From 2d89bc47da949b0f437de2ea9dd2bac277fae025 Mon Sep 17 00:00:00 2001
From: Miguel Martinez <miguel@chainloop.dev>
Date: Mon, 20 Oct 2025 23:23:12 -0400
Subject: [PATCH 1/2] chore: expose referrer config

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
---
 app/controlplane/cmd/wire_gen.go              |  7 ++++-
 app/controlplane/pkg/biz/biz.go               |  1 +
 app/controlplane/pkg/biz/referrer.go          | 30 ++++++++++++-------
 .../pkg/biz/referrer_integration_test.go      |  5 ++--
 app/controlplane/pkg/biz/referrer_test.go     | 11 ++++---
 .../pkg/biz/testhelpers/wire_gen.go           |  7 ++++-
 6 files changed, 40 insertions(+), 21 deletions(-)

diff --git a/app/controlplane/cmd/wire_gen.go b/app/controlplane/cmd/wire_gen.go
index 15cb1d5c7..8384f19d5 100644
--- a/app/controlplane/cmd/wire_gen.go
+++ b/app/controlplane/cmd/wire_gen.go
@@ -100,7 +100,12 @@ func wireApp(bootstrap *conf.Bootstrap, readerWriter credentials.ReaderWriter, l
 	casClientUseCase := biz.NewCASClientUseCase(casCredentialsUseCase, bootstrap_CASServer, logger, v2...)
 	referrerRepo := data.NewReferrerRepo(dataData, workflowRepo, logger)
 	referrerSharedIndex := bootstrap.ReferrerSharedIndex
-	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, referrerSharedIndex, logger)
+	indexConfig, err := biz.NewIndexConfig(referrerSharedIndex)
+	if err != nil {
+		cleanup()
+		return nil, nil, err
+	}
+	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, indexConfig, logger)
 	if err != nil {
 		cleanup()
 		return nil, nil, err
diff --git a/app/controlplane/pkg/biz/biz.go b/app/controlplane/pkg/biz/biz.go
index ee83195e8..81e5023b8 100644
--- a/app/controlplane/pkg/biz/biz.go
+++ b/app/controlplane/pkg/biz/biz.go
@@ -58,6 +58,7 @@ var ProviderSet = wire.NewSet(
 	NewUserAccessSyncerUseCase,
 	NewGroupUseCase,
 	NewCASBackendChecker,
+	NewIndexConfig,
 	wire.Bind(new(PromObservable), new(*PrometheusUseCase)),
 	wire.Struct(new(NewIntegrationUseCaseOpts), "*"),
 	wire.Struct(new(NewUserUseCaseParams), "*"),
diff --git a/app/controlplane/pkg/biz/referrer.go b/app/controlplane/pkg/biz/referrer.go
index 9879128da..ff4612de0 100644
--- a/app/controlplane/pkg/biz/referrer.go
+++ b/app/controlplane/pkg/biz/referrer.go
@@ -39,23 +39,33 @@ type ReferrerUseCase struct {
 	membershipUseCase *MembershipUseCase
 	workflowRepo      WorkflowRepo
 	logger            *log.Helper
-	indexConfig       *conf.ReferrerSharedIndex
+	indexConfig       *IndexConfig
 }
 
-func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, membershipUseCase *MembershipUseCase, indexCfg *conf.ReferrerSharedIndex, l log.Logger) (*ReferrerUseCase, error) {
+type IndexConfig struct {
+	Enabled     bool
+	AllowedOrgs []string
+}
+
+func NewIndexConfig(cfg *conf.ReferrerSharedIndex) (*IndexConfig, error) {
+	if err := cfg.ValidateOrgs(); err != nil {
+		return nil, fmt.Errorf("invalid shared index config: %w", err)
+	}
+
+	return &IndexConfig{
+		Enabled:     cfg.Enabled,
+		AllowedOrgs: cfg.AllowedOrgs,
+	}, nil
+}
+
+func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, membershipUseCase *MembershipUseCase, indexCfg *IndexConfig, l log.Logger) (*ReferrerUseCase, error) {
 	if l == nil {
 		l = log.NewStdLogger(io.Discard)
 	}
 	logger := servicelogger.ScopedHelper(l, "biz/referrer")
 
-	if indexCfg != nil {
-		if err := indexCfg.ValidateOrgs(); err != nil {
-			return nil, fmt.Errorf("invalid shared index config: %w", err)
-		}
-
-		if indexCfg.Enabled {
-			logger.Infow("msg", "shared index enabled", "allowedOrgs", indexCfg.AllowedOrgs)
-		}
+	if indexCfg != nil && indexCfg.Enabled {
+		logger.Infow("msg", "shared index enabled", "allowedOrgs", indexCfg.AllowedOrgs)
 	}
 
 	return &ReferrerUseCase{
diff --git a/app/controlplane/pkg/biz/referrer_integration_test.go b/app/controlplane/pkg/biz/referrer_integration_test.go
index fb736815e..9fa1a18ef 100644
--- a/app/controlplane/pkg/biz/referrer_integration_test.go
+++ b/app/controlplane/pkg/biz/referrer_integration_test.go
@@ -23,7 +23,6 @@ import (
 	"sync"
 	"testing"
 
-	conf "github.com/chainloop-dev/chainloop/app/controlplane/internal/conf/controlplane/config/v1"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/biz"
 	"github.com/chainloop-dev/chainloop/app/controlplane/pkg/biz/testhelpers"
 	"github.com/chainloop-dev/chainloop/pkg/credentials"
@@ -88,7 +87,7 @@ func (s *referrerIntegrationTestSuite) TestGetFromRootInPublicSharedIndex() {
 
 	s.T().Run("it should appear if we whitelist org2", func(t *testing.T) {
 		uc, err := biz.NewReferrerUseCase(s.Repos.Referrer, s.Repos.Workflow, s.Membership,
-			&conf.ReferrerSharedIndex{
+			&biz.IndexConfig{
 				Enabled:     true,
 				AllowedOrgs: []string{s.org2.ID},
 			}, nil)
@@ -464,7 +463,7 @@ func (s *referrerIntegrationTestSuite) SetupTest() {
 	require.NoError(s.T(), err)
 
 	s.sharedEnabledUC, err = biz.NewReferrerUseCase(s.Repos.Referrer, s.Repos.Workflow, s.Membership,
-		&conf.ReferrerSharedIndex{
+		&biz.IndexConfig{
 			Enabled:     true,
 			AllowedOrgs: []string{s.org1.ID},
 		}, nil)
diff --git a/app/controlplane/pkg/biz/referrer_test.go b/app/controlplane/pkg/biz/referrer_test.go
index b13131eea..a31e95717 100644
--- a/app/controlplane/pkg/biz/referrer_test.go
+++ b/app/controlplane/pkg/biz/referrer_test.go
@@ -21,7 +21,6 @@ import (
 	"os"
 	"testing"
 
-	conf "github.com/chainloop-dev/chainloop/app/controlplane/internal/conf/controlplane/config/v1"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/stretchr/testify/assert"
@@ -32,7 +31,7 @@ import (
 func (s *referrerTestSuite) TestInitialization() {
 	testCases := []struct {
 		name       string
-		conf       *conf.ReferrerSharedIndex
+		conf       *IndexConfig
 		wantErrMsg string
 	}{
 		{
@@ -40,20 +39,20 @@ func (s *referrerTestSuite) TestInitialization() {
 		},
 		{
 			name: "disabled",
-			conf: &conf.ReferrerSharedIndex{
+			conf: &IndexConfig{
 				Enabled: false,
 			},
 		},
 		{
 			name: "enabled but without orgs",
-			conf: &conf.ReferrerSharedIndex{
+			conf: &IndexConfig{
 				Enabled: true,
 			},
 			wantErrMsg: "invalid shared index config: index is enabled, but no orgs are allowed",
 		},
 		{
 			name: "enabled with invalid orgs",
-			conf: &conf.ReferrerSharedIndex{
+			conf: &IndexConfig{
 				Enabled:     true,
 				AllowedOrgs: []string{"invalid"},
 			},
@@ -61,7 +60,7 @@ func (s *referrerTestSuite) TestInitialization() {
 		},
 		{
 			name: "enabled with valid orgs",
-			conf: &conf.ReferrerSharedIndex{
+			conf: &IndexConfig{
 				Enabled:     true,
 				AllowedOrgs: []string{"00000000-0000-0000-0000-000000000000"},
 			},
diff --git a/app/controlplane/pkg/biz/testhelpers/wire_gen.go b/app/controlplane/pkg/biz/testhelpers/wire_gen.go
index 591373b16..9a0000a2c 100644
--- a/app/controlplane/pkg/biz/testhelpers/wire_gen.go
+++ b/app/controlplane/pkg/biz/testhelpers/wire_gen.go
@@ -126,7 +126,12 @@ func WireTestData(testDatabase *TestDatabase, t *testing.T, logger log.Logger, r
 	}
 	referrerRepo := data.NewReferrerRepo(dataData, workflowRepo, logger)
 	referrerSharedIndex := _wireReferrerSharedIndexValue
-	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, referrerSharedIndex, logger)
+	indexConfig, err := biz.NewIndexConfig(referrerSharedIndex)
+	if err != nil {
+		cleanup()
+		return nil, nil, err
+	}
+	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, indexConfig, logger)
 	if err != nil {
 		cleanup()
 		return nil, nil, err

From bf15bbaa377a6a69a7344bd47f1057e6e7827f26 Mon Sep 17 00:00:00 2001
From: Miguel Martinez <miguel@chainloop.dev>
Date: Mon, 20 Oct 2025 23:26:10 -0400
Subject: [PATCH 2/2] chore: expose referrer config

Signed-off-by: Miguel Martinez <miguel@chainloop.dev>
---
 app/controlplane/cmd/wire_gen.go                      |  4 ++--
 app/controlplane/pkg/biz/referrer.go                  | 10 +++++-----
 app/controlplane/pkg/biz/referrer_integration_test.go |  4 ++--
 app/controlplane/pkg/biz/referrer_test.go             | 10 +++++-----
 app/controlplane/pkg/biz/testhelpers/wire_gen.go      |  4 ++--
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/app/controlplane/cmd/wire_gen.go b/app/controlplane/cmd/wire_gen.go
index 8384f19d5..a18514605 100644
--- a/app/controlplane/cmd/wire_gen.go
+++ b/app/controlplane/cmd/wire_gen.go
@@ -100,12 +100,12 @@ func wireApp(bootstrap *conf.Bootstrap, readerWriter credentials.ReaderWriter, l
 	casClientUseCase := biz.NewCASClientUseCase(casCredentialsUseCase, bootstrap_CASServer, logger, v2...)
 	referrerRepo := data.NewReferrerRepo(dataData, workflowRepo, logger)
 	referrerSharedIndex := bootstrap.ReferrerSharedIndex
-	indexConfig, err := biz.NewIndexConfig(referrerSharedIndex)
+	referrerSharedIndexConfig, err := biz.NewIndexConfig(referrerSharedIndex)
 	if err != nil {
 		cleanup()
 		return nil, nil, err
 	}
-	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, indexConfig, logger)
+	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, referrerSharedIndexConfig, logger)
 	if err != nil {
 		cleanup()
 		return nil, nil, err
diff --git a/app/controlplane/pkg/biz/referrer.go b/app/controlplane/pkg/biz/referrer.go
index ff4612de0..34b23d9ec 100644
--- a/app/controlplane/pkg/biz/referrer.go
+++ b/app/controlplane/pkg/biz/referrer.go
@@ -39,26 +39,26 @@ type ReferrerUseCase struct {
 	membershipUseCase *MembershipUseCase
 	workflowRepo      WorkflowRepo
 	logger            *log.Helper
-	indexConfig       *IndexConfig
+	indexConfig       *ReferrerSharedIndexConfig
 }
 
-type IndexConfig struct {
+type ReferrerSharedIndexConfig struct {
 	Enabled     bool
 	AllowedOrgs []string
 }
 
-func NewIndexConfig(cfg *conf.ReferrerSharedIndex) (*IndexConfig, error) {
+func NewIndexConfig(cfg *conf.ReferrerSharedIndex) (*ReferrerSharedIndexConfig, error) {
 	if err := cfg.ValidateOrgs(); err != nil {
 		return nil, fmt.Errorf("invalid shared index config: %w", err)
 	}
 
-	return &IndexConfig{
+	return &ReferrerSharedIndexConfig{
 		Enabled:     cfg.Enabled,
 		AllowedOrgs: cfg.AllowedOrgs,
 	}, nil
 }
 
-func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, membershipUseCase *MembershipUseCase, indexCfg *IndexConfig, l log.Logger) (*ReferrerUseCase, error) {
+func NewReferrerUseCase(repo ReferrerRepo, wfRepo WorkflowRepo, membershipUseCase *MembershipUseCase, indexCfg *ReferrerSharedIndexConfig, l log.Logger) (*ReferrerUseCase, error) {
 	if l == nil {
 		l = log.NewStdLogger(io.Discard)
 	}
diff --git a/app/controlplane/pkg/biz/referrer_integration_test.go b/app/controlplane/pkg/biz/referrer_integration_test.go
index 9fa1a18ef..e1f30a65f 100644
--- a/app/controlplane/pkg/biz/referrer_integration_test.go
+++ b/app/controlplane/pkg/biz/referrer_integration_test.go
@@ -87,7 +87,7 @@ func (s *referrerIntegrationTestSuite) TestGetFromRootInPublicSharedIndex() {
 
 	s.T().Run("it should appear if we whitelist org2", func(t *testing.T) {
 		uc, err := biz.NewReferrerUseCase(s.Repos.Referrer, s.Repos.Workflow, s.Membership,
-			&biz.IndexConfig{
+			&biz.ReferrerSharedIndexConfig{
 				Enabled:     true,
 				AllowedOrgs: []string{s.org2.ID},
 			}, nil)
@@ -463,7 +463,7 @@ func (s *referrerIntegrationTestSuite) SetupTest() {
 	require.NoError(s.T(), err)
 
 	s.sharedEnabledUC, err = biz.NewReferrerUseCase(s.Repos.Referrer, s.Repos.Workflow, s.Membership,
-		&biz.IndexConfig{
+		&biz.ReferrerSharedIndexConfig{
 			Enabled:     true,
 			AllowedOrgs: []string{s.org1.ID},
 		}, nil)
diff --git a/app/controlplane/pkg/biz/referrer_test.go b/app/controlplane/pkg/biz/referrer_test.go
index a31e95717..51cd48c10 100644
--- a/app/controlplane/pkg/biz/referrer_test.go
+++ b/app/controlplane/pkg/biz/referrer_test.go
@@ -31,7 +31,7 @@ import (
 func (s *referrerTestSuite) TestInitialization() {
 	testCases := []struct {
 		name       string
-		conf       *IndexConfig
+		conf       *ReferrerSharedIndexConfig
 		wantErrMsg string
 	}{
 		{
@@ -39,20 +39,20 @@ func (s *referrerTestSuite) TestInitialization() {
 		},
 		{
 			name: "disabled",
-			conf: &IndexConfig{
+			conf: &ReferrerSharedIndexConfig{
 				Enabled: false,
 			},
 		},
 		{
 			name: "enabled but without orgs",
-			conf: &IndexConfig{
+			conf: &ReferrerSharedIndexConfig{
 				Enabled: true,
 			},
 			wantErrMsg: "invalid shared index config: index is enabled, but no orgs are allowed",
 		},
 		{
 			name: "enabled with invalid orgs",
-			conf: &IndexConfig{
+			conf: &ReferrerSharedIndexConfig{
 				Enabled:     true,
 				AllowedOrgs: []string{"invalid"},
 			},
@@ -60,7 +60,7 @@ func (s *referrerTestSuite) TestInitialization() {
 		},
 		{
 			name: "enabled with valid orgs",
-			conf: &IndexConfig{
+			conf: &ReferrerSharedIndexConfig{
 				Enabled:     true,
 				AllowedOrgs: []string{"00000000-0000-0000-0000-000000000000"},
 			},
diff --git a/app/controlplane/pkg/biz/testhelpers/wire_gen.go b/app/controlplane/pkg/biz/testhelpers/wire_gen.go
index 9a0000a2c..a9fbb8d0e 100644
--- a/app/controlplane/pkg/biz/testhelpers/wire_gen.go
+++ b/app/controlplane/pkg/biz/testhelpers/wire_gen.go
@@ -126,12 +126,12 @@ func WireTestData(testDatabase *TestDatabase, t *testing.T, logger log.Logger, r
 	}
 	referrerRepo := data.NewReferrerRepo(dataData, workflowRepo, logger)
 	referrerSharedIndex := _wireReferrerSharedIndexValue
-	indexConfig, err := biz.NewIndexConfig(referrerSharedIndex)
+	referrerSharedIndexConfig, err := biz.NewIndexConfig(referrerSharedIndex)
 	if err != nil {
 		cleanup()
 		return nil, nil, err
 	}
-	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, indexConfig, logger)
+	referrerUseCase, err := biz.NewReferrerUseCase(referrerRepo, workflowRepo, membershipUseCase, referrerSharedIndexConfig, logger)
 	if err != nil {
 		cleanup()
 		return nil, nil, err