diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/same-file/src/unix.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/same-file/src/unix.rs')
| -rw-r--r-- | vendor/same-file/src/unix.rs | 112 |
1 files changed, 0 insertions, 112 deletions
diff --git a/vendor/same-file/src/unix.rs b/vendor/same-file/src/unix.rs deleted file mode 100644 index fb3d19ff..00000000 --- a/vendor/same-file/src/unix.rs +++ /dev/null @@ -1,112 +0,0 @@ -use std::fs::{File, OpenOptions}; -use std::hash::{Hash, Hasher}; -use std::io; -use std::os::unix::fs::MetadataExt; -use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd, RawFd}; -use std::path::Path; - -#[derive(Debug)] -pub struct Handle { - file: Option<File>, - // If is_std is true, then we don't drop the corresponding File since it - // will close the handle. - is_std: bool, - dev: u64, - ino: u64, -} - -impl Drop for Handle { - fn drop(&mut self) { - if self.is_std { - // unwrap() will not panic. Since we were able to open an - // std stream successfully, then `file` is guaranteed to be Some() - self.file.take().unwrap().into_raw_fd(); - } - } -} - -impl Eq for Handle {} - -impl PartialEq for Handle { - fn eq(&self, other: &Handle) -> bool { - (self.dev, self.ino) == (other.dev, other.ino) - } -} - -impl AsRawFd for crate::Handle { - fn as_raw_fd(&self) -> RawFd { - // unwrap() will not panic. Since we were able to open the - // file successfully, then `file` is guaranteed to be Some() - self.0.file.as_ref().take().unwrap().as_raw_fd() - } -} - -impl IntoRawFd for crate::Handle { - fn into_raw_fd(mut self) -> RawFd { - // unwrap() will not panic. Since we were able to open the - // file successfully, then `file` is guaranteed to be Some() - self.0.file.take().unwrap().into_raw_fd() - } -} - -impl Hash for Handle { - fn hash<H: Hasher>(&self, state: &mut H) { - self.dev.hash(state); - self.ino.hash(state); - } -} - -impl Handle { - pub fn from_path<P: AsRef<Path>>(p: P) -> io::Result<Handle> { - Handle::from_file(OpenOptions::new().read(true).open(p)?) - } - - pub fn from_file(file: File) -> io::Result<Handle> { - let md = file.metadata()?; - Ok(Handle { - file: Some(file), - is_std: false, - dev: md.dev(), - ino: md.ino(), - }) - } - - pub fn from_std(file: File) -> io::Result<Handle> { - Handle::from_file(file).map(|mut h| { - h.is_std = true; - h - }) - } - - pub fn stdin() -> io::Result<Handle> { - Handle::from_std(unsafe { File::from_raw_fd(0) }) - } - - pub fn stdout() -> io::Result<Handle> { - Handle::from_std(unsafe { File::from_raw_fd(1) }) - } - - pub fn stderr() -> io::Result<Handle> { - Handle::from_std(unsafe { File::from_raw_fd(2) }) - } - - pub fn as_file(&self) -> &File { - // unwrap() will not panic. Since we were able to open the - // file successfully, then `file` is guaranteed to be Some() - self.file.as_ref().take().unwrap() - } - - pub fn as_file_mut(&mut self) -> &mut File { - // unwrap() will not panic. Since we were able to open the - // file successfully, then `file` is guaranteed to be Some() - self.file.as_mut().take().unwrap() - } - - pub fn dev(&self) -> u64 { - self.dev - } - - pub fn ino(&self) -> u64 { - self.ino - } -} |