diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/bytes/ci | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/bytes/ci')
| -rwxr-xr-x | vendor/bytes/ci/miri.sh | 10 | ||||
| -rwxr-xr-x | vendor/bytes/ci/panic-abort.sh | 4 | ||||
| -rwxr-xr-x | vendor/bytes/ci/test-stable.sh | 25 | ||||
| -rwxr-xr-x | vendor/bytes/ci/tsan.sh | 13 |
4 files changed, 0 insertions, 52 deletions
diff --git a/vendor/bytes/ci/miri.sh b/vendor/bytes/ci/miri.sh deleted file mode 100755 index 7df29f36..00000000 --- a/vendor/bytes/ci/miri.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -e - -rustup component add miri -cargo miri setup - -export MIRIFLAGS="-Zmiri-strict-provenance" - -cargo miri test -cargo miri test --target mips64-unknown-linux-gnuabi64 diff --git a/vendor/bytes/ci/panic-abort.sh b/vendor/bytes/ci/panic-abort.sh deleted file mode 100755 index 4284791f..00000000 --- a/vendor/bytes/ci/panic-abort.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -set -ex -RUSTFLAGS="$RUSTFLAGS -Cpanic=abort -Zpanic-abort-tests" cargo test --all-features --test '*' diff --git a/vendor/bytes/ci/test-stable.sh b/vendor/bytes/ci/test-stable.sh deleted file mode 100755 index ad975744..00000000 --- a/vendor/bytes/ci/test-stable.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -ex - -cmd="${1:-test}" - -# Run with each feature -# * --each-feature includes both default/no-default features -# * --optional-deps is needed for serde feature -cargo hack "${cmd}" --each-feature --optional-deps -# Run with all features -cargo "${cmd}" --all-features - -if [[ "${RUST_VERSION}" == "nightly"* ]]; then - # Check benchmarks - cargo check --benches - - # Check minimal versions - # Remove dev-dependencies from Cargo.toml to prevent the next `cargo update` - # from determining minimal versions based on dev-dependencies. - cargo hack --remove-dev-deps --workspace - # Update Cargo.lock to minimal version dependencies. - cargo update -Z minimal-versions - cargo check --all-features -fi diff --git a/vendor/bytes/ci/tsan.sh b/vendor/bytes/ci/tsan.sh deleted file mode 100755 index ca520bd7..00000000 --- a/vendor/bytes/ci/tsan.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -ex - -export ASAN_OPTIONS="detect_odr_violation=0 detect_leaks=0" - -# Run address sanitizer -RUSTFLAGS="-Z sanitizer=address" \ -cargo test --target x86_64-unknown-linux-gnu --test test_bytes --test test_buf --test test_buf_mut - -# Run thread sanitizer -RUSTFLAGS="-Z sanitizer=thread" \ -cargo -Zbuild-std test --target x86_64-unknown-linux-gnu --test test_bytes --test test_buf --test test_buf_mut |