From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/hyper-rustls/src/lib.rs | 76 ------------------------------------------ 1 file changed, 76 deletions(-) delete mode 100644 vendor/hyper-rustls/src/lib.rs (limited to 'vendor/hyper-rustls/src/lib.rs') diff --git a/vendor/hyper-rustls/src/lib.rs b/vendor/hyper-rustls/src/lib.rs deleted file mode 100644 index 89e355ae..00000000 --- a/vendor/hyper-rustls/src/lib.rs +++ /dev/null @@ -1,76 +0,0 @@ -//! # hyper-rustls -//! -//! A pure-Rust HTTPS connector for [hyper](https://hyper.rs), based on -//! [Rustls](https://github.com/rustls/rustls). -//! -//! ## Example client -//! -//! ```no_run -//! # #[cfg(all(feature = "rustls-native-certs", feature = "http1"))] -//! # fn main() { -//! use http::StatusCode; -//! use http_body_util::Empty; -//! use hyper::body::Bytes; -//! use hyper_util::client::legacy::Client; -//! use hyper_util::rt::TokioExecutor; -//! -//! let mut rt = tokio::runtime::Runtime::new().unwrap(); -//! let url = ("https://hyper.rs").parse().unwrap(); -//! let https = hyper_rustls::HttpsConnectorBuilder::new() -//! .with_native_roots() -//! .expect("no native root CA certificates found") -//! .https_only() -//! .enable_http1() -//! .build(); -//! -//! let client: Client<_, Empty> = Client::builder(TokioExecutor::new()).build(https); -//! -//! let res = rt.block_on(client.get(url)).unwrap(); -//! assert_eq!(res.status(), StatusCode::OK); -//! # } -//! # #[cfg(not(all(feature = "rustls-native-certs", feature = "http1")))] -//! # fn main() {} -//! ``` - -#![warn(missing_docs, unreachable_pub, clippy::use_self)] -#![cfg_attr(docsrs, feature(doc_cfg, doc_auto_cfg))] - -mod config; -mod connector; -mod stream; - -#[cfg(feature = "logging")] -mod log { - #[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))] - pub(crate) use log::debug; - #[cfg(feature = "rustls-native-certs")] - pub(crate) use log::warn; -} - -#[cfg(not(feature = "logging"))] -mod log { - #[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))] - macro_rules! debug ( ($($tt:tt)*) => {{}} ); - #[cfg(any(feature = "rustls-native-certs", feature = "webpki-roots"))] - pub(crate) use debug; - #[cfg(feature = "rustls-native-certs")] - macro_rules! warn_ ( ($($tt:tt)*) => {{}} ); - #[cfg(feature = "rustls-native-certs")] - pub(crate) use warn_ as warn; -} - -pub use crate::config::ConfigBuilderExt; -pub use crate::connector::builder::ConnectorBuilder as HttpsConnectorBuilder; -pub use crate::connector::{ - DefaultServerNameResolver, FixedServerNameResolver, HttpsConnector, ResolveServerName, -}; -pub use crate::stream::MaybeHttpsStream; - -/// The various states of the [`HttpsConnectorBuilder`] -pub mod builderstates { - #[cfg(feature = "http2")] - pub use crate::connector::builder::WantsProtocols3; - pub use crate::connector::builder::{ - WantsProtocols1, WantsProtocols2, WantsSchemes, WantsTlsConfig, - }; -} -- cgit v1.2.3