From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/cc/src/windows/com.rs | 110 ------------------------------------------- 1 file changed, 110 deletions(-) delete mode 100644 vendor/cc/src/windows/com.rs (limited to 'vendor/cc/src/windows/com.rs') diff --git a/vendor/cc/src/windows/com.rs b/vendor/cc/src/windows/com.rs deleted file mode 100644 index 0391b5af..00000000 --- a/vendor/cc/src/windows/com.rs +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright © 2017 winapi-rs developers -// Licensed under the Apache License, Version 2.0 -// or the MIT license -// , at your option. -// All files in the project carrying such notice may not be copied, modified, or distributed -// except according to those terms. - -use crate::windows::{ - winapi::{IUnknown, Interface}, - windows_sys::{ - CoInitializeEx, SysFreeString, SysStringLen, BSTR, COINIT_MULTITHREADED, HRESULT, S_FALSE, - S_OK, - }, -}; -use std::{ - convert::TryInto, - ffi::OsString, - ops::Deref, - os::windows::ffi::OsStringExt, - ptr::{null, null_mut}, - slice::from_raw_parts, -}; - -pub fn initialize() -> Result<(), HRESULT> { - let err = unsafe { CoInitializeEx(null(), COINIT_MULTITHREADED.try_into().unwrap()) }; - if err != S_OK && err != S_FALSE { - // S_FALSE just means COM is already initialized - Err(err) - } else { - Ok(()) - } -} - -pub struct ComPtr(*mut T) -where - T: Interface; -impl ComPtr -where - T: Interface, -{ - /// Creates a `ComPtr` to wrap a raw pointer. - /// It takes ownership over the pointer which means it does __not__ call `AddRef`. - /// `T` __must__ be a COM interface that inherits from `IUnknown`. - pub unsafe fn from_raw(ptr: *mut T) -> ComPtr { - assert!(!ptr.is_null()); - ComPtr(ptr) - } - /// For internal use only. - fn as_unknown(&self) -> &IUnknown { - unsafe { &*(self.0 as *mut IUnknown) } - } - /// Performs `QueryInterface` fun. - pub fn cast(&self) -> Result, i32> - where - U: Interface, - { - let mut obj = null_mut(); - let err = unsafe { self.as_unknown().QueryInterface(&U::uuidof(), &mut obj) }; - if err < 0 { - return Err(err); - } - Ok(unsafe { ComPtr::from_raw(obj as *mut U) }) - } -} -impl Deref for ComPtr -where - T: Interface, -{ - type Target = T; - fn deref(&self) -> &T { - unsafe { &*self.0 } - } -} -impl Clone for ComPtr -where - T: Interface, -{ - fn clone(&self) -> Self { - unsafe { - self.as_unknown().AddRef(); - ComPtr::from_raw(self.0) - } - } -} -impl Drop for ComPtr -where - T: Interface, -{ - fn drop(&mut self) { - unsafe { - self.as_unknown().Release(); - } - } -} -pub struct BStr(BSTR); -impl BStr { - pub unsafe fn from_raw(s: BSTR) -> BStr { - BStr(s) - } - pub fn to_osstring(&self) -> OsString { - let len = unsafe { SysStringLen(self.0) }; - let slice = unsafe { from_raw_parts(self.0, len as usize) }; - OsStringExt::from_wide(slice) - } -} -impl Drop for BStr { - fn drop(&mut self) { - unsafe { SysFreeString(self.0) }; - } -} -- cgit v1.2.3