diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/hyper/src/ffi/macros.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/hyper/src/ffi/macros.rs')
| -rw-r--r-- | vendor/hyper/src/ffi/macros.rs | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/vendor/hyper/src/ffi/macros.rs b/vendor/hyper/src/ffi/macros.rs deleted file mode 100644 index 022711ba..00000000 --- a/vendor/hyper/src/ffi/macros.rs +++ /dev/null @@ -1,53 +0,0 @@ -macro_rules! ffi_fn { - ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) -> $ret:ty $body:block ?= $default:expr) => { - $(#[$doc])* - #[no_mangle] - pub extern fn $name($($arg: $arg_ty),*) -> $ret { - use std::panic::{self, AssertUnwindSafe}; - - match panic::catch_unwind(AssertUnwindSafe(move || $body)) { - Ok(v) => v, - Err(_) => { - $default - } - } - } - }; - - ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) -> $ret:ty $body:block) => { - ffi_fn!($(#[$doc])* fn $name($($arg: $arg_ty),*) -> $ret $body ?= { - eprintln!("panic unwind caught, aborting"); - std::process::abort() - }); - }; - - ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) $body:block ?= $default:expr) => { - ffi_fn!($(#[$doc])* fn $name($($arg: $arg_ty),*) -> () $body ?= $default); - }; - - ($(#[$doc:meta])* fn $name:ident($($arg:ident: $arg_ty:ty),*) $body:block) => { - ffi_fn!($(#[$doc])* fn $name($($arg: $arg_ty),*) -> () $body); - }; -} - -macro_rules! non_null { - ($ptr:ident, $eval:expr, $err:expr) => {{ - debug_assert!(!$ptr.is_null(), "{:?} must not be null", stringify!($ptr)); - if $ptr.is_null() { - return $err; - } - unsafe { $eval } - }}; - (&*$ptr:ident ?= $err:expr) => {{ - non_null!($ptr, &*$ptr, $err) - }}; - (&mut *$ptr:ident ?= $err:expr) => {{ - non_null!($ptr, &mut *$ptr, $err) - }}; - (Box::from_raw($ptr:ident) ?= $err:expr) => {{ - non_null!($ptr, Box::from_raw($ptr), $err) - }}; - (Arc::from_raw($ptr:ident) ?= $err:expr) => {{ - non_null!($ptr, Arc::from_raw($ptr), $err) - }}; -} |