From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 16:37:08 -0600
Subject: feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
---
 vendor/stacker/src/alloc_stack_restore_guard.rs | 47 -------------------------
 1 file changed, 47 deletions(-)
 delete mode 100644 vendor/stacker/src/alloc_stack_restore_guard.rs

(limited to 'vendor/stacker/src/alloc_stack_restore_guard.rs')

diff --git a/vendor/stacker/src/alloc_stack_restore_guard.rs b/vendor/stacker/src/alloc_stack_restore_guard.rs
deleted file mode 100644
index ef2babb7..00000000
--- a/vendor/stacker/src/alloc_stack_restore_guard.rs
+++ /dev/null
@@ -1,47 +0,0 @@
-use crate::{get_stack_limit, set_stack_limit};
-
-pub struct StackRestoreGuard {
-    new_stack: *mut u8,
-    stack_bytes: usize,
-    old_stack_limit: Option<usize>,
-}
-
-const ALIGNMENT: usize = 16;
-
-impl StackRestoreGuard {
-    pub fn new(stack_bytes: usize) -> StackRestoreGuard {
-        // On these platforms we do not use stack guards. this is very unfortunate,
-        // but there is not much we can do about it without OS support.
-        // We simply allocate the requested size from the global allocator with a suitable
-        // alignment.
-        let stack_bytes = stack_bytes
-            .checked_add(ALIGNMENT - 1)
-            .expect("unreasonably large stack requested")
-            / ALIGNMENT
-            * ALIGNMENT;
-        let layout = std::alloc::Layout::from_size_align(stack_bytes, ALIGNMENT).unwrap();
-        let ptr = unsafe { std::alloc::alloc(layout) };
-        assert!(!ptr.is_null(), "unable to allocate stack");
-        StackRestoreGuard {
-            new_stack: ptr,
-            stack_bytes,
-            old_stack_limit: get_stack_limit(),
-        }
-    }
-
-    pub fn stack_area(&self) -> (*mut u8, usize) {
-        (self.new_stack, self.stack_bytes)
-    }
-}
-
-impl Drop for StackRestoreGuard {
-    fn drop(&mut self) {
-        unsafe {
-            std::alloc::dealloc(
-                self.new_stack,
-                std::alloc::Layout::from_size_align_unchecked(self.stack_bytes, ALIGNMENT),
-            );
-        }
-        set_stack_limit(self.old_stack_limit);
-    }
-}
-- 
cgit v1.2.3