diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/security-framework/src/base.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/security-framework/src/base.rs')
| -rw-r--r-- | vendor/security-framework/src/base.rs | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/vendor/security-framework/src/base.rs b/vendor/security-framework/src/base.rs deleted file mode 100644 index e790d95c..00000000 --- a/vendor/security-framework/src/base.rs +++ /dev/null @@ -1,88 +0,0 @@ -//! Support types for other modules. - -use core_foundation::string::CFString; -use core_foundation_sys::base::OSStatus; -use std::error; -use std::fmt; -use std::num::NonZeroI32; -use std::result; - -/// A `Result` type commonly returned by functions. -pub type Result<T, E = Error> = result::Result<T, E>; - -/// A Security Framework error. -#[derive(Copy, Clone)] -pub struct Error(NonZeroI32); - -impl fmt::Debug for Error { - #[cold] - fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { - let mut builder = fmt.debug_struct("Error"); - builder.field("code", &self.0); - if let Some(message) = self.message() { - builder.field("message", &message); - } - builder.finish() - } -} - -impl Error { - /// Creates a new `Error` from a status code. - /// The code must not be zero - #[inline] - #[must_use] - pub fn from_code(code: OSStatus) -> Self { - Self(NonZeroI32::new(code).unwrap_or_else(|| NonZeroI32::new(1).unwrap())) - } - - /// Returns a string describing the current error, if available. - #[inline(always)] - #[must_use] - pub fn message(self) -> Option<String> { - self.inner_message() - } - - #[cold] - fn inner_message(self) -> Option<String> { - use core_foundation::base::TCFType; - use security_framework_sys::base::SecCopyErrorMessageString; - use std::ptr; - - unsafe { - let s = SecCopyErrorMessageString(self.code(), ptr::null_mut()); - if s.is_null() { - None - } else { - Some(CFString::wrap_under_create_rule(s).to_string()) - } - } - } - - /// Returns the code of the current error. - #[inline(always)] - #[must_use] - pub fn code(self) -> OSStatus { - self.0.get() as _ - } -} - -impl From<OSStatus> for Error { - #[inline(always)] - #[must_use] - fn from(code: OSStatus) -> Self { - Self::from_code(code) - } -} - -impl fmt::Display for Error { - #[cold] - fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result { - if let Some(message) = self.message() { - write!(fmt, "{message}") - } else { - write!(fmt, "error code {}", self.code()) - } - } -} - -impl error::Error for Error {} |