From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 16:37:08 -0600
Subject: feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
---
 pkg/pls/log.go | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 pkg/pls/log.go

(limited to 'pkg/pls')

diff --git a/pkg/pls/log.go b/pkg/pls/log.go
new file mode 100644
index 00000000..14eb7db0
--- /dev/null
+++ b/pkg/pls/log.go
@@ -0,0 +1,50 @@
+package pls
+
+import (
+	"context"
+
+	"github.com/rs/zerolog"
+	"github.com/xlgmokha/x/pkg/log"
+	"google.golang.org/grpc"
+)
+
+func LogError(ctx context.Context, err error) {
+	if err != nil {
+		log.WithFields(ctx, log.Fields{"error": err})
+	}
+}
+
+func LogErrorNow(ctx context.Context, err error) {
+	defer FlushLog(ctx)
+
+	LogError(ctx, err)
+}
+
+func LogGRPC(logger *zerolog.Logger) grpc.UnaryServerInterceptor {
+	return func(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp any, err error) {
+		ctx = logger.WithContext(ctx)
+
+		defer FlushLog(ctx)
+		return handler(ctx, req)
+	}
+}
+
+func LogGRPCStream(logger *zerolog.Logger) grpc.StreamServerInterceptor {
+	return func(srv any, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error {
+		ctx := logger.WithContext(ss.Context())
+		log.WithFields(ctx, log.Fields{"info": info})
+
+		defer FlushLog(ctx)
+		return handler(srv, ss)
+	}
+}
+
+func FlushLog(ctx context.Context) {
+	zerolog.Ctx(ctx).Print()
+}
+
+func LogNow(ctx context.Context, fields log.Fields) {
+	defer FlushLog(ctx)
+
+	log.WithFields(ctx, fields)
+}
-- 
cgit v1.2.3