diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go')
| -rw-r--r-- | vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go new file mode 100644 index 00000000..2929a581 --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/annotations/resource.pb.validate.go @@ -0,0 +1,141 @@ +//go:build !disable_pgv +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: envoy/annotations/resource.proto + +package annotations + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on ResourceAnnotation with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *ResourceAnnotation) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ResourceAnnotation with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ResourceAnnotationMultiError, or nil if none found. +func (m *ResourceAnnotation) ValidateAll() error { + return m.validate(true) +} + +func (m *ResourceAnnotation) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Type + + if len(errors) > 0 { + return ResourceAnnotationMultiError(errors) + } + + return nil +} + +// ResourceAnnotationMultiError is an error wrapping multiple validation errors +// returned by ResourceAnnotation.ValidateAll() if the designated constraints +// aren't met. +type ResourceAnnotationMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ResourceAnnotationMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ResourceAnnotationMultiError) AllErrors() []error { return m } + +// ResourceAnnotationValidationError is the validation error returned by +// ResourceAnnotation.Validate if the designated constraints aren't met. +type ResourceAnnotationValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ResourceAnnotationValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ResourceAnnotationValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ResourceAnnotationValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ResourceAnnotationValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ResourceAnnotationValidationError) ErrorName() string { + return "ResourceAnnotationValidationError" +} + +// Error satisfies the builtin error interface +func (e ResourceAnnotationValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sResourceAnnotation.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ResourceAnnotationValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ResourceAnnotationValidationError{} |