From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/overload/src/assignment.rs | 27 ---- vendor/overload/src/binary.rs | 28 ----- vendor/overload/src/lib.rs | 257 -------------------------------------- vendor/overload/src/unary.rs | 20 --- 4 files changed, 332 deletions(-) delete mode 100644 vendor/overload/src/assignment.rs delete mode 100644 vendor/overload/src/binary.rs delete mode 100644 vendor/overload/src/lib.rs delete mode 100644 vendor/overload/src/unary.rs (limited to 'vendor/overload/src') diff --git a/vendor/overload/src/assignment.rs b/vendor/overload/src/assignment.rs deleted file mode 100644 index 550f07a9..00000000 --- a/vendor/overload/src/assignment.rs +++ /dev/null @@ -1,27 +0,0 @@ -#[doc(hidden)] -#[macro_export(local_inner_macros)] -macro_rules! _overload_assignment { - (+=, $($t:tt)+) => (_overload_assignment_internal!(AddAssign, add_assign, $($t)+);); - (-=, $($t:tt)+) => (_overload_assignment_internal!(SubAssign, sub_assign, $($t)+);); - (*=, $($t:tt)+) => (_overload_assignment_internal!(MulAssign, mul_assign, $($t)+);); - (/=, $($t:tt)+) => (_overload_assignment_internal!(DivAssign, div_assign, $($t)+);); - (%=, $($t:tt)+) => (_overload_assignment_internal!(RemAssign, rem_assign, $($t)+);); - (&=, $($t:tt)+) => (_overload_assignment_internal!(BitAndAssign, bitand_assign, $($t)+);); - (|=, $($t:tt)+) => (_overload_assignment_internal!(BitOrAssign, bitor_assign, $($t)+);); - (^=, $($t:tt)+) => (_overload_assignment_internal!(BitXorAssign, bitxor_assign, $($t)+);); - (<<=, $($t:tt)+) => (_overload_assignment_internal!(ShlAssign, shl_assign, $($t)+);); - (>>=, $($t:tt)+) => (_overload_assignment_internal!(ShrAssign, shr_assign, $($t)+);); -} - -#[doc(hidden)] -#[macro_export(local_inner_macros)] -macro_rules! _overload_assignment_internal { - ($op_trait:ident, $op_fn:ident, $li:ident, $lt:ty, $ri:ident, $rt:ty, $body:block) => ( - impl ops::$op_trait<$rt> for $lt { - fn $op_fn(&mut self, $ri: $rt) { - let $li = self; - $body - } - } - ); -} diff --git a/vendor/overload/src/binary.rs b/vendor/overload/src/binary.rs deleted file mode 100644 index b4c781bf..00000000 --- a/vendor/overload/src/binary.rs +++ /dev/null @@ -1,28 +0,0 @@ -#[doc(hidden)] -#[macro_export(local_inner_macros)] -macro_rules! _overload_binary { - (+, $($t:tt)+) => (_overload_binary_internal!(Add, add, $($t)+);); - (-, $($t:tt)+) => (_overload_binary_internal!(Sub, sub, $($t)+);); - (*, $($t:tt)+) => (_overload_binary_internal!(Mul, mul, $($t)+);); - (/, $($t:tt)+) => (_overload_binary_internal!(Div, div, $($t)+);); - (%, $($t:tt)+) => (_overload_binary_internal!(Rem, rem, $($t)+);); - (&, $($t:tt)+) => (_overload_binary_internal!(BitAnd, bitand, $($t)+);); - (|, $($t:tt)+) => (_overload_binary_internal!(BitOr, bitor, $($t)+);); - (^, $($t:tt)+) => (_overload_binary_internal!(BitXor, bitxor, $($t)+);); - (<<, $($t:tt)+) => (_overload_binary_internal!(Shl, shl, $($t)+);); - (>>, $($t:tt)+) => (_overload_binary_internal!(Shr, shr, $($t)+);); -} - -#[doc(hidden)] -#[macro_export(local_inner_macros)] -macro_rules! _overload_binary_internal { - ($op_trait:ident, $op_fn:ident, $li:ident, $lt:ty, $ri:ident, $rt:ty, $out:ty, $body:block) => ( - impl ops::$op_trait<$rt> for $lt { - type Output = $out; - fn $op_fn(self, $ri: $rt) -> Self::Output { - let $li = self; - $body - } - } - ); -} diff --git a/vendor/overload/src/lib.rs b/vendor/overload/src/lib.rs deleted file mode 100644 index 9364d7a3..00000000 --- a/vendor/overload/src/lib.rs +++ /dev/null @@ -1,257 +0,0 @@ -//! Provides a macro to simplify operator overloading. -//! -//! To use, include the following: -//! ``` -//! extern crate overload; -//! use overload::overload; -//! use std::ops; // <- don't forget this or you'll get nasty errors -//! ``` -//! -//! # Introduction -//! -//! Suppose we have the following `struct` definition: -//! ``` -//! #[derive(PartialEq, Debug)] -//! struct Val { -//! v: i32 -//! } -//! ``` -//! We can overload the addition of `Val`s like so: -//! ``` -//! # extern crate overload; -//! # use overload::overload; -//! # use std::ops; -//! # #[derive(PartialEq, Debug)] -//! # struct Val { -//! # v: i32 -//! # } -//! overload!((a: Val) + (b: Val) -> Val { Val { v: a.v + b.v } }); -//! ``` -//! The macro call above generates the following code: -//! ```ignore -//! impl ops::Add for Val { -//! type Output = Val; -//! fn add(self, b: Val) -> Self::Output { -//! let a = self; -//! Val { v: a.v + b.v } -//! } -//! } -//! ``` -//! We are now able to add `Val`s: -//! ``` -//! # extern crate overload; -//! # use overload::overload; -//! # use std::ops; -//! # #[derive(PartialEq, Debug)] -//! # struct Val { -//! # v: i32 -//! # } -//! # overload!((a: Val) + (b: Val) -> Val { Val { v: a.v + b.v } }); -//! assert_eq!(Val{v:3} + Val{v:5}, Val{v:8}); -//! ``` -//! -//! # Owned and borrowed types -//! -//! If we also wanted to overload addition for the borrowed type `&Val` we could write: -//! ``` -//! # extern crate overload; -//! # use overload::overload; -//! # use std::ops; -//! # #[derive(PartialEq, Debug)] -//! # struct Val { -//! # v: i32 -//! # } -//! overload!((a: &Val) + (b: &Val) -> Val { Val { v: a.v + b.v } }); -//! ``` -//! We might also want to overload addition between the owned and borrowed types: -//! ``` -//! # extern crate overload; -//! # use overload::overload; -//! # use std::ops; -//! # #[derive(PartialEq, Debug)] -//! # struct Val { -//! # v: i32 -//! # } -//! overload!((a: Val) + (b: &Val) -> Val { Val { v: a.v + b.v } }); -//! overload!((a: &Val) + (b: Val) -> Val { Val { v: a.v + b.v } }); -//! ``` -//! Let's see how we can write these combinations more concisely. -//! -//! We can include a `?` in front of a type to indicate that it should stand in for both the owned and borrowed type. -//! -//! To overload addition for all four combinations between `Val` and `&Val` we can therefore simply include a `?` in front of both types: -//! ``` -//! # extern crate overload; -//! # use overload::overload; -//! # use std::ops; -//! # #[derive(PartialEq, Debug)] -//! # struct Val { -//! # v: i32 -//! # } -//! overload!((a: ?Val) + (b: ?Val) -> Val { Val { v: a.v + b.v } }); -//! ``` -//! The macro call above generates the following code: -//! ```ignore -//! impl ops::Add for Val { -//! type Output = Val; -//! fn add(self, b: Val) -> Self::Output { -//! let a = self; -//! Val { v: a.v + b.v } -//! } -//! } -//! -//! impl ops::Add<&Val> for Val { -//! type Output = Val; -//! fn add(self, b: &Val) -> Self::Output { -//! let a = self; -//! Val { v: a.v + b.v } -//! } -//! } -//! -//! impl ops::Add for &Val { -//! type Output = Val; -//! fn add(self, b: Val) -> Self::Output { -//! let a = self; -//! Val { v: a.v + b.v } -//! } -//! } -//! -//! impl ops::Add<&Val> for &Val { -//! type Output = Val; -//! fn add(self, b: &Val) -> Self::Output { -//! let a = self; -//! Val { v: a.v + b.v } -//! } -//! } -//! ``` -//! We are now able to add `Val`s and `&Val`s in any combination: -//! ``` -//! # extern crate overload; -//! # use overload::overload; -//! # use std::ops; -//! # #[derive(PartialEq, Debug)] -//! # struct Val { -//! # v: i32 -//! # } -//! # overload!((a: ?Val) + (b: ?Val) -> Val { Val { v: a.v + b.v } }); -//! assert_eq!(Val{v:3} + Val{v:5}, Val{v:8}); -//! assert_eq!(Val{v:3} + &Val{v:5}, Val{v:8}); -//! assert_eq!(&Val{v:3} + Val{v:5}, Val{v:8}); -//! assert_eq!(&Val{v:3} + &Val{v:5}, Val{v:8}); -//! ``` -//! -//! # Binary operators -//! -//! The general syntax to overload a binary operator between types `` and `` is: -//! ```ignore -//! overload!((: ) (: ) -> { /*body*/ }); -//! ``` -//! Inside the body you can use `` and `` freely to perform any computation. -//! -//! The last line of the body needs to be an expression (i.e. no `;` at the end of the line) of type ``. -//! -//! | Operator | Example | Trait | -//! |----------|-----------------------------------------------------------------|--------| -//! | + | `overload!((a: A) + (b: B) -> C { /*...*/ );` | Add | -//! | - | `overload!((a: A) - (b: B) -> C { /*...*/ );` | Sub | -//! | * | `overload!((a: A) * (b: B) -> C { /*...*/ );` | Mul | -//! | / | `overload!((a: A) / (b: B) -> C { /*...*/ );` | Div | -//! | % | `overload!((a: A) % (b: B) -> C { /*...*/ );` | Rem | -//! | & | `overload!((a: A) & (b: B) -> C { /*...*/ );` | BitAnd | -//! | \| | overload!((a: A) | (b: B) -> C { /\*...*\/ ); | BitOr | -//! | ^ | `overload!((a: A) ^ (b: B) -> C { /*...*/ );` | BitXor | -//! | << | `overload!((a: A) << (b: B) -> C { /*...*/ );` | Shl | -//! | >> | `overload!((a: A) >> (b: B) -> C { /*...*/ );` | Shr | -//! -//! # Assignment operators -//! -//! The general syntax to overload an assignment operator between types `` and `` is: -//! ```ignore -//! overload!((: &mut ) (: ) { /*body*/ }); -//! ``` -//! Inside the body you can use `` and `` freely to perform any computation and mutate `` as desired. -//! -//! | Operator | Example | Trait | -//! |----------|------------------------------------------------------------------|--------------| -//! | += | `overload!((a: &mut A) += (b: B) { /*...*/ );` | AddAssign | -//! | -= | `overload!((a: &mut A) -= (b: B) { /*...*/ );` | SubAssign | -//! | *= | `overload!((a: &mut A) *= (b: B) { /*...*/ );` | MulAssign | -//! | /= | `overload!((a: &mut A) /= (b: B) { /*...*/ );` | DivAssign | -//! | %= | `overload!((a: &mut A) %= (b: B) { /*...*/ );` | RemAssign | -//! | &= | `overload!((a: &mut A) &= (b: B) { /*...*/ );` | BitAndAssign | -//! | \|= | overload!((a: &mut A) |= (b: B) { /\*...*\/ ); | BitOrAssign | -//! | ^= | `overload!((a: &mut A) ^= (b: B) { /*...*/ );` | BitXorAssign | -//! | <<= | `overload!((a: &mut A) <<= (b: B) { /*...*/ );` | ShlAssign | -//! | >>= | `overload!((a: &mut A) >>= (b: B) { /*...*/ );` | ShrAssign | -//! -//! # Unary operators -//! -//! The general syntax to overload a unary operator for type `` is: -//! ```ignore -//! overload!( (: ) -> { /*body*/ }); -//! ``` -//! Inside the body you can use `` freely to perform any computation. -//! -//! The last line of the body needs to be an expression (i.e. no `;` at the end of the line) of type ``. -//! -//! | Operator | Example | Trait | -//! |----------|---------------------------------------------------------|-------| -//! | - | `overload!(- (a: A) -> B { /*...*/ );` | Neg | -//! | ! | `overload!(! (a: A) -> B { /*...*/ );` | Not | -//! -//! # Notes -//! -//! Remember that you can only overload operators between one or more types if at least one of the types is defined in the current crate. - -#[macro_use] -mod unary; - -#[macro_use] -mod assignment; - -#[macro_use] -mod binary; - -/// Overloads an operator. See the [module level documentation](index.html) for more information. -#[macro_export(local_inner_macros)] -macro_rules! overload { - // Unary (both owned and borrowed) - ($op:tt ($i:ident : ? $t:ty) -> $out:ty $body:block) => ( - _overload_unary!($op, $i, $t, $out, $body); - _overload_unary!($op, $i, &$t, $out, $body); - ); - // Unary (either owned or borrowed) - ($op:tt ($i:ident : $t:ty) -> $out:ty $body:block) => ( - _overload_unary!($op, $i, $t, $out, $body); - ); - // Assignment (both owned and borrowed) - (($li:ident : &mut $lt:ty) $op:tt ($ri:ident : ? $rt:ty) $body:block) => ( - _overload_assignment!($op, $li, $lt, $ri, $rt, $body); - _overload_assignment!($op, $li, $lt, $ri, &$rt, $body); - ); - // Assignment (either owned or borrowed) - (($li:ident : &mut $lt:ty) $op:tt ($ri:ident : $rt:ty) $body:block) => ( - _overload_assignment!($op, $li, $lt, $ri, $rt, $body); - ); - // Binary (both - both) - (($li:ident : ? $lt:ty) $op:tt ($ri:ident : ? $rt:ty) -> $out:ty $body:block) => ( - _overload_binary!($op, $li, $lt, $ri, $rt, $out, $body); - _overload_binary!($op, $li, $lt, $ri, &$rt, $out, $body); - _overload_binary!($op, $li, &$lt, $ri, $rt, $out, $body); - _overload_binary!($op, $li, &$lt, $ri, &$rt, $out, $body); - ); - // Binary (both - either) - (($li:ident : ? $lt:ty) $op:tt ($ri:ident : $rt:ty) -> $out:ty $body:block) => ( - _overload_binary!($op, $li, $lt, $ri, $rt, $out, $body); - _overload_binary!($op, $li, &$lt, $ri, $rt, $out, $body); - ); - // Binary (either - both) - (($li:ident : $lt:ty) $op:tt ($ri:ident : ? $rt:ty) -> $out:ty $body:block) => ( - _overload_binary!($op, $li, $lt, $ri, $rt, $out, $body); - _overload_binary!($op, $li, $lt, $ri, &$rt, $out, $body); - ); - // Binary (either - either) - (($li:ident : $lt:ty) $op:tt ($ri:ident : $rt:ty) -> $out:ty $body:block) => ( - _overload_binary!($op, $li, $lt, $ri, $rt, $out, $body); - ); -} diff --git a/vendor/overload/src/unary.rs b/vendor/overload/src/unary.rs deleted file mode 100644 index da8f6b59..00000000 --- a/vendor/overload/src/unary.rs +++ /dev/null @@ -1,20 +0,0 @@ -#[doc(hidden)] -#[macro_export(local_inner_macros)] -macro_rules! _overload_unary { - (-, $($t:tt)+) => (_overload_unary_internal!(Neg, neg, $($t)+);); - (!, $($t:tt)+) => (_overload_unary_internal!(Not, not, $($t)+);); -} - -#[doc(hidden)] -#[macro_export(local_inner_macros)] -macro_rules! _overload_unary_internal { - ($op_trait:ident, $op_fn:ident, $i:ident, $t:ty, $out:ty, $body:block) => ( - impl ops::$op_trait for $t { - type Output = $out; - fn $op_fn(self) -> Self::Output { - let $i = self; - $body - } - } - ); -} -- cgit v1.2.3