diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/hyper-rustls/tests | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/hyper-rustls/tests')
| -rw-r--r-- | vendor/hyper-rustls/tests/tests.rs | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/vendor/hyper-rustls/tests/tests.rs b/vendor/hyper-rustls/tests/tests.rs deleted file mode 100644 index 91572bc5..00000000 --- a/vendor/hyper-rustls/tests/tests.rs +++ /dev/null @@ -1,102 +0,0 @@ -use std::env; -use std::net::TcpStream; -use std::path::PathBuf; -use std::process::Command; -use std::thread; -use std::time; - -fn examples_dir() -> PathBuf { - let target_dir: PathBuf = env::var("CARGO_TARGET_DIR") - .unwrap_or_else(|_| "target".to_string()) - .into(); - target_dir - .join("debug") - .join("examples") -} - -fn server_command() -> Command { - Command::new(examples_dir().join("server")) -} - -fn client_command() -> Command { - Command::new(examples_dir().join("client")) -} - -fn wait_for_server(addr: &str) { - for i in 0..10 { - if TcpStream::connect(addr).is_ok() { - return; - } - thread::sleep(time::Duration::from_millis(i * 100)); - } - panic!("failed to connect to {:?} after 10 tries", addr); -} - -#[test] -fn client() { - let rc = client_command() - .arg("https://google.com") - .output() - .expect("cannot run client example"); - - assert!(rc.status.success()); -} - -#[test] -fn server() { - let mut srv = server_command() - .arg("1337") - .spawn() - .expect("cannot run server example"); - - let addr = "localhost:1337"; - wait_for_server(addr); - - let output = Command::new("curl") - .arg("--insecure") - .arg("--http1.0") - .arg(format!("https://{}", addr)) - .output() - .expect("cannot run curl"); - - srv.kill().unwrap(); - srv.wait() - .expect("failed to wait on server process"); - - if !output.status.success() { - let version_stdout = Command::new("curl") - .arg("--version") - .output() - .expect("cannot run curl to collect --version") - .stdout; - println!("curl version: {}", String::from_utf8_lossy(&version_stdout)); - println!("curl stderr:\n{}", String::from_utf8_lossy(&output.stderr)); - } - - assert_eq!(String::from_utf8_lossy(&output.stdout), "Try POST /echo\n"); -} - -#[test] -fn custom_ca_store() { - let mut srv = server_command() - .arg("1338") - .spawn() - .expect("cannot run server example"); - - let addr = "localhost:1338"; - wait_for_server(addr); - - let rc = client_command() - .arg(format!("https://{}", addr)) - .arg("examples/sample.pem") - .output() - .expect("cannot run client example"); - - srv.kill().unwrap(); - srv.wait() - .expect("failed to wait on server process"); - - if !rc.status.success() { - assert_eq!(String::from_utf8_lossy(&rc.stdout), ""); - } -} |