diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/logos-codegen/src/generator/tables.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/logos-codegen/src/generator/tables.rs')
| -rw-r--r-- | vendor/logos-codegen/src/generator/tables.rs | 77 |
1 files changed, 0 insertions, 77 deletions
diff --git a/vendor/logos-codegen/src/generator/tables.rs b/vendor/logos-codegen/src/generator/tables.rs deleted file mode 100644 index f1e53273..00000000 --- a/vendor/logos-codegen/src/generator/tables.rs +++ /dev/null @@ -1,77 +0,0 @@ -use crate::util::ToIdent; -use proc_macro2::{Literal, TokenStream}; -use quote::{quote, ToTokens}; -use syn::Ident; - -pub struct TableStack { - tables: Vec<(Ident, [u8; 256])>, - shift: u8, -} - -pub struct TableView<'a> { - ident: &'a Ident, - table: &'a mut [u8; 256], - mask: u8, -} - -impl TableStack { - pub fn new() -> Self { - TableStack { - tables: vec![("COMPACT_TABLE_0".to_ident(), [0; 256])], - shift: 0, - } - } - - pub fn view(&mut self) -> TableView { - let mask = if self.shift < 8 { - // Reusing existing table with a shifted mask - let mask = 1u8 << self.shift; - - self.shift += 1; - - mask - } else { - // Need to create a new table - let ident = format!("COMPACT_TABLE_{}", self.tables.len()).to_ident(); - - self.tables.push((ident, [0; 256])); - self.shift = 1; - - 1 - }; - - let (ref ident, ref mut table) = self.tables.last_mut().unwrap(); - - TableView { ident, table, mask } - } -} - -impl<'a> TableView<'a> { - pub fn ident(&self) -> &'a Ident { - self.ident - } - - pub fn flag(&mut self, byte: u8) { - self.table[byte as usize] |= self.mask; - } - - pub fn mask(&self) -> Literal { - Literal::u8_unsuffixed(self.mask) - } -} - -impl ToTokens for TableStack { - fn to_tokens(&self, out: &mut TokenStream) { - if self.shift == 0 { - return; - } - - for (ident, table) in self.tables.iter() { - let bytes = table.iter().copied().map(Literal::u8_unsuffixed); - - out.extend(quote! { - static #ident: [u8; 256] = [#(#bytes),*]; - }); - } - } -} |