summaryrefslogtreecommitdiff
path: root/pkg/authz
AgeCommit message (Collapse)Author
2025-09-12refactor: extract function to inject project ids headergkg-inject-idsmo khan
2025-09-12feat: inject project ids in request before forwardingmo khan
2025-09-10chore: remove spice_ prefix from log keysmo khan
2025-07-18feat: authorize http resourcesmo khan
2025-07-18refactor: use * to represent publicmo khan
2025-07-18refactor: extract type mappings for check servicemo khan
2025-07-17feat: migrate from Cedar to SpiceDB authorization systemmo khan
This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema.
2025-05-02refactor: remove anything unrelated to the authz daemonmo khan
2025-04-04refactor: switch to zerolog loggermo khan
2025-04-02fix: add app to default global idmo khan
2025-04-02refactor: combine cedar policies and add testsmo khan
2025-04-02refactor: move policies and entities in policies packagemo khan
2025-03-28refactor: move authorizers into authz packagemo khan
2025-03-27feat: start to add structured loggingmo khan
2025-03-15refactor: authorize unsigned JWT in requestsmo khan
2025-03-13refactor: extract authz interface to test out different PaC librariesmo khan
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 17:23:02 +0000