From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/github.com/google/yamlfmt/feature.go | 78 +++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 vendor/github.com/google/yamlfmt/feature.go (limited to 'vendor/github.com/google/yamlfmt/feature.go') diff --git a/vendor/github.com/google/yamlfmt/feature.go b/vendor/github.com/google/yamlfmt/feature.go new file mode 100644 index 00000000..af56dda1 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/feature.go @@ -0,0 +1,78 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package yamlfmt + +import ( + "context" + "fmt" +) + +type FeatureFunc func(context.Context, []byte) (context.Context, []byte, error) + +type Feature struct { + Name string + BeforeAction FeatureFunc + AfterAction FeatureFunc +} + +type FeatureList []Feature + +type FeatureApplyMode string + +var ( + FeatureApplyBefore FeatureApplyMode = "Before" + FeatureApplyAfter FeatureApplyMode = "After" +) + +type FeatureApplyError struct { + err error + featureName string + mode FeatureApplyMode +} + +func (e *FeatureApplyError) Error() string { + return fmt.Sprintf("Feature %s %sAction failed with error: %v", e.featureName, e.mode, e.err) +} + +func (e *FeatureApplyError) Unwrap() error { + return e.err +} + +func (fl FeatureList) ApplyFeatures(ctx context.Context, input []byte, mode FeatureApplyMode) (context.Context, []byte, error) { + // Declare err here so the result variable doesn't get shadowed in the loop + var err error + result := make([]byte, len(input)) + copy(result, input) + for _, feature := range fl { + if mode == FeatureApplyBefore { + if feature.BeforeAction != nil { + ctx, result, err = feature.BeforeAction(ctx, result) + } + } else { + if feature.AfterAction != nil { + ctx, result, err = feature.AfterAction(ctx, result) + } + } + + if err != nil { + return ctx, nil, &FeatureApplyError{ + err: err, + featureName: feature.Name, + mode: mode, + } + } + } + return ctx, result, nil +} -- cgit v1.2.3