feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema.
author: mo khan <mo@mokhan.ca> 2025-07-15 16:37:08 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-17 16:30:22 -0600
commit: 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch)
tree: 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/educe/src/common/int.rs
parent: f94f79608393d4ab127db63cc41668445ef6b243 (diff)
1 files changed, 0 insertions, 63 deletions
diff --git a/vendor/educe/src/common/int.rs b/vendor/educe/src/common/int.rs
deleted file mode 100644
index ae52b491..00000000
--- a/vendor/educe/src/common/int.rs
+++ /dev/null
@@ -1,63 +0,0 @@
-use syn::{spanned::Spanned, Expr, Lit, Meta, MetaNameValue, UnOp};
-
-use super::path::path_to_string;
-
-#[inline]
-pub(crate) fn meta_name_value_2_isize(name_value: &MetaNameValue) -> syn::Result<isize> {
-    match &name_value.value {
-        Expr::Lit(lit) => match &lit.lit {
-            Lit::Str(lit) => {
-                return lit
-                    .value()
-                    .parse::<isize>()
-                    .map_err(|error| syn::Error::new(lit.span(), error))
-            },
-            Lit::Int(lit) => return lit.base10_parse(),
-            _ => (),
-        },
-        Expr::Unary(unary) => {
-            if let UnOp::Neg(_) = unary.op {
-                if let Expr::Lit(lit) = unary.expr.as_ref() {
-                    if let Lit::Int(lit) = &lit.lit {
-                        let s = format!("-{}", lit.base10_digits());
-
-                        return s
-                            .parse::<isize>()
-                            .map_err(|error| syn::Error::new(lit.span(), error));
-                    }
-                }
-            }
-        },
-        _ => (),
-    }
-
-    Err(syn::Error::new(
-        name_value.value.span(),
-        format!("expected `{path} = integer`", path = path_to_string(&name_value.path)),
-    ))
-}
-
-#[inline]
-pub(crate) fn meta_2_isize(meta: &Meta) -> syn::Result<isize> {
-    match &meta {
-        Meta::NameValue(name_value) => meta_name_value_2_isize(name_value),
-        Meta::List(list) => {
-            let lit = list.parse_args::<Lit>()?;
-
-            match &lit {
-                Lit::Str(lit) => {
-                    lit.value().parse::<isize>().map_err(|error| syn::Error::new(lit.span(), error))
-                },
-                Lit::Int(lit) => lit.base10_parse(),
-                _ => Err(syn::Error::new(lit.span(), "not an integer")),
-            }
-        },
-        Meta::Path(path) => Err(syn::Error::new(
-            path.span(),
-            format!(
-                "expected `{path} = integer` or `{path}(integer)`",
-                path = path_to_string(path)
-            ),
-        )),
-    }
-}
author	mo khan <mo@mokhan.ca>	2025-07-15 16:37:08 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-17 16:30:22 -0600
commit	45df4d0d9b577fecee798d672695fe24ff57fb1b (patch)
tree	1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/educe/src/common/int.rs
parent	f94f79608393d4ab127db63cc41668445ef6b243 (diff)