diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/tower-layer/src/stack.rs | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/tower-layer/src/stack.rs')
| -rw-r--r-- | vendor/tower-layer/src/stack.rs | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/vendor/tower-layer/src/stack.rs b/vendor/tower-layer/src/stack.rs deleted file mode 100644 index cb6bac7b..00000000 --- a/vendor/tower-layer/src/stack.rs +++ /dev/null @@ -1,62 +0,0 @@ -use super::Layer; -use std::fmt; - -/// Two middlewares chained together. -#[derive(Clone)] -pub struct Stack<Inner, Outer> { - inner: Inner, - outer: Outer, -} - -impl<Inner, Outer> Stack<Inner, Outer> { - /// Create a new `Stack`. - pub const fn new(inner: Inner, outer: Outer) -> Self { - Stack { inner, outer } - } -} - -impl<S, Inner, Outer> Layer<S> for Stack<Inner, Outer> -where - Inner: Layer<S>, - Outer: Layer<Inner::Service>, -{ - type Service = Outer::Service; - - fn layer(&self, service: S) -> Self::Service { - let inner = self.inner.layer(service); - - self.outer.layer(inner) - } -} - -impl<Inner, Outer> fmt::Debug for Stack<Inner, Outer> -where - Inner: fmt::Debug, - Outer: fmt::Debug, -{ - fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - // The generated output of nested `Stack`s is very noisy and makes - // it harder to understand what is in a `ServiceBuilder`. - // - // Instead, this output is designed assuming that a `Stack` is - // usually quite nested, and inside a `ServiceBuilder`. Therefore, - // this skips using `f.debug_struct()`, since each one would force - // a new layer of indentation. - // - // - In compact mode, a nested stack ends up just looking like a flat - // list of layers. - // - // - In pretty mode, while a newline is inserted between each layer, - // the `DebugStruct` used in the `ServiceBuilder` will inject padding - // to that each line is at the same indentation level. - // - // Also, the order of [outer, inner] is important, since it reflects - // the order that the layers were added to the stack. - if f.alternate() { - // pretty - write!(f, "{:#?},\n{:#?}", self.outer, self.inner) - } else { - write!(f, "{:?}, {:?}", self.outer, self.inner) - } - } -} |