From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/unicode-normalization/src/perfect_hash.rs | 50 ------------------------ 1 file changed, 50 deletions(-) delete mode 100644 vendor/unicode-normalization/src/perfect_hash.rs (limited to 'vendor/unicode-normalization/src/perfect_hash.rs') diff --git a/vendor/unicode-normalization/src/perfect_hash.rs b/vendor/unicode-normalization/src/perfect_hash.rs deleted file mode 100644 index 3dbc1663..00000000 --- a/vendor/unicode-normalization/src/perfect_hash.rs +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2019 The Rust Project Developers. See the COPYRIGHT -// file at the top-level directory of this distribution and at -// http://rust-lang.org/COPYRIGHT. -// -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -//! Support for lookups based on minimal perfect hashing. - -// This function is based on multiplication being fast and is "good enough". Also -// it can share some work between the unsalted and salted versions. -#[inline] -fn my_hash(key: u32, salt: u32, n: usize) -> usize { - let y = key.wrapping_add(salt).wrapping_mul(2654435769); - let y = y ^ key.wrapping_mul(0x31415926); - (((y as u64) * (n as u64)) >> 32) as usize -} - -/// Do a lookup using minimal perfect hashing. -/// -/// The table is stored as a sequence of "salt" values, then a sequence of -/// values that contain packed key/value pairs. The strategy is to hash twice. -/// The first hash retrieves a salt value that makes the second hash unique. -/// The hash function doesn't have to be very good, just good enough that the -/// resulting map is unique. -#[inline] -pub(crate) fn mph_lookup( - x: u32, - salt: &[u16], - kv: &[KV], - fk: FK, - fv: FV, - default: V, -) -> V -where - KV: Copy, - FK: Fn(KV) -> u32, - FV: Fn(KV) -> V, -{ - let s = salt[my_hash(x, 0, salt.len())] as u32; - let key_val = kv[my_hash(x, s, salt.len())]; - if x == fk(key_val) { - fv(key_val) - } else { - default - } -} -- cgit v1.2.3