feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema.
author: mo khan <mo@mokhan.ca> 2025-07-15 16:37:08 -0600
committer: mo khan <mo@mokhan.ca> 2025-07-17 16:30:22 -0600
commit: 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch)
tree: 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/logos-codegen/src/parser/nested.rs
parent: f94f79608393d4ab127db63cc41668445ef6b243 (diff)
1 files changed, 0 insertions, 146 deletions
diff --git a/vendor/logos-codegen/src/parser/nested.rs b/vendor/logos-codegen/src/parser/nested.rs
deleted file mode 100644
index 44ecaeac..00000000
--- a/vendor/logos-codegen/src/parser/nested.rs
+++ /dev/null
@@ -1,146 +0,0 @@
-use proc_macro2::token_stream::IntoIter as TokenIter;
-use proc_macro2::{Ident, Literal, TokenStream, TokenTree};
-use quote::quote;
-
-use crate::util::{expect_punct, is_punct};
-
-pub enum NestedValue {
-    /// `name = ...`
-    Assign(TokenStream),
-    /// `name "literal"`
-    Literal(Literal),
-    /// `name(...)`
-    Group(TokenStream),
-    /// `name ident = ...`
-    KeywordAssign(Ident, TokenStream),
-}
-
-pub enum Nested {
-    /// Unnamed nested attribute, such as a string,
-    /// callback closure, or a lone ident/path
-    ///
-    /// Note: a lone ident will be Named with no value instead
-    Unnamed(TokenStream),
-    /// Named: name ...
-    Named(Ident, NestedValue),
-    /// Unexpected token,
-    Unexpected(TokenStream),
-}
-
-pub struct AttributeParser {
-    inner: TokenIter,
-}
-
-pub struct Empty;
-
-impl From<Empty> for TokenStream {
-    fn from(_: Empty) -> TokenStream {
-        TokenStream::new()
-    }
-}
-
-impl AttributeParser {
-    pub fn new(stream: TokenStream) -> Self {
-        AttributeParser {
-            inner: stream.into_iter(),
-        }
-    }
-
-    pub fn parsed<T>(&mut self) -> Option<syn::Result<T>>
-    where
-        T: syn::parse::Parse,
-    {
-        let tokens = self.collect_tail(TokenStream::new());
-
-        if tokens.is_empty() {
-            return None;
-        }
-
-        Some(syn::parse2(tokens))
-    }
-
-    fn next_tt(&mut self) -> Option<TokenTree> {
-        expect_punct(self.inner.next(), ',')
-    }
-
-    fn collect_tail<T>(&mut self, first: T) -> TokenStream
-    where
-        T: Into<TokenStream>,
-    {
-        let mut out = first.into();
-
-        while let Some(tt) = self.next_tt() {
-            out.extend(Some(tt));
-        }
-
-        out
-    }
-
-    fn parse_unnamed(&mut self, first: Ident, next: TokenTree) -> Nested {
-        let mut out = TokenStream::from(TokenTree::Ident(first));
-
-        out.extend(self.collect_tail(next));
-
-        Nested::Unnamed(out.into_iter().collect())
-    }
-
-    fn parse_assign(&mut self, name: Ident) -> Nested {
-        let value = self.collect_tail(Empty);
-
-        Nested::Named(name, NestedValue::Assign(value))
-    }
-
-    fn parse_literal(&mut self, name: Ident, lit: Literal) -> Nested {
-        // TODO: Error if there are any tokens following
-        let _ = self.collect_tail(Empty);
-
-        Nested::Named(name, NestedValue::Literal(lit))
-    }
-
-    fn parse_group(&mut self, name: Ident, group: TokenStream) -> Nested {
-        Nested::Named(name, NestedValue::Group(group))
-    }
-
-    fn parse_keyword(&mut self, keyword: Ident, name: Ident) -> Nested {
-        let error = expect_punct(self.next_tt(), '=');
-
-        match error {
-            Some(error) => {
-                let error = self.collect_tail(error);
-
-                Nested::Unexpected(error)
-            }
-            None => {
-                let value = self.collect_tail(Empty);
-
-                Nested::Named(keyword, NestedValue::KeywordAssign(name, value))
-            }
-        }
-    }
-}
-
-impl Iterator for AttributeParser {
-    type Item = Nested;
-
-    fn next(&mut self) -> Option<Nested> {
-        let first = self.inner.next()?;
-
-        let name = match first {
-            TokenTree::Ident(ident) => ident,
-            tt => {
-                let stream = self.collect_tail(tt);
-
-                return Some(Nested::Unnamed(stream.into_iter().collect()));
-            }
-        };
-
-        match self.next_tt() {
-            Some(tt) if is_punct(&tt, '=') => Some(self.parse_assign(name)),
-            Some(TokenTree::Literal(lit)) => Some(self.parse_literal(name, lit)),
-            Some(TokenTree::Group(group)) => Some(self.parse_group(name, group.stream())),
-            Some(TokenTree::Ident(next)) => Some(self.parse_keyword(name, next)),
-            Some(next) => Some(self.parse_unnamed(name, next)),
-            None => Some(Nested::Unnamed(quote!(#name))),
-        }
-    }
-}
author	mo khan <mo@mokhan.ca>	2025-07-15 16:37:08 -0600
committer	mo khan <mo@mokhan.ca>	2025-07-17 16:30:22 -0600
commit	45df4d0d9b577fecee798d672695fe24ff57fb1b (patch)
tree	1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/logos-codegen/src/parser/nested.rs
parent	f94f79608393d4ab127db63cc41668445ef6b243 (diff)