From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/bytes/ci/miri.sh | 10 ---------- vendor/bytes/ci/panic-abort.sh | 4 ---- vendor/bytes/ci/test-stable.sh | 25 ------------------------- vendor/bytes/ci/tsan.sh | 13 ------------- 4 files changed, 52 deletions(-) delete mode 100755 vendor/bytes/ci/miri.sh delete mode 100755 vendor/bytes/ci/panic-abort.sh delete mode 100755 vendor/bytes/ci/test-stable.sh delete mode 100755 vendor/bytes/ci/tsan.sh (limited to 'vendor/bytes/ci') diff --git a/vendor/bytes/ci/miri.sh b/vendor/bytes/ci/miri.sh deleted file mode 100755 index 7df29f36..00000000 --- a/vendor/bytes/ci/miri.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -e - -rustup component add miri -cargo miri setup - -export MIRIFLAGS="-Zmiri-strict-provenance" - -cargo miri test -cargo miri test --target mips64-unknown-linux-gnuabi64 diff --git a/vendor/bytes/ci/panic-abort.sh b/vendor/bytes/ci/panic-abort.sh deleted file mode 100755 index 4284791f..00000000 --- a/vendor/bytes/ci/panic-abort.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -set -ex -RUSTFLAGS="$RUSTFLAGS -Cpanic=abort -Zpanic-abort-tests" cargo test --all-features --test '*' diff --git a/vendor/bytes/ci/test-stable.sh b/vendor/bytes/ci/test-stable.sh deleted file mode 100755 index ad975744..00000000 --- a/vendor/bytes/ci/test-stable.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -set -ex - -cmd="${1:-test}" - -# Run with each feature -# * --each-feature includes both default/no-default features -# * --optional-deps is needed for serde feature -cargo hack "${cmd}" --each-feature --optional-deps -# Run with all features -cargo "${cmd}" --all-features - -if [[ "${RUST_VERSION}" == "nightly"* ]]; then - # Check benchmarks - cargo check --benches - - # Check minimal versions - # Remove dev-dependencies from Cargo.toml to prevent the next `cargo update` - # from determining minimal versions based on dev-dependencies. - cargo hack --remove-dev-deps --workspace - # Update Cargo.lock to minimal version dependencies. - cargo update -Z minimal-versions - cargo check --all-features -fi diff --git a/vendor/bytes/ci/tsan.sh b/vendor/bytes/ci/tsan.sh deleted file mode 100755 index ca520bd7..00000000 --- a/vendor/bytes/ci/tsan.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -ex - -export ASAN_OPTIONS="detect_odr_violation=0 detect_leaks=0" - -# Run address sanitizer -RUSTFLAGS="-Z sanitizer=address" \ -cargo test --target x86_64-unknown-linux-gnu --test test_bytes --test test_buf --test test_buf_mut - -# Run thread sanitizer -RUSTFLAGS="-Z sanitizer=thread" \ -cargo -Zbuild-std test --target x86_64-unknown-linux-gnu --test test_bytes --test test_buf --test test_buf_mut -- cgit v1.2.3