gitlab/authzd.git - Authorization daemon

Age	Commit message (Collapse)	Author
2025-07-17	feat: migrate from Cedar to SpiceDB authorization system	mo khan
	This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema.
2025-07-09	chore: remove id annotations	mo khan

2025-07-09	test: consolidate some of the duplicate tests	mo khan

2025-07-09	fix: decorate policies with unique name to prevent collision	mo khan

2025-07-09	chore: split sparkle policies into separate file	mo khan

2025-07-05	chore: use cedar policy cli to format and lint cedar policies	mo khan

2025-07-05	refactor: remove duplicate path in cedar policy	mo khan

2025-07-05	feat: allow requests from localhost	mo khan

2025-07-05	refactor: remove action check in policy	mo khan

2025-07-05	feat: allow access from production sparkle	mo khan

2025-07-05	refactor: remove duplication from cedar policy	mo khan

2025-07-05	fix: fix typo in cedar policy file	mo khan

2025-07-04	test: add missing public asset tests	mo khan

2025-07-04	refactor: move hard coded checks with cedar policy	mo khan

2025-06-27	style: reformat the cedar policy	mo khan

2025-06-26	refactor: try to move policy files to /etc/authzd/	mo khan