
+func (o *CreateAccountUnauthorized) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+// NewCreateAccountInternalServerError creates a CreateAccountInternalServerError with default headers values
+func NewCreateAccountInternalServerError() *CreateAccountInternalServerError {
+	return &CreateAccountInternalServerError{}
+}
+
+/*
+CreateAccountInternalServerError describes a response with status code 500, with default header values.
+
+internal server error
+*/
+type CreateAccountInternalServerError struct {
+}
+
+// IsSuccess returns true when this create account internal server error response has a 2xx status code
+func (o *CreateAccountInternalServerError) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this create account internal server error response has a 3xx status code
+func (o *CreateAccountInternalServerError) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this create account internal server error response has a 4xx status code
+func (o *CreateAccountInternalServerError) IsClientError() bool {
+	return false
+}
+
+// IsServerError returns true when this create account internal server error response has a 5xx status code
+func (o *CreateAccountInternalServerError) IsServerError() bool {
+	return true
+}
+
+// IsCode returns true when this create account internal server error response a status code equal to that given
+func (o *CreateAccountInternalServerError) IsCode(code int) bool {
+	return code == 500
+}
+
+// Code gets the status code for the create account internal server error response
+func (o *CreateAccountInternalServerError) Code() int {
+	return 500
+}
+
+func (o *CreateAccountInternalServerError) Error() string {
+	return fmt.Sprintf("[POST /account][%d] createAccountInternalServerError ", 500)
+}
+
+func (o *CreateAccountInternalServerError) String() string {
+	return fmt.Sprintf("[POST /account][%d] createAccountInternalServerError ", 500)
+}
+
+func (o *CreateAccountInternalServerError) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
+/*
+CreateAccountBody create account body
+swagger:model CreateAccountBody
+*/
+type CreateAccountBody struct {
+
+	// email
+	Email string `json:"email,omitempty"`
+
+	// password
+	Password string `json:"password,omitempty"`
+}
+
+// Validate validates this create account body
+func (o *CreateAccountBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create account body based on context it is used
+func (o *CreateAccountBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateAccountBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateAccountBody) UnmarshalBinary(b []byte) error {
+	var res CreateAccountBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+/*
+CreateAccountCreatedBody create account created body
+swagger:model CreateAccountCreatedBody
+*/
+type CreateAccountCreatedBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this create account created body
+func (o *CreateAccountCreatedBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create account created body based on context it is used
+func (o *CreateAccountCreatedBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateAccountCreatedBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateAccountCreatedBody) UnmarshalBinary(b []byte) error {
+	var res CreateAccountCreatedBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/embedded_spec.go

@@ -74,6 +74,53 @@ func init() {
         }
       }
     },
+    "/account": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "admin"
+        ],
+        "operationId": "createAccount",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "email": {
+                  "type": "string"
+                },
+                "password": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "created",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/changePassword": {
       "post": {
         "security": [
@@ -1837,6 +1884,53 @@ func init() {
         }
       }
     },
+    "/account": {
+      "post": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
+        "tags": [
+          "admin"
+        ],
+        "operationId": "createAccount",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "properties": {
+                "email": {
+                  "type": "string"
+                },
+                "password": {
+                  "type": "string"
+                }
+              }
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "description": "created",
+            "schema": {
+              "properties": {
+                "token": {
+                  "type": "string"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "unauthorized"
+          },
+          "500": {
+            "description": "internal server error"
+          }
+        }
+      }
+    },
     "/changePassword": {
       "post": {
         "security": [

rest_server_zrok/operations/admin/create_account.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+
+	"github.com/openziti/zrok/rest_model_zrok"
+)
+
+// CreateAccountHandlerFunc turns a function with the right signature into a create account handler
+type CreateAccountHandlerFunc func(CreateAccountParams, *rest_model_zrok.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn CreateAccountHandlerFunc) Handle(params CreateAccountParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// CreateAccountHandler interface for that can handle valid create account params
+type CreateAccountHandler interface {
+	Handle(CreateAccountParams, *rest_model_zrok.Principal) middleware.Responder
+}
+
+// NewCreateAccount creates a new http.Handler for the create account operation
+func NewCreateAccount(ctx *middleware.Context, handler CreateAccountHandler) *CreateAccount {
+	return &CreateAccount{Context: ctx, Handler: handler}
+}
+
+/*
+	CreateAccount swagger:route POST /account admin createAccount
+
+CreateAccount create account API
+*/
+type CreateAccount struct {
+	Context *middleware.Context
+	Handler CreateAccountHandler
+}
+
+func (o *CreateAccount) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewCreateAccountParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
+
+// CreateAccountBody create account body
+//
+// swagger:model CreateAccountBody
+type CreateAccountBody struct {
+
+	// email
+	Email string `json:"email,omitempty"`
+
+	// password
+	Password string `json:"password,omitempty"`
+}
+
+// Validate validates this create account body
+func (o *CreateAccountBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create account body based on context it is used
+func (o *CreateAccountBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateAccountBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateAccountBody) UnmarshalBinary(b []byte) error {
+	var res CreateAccountBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}
+
+// CreateAccountCreatedBody create account created body
+//
+// swagger:model CreateAccountCreatedBody
+type CreateAccountCreatedBody struct {
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this create account created body
+func (o *CreateAccountCreatedBody) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this create account created body based on context it is used
+func (o *CreateAccountCreatedBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (o *CreateAccountCreatedBody) MarshalBinary() ([]byte, error) {
+	if o == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(o)
+}
+
+// UnmarshalBinary interface implementation
+func (o *CreateAccountCreatedBody) UnmarshalBinary(b []byte) error {
+	var res CreateAccountCreatedBody
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*o = res
+	return nil
+}

rest_server_zrok/operations/admin/create_account_parameters.go

@@ -0,0 +1,74 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/validate"
+)
+
+// NewCreateAccountParams creates a new CreateAccountParams object
+//
+// There are no default values defined in the spec.
+func NewCreateAccountParams() CreateAccountParams {
+
+	return CreateAccountParams{}
+}
+
+// CreateAccountParams contains all the bound params for the create account operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters createAccount
+type CreateAccountParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  In: body
+	*/
+	Body CreateAccountBody
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewCreateAccountParams() beforehand.
+func (o *CreateAccountParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body CreateAccountBody
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			res = append(res, errors.NewParseError("body", "body", "", err))
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(r.Context())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = body
+			}
+		}
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

rest_server_zrok/operations/admin/create_account_responses.go

@@ -0,0 +1,107 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+)
+
+// CreateAccountCreatedCode is the HTTP code returned for type CreateAccountCreated
+const CreateAccountCreatedCode int = 201
+
+/*
+CreateAccountCreated created
+
+swagger:response createAccountCreated
+*/
+type CreateAccountCreated struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *CreateAccountCreatedBody `json:"body,omitempty"`
+}
+
+// NewCreateAccountCreated creates CreateAccountCreated with default headers values
+func NewCreateAccountCreated() *CreateAccountCreated {
+
+	return &CreateAccountCreated{}
+}
+
+// WithPayload adds the payload to the create account created response
+func (o *CreateAccountCreated) WithPayload(payload *CreateAccountCreatedBody) *CreateAccountCreated {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the create account created response
+func (o *CreateAccountCreated) SetPayload(payload *CreateAccountCreatedBody) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *CreateAccountCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(201)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+// CreateAccountUnauthorizedCode is the HTTP code returned for type CreateAccountUnauthorized
+const CreateAccountUnauthorizedCode int = 401
+
+/*
+CreateAccountUnauthorized unauthorized
+
+swagger:response createAccountUnauthorized
+*/
+type CreateAccountUnauthorized struct {
+}
+
+// NewCreateAccountUnauthorized creates CreateAccountUnauthorized with default headers values
+func NewCreateAccountUnauthorized() *CreateAccountUnauthorized {
+
+	return &CreateAccountUnauthorized{}
+}
+
+// WriteResponse to the client
+func (o *CreateAccountUnauthorized) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(401)
+}
+
+// CreateAccountInternalServerErrorCode is the HTTP code returned for type CreateAccountInternalServerError
+const CreateAccountInternalServerErrorCode int = 500
+
+/*
+CreateAccountInternalServerError internal server error
+
+swagger:response createAccountInternalServerError
+*/
+type CreateAccountInternalServerError struct {
+}
+
+// NewCreateAccountInternalServerError creates CreateAccountInternalServerError with default headers values
+func NewCreateAccountInternalServerError() *CreateAccountInternalServerError {
+
+	return &CreateAccountInternalServerError{}
+}
+
+// WriteResponse to the client
+func (o *CreateAccountInternalServerError) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(500)
+}

rest_server_zrok/operations/admin/create_account_urlbuilder.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+package admin
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// CreateAccountURL generates an URL for the create account operation
+type CreateAccountURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *CreateAccountURL) WithBasePath(bp string) *CreateAccountURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *CreateAccountURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *CreateAccountURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/account"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *CreateAccountURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *CreateAccountURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *CreateAccountURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on CreateAccountURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on CreateAccountURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *CreateAccountURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

rest_server_zrok/operations/zrok_api.go

@@ -58,6 +58,9 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		MetadataConfigurationHandler: metadata.ConfigurationHandlerFunc(func(params metadata.ConfigurationParams) middleware.Responder {
 			return middleware.NotImplemented("operation metadata.Configuration has not yet been implemented")
 		}),
+		AdminCreateAccountHandler: admin.CreateAccountHandlerFunc(func(params admin.CreateAccountParams, principal *rest_model_zrok.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin.CreateAccount has not yet been implemented")
+		}),
 		AdminCreateFrontendHandler: admin.CreateFrontendHandlerFunc(func(params admin.CreateFrontendParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin.CreateFrontend has not yet been implemented")
 		}),
@@ -198,6 +201,8 @@ type ZrokAPI struct {
 	AccountChangePasswordHandler account.ChangePasswordHandler
 	// MetadataConfigurationHandler sets the operation handler for the configuration operation
 	MetadataConfigurationHandler metadata.ConfigurationHandler
+	// AdminCreateAccountHandler sets the operation handler for the create account operation
+	AdminCreateAccountHandler admin.CreateAccountHandler
 	// AdminCreateFrontendHandler sets the operation handler for the create frontend operation
 	AdminCreateFrontendHandler admin.CreateFrontendHandler
 	// AdminCreateIdentityHandler sets the operation handler for the create identity operation
@@ -344,6 +349,9 @@ func (o *ZrokAPI) Validate() error {
 	if o.MetadataConfigurationHandler == nil {
 		unregistered = append(unregistered, "metadata.ConfigurationHandler")
 	}
+	if o.AdminCreateAccountHandler == nil {
+		unregistered = append(unregistered, "admin.CreateAccountHandler")
+	}
 	if o.AdminCreateFrontendHandler == nil {
 		unregistered = append(unregistered, "admin.CreateFrontendHandler")
 	}
@@ -542,6 +550,10 @@ func (o *ZrokAPI) initHandlerCache() {
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
+	o.handlers["POST"]["/account"] = admin.NewCreateAccount(o.context, o.AdminCreateAccountHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
 	o.handlers["POST"]["/frontend"] = admin.NewCreateFrontend(o.context, o.AdminCreateFrontendHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)

sdk/nodejs/sdk/src/zrok/api/.openapi-generator/FILES

@@ -11,6 +11,7 @@ model/accessResponse.ts
 model/authUser.ts
 model/changePasswordRequest.ts
 model/configuration.ts
+model/createAccountRequest.ts
 model/createFrontendRequest.ts
 model/createFrontendResponse.ts
 model/createIdentity201Response.ts

sdk/nodejs/sdk/src/zrok/api/.openapi-generator/VERSION

@@ -1 +1 @@
-7.6.0
+7.7.0

sdk/nodejs/sdk/src/zrok/api/api/adminApi.ts

@@ -15,6 +15,7 @@ import localVarRequest from 'request';
 import http from 'http';
 
 /* tslint:disable:no-unused-locals */
+import { CreateAccountRequest } from '../model/createAccountRequest';
 import { CreateFrontendRequest } from '../model/createFrontendRequest';
 import { CreateFrontendResponse } from '../model/createFrontendResponse';
 import { CreateIdentity201Response } from '../model/createIdentity201Response';
@@ -22,6 +23,7 @@ import { CreateIdentityRequest } from '../model/createIdentityRequest';
 import { DeleteFrontendRequest } from '../model/deleteFrontendRequest';
 import { InviteTokenGenerateRequest } from '../model/inviteTokenGenerateRequest';
 import { PublicFrontend } from '../model/publicFrontend';
+import { RegenerateToken200Response } from '../model/regenerateToken200Response';
 import { UpdateFrontendRequest } from '../model/updateFrontendRequest';
 
 import { ObjectSerializer, Authentication, VoidAuth, Interceptor } from '../model/models';
@@ -96,6 +98,72 @@ export class AdminApi {
         this.interceptors.push(interceptor);
     }
 
+    /**
+     * 
+     * @param body 
+     */
+    public async createAccount (body?: CreateAccountRequest, options: {headers: {[name: string]: string}} = {headers: {}}) : Promise<{ response: http.IncomingMessage; body: RegenerateToken200Response;  }> {
+        const localVarPath = this.basePath + '/account';
+        let localVarQueryParameters: any = {};
+        let localVarHeaderParams: any = (<any>Object).assign({}, this._defaultHeaders);
+        const produces = ['application/zrok.v1+json'];
+        // give precedence to 'application/json'
+        if (produces.indexOf('application/json') >= 0) {
+            localVarHeaderParams.Accept = 'application/json';
+        } else {
+            localVarHeaderParams.Accept = produces.join(',');
+        }
+        let localVarFormParams: any = {};
+
+        (<any>Object).assign(localVarHeaderParams, options.headers);
+
+        let localVarUseFormData = false;
+
+        let localVarRequestOptions: localVarRequest.Options = {
+            method: 'POST',
+            qs: localVarQueryParameters,
+            headers: localVarHeaderParams,
+            uri: localVarPath,
+            useQuerystring: this._useQuerystring,
+            json: true,
+            body: ObjectSerializer.serialize(body, "CreateAccountRequest")
+        };
+
+        let authenticationPromise = Promise.resolve();
+        if (this.authentications.key.apiKey) {
+            authenticationPromise = authenticationPromise.then(() => this.authentications.key.applyToRequest(localVarRequestOptions));
+        }
+        authenticationPromise = authenticationPromise.then(() => this.authentications.default.applyToRequest(localVarRequestOptions));
+
+        let interceptorPromise = authenticationPromise;
+        for (const interceptor of this.interceptors) {
+            interceptorPromise = interceptorPromise.then(() => interceptor(localVarRequestOptions));
+        }
+
+        return interceptorPromise.then(() => {
+            if (Object.keys(localVarFormParams).length) {
+                if (localVarUseFormData) {
+                    (<any>localVarRequestOptions).formData = localVarFormParams;
+                } else {
+                    localVarRequestOptions.form = localVarFormParams;
+                }
+            }
+            return new Promise<{ response: http.IncomingMessage; body: RegenerateToken200Response;  }>((resolve, reject) => {
+                localVarRequest(localVarRequestOptions, (error, response, body) => {
+                    if (error) {
+                        reject(error);
+                    } else {
+                        if (response.statusCode && response.statusCode >= 200 && response.statusCode <= 299) {
+                            body = ObjectSerializer.deserialize(body, "RegenerateToken200Response");
+                            resolve({ response: response, body: body });
+                        } else {
+                            reject(new HttpError(response, body, response.statusCode));
+                        }
+                    }
+                });
+            });
+        });
+    }
     /**
      * 
      * @param body 

sdk/nodejs/sdk/src/zrok/api/model/createAccountRequest.ts

@@ -0,0 +1,37 @@
+/**
+ * zrok
+ * zrok client access
+ *
+ * The version of the OpenAPI document: 0.3.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { RequestFile } from './models';
+
+export class CreateAccountRequest {
+    'email'?: string;
+    'password'?: string;
+
+    static discriminator: string | undefined = undefined;
+
+    static attributeTypeMap: Array<{name: string, baseName: string, type: string}> = [
+        {
+            "name": "email",
+            "baseName": "email",
+            "type": "string"
+        },
+        {
+            "name": "password",
+            "baseName": "password",
+            "type": "string"
+        }    ];
+
+    static getAttributeTypeMap() {
+        return CreateAccountRequest.attributeTypeMap;
+    }
+}
+

sdk/nodejs/sdk/src/zrok/api/model/models.ts

@@ -5,6 +5,7 @@ export * from './accessResponse';
 export * from './authUser';
 export * from './changePasswordRequest';
 export * from './configuration';
+export * from './createAccountRequest';
 export * from './createFrontendRequest';
 export * from './createFrontendResponse';
 export * from './createIdentity201Response';
@@ -59,6 +60,7 @@ import { AccessResponse } from './accessResponse';
 import { AuthUser } from './authUser';
 import { ChangePasswordRequest } from './changePasswordRequest';
 import { Configuration } from './configuration';
+import { CreateAccountRequest } from './createAccountRequest';
 import { CreateFrontendRequest } from './createFrontendRequest';
 import { CreateFrontendResponse } from './createFrontendResponse';
 import { CreateIdentity201Response } from './createIdentity201Response';
@@ -121,6 +123,7 @@ let typeMap: {[index: string]: any} = {
     "AuthUser": AuthUser,
     "ChangePasswordRequest": ChangePasswordRequest,
     "Configuration": Configuration,
+    "CreateAccountRequest": CreateAccountRequest,
     "CreateFrontendRequest": CreateFrontendRequest,
     "CreateFrontendResponse": CreateFrontendResponse,
     "CreateIdentity201Response": CreateIdentity201Response,

sdk/python/sdk/zrok/zrok_api/__init__.py

@@ -26,6 +26,7 @@ from zrok_api.configuration import Configuration
 # import models into sdk package
 from zrok_api.models.access_request import AccessRequest
 from zrok_api.models.access_response import AccessResponse
+from zrok_api.models.account_body import AccountBody
 from zrok_api.models.auth_user import AuthUser
 from zrok_api.models.change_password_request import ChangePasswordRequest
 from zrok_api.models.configuration import Configuration

sdk/python/sdk/zrok/zrok_api/api/admin_api.py

@@ -32,6 +32,99 @@ class AdminApi(object):
             api_client = ApiClient()
         self.api_client = api_client
 
+    def create_account(self, **kwargs):  # noqa: E501
+        """create_account  # noqa: E501
+
+        This method makes a synchronous HTTP request by default. To make an
+        asynchronous HTTP request, please pass async_req=True
+        >>> thread = api.create_account(async_req=True)
+        >>> result = thread.get()
+
+        :param async_req bool
+        :param AccountBody body:
+        :return: InlineResponse200
+                 If the method is called asynchronously,
+                 returns the request thread.
+        """
+        kwargs['_return_http_data_only'] = True
+        if kwargs.get('async_req'):
+            return self.create_account_with_http_info(**kwargs)  # noqa: E501
+        else:
+            (data) = self.create_account_with_http_info(**kwargs)  # noqa: E501
+            return data
+
+    def create_account_with_http_info(self, **kwargs):  # noqa: E501
+        """create_account  # noqa: E501
+
+        This method makes a synchronous HTTP request by default. To make an
+        asynchronous HTTP request, please pass async_req=True
+        >>> thread = api.create_account_with_http_info(async_req=True)
+        >>> result = thread.get()
+
+        :param async_req bool
+        :param AccountBody body:
+        :return: InlineResponse200
+                 If the method is called asynchronously,
+                 returns the request thread.
+        """
+
+        all_params = ['body']  # noqa: E501
+        all_params.append('async_req')
+        all_params.append('_return_http_data_only')
+        all_params.append('_preload_content')
+        all_params.append('_request_timeout')
+
+        params = locals()
+        for key, val in six.iteritems(params['kwargs']):
+            if key not in all_params:
+                raise TypeError(
+                    "Got an unexpected keyword argument '%s'"
+                    " to method create_account" % key
+                )
+            params[key] = val
+        del params['kwargs']
+
+        collection_formats = {}
+
+        path_params = {}
+
+        query_params = []
+
+        header_params = {}
+
+        form_params = []
+        local_var_files = {}
+
+        body_params = None
+        if 'body' in params:
+            body_params = params['body']
+        # HTTP header `Accept`
+        header_params['Accept'] = self.api_client.select_header_accept(
+            ['application/zrok.v1+json'])  # noqa: E501
+
+        # HTTP header `Content-Type`
+        header_params['Content-Type'] = self.api_client.select_header_content_type(  # noqa: E501
+            ['application/zrok.v1+json'])  # noqa: E501
+
+        # Authentication setting
+        auth_settings = ['key']  # noqa: E501
+
+        return self.api_client.call_api(
+            '/account', 'POST',
+            path_params,
+            query_params,
+            header_params,
+            body=body_params,
+            post_params=form_params,
+            files=local_var_files,
+            response_type='InlineResponse200',  # noqa: E501
+            auth_settings=auth_settings,
+            async_req=params.get('async_req'),
+            _return_http_data_only=params.get('_return_http_data_only'),
+            _preload_content=params.get('_preload_content', True),
+            _request_timeout=params.get('_request_timeout'),
+            collection_formats=collection_formats)
+
     def create_frontend(self, **kwargs):  # noqa: E501
         """create_frontend  # noqa: E501
 

sdk/python/sdk/zrok/zrok_api/models/__init__.py

@@ -16,6 +16,7 @@ from __future__ import absolute_import
 # import models into model package
 from zrok_api.models.access_request import AccessRequest
 from zrok_api.models.access_response import AccessResponse
+from zrok_api.models.account_body import AccountBody
 from zrok_api.models.auth_user import AuthUser
 from zrok_api.models.change_password_request import ChangePasswordRequest
 from zrok_api.models.configuration import Configuration

sdk/python/sdk/zrok/zrok_api/models/account_body.py

@@ -0,0 +1,136 @@
+# coding: utf-8
+
+"""
+    zrok
+
+    zrok client access  # noqa: E501
+
+    OpenAPI spec version: 0.3.0
+    
+    Generated by: https://github.com/swagger-api/swagger-codegen.git
+"""
+
+import pprint
+import re  # noqa: F401
+
+import six
+
+class AccountBody(object):
+    """NOTE: This class is auto generated by the swagger code generator program.
+
+    Do not edit the class manually.
+    """
+    """
+    Attributes:
+      swagger_types (dict): The key is attribute name
+                            and the value is attribute type.
+      attribute_map (dict): The key is attribute name
+                            and the value is json key in definition.
+    """
+    swagger_types = {
+        'email': 'str',
+        'password': 'str'
+    }
+
+    attribute_map = {
+        'email': 'email',
+        'password': 'password'
+    }
+
+    def __init__(self, email=None, password=None):  # noqa: E501
+        """AccountBody - a model defined in Swagger"""  # noqa: E501
+        self._email = None
+        self._password = None
+        self.discriminator = None
+        if email is not None:
+            self.email = email
+        if password is not None:
+            self.password = password
+
+    @property
+    def email(self):
+        """Gets the email of this AccountBody.  # noqa: E501
+
+
+        :return: The email of this AccountBody.  # noqa: E501
+        :rtype: str
+        """
+        return self._email
+
+    @email.setter
+    def email(self, email):
+        """Sets the email of this AccountBody.
+
+
+        :param email: The email of this AccountBody.  # noqa: E501
+        :type: str
+        """
+
+        self._email = email
+
+    @property
+    def password(self):
+        """Gets the password of this AccountBody.  # noqa: E501
+
+
+        :return: The password of this AccountBody.  # noqa: E501
+        :rtype: str
+        """
+        return self._password
+
+    @password.setter
+    def password(self, password):
+        """Sets the password of this AccountBody.
+
+
+        :param password: The password of this AccountBody.  # noqa: E501
+        :type: str
+        """
+
+        self._password = password
+
+    def to_dict(self):
+        """Returns the model properties as a dict"""
+        result = {}
+
+        for attr, _ in six.iteritems(self.swagger_types):
+            value = getattr(self, attr)
+            if isinstance(value, list):
+                result[attr] = list(map(
+                    lambda x: x.to_dict() if hasattr(x, "to_dict") else x,
+                    value
+                ))
+            elif hasattr(value, "to_dict"):
+                result[attr] = value.to_dict()
+            elif isinstance(value, dict):
+                result[attr] = dict(map(
+                    lambda item: (item[0], item[1].to_dict())
+                    if hasattr(item[1], "to_dict") else item,
+                    value.items()
+                ))
+            else:
+                result[attr] = value
+        if issubclass(AccountBody, dict):
+            for key, value in self.items():
+                result[key] = value
+
+        return result
+
+    def to_str(self):
+        """Returns the string representation of the model"""
+        return pprint.pformat(self.to_dict())
+
+    def __repr__(self):
+        """For `print` and `pprint`"""
+        return self.to_str()
+
+    def __eq__(self, other):
+        """Returns true if both objects are equal"""
+        if not isinstance(other, AccountBody):
+            return False
+
+        return self.__dict__ == other.__dict__
+
+    def __ne__(self, other):
+        """Returns true if both objects are not equal"""
+        return not self == other

specs/zrok.yml

@@ -196,6 +196,34 @@ paths:
   #
   # admin
   #
+  /account:
+    post:
+      tags:
+        - admin
+      security:
+        - key: []
+      operationId: createAccount
+      parameters:
+        - name: body
+          in: body
+          schema:
+            properties:
+              email:
+                type: string
+              password:
+                type: string
+      responses:
+        201:
+          description: created
+          schema:
+            properties:
+              token:
+                type: string
+        401:
+          description: unauthorized
+        500:
+          description: internal server error
+
   /frontend:
     post:
       tags:

ui/src/api/admin.js

@@ -2,6 +2,21 @@
 // Auto-generated, edits will be overwritten
 import * as gateway from './gateway'
 
+/**
+ * @param {object} options Optional options
+ * @param {object} [options.body] 
+ * @return {Promise<object>} created
+ */
+export function createAccount(options) {
+  if (!options) options = {}
+  const parameters = {
+    body: {
+      body: options.body
+    }
+  }
+  return gateway.request(createAccountOperation, parameters)
+}
+
 /**
  * @param {object} options Optional options
  * @param {module:types.createFrontendRequest} [options.body] 
@@ -83,6 +98,17 @@ export function inviteTokenGenerate(options) {
   return gateway.request(inviteTokenGenerateOperation, parameters)
 }
 
+const createAccountOperation = {
+  path: '/account',
+  contentTypes: ['application/zrok.v1+json'],
+  method: 'post',
+  security: [
+    {
+      id: 'key'
+    }
+  ]
+}
+
 const createFrontendOperation = {
   path: '/frontend',
   contentTypes: ['application/zrok.v1+json'],