diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /tests/authorization/server_test.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'tests/authorization/server_test.rs')
| -rw-r--r-- | tests/authorization/server_test.rs | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/tests/authorization/server_test.rs b/tests/authorization/server_test.rs deleted file mode 100644 index 5a92dcff..00000000 --- a/tests/authorization/server_test.rs +++ /dev/null @@ -1,46 +0,0 @@ -#[cfg(test)] -mod tests { - use crate::support::factory_bot::*; - use std::net::SocketAddr; - use tokio::net::TcpListener; - - async fn available_port() -> SocketAddr { - let listener = TcpListener::bind("127.0.0.1:0") - .await - .expect("Failed to bind to random port"); - let addr = listener.local_addr().expect("Failed to get local address"); - drop(listener); - addr - } - - async fn start_server() -> (SocketAddr, tokio::task::JoinHandle<()>) { - let addr = available_port().await; - let server = authzd::authorization::Server::default(); - - let handle = tokio::spawn(async move { - server.serve(addr).await.expect("Failed to start server"); - }); - - tokio::time::sleep(tokio::time::Duration::from_millis(100)).await; - - (addr, handle) - } - - #[tokio::test] - async fn test_health_ext_authz_service() { - let (addr, server) = start_server().await; - - let mut client = build_rpc_client( - addr, - envoy_types::pb::envoy::service::auth::v3::authorization_client::AuthorizationClient::new, - ) - .await; - - let request = tonic::Request::new(envoy_types::ext_authz::v3::pb::CheckRequest::default()); - let response = client.check(request).await; - - assert!(response.is_ok()); - - server.abort(); - } -} |