From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/digest/src/dev/fixed.rs | 65 ------------------------------------------ 1 file changed, 65 deletions(-) delete mode 100644 vendor/digest/src/dev/fixed.rs (limited to 'vendor/digest/src/dev/fixed.rs') diff --git a/vendor/digest/src/dev/fixed.rs b/vendor/digest/src/dev/fixed.rs deleted file mode 100644 index 24f38011..00000000 --- a/vendor/digest/src/dev/fixed.rs +++ /dev/null @@ -1,65 +0,0 @@ -use crate::{Digest, FixedOutput, FixedOutputReset, HashMarker, Update}; -use core::fmt::Debug; - -/// Fixed-output resettable digest test via the `Digest` trait -pub fn fixed_reset_test(input: &[u8], output: &[u8]) -> Option<&'static str> -where - D: FixedOutputReset + Debug + Clone + Default + Update + HashMarker, -{ - let mut hasher = D::new(); - // Test that it works when accepting the message all at once - hasher.update(input); - let mut hasher2 = hasher.clone(); - if hasher.finalize()[..] != output[..] { - return Some("whole message"); - } - - // Test if reset works correctly - hasher2.reset(); - hasher2.update(input); - if hasher2.finalize_reset()[..] != output[..] { - return Some("whole message after reset"); - } - - // Test that it works when accepting the message in chunks - for n in 1..core::cmp::min(17, input.len()) { - let mut hasher = D::new(); - for chunk in input.chunks(n) { - hasher.update(chunk); - hasher2.update(chunk); - } - if hasher.finalize()[..] != output[..] { - return Some("message in chunks"); - } - if hasher2.finalize_reset()[..] != output[..] { - return Some("message in chunks"); - } - } - - None -} - -/// Variable-output resettable digest test -pub fn fixed_test(input: &[u8], output: &[u8]) -> Option<&'static str> -where - D: FixedOutput + Default + Debug + Clone, -{ - let mut hasher = D::default(); - // Test that it works when accepting the message all at once - hasher.update(input); - if hasher.finalize_fixed()[..] != output[..] { - return Some("whole message"); - } - - // Test that it works when accepting the message in chunks - for n in 1..core::cmp::min(17, input.len()) { - let mut hasher = D::default(); - for chunk in input.chunks(n) { - hasher.update(chunk); - } - if hasher.finalize_fixed()[..] != output[..] { - return Some("message in chunks"); - } - } - None -} -- cgit v1.2.3