diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /pkg/pls | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'pkg/pls')
| -rw-r--r-- | pkg/pls/log.go | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/pkg/pls/log.go b/pkg/pls/log.go new file mode 100644 index 00000000..14eb7db0 --- /dev/null +++ b/pkg/pls/log.go @@ -0,0 +1,50 @@ +package pls + +import ( + "context" + + "github.com/rs/zerolog" + "github.com/xlgmokha/x/pkg/log" + "google.golang.org/grpc" +) + +func LogError(ctx context.Context, err error) { + if err != nil { + log.WithFields(ctx, log.Fields{"error": err}) + } +} + +func LogErrorNow(ctx context.Context, err error) { + defer FlushLog(ctx) + + LogError(ctx, err) +} + +func LogGRPC(logger *zerolog.Logger) grpc.UnaryServerInterceptor { + return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp any, err error) { + ctx = logger.WithContext(ctx) + + defer FlushLog(ctx) + return handler(ctx, req) + } +} + +func LogGRPCStream(logger *zerolog.Logger) grpc.StreamServerInterceptor { + return func(srv any, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error { + ctx := logger.WithContext(ss.Context()) + log.WithFields(ctx, log.Fields{"info": info}) + + defer FlushLog(ctx) + return handler(srv, ss) + } +} + +func FlushLog(ctx context.Context) { + zerolog.Ctx(ctx).Print() +} + +func LogNow(ctx context.Context, fields log.Fields) { + defer FlushLog(ctx) + + log.WithFields(ctx, fields) +} |