From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/hyper-rustls/tests/tests.rs | 102 ------------------------------------- 1 file changed, 102 deletions(-) delete mode 100644 vendor/hyper-rustls/tests/tests.rs (limited to 'vendor/hyper-rustls/tests') diff --git a/vendor/hyper-rustls/tests/tests.rs b/vendor/hyper-rustls/tests/tests.rs deleted file mode 100644 index 91572bc5..00000000 --- a/vendor/hyper-rustls/tests/tests.rs +++ /dev/null @@ -1,102 +0,0 @@ -use std::env; -use std::net::TcpStream; -use std::path::PathBuf; -use std::process::Command; -use std::thread; -use std::time; - -fn examples_dir() -> PathBuf { - let target_dir: PathBuf = env::var("CARGO_TARGET_DIR") - .unwrap_or_else(|_| "target".to_string()) - .into(); - target_dir - .join("debug") - .join("examples") -} - -fn server_command() -> Command { - Command::new(examples_dir().join("server")) -} - -fn client_command() -> Command { - Command::new(examples_dir().join("client")) -} - -fn wait_for_server(addr: &str) { - for i in 0..10 { - if TcpStream::connect(addr).is_ok() { - return; - } - thread::sleep(time::Duration::from_millis(i * 100)); - } - panic!("failed to connect to {:?} after 10 tries", addr); -} - -#[test] -fn client() { - let rc = client_command() - .arg("https://google.com") - .output() - .expect("cannot run client example"); - - assert!(rc.status.success()); -} - -#[test] -fn server() { - let mut srv = server_command() - .arg("1337") - .spawn() - .expect("cannot run server example"); - - let addr = "localhost:1337"; - wait_for_server(addr); - - let output = Command::new("curl") - .arg("--insecure") - .arg("--http1.0") - .arg(format!("https://{}", addr)) - .output() - .expect("cannot run curl"); - - srv.kill().unwrap(); - srv.wait() - .expect("failed to wait on server process"); - - if !output.status.success() { - let version_stdout = Command::new("curl") - .arg("--version") - .output() - .expect("cannot run curl to collect --version") - .stdout; - println!("curl version: {}", String::from_utf8_lossy(&version_stdout)); - println!("curl stderr:\n{}", String::from_utf8_lossy(&output.stderr)); - } - - assert_eq!(String::from_utf8_lossy(&output.stdout), "Try POST /echo\n"); -} - -#[test] -fn custom_ca_store() { - let mut srv = server_command() - .arg("1338") - .spawn() - .expect("cannot run server example"); - - let addr = "localhost:1338"; - wait_for_server(addr); - - let rc = client_command() - .arg(format!("https://{}", addr)) - .arg("examples/sample.pem") - .output() - .expect("cannot run client example"); - - srv.kill().unwrap(); - srv.wait() - .expect("failed to wait on server process"); - - if !rc.status.success() { - assert_eq!(String::from_utf8_lossy(&rc.stdout), ""); - } -} -- cgit v1.2.3