new pkg structure (#1150)

* fix: split command query side

* fix: split command query side

* fix: members in correct pkg structure

* fix: label policy in correct pkg structure

* fix: structure

* fix: structure of login policy

* fix: identityprovider structure

* fix: org iam policy structure

* fix: password age policy structure

* fix: password complexity policy structure

* fix: password lockout policy structure

* fix: idp structure

* fix: user events structure

* fix: user write model

* fix: profile email changed command

* fix: address changed command

* fix: user states

* fix: user

* fix: org structure and add human

* begin iam setup command side

* setup

* step2

* step2

* fix: add user

* step2

* isvalid

* fix: folder structure v2 business

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>

internal/setup/config.go

@@ -7,28 +7,28 @@ import (
 
 type IAMSetUp struct {
 	Step1 *Step1
-	Step2 *Step2
-	Step3 *Step3
-	Step4 *Step4
-	Step5 *Step5
-	Step6 *Step6
-	Step7 *Step7
-	Step8 *Step8
+	//Step2 *Step2
+	//Step3 *Step3
+	//Step4 *Step4
+	//Step5 *Step5
+	//Step6 *Step6
+	//Step7 *Step7
+	//Step8 *Step8
 }
 
-func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]step, error) {
-	steps := make([]step, 0)
+func (setup *IAMSetUp) steps(currentDone iam_model.Step) ([]stepV2, error) {
+	steps := make([]stepV2, 0)
 	missingSteps := make([]iam_model.Step, 0)
 
-	for _, step := range []step{
+	for _, step := range []stepV2{
 		setup.Step1,
-		setup.Step2,
-		setup.Step3,
-		setup.Step4,
-		setup.Step5,
-		setup.Step6,
-		setup.Step7,
-		setup.Step8,
+		//setup.Step2,
+		//setup.Step3,
+		//setup.Step4,
+		//setup.Step5,
+		//setup.Step6,
+		//setup.Step7,
+		//setup.Step8,
 	} {
 		if step.step() <= currentDone {
 			continue

internal/setup/setup.go

@@ -3,24 +3,12 @@ package setup
 import (
 	"context"
 
-	"github.com/caos/logging"
-
 	"github.com/caos/zitadel/internal/api/authz"
-	"github.com/caos/zitadel/internal/config/systemdefaults"
-	"github.com/caos/zitadel/internal/errors"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	es_int "github.com/caos/zitadel/internal/eventstore"
-	"github.com/caos/zitadel/internal/eventstore/models"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	es_iam "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
 	iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
-	es_org "github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
-	proj_model "github.com/caos/zitadel/internal/project/model"
-	es_proj "github.com/caos/zitadel/internal/project/repository/eventsourcing"
 	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
-	es_usr "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
+	"github.com/caos/zitadel/internal/v2/command"
 )
 
 type Setup struct {
@@ -29,6 +17,8 @@ type Setup struct {
 	OrgEvents     *org_event.OrgEventstore
 	UserEvents    *usr_event.UserEventstore
 	ProjectEvents *proj_event.ProjectEventstore
+
+	Commands *command.CommandSide
 }
 
 const (
@@ -48,168 +38,169 @@ const (
 	OIDCAuthMethodTypePost         = "POST"
 )
 
-func StartSetup(esConfig es_int.Config, sd systemdefaults.SystemDefaults) (*Setup, error) {
-	setup := &Setup{
-		iamID: sd.IamID,
-	}
-	es, err := es_int.Start(esConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	setup.IamEvents, err = es_iam.StartIAM(es_iam.IAMConfig{
-		Eventstore: es,
-		Cache:      esConfig.Cache,
-	}, sd)
-	if err != nil {
-		return nil, err
-	}
-
-	setup.OrgEvents = es_org.StartOrg(es_org.OrgConfig{Eventstore: es, IAMDomain: sd.Domain}, sd)
-
-	setup.ProjectEvents, err = es_proj.StartProject(es_proj.ProjectConfig{
-		Eventstore: es,
-		Cache:      esConfig.Cache,
-	}, sd)
-	if err != nil {
-		return nil, err
-	}
-
-	setup.UserEvents, err = es_usr.StartUser(es_usr.UserConfig{
-		Eventstore: es,
-		Cache:      esConfig.Cache,
-	}, sd)
-	if err != nil {
-		return nil, err
-	}
-
-	return setup, nil
-}
-
-func (s *Setup) Execute(ctx context.Context, setUpConfig IAMSetUp) error {
-	logging.Log("SETUP-hwG32").Info("starting setup")
-
-	iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
-	if err != nil && !caos_errs.IsNotFound(err) {
-		return err
-	}
-	if iam != nil && (iam.SetUpDone == iam_model.StepCount-1 || iam.SetUpStarted != iam.SetUpDone) {
-		logging.Log("SETUP-cWEsn").Info("all steps done")
-		return nil
-	}
-
-	if iam == nil {
-		iam = &iam_model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: s.iamID}}
-	}
-
-	steps, err := setUpConfig.steps(iam.SetUpDone)
-	if err != nil || len(steps) == 0 {
-		return err
-	}
-
-	ctx = setSetUpContextData(ctx, s.iamID)
-
-	for _, step := range steps {
-		step.init(s)
-		if step.step() != iam.SetUpDone+1 {
-			logging.LogWithFields("SETUP-rxRM1", "step", step.step(), "previous", iam.SetUpDone).Warn("wrong step order")
-			return errors.ThrowPreconditionFailed(nil, "SETUP-wwAqO", "too few steps for this zitadel verison")
-		}
-		iam, err = s.IamEvents.StartSetup(ctx, s.iamID, step.step())
-		if err != nil {
-			return err
-		}
-
-		iam, err = step.execute(ctx)
-		if err != nil {
-			return err
-		}
-
-		err = s.validateExecutedStep(ctx)
-		if err != nil {
-			return err
-		}
-	}
-
-	logging.Log("SETUP-ds31h").Info("setup done")
-	return nil
-}
-
-func (s *Setup) validateExecutedStep(ctx context.Context) error {
-	iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
-	if err != nil {
-		return err
-	}
-	if iam.SetUpStarted != iam.SetUpDone {
-		return errors.ThrowInternal(nil, "SETUP-QeukK", "started step is not equal to done")
-	}
-	return nil
-}
-
-func getOIDCResponseTypes(responseTypes []string) []proj_model.OIDCResponseType {
-	types := make([]proj_model.OIDCResponseType, len(responseTypes))
-	for i, t := range responseTypes {
-		types[i] = getOIDCResponseType(t)
-	}
-	return types
-}
-
-func getOIDCResponseType(responseType string) proj_model.OIDCResponseType {
-	switch responseType {
-	case OIDCResponseTypeCode:
-		return proj_model.OIDCResponseTypeCode
-	case OIDCResponseTypeIDToken:
-		return proj_model.OIDCResponseTypeIDToken
-	case OIDCResponseTypeToken:
-		return proj_model.OIDCResponseTypeIDTokenToken
-	}
-	return proj_model.OIDCResponseTypeCode
-}
-
-func getOIDCGrantTypes(grantTypes []string) []proj_model.OIDCGrantType {
-	types := make([]proj_model.OIDCGrantType, len(grantTypes))
-	for i, t := range grantTypes {
-		types[i] = getOIDCGrantType(t)
-	}
-	return types
-}
-
-func getOIDCGrantType(grantTypes string) proj_model.OIDCGrantType {
-	switch grantTypes {
-	case OIDCGrantTypeAuthorizationCode:
-		return proj_model.OIDCGrantTypeAuthorizationCode
-	case OIDCGrantTypeImplicit:
-		return proj_model.OIDCGrantTypeImplicit
-	case OIDCGrantTypeRefreshToken:
-		return proj_model.OIDCGrantTypeRefreshToken
-	}
-	return proj_model.OIDCGrantTypeAuthorizationCode
-}
-
-func getOIDCApplicationType(appType string) proj_model.OIDCApplicationType {
-	switch appType {
-	case OIDCApplicationTypeNative:
-		return proj_model.OIDCApplicationTypeNative
-	case OIDCApplicationTypeUserAgent:
-		return proj_model.OIDCApplicationTypeUserAgent
-	case OIDCApplicationTypeWeb:
-		return proj_model.OIDCApplicationTypeWeb
-	}
-	return proj_model.OIDCApplicationTypeWeb
-}
-
-func getOIDCAuthMethod(authMethod string) proj_model.OIDCAuthMethodType {
-	switch authMethod {
-	case OIDCAuthMethodTypeNone:
-		return proj_model.OIDCAuthMethodTypeNone
-	case OIDCAuthMethodTypeBasic:
-		return proj_model.OIDCAuthMethodTypeBasic
-	case OIDCAuthMethodTypePost:
-		return proj_model.OIDCAuthMethodTypePost
-	}
-	return proj_model.OIDCAuthMethodTypeBasic
-}
-
+//
+//func StartSetup(esConfig es_int.Config, sd systemdefaults.SystemDefaults) (*Setup, error) {
+//	setup := &Setup{
+//		iamID: sd.IamID,
+//	}
+//	es, err := es_int.Start(esConfig)
+//	if err != nil {
+//		return nil, err
+//	}
+//
+//	setup.IamEvents, err = es_iam.StartIAM(es_iam.IAMConfig{
+//		Eventstore: es,
+//		Cache:      esConfig.Cache,
+//	}, sd)
+//	if err != nil {
+//		return nil, err
+//	}
+//
+//	setup.OrgEvents = es_org.StartOrg(es_org.OrgConfig{Eventstore: es, IAMDomain: sd.Domain}, sd)
+//
+//	setup.ProjectEvents, err = es_proj.StartProject(es_proj.ProjectConfig{
+//		Eventstore: es,
+//		Cache:      esConfig.Cache,
+//	}, sd)
+//	if err != nil {
+//		return nil, err
+//	}
+//
+//	setup.UserEvents, err = es_usr.StartUser(es_usr.UserConfig{
+//		Eventstore: es,
+//		Cache:      esConfig.Cache,
+//	}, sd)
+//	if err != nil {
+//		return nil, err
+//	}
+//
+//	return setup, nil
+//}
+//
+//func (s *Setup) Execute(ctx context.Context, setUpConfig IAMSetUp) error {
+//	logging.Log("SETUP-hwG32").Info("starting setup")
+//
+//	iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
+//	if err != nil && !caos_errs.IsNotFound(err) {
+//		return err
+//	}
+//	if iam != nil && (iam.SetUpDone == domain.Step(iam_model.StepCount)-1 || iam.SetUpStarted != iam.SetUpDone) {
+//		logging.Log("SETUP-cWEsn").Info("all steps done")
+//		return nil
+//	}
+//
+//	if iam == nil {
+//		iam = &iam_model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: s.iamID}}
+//	}
+//
+//	steps, err := setUpConfig.steps(iam_model.Step(iam.SetUpDone))
+//	if err != nil || len(steps) == 0 {
+//		return err
+//	}
+//
+//	ctx = setSetUpContextData(ctx, s.iamID)
+//
+//	for _, step := range steps {
+//		step.init(s)
+//		if step.step() != iam_model.Step(iam.SetUpDone)+1 {
+//			logging.LogWithFields("SETUP-rxRM1", "step", step.step(), "previous", iam.SetUpDone).Warn("wrong step order")
+//			return errors.ThrowPreconditionFailed(nil, "SETUP-wwAqO", "too few steps for this zitadel verison")
+//		}
+//		iam, err = s.IamEvents.StartSetup(ctx, s.iamID, step.step())
+//		if err != nil {
+//			return err
+//		}
+//
+//		iam, err = step.execute(ctx)
+//		if err != nil {
+//			return err
+//		}
+//
+//		err = s.validateExecutedStep(ctx)
+//		if err != nil {
+//			return err
+//		}
+//	}
+//
+//	logging.Log("SETUP-ds31h").Info("setup done")
+//	return nil
+//}
+//
+//func (s *Setup) validateExecutedStep(ctx context.Context) error {
+//	iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
+//	if err != nil {
+//		return err
+//	}
+//	if iam.SetUpStarted != iam.SetUpDone {
+//		return errors.ThrowInternal(nil, "SETUP-QeukK", "started step is not equal to done")
+//	}
+//	return nil
+//}
+//
+//func getOIDCResponseTypes(responseTypes []string) []proj_model.OIDCResponseType {
+//	types := make([]proj_model.OIDCResponseType, len(responseTypes))
+//	for i, t := range responseTypes {
+//		types[i] = getOIDCResponseType(t)
+//	}
+//	return types
+//}
+//
+//func getOIDCResponseType(responseType string) proj_model.OIDCResponseType {
+//	switch responseType {
+//	case OIDCResponseTypeCode:
+//		return proj_model.OIDCResponseTypeCode
+//	case OIDCResponseTypeIDToken:
+//		return proj_model.OIDCResponseTypeIDToken
+//	case OIDCResponseTypeToken:
+//		return proj_model.OIDCResponseTypeIDTokenToken
+//	}
+//	return proj_model.OIDCResponseTypeCode
+//}
+//
+//func getOIDCGrantTypes(grantTypes []string) []proj_model.OIDCGrantType {
+//	types := make([]proj_model.OIDCGrantType, len(grantTypes))
+//	for i, t := range grantTypes {
+//		types[i] = getOIDCGrantType(t)
+//	}
+//	return types
+//}
+//
+//func getOIDCGrantType(grantTypes string) proj_model.OIDCGrantType {
+//	switch grantTypes {
+//	case OIDCGrantTypeAuthorizationCode:
+//		return proj_model.OIDCGrantTypeAuthorizationCode
+//	case OIDCGrantTypeImplicit:
+//		return proj_model.OIDCGrantTypeImplicit
+//	case OIDCGrantTypeRefreshToken:
+//		return proj_model.OIDCGrantTypeRefreshToken
+//	}
+//	return proj_model.OIDCGrantTypeAuthorizationCode
+//}
+//
+//func getOIDCApplicationType(appType string) proj_model.OIDCApplicationType {
+//	switch appType {
+//	case OIDCApplicationTypeNative:
+//		return proj_model.OIDCApplicationTypeNative
+//	case OIDCApplicationTypeUserAgent:
+//		return proj_model.OIDCApplicationTypeUserAgent
+//	case OIDCApplicationTypeWeb:
+//		return proj_model.OIDCApplicationTypeWeb
+//	}
+//	return proj_model.OIDCApplicationTypeWeb
+//}
+//
+//func getOIDCAuthMethod(authMethod string) proj_model.OIDCAuthMethodType {
+//	switch authMethod {
+//	case OIDCAuthMethodTypeNone:
+//		return proj_model.OIDCAuthMethodTypeNone
+//	case OIDCAuthMethodTypeBasic:
+//		return proj_model.OIDCAuthMethodTypeBasic
+//	case OIDCAuthMethodTypePost:
+//		return proj_model.OIDCAuthMethodTypePost
+//	}
+//	return proj_model.OIDCAuthMethodTypeBasic
+//}
+//
 func setSetUpContextData(ctx context.Context, orgID string) context.Context {
 	return authz.SetCtxData(ctx, authz.CtxData{UserID: SetupUser, OrgID: orgID})
 }

internal/setup/setup_v2.go

@@ -0,0 +1,104 @@
+package setup
+
+import (
+	"context"
+
+	"github.com/caos/logging"
+
+	"github.com/caos/zitadel/internal/config/systemdefaults"
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	es_int "github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	es_iam "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
+	"github.com/caos/zitadel/internal/v2/command"
+	"github.com/caos/zitadel/internal/v2/domain"
+)
+
+func StartSetupV2(esConfig es_int.Config, sd systemdefaults.SystemDefaults) (*Setup, error) {
+	setup := &Setup{
+		iamID: sd.IamID,
+	}
+	es, err := es_int.Start(esConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	setup.IamEvents, err = es_iam.StartIAM(es_iam.IAMConfig{
+		Eventstore: es,
+		Cache:      esConfig.Cache,
+	}, sd)
+	if err != nil {
+		return nil, err
+	}
+
+	setup.Commands, err = command.StartCommandSide(&command.Config{
+		Eventstore:     es.V2(),
+		SystemDefaults: sd,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return setup, nil
+}
+
+func (s *Setup) ExecuteV2(ctx context.Context, setUpConfig IAMSetUp) error {
+	logging.Log("SETUP-JAK2q").Info("starting setup")
+
+	iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
+	if err != nil && !caos_errs.IsNotFound(err) {
+		return err
+	}
+	if iam != nil && (iam.SetUpDone == domain.StepCount-1 || iam.SetUpStarted != iam.SetUpDone) {
+		logging.Log("SETUP-VA2k1").Info("all steps done")
+		return nil
+	}
+
+	if iam == nil {
+		iam = &iam_model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: s.iamID}}
+	}
+
+	steps, err := setUpConfig.steps(iam_model.Step(iam.SetUpDone))
+	if err != nil || len(steps) == 0 {
+		return err
+	}
+
+	ctx = setSetUpContextData(ctx, s.iamID)
+
+	for _, step := range steps {
+		//step.init(s)
+		if step.step() != iam_model.Step(iam.SetUpDone+1) {
+			logging.LogWithFields("SETUP-rxRM1", "step", step.step(), "previous", iam.SetUpDone).Warn("wrong step order")
+			return caos_errs.ThrowPreconditionFailed(nil, "SETUP-wwAqO", "too few steps for this zitadel verison")
+		}
+		iam, err = s.Commands.StartSetup(ctx, s.iamID, domain.Step(step.step()))
+		if err != nil {
+			return err
+		}
+
+		err = step.execute(ctx, iam.AggregateID, *s.Commands)
+		if err != nil {
+			return err
+		}
+
+		err = s.validateExecutedStep(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	logging.Log("SETUP-ds31h").Info("setup done")
+	return nil
+}
+
+func (s *Setup) validateExecutedStep(ctx context.Context) error {
+	iam, err := s.IamEvents.IAMByID(ctx, s.iamID)
+	if err != nil {
+		return err
+	}
+	if iam.SetUpStarted != iam.SetUpDone {
+		return caos_errs.ThrowInternal(nil, "SETUP-QeukK", "started step is not equal to done")
+	}
+	return nil
+}

internal/setup/step.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/v2/command"
 )
 
 type step interface {
@@ -12,3 +13,9 @@ type step interface {
 	init(*Setup)
 	isNil() bool
 }
+
+type stepV2 interface {
+	step() iam_model.Step
+	execute(context.Context, string, command.CommandSide) error
+	isNil() bool
+}

internal/setup/step1.go

@@ -4,322 +4,287 @@ import (
 	"context"
 
 	"github.com/caos/logging"
-	"github.com/caos/zitadel/internal/api/authz"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	"github.com/caos/zitadel/internal/eventstore/models"
+
 	iam_model "github.com/caos/zitadel/internal/iam/model"
-	org_model "github.com/caos/zitadel/internal/org/model"
-	proj_model "github.com/caos/zitadel/internal/project/model"
-	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/internal/v2/command"
 )
 
 type Step1 struct {
-	GlobalOrg          string
-	IAMProject         string
-	DefaultLoginPolicy LoginPolicy
-	Orgs               []Org
-	Owners             []string
+	//GlobalOrg          string
+	//IAMProject         string
+	//DefaultLoginPolicy LoginPolicy
+	//Orgs               []Org
+	//Owners             []string
+	command.Step1
 
-	setup              *Setup
-	createdUsers       map[string]*usr_model.User
-	createdOrgs        map[string]*org_model.Org
-	createdProjects    map[string]*proj_model.Project
-	pwComplexityPolicy *iam_model.PasswordComplexityPolicyView
+	//setup              *Setup
+	//createdUsers       map[string]*usr_model.User
+	//createdOrgs        map[string]*org_model.Org
+	//createdProjects    map[string]*proj_model.Project
+	//pwComplexityPolicy *iam_model.PasswordComplexityPolicyView
 }
 
 func (s *Step1) isNil() bool {
 	return s == nil
 }
 
-func (step *Step1) step() iam_model.Step {
+func (s *Step1) step() iam_model.Step {
 	return iam_model.Step1
 }
 
-func (step *Step1) init(setup *Setup) {
-	step.setup = setup
-	step.createdUsers = make(map[string]*usr_model.User)
-	step.createdOrgs = make(map[string]*org_model.Org)
-	step.createdProjects = make(map[string]*proj_model.Project)
-}
+//func (s *Step1) init(setup *Setup) {
+//	s.setup = setup
+//	s.createdUsers = make(map[string]*usr_model.User)
+//	s.createdOrgs = make(map[string]*org_model.Org)
+//	s.createdProjects = make(map[string]*proj_model.Project)
+//}
 
-func (step *Step1) execute(ctx context.Context) (*iam_model.IAM, error) {
-	err := step.loginPolicy(ctx, step.DefaultLoginPolicy)
+func (s *Step1) execute(ctx context.Context, iamID string, commands command.CommandSide) error {
+	err := commands.SetupStep1(ctx, iamID, s.Step1)
 	if err != nil {
-		logging.Log("SETUP-Hdu8S").WithError(err).Error("unable to create login policy")
-		return nil, err
-	}
-
-	step.pwComplexityPolicy = new(iam_model.PasswordComplexityPolicyView)
-
-	err = step.orgs(ctx, step.Orgs)
-	if err != nil {
-		logging.Log("SETUP-p4oWq").WithError(err).Error("unable to set up orgs")
-		return nil, err
-	}
-
-	ctx = setSetUpContextData(ctx, step.setup.iamID)
-	err = step.iamOwners(ctx, step.Owners)
-	if err != nil {
-		logging.Log("SETUP-WHr01").WithError(err).Error("unable to set up iam owners")
-		return nil, err
-	}
-
-	err = step.setGlobalOrg(ctx, step.GlobalOrg)
-	if err != nil {
-		logging.Log("SETUP-0874m").WithError(err).Error("unable to set global org")
-		return nil, err
-	}
-
-	err = step.setIamProject(ctx, step.IAMProject)
-	if err != nil {
-		logging.Log("SETUP-kaWjq").WithError(err).Error("unable to set zitadel project")
-		return nil, err
-	}
-
-	iam, err := step.setup.IamEvents.SetupDone(ctx, step.setup.iamID, step.step())
-	if err != nil {
-		logging.Log("SETUP-de342").WithField("step", step.step()).WithError(err).Error("unable to finish setup")
-		return nil, err
-	}
-	return iam, nil
-}
-
-func (step *Step1) loginPolicy(ctx context.Context, policy LoginPolicy) error {
-	logging.Log("SETUP-4djul").Info("setting up login policy")
-	loginPolicy := &iam_model.LoginPolicy{
-		ObjectRoot: models.ObjectRoot{
-			AggregateID: step.setup.iamID,
-		},
-		AllowRegister:         policy.AllowRegister,
-		AllowUsernamePassword: policy.AllowUsernamePassword,
-		AllowExternalIdp:      policy.AllowExternalIdp,
-	}
-	_, err := step.setup.IamEvents.AddLoginPolicy(ctx, loginPolicy)
-	return err
-}
-
-func (step *Step1) orgs(ctx context.Context, orgs []Org) error {
-	logging.Log("SETUP-dsTh3").Info("setting up orgs")
-	for _, iamOrg := range orgs {
-		org, err := step.org(ctx, iamOrg)
-		if err != nil {
-			logging.LogWithFields("SETUP-IlLif", "Org", iamOrg.Name).WithError(err).Error("unable to create org")
-			return err
-		}
-		step.createdOrgs[iamOrg.Name] = org
-		logging.LogWithFields("SETUP-HR2gh", "name", org.Name, "ID", org.AggregateID).Info("created organisation")
-
-		var policy *iam_model.OrgIAMPolicyView
-		if iamOrg.OrgIamPolicy {
-			policy, err = step.iamorgpolicy(ctx, org)
-			if err != nil {
-				logging.LogWithFields("SETUP-IlLif", "Org IAM Policy", iamOrg.Name).WithError(err).Error("unable to create iam org policy")
-				return err
-			}
-		} else {
-			policy = &iam_model.OrgIAMPolicyView{
-				UserLoginMustBeDomain: true,
-			}
-		}
-
-		ctx = setSetUpContextData(ctx, org.AggregateID)
-		err = step.users(ctx, iamOrg.Users, policy)
-		if err != nil {
-			logging.LogWithFields("SETUP-8zfwz", "Org", iamOrg.Name).WithError(err).Error("unable to set up org users")
-			return err
-		}
-
-		err = step.orgOwners(ctx, org, iamOrg.Owners)
-		if err != nil {
-			logging.LogWithFields("SETUP-0874m", "Org", iamOrg.Name).WithError(err).Error("unable to set up org owners")
-			return err
-		}
-
-		err = step.projects(ctx, iamOrg.Projects, step.createdUsers[iamOrg.Owners[0]].AggregateID)
-		if err != nil {
-			logging.LogWithFields("SETUP-wUzqY", "Org", iamOrg.Name).WithError(err).Error("unable to set up org projects")
-			return err
-		}
-	}
-	logging.Log("SETUP-dgjT4").Info("orgs set up")
-	return nil
-}
-
-func (step *Step1) org(ctx context.Context, org Org) (*org_model.Org, error) {
-	ctx = setSetUpContextData(ctx, "")
-	createOrg := &org_model.Org{
-		Name:    org.Name,
-		Domains: []*org_model.OrgDomain{{Domain: org.Domain}},
-	}
-	return step.setup.OrgEvents.CreateOrg(ctx, createOrg, nil)
-}
-
-func (step *Step1) iamorgpolicy(ctx context.Context, org *org_model.Org) (*iam_model.OrgIAMPolicyView, error) {
-	ctx = setSetUpContextData(ctx, org.AggregateID)
-	policy := &iam_model.OrgIAMPolicy{
-		ObjectRoot:            models.ObjectRoot{AggregateID: org.AggregateID},
-		UserLoginMustBeDomain: false,
-	}
-	createdpolicy, err := step.setup.OrgEvents.AddOrgIAMPolicy(ctx, policy)
-	if err != nil {
-		return nil, err
-	}
-	return &iam_model.OrgIAMPolicyView{
-		AggregateID:           org.AggregateID,
-		UserLoginMustBeDomain: createdpolicy.UserLoginMustBeDomain,
-	}, nil
-}
-
-func (step *Step1) iamOwners(ctx context.Context, owners []string) error {
-	logging.Log("SETUP-dtxfj").Info("setting iam owners")
-	for _, iamOwner := range owners {
-		user, ok := step.createdUsers[iamOwner]
-		if !ok {
-			logging.LogWithFields("SETUP-8siew", "Owner", iamOwner).Error("unable to add user to iam members")
-			return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-su6L3", "unable to add user to iam members")
-		}
-		_, err := step.setup.IamEvents.AddIAMMember(ctx, &iam_model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: step.setup.iamID}, UserID: user.AggregateID, Roles: []string{"IAM_OWNER"}})
-		if err != nil {
-			logging.Log("SETUP-LM7rI").WithError(err).Error("unable to add iam administrator to iam members as owner")
-			return err
-		}
-	}
-	logging.Log("SETUP-fg5aq").Info("iam owners set")
-	return nil
-}
-
-func (step *Step1) setGlobalOrg(ctx context.Context, globalOrgName string) error {
-	logging.Log("SETUP-dsj75").Info("setting global org")
-	globalOrg, ok := step.createdOrgs[globalOrgName]
-	if !ok {
-		logging.LogWithFields("SETUP-FBhs9", "GlobalOrg", globalOrgName).Error("global org not created")
-		return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-4GwU7", "global org not created: %v", globalOrgName)
-	}
-
-	if _, err := step.setup.IamEvents.SetGlobalOrg(ctx, step.setup.iamID, globalOrg.AggregateID); err != nil {
-		logging.Log("SETUP-uGMA3").WithError(err).Error("unable to set global org on iam")
+		logging.Log("SETUP-de342").WithField("step", s.step()).WithError(err).Error("unable to finish setup")
 		return err
 	}
-	logging.Log("SETUP-d32h1").Info("global org set")
 	return nil
 }
 
-func (step *Step1) setIamProject(ctx context.Context, iamProjectName string) error {
-	logging.Log("SETUP-HE3qa").Info("setting iam project")
-	iamProject, ok := step.createdProjects[iamProjectName]
-	if !ok {
-		logging.LogWithFields("SETUP-SJFWP", "IAM Project", iamProjectName).Error("iam project created")
-		return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-sGmQt", "iam project not created: %v", iamProjectName)
-	}
-
-	if _, err := step.setup.IamEvents.SetIAMProject(ctx, step.setup.iamID, iamProject.AggregateID); err != nil {
-		logging.Log("SETUP-i1pNh").WithError(err).Error("unable to set iam project on iam")
-		return err
-	}
-	logging.Log("SETUP-d7WEU").Info("iam project set")
-	return nil
-}
-
-func (step *Step1) users(ctx context.Context, users []User, orgPolicy *iam_model.OrgIAMPolicyView) error {
-	for _, user := range users {
-		created, err := step.user(ctx, user, orgPolicy)
-		if err != nil {
-			logging.LogWithFields("SETUP-9soer", "Email", user.Email).WithError(err).Error("unable to create iam user")
-			return err
-		}
-		step.createdUsers[user.Email] = created
-	}
-	return nil
-}
-
-func (step *Step1) user(ctx context.Context, user User, orgPolicy *iam_model.OrgIAMPolicyView) (*usr_model.User, error) {
-	createUser := &usr_model.User{
-		UserName: user.UserName,
-		Human: &usr_model.Human{
-			Profile: &usr_model.Profile{
-				FirstName: user.FirstName,
-				LastName:  user.LastName,
-			},
-			Email: &usr_model.Email{
-				EmailAddress:    user.Email,
-				IsEmailVerified: true,
-			},
-			Password: &usr_model.Password{
-				SecretString: user.Password,
-			},
-		},
-	}
-	return step.setup.UserEvents.CreateUser(ctx, createUser, step.pwComplexityPolicy, orgPolicy)
-}
-
-func (step *Step1) orgOwners(ctx context.Context, org *org_model.Org, owners []string) error {
-	for _, orgOwner := range owners {
-		user, ok := step.createdUsers[orgOwner]
-		if !ok {
-			logging.LogWithFields("SETUP-s9ilr", "Owner", orgOwner).Error("unable to add user to org members")
-			return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-s0prs", "unable to add user to org members: %v", orgOwner)
-		}
-		err := step.orgOwner(ctx, org, user)
-		if err != nil {
-			logging.Log("SETUP-s90oe").WithError(err).Error("unable to add global org admin to members of global org")
-			return err
-		}
-	}
-	return nil
-}
-
-func (step *Step1) orgOwner(ctx context.Context, org *org_model.Org, user *usr_model.User) error {
-	addMember := &org_model.OrgMember{
-		ObjectRoot: models.ObjectRoot{AggregateID: org.AggregateID},
-		UserID:     user.AggregateID,
-		Roles:      []string{OrgOwnerRole},
-	}
-	_, err := step.setup.OrgEvents.AddOrgMember(ctx, addMember)
-	return err
-}
-
-func (step *Step1) projects(ctx context.Context, projects []Project, ownerID string) error {
-	ctxData := authz.GetCtxData(ctx)
-	ctxData.UserID = ownerID
-	projectCtx := authz.SetCtxData(ctx, ctxData)
-
-	for _, project := range projects {
-		createdProject, err := step.project(projectCtx, project)
-		if err != nil {
-			return err
-		}
-		step.createdProjects[createdProject.Name] = createdProject
-		for _, oidc := range project.OIDCApps {
-			app, err := step.oidcApp(ctx, createdProject, oidc)
-			if err != nil {
-				return err
-			}
-			logging.LogWithFields("SETUP-asd32f", "name", app.Name, "clientID", app.OIDCConfig.ClientID).Info("created OIDC application")
-		}
-	}
-	return nil
-}
-
-func (step *Step1) project(ctx context.Context, project Project) (*proj_model.Project, error) {
-	addProject := &proj_model.Project{
-		Name: project.Name,
-	}
-	return step.setup.ProjectEvents.CreateProject(ctx, addProject, false)
-}
-
-func (step *Step1) oidcApp(ctx context.Context, project *proj_model.Project, oidc OIDCApp) (*proj_model.Application, error) {
-	addOIDCApp := &proj_model.Application{
-		ObjectRoot: models.ObjectRoot{AggregateID: project.AggregateID},
-		Name:       oidc.Name,
-		OIDCConfig: &proj_model.OIDCConfig{
-			RedirectUris:           oidc.RedirectUris,
-			ResponseTypes:          getOIDCResponseTypes(oidc.ResponseTypes),
-			GrantTypes:             getOIDCGrantTypes(oidc.GrantTypes),
-			ApplicationType:        getOIDCApplicationType(oidc.ApplicationType),
-			AuthMethodType:         getOIDCAuthMethod(oidc.AuthMethodType),
-			PostLogoutRedirectUris: oidc.PostLogoutRedirectUris,
-			DevMode:                oidc.DevMode,
-		},
-	}
-	return step.setup.ProjectEvents.AddApplication(ctx, addOIDCApp)
-}
+//
+//func (step *Step1) loginPolicy(ctx context.Context, policy LoginPolicy) error {
+//	logging.Log("SETUP-4djul").Info("setting up login policy")
+//	loginPolicy := &iam_model.LoginPolicy{
+//		ObjectRoot: models.ObjectRoot{
+//			AggregateID: step.setup.iamID,
+//		},
+//		AllowRegister:         policy.AllowRegister,
+//		AllowUsernamePassword: policy.AllowUsernamePassword,
+//		AllowExternalIdp:      policy.AllowExternalIdp,
+//	}
+//	_, err := step.setup.Commands.AddDefaultLoginPolicy(ctx, loginPolicy)
+//	return err
+//}
+//
+//func (step *Step1) orgs(ctx context.Context, orgs []Org) error {
+//	logging.Log("SETUP-dsTh3").Info("setting up orgs")
+//	for _, iamOrg := range orgs {
+//		org, err := step.org(ctx, iamOrg)
+//		if err != nil {
+//			logging.LogWithFields("SETUP-IlLif", "Org", iamOrg.Name).WithError(err).Error("unable to create org")
+//			return err
+//		}
+//		step.createdOrgs[iamOrg.Name] = org
+//		logging.LogWithFields("SETUP-HR2gh", "name", org.Name, "ID", org.AggregateID).Info("created organisation")
+//
+//		var policy *iam_model.OrgIAMPolicyView
+//		if iamOrg.OrgIamPolicy {
+//			policy, err = step.iamorgpolicy(ctx, org)
+//			if err != nil {
+//				logging.LogWithFields("SETUP-IlLif", "Org IAM Policy", iamOrg.Name).WithError(err).Error("unable to create iam org policy")
+//				return err
+//			}
+//		} else {
+//			policy = &iam_model.OrgIAMPolicyView{
+//				UserLoginMustBeDomain: true,
+//			}
+//		}
+//
+//		ctx = setSetUpContextData(ctx, org.AggregateID)
+//		err = step.users(ctx, iamOrg.Users, policy)
+//		if err != nil {
+//			logging.LogWithFields("SETUP-8zfwz", "Org", iamOrg.Name).WithError(err).Error("unable to set up org users")
+//			return err
+//		}
+//
+//		err = step.orgOwners(ctx, org, iamOrg.Owners)
+//		if err != nil {
+//			logging.LogWithFields("SETUP-0874m", "Org", iamOrg.Name).WithError(err).Error("unable to set up org owners")
+//			return err
+//		}
+//
+//		err = step.projects(ctx, iamOrg.Projects, step.createdUsers[iamOrg.Owners[0]].AggregateID)
+//		if err != nil {
+//			logging.LogWithFields("SETUP-wUzqY", "Org", iamOrg.Name).WithError(err).Error("unable to set up org projects")
+//			return err
+//		}
+//	}
+//	logging.Log("SETUP-dgjT4").Info("orgs set up")
+//	return nil
+//}
+//
+//func (step *Step1) org(ctx context.Context, org Org) (*org_model.Org, error) {
+//	ctx = setSetUpContextData(ctx, "")
+//	createOrg := &org_model.Org{
+//		Name:    org.Name,
+//		Domains: []*org_model.OrgDomain{{Domain: org.Domain}},
+//	}
+//	return step.setup.OrgEvents.CreateOrg(ctx, createOrg, nil)
+//}
+//
+//func (step *Step1) iamorgpolicy(ctx context.Context, org *org_model.Org) (*iam_model.OrgIAMPolicyView, error) {
+//	ctx = setSetUpContextData(ctx, org.AggregateID)
+//	policy := &iam_model.OrgIAMPolicy{
+//		ObjectRoot:            models.ObjectRoot{AggregateID: org.AggregateID},
+//		UserLoginMustBeDomain: false,
+//	}
+//	createdpolicy, err := step.setup.OrgEvents.AddOrgIAMPolicy(ctx, policy)
+//	if err != nil {
+//		return nil, err
+//	}
+//	return &iam_model.OrgIAMPolicyView{
+//		AggregateID:           org.AggregateID,
+//		UserLoginMustBeDomain: createdpolicy.UserLoginMustBeDomain,
+//	}, nil
+//}
+//
+//func (step *Step1) iamOwners(ctx context.Context, owners []string) error {
+//	logging.Log("SETUP-dtxfj").Info("setting iam owners")
+//	for _, iamOwner := range owners {
+//		user, ok := step.createdUsers[iamOwner]
+//		if !ok {
+//			logging.LogWithFields("SETUP-8siew", "Owner", iamOwner).Error("unable to add user to iam members")
+//			return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-su6L3", "unable to add user to iam members")
+//		}
+//		_, err := step.setup.Commands.AddIAMMember(ctx, &iam_model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: step.setup.iamID}, UserID: user.AggregateID, Roles: []string{"IAM_OWNER"}})
+//		if err != nil {
+//			logging.Log("SETUP-LM7rI").WithError(err).Error("unable to add iam administrator to iam members as owner")
+//			return err
+//		}
+//	}
+//	logging.Log("SETUP-fg5aq").Info("iam owners set")
+//	return nil
+//}
+//
+//func (step *Step1) setGlobalOrg(ctx context.Context, globalOrgName string) error {
+//	logging.Log("SETUP-dsj75").Info("setting global org")
+//	globalOrg, ok := step.createdOrgs[globalOrgName]
+//	if !ok {
+//		logging.LogWithFields("SETUP-FBhs9", "GlobalOrg", globalOrgName).Error("global org not created")
+//		return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-4GwU7", "global org not created: %v", globalOrgName)
+//	}
+//
+//	if _, err := step.setup.IamEvents.SetGlobalOrg(ctx, step.setup.iamID, globalOrg.AggregateID); err != nil {
+//		logging.Log("SETUP-uGMA3").WithError(err).Error("unable to set global org on iam")
+//		return err
+//	}
+//	logging.Log("SETUP-d32h1").Info("global org set")
+//	return nil
+//}
+//
+//func (step *Step1) setIamProject(ctx context.Context, iamProjectName string) error {
+//	logging.Log("SETUP-HE3qa").Info("setting iam project")
+//	iamProject, ok := step.createdProjects[iamProjectName]
+//	if !ok {
+//		logging.LogWithFields("SETUP-SJFWP", "IAM Project", iamProjectName).Error("iam project created")
+//		return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-sGmQt", "iam project not created: %v", iamProjectName)
+//	}
+//
+//	if _, err := step.setup.IamEvents.SetIAMProject(ctx, step.setup.iamID, iamProject.AggregateID); err != nil {
+//		logging.Log("SETUP-i1pNh").WithError(err).Error("unable to set iam project on iam")
+//		return err
+//	}
+//	logging.Log("SETUP-d7WEU").Info("iam project set")
+//	return nil
+//}
+//
+//func (step *Step1) users(ctx context.Context, users []User, orgPolicy *iam_model.OrgIAMPolicyView) error {
+//	for _, user := range users {
+//		created, err := step.user(ctx, user, orgPolicy)
+//		if err != nil {
+//			logging.LogWithFields("SETUP-9soer", "Email", user.Email).WithError(err).Error("unable to create iam user")
+//			return err
+//		}
+//		step.createdUsers[user.Email] = created
+//	}
+//	return nil
+//}
+//
+//func (step *Step1) user(ctx context.Context, user User, orgPolicy *iam_model.OrgIAMPolicyView) (*usr_model.User, error) {
+//	createUser := &usr_model.User{
+//		UserName: user.UserName,
+//		Human: &usr_model.Human{
+//			Profile: &usr_model.Profile{
+//				FirstName: user.FirstName,
+//				LastName:  user.LastName,
+//			},
+//			Email: &usr_model.Email{
+//				EmailAddress:    user.Email,
+//				IsEmailVerified: true,
+//			},
+//			Password: &usr_model.Password{
+//				SecretString: user.Password,
+//			},
+//		},
+//	}
+//	return step.setup.UserEvents.CreateUser(ctx, createUser, step.pwComplexityPolicy, orgPolicy)
+//}
+//
+//func (step *Step1) orgOwners(ctx context.Context, org *org_model.Org, owners []string) error {
+//	for _, orgOwner := range owners {
+//		user, ok := step.createdUsers[orgOwner]
+//		if !ok {
+//			logging.LogWithFields("SETUP-s9ilr", "Owner", orgOwner).Error("unable to add user to org members")
+//			return caos_errs.ThrowPreconditionFailedf(nil, "SETUP-s0prs", "unable to add user to org members: %v", orgOwner)
+//		}
+//		err := step.orgOwner(ctx, org, user)
+//		if err != nil {
+//			logging.Log("SETUP-s90oe").WithError(err).Error("unable to add global org admin to members of global org")
+//			return err
+//		}
+//	}
+//	return nil
+//}
+//
+//func (step *Step1) orgOwner(ctx context.Context, org *org_model.Org, user *usr_model.User) error {
+//	addMember := &org_model.OrgMember{
+//		ObjectRoot: models.ObjectRoot{AggregateID: org.AggregateID},
+//		UserID:     user.AggregateID,
+//		Roles:      []string{OrgOwnerRole},
+//	}
+//	_, err := step.setup.OrgEvents.AddOrgMember(ctx, addMember)
+//	return err
+//}
+//
+//func (step *Step1) projects(ctx context.Context, projects []Project, ownerID string) error {
+//	ctxData := authz.GetCtxData(ctx)
+//	ctxData.UserID = ownerID
+//	projectCtx := authz.SetCtxData(ctx, ctxData)
+//
+//	for _, project := range projects {
+//		createdProject, err := step.project(projectCtx, project)
+//		if err != nil {
+//			return err
+//		}
+//		step.createdProjects[createdProject.Name] = createdProject
+//		for _, oidc := range project.OIDCApps {
+//			app, err := step.oidcApp(ctx, createdProject, oidc)
+//			if err != nil {
+//				return err
+//			}
+//			logging.LogWithFields("SETUP-asd32f", "name", app.Name, "clientID", app.OIDCConfig.ClientID).Info("created OIDC application")
+//		}
+//	}
+//	return nil
+//}
+//
+//func (step *Step1) project(ctx context.Context, project Project) (*proj_model.Project, error) {
+//	addProject := &proj_model.Project{
+//		Name: project.Name,
+//	}
+//	return step.setup.ProjectEvents.CreateProject(ctx, addProject, false)
+//}
+//
+//func (step *Step1) oidcApp(ctx context.Context, project *proj_model.Project, oidc OIDCApp) (*proj_model.Application, error) {
+//	addOIDCApp := &proj_model.Application{
+//		ObjectRoot: models.ObjectRoot{AggregateID: project.AggregateID},
+//		Name:       oidc.Name,
+//		OIDCConfig: &proj_model.OIDCConfig{
+//			RedirectUris:           oidc.RedirectUris,
+//			ResponseTypes:          getOIDCResponseTypes(oidc.ResponseTypes),
+//			GrantTypes:             getOIDCGrantTypes(oidc.GrantTypes),
+//			ApplicationType:        getOIDCApplicationType(oidc.ApplicationType),
+//			AuthMethodType:         getOIDCAuthMethod(oidc.AuthMethodType),
+//			PostLogoutRedirectUris: oidc.PostLogoutRedirectUris,
+//			DevMode:                oidc.DevMode,
+//		},
+//	}
+//	return step.setup.ProjectEvents.AddApplication(ctx, addOIDCApp)
+//}

internal/setup/step2.go

@@ -2,11 +2,13 @@ package setup
 
 import (
 	"context"
+
 	"github.com/caos/logging"
+
 	"github.com/caos/zitadel/internal/eventstore/models"
-	es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
 	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/v2/command"
 )
 
 type Step2 struct {
@@ -27,23 +29,25 @@ func (step *Step2) init(setup *Setup) {
 	step.setup = setup
 }
 
-func (step *Step2) execute(ctx context.Context) (*iam_model.IAM, error) {
-	iam, agg, err := step.passwordComplexityPolicy(ctx, &step.DefaultPasswordComplexityPolicy)
-	if err != nil {
-		logging.Log("SETUP-Ms9fl").WithField("step", step.step()).WithError(err).Error("unable to finish setup (pw complexity policy)")
-		return nil, err
-	}
-	iam, agg, push, err := step.setup.IamEvents.PrepareSetupDone(ctx, iam, agg, step.step())
-	if err != nil {
-		logging.Log("SETUP-V8sui").WithField("step", step.step()).WithError(err).Error("unable to finish setup (prepare setup done)")
-		return nil, err
-	}
-	err = es_sdk.PushAggregates(ctx, push, iam.AppendEvents, agg)
-	if err != nil {
-		logging.Log("SETUP-V8sui").WithField("step", step.step()).WithError(err).Error("unable to finish setup")
-		return nil, err
-	}
-	return iam_es_model.IAMToModel(iam), nil
+func (step *Step2) execute(ctx context.Context, commands command.CommandSide) error {
+	//commands.SetupStep2(ctx, )
+	//iam, agg, err := step.passwordComplexityPolicy(ctx, &step.DefaultPasswordComplexityPolicy)
+	//if err != nil {
+	//	logging.Log("SETUP-Ms9fl").WithField("step", step.step()).WithError(err).Error("unable to finish setup (pw complexity policy)")
+	//	return nil, err
+	//}
+	//iam, agg, push, err := step.setup.IamEvents.PrepareSetupDone(ctx, iam, agg, step.step())
+	//if err != nil {
+	//	logging.Log("SETUP-V8sui").WithField("step", step.step()).WithError(err).Error("unable to finish setup (prepare setup done)")
+	//	return nil, err
+	//}
+	//err = es_sdk.PushAggregates(ctx, push, iam.AppendEvents, agg)
+	//if err != nil {
+	//	logging.Log("SETUP-V8sui").WithField("step", step.step()).WithError(err).Error("unable to finish setup")
+	//	return nil, err
+	//}
+	//return iam_es_model.IAMToModel(iam), nil
+	return nil
 }
 
 func (step *Step2) passwordComplexityPolicy(ctx context.Context, policy *iam_model.PasswordComplexityPolicy) (*iam_es_model.IAM, *models.Aggregate, error) {