diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/security-framework-sys/src/base.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/security-framework-sys/src/base.rs')
| -rw-r--r-- | vendor/security-framework-sys/src/base.rs | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/vendor/security-framework-sys/src/base.rs b/vendor/security-framework-sys/src/base.rs deleted file mode 100644 index fafc57cc..00000000 --- a/vendor/security-framework-sys/src/base.rs +++ /dev/null @@ -1,68 +0,0 @@ -use core_foundation_sys::base::OSStatus; -use core_foundation_sys::string::CFStringRef; -use std::os::raw::c_void; - -pub enum OpaqueSecKeychainRef {} -pub type SecKeychainRef = *mut OpaqueSecKeychainRef; - -pub enum OpaqueSecKeychainItemRef {} -pub type SecKeychainItemRef = *mut OpaqueSecKeychainItemRef; - -// OSType from MacTypes.h -pub type SecKeychainAttrType = u32; - -#[repr(C)] -#[derive(Copy, Clone)] -pub struct SecKeychainAttribute { - pub tag: SecKeychainAttrType, - pub length: u32, - pub data: *mut c_void, -} - -#[repr(C)] -#[derive(Copy, Clone)] -pub struct SecKeychainAttributeList { - pub count: u32, - pub attr: *mut SecKeychainAttribute, -} - -pub enum OpaqueSecCertificateRef {} -pub type SecCertificateRef = *mut OpaqueSecCertificateRef; - -pub enum OpaqueSecAccessRef {} -pub type SecAccessRef = *mut OpaqueSecAccessRef; - -pub enum OpaqueSecAccessControlRef {} -pub type SecAccessControlRef = *mut OpaqueSecAccessControlRef; - -pub enum OpaqueSecKeyRef {} -pub type SecKeyRef = *mut OpaqueSecKeyRef; - -pub enum OpaqueSecIdentityRef {} -pub type SecIdentityRef = *mut OpaqueSecIdentityRef; - -pub enum OpaqueSecPolicyRef {} -pub type SecPolicyRef = *mut OpaqueSecPolicyRef; - -pub const errSecSuccess: OSStatus = 0; -pub const errSecUnimplemented: OSStatus = -4; -pub const errSecIO: OSStatus = -36; -pub const errSecParam: OSStatus = -50; -pub const errSecBadReq: OSStatus = -909; -pub const errSecNoTrustSettings: OSStatus = -25263; -pub const errSecAuthFailed: OSStatus = -25293; -pub const errSecDuplicateItem: OSStatus = -25299; -pub const errSecItemNotFound: OSStatus = -25300; -pub const errSecCreateChainFailed: OSStatus = -25318; -pub const errSecConversionError: OSStatus = -67594; -pub const errSecHostNameMismatch: OSStatus = -67602; -pub const errSecInvalidExtendedKeyUsage: OSStatus = -67609; -pub const errSecTrustSettingDeny: OSStatus = -67654; -pub const errSecCertificateRevoked: OSStatus = -67820; -pub const errSecNotTrusted: OSStatus = -67843; -pub const errSecInternalComponent: OSStatus = -2070; - -extern "C" { - // this is available on iOS 11.3+, MacOS 10.3+ - pub fn SecCopyErrorMessageString(status: OSStatus, reserved: *mut c_void) -> CFStringRef; -} |