fix connection nats

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>

Author: migmartri

app/artifact-cas/api/buf.yaml

@@ -7,4 +7,4 @@ deps:
   - buf.build/bufbuild/protovalidate:b983156c5e994cc9892e0ce3e64e17e0
 lint:
   use:
-    - DEFAULT
+    - STANDARD

app/artifact-cas/internal/conf/buf.yaml

@@ -7,7 +7,7 @@ deps:
   - buf.build/bufbuild/protovalidate:b983156c5e994cc9892e0ce3e64e17e0
 lint:
   use:
-    - DEFAULT
+    - STANDARD
   ignore_only:
     PACKAGE_DEFINED:
       - ./conf.proto

app/controlplane/api/buf.yaml

@@ -9,7 +9,7 @@ deps:
   - buf.build/grpc-ecosystem/grpc-gateway:v2.26.3
 lint:
   use:
-    - DEFAULT
+    - STANDARD
   ignore_only:
     ENUM_ZERO_VALUE_SUFFIX:
       - controlplane/v1/pagination.proto

app/controlplane/cmd/wire.go

@@ -71,7 +71,7 @@ func wireApp(*conf.Bootstrap, credentials.ReaderWriter, log.Logger, sdk.Availabl
 }
 
 func authzConfig(conf *conf.Bootstrap) *authz.Config {
-	return &authz.Config{ManagedResources: authz.ManagedResources, RolesMap: authz.RolesMap, RestrictOrgCreation: conf.RestrictOrgCreation}
+	return &authz.Config{RolesMap: authz.RolesMap, RestrictOrgCreation: conf.RestrictOrgCreation}
 }
 
 func newJWTConfig(conf *conf.Auth) *biz.APITokenJWTConfig {

app/controlplane/cmd/wire_gen.go

@@ -8,7 +8,7 @@ deps:
   - buf.build/kratos-go/kratos:e1d52e944e3845c6862a566db322432d
 lint:
   use:
-    - DEFAULT
+    - STANDARD
   ignore_only:
     PACKAGE_DEFINED:
       - ./conf.proto

app/controlplane/internal/conf/buf.yaml

@@ -100,29 +100,6 @@ const (
 	RoleProductAdmin  Role = "role:product:admin"
 )
 
-// ManagedResources are the resources that are managed by Chainloop, considered during permissions sync
-var ManagedResources = []string{
-	ResourceWorkflowContract,
-	ResourceCASArtifact,
-	ResourceCASBackend,
-	ResourceReferrer,
-	ResourceAvailableIntegration,
-	ResourceRegisteredIntegration,
-	ResourceAttachedIntegration,
-	ResourceOrgMetric,
-	ResourceRobotAccount,
-	ResourceWorkflowRun,
-	ResourceWorkflow,
-	ResourceProject,
-	Organization,
-	OrganizationMemberships,
-	ResourceGroup,
-	ResourceGroupMembership,
-	ResourceAPIToken,
-	ResourceProjectMembership,
-	ResourceOrganizationInvitations,
-}
-
 var (
 	// Referrer
 	PolicyReferrerRead = &Policy{ResourceReferrer, ActionRead}

app/controlplane/pkg/authz/authz.go

@@ -92,7 +92,7 @@ func TestDoSync(t *testing.T) {
 		},
 	}
 
-	err = doSync(e, &Config{RolesMap: policiesM, ManagedResources: []string{ResourceWorkflowContract, ResourceCASArtifact}})
+	err = doSync(e, &Config{RolesMap: policiesM})
 	assert.NoError(t, err)
 	got, err = e.GetPolicy()
 	assert.NoError(t, err)
@@ -105,7 +105,7 @@ func TestDoSync(t *testing.T) {
 		},
 	}
 
-	err = doSync(e, &Config{RolesMap: policiesM, ManagedResources: []string{ResourceWorkflowContract, ResourceCASArtifact}})
+	err = doSync(e, &Config{RolesMap: policiesM})
 	assert.NoError(t, err)
 	got, err = e.GetPolicy()
 	assert.NoError(t, err)
@@ -125,7 +125,6 @@ func TestDoSync(t *testing.T) {
 	assert.Len(t, got, 2)
 }
 
-
 func testEnforcer(t *testing.T) (*Enforcer, io.Closer) {
 	f, err := os.CreateTemp(t.TempDir(), "policy*.csv")
 	if err != nil {

app/controlplane/pkg/authz/authz_test.go

@@ -38,7 +38,6 @@ func (t *SubjectAPIToken) String() string {
 var modelFile []byte
 
 type Config struct {
-	ManagedResources    []string
 	RolesMap            map[Role][]*Policy
 	RestrictOrgCreation bool
 }
@@ -57,7 +56,8 @@ func (e *Enforcer) Enforce(sub string, p *Policy) (bool, error) {
 // EnforceWithPolicies checks if the required policy exists in the provided list of allowed policies.
 // This is used for ACL-based authorization (e.g., API tokens) where policies are stored in the database
 // rather than in Casbin. Returns true if the required policy is found in the allowed list.
-func (e *Enforcer) EnforceWithPolicies(sub string, p *Policy, allowedPolicies []*Policy) (bool, error) {
+// in the future we will use this function to check if the policy is allowed for the subject by running the enforcer with the subject
+func (e *Enforcer) EnforceWithPolicies(_ string, p *Policy, allowedPolicies []*Policy) (bool, error) {
 	for _, allowed := range allowedPolicies {
 		if allowed.Resource == p.Resource && allowed.Action == p.Action {
 			return true, nil
@@ -171,11 +171,6 @@ func doSync(e *Enforcer, c *Config) error {
 		resource := p[1]
 		action := p[2]
 
-		// if it's not a managed resource, skip deletion
-		if !slices.Contains(conf.ManagedResources, resource) {
-			continue
-		}
-
 		wantPolicies, ok := conf.RolesMap[Role(role)]
 		// if the role does not exist in the map, we can delete the policy
 		if !ok {

app/controlplane/pkg/authz/enforcer.go

@@ -68,7 +68,7 @@ func WireTestData(*TestDatabase, *testing.T, log.Logger, credentials.ReaderWrite
 }
 
 func authzConfig() *authz.Config {
-	return &authz.Config{ManagedResources: authz.ManagedResources, RolesMap: authz.RolesMap}
+	return &authz.Config{RolesMap: authz.RolesMap}
 }
 
 func newJWTConfig(conf *conf.Auth) *biz.APITokenJWTConfig {