Resolve should take Path and not PathBuf

Cargo.toml

@@ -12,7 +12,7 @@ resolver = "2"
 [workspace.package]
 publish = true
 edition = "2024"
-version = "0.4.0-alpha.1"
+version = "0.4.0-alpha.2"
 
 [workspace.dependencies]
 anyhow = "1.0"

v-api-param/src/lib.rs

@@ -22,7 +22,7 @@
 
 use secrecy::SecretString;
 use serde::Deserialize;
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use thiserror::Error;
 
 #[derive(Debug, Error)]
@@ -54,7 +54,7 @@ impl StringParam {
     ///
     /// For inline values, returns the value directly.
     /// For path-based values, reads the file contents and trims trailing whitespace.
-    pub fn resolve(&self, base: Option<PathBuf>) -> Result<SecretString, ParamResolutionError> {
+    pub fn resolve(&self, base: Option<&Path>) -> Result<SecretString, ParamResolutionError> {
         match self {
             StringParam::Inline(value) => Ok(value.clone()),
             StringParam::FromPath { path } => {
@@ -123,7 +123,7 @@ mod tests {
         let base_path = std::env::temp_dir();
 
         assert_eq!(
-            param.resolve(Some(base_path)).unwrap().expose_secret(),
+            param.resolve(Some(&base_path)).unwrap().expose_secret(),
             "file-param"
         );
     }

v-api/src/config.rs

@@ -21,7 +21,7 @@ use serde::{
     Deserialize, Deserializer,
     de::{self, Visitor},
 };
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use thiserror::Error;
 use v_api_param::{ParamResolutionError, StringParam};
 use v_model::OAuthClientId;
@@ -196,18 +196,10 @@ pub struct OAuthWebProxyConfig {
 impl OAuthConfig {
     pub fn resolve(
         &self,
-        base: Option<PathBuf>,
+        base: Option<&Path>,
     ) -> Result<ResolvedOAuthConfig, ParamResolutionError> {
-        let device = self
-            .device
-            .as_ref()
-            .map(|d| d.resolve(base.clone()))
-            .transpose()?;
-        let web = self
-            .web
-            .as_ref()
-            .map(|w| w.resolve(base.clone()))
-            .transpose()?;
+        let device = self.device.as_ref().map(|d| d.resolve(base)).transpose()?;
+        let web = self.web.as_ref().map(|w| w.resolve(base)).transpose()?;
         let proxy_web = self
             .proxy_web
             .as_ref()
@@ -223,7 +215,7 @@ impl OAuthConfig {
 impl OAuthDeviceConfig {
     pub fn resolve(
         &self,
-        base: Option<PathBuf>,
+        base: Option<&Path>,
     ) -> Result<ResolvedOAuthDeviceConfig, ParamResolutionError> {
         let remote_client_secret = self.remote_client_secret.resolve(base)?;
         Ok(ResolvedOAuthDeviceConfig {
@@ -236,7 +228,7 @@ impl OAuthDeviceConfig {
 impl OAuthWebConfig {
     pub fn resolve(
         &self,
-        base: Option<PathBuf>,
+        base: Option<&Path>,
     ) -> Result<ResolvedOAuthWebConfig, ParamResolutionError> {
         let remote_client_secret = self.remote_client_secret.resolve(base)?;
         Ok(ResolvedOAuthWebConfig {
@@ -248,7 +240,7 @@ impl OAuthWebConfig {
 impl OAuthWebProxyConfig {
     pub fn resolve(
         &self,
-        _base: Option<PathBuf>,
+        _base: Option<&Path>,
     ) -> Result<ResolvedOAuthWebProxyConfig, ParamResolutionError> {
         Ok(ResolvedOAuthWebProxyConfig {
             client_id: self.client_id,
@@ -259,7 +251,7 @@ impl OAuthWebProxyConfig {
 }
 
 impl AsymmetricKey {
-    pub fn resolve_signer(&self, path: Option<PathBuf>) -> Result<Signer, SigningKeyError> {
+    pub fn resolve_signer(&self, path: Option<&Path>) -> Result<Signer, SigningKeyError> {
         Ok(Signer::new(
             self.kid().to_string(),
             match self {
@@ -279,10 +271,7 @@ impl AsymmetricKey {
         ))
     }
 
-    pub async fn resolve_verifier(
-        &self,
-        path: Option<PathBuf>,
-    ) -> Result<Verifier, SigningKeyError> {
+    pub async fn resolve_verifier(&self, path: Option<&Path>) -> Result<Verifier, SigningKeyError> {
         Ok(match self {
             AsymmetricKey::LocalVerifier { .. } => Verifier::Local(LocalVerifyingKey::new(
                 VerifyingKey::new(self.public_key(path)?),
@@ -294,7 +283,7 @@ impl AsymmetricKey {
         })
     }
 
-    pub fn resolve_jwk(&self, path: Option<PathBuf>) -> Result<Jwk, JwtSignerError> {
+    pub fn resolve_jwk(&self, path: Option<&Path>) -> Result<Jwk, JwtSignerError> {
         let key_id = self.kid();
         let public_key = self.public_key(path).map_err(JwtSignerError::InvalidKey)?;
 
@@ -317,7 +306,7 @@ impl AsymmetricKey {
         })
     }
 
-    fn public_key(&self, path: Option<PathBuf>) -> Result<RsaPublicKey, SigningKeyError> {
+    fn public_key(&self, path: Option<&Path>) -> Result<RsaPublicKey, SigningKeyError> {
         Ok(match self {
             AsymmetricKey::LocalVerifier { public, .. } => {
                 RsaPublicKey::from_public_key_pem(public.resolve(path)?.expose_secret())?

v-api/src/context/mod.rs

@@ -919,16 +919,16 @@ where
         let jwks = JwkSet {
             keys: keys
                 .iter()
-                .filter_map(|key| key.resolve_jwk(param_path.clone()).ok())
+                .filter_map(|key| key.resolve_jwk(param_path.as_deref()).ok())
                 .collect::<Vec<_>>(),
         };
         let signers = keys
             .iter()
-            .filter_map(|key| key.resolve_signer(param_path.clone()).ok())
+            .filter_map(|key| key.resolve_signer(param_path.as_deref()).ok())
             .collect::<Vec<_>>();
         let verifiers = join_all(
             keys.iter()
-                .map(|key| key.resolve_verifier(param_path.clone())),
+                .map(|key| key.resolve_verifier(param_path.as_deref())),
         )
         .await
         .into_iter()