From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 16:37:08 -0600
Subject: feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
---
 vendor/github.com/google/yamlfmt/Makefile | 69 +++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 vendor/github.com/google/yamlfmt/Makefile

(limited to 'vendor/github.com/google/yamlfmt/Makefile')

diff --git a/vendor/github.com/google/yamlfmt/Makefile b/vendor/github.com/google/yamlfmt/Makefile
new file mode 100644
index 00000000..9993d6d4
--- /dev/null
+++ b/vendor/github.com/google/yamlfmt/Makefile
@@ -0,0 +1,69 @@
+.EXPORT_ALL_VARIABLES:
+
+VERSION  := $(shell git describe --abbrev=0 --tags | tr -d v)
+COMMIT := $(shell git rev-parse --short HEAD)
+LDFLAGS := -X 'main.version=$(VERSION)' \
+           -X 'main.commit=$(COMMIT)'
+
+.PHONY: build
+build:
+	go build -ldflags "$(LDFLAGS)" -o dist/yamlfmt ./cmd/yamlfmt
+
+.PHONY: test
+test:
+	go test ./...
+
+.PHONY: test_v
+test_v:
+	@go test -v $$(go list ./... | grep -v "pkg/yaml")
+	@go test ./pkg/yaml/formattest
+
+.PHONY: vet
+vet:
+	go vet $$(go list ./... | grep -v "pkg/yaml")
+
+YAMLFMT_BIN ?= $(shell pwd)/dist/yamlfmt
+.PHONY: integrationtest
+integrationtest:
+	$(MAKE) build
+	go test -v -tags=integration_test ./integrationtest/command
+
+.PHONY: integrationtest_v
+integrationtest_v:
+	$(MAKE) build
+	go test -v -tags=integration_test ./integrationtest/command
+
+.PHONY: integrationtest_stdout
+integrationtest_stdout:
+	$(MAKE) build
+	go test -v -tags=integration_test ./integrationtest/command -stdout
+
+.PHONY: integrationtest_update
+integrationtest_update:
+	$(MAKE) build
+	go test -tags=integration_test -v ./integrationtest/command -update
+
+.PHONY: command_test_case
+command_test_case:
+ifndef TESTNAME
+	$(error "TESTNAME undefined")
+endif
+	./integrationtest/command/new_test_case.sh "$(TESTNAME)"
+
+.PHONY: install
+install:
+	go install -ldflags "$(LDFLAGS)" ./cmd/yamlfmt
+
+.PHONY: install_tools
+install_tools:
+	go install github.com/google/addlicense@latest
+
+ADDLICENSE = addlicense -ignore "**/testdata/**" -ignore "**/pkg/yaml/**" -c "Google LLC" -l apache
+
+.PHONY: addlicense
+addlicense:
+	$(ADDLICENSE) .
+
+.PHONY: addlicense_check
+addlicense_check:
+	$(ADDLICENSE) -check .
-- 
cgit v1.2.3