diff --git a/src/cli/cmd/apply/mod.rs b/src/cli/cmd/apply/mod.rs index 59480f1..814182b 100644 --- a/src/cli/cmd/apply/mod.rs +++ b/src/cli/cmd/apply/mod.rs @@ -19,15 +19,35 @@ use self::{home_manager::HomeManager, nix_darwin::NixDarwin, nixos::NixOs}; use super::{CommandExecute, FlakeHubClient}; +#[derive(Copy, Clone, PartialEq, Eq, clap::ValueEnum)] +enum TokenChoice { + Always, + Never, +} + +impl std::fmt::Display for TokenChoice { + fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { + write!( + f, + "{}", + match self { + TokenChoice::Always => "always", + TokenChoice::Never => "never", + } + ) + } +} + /// Apply the configuration at the specified FlakeHub output reference to the current system #[derive(Parser)] pub(crate) struct ApplySubcommand { #[clap(subcommand)] system: System, - /// Use a scoped token generated by FlakeHub that allows substituting the given output _only_. - #[clap(long, default_value_t = true)] - use_scoped_token: bool, + /// By default, fh apply exchanges its API token for a tightly scoped token generated by FlakeHub that _only_ allows substituting the given output. + /// Pass --use-scoped-token=never to use the system's FlakeHub token, and not perform exchanging for a tightly scoped token. + #[clap(long, default_value_t = TokenChoice::Always)] + use_scoped_token: TokenChoice, #[clap(from_global)] api_addr: url::Url, @@ -85,10 +105,12 @@ impl CommandExecute for ApplySubcommand { tracing::info!(%output_ref, "Resolving output reference"); - let resolved_path = - FlakeHubClient::resolve(self.api_addr.as_ref(), &output_ref, self.use_scoped_token) - .await?; - + let resolved_path = FlakeHubClient::resolve( + self.api_addr.as_ref(), + &output_ref, + self.use_scoped_token == TokenChoice::Always, + ) + .await?; tracing::debug!( "Successfully resolved reference {} to path {}", &output_ref, @@ -99,7 +121,7 @@ impl CommandExecute for ApplySubcommand { match resolved_path.token { Some(token) => { - if self.use_scoped_token { + if self.use_scoped_token == TokenChoice::Always { let mut nix_args = vec![ "copy".to_string(), "--option".to_string(), @@ -168,7 +190,7 @@ impl CommandExecute for ApplySubcommand { } } None => { - if self.use_scoped_token { + if self.use_scoped_token == TokenChoice::Always { return Err(color_eyre::eyre::eyre!( "FlakeHub did not return a restricted token!" ));