diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/educe/src/common/bound.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/educe/src/common/bound.rs')
| -rw-r--r-- | vendor/educe/src/common/bound.rs | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/vendor/educe/src/common/bound.rs b/vendor/educe/src/common/bound.rs deleted file mode 100644 index 78f9aed4..00000000 --- a/vendor/educe/src/common/bound.rs +++ /dev/null @@ -1,57 +0,0 @@ -use syn::{punctuated::Punctuated, token::Comma, GenericParam, Meta, Path, Type, WherePredicate}; - -use crate::common::where_predicates_bool::{ - create_where_predicates_from_all_generic_parameters, - create_where_predicates_from_generic_parameters_check_types, meta_2_where_predicates, - WherePredicates, WherePredicatesOrBool, -}; - -pub(crate) enum Bound { - Disabled, - Auto, - Custom(WherePredicates), - All, -} - -impl Bound { - #[inline] - pub(crate) fn from_meta(meta: &Meta) -> syn::Result<Self> { - debug_assert!(meta.path().is_ident("bound")); - - Ok(match meta_2_where_predicates(meta)? { - WherePredicatesOrBool::WherePredicates(where_predicates) => { - Self::Custom(where_predicates) - }, - WherePredicatesOrBool::Bool(b) => { - if b { - Self::Auto - } else { - Self::Disabled - } - }, - WherePredicatesOrBool::All => Self::All, - }) - } -} - -impl Bound { - #[inline] - pub(crate) fn into_where_predicates_by_generic_parameters_check_types( - self, - params: &Punctuated<GenericParam, Comma>, - bound_trait: &Path, - types: &[&Type], - supertraits: &[proc_macro2::TokenStream], - ) -> Punctuated<WherePredicate, Comma> { - match self { - Self::Disabled => Punctuated::new(), - Self::Auto => create_where_predicates_from_generic_parameters_check_types( - bound_trait, - types, - supertraits, - ), - Self::Custom(where_predicates) => where_predicates, - Self::All => create_where_predicates_from_all_generic_parameters(params, bound_trait), - } - } -} |