diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /etc/authzd/gitlab.com | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'etc/authzd/gitlab.com')
3 files changed, 0 insertions, 821 deletions
diff --git a/etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json b/etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json deleted file mode 100644 index a7af8c80..00000000 --- a/etc/authzd/gitlab.com/gitlab-org/gitlab/entities.json +++ /dev/null @@ -1,251 +0,0 @@ -[ - { - "uid": { - "type": "Project", - "id": "278964" - }, - "attrs": { - "name": "GitLab", - "path": "gitlab", - "full_path": "gitlab-org/gitlab" - }, - "parents": [ - { - "type": "Group", - "id": "9970" - } - ] - }, - { - "uid": { - "type": "User", - "id": "1" - }, - "attrs": { - "username": "sytses", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "263716" - }, - "attrs": { - "username": "grzesiek", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "370493" - }, - "attrs": { - "username": "luke", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "426128" - }, - "attrs": { - "username": "felipe_artur", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "138401" - }, - "attrs": { - "username": "chriscool", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "367626" - }, - "attrs": { - "username": "alejandro", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "516904" - }, - "attrs": { - "username": "tauriedavis", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "527558" - }, - "attrs": { - "username": "eliran.mesika", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "215818" - }, - "attrs": { - "username": "tmaczukin", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "429540" - }, - "attrs": { - "username": "ahanselka", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "506061" - }, - "attrs": { - "username": "ahmadsherif", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "581582" - }, - "attrs": { - "username": "arihantar", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "626804" - }, - "attrs": { - "username": "pedroms", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "597578" - }, - "attrs": { - "username": "WarheadsSE", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "739252" - }, - "attrs": { - "username": "jdrumtra", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "739361" - }, - "attrs": { - "username": "Elsje", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "201566" - }, - "attrs": { - "username": "annabeldunstone", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "829774" - }, - "attrs": { - "username": "jivanvl", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "4849" - }, - "attrs": { - "username": "balasankarc", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "790854" - }, - "attrs": { - "username": "harishsr", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "Group", - "id": "9970" - }, - "attrs": { - "name": "GitLab.org", - "path": "gitlab-org", - "full_path": "gitlab-org" - }, - "parents": [] - } -]
\ No newline at end of file diff --git a/etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json b/etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json deleted file mode 100644 index 6bc513fb..00000000 --- a/etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/authzd/entities.json +++ /dev/null @@ -1,285 +0,0 @@ -[ - { - "uid": { - "type": "Project", - "id": "69516684" - }, - "attrs": { - "name": "authz.d", - "path": "authzd", - "full_path": "gitlab-org/software-supply-chain-security/authorization/authzd" - }, - "parents": [ - { - "type": "Group", - "id": "76595764" - } - ] - }, - { - "uid": { - "type": "User", - "id": "1" - }, - "attrs": { - "username": "sytses", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "116" - }, - "attrs": { - "username": "marin", - "access_level": 50 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "13356" - }, - "attrs": { - "username": "dblessing", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "3585" - }, - "attrs": { - "username": "axil", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "12452" - }, - "attrs": { - "username": "ayufan", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "64248" - }, - "attrs": { - "username": "stanhu", - "access_level": 50 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "263716" - }, - "attrs": { - "username": "grzesiek", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "283999" - }, - "attrs": { - "username": "dbalexandre", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "2293" - }, - "attrs": { - "username": "brodock", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "215818" - }, - "attrs": { - "username": "tmaczukin", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "128633" - }, - "attrs": { - "username": "rymai", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "273486" - }, - "attrs": { - "username": "jameslopez", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "201566" - }, - "attrs": { - "username": "annabeldunstone", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "426128" - }, - "attrs": { - "username": "felipe_artur", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "138401" - }, - "attrs": { - "username": "chriscool", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "367626" - }, - "attrs": { - "username": "alejandro", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "516904" - }, - "attrs": { - "username": "tauriedavis", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "527558" - }, - "attrs": { - "username": "eliran.mesika", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "429540" - }, - "attrs": { - "username": "ahanselka", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "506061" - }, - "attrs": { - "username": "ahmadsherif", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "Group", - "id": "9970" - }, - "attrs": { - "name": "GitLab.org", - "path": "gitlab-org", - "full_path": "gitlab-org" - }, - "parents": [] - }, - { - "uid": { - "type": "Group", - "id": "97830335" - }, - "attrs": { - "name": "software-supply-chain-security", - "path": "software-supply-chain-security", - "full_path": "gitlab-org/software-supply-chain-security" - }, - "parents": [ - { - "type": "Group", - "id": "9970" - } - ] - }, - { - "uid": { - "type": "Group", - "id": "76595764" - }, - "attrs": { - "name": "Authorization", - "path": "authorization", - "full_path": "gitlab-org/software-supply-chain-security/authorization" - }, - "parents": [ - { - "type": "Group", - "id": "97830335" - } - ] - } -]
\ No newline at end of file diff --git a/etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json b/etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json deleted file mode 100644 index 4846592a..00000000 --- a/etc/authzd/gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/entities.json +++ /dev/null @@ -1,285 +0,0 @@ -[ - { - "uid": { - "type": "Project", - "id": "68877410" - }, - "attrs": { - "name": "sparkle.d", - "path": "sparkled", - "full_path": "gitlab-org/software-supply-chain-security/authorization/sparkled" - }, - "parents": [ - { - "type": "Group", - "id": "76595764" - } - ] - }, - { - "uid": { - "type": "User", - "id": "1" - }, - "attrs": { - "username": "sytses", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "116" - }, - "attrs": { - "username": "marin", - "access_level": 50 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "13356" - }, - "attrs": { - "username": "dblessing", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "3585" - }, - "attrs": { - "username": "axil", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "12452" - }, - "attrs": { - "username": "ayufan", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "64248" - }, - "attrs": { - "username": "stanhu", - "access_level": 50 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "263716" - }, - "attrs": { - "username": "grzesiek", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "283999" - }, - "attrs": { - "username": "dbalexandre", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "2293" - }, - "attrs": { - "username": "brodock", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "215818" - }, - "attrs": { - "username": "tmaczukin", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "128633" - }, - "attrs": { - "username": "rymai", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "273486" - }, - "attrs": { - "username": "jameslopez", - "access_level": 40 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "201566" - }, - "attrs": { - "username": "annabeldunstone", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "426128" - }, - "attrs": { - "username": "felipe_artur", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "138401" - }, - "attrs": { - "username": "chriscool", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "367626" - }, - "attrs": { - "username": "alejandro", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "516904" - }, - "attrs": { - "username": "tauriedavis", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "527558" - }, - "attrs": { - "username": "eliran.mesika", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "429540" - }, - "attrs": { - "username": "ahanselka", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "User", - "id": "506061" - }, - "attrs": { - "username": "ahmadsherif", - "access_level": 30 - }, - "parents": [] - }, - { - "uid": { - "type": "Group", - "id": "9970" - }, - "attrs": { - "name": "GitLab.org", - "path": "gitlab-org", - "full_path": "gitlab-org" - }, - "parents": [] - }, - { - "uid": { - "type": "Group", - "id": "97830335" - }, - "attrs": { - "name": "software-supply-chain-security", - "path": "software-supply-chain-security", - "full_path": "gitlab-org/software-supply-chain-security" - }, - "parents": [ - { - "type": "Group", - "id": "9970" - } - ] - }, - { - "uid": { - "type": "Group", - "id": "76595764" - }, - "attrs": { - "name": "Authorization", - "path": "authorization", - "full_path": "gitlab-org/software-supply-chain-security/authorization" - }, - "parents": [ - { - "type": "Group", - "id": "97830335" - } - ] - } -]
\ No newline at end of file |