From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001 From: mo khan Date: Tue, 15 Jul 2025 16:37:08 -0600 Subject: feat: migrate from Cedar to SpiceDB authorization system This is a major architectural change that replaces the Cedar policy-based authorization system with SpiceDB's relation-based authorization. Key changes: - Migrate from Rust to Go implementation - Replace Cedar policies with SpiceDB schema and relationships - Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks - Update build system and dependencies for Go ecosystem - Maintain Envoy integration for external authorization This change enables more flexible permission modeling through SpiceDB's Google Zanzibar inspired relation-based system, supporting complex hierarchical permissions that were difficult to express in Cedar. Breaking change: Existing Cedar policies and Rust-based configuration will no longer work and need to be migrated to SpiceDB schema. --- vendor/unicode-script/.cargo-checksum.json | 1 - vendor/unicode-script/Cargo.toml | 67 - vendor/unicode-script/LICENSE-APACHE | 201 -- vendor/unicode-script/LICENSE-MIT | 27 - vendor/unicode-script/README.md | 7 - vendor/unicode-script/scripts/unicode.py | 402 ---- vendor/unicode-script/src/lib.rs | 560 ----- vendor/unicode-script/src/tables.rs | 3497 ---------------------------- 8 files changed, 4762 deletions(-) delete mode 100644 vendor/unicode-script/.cargo-checksum.json delete mode 100644 vendor/unicode-script/Cargo.toml delete mode 100644 vendor/unicode-script/LICENSE-APACHE delete mode 100644 vendor/unicode-script/LICENSE-MIT delete mode 100644 vendor/unicode-script/README.md delete mode 100644 vendor/unicode-script/scripts/unicode.py delete mode 100644 vendor/unicode-script/src/lib.rs delete mode 100644 vendor/unicode-script/src/tables.rs (limited to 'vendor/unicode-script') diff --git a/vendor/unicode-script/.cargo-checksum.json b/vendor/unicode-script/.cargo-checksum.json deleted file mode 100644 index aa4331e5..00000000 --- a/vendor/unicode-script/.cargo-checksum.json +++ /dev/null @@ -1 +0,0 @@ -{"files":{"Cargo.toml":"9a3d68d2142bd01d5b8e8f805d9052412f29b9a80a3eb64eee311b67e703f32e","LICENSE-APACHE":"7cbb56d1b5d83d735056b363ab20958524120afafc4ad8206e6be98cdec5d737","LICENSE-MIT":"7ad3ea8ca3caf894db98c3f31d5d4949173ffa93c883ef19a9e529ad48960f8c","README.md":"9d922b2906be36f007f89c6f4eae8976d90a01be8181928698a121b154bbb016","scripts/unicode.py":"a72c10b89ec8c7bf4d563231c3a761756b3f6b4fe7fd47ad56644e8c6fd1c719","src/lib.rs":"c7fe2550b1ed36de32f898d6102859481a31e4484d7264a3cc41f1399843537e","src/tables.rs":"41cdc49fee0da1ec70307915ac0ff2aec5f3c0ad51dce83d7adf5aa4d1aa7f61"},"package":"9fb421b350c9aff471779e262955939f565ec18b86c15364e6bdf0d662ca7c1f"} \ No newline at end of file diff --git a/vendor/unicode-script/Cargo.toml b/vendor/unicode-script/Cargo.toml deleted file mode 100644 index cd5dab29..00000000 --- a/vendor/unicode-script/Cargo.toml +++ /dev/null @@ -1,67 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO -# -# When uploading crates to the registry Cargo will automatically -# "normalize" Cargo.toml files for maximal compatibility -# with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies. -# -# If you are reading this file be aware that the original Cargo.toml -# will likely look very different (and much more reasonable). -# See Cargo.toml.orig for the original contents. - -[package] -edition = "2018" -name = "unicode-script" -version = "0.5.7" -authors = ["Manish Goregaokar "] -build = false -exclude = [ - "target/*", - "Cargo.lock", - "scripts/tmp", - "*.txt", -] -autobins = false -autoexamples = false -autotests = false -autobenches = false -description = """ -This crate exposes the Unicode `Script` and `Script_Extension` properties from [UAX #24](http://www.unicode.org/reports/tr24/) -""" -homepage = "https://github.com/unicode-rs/unicode-script" -documentation = "https://docs.rs/unicode-script" -readme = "README.md" -keywords = [ - "text", - "unicode", - "script", - "language", -] -license = "MIT OR Apache-2.0" -repository = "https://github.com/unicode-rs/unicode-script" - -[lib] -name = "unicode_script" -path = "src/lib.rs" - -[dependencies.compiler_builtins] -version = "0.1" -optional = true - -[dependencies.core] -version = "1.0" -optional = true -package = "rustc-std-workspace-core" - -[dependencies.std] -version = "1.0" -optional = true -package = "rustc-std-workspace-std" - -[features] -bench = [] -rustc-dep-of-std = [ - "std", - "core", - "compiler_builtins", -] diff --git a/vendor/unicode-script/LICENSE-APACHE b/vendor/unicode-script/LICENSE-APACHE deleted file mode 100644 index aa718b55..00000000 --- a/vendor/unicode-script/LICENSE-APACHE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright 2021 The Unicode-rs Developers - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/vendor/unicode-script/LICENSE-MIT b/vendor/unicode-script/LICENSE-MIT deleted file mode 100644 index 20c28a2c..00000000 --- a/vendor/unicode-script/LICENSE-MIT +++ /dev/null @@ -1,27 +0,0 @@ -MIT License - -Copyright (c) 2019 Manish Goregaokar - -Permission is hereby granted, free of charge, to any -person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the -Software without restriction, including without -limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software -is furnished to do so, subject to the following -conditions: - -The above copyright notice and this permission notice -shall be included in all copies or substantial portions -of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED -TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR -IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. diff --git a/vendor/unicode-script/README.md b/vendor/unicode-script/README.md deleted file mode 100644 index 0afbce69..00000000 --- a/vendor/unicode-script/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# unicode-script - -[![Build Status](https://github.com/unicode-rs/unicode-script/workflows/Tests/badge.svg)](https://github.com/unicode-rs/unicode-script/actions) -[![Current Version](https://img.shields.io/crates/v/unicode-script.svg)](https://crates.io/crates/unicode-script) -[![License: MIT/Apache-2.0](https://img.shields.io/crates/l/unicode-script.svg)](#license) - -This crate exposes the Unicode `Script` and `Script_Extension` properties from [UAX #24](http://www.unicode.org/reports/tr24/) diff --git a/vendor/unicode-script/scripts/unicode.py b/vendor/unicode-script/scripts/unicode.py deleted file mode 100644 index cb3e2c74..00000000 --- a/vendor/unicode-script/scripts/unicode.py +++ /dev/null @@ -1,402 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2011-2015 The Rust Project Developers. See the COPYRIGHT -# file at the top-level directory of this distribution and at -# http://rust-lang.org/COPYRIGHT. -# -# Licensed under the Apache License, Version 2.0 or the MIT license -# , at your -# option. This file may not be copied, modified, or distributed -# except according to those terms. - -# This script uses the following Unicode tables: -# - PropertyValueAliases.txt -# - ScriptExtensions.txt -# - Scripts.txt -# -# Since this should not require frequent updates, we just store this -# out-of-line and check the unicode.rs file into git. - -import fileinput, re, os, sys - -preamble = '''// Copyright 2012-2018 The Rust Project Developers. See the COPYRIGHT -// file at the top-level directory of this distribution and at -// http://rust-lang.org/COPYRIGHT. -// -// Licensed under the Apache License, Version 2.0 or the MIT license -// , at your -// option. This file may not be copied, modified, or distributed -// except according to those terms. - -// NOTE: The following code was generated by "scripts/unicode.py", do not edit directly - -#![allow(missing_docs, non_upper_case_globals, non_snake_case)] - -pub use tables_impl::*; - -#[rustfmt::skip] -mod tables_impl { -use crate::ScriptExtension; -''' - -# Close `mod impl {` -ending=''' -} -''' - -UNICODE_VERSION = (16, 0, 0) - -UNICODE_VERSION_NUMBER = "%s.%s.%s" %UNICODE_VERSION - -def escape_char(c): - return "'\\u{%x}'" % c - -def fetch(f): - if not os.path.exists(os.path.basename(f)): - if "emoji" in f: - os.system("curl -O https://www.unicode.org/Public/emoji/%s.%s/%s" - % (UNICODE_VERSION[0], UNICODE_VERSION[1], f)) - else: - os.system("curl -O https://www.unicode.org/Public/%s/ucd/%s" - % (UNICODE_VERSION_NUMBER, f)) - - if not os.path.exists(os.path.basename(f)): - sys.stderr.write("cannot load %s" % f) - exit(1) - -def group_cats(cats): - cats_out = {} - for cat in cats: - cats_out[cat] = group_cat(cats[cat]) - return cats_out - -def aliases(): - """ - Fetch the shorthand aliases for each longhand Script name - """ - fetch("PropertyValueAliases.txt") - longforms = {} - shortforms = {} - re1 = re.compile(r"^ *sc *; *(\w+) *; *(\w+)") - for line in fileinput.input(os.path.basename("PropertyValueAliases.txt")): - m = re1.match(line) - if m: - l = m.group(2).strip() - s = m.group(1).strip() - assert(s not in longforms) - assert(l not in shortforms) - longforms[s] = l - shortforms[l] = s - else: - continue - - return (longforms, shortforms) - -def format_table_content(f, content, indent): - line = " "*indent - first = True - for chunk in content.split(","): - if len(line) + len(chunk) < 98: - if first: - line += chunk - else: - line += ", " + chunk - first = False - else: - f.write(line + ",\n") - line = " "*indent + chunk - f.write(line) - -# Implementation from unicode-segmentation -def load_properties(f, interestingprops): - fetch(f) - props = {} - # Note: these regexes are different from those in unicode-segmentation, - # becase we need to handle spaces here - re1 = re.compile(r"^ *([0-9A-F]+) *; *([^#]+) *#") - re2 = re.compile(r"^ *([0-9A-F]+)\.\.([0-9A-F]+) *; *([^#]+) *#") - - for line in fileinput.input(os.path.basename(f)): - prop = None - d_lo = 0 - d_hi = 0 - m = re1.match(line) - if m: - d_lo = m.group(1) - d_hi = m.group(1) - prop = m.group(2).strip() - else: - m = re2.match(line) - if m: - d_lo = m.group(1) - d_hi = m.group(2) - prop = m.group(3).strip() - else: - continue - if interestingprops and prop not in interestingprops: - continue - d_lo = int(d_lo, 16) - d_hi = int(d_hi, 16) - if prop not in props: - props[prop] = [] - props[prop].append((d_lo, d_hi)) - - return props - -# Implementation from unicode-segmentation -def emit_table(f, name, t_data, t_type = "&'static [(char, char)]", is_pub=True, - pfun=lambda x: "(%s,%s)" % (escape_char(x[0]), escape_char(x[1])), is_const=True): - pub_string = "const" - if not is_const: - pub_string = "let" - if is_pub: - pub_string = "pub " + pub_string - f.write(" %s %s: %s = &[\n" % (pub_string, name, t_type)) - data = "" - first = True - for dat in t_data: - if not first: - data += "," - first = False - data += pfun(dat) - format_table_content(f, data, 8) - f.write("\n ];\n\n") - -def emit_search(f): - f.write(""" -pub fn bsearch_range_value_table(c: char, r: &'static [(char, char, T)]) -> Option { - use core::cmp::Ordering::{Equal, Less, Greater}; - match r.binary_search_by(|&(lo, hi, _)| { - if lo <= c && c <= hi { Equal } - else if hi < c { Less } - else { Greater } - }) { - Ok(idx) => { - let (_, _, cat) = r[idx]; - Some(cat) - } - Err(_) => None - } -} - -#[inline] -pub fn get_script(c: char) -> Option