diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /Procfile | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'Procfile')
| -rw-r--r-- | Procfile | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1,3 +1,3 @@ -authzd: ./bin/authzd server --addr 127.0.0.1:50052 +authzd: ./bin/authzd envoy: ./bin/envoy -c ./etc/envoy/envoy.yaml --base-id 1 --log-level warn --component-log-level admin:warn,connection:warn,grpc:warn,http:warn,http2:warn,router:warn,upstream:warn -spicedb: ./bin/spicedb serve --grpc-preshared-key "secret" --http-addr :8080 --grpc-addr :50051 --datastore-engine memory --log-level info --log-format json --telemetry-endpoint "" --skip-release-check +spicedb: ./bin/spicedb serve --grpc-preshared-key "secret" --http-addr :8080 --grpc-addr :50051 --datastore-engine memory --log-level warn --log-format json --telemetry-endpoint "" --skip-release-check |