diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/security-framework-sys/src/item.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/security-framework-sys/src/item.rs')
| -rw-r--r-- | vendor/security-framework-sys/src/item.rs | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/vendor/security-framework-sys/src/item.rs b/vendor/security-framework-sys/src/item.rs deleted file mode 100644 index 5427bc99..00000000 --- a/vendor/security-framework-sys/src/item.rs +++ /dev/null @@ -1,93 +0,0 @@ -use core_foundation_sys::string::CFStringRef; - -extern "C" { - pub static kSecClass: CFStringRef; - pub static kSecClassInternetPassword: CFStringRef; - pub static kSecClassGenericPassword: CFStringRef; - pub static kSecClassCertificate: CFStringRef; - pub static kSecClassKey: CFStringRef; - pub static kSecClassIdentity: CFStringRef; - - pub static kSecMatchLimit: CFStringRef; - pub static kSecMatchLimitAll: CFStringRef; - - pub static kSecMatchTrustedOnly: CFStringRef; - pub static kSecMatchCaseInsensitive: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecMatchSubjectWholeString: CFStringRef; - - pub static kSecReturnData: CFStringRef; - pub static kSecReturnAttributes: CFStringRef; - pub static kSecReturnRef: CFStringRef; - pub static kSecReturnPersistentRef: CFStringRef; - - pub static kSecMatchSearchList: CFStringRef; - - pub static kSecAttrApplicationLabel: CFStringRef; - pub static kSecAttrKeyType: CFStringRef; - pub static kSecAttrLabel: CFStringRef; - pub static kSecAttrIsPermanent: CFStringRef; - pub static kSecAttrPublicKeyHash: CFStringRef; - pub static kSecAttrSerialNumber: CFStringRef; - pub static kSecPrivateKeyAttrs: CFStringRef; - pub static kSecPublicKeyAttrs: CFStringRef; - - pub static kSecAttrKeyClass: CFStringRef; - pub static kSecAttrKeyClassPublic: CFStringRef; - pub static kSecAttrKeyClassPrivate: CFStringRef; - pub static kSecAttrKeyClassSymmetric: CFStringRef; - - pub static kSecUseKeychain: CFStringRef; - #[cfg(any(feature = "OSX_10_15", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecUseDataProtectionKeychain: CFStringRef; - #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecAttrTokenID: CFStringRef; - #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecAttrTokenIDSecureEnclave: CFStringRef; - #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecUseAuthenticationContext: CFStringRef; - #[cfg(any(feature = "OSX_10_13", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecAttrSynchronizable: CFStringRef; - - pub static kSecAttrKeySizeInBits: CFStringRef; - - pub static kSecAttrKeyTypeECSECPrimeRandom: CFStringRef; - pub static kSecAttrKeyTypeRSA: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyTypeDSA: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyTypeAES: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyTypeDES: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyType3DES: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyTypeRC4: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyTypeRC2: CFStringRef; - #[cfg(target_os = "macos")] - pub static kSecAttrKeyTypeCAST: CFStringRef; - pub static kSecAttrKeyTypeEC: CFStringRef; - - pub static kSecAttrAccessGroup: CFStringRef; - pub static kSecAttrAccessGroupToken: CFStringRef; - - #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecKeyKeyExchangeParameterRequestedSize: CFStringRef; - #[cfg(any(feature = "OSX_10_12", target_os = "ios", target_os = "tvos", target_os = "watchos", target_os = "visionos"))] - pub static kSecKeyKeyExchangeParameterSharedInfo: CFStringRef; - - pub static kSecAttrAuthenticationType: CFStringRef; - pub static kSecAttrComment: CFStringRef; - pub static kSecAttrDescription: CFStringRef; - pub static kSecAttrPath: CFStringRef; - pub static kSecAttrPort: CFStringRef; - pub static kSecAttrProtocol: CFStringRef; - pub static kSecAttrSecurityDomain: CFStringRef; - pub static kSecAttrServer: CFStringRef; - pub static kSecAttrService: CFStringRef; - pub static kSecAttrAccessControl: CFStringRef; - pub static kSecAttrAccount: CFStringRef; - pub static kSecValueData: CFStringRef; - pub static kSecValueRef: CFStringRef; -} |