diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/tempfile/src/env.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/tempfile/src/env.rs')
| -rw-r--r-- | vendor/tempfile/src/env.rs | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/vendor/tempfile/src/env.rs b/vendor/tempfile/src/env.rs deleted file mode 100644 index b9574510..00000000 --- a/vendor/tempfile/src/env.rs +++ /dev/null @@ -1,44 +0,0 @@ -use std::env; -use std::path::{Path, PathBuf}; - -// Once rust 1.70 is wide-spread (Debian stable), we can use OnceLock from stdlib. -use once_cell::sync::OnceCell as OnceLock; - -static DEFAULT_TEMPDIR: OnceLock<PathBuf> = OnceLock::new(); - -/// Override the default temporary directory (defaults to [`std::env::temp_dir`]). This function -/// changes the _global_ default temporary directory for the entire program and should not be called -/// except in exceptional cases where it's not configured correctly by the platform. Applications -/// should first check if the path returned by [`env::temp_dir`] is acceptable. -/// -/// Only the first call to this function will succeed. All further calls will fail with `Err(path)` -/// where `path` is previously set default temporary directory override. -/// -/// **NOTE:** This function does not check if the specified directory exists and/or is writable. -pub fn override_temp_dir(path: &Path) -> Result<(), PathBuf> { - let mut we_set = false; - let val = DEFAULT_TEMPDIR.get_or_init(|| { - we_set = true; - path.to_path_buf() - }); - if we_set { - Ok(()) - } else { - Err(val.to_owned()) - } -} - -/// Returns the default temporary directory, used for both temporary directories and files if no -/// directory is explicitly specified. -/// -/// This function simply delegates to [`std::env::temp_dir`] unless the default temporary directory -/// has been override by a call to [`override_temp_dir`]. -/// -/// **NOTE:** This function does check if the returned directory exists and/or is writable. -pub fn temp_dir() -> PathBuf { - DEFAULT_TEMPDIR - .get() - .map(|p| p.to_owned()) - // Don't cache this in case the user uses std::env::set to change the temporary directory. - .unwrap_or_else(env::temp_dir) -} |