From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/http/src/byte_str.rs | 91 --------------------------------------------- 1 file changed, 91 deletions(-) delete mode 100644 vendor/http/src/byte_str.rs (limited to 'vendor/http/src/byte_str.rs') diff --git a/vendor/http/src/byte_str.rs b/vendor/http/src/byte_str.rs deleted file mode 100644 index e69bf0a8..00000000 --- a/vendor/http/src/byte_str.rs +++ /dev/null @@ -1,91 +0,0 @@ -use bytes::Bytes; - -use std::{ops, str}; - -#[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd, Hash)] -pub(crate) struct ByteStr { - // Invariant: bytes contains valid UTF-8 - bytes: Bytes, -} - -impl ByteStr { - #[inline] - pub fn new() -> ByteStr { - ByteStr { - // Invariant: the empty slice is trivially valid UTF-8. - bytes: Bytes::new(), - } - } - - #[inline] - pub const fn from_static(val: &'static str) -> ByteStr { - ByteStr { - // Invariant: val is a str so contains valid UTF-8. - bytes: Bytes::from_static(val.as_bytes()), - } - } - - #[inline] - /// ## Panics - /// In a debug build this will panic if `bytes` is not valid UTF-8. - /// - /// ## Safety - /// `bytes` must contain valid UTF-8. In a release build it is undefined - /// behavior to call this with `bytes` that is not valid UTF-8. - pub unsafe fn from_utf8_unchecked(bytes: Bytes) -> ByteStr { - if cfg!(debug_assertions) { - match str::from_utf8(&bytes) { - Ok(_) => (), - Err(err) => panic!( - "ByteStr::from_utf8_unchecked() with invalid bytes; error = {}, bytes = {:?}", - err, bytes - ), - } - } - // Invariant: assumed by the safety requirements of this function. - ByteStr { bytes } - } - - pub(crate) fn from_utf8(bytes: Bytes) -> Result { - str::from_utf8(&bytes)?; - // Invariant: just checked is utf8 - Ok(ByteStr { bytes }) - } -} - -impl ops::Deref for ByteStr { - type Target = str; - - #[inline] - fn deref(&self) -> &str { - let b: &[u8] = self.bytes.as_ref(); - // Safety: the invariant of `bytes` is that it contains valid UTF-8. - unsafe { str::from_utf8_unchecked(b) } - } -} - -impl From for ByteStr { - #[inline] - fn from(src: String) -> ByteStr { - ByteStr { - // Invariant: src is a String so contains valid UTF-8. - bytes: Bytes::from(src), - } - } -} - -impl<'a> From<&'a str> for ByteStr { - #[inline] - fn from(src: &'a str) -> ByteStr { - ByteStr { - // Invariant: src is a str so contains valid UTF-8. - bytes: Bytes::copy_from_slice(src.as_bytes()), - } - } -} - -impl From for Bytes { - fn from(src: ByteStr) -> Self { - src.bytes - } -} -- cgit v1.2.3