From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/tempfile/src/env.rs | 44 -------------------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 vendor/tempfile/src/env.rs (limited to 'vendor/tempfile/src/env.rs') diff --git a/vendor/tempfile/src/env.rs b/vendor/tempfile/src/env.rs deleted file mode 100644 index b9574510..00000000 --- a/vendor/tempfile/src/env.rs +++ /dev/null @@ -1,44 +0,0 @@ -use std::env; -use std::path::{Path, PathBuf}; - -// Once rust 1.70 is wide-spread (Debian stable), we can use OnceLock from stdlib. -use once_cell::sync::OnceCell as OnceLock; - -static DEFAULT_TEMPDIR: OnceLock = OnceLock::new(); - -/// Override the default temporary directory (defaults to [`std::env::temp_dir`]). This function -/// changes the _global_ default temporary directory for the entire program and should not be called -/// except in exceptional cases where it's not configured correctly by the platform. Applications -/// should first check if the path returned by [`env::temp_dir`] is acceptable. -/// -/// Only the first call to this function will succeed. All further calls will fail with `Err(path)` -/// where `path` is previously set default temporary directory override. -/// -/// **NOTE:** This function does not check if the specified directory exists and/or is writable. -pub fn override_temp_dir(path: &Path) -> Result<(), PathBuf> { - let mut we_set = false; - let val = DEFAULT_TEMPDIR.get_or_init(|| { - we_set = true; - path.to_path_buf() - }); - if we_set { - Ok(()) - } else { - Err(val.to_owned()) - } -} - -/// Returns the default temporary directory, used for both temporary directories and files if no -/// directory is explicitly specified. -/// -/// This function simply delegates to [`std::env::temp_dir`] unless the default temporary directory -/// has been override by a call to [`override_temp_dir`]. -/// -/// **NOTE:** This function does check if the returned directory exists and/or is writable. -pub fn temp_dir() -> PathBuf { - DEFAULT_TEMPDIR - .get() - .map(|p| p.to_owned()) - // Don't cache this in case the user uses std::env::set to change the temporary directory. - .unwrap_or_else(env::temp_dir) -} -- cgit v1.2.3