feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema.
author: mo khan <mo@mokhan.ca> 2025-07-15 16:37:08 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-17 16:30:22 -0600
commit: 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch)
tree: 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/github.com/google/yamlfmt/internal/collections
parent: f94f79608393d4ab127db63cc41668445ef6b243 (diff)
3 files changed, 129 insertions, 0 deletions
diff --git a/vendor/github.com/google/yamlfmt/internal/collections/errors.go b/vendor/github.com/google/yamlfmt/internal/collections/errors.go
new file mode 100644
index 00000000..c800700c
--- /dev/null
+++ b/vendor/github.com/google/yamlfmt/internal/collections/errors.go
@@ -0,0 +1,34 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package collections
+
+import "errors"
+
+type Errors []error
+
+func (errs Errors) Combine() error {
+	errMessage := ""
+
+	for _, err := range errs {
+		if err != nil {
+			errMessage += err.Error() + "\n"
+		}
+	}
+
+	if len(errMessage) == 0 {
+		return nil
+	}
+	return errors.New(errMessage)
+}
diff --git a/vendor/github.com/google/yamlfmt/internal/collections/set.go b/vendor/github.com/google/yamlfmt/internal/collections/set.go
new file mode 100644
index 00000000..97f70bc3
--- /dev/null
+++ b/vendor/github.com/google/yamlfmt/internal/collections/set.go
@@ -0,0 +1,71 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package collections
+
+type Set[T comparable] map[T]struct{}
+
+func (s Set[T]) Add(el ...T) {
+	for _, el := range el {
+		s[el] = struct{}{}
+	}
+}
+
+func (s Set[T]) Remove(el T) bool {
+	if !s.Contains(el) {
+		return false
+	}
+	delete(s, el)
+	return true
+}
+
+func (s Set[T]) Contains(el T) bool {
+	_, ok := s[el]
+	return ok
+}
+
+func (s Set[T]) ToSlice() []T {
+	sl := []T{}
+	for el := range s {
+		sl = append(sl, el)
+	}
+	return sl
+}
+
+func (s Set[T]) Clone() Set[T] {
+	newSet := Set[T]{}
+	for el := range s {
+		newSet.Add(el)
+	}
+	return newSet
+}
+
+func (s Set[T]) Equals(rhs Set[T]) bool {
+	if len(s) != len(rhs) {
+		return false
+	}
+	rhsClone := rhs.Clone()
+	for el := range s {
+		rhsClone.Remove(el)
+	}
+	return len(rhsClone) == 0
+}
+
+func SliceToSet[T comparable](sl []T) Set[T] {
+	set := Set[T]{}
+	for _, el := range sl {
+		set.Add(el)
+	}
+	return set
+}
diff --git a/vendor/github.com/google/yamlfmt/internal/collections/slice.go b/vendor/github.com/google/yamlfmt/internal/collections/slice.go
new file mode 100644
index 00000000..b4a9f3b6
--- /dev/null
+++ b/vendor/github.com/google/yamlfmt/internal/collections/slice.go
@@ -0,0 +1,24 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package collections
+
+func SliceContains[T comparable](haystack []T, needle T) bool {
+	for _, e := range haystack {
+		if e == needle {
+			return true
+		}
+	}
+	return false
+}
author	mo khan <mo@mokhan.ca>	2025-07-15 16:37:08 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-17 16:30:22 -0600
commit	45df4d0d9b577fecee798d672695fe24ff57fb1b (patch)
tree	1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/github.com/google/yamlfmt/internal/collections
parent	f94f79608393d4ab127db63cc41668445ef6b243 (diff)