From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/github.com/google/yamlfmt/Dockerfile | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 vendor/github.com/google/yamlfmt/Dockerfile (limited to 'vendor/github.com/google/yamlfmt/Dockerfile') diff --git a/vendor/github.com/google/yamlfmt/Dockerfile b/vendor/github.com/google/yamlfmt/Dockerfile new file mode 100644 index 00000000..a5dbd810 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM golang:alpine AS build +RUN apk add --no-cache git make +WORKDIR /build +COPY . . +ENV CGO_ENABLED=0 +RUN make build + +FROM alpine:latest +COPY --from=build /build/dist/yamlfmt /bin/yamlfmt +WORKDIR /project +ENTRYPOINT ["/bin/yamlfmt"] -- cgit v1.2.3