From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- .../google/yamlfmt/formatters/basic/README.md | 3 + .../google/yamlfmt/formatters/basic/config.go | 55 ++++++++ .../google/yamlfmt/formatters/basic/errors.go | 33 +++++ .../google/yamlfmt/formatters/basic/factory.go | 45 +++++++ .../google/yamlfmt/formatters/basic/features.go | 72 ++++++++++ .../yamlfmt/formatters/basic/features/check.go | 37 ++++++ .../formatters/basic/features/force_sequence.go | 43 ++++++ .../formatters/basic/features/yaml_feature.go | 31 +++++ .../google/yamlfmt/formatters/basic/formatter.go | 145 +++++++++++++++++++++ 9 files changed, 464 insertions(+) create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/README.md create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/config.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/errors.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/factory.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/features.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/features/check.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/features/force_sequence.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/features/yaml_feature.go create mode 100644 vendor/github.com/google/yamlfmt/formatters/basic/formatter.go (limited to 'vendor/github.com/google/yamlfmt/formatters') diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/README.md b/vendor/github.com/google/yamlfmt/formatters/basic/README.md new file mode 100644 index 00000000..af50a64e --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/README.md @@ -0,0 +1,3 @@ +# Basic Formatter + +For formatter settings, see [the configuration docs](../../docs/config-file.md). diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/config.go b/vendor/github.com/google/yamlfmt/formatters/basic/config.go new file mode 100644 index 00000000..2a32d050 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/config.go @@ -0,0 +1,55 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package basic + +import ( + "runtime" + + "github.com/google/yamlfmt" + yamlFeatures "github.com/google/yamlfmt/formatters/basic/features" +) + +type Config struct { + Indent int `mapstructure:"indent"` + IncludeDocumentStart bool `mapstructure:"include_document_start"` + LineEnding yamlfmt.LineBreakStyle `mapstructure:"line_ending"` + LineLength int `mapstructure:"max_line_length"` + RetainLineBreaks bool `mapstructure:"retain_line_breaks"` + RetainLineBreaksSingle bool `mapstructure:"retain_line_breaks_single"` + DisallowAnchors bool `mapstructure:"disallow_anchors"` + ScanFoldedAsLiteral bool `mapstructure:"scan_folded_as_literal"` + IndentlessArrays bool `mapstructure:"indentless_arrays"` + DropMergeTag bool `mapstructure:"drop_merge_tag"` + PadLineComments int `mapstructure:"pad_line_comments"` + TrimTrailingWhitespace bool `mapstructure:"trim_trailing_whitespace"` + EOFNewline bool `mapstructure:"eof_newline"` + StripDirectives bool `mapstructure:"strip_directives"` + ArrayIndent int `mapstructure:"array_indent"` + IndentRootArray bool `mapstructure:"indent_root_array"` + DisableAliasKeyCorrection bool `mapstructure:"disable_alias_key_correction"` + ForceArrayStyle yamlFeatures.SequenceStyle `mapstructure:"force_array_style"` +} + +func DefaultConfig() *Config { + lineBreakStyle := yamlfmt.LineBreakStyleLF + if runtime.GOOS == "windows" { + lineBreakStyle = yamlfmt.LineBreakStyleCRLF + } + return &Config{ + Indent: 2, + LineEnding: lineBreakStyle, + PadLineComments: 1, + } +} diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/errors.go b/vendor/github.com/google/yamlfmt/formatters/basic/errors.go new file mode 100644 index 00000000..02c0a898 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/errors.go @@ -0,0 +1,33 @@ +// Copyright 2024 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package basic + +import "fmt" + +type BasicFormatterError struct { + err error +} + +func (e BasicFormatterError) Error() string { + return fmt.Sprintf("basic formatter error: %v", e.err) +} + +func (e BasicFormatterError) Unwrap() error { + return e.err +} + +// func wrapBasicFormatterError(err error) error { +// return BasicFormatterError{err: err} +// } diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/factory.go b/vendor/github.com/google/yamlfmt/formatters/basic/factory.go new file mode 100644 index 00000000..eb536b06 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/factory.go @@ -0,0 +1,45 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package basic + +import ( + "github.com/google/yamlfmt" + "github.com/mitchellh/mapstructure" +) + +type BasicFormatterFactory struct{} + +func (f *BasicFormatterFactory) Type() string { + return BasicFormatterType +} + +func (f *BasicFormatterFactory) NewFormatter(configData map[string]interface{}) (yamlfmt.Formatter, error) { + config := DefaultConfig() + if configData != nil { + err := mapstructure.Decode(configData, &config) + if err != nil { + return nil, err + } + } + return newFormatter(config), nil +} + +func newFormatter(config *Config) yamlfmt.Formatter { + return &BasicFormatter{ + Config: config, + Features: ConfigureFeaturesFromConfig(config), + YAMLFeatures: ConfigureYAMLFeaturesFromConfig(config), + } +} diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/features.go b/vendor/github.com/google/yamlfmt/formatters/basic/features.go new file mode 100644 index 00000000..fc933f49 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/features.go @@ -0,0 +1,72 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package basic + +import ( + "github.com/google/yamlfmt" + yamlFeatures "github.com/google/yamlfmt/formatters/basic/features" + "github.com/google/yamlfmt/internal/features" + "github.com/google/yamlfmt/internal/hotfix" +) + +func ConfigureFeaturesFromConfig(config *Config) yamlfmt.FeatureList { + lineSep, err := config.LineEnding.Separator() + if err != nil { + lineSep = "\n" + } + configuredFeatures := []yamlfmt.Feature{} + if config.RetainLineBreaks || config.RetainLineBreaksSingle { + configuredFeatures = append( + configuredFeatures, + hotfix.MakeFeatureRetainLineBreak(lineSep, config.RetainLineBreaksSingle), + ) + } + if config.TrimTrailingWhitespace { + configuredFeatures = append( + configuredFeatures, + features.MakeFeatureTrimTrailingWhitespace(lineSep), + ) + } + if config.EOFNewline { + configuredFeatures = append( + configuredFeatures, + features.MakeFeatureEOFNewline(lineSep), + ) + } + if config.StripDirectives { + configuredFeatures = append( + configuredFeatures, + hotfix.MakeFeatureStripDirectives(lineSep), + ) + } + return configuredFeatures +} + +func ConfigureYAMLFeaturesFromConfig(config *Config) yamlFeatures.YAMLFeatureList { + var featureList yamlFeatures.YAMLFeatureList + + if config.DisallowAnchors { + featureList = append(featureList, yamlFeatures.Check) + } + + if config.ForceArrayStyle != "" { + featureList = append( + featureList, + yamlFeatures.FeatureForceSequenceStyle(config.ForceArrayStyle), + ) + } + + return featureList +} diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/features/check.go b/vendor/github.com/google/yamlfmt/formatters/basic/features/check.go new file mode 100644 index 00000000..368de5ce --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/features/check.go @@ -0,0 +1,37 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package features + +import ( + "errors" + "fmt" + + "github.com/google/yamlfmt/pkg/yaml" +) + +func Check(n yaml.Node) error { + if n.Kind == yaml.AliasNode { + return errors.New("alias node found") + } + if n.Anchor != "" { + return fmt.Errorf("node references anchor %q", n.Anchor) + } + for _, c := range n.Content { + if err := Check(*c); err != nil { + return err + } + } + return nil +} diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/features/force_sequence.go b/vendor/github.com/google/yamlfmt/formatters/basic/features/force_sequence.go new file mode 100644 index 00000000..f3f956c5 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/features/force_sequence.go @@ -0,0 +1,43 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package features + +import "github.com/google/yamlfmt/pkg/yaml" + +type SequenceStyle string + +const ( + SequenceStyleBlock SequenceStyle = "block" + SequenceStyleFlow SequenceStyle = "flow" +) + +func FeatureForceSequenceStyle(style SequenceStyle) YAMLFeatureFunc { + var styleVal yaml.Style + if style == SequenceStyleFlow { + styleVal = yaml.FlowStyle + } + var forceStyle YAMLFeatureFunc + forceStyle = func(n yaml.Node) error { + var err error + for _, c := range n.Content { + if c.Kind == yaml.SequenceNode { + c.Style = styleVal + } + err = forceStyle(*c) + } + return err + } + return forceStyle +} diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/features/yaml_feature.go b/vendor/github.com/google/yamlfmt/formatters/basic/features/yaml_feature.go new file mode 100644 index 00000000..2657a539 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/features/yaml_feature.go @@ -0,0 +1,31 @@ +// Copyright 2025 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package features + +import "github.com/google/yamlfmt/pkg/yaml" + +// These features will directly use the `yaml.Node` type and +// as such are specific to this formatter. +type YAMLFeatureFunc func(yaml.Node) error +type YAMLFeatureList []YAMLFeatureFunc + +func (y YAMLFeatureList) ApplyFeatures(node yaml.Node) error { + for _, f := range y { + if err := f(node); err != nil { + return err + } + } + return nil +} diff --git a/vendor/github.com/google/yamlfmt/formatters/basic/formatter.go b/vendor/github.com/google/yamlfmt/formatters/basic/formatter.go new file mode 100644 index 00000000..1e69bdb0 --- /dev/null +++ b/vendor/github.com/google/yamlfmt/formatters/basic/formatter.go @@ -0,0 +1,145 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package basic + +import ( + "bytes" + "context" + "errors" + "io" + + "github.com/google/yamlfmt" + yamlFeature "github.com/google/yamlfmt/formatters/basic/features" + "github.com/google/yamlfmt/pkg/yaml" + "github.com/mitchellh/mapstructure" +) + +const BasicFormatterType string = "basic" + +type BasicFormatter struct { + Config *Config + Features yamlfmt.FeatureList + YAMLFeatures yamlFeature.YAMLFeatureList +} + +// yamlfmt.Formatter interface + +func (f *BasicFormatter) Type() string { + return BasicFormatterType +} + +func (f *BasicFormatter) Format(input []byte) ([]byte, error) { + // Run all features with BeforeActions + ctx := context.Background() + ctx, yamlContent, err := f.Features.ApplyFeatures(ctx, input, yamlfmt.FeatureApplyBefore) + if err != nil { + return nil, err + } + + // Format the yaml content + reader := bytes.NewReader(yamlContent) + decoder := f.getNewDecoder(reader) + documents := []yaml.Node{} + for { + var docNode yaml.Node + err := decoder.Decode(&docNode) + if err != nil { + if errors.Is(err, io.EOF) { + break + } + return nil, err + } + documents = append(documents, docNode) + } + + if len(documents) == 0 { + return input, nil + } + + // Run all YAML features. + for _, d := range documents { + if err := f.YAMLFeatures.ApplyFeatures(d); err != nil { + return nil, err + } + } + + var b bytes.Buffer + e := f.getNewEncoder(&b) + for _, doc := range documents { + err := e.Encode(&doc) + if err != nil { + return nil, err + } + } + + // Run all features with AfterActions + _, resultYaml, err := f.Features.ApplyFeatures(ctx, b.Bytes(), yamlfmt.FeatureApplyAfter) + if err != nil { + return nil, err + } + + return resultYaml, nil +} + +func (f *BasicFormatter) getNewDecoder(reader io.Reader) *yaml.Decoder { + d := yaml.NewDecoder(reader) + if f.Config.ScanFoldedAsLiteral { + d.SetScanBlockScalarAsLiteral(true) + } + return d +} + +func (f *BasicFormatter) getNewEncoder(buf *bytes.Buffer) *yaml.Encoder { + e := yaml.NewEncoder(buf) + e.SetIndent(f.Config.Indent) + + if f.Config.LineLength > 0 { + e.SetWidth(f.Config.LineLength) + } + + if f.Config.LineEnding == yamlfmt.LineBreakStyleCRLF { + e.SetLineBreakStyle(yaml.LineBreakStyleCRLF) + } + + e.SetExplicitDocumentStart(f.Config.IncludeDocumentStart) + e.SetAssumeBlockAsLiteral(f.Config.ScanFoldedAsLiteral) + e.SetIndentlessBlockSequence(f.Config.IndentlessArrays) + e.SetDropMergeTag(f.Config.DropMergeTag) + e.SetPadLineComments(f.Config.PadLineComments) + + if f.Config.ArrayIndent > 0 { + e.SetArrayIndent(f.Config.ArrayIndent) + } + e.SetIndentRootArray(f.Config.IndentRootArray) + + // Yes I know I could SetCorrectAliasKeys(!f.Config.DisableAliasKeyCorrection) + // but I know myself and I know I'll get confused and have to go look up + // the source again next time I look and forget. + if !f.Config.DisableAliasKeyCorrection { + e.SetCorrectAliasKeys(true) + } + + return e +} + +func (f *BasicFormatter) ConfigMap() (map[string]any, error) { + configMap := map[string]any{} + err := mapstructure.Decode(f.Config, &configMap) + if err != nil { + return nil, err + } + configMap["type"] = BasicFormatterType + return configMap, err +} -- cgit v1.2.3