summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2025-07-17feat: migrate from Cedar to SpiceDB authorization systemmo khan
This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema.
2025-07-14chore: fix linter error with type complexitymo khan
2025-07-14chore: handle health checks in envoy rather than authzdmo khan
2025-07-14chore: run authzd on 50052 instead of 50051 to prevent port collisionmo khan
2025-07-14refactor: delegate to api#getmo khan
2025-07-14chore: fix more linter errorsmo khan
2025-07-14chore: fix linter errorsmo khan
2025-07-14refactor: delegate to api.get functionmo khan
2025-07-14refactor: extract method to make GET api callmo khan
2025-07-11fix: load policies from relative pathmo khan
2025-07-11chore: add principal, action and resource to logmo khan
2025-07-11chore: tidy up request logsmo khan
2025-07-11chore: provide default value for bind addr and fix Procfilemo khan
2025-07-11refactor: merge the server and cli into a single binarymo khan
2025-07-10feat: add access_level to entities.jsonmo khan
2025-07-10fix: allow authenticated+authorized users to create Sparklesmo khan
2025-07-10feat: provide the http method and path as the action and resourcemo khan
2025-07-10refactor: remove unused context valuemo khan
2025-07-10chore: validate the generated entities.jsonmo khan
2025-07-10refactor: pass api client to repository ctormo khan
2025-07-10refactor: pass project path to all()mo khan
2025-07-10refactor: extract an api typemo khan
2025-07-10refactor: move gitlab types to a separate modulemo khan
2025-07-10refactor: rename to fetch_hierarchymo khan
2025-07-10refactor: remove hard-coded organizationmo khan
2025-07-10refactor: rename generate to allmo khan
2025-07-10refactor: move functions to repository typemo khan
2025-07-10feat: hack together a CLI to generate an entitites.json filemo khan
2025-07-10feat: extract JWT subject claim headermo khan
2025-07-09refactor: combine conditionalsmo khan
2025-07-09refactor: use map_or instead of match expressionmo khan
2025-07-09refactor: inline file_path variablemo khan
2025-07-09refactor: recursively load files and directoriesmo khan
2025-07-09fix: use PolicySet#merge to merge policies from multiple filesmo khan
2025-07-09chore: print error when policies cannot be loadedmo khan
2025-07-05chore: remove println!mo khan
2025-07-05refactor: pass the PaC autorizer to the server to allow trying different onesmo khan
2025-07-05chore: remove unhelpful loggingmo khan
2025-07-05feat: allow requests from localhostmo khan
2025-07-05refactor: inline cedar policy namespacemo khan
2025-07-05refactor: remove cedar aliasesmo khan
2025-07-05refactor: provide cedar entities in constructormo khan
2025-07-05chore: log the decision and diagnosticsmo khan
2025-07-05fix: fix typo in cedar policy filemo khan
2025-07-04refactor: move hard coded checks with cedar policymo khan
2025-07-04refactor: inline variablesmo khan
2025-07-04refactor: extract method to parse permissionmo khan
2025-07-04refactor: extract method to parse principalmo khan
2025-07-04refactor: extract method to convert http request to cedar contextmo khan
2025-07-04refactor: map from http request to cedar requestmo khan
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 20:52:42 +0000