feat: split users into human and machine (#470)

* feat(management): service accounts

* chore: current go version

* init

* refactor: apis

* feat(internal): start impl of service account

* chore: start impl of machine/human users

* code compiles

* fix: tests

* fix: tests

* fix: add new event types to switches

* chore: add cases to event types

* fix(management): definitive proto messages

* fix: machine/human

* fix: add missing tables as todos

* fix: remove unused permissions

* fix: refactoring

* fix: refactor

* fix: human registered

* fix: user id

* fix: logid

* fix: proto remove //equal

* chore(management): remove no comment

* fix: human mfas

* fix: user subobjects

* chore: rename existing to better name

* fix: username in user (#634)

* fix: username in user

* fix: username

* fix remove unused code

* fix add validations

* fix: use new user in all apis

* fix: regexp for username in api

* fix: fill user data for human and machine (#638)

* fix: fill Display name grant/member handlers
fix: add description to grant/member objects in api
fix: check if user is human in login

* fix: remove description from member and grant

* chore: remove todos

* feat: machine keys

* fix: implement missing parts

* feat: machine key management view

* fix: remove keys from machine view

* fix: set default expiration date

* fix: get key by ids

* feat: add machine keys in proto

* feat: machine keys

* fix: add migration

* fix: mig

* fix: correct method name

* feat: user search

* feat: user search

* fix: log ids

* fix partial authconfig prompt, domain c perm

* membership read check

* contributor refresh trigger, observe org write

* fix: migrations

* fix(console): machine build (#660)

* frontend 1

* fix html bindings

* trailing comma

* user permissions, project deactivate

* fix(console): human view (#661)

* fix search user view, user detail form

* rm log

* feat(console): user services list and create (#663)

* fix search user view, user detail form

* rm log

* machine list

* generic table component

* create user service

* proove table for undefined values

* tmp disable user link if machine

* lint

* lint styles

* user table lint

* Update console/src/assets/i18n/de.json

Co-authored-by: Florian Forster <florian@caos.ch>

* feat(console): service user detail view, keys cr_d, fix search user autocomplete (#664)

* service users for sidenav, routing

* i18n

* back routes

* machine detail form

* update machine detail, fix svc user grants

* keys table

* add key dialog, timestamp creation

* check permission on create, delete, fix selection

* lint ts, scss

* Update console/src/assets/i18n/de.json

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@caos.ch>

* allow user grants for project.write

* management service

* fix mgmt service

* feat: Machine keys (#655)

* fix: memberships (#633)

* feat: add iam members to memberships

* fix: search project grants

* fix: rename

* feat: idp and login policy configurations (#619)

* feat: oidc config

* fix: oidc configurations

* feat: oidc idp config

* feat: add oidc config test

* fix: tests

* fix: tests

* feat: translate new events

* feat: idp eventstore

* feat: idp eventstore

* fix: tests

* feat: command side idp

* feat: query side idp

* feat: idp config on org

* fix: tests

* feat: authz idp on org

* feat: org idps

* feat: login policy

* feat: login policy

* feat: login policy

* feat: add idp func on login policy

* feat: add validation to loginpolicy and idp provider

* feat: add default login policy

* feat: login policy on org

* feat: login policy on org

* fix: id config handlers

* fix: id config handlers

* fix: create idp on org

* fix: create idp on org

* fix: not existing idp config

* fix: default login policy

* fix: add login policy on org

* fix: idp provider search on org

* fix: test

* fix: remove idp on org

* fix: test

* fix: test

* fix: remove admin idp

* fix: logo src as byte

* fix: migration

* fix: tests

* Update internal/iam/repository/eventsourcing/iam.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/iam_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/org/repository/eventsourcing/org_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* Update internal/iam/repository/eventsourcing/model/login_policy_test.go

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix: pr comments

* fix: tests

* Update types.go

* fix: merge request changes

* fix: reduce optimization

Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix: reread user mfas, preferred loginname as otp account name (#636)

* fix: reread user mfas

* fix: use preferred login name as otp account name

* fix: tests

* fix: reduce (#635)

* fix: management reduce optimization

* fix: reduce optimization

* fix: reduce optimization

* fix: merge master

* chore(deps): bump github.com/gorilla/schema from 1.1.0 to 1.2.0 (#627)

Bumps [github.com/gorilla/schema](https://github.com/gorilla/schema) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/gorilla/schema/releases)
- [Commits](https://github.com/gorilla/schema/compare/v1.1.0...v1.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/gorilla/mux from 1.7.4 to 1.8.0 (#624)

Bumps [github.com/gorilla/mux](https://github.com/gorilla/mux) from 1.7.4 to 1.8.0.
- [Release notes](https://github.com/gorilla/mux/releases)
- [Commits](https://github.com/gorilla/mux/compare/v1.7.4...v1.8.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/DATA-DOG/go-sqlmock from 1.4.1 to 1.5.0 (#591)

Bumps [github.com/DATA-DOG/go-sqlmock](https://github.com/DATA-DOG/go-sqlmock) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/DATA-DOG/go-sqlmock/releases)
- [Commits](https://github.com/DATA-DOG/go-sqlmock/compare/v1.4.1...v1.5.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: auto assign issues and PR to ZTIADEL project board (#643)

* Create main.yml

* Update main.yml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* fix(console): project grant members, update deps (#645)

* fix: searchprojectgrantmembers

* chore(deps-dev): bump @angular/cli from 10.0.6 to 10.0.7 in /console (#622)

Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.0.6 to 10.0.7.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.0.6...v10.0.7)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump @angular-devkit/build-angular in /console (#626)

Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.6 to 0.1000.7.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>

* chore(deps-dev): bump @types/jasmine from 3.5.12 to 3.5.13 in /console (#623)

Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.5.12 to 3.5.13.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump ts-node from 8.10.2 to 9.0.0 in /console (#629)

Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.10.2 to 9.0.0.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](https://github.com/TypeStrong/ts-node/compare/v8.10.2...v9.0.0)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update packlock

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: delete main.yml (#648)

* fix: usergrant (#650)

* fix(console): mfa refresh after verification, member eventemitter (#651)

* refresh mfa

* fix: detail link from contributors

* lint

* feat: add domain verification notification (#649)

* fix: dont (re)generate client secret with auth type none

* fix(cors): allow Origin from request

* feat: add origin allow list and fix some core issues

* rename migration

* fix UserIDsByDomain

* feat: send email to users after domain claim

* username

* check origin on userinfo

* update oidc pkg

* fix: add migration 1.6

* change username

* change username

* remove unique email aggregate

* change username in mgmt

* search global user by login name

* fix test

* change user search in angular

* fix tests

* merge

* userview in angular

* fix merge

* Update pkg/grpc/management/proto/management.proto

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* Update internal/notification/static/i18n/de.yaml

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>

* fix: translation (#647)

* fix: translation

* fix: translation

* fix: translation

* fix: remove unused code

* fix: log err

* fix: migration numbers (#652)

* chore: issue / feature templates (#642)

* feat: machine keys

* fix: implement missing parts

* feat: machine key management view

* fix: remove keys from machine view

* feat: global org read (#657)

* fix: set default expiration date

* fix: get key by ids

* feat: add machine keys in proto

* feat: machine keys

* fix: add migration

* fix: mig

* fix: correct method name

* feat: user search

* feat: user search

* fix: log ids

* fix: migrations

* fix(console): machine build (#660)

* frontend 1

* fix html bindings

* trailing comma

* fix(console): human view (#661)

* fix search user view, user detail form

* rm log

* feat(console): user services list and create (#663)

* fix search user view, user detail form

* rm log

* machine list

* generic table component

* create user service

* proove table for undefined values

* tmp disable user link if machine

* lint

* lint styles

* user table lint

* Update console/src/assets/i18n/de.json

Co-authored-by: Florian Forster <florian@caos.ch>

* feat(console): service user detail view, keys cr_d, fix search user autocomplete (#664)

* service users for sidenav, routing

* i18n

* back routes

* machine detail form

* update machine detail, fix svc user grants

* keys table

* add key dialog, timestamp creation

* check permission on create, delete, fix selection

* lint ts, scss

* Update console/src/assets/i18n/de.json

* Apply suggestions from code review

Co-authored-by: Florian Forster <florian@caos.ch>

* refactor: protos

* fix(management): key expiration date

* fix: check if user is human

* fix: marshal key details

* fix: correct generate login names

* fix: logid

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>

* fix: naming

* refactor: findings

* fix: username

* fix: mfa upper case

* fix: tests

* fix: add translations

* reactivatemyorg req typeö

* fix: projectType for console

* fix: user changes

* fix: translate events

* fix: event type translation

* fix: remove unused types

Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

cmd/zitadel/system-defaults.yaml

@@ -44,6 +44,7 @@ SystemDefaults:
       IncludeUpperLetters: true
       IncludeDigits: true
       IncludeSymbols: false
+    MachineKeySize: 2048
   Multifactors:
     OTP:
       Issuer: 'Zitadel'

console/src/app/app-routing.module.ts

@@ -34,7 +34,7 @@ const routes: Routes = [
         canActivate: [AuthGuard],
         children: [
             {
-                path: 'all',
+                path: 'list',
                 loadChildren: () => import('src/app/pages/users/user-list/user-list.module')
                     .then(m => m.UserListModule),
                 canActivate: [RoleGuard],

console/src/app/app.component.html

@@ -117,9 +117,16 @@
                                 </div>
 
                                 <a @navitem class="nav-item" [routerLinkActive]="['active']"
-                                    [routerLink]="[ '/users/all']" [routerLinkActiveOptions]="{ exact: true }">
+                                    [routerLink]="[ '/users/list/humans']" [routerLinkActiveOptions]="{ exact: true }">
-                                    <i class="icon las la-users"></i>
+                                    <i class="icon las la-user-friends"></i>
-                                    <span class="label">{{ 'MENU.USER' | translate }}</span>
+                                    <span class="label">{{ 'MENU.HUMANUSERS' | translate }}</span>
+                                </a>
+
+                                <a @navitem class="nav-item" [routerLinkActive]="['active']"
+                                    [routerLink]="[ '/users/list/machines']"
+                                    [routerLinkActiveOptions]="{ exact: true }">
+                                    <i class="icon las la-users-cog"></i>
+                                    <span class="label">{{ 'MENU.MACHINEUSERS' | translate }}</span>
                                 </a>
                             </ng-template>
                         </div>

console/src/app/app.module.ts

@@ -5,6 +5,7 @@ import localeDe from '@angular/common/locales/de';
 import { APP_INITIALIZER, NgModule } from '@angular/core';
 import { MatButtonModule } from '@angular/material/button';
 import { MatCardModule } from '@angular/material/card';
+import { MatNativeDateModule } from '@angular/material/core';
 import { MatDialogModule } from '@angular/material/dialog';
 import { MatIconModule } from '@angular/material/icon';
 import { MatMenuModule } from '@angular/material/menu';
@@ -90,6 +91,7 @@ const authConfig: AuthConfig = {
                 deps: [HttpClient],
             },
         }),
+        MatNativeDateModule,
         QuicklinkModule,
         AccountsCardModule,
         HasRoleModule,

console/src/app/modules/accounts-card/accounts-card.component.html

@@ -3,7 +3,7 @@
         [name]="profile.displayName ? profile.displayName : (profile.firstName + ' '+ profile.lastName)" [size]="80">
     </app-avatar>
 
-    <span class="u-name">{{profile.displayName ? profile.displayName : profile.userName}}</span>
+    <span class="u-name">{{profile.displayName ? profile.displayName : profile.preferredLoginName}}</span>
     <span class="u-email">{{profile?.preferredLoginName}}</span>
     <span class="iamuser" *ngIf="iamuser">IAM USER</span>
 

console/src/app/modules/search-user-autocomplete/search-user-autocomplete.component.html

@@ -8,7 +8,9 @@
         <mat-chip-list *ngIf="!singleOutput" #chipList aria-label="loginname selection">
             <mat-chip class="chip" *ngFor="let selecteduser of users" [selectable]="selectable" [removable]="removable"
                 (removed)="remove(selecteduser)">
-                {{ selecteduser?.firstName }} {{selecteduser.lastName}} | <small> {{selecteduser.preferredLoginName}}</small>
+                {{ selecteduser?.human ? (selecteduser.human.firstName + ' ' + selecteduser.human.lastName) : selecteduser?.machine?.name}}
+                | <small>
+                    {{selecteduser.preferredLoginName}}</small>
                 <mat-icon matChipRemove *ngIf="removable">cancel</mat-icon>
             </mat-chip>
             <input placeholder="{{'ORG_DETAIL.MEMBER.LOGINNAME' | translate}}" #usernameInput [formControl]="myControl"
@@ -22,7 +24,7 @@
                 <mat-spinner diameter="30"></mat-spinner>
             </mat-option>
             <mat-option *ngFor="let user of filteredUsers" [value]="user">
-                {{user.firstName}} {{user.lastName}}
+                {{user.human? user.human.firstName : user.machine?.name}}
                 <small>{{user.preferredLoginName}}</small>
             </mat-option>
         </mat-autocomplete>

console/src/app/modules/user-grants/user-grants.component.ts

@@ -84,6 +84,9 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
             default:
                 this.routerLink = ['/grant-create'];
         }
+
+        console.log(this.routerLink);
+
         this.dataSource.loadGrants(this.context, 0, 25, {
             projectId: this.projectId,
             grantId: this.grantId,

console/src/app/pages/home/home.component.html

@@ -86,7 +86,7 @@
                 <span class="fill-space"></span>
                 <div class="footer">
                     <a color="primary" mat-stroked-button
-                        [routerLink]="['/users/all']">{{'HOME.USERS_BUTTON' | translate}}</a>
+                        [routerLink]="['/users/list/humans']">{{'HOME.USERS_BUTTON' | translate}}</a>
                 </div>
             </app-card>
         </ng-template>

console/src/app/pages/iam/iam-members/iam-members.component.ts

@@ -7,7 +7,7 @@ import { MatTable } from '@angular/material/table';
 import { tap } from 'rxjs/operators';
 import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component';
 import { IamMember, IamMemberView } from 'src/app/proto/generated/admin_pb';
-import { ProjectMember, ProjectType, User } from 'src/app/proto/generated/management_pb';
+import { ProjectMember, ProjectType, UserView } from 'src/app/proto/generated/management_pb';
 import { AdminService } from 'src/app/services/admin.service';
 import { ToastService } from 'src/app/services/toast.service';
 
@@ -112,7 +112,7 @@ export class IamMembersComponent implements AfterViewInit {
 
         dialogRef.afterClosed().subscribe(resp => {
             if (resp) {
-                const users: User.AsObject[] = resp.users;
+                const users: UserView.AsObject[] = resp.users;
                 const roles: string[] = resp.roles;
 
                 if (users && users.length && roles && roles.length) {

console/src/app/pages/iam/iam.component.ts

@@ -4,7 +4,7 @@ import { Router } from '@angular/router';
 import { BehaviorSubject, from, Observable, of } from 'rxjs';
 import { catchError, finalize, map } from 'rxjs/operators';
 import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component';
-import { OrgMemberView, User } from 'src/app/proto/generated/management_pb';
+import { OrgMemberView, UserView } from 'src/app/proto/generated/management_pb';
 import { AdminService } from 'src/app/services/admin.service';
 import { ToastService } from 'src/app/services/toast.service';
 
@@ -49,7 +49,7 @@ export class IamComponent {
 
         dialogRef.afterClosed().subscribe(resp => {
             if (resp) {
-                const users: User.AsObject[] = resp.users;
+                const users: UserView.AsObject[] = resp.users;
                 const roles: string[] = resp.roles;
 
                 if (users && users.length && roles && roles.length) {

console/src/app/pages/orgs/org-create/org-create.component.ts

@@ -6,7 +6,7 @@ import { MatSlideToggleChange } from '@angular/material/slide-toggle';
 import { Router } from '@angular/router';
 import { take } from 'rxjs/operators';
 import { lowerCaseValidator, numberValidator, symbolValidator, upperCaseValidator } from 'src/app/pages/validators';
-import { CreateOrgRequest, CreateUserRequest, Gender, OrgSetUpResponse } from 'src/app/proto/generated/admin_pb';
+import { CreateHumanRequest, CreateOrgRequest, Gender, OrgSetUpResponse } from 'src/app/proto/generated/admin_pb';
 import { PasswordComplexityPolicy } from 'src/app/proto/generated/auth_pb';
 import { AdminService } from 'src/app/services/admin.service';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
@@ -92,21 +92,20 @@ export class OrgCreateComponent {
         createOrgRequest.setName(this.name?.value);
         createOrgRequest.setDomain(this.domain?.value);
 
-        const registerUserRequest: CreateUserRequest = new CreateUserRequest();
+        const humanRequest: CreateHumanRequest = new CreateHumanRequest();
-        registerUserRequest.setUserName(this.userName?.value);
+        humanRequest.setEmail(this.email?.value);
-        registerUserRequest.setEmail(this.email?.value);
+        humanRequest.setFirstName(this.firstName?.value);
-        registerUserRequest.setFirstName(this.firstName?.value);
+        humanRequest.setLastName(this.lastName?.value);
-        registerUserRequest.setLastName(this.lastName?.value);
+        humanRequest.setNickName(this.nickName?.value);
-        registerUserRequest.setNickName(this.nickName?.value);
+        humanRequest.setGender(this.gender?.value);
-        registerUserRequest.setGender(this.gender?.value);
+        humanRequest.setPreferredLanguage(this.preferredLanguage?.value);
-        registerUserRequest.setPreferredLanguage(this.preferredLanguage?.value);
 
         if (this.usePassword && this.password) {
-            registerUserRequest.setPassword(this.password?.value);
+            humanRequest.setPassword(this.password?.value);
         }
 
         this.adminService
-            .SetUpOrg(createOrgRequest, registerUserRequest)
+            .SetUpOrg(createOrgRequest, humanRequest)
             .then((data: OrgSetUpResponse) => {
                 this.router.navigate(['orgs', data.toObject().org?.id]);
             })

console/src/app/pages/orgs/org-detail/org-detail.component.ts

@@ -17,7 +17,7 @@ import {
     OrgMemberSearchResponse,
     OrgMemberView,
     OrgState,
-    User,
+    UserView,
 } from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -163,7 +163,7 @@ export class OrgDetailComponent implements OnInit, OnDestroy {
 
         dialogRef.afterClosed().subscribe(resp => {
             if (resp) {
-                const users: User.AsObject[] = resp.users;
+                const users: UserView.AsObject[] = resp.users;
                 const roles: string[] = resp.roles;
 
                 if (users && users.length && roles && roles.length) {

console/src/app/pages/orgs/org-members/org-members.component.ts

@@ -5,7 +5,7 @@ import { MatPaginator } from '@angular/material/paginator';
 import { MatSelectChange } from '@angular/material/select';
 import { tap } from 'rxjs/operators';
 import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component';
-import { Org, OrgMemberView, ProjectType, User } from 'src/app/proto/generated/management_pb';
+import { Org, OrgMemberView, ProjectType, UserView } from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
 
@@ -107,7 +107,7 @@ export class OrgMembersComponent implements AfterViewInit {
 
         dialogRef.afterClosed().subscribe(resp => {
             if (resp) {
-                const users: User.AsObject[] = resp.users;
+                const users: UserView.AsObject[] = resp.users;
                 const roles: string[] = resp.roles;
 
                 if (users && users.length && roles && roles.length) {

console/src/app/pages/projects/granted-projects/granted-project-detail/granted-project-detail.component.ts

@@ -21,8 +21,8 @@ import {
     ProjectRoleSearchResponse,
     ProjectState,
     ProjectType,
-    User,
     UserGrantSearchKey,
+    UserView,
 } from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -140,7 +140,7 @@ export class GrantedProjectDetailComponent implements OnInit, OnDestroy {
 
         dialogRef.afterClosed().subscribe(resp => {
             if (resp) {
-                const users: User.AsObject[] = resp.users;
+                const users: UserView.AsObject[] = resp.users;
                 const roles: string[] = resp.roles;
 
                 if (users && users.length && roles && roles.length) {

console/src/app/pages/projects/owned-projects/owned-project-detail/owned-project-detail.component.html

@@ -21,10 +21,12 @@
 
             <span class="fill-space"></span>
 
-            <button mat-stroked-button color="warn" [disabled]="isZitadel"
+            <button mat-stroked-button color="warn"
+                [disabled]="isZitadel || (['project.write', 'project.write'+ project.projectId]| hasRole | async) == false"
                 *ngIf="project?.state === ProjectState.PROJECTSTATE_ACTIVE" class="state-button"
                 (click)="changeState(ProjectState.PROJECTSTATE_INACTIVE)">{{'PROJECT.TABLE.DEACTIVATE' | translate}}</button>
-            <button mat-stroked-button color="warn" [disabled]="isZitadel"
+            <button mat-stroked-button color="warn"
+                [disabled]="isZitadel || (['project.write', 'project.write'+ project.projectId]| hasRole | async) == false"
                 *ngIf="project?.state === ProjectState.PROJECTSTATE_INACTIVE" class="state-button"
                 (click)="changeState(ProjectState.PROJECTSTATE_ACTIVE)">{{'PROJECT.TABLE.ACTIVATE' | translate}}</button>
 
@@ -87,7 +89,7 @@
                     <app-card *ngIf="project?.projectId" title="{{ 'GRANTS.PROJECT.TITLE' | translate }}"
                         description="{{'GRANTS.PROJECT.DESCRIPTION' | translate }}">
                         <app-user-grants [context]="userGrantContext" [projectId]="projectId"
-                            [disabled]="project?.state !== ProjectState.PROJECTSTATE_ACTIVE"
+                            [disabled]="project?.state !== ProjectState.PROJECTSTATE_ACTIVE || (['project.write', 'project.write'+ project.projectId]| hasRole | async) == false"
                             [allowCreate]="(['user.grant.write'] | hasRole) | async"
                             [allowDelete]="(['user.grant.delete'] | hasRole) | async">
                         </app-user-grants>

console/src/app/pages/projects/owned-projects/project-grant-detail/project-grant-members/project-grant-members-create-dialog/project-grant-members-create-dialog.component.ts

@@ -1,7 +1,7 @@
 import { Component, Inject } from '@angular/core';
 import { FormGroup } from '@angular/forms';
 import { MAT_DIALOG_DATA, MatDialogRef } from '@angular/material/dialog';
-import { User } from 'src/app/proto/generated/management_pb';
+import { UserView } from 'src/app/proto/generated/management_pb';
 
 export interface ProjectGrantMembersCreateDialogExportType {
     userIds: string[];
@@ -22,7 +22,7 @@ export class ProjectGrantMembersCreateDialogComponent {
         @Inject(MAT_DIALOG_DATA) public data: any,
     ) { }
 
-    public selectUsers(users: User.AsObject[]): void {
+    public selectUsers(users: UserView.AsObject[]): void {
         this.userIds = users.map(user => user.id);
     }
 

console/src/app/pages/user-grant-create/user-grant-create.component.ts

@@ -4,7 +4,7 @@ import { ActivatedRoute, Params } from '@angular/router';
 import { Subscription } from 'rxjs';
 import { UserGrantContext } from 'src/app/modules/user-grants/user-grants-datasource';
 import { Org } from 'src/app/proto/generated/auth_pb';
-import { ProjectGrantView, ProjectRole, ProjectView, User, UserGrant } from 'src/app/proto/generated/management_pb';
+import { ProjectGrantView, ProjectRole, ProjectView, UserGrant, UserView } from 'src/app/proto/generated/management_pb';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -55,7 +55,7 @@ export class UserGrantCreateComponent implements OnDestroy {
                 this.context = UserGrantContext.GRANTED_PROJECT;
                 this.mgmtService.GetGrantedProjectByID(this.projectId, this.grantId).then(resp => {
                     this.grantRolesKeyList = resp.toObject().roleKeysList;
-                }).catch(error => {
+                }).catch((error: any) => {
                     this.toast.showError(error);
                 });
             }
@@ -80,7 +80,7 @@ export class UserGrantCreateComponent implements OnDestroy {
                 ).then((data: UserGrant) => {
                     this.toast.showInfo('PROJECT.GRANT.TOAST.PROJECTGRANTADDED', true);
                     this.close();
-                }).catch(error => {
+                }).catch((error: any) => {
                     this.toast.showError(error);
                 });
                 break;
@@ -93,7 +93,7 @@ export class UserGrantCreateComponent implements OnDestroy {
                 ).then((data: UserGrant) => {
                     this.toast.showInfo('PROJECT.GRANT.TOAST.PROJECTGRANTUSERGRANTADDED', true);
                     this.close();
-                }).catch(error => {
+                }).catch((error: any) => {
                     this.toast.showError(error);
                 });
                 break;
@@ -105,7 +105,7 @@ export class UserGrantCreateComponent implements OnDestroy {
         this.projectId = project.projectId;
     }
 
-    public selectUser(user: User.AsObject): void {
+    public selectUser(user: UserView.AsObject): void {
         this.userId = user.id;
     }
 

console/src/app/pages/users/user-create-machine/user-create-machine-routing.module.ts

@@ -0,0 +1,18 @@
+import { NgModule } from '@angular/core';
+import { RouterModule, Routes } from '@angular/router';
+
+import { UserCreateMachineComponent } from './user-create-machine.component';
+
+const routes: Routes = [
+    {
+        path: '',
+        component: UserCreateMachineComponent,
+        data: { animation: 'DetailPage' },
+    },
+];
+
+@NgModule({
+    imports: [RouterModule.forChild(routes)],
+    exports: [RouterModule],
+})
+export class UserCreateMachineRoutingModule { }

console/src/app/pages/users/user-create-machine/user-create-machine.component.html

@@ -0,0 +1,34 @@
+<app-detail-layout [backRouterLink]="[ '/users/list/machines']" title="{{ 'USER.CREATE.TITLE' | translate }}"
+    description="{{ 'USER.CREATE.DESCRIPTION' | translate }}">
+    <mat-progress-bar *ngIf="loading" color="accent" mode="indeterminate"></mat-progress-bar>
+
+    <form *ngIf="userForm" [formGroup]="userForm" (ngSubmit)="createUser()" class="form">
+        <div class="content">
+            <mat-form-field class="formfield">
+                <mat-label>{{ 'USER.MACHINE.USERNAME' | translate }}</mat-label>
+                <input matInput formControlName="userName" required />
+                <mat-error *ngIf="userName?.invalid && userName?.errors?.required">
+                    {{ 'USER.VALIDATION.REQUIRED' | translate }}
+                </mat-error>
+                <mat-error *ngIf="userName?.invalid && userName?.errors?.noEmailValidator">
+                    {{ 'USER.VALIDATION.NOEMAIL' | translate }}
+                </mat-error>
+            </mat-form-field>
+            <mat-form-field class="formfield">
+                <mat-label>{{ 'USER.MACHINE.NAME' | translate }}</mat-label>
+                <input matInput formControlName="name" required />
+                <mat-error *ngIf="name?.invalid && name?.errors?.required">
+                    {{ 'USER.VALIDATION.REQUIRED' | translate }}
+                </mat-error>
+            </mat-form-field>
+            <mat-form-field class="formfield">
+                <mat-label>{{ 'USER.MACHINE.DESCRIPTION' | translate }}</mat-label>
+                <input matInput formControlName="description" />
+            </mat-form-field>
+        </div>
+        <div class="btn-container">
+            <button color="primary" [disabled]="userForm.invalid" type="submit"
+                mat-raised-button>{{ 'ACTIONS.CREATE' | translate }}</button>
+        </div>
+    </form>
+</app-detail-layout>

console/src/app/pages/users/user-create-machine/user-create-machine.component.scss

@@ -0,0 +1,33 @@
+
+.form {
+  width: 100%;
+  padding-top: 1rem;
+
+  .btn-container {
+    button {
+      margin-top: 3rem;
+      display: block;
+      padding: .5rem 4rem;
+      border-radius: .5rem;
+    }
+  }
+}
+
+.content {
+  width: 100%;
+  display: flex wrap;
+  flex-direction: row;
+  margin: 0 -.5rem;
+
+  .section {
+    padding: .5rem;
+    flex-basis: 100%;
+    color: #8795a1;
+    font-size: .9rem;
+  }
+
+  .formfield {
+    flex: 1 0 33%;
+    margin: 0 .5rem;
+  }
+}

console/src/app/pages/users/user-create-machine/user-create-machine.component.spec.ts

@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { UserCreateMachineComponent } from './user-create-machine.component';
+
+describe('UserCreateMachineComponent', () => {
+    let component: UserCreateMachineComponent;
+    let fixture: ComponentFixture<UserCreateMachineComponent>;
+
+    beforeEach(async(() => {
+        TestBed.configureTestingModule({
+            declarations: [UserCreateMachineComponent],
+        })
+            .compileComponents();
+    }));
+
+    beforeEach(() => {
+        fixture = TestBed.createComponent(UserCreateMachineComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+    });
+
+    it('should create', () => {
+        expect(component).toBeTruthy();
+    });
+});

console/src/app/pages/users/user-create-machine/user-create-machine.component.ts

@@ -0,0 +1,100 @@
+import { Component, OnDestroy } from '@angular/core';
+import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { Router } from '@angular/router';
+import { Subscription } from 'rxjs';
+import { CreateMachineRequest } from 'src/app/proto/generated/admin_pb';
+import { UserResponse } from 'src/app/proto/generated/management_pb';
+import { ManagementService } from 'src/app/services/mgmt.service';
+import { ToastService } from 'src/app/services/toast.service';
+
+function noEmailValidator(c: AbstractControl): any {
+    const EMAIL_REGEXP: RegExp = /^((?!@).)*$/gm;
+    if (!c.parent || !c) {
+        return;
+    }
+    const username = c.parent.get('userName');
+
+    if (!username) {
+        return;
+    }
+
+    return EMAIL_REGEXP.test(username.value) ? null : {
+        noEmailValidator: {
+            valid: false,
+        },
+    };
+}
+
+@Component({
+    selector: 'app-user-create-machine',
+    templateUrl: './user-create-machine.component.html',
+    styleUrls: ['./user-create-machine.component.scss'],
+})
+export class UserCreateMachineComponent implements OnDestroy {
+    public user: CreateMachineRequest.AsObject = new CreateMachineRequest().toObject();
+    public userForm!: FormGroup;
+
+    private sub: Subscription = new Subscription();
+    public loading: boolean = false;
+
+    constructor(
+        private router: Router,
+        private toast: ToastService,
+        public userService: ManagementService,
+        private fb: FormBuilder,
+    ) {
+        this.initForm();
+    }
+
+    private initForm(): void {
+        this.userForm = this.fb.group({
+            userName: ['',
+                [
+                    Validators.required,
+                    Validators.minLength(2),
+                ],
+            ],
+            name: ['', [Validators.required]],
+            description: ['', []],
+        });
+    }
+
+    public createUser(): void {
+        this.user = this.userForm.value;
+
+        this.loading = true;
+
+        const machineReq = new CreateMachineRequest();
+        machineReq.setDescription(this.description?.value);
+        machineReq.setName(this.name?.value);
+
+        this.userService
+            .CreateUserMachine(this.userName?.value, machineReq)
+            .then((data: UserResponse) => {
+                this.loading = false;
+                this.toast.showInfo('USER.TOAST.CREATED', true);
+                const id = data.getId();
+                if (id) {
+                    this.router.navigate(['users', id]);
+                }
+            })
+            .catch((error: any) => {
+                this.loading = false;
+                this.toast.showError(error);
+            });
+    }
+
+    ngOnDestroy(): void {
+        this.sub.unsubscribe();
+    }
+
+    public get name(): AbstractControl | null {
+        return this.userForm.get('name');
+    }
+    public get description(): AbstractControl | null {
+        return this.userForm.get('description');
+    }
+    public get userName(): AbstractControl | null {
+        return this.userForm.get('userName');
+    }
+}

console/src/app/pages/users/user-create-machine/user-create-machine.module.ts

@@ -0,0 +1,41 @@
+import { CommonModule } from '@angular/common';
+import { NgModule } from '@angular/core';
+import { FormsModule, ReactiveFormsModule } from '@angular/forms';
+import { MatButtonModule } from '@angular/material/button';
+import { MatCheckboxModule } from '@angular/material/checkbox';
+import { MatFormFieldModule } from '@angular/material/form-field';
+import { MatIconModule } from '@angular/material/icon';
+import { MatInputModule } from '@angular/material/input';
+import { MatProgressBarModule } from '@angular/material/progress-bar';
+import { MatProgressSpinnerModule } from '@angular/material/progress-spinner';
+import { MatSelectModule } from '@angular/material/select';
+import { MatTooltipModule } from '@angular/material/tooltip';
+import { TranslateModule } from '@ngx-translate/core';
+import { DetailLayoutModule } from 'src/app/modules/detail-layout/detail-layout.module';
+
+import { UserCreateMachineRoutingModule } from './user-create-machine-routing.module';
+import { UserCreateMachineComponent } from './user-create-machine.component';
+
+
+
+@NgModule({
+    declarations: [UserCreateMachineComponent],
+    imports: [
+        UserCreateMachineRoutingModule,
+        CommonModule,
+        FormsModule,
+        ReactiveFormsModule,
+        MatInputModule,
+        MatFormFieldModule,
+        MatSelectModule,
+        MatButtonModule,
+        MatIconModule,
+        MatProgressSpinnerModule,
+        MatProgressBarModule,
+        MatCheckboxModule,
+        MatTooltipModule,
+        TranslateModule,
+        DetailLayoutModule,
+    ],
+})
+export class UserCreateMachineModule { }

console/src/app/pages/users/user-create/user-create.component.html

@@ -1,4 +1,4 @@
-<app-detail-layout [backRouterLink]="[ '/users/all']" title="{{ 'USER.CREATE.TITLE' | translate }}"
+<app-detail-layout [backRouterLink]="[ '/users/list/humans']" title="{{ 'USER.CREATE.TITLE' | translate }}"
     description="{{ 'USER.CREATE.DESCRIPTION' | translate }}">
     <mat-progress-bar *ngIf="loading" color="accent" mode="indeterminate"></mat-progress-bar>
 

console/src/app/pages/users/user-create/user-create.component.ts

@@ -2,7 +2,7 @@ import { Component, OnDestroy } from '@angular/core';
 import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { Router } from '@angular/router';
 import { Subscription } from 'rxjs';
-import { CreateUserRequest, Gender, User } from 'src/app/proto/generated/management_pb';
+import { CreateHumanRequest, CreateUserRequest, Gender, UserResponse } from 'src/app/proto/generated/management_pb';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
 
@@ -75,11 +75,6 @@ export class UserCreateComponent implements OnDestroy {
             gender: [Gender.GENDER_UNSPECIFIED],
             preferredLanguage: [''],
             phone: [''],
-            streetAddress: [''],
-            postalCode: [''],
-            locality: [''],
-            region: [''],
-            country: [''],
         });
     }
 
@@ -87,9 +82,20 @@ export class UserCreateComponent implements OnDestroy {
         this.user = this.userForm.value;
 
         this.loading = true;
+
+        const humanReq = new CreateHumanRequest();
+        humanReq.setFirstName(this.firstName?.value);
+        humanReq.setLastName(this.lastName?.value);
+        humanReq.setNickName(this.nickName?.value);
+        humanReq.setPreferredLanguage(this.preferredLanguage?.value);
+        humanReq.setEmail(this.email?.value);
+        humanReq.setPhone(this.phone?.value);
+        humanReq.setGender(this.gender?.value);
+        humanReq.setCountry(this.country?.value);
+
         this.userService
-            .CreateUser(this.user)
+            .CreateUserHuman(this.userName?.value, humanReq)
-            .then((data: User) => {
+            .then((data: UserResponse) => {
                 this.loading = false;
                 this.toast.showInfo('USER.TOAST.CREATED', true);
                 this.router.navigate(['users', data.getId()]);

console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html

@@ -22,8 +22,8 @@
 
         <div class="col" *ngIf="user">
             <app-card class="app-card" title="{{ 'USER.PROFILE.TITLE' | translate }}">
-                <app-detail-form [genders]="genders" [languages]="languages" [profile]="user"
+                <app-detail-form [genders]="genders" [languages]="languages" [username]="user.userName"
-                    (changedLanguage)="changedLanguage($event)" (submitData)="saveProfile($event)">
+                    [user]="user.human" (changedLanguage)="changedLanguage($event)" (submitData)="saveProfile($event)">
                 </app-detail-form>
             </app-card>
 
@@ -51,11 +51,11 @@
 
                     <ng-container *ngIf="!emailEditState; else emailEdit">
                         <div class="actions">
-                            <span class="name">{{user?.email}}</span>
+                            <span class="name">{{user?.human?.email}}</span>
-                            <mat-icon class="icon" *ngIf="user?.isEmailVerified" color="primary" aria-hidden="false"
+                            <mat-icon class="icon" *ngIf="user?.human?.isEmailVerified" color="primary"
-                                aria-label="verified icon">
+                                aria-hidden="false" aria-label="verified icon">
                                 check_circle_outline</mat-icon>
-                            <ng-container *ngIf="user?.email && !user?.isEmailVerified">
+                            <ng-container *ngIf="user?.human?.email && !user?.human?.isEmailVerified">
                                 <mat-icon class="icon" color="warn" aria-hidden="false" aria-label="not verified icon">
                                     highlight_off
                                 </mat-icon>
@@ -73,13 +73,14 @@
                     <ng-template #emailEdit>
                         <mat-form-field class="name">
                             <mat-label>{{ 'USER.EMAIL' | translate }}</mat-label>
-                            <input matInput [(ngModel)]="user.email" />
+                            <input *ngIf="user.human && user.human.email" matInput [(ngModel)]="user.human.email" />
                         </mat-form-field>
                         <button (click)="emailEditState = false" mat-icon-button>
                             <mat-icon class="icon">close</mat-icon>
                         </button>
-                        <button [disabled]="!user.email" class="submit-button" type="button" color="primary"
+                        <button *ngIf="user.human" [disabled]="!user.human.email" class="submit-button" type="button"
-                            (click)="saveEmail()" mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
+                            color="primary" (click)="saveEmail()"
+                            mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
                     </ng-template>
                 </div>
 
@@ -88,11 +89,11 @@
 
                     <ng-container *ngIf="!phoneEditState; else phoneEdit">
                         <div class="actions">
-                            <span class="name">{{user?.phone}}</span>
+                            <span class="name">{{user?.human?.phone}}</span>
-                            <mat-icon class="icon" *ngIf="user?.isPhoneVerified" color="primary" aria-hidden="false"
+                            <mat-icon class="icon" *ngIf="user?.human?.isPhoneVerified" color="primary"
-                                aria-label="verified icon">
+                                aria-hidden="false" aria-label="verified icon">
                                 check_circle_outline</mat-icon>
-                            <ng-container *ngIf="user?.phone && !user?.isPhoneVerified">
+                            <ng-container *ngIf="user?.human?.phone && !user?.human?.isPhoneVerified">
                                 <mat-icon class="icon" color="warn" aria-hidden="false" aria-label="not verified icon">
                                     highlight_off
                                 </mat-icon>
@@ -113,16 +114,17 @@
                     <ng-template #phoneEdit>
                         <mat-form-field class="name">
                             <mat-label>{{ 'USER.PHONE' | translate }}</mat-label>
-                            <input matInput [(ngModel)]="user.phone" />
+                            <input *ngIf="user.human && user.human.phone" matInput [(ngModel)]="user.human.phone" />
                         </mat-form-field>
                         <button (click)="phoneEditState = false" mat-icon-button>
                             <mat-icon class="icon">close</mat-icon>
                         </button>
-                        <button *ngIf="user.phone" color="warn" (click)="deletePhone()" mat-icon-button>
+                        <button *ngIf="user.human && user.human.phone" color="warn" (click)="deletePhone()"
+                            mat-icon-button>
                             <i class="las la-trash"></i>
                         </button>
-                        <button [disabled]="!user.phone" type="button" color="primary" (click)="savePhone()"
+                        <button *ngIf="user.human" [disabled]="!user.human.phone" type="button" color="primary"
-                            mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
+                            (click)="savePhone()" mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
                     </ng-template>
                 </div>
             </div>

console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.ts

@@ -53,19 +53,21 @@ export class AuthUserDetailComponent implements OnDestroy {
     }
 
     public saveProfile(profileData: UserProfile.AsObject): void {
-        this.user.firstName = profileData.firstName;
+        if (this.user.human) {
-        this.user.lastName = profileData.lastName;
+            this.user.human.firstName = profileData.firstName;
-        this.user.nickName = profileData.nickName;
+            this.user.human.lastName = profileData.lastName;
-        this.user.displayName = profileData.displayName;
+            this.user.human.nickName = profileData.nickName;
-        this.user.gender = profileData.gender;
+            this.user.human.displayName = profileData.displayName;
-        this.user.preferredLanguage = profileData.preferredLanguage;
+            this.user.human.gender = profileData.gender;
+            this.user.human.preferredLanguage = profileData.preferredLanguage;
+
             this.userService
                 .SaveMyUserProfile(
-                this.user.firstName,
+                    this.user.human.firstName,
-                this.user.lastName,
+                    this.user.human.lastName,
-                this.user.nickName,
+                    this.user.human.nickName,
-                this.user.preferredLanguage,
+                    this.user.human.preferredLanguage,
-                this.user.gender,
+                    this.user.human.gender,
                 )
                 .then((data: UserProfile) => {
                     this.toast.showInfo('USER.TOAST.SAVED', true);
@@ -75,25 +77,31 @@ export class AuthUserDetailComponent implements OnDestroy {
                     this.toast.showError(error);
                 });
         }
+    }
 
     public saveEmail(): void {
         this.emailEditState = false;
 
+        if (this.user.human) {
             this.userService
-            .SaveMyUserEmail(this.user.email).then((data: UserEmail) => {
+                .SaveMyUserEmail(this.user.human.email).then((data: UserEmail) => {
                     this.toast.showInfo('USER.TOAST.EMAILSAVED', true);
-                this.user.email = data.toObject().email;
+                    if (this.user.human) {
+                        this.user.human.email = data.toObject().email;
+                    }
                     this.emailEditState = false;
                 }).catch(error => {
                     this.toast.showError(error);
                     this.emailEditState = false;
                 });
         }
+    }
 
     public enterCode(): void {
+        if (this.user.human) {
             const dialogRef = this.dialog.open(CodeDialogComponent, {
                 data: {
-                number: this.user.phone,
+                    number: this.user.human.phone,
                 },
                 width: '400px',
             });
@@ -108,6 +116,7 @@ export class AuthUserDetailComponent implements OnDestroy {
                 }
             });
         }
+    }
 
     public changedLanguage(language: string): void {
         this.translate.use(language);
@@ -130,21 +139,28 @@ export class AuthUserDetailComponent implements OnDestroy {
     }
 
     public deletePhone(): void {
+        if (this.user.human) {
             this.userService.RemoveMyUserPhone().then(() => {
                 this.toast.showInfo('USER.TOAST.PHONEREMOVED', true);
-            this.user.phone = '';
+                if (this.user.human) {
+                    this.user.human.phone = '';
+                }
                 this.phoneEditState = false;
             }).catch(error => {
                 this.toast.showError(error);
             });
         }
+    }
 
     public savePhone(): void {
         this.phoneEditState = false;
+        if (this.user.human) {
             this.userService
-            .SaveMyUserPhone(this.user.phone).then((data: UserPhone) => {
+                .SaveMyUserPhone(this.user.human.phone).then((data: UserPhone) => {
                     this.toast.showInfo('USER.TOAST.PHONESAVED', true);
-                this.user.phone = data.toObject().phone;
+                    if (this.user.human) {
+                        this.user.human.phone = data.toObject().phone;
+                    }
                     this.phoneEditState = false;
                 }).catch(error => {
                     this.toast.showError(error);
@@ -152,3 +168,4 @@ export class AuthUserDetailComponent implements OnDestroy {
                 });
         }
     }
+}

console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.html

@@ -0,0 +1,29 @@
+<form [formGroup]="machineForm" *ngIf="machineForm" (ngSubmit)="submitForm()">
+    <div class="content">
+        <mat-form-field class="formfield">
+            <mat-label>{{ 'USER.MACHINE.USERNAME' | translate }}</mat-label>
+            <input matInput formControlName="userName" required />
+            <mat-error *ngIf="userName?.invalid && userName?.errors?.required">
+                {{ 'USER.VALIDATION.REQUIRED' | translate }}
+            </mat-error>
+            <mat-error *ngIf="userName?.invalid && userName?.errors?.noEmailValidator">
+                {{ 'USER.VALIDATION.NOEMAIL' | translate }}
+            </mat-error>
+        </mat-form-field>
+        <mat-form-field class="formfield">
+            <mat-label>{{ 'USER.MACHINE.NAME' | translate }}</mat-label>
+            <input matInput formControlName="name" required />
+            <mat-error *ngIf="name?.invalid && name?.errors?.required">
+                {{ 'USER.VALIDATION.REQUIRED' | translate }}
+            </mat-error>
+        </mat-form-field>
+        <mat-form-field class="formfield">
+            <mat-label>{{ 'USER.MACHINE.DESCRIPTION' | translate }}</mat-label>
+            <input matInput formControlName="description" />
+        </mat-form-field>
+    </div>
+    <div class="btn-container">
+        <button class="submit-button" type="submit" color="primary"
+            mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
+    </div>
+</form>

console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.scss

@@ -0,0 +1,21 @@
+
+.content {
+  display: flex;
+  flex-direction: row;
+  flex-wrap: wrap;
+  margin: 0 -.5rem;
+
+  .formfield {
+    flex: 1 1 33%;
+    margin: 0 .5rem;
+  }
+}
+
+.btn-container {
+  display: flex;
+  justify-content: flex-end;
+
+  .submit-button {
+    border-radius: .5rem;
+  }
+}

console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.spec.ts

@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { DetailFormComponent } from './detail-form.component';
+
+describe('DetailFormComponent', () => {
+  let component: DetailFormComponent;
+  let fixture: ComponentFixture<DetailFormComponent>;
+
+  beforeEach(async(() => {
+    TestBed.configureTestingModule({
+      declarations: [DetailFormComponent],
+    })
+      .compileComponents();
+  }));
+
+  beforeEach(() => {
+    fixture = TestBed.createComponent(DetailFormComponent);
+    component = fixture.componentInstance;
+    fixture.detectChanges();
+  });
+
+  it('should create', () => {
+    expect(component).toBeTruthy();
+  });
+});

console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.component.ts

@@ -0,0 +1,55 @@
+import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from '@angular/core';
+import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms';
+import { Subscription } from 'rxjs';
+
+import { UserView } from '../../../../proto/generated/management_pb';
+
+@Component({
+    selector: 'app-detail-form-machine',
+    templateUrl: './detail-form-machine.component.html',
+    styleUrls: ['./detail-form-machine.component.scss'],
+})
+export class DetailFormMachineComponent implements OnInit, OnDestroy {
+    @Input() public username!: string;
+    @Input() public user!: UserView;
+    @Input() public disabled: boolean = false;
+    @Output() public submitData: EventEmitter<any> = new EventEmitter<any>();
+
+    public machineForm!: FormGroup;
+
+    private sub: Subscription = new Subscription();
+
+    constructor(private fb: FormBuilder) {
+        this.machineForm = this.fb.group({
+            userName: [{ value: '', disabled: true }, [
+                Validators.required,
+            ]],
+            name: [{ value: '', disabled: true }, Validators.required],
+            description: [{ value: '', disabled: this.disabled }],
+        });
+    }
+
+    public ngOnInit(): void {
+        this.machineForm.patchValue({ userName: this.username, ...this.user });
+    }
+
+    public ngOnDestroy(): void {
+        this.sub.unsubscribe();
+    }
+
+    public submitForm(): void {
+        this.submitData.emit(this.machineForm.value);
+    }
+
+    public get name(): AbstractControl | null {
+        return this.machineForm.get('name');
+    }
+
+    public get description(): AbstractControl | null {
+        return this.machineForm.get('description');
+    }
+
+    public get userName(): AbstractControl | null {
+        return this.machineForm.get('userName');
+    }
+}

console/src/app/pages/users/user-detail/detail-form-machine/detail-form-machine.module.ts

@@ -0,0 +1,34 @@
+import { CommonModule } from '@angular/common';
+import { NgModule } from '@angular/core';
+import { FormsModule, ReactiveFormsModule } from '@angular/forms';
+import { MatButtonModule } from '@angular/material/button';
+import { MatFormFieldModule } from '@angular/material/form-field';
+import { MatIconModule } from '@angular/material/icon';
+import { MatInputModule } from '@angular/material/input';
+import { MatSelectModule } from '@angular/material/select';
+import { TranslateModule } from '@ngx-translate/core';
+
+import { DetailFormMachineComponent } from './detail-form-machine.component';
+
+
+@NgModule({
+    declarations: [
+        DetailFormMachineComponent,
+    ],
+    imports: [
+        CommonModule,
+        FormsModule,
+        ReactiveFormsModule,
+        TranslateModule,
+        MatFormFieldModule,
+        MatInputModule,
+        MatSelectModule,
+        MatButtonModule,
+        MatIconModule,
+        TranslateModule,
+    ],
+    exports: [
+        DetailFormMachineComponent,
+    ],
+})
+export class DetailFormMachineModule { }

console/src/app/pages/users/user-detail/detail-form/detail-form.component.ts

@@ -1,8 +1,8 @@
 import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from '@angular/core';
 import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms';
 import { Subscription } from 'rxjs';
-import { Gender as authGender, UserProfile as authUP } from 'src/app/proto/generated/auth_pb';
+import { Gender as authGender, UserProfile as authUP, UserView as authUV } from 'src/app/proto/generated/auth_pb';
-import { Gender as mgmtGender, UserProfile as mgmtUP } from 'src/app/proto/generated/management_pb';
+import { Gender as mgmtGender, UserProfile as mgmtUP, UserView as mgmtUV } from 'src/app/proto/generated/management_pb';
 
 
 @Component({
@@ -11,11 +11,12 @@ import { Gender as mgmtGender, UserProfile as mgmtUP } from 'src/app/proto/gener
     styleUrls: ['./detail-form.component.scss'],
 })
 export class DetailFormComponent implements OnInit, OnDestroy {
-    @Input() public profile!: mgmtUP | authUP;
+    @Input() public username!: string;
+    @Input() public user!: mgmtUV | authUV;
     @Input() public disabled: boolean = false;
     @Input() public genders: mgmtGender[] | authGender[] = [];
     @Input() public languages: string[] = ['de', 'en'];
-    @Output() public submitData: EventEmitter<any> = new EventEmitter<any>();
+    @Output() public submitData: EventEmitter<mgmtUP | authUP> = new EventEmitter<mgmtUP | authUP>();
     @Output() public changedLanguage: EventEmitter<string> = new EventEmitter<string>();
 
     public profileForm!: FormGroup;
@@ -36,7 +37,7 @@ export class DetailFormComponent implements OnInit, OnDestroy {
     }
 
     public ngOnInit(): void {
-        this.profileForm.patchValue(this.profile);
+        this.profileForm.patchValue({ userName: this.username, ...this.user });
 
         if (this.preferredLanguage) {
             this.sub = this.preferredLanguage.valueChanges.subscribe(value => {
@@ -52,9 +53,11 @@ export class DetailFormComponent implements OnInit, OnDestroy {
     public submitForm(): void {
         this.submitData.emit(this.profileForm.value);
     }
+
     public get userName(): AbstractControl | null {
         return this.profileForm.get('userName');
     }
+
     public get firstName(): AbstractControl | null {
         return this.profileForm.get('firstName');
     }

console/src/app/pages/users/user-detail/machine-keys/add-key-dialog/add-key-dialog.component.html

@@ -0,0 +1,30 @@
+<span class="title" mat-dialog-title>{{'USER.MACHINE.ADD.TITLE' | translate}}</span>
+<div mat-dialog-content>
+    <p class="desc"> {{'USER.MACHINE.ADD.DESCRIPTION' | translate}}</p>
+
+    <mat-form-field class="form-field" appearance="outline">
+        <mat-label>{{'USER.MACHINE.TYPE' | translate}}</mat-label>
+        <mat-select [(ngModel)]="type">
+            <mat-option *ngFor="let t of types" [value]="t">
+                {{'USER.MACHINE.KEYTYPES.'+t | translate}}
+            </mat-option>
+        </mat-select>
+    </mat-form-field>
+
+    <mat-form-field class="form-field" appearance="outline">
+        <mat-label>{{'USER.MACHINE.CHOOSEEXPIRY' | translate}}</mat-label>
+        <input matInput [matDatepicker]="picker" [(ngModel)]="date">
+        <mat-datepicker-toggle matSuffix [for]="picker"></mat-datepicker-toggle>
+        <mat-datepicker #picker></mat-datepicker>
+    </mat-form-field>
+</div>
+<div mat-dialog-actions class="action">
+    <button mat-button (click)="closeDialog()">
+        {{'ACTIONS.CANCEL' | translate}}
+    </button>
+
+    <button color="primary" mat-raised-button class="ok-button" [disabled]="type == undefined"
+        (click)="closeDialogWithSuccess()">
+        {{'ACTIONS.ADD' | translate}}
+    </button>
+</div>

console/src/app/pages/users/user-detail/machine-keys/add-key-dialog/add-key-dialog.component.scss

@@ -0,0 +1,26 @@
+.title {
+  font-size: 1.2rem;
+  margin-top: 0;
+}
+
+.desc {
+  color: #8795a1;
+  font-size: .9rem;
+}
+
+.form-field {
+  width: 100%;
+}
+
+.action {
+  display: flex;
+  justify-content: flex-end;
+
+  .ok-button {
+    margin-left: .5rem;
+  }
+
+  button {
+    border-radius: .5rem;
+  }
+}

console/src/app/pages/users/user-detail/machine-keys/add-key-dialog/add-key-dialog.component.spec.ts

@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { AddKeyDialogComponent } from './add-key-dialog.component';
+
+describe('AddKeyDialogComponent', () => {
+    let component: AddKeyDialogComponent;
+    let fixture: ComponentFixture<AddKeyDialogComponent>;
+
+    beforeEach(async(() => {
+        TestBed.configureTestingModule({
+            declarations: [AddKeyDialogComponent],
+        })
+            .compileComponents();
+    }));
+
+    beforeEach(() => {
+        fixture = TestBed.createComponent(AddKeyDialogComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+    });
+
+    it('should create', () => {
+        expect(component).toBeTruthy();
+    });
+});

console/src/app/pages/users/user-detail/machine-keys/add-key-dialog/add-key-dialog.component.ts

@@ -0,0 +1,32 @@
+import { Component, Inject, OnInit } from '@angular/core';
+import { MAT_DIALOG_DATA, MatDialogRef } from '@angular/material/dialog';
+import { MachineKeyType } from 'src/app/proto/generated/management_pb';
+
+@Component({
+    selector: 'app-add-key-dialog',
+    templateUrl: './add-key-dialog.component.html',
+    styleUrls: ['./add-key-dialog.component.scss'],
+})
+export class AddKeyDialogComponent implements OnInit {
+    types: MachineKeyType[] = [
+        MachineKeyType.MACHINEKEY_JSON,
+    ];
+    date: any;
+    public type: MachineKeyType = MachineKeyType.MACHINEKEY_JSON;
+
+    constructor(
+        public dialogRef: MatDialogRef<AddKeyDialogComponent>,
+        @Inject(MAT_DIALOG_DATA) public data: any,
+    ) { }
+
+    ngOnInit(): void {
+    }
+
+    public closeDialog(): void {
+        this.dialogRef.close(false);
+    }
+
+    public closeDialogWithSuccess(): void {
+        this.dialogRef.close({ type: this.type, date: this.date });
+    }
+}

console/src/app/pages/users/user-detail/machine-keys/add-key-dialog/add-key-dialog.module.ts

@@ -0,0 +1,28 @@
+import { CommonModule } from '@angular/common';
+import { NgModule } from '@angular/core';
+import { FormsModule } from '@angular/forms';
+import { MatButtonModule } from '@angular/material/button';
+import { MatDatepickerModule } from '@angular/material/datepicker';
+import { MatFormFieldModule } from '@angular/material/form-field';
+import { MatIconModule } from '@angular/material/icon';
+import { MatInputModule } from '@angular/material/input';
+import { MatSelectModule } from '@angular/material/select';
+import { TranslateModule } from '@ngx-translate/core';
+
+import { AddKeyDialogComponent } from './add-key-dialog.component';
+
+@NgModule({
+    declarations: [AddKeyDialogComponent],
+    imports: [
+        CommonModule,
+        TranslateModule,
+        MatButtonModule,
+        MatFormFieldModule,
+        MatSelectModule,
+        MatInputModule,
+        MatIconModule,
+        FormsModule,
+        MatDatepickerModule,
+    ],
+})
+export class AddKeyDialogModule { }

console/src/app/pages/users/user-detail/machine-keys/machine-keys.component.html

@@ -0,0 +1,65 @@
+<app-refresh-table [loading]="loading$ | async" (refreshed)="refreshPage()" [dataSize]="dataSource.data.length"
+    [timestamp]="keyResult?.viewTimestamp" [selection]="selection">
+    <ng-template appHasRole [appHasRole]="['user.write']" actions>
+        <button color="warn" [disabled]="([('user.write:' + userId), 'user.write'] | hasRole | async) == false"
+            (click)="deleteSelectedKeys()" matTooltip="{{'ACTIONS.DELETE' | translate}}" class="icon-button"
+            mat-icon-button *ngIf="selection.hasValue()">
+            <i class="las la-trash"></i>
+        </button>
+        <a class="add-button" [disabled]="([('user.write:' + userId), 'user.write'] | hasRole | async) == false"
+            color="primary" mat-raised-button (click)="openAddKey()">
+            <mat-icon class="icon">add</mat-icon>{{ 'ACTIONS.NEW' | translate }}
+        </a>
+    </ng-template>
+
+    <div class="table-wrapper">
+        <table class="table background-style" mat-table [dataSource]="dataSource">
+            <ng-container matColumnDef="select">
+                <th mat-header-cell *matHeaderCellDef>
+                    <mat-checkbox color="primary" (change)="$event ? masterToggle() : null"
+                        [checked]="selection.hasValue() && isAllSelected()"
+                        [indeterminate]="selection.hasValue() && !isAllSelected()">
+                    </mat-checkbox>
+                </th>
+                <td mat-cell *matCellDef="let key">
+                    <mat-checkbox color="primary" (click)="$event.stopPropagation()"
+                        (change)="$event ? selection.toggle(key) : null" [checked]="selection.isSelected(key)">
+                    </mat-checkbox>
+                </td>
+            </ng-container>
+
+            <ng-container matColumnDef="id">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MACHINE.ID' | translate }} </th>
+                <td mat-cell *matCellDef="let key"> {{key?.id}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="type">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MACHINE.TYPE' | translate }} </th>
+                <td mat-cell *matCellDef="let key"> {{'USER.MACHINE.KEYTYPES.'+key?.type | translate}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="creationDate">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MACHINE.CREATIONDATE' | translate }} </th>
+                <td mat-cell *matCellDef="let key">
+                    {{key.creationDate | timestampToDate | localizedDate: 'EEE dd. MMM, HH:mm'}}
+                </td>
+            </ng-container>
+
+            <ng-container matColumnDef="expirationDate">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MACHINE.EXPIRYDATE' | translate }} </th>
+                <td mat-cell *matCellDef="let key">
+                    {{key.expirationDate | timestampToDate | localizedDate: 'EEE dd. MMM, HH:mm'}}
+                </td>
+            </ng-container>
+
+
+            <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
+            <tr class="data-row" mat-row *matRowDef="let row; columns: displayedColumns;"
+                [routerLink]="row.id ? ['/users', row.id ]: null">
+            </tr>
+
+        </table>
+        <mat-paginator #paginator class="paginator background-style" [length]="keyResult?.totalResult || 0"
+            [pageSize]="10" [pageSizeOptions]="[5, 10, 20]" (page)="changePage($event)"></mat-paginator>
+    </div>
+</app-refresh-table>

console/src/app/pages/users/user-detail/machine-keys/machine-keys.component.scss

@@ -0,0 +1,39 @@
+
+.table-wrapper {
+  overflow: auto;
+
+  .table,
+  .paginator {
+    width: 100%;
+
+    td,
+    th {
+      padding: 0 1rem;
+
+      &:first-child {
+        padding-left: 0;
+        padding-right: 1rem;
+      }
+
+      &:last-child {
+        padding-right: 0;
+      }
+    }
+
+    .data-row {
+      cursor: pointer;
+
+      &:hover {
+        background-color: #ffffff05;
+      }
+    }
+  }
+}
+
+tr {
+  outline: none;
+}
+
+.add-button {
+  border-radius: .5rem;
+}

console/src/app/pages/users/user-detail/machine-keys/machine-keys.component.spec.ts

@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { MachineKeysComponent } from './machine-keys.component';
+
+describe('MachineKeysComponent', () => {
+    let component: MachineKeysComponent;
+    let fixture: ComponentFixture<MachineKeysComponent>;
+
+    beforeEach(async(() => {
+        TestBed.configureTestingModule({
+            declarations: [MachineKeysComponent],
+        })
+            .compileComponents();
+    }));
+
+    beforeEach(() => {
+        fixture = TestBed.createComponent(MachineKeysComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+    });
+
+    it('should create', () => {
+        expect(component).toBeTruthy();
+    });
+});

console/src/app/pages/users/user-detail/machine-keys/machine-keys.component.ts

@@ -0,0 +1,124 @@
+import { SelectionModel } from '@angular/cdk/collections';
+import { Component, EventEmitter, Input, OnInit, Output, ViewChild } from '@angular/core';
+import { MatDialog } from '@angular/material/dialog';
+import { MatPaginator, PageEvent } from '@angular/material/paginator';
+import { MatTableDataSource } from '@angular/material/table';
+import { TranslateService } from '@ngx-translate/core';
+import { Timestamp } from 'google-protobuf/google/protobuf/timestamp_pb';
+import { BehaviorSubject, Observable } from 'rxjs';
+import { MachineKeySearchResponse, MachineKeyType, MachineKeyView } from 'src/app/proto/generated/management_pb';
+import { ManagementService } from 'src/app/services/mgmt.service';
+import { ToastService } from 'src/app/services/toast.service';
+
+import { AddKeyDialogComponent } from './add-key-dialog/add-key-dialog.component';
+
+@Component({
+    selector: 'app-machine-keys',
+    templateUrl: './machine-keys.component.html',
+    styleUrls: ['./machine-keys.component.scss'],
+})
+export class MachineKeysComponent implements OnInit {
+    @Input() userId!: string;
+    @ViewChild(MatPaginator) public paginator!: MatPaginator;
+    public dataSource: MatTableDataSource<MachineKeyView.AsObject> = new MatTableDataSource<MachineKeyView.AsObject>();
+    public selection: SelectionModel<MachineKeyView.AsObject> = new SelectionModel<MachineKeyView.AsObject>(true, []);
+    public keyResult!: MachineKeySearchResponse.AsObject;
+    private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
+    public loading$: Observable<boolean> = this.loadingSubject.asObservable();
+    @Input() public displayedColumns: string[] = ['select', 'id', 'type', 'creationDate', 'expirationDate'];
+
+    @Output() public changedSelection: EventEmitter<Array<MachineKeyView.AsObject>> = new EventEmitter();
+
+    constructor(public translate: TranslateService, private userService: ManagementService, private dialog: MatDialog,
+        private toast: ToastService) {
+        this.selection.changed.subscribe(() => {
+            this.changedSelection.emit(this.selection.selected);
+        });
+    }
+
+    public ngOnInit(): void {
+        this.getData(10, 0);
+    }
+
+
+    public isAllSelected(): boolean {
+        const numSelected = this.selection.selected.length;
+        const numRows = this.dataSource.data.length;
+        return numSelected === numRows;
+    }
+
+    public masterToggle(): void {
+        this.isAllSelected() ?
+            this.selection.clear() :
+            this.dataSource.data.forEach(row => this.selection.select(row));
+    }
+
+
+    public changePage(event: PageEvent): void {
+        this.getData(event.pageSize, event.pageIndex * event.pageSize);
+    }
+
+    public deleteSelectedKeys(): void {
+        Promise.all(this.selection.selected.map(value => {
+            return this.userService.DeleteMachineKey(value.id, this.userId);
+        })).then(() => {
+            this.selection.clear();
+            this.toast.showInfo('USER.TOAST.SELECTEDKEYSDELETED', true);
+            this.getData(10, 0);
+        });
+    }
+
+    public openAddKey(): void {
+        const dialogRef = this.dialog.open(AddKeyDialogComponent, {
+            data: {},
+            width: '400px',
+        });
+
+        dialogRef.afterClosed().subscribe(resp => {
+            if (resp) {
+                const type: MachineKeyType = resp.type;
+
+                let date: Timestamp | undefined;
+
+                if (resp.date as Date) {
+                    const ts = new Timestamp();
+
+                    const milliseconds = resp.date.getTime();
+                    const seconds = Math.abs(milliseconds / 1000);
+                    const nanos = (milliseconds - seconds * 1000) * 1000 * 1000;
+                    ts.setSeconds(seconds);
+                    ts.setNanos(nanos);
+                    date = ts;
+                    console.log(date.toObject());
+                }
+
+                if (type) {
+                    console.log(this.userId, type, date);
+                    return this.userService.AddMachineKey(this.userId, type, date).then(() => {
+                        this.toast.showInfo('ORG.TOAST.MEMBERADDED', true);
+                    }).catch((error: any) => {
+                        this.toast.showError(error);
+                    });
+                }
+            }
+        });
+    }
+
+    private async getData(limit: number, offset: number): Promise<void> {
+        this.loadingSubject.next(true);
+
+        this.userService.SearchMachineKeys(this.userId, limit, offset).then(resp => {
+            this.keyResult = resp.toObject();
+            this.dataSource.data = this.keyResult.resultList;
+            console.log(this.keyResult.resultList);
+            this.loadingSubject.next(false);
+        }).catch((error: any) => {
+            this.toast.showError(error);
+            this.loadingSubject.next(false);
+        });
+    }
+
+    public refreshPage(): void {
+        this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize);
+    }
+}

console/src/app/pages/users/user-detail/membership-detail/membership-detail.component.html

@@ -1,14 +1,9 @@
 <app-detail-layout [backRouterLink]="[ '/users', user?.id]"
-    title="{{user?.displayName}} {{ 'USER.MEMBERSHIPS.TITLE' | translate }}"
+    title="{{user?.human?.displayName}} {{ 'USER.MEMBERSHIPS.TITLE' | translate }}"
     description="{{ 'USER.MEMBERSHIPS.DESCRIPTION' | translate }}">
     <app-refresh-table class="refresh-table" (refreshed)="refreshPage()" [dataSize]="dataSource?.totalResult"
         [timestamp]="dataSource?.viewTimestamp" [selection]="selection" [loading]="dataSource?.loading$ | async">
 
-        <!-- <button actions (click)="removeSelectedMemberships()" matTooltip="{{'USER.MEMBERSHIPS.REMOVE' | translate}}"
-            class="icon-button" mat-icon-button *ngIf="selection.hasValue()" color="warn">
-            <i class="las la-trash"></i>
-        </button> -->
-
         <a actions color="primary" class="add-button" (click)="addMember()" color="primary" mat-raised-button>
             <mat-icon class="icon">add</mat-icon>{{ 'ACTIONS.NEW' | translate }}
         </a>

console/src/app/pages/users/user-detail/membership-detail/membership-detail.component.ts

@@ -6,7 +6,7 @@ import { MatTable } from '@angular/material/table';
 import { ActivatedRoute } from '@angular/router';
 import { tap } from 'rxjs/operators';
 import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component';
-import { User, UserMembershipSearchResponse, UserMembershipView, UserView } from 'src/app/proto/generated/management_pb';
+import { UserMembershipSearchResponse, UserMembershipView, UserView } from 'src/app/proto/generated/management_pb';
 import { AdminService } from 'src/app/services/admin.service';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
@@ -124,7 +124,7 @@ export class MembershipDetailComponent implements AfterViewInit {
     }
 
     public createIamMember(response: any): void {
-        const users: User.AsObject[] = response.users;
+        const users: UserView.AsObject[] = response.users;
         const roles: string[] = response.roles;
 
         if (users && users.length && roles && roles.length) {
@@ -139,7 +139,7 @@ export class MembershipDetailComponent implements AfterViewInit {
     }
 
     private createOrgMember(response: any): void {
-        const users: User.AsObject[] = response.users;
+        const users: UserView.AsObject[] = response.users;
         const roles: string[] = response.roles;
 
         if (users && users.length && roles && roles.length) {
@@ -154,7 +154,7 @@ export class MembershipDetailComponent implements AfterViewInit {
     }
 
     private createGrantedProjectMember(response: any): void {
-        const users: User.AsObject[] = response.users;
+        const users: UserView.AsObject[] = response.users;
         const roles: string[] = response.roles;
 
         if (users && users.length && roles && roles.length) {
@@ -174,7 +174,7 @@ export class MembershipDetailComponent implements AfterViewInit {
     }
 
     private createOwnedProjectMember(response: any): void {
-        const users: User.AsObject[] = response.users;
+        const users: UserView.AsObject[] = response.users;
         const roles: string[] = response.roles;
 
         if (users && users.length && roles && roles.length) {

console/src/app/pages/users/user-detail/user-detail-routing.module.ts

@@ -16,6 +16,14 @@ const routes: Routes = [
             roles: ['user.write'],
         },
     },
+    {
+        path: 'create-machine',
+        loadChildren: () => import('../user-create-machine/user-create-machine.module').then(m => m.UserCreateMachineModule),
+        canActivate: [AuthGuard, RoleGuard],
+        data: {
+            roles: ['user.write'],
+        },
+    },
     {
         path: 'me',
         component: AuthUserDetailComponent,

console/src/app/pages/users/user-detail/user-detail.module.ts

@@ -2,6 +2,7 @@ import { CommonModule } from '@angular/common';
 import { NgModule } from '@angular/core';
 import { FormsModule, ReactiveFormsModule } from '@angular/forms';
 import { MatButtonModule } from '@angular/material/button';
+import { MatCheckboxModule } from '@angular/material/checkbox';
 import { MatDialogModule } from '@angular/material/dialog';
 import { MatFormFieldModule } from '@angular/material/form-field';
 import { MatIconModule } from '@angular/material/icon';
@@ -25,13 +26,18 @@ import { RefreshTableModule } from 'src/app/modules/refresh-table/refresh-table.
 import { SharedModule } from 'src/app/modules/shared/shared.module';
 import { UserGrantsModule } from 'src/app/modules/user-grants/user-grants.module';
 import { HasRolePipeModule } from 'src/app/pipes/has-role-pipe.module';
+import { LocalizedDatePipeModule } from 'src/app/pipes/localized-date-pipe.module';
+import { TimestampToDatePipeModule } from 'src/app/pipes/timestamp-to-date-pipe.module';
 
 import { AuthUserDetailComponent } from './auth-user-detail/auth-user-detail.component';
 import { AuthUserMfaComponent } from './auth-user-detail/auth-user-mfa/auth-user-mfa.component';
 import { CodeDialogComponent } from './auth-user-detail/code-dialog/code-dialog.component';
 import { DialogOtpComponent } from './auth-user-detail/dialog-otp/dialog-otp.component';
 import { ThemeSettingComponent } from './auth-user-detail/theme-setting/theme-setting.component';
+import { DetailFormMachineModule } from './detail-form-machine/detail-form-machine.module';
 import { DetailFormModule } from './detail-form/detail-form.module';
+import { AddKeyDialogModule } from './machine-keys/add-key-dialog/add-key-dialog.module';
+import { MachineKeysComponent } from './machine-keys/machine-keys.component';
 import { MembershipsComponent } from './memberships/memberships.component';
 import { PasswordComponent } from './password/password.component';
 import { UserDetailRoutingModule } from './user-detail-routing.module';
@@ -49,6 +55,7 @@ import { UserMfaComponent } from './user-detail/user-mfa/user-mfa.component';
         PasswordComponent,
         CodeDialogComponent,
         MembershipsComponent,
+        MachineKeysComponent,
     ],
     imports: [
         UserDetailRoutingModule,
@@ -57,9 +64,12 @@ import { UserMfaComponent } from './user-detail/user-mfa/user-mfa.component';
         FormsModule,
         ReactiveFormsModule,
         DetailFormModule,
+        DetailFormMachineModule,
         MatDialogModule,
         QRCodeModule,
         MetaLayoutModule,
+        AddKeyDialogModule,
+        MatCheckboxModule,
         HasRolePipeModule,
         MatFormFieldModule,
         UserGrantsModule,
@@ -80,6 +90,8 @@ import { UserMfaComponent } from './user-detail/user-mfa/user-mfa.component';
         DetailLayoutModule,
         PasswordComplexityViewModule,
         MemberCreateDialogModule,
+        TimestampToDatePipeModule,
+        LocalizedDatePipeModule,
     ],
 })
 export class UserDetailModule { }

console/src/app/pages/users/user-detail/user-detail/user-detail.component.html

@@ -4,7 +4,7 @@
             <a (click)="navigateBack()" mat-icon-button>
                 <mat-icon class="icon">arrow_back</mat-icon>
             </a>
-            <h1>{{user?.displayName}}</h1>
+            <h1>{{user.human ? user.human?.displayName : user.machine?.name}}</h1>
 
             <span class="fill-space"></span>
 
@@ -37,14 +37,27 @@
         </app-card>
 
         <ng-template appHasRole [appHasRole]="['user.read', 'user.read:'+user?.id]">
-            <app-card title="{{ 'USER.PROFILE.TITLE' | translate }}">
+            <app-card *ngIf="user.human" title="{{ 'USER.PROFILE.TITLE' | translate }}">
                 <app-detail-form [disabled]="(['user.write:' + user?.id, 'user.write'] | hasRole | async) == false"
-                    [genders]="genders" [languages]="languages" [profile]="user" (submitData)="saveProfile($event)">
+                    [genders]="genders" [languages]="languages" [username]="user.userName" [user]="user.human"
+                    (submitData)="saveProfile($event)">
                 </app-detail-form>
             </app-card>
+
+            <app-card *ngIf="user.machine" title="{{ 'USER.MACHINE.TITLE' | translate }}">
+                <app-detail-form-machine
+                    [disabled]="(['user.write:' + user?.id, 'user.write'] | hasRole | async) == false"
+                    [username]="user.userName" [user]="user.machine" (submitData)="saveMachine($event)">
+                </app-detail-form-machine>
+            </app-card>
+
+            <app-card *ngIf="user.id" title="{{ 'USER.MACHINE.KEYSTITLE' | translate }}"
+                description="{{ 'USER.MACHINE.KEYSDESC' | translate }}">
+                <app-machine-keys [userId]="user.id"></app-machine-keys>
+            </app-card>
         </ng-template>
 
-        <app-card title="{{ 'USER.LOGINMETHODS.TITLE' | translate }}"
+        <app-card *ngIf="user.human" title="{{ 'USER.LOGINMETHODS.TITLE' | translate }}"
             description="{{ 'USER.LOGINMETHODS.DESCRIPTION' | translate }}">
             <div class="method-col">
                 <div class="method-row">
@@ -65,11 +78,11 @@
 
                     <ng-container *ngIf="!emailEditState; else emailEdit">
                         <div class="actions">
-                            <span class="name">{{user?.email}}</span>
+                            <span class="name">{{user?.human?.email}}</span>
-                            <mat-icon class="icon" *ngIf="user?.isEmailVerified" color="primary" aria-hidden="false"
+                            <mat-icon class="icon" *ngIf="user?.human?.isEmailVerified" color="primary"
-                                aria-label="verified icon">
+                                aria-hidden="false" aria-label="verified icon">
                                 check_circle_outline</mat-icon>
-                            <ng-container *ngIf="user?.email && !user?.isEmailVerified">
+                            <ng-container *ngIf="user?.human?.email && !user?.human?.isEmailVerified">
                                 <mat-icon class="icon" color="warn" aria-hidden="false" aria-label="not verified icon">
                                     highlight_off
                                 </mat-icon>
@@ -87,13 +100,15 @@
                     <ng-template #emailEdit>
                         <mat-form-field class="name">
                             <mat-label>{{ 'USER.EMAIL' | translate }}</mat-label>
-                            <input matInput [(ngModel)]="user.email" />
+                            <input matInput *ngIf="user.human && user.human.email" [(ngModel)]="user.human.email" />
                         </mat-form-field>
                         <button (click)="emailEditState = false" mat-icon-button>
                             <mat-icon class="icon">close</mat-icon>
                         </button>
-                        <button [disabled]="!user.email" class="submit-button" type="button" color="primary"
+                        <button *ngIf="user.human"
-                            (click)="saveEmail()" mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
+                            [disabled]="!user.human.email || (['user.write','user.write' + user.id] | hasRole | async) == false"
+                            class="submit-button" type="button" color="primary" (click)="saveEmail()"
+                            mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
                     </ng-template>
                 </div>
 
@@ -102,11 +117,11 @@
 
                     <ng-container *ngIf="!phoneEditState; else phoneEdit">
                         <div class="actions">
-                            <span class="name">{{user?.phone}}</span>
+                            <span class="name">{{user?.human?.phone}}</span>
-                            <mat-icon class="icon" *ngIf="user?.isPhoneVerified" color="primary" aria-hidden="false"
+                            <mat-icon class="icon" *ngIf="user?.human?.isPhoneVerified" color="primary"
-                                aria-label="verified icon">
+                                aria-hidden="false" aria-label="verified icon">
                                 check_circle_outline</mat-icon>
-                            <ng-container *ngIf="user?.phone && !user?.isPhoneVerified">
+                            <ng-container *ngIf="user?.human?.phone && !user?.human?.isPhoneVerified">
                                 <mat-icon class="icon" color="warn" aria-hidden="false" aria-label="not verified icon">
                                     highlight_off
                                 </mat-icon>
@@ -125,22 +140,24 @@
                     <ng-template #phoneEdit>
                         <mat-form-field class="name">
                             <mat-label>{{ 'USER.PHONE' | translate }}</mat-label>
-                            <input matInput [(ngModel)]="user.phone" />
+                            <input *ngIf="user.human && user.human.phone" matInput [(ngModel)]="user.human.phone" />
                         </mat-form-field>
                         <button (click)="phoneEditState = false" mat-icon-button>
                             <mat-icon class="icon">close</mat-icon>
                         </button>
-                        <button *ngIf="user.phone" color="warn" (click)="deletePhone()" mat-icon-button>
+                        <button *ngIf="user.human?.phone" color="warn" (click)="deletePhone()" mat-icon-button>
                             <i class="las la-trash"></i>
                         </button>
-                        <button [disabled]="!user.phone" type="button" color="primary" (click)="savePhone()"
+                        <button *ngIf="user.human"
-                            mat-raised-button>{{ 'ACTIONS.SAVE' | translate }}</button>
+                            [disabled]="!user.human.phone || (['user.write', 'user.write'+ user.id]| hasRole | async) == false"
+                            type="button" color="primary" (click)="savePhone()" mat-raised-button>
+                            {{ 'ACTIONS.SAVE' | translate }}</button>
                     </ng-template>
                 </div>
             </div>
         </app-card>
 
-        <app-user-mfa *ngIf="user" [user]="user"></app-user-mfa>
+        <app-user-mfa *ngIf="user && user.human" [user]="user"></app-user-mfa>
 
         <app-card *ngIf="user?.id" title="{{ 'GRANTS.USER.TITLE' | translate }}"
             description="{{'GRANTS.USER.DESCRIPTION' | translate }}">

console/src/app/pages/users/user-detail/user-detail/user-detail.component.ts

@@ -6,6 +6,8 @@ import { Subscription } from 'rxjs';
 import { ChangeType } from 'src/app/modules/changes/changes.component';
 import {
     Gender,
+    MachineResponse,
+    MachineView,
     NotificationType,
     UserEmail,
     UserPhone,
@@ -79,20 +81,21 @@ export class UserDetailComponent implements OnInit, OnDestroy {
     }
 
     public saveProfile(profileData: UserProfile.AsObject): void {
-        this.user.firstName = profileData.firstName;
+        if (this.user.human) {
-        this.user.lastName = profileData.lastName;
+            this.user.human.firstName = profileData.firstName;
-        this.user.nickName = profileData.nickName;
+            this.user.human.lastName = profileData.lastName;
-        this.user.displayName = profileData.displayName;
+            this.user.human.nickName = profileData.nickName;
-        this.user.gender = profileData.gender;
+            this.user.human.displayName = profileData.displayName;
-        this.user.preferredLanguage = profileData.preferredLanguage;
+            this.user.human.gender = profileData.gender;
+            this.user.human.preferredLanguage = profileData.preferredLanguage;
             this.mgmtUserService
                 .SaveUserProfile(
                     this.user.id,
-                this.user.firstName,
+                    this.user.human.firstName,
-                this.user.lastName,
+                    this.user.human.lastName,
-                this.user.nickName,
+                    this.user.human.nickName,
-                this.user.preferredLanguage,
+                    this.user.human.preferredLanguage,
-                this.user.gender)
+                    this.user.human.gender)
                 .then((data: UserProfile) => {
                     this.toast.showInfo('USER.TOAST.SAVED', true);
                     this.user = Object.assign(this.user, data.toObject());
@@ -101,6 +104,26 @@ export class UserDetailComponent implements OnInit, OnDestroy {
                     this.toast.showError(error);
                 });
         }
+    }
+
+    public saveMachine(machineData: MachineView.AsObject): void {
+        if (this.user.machine) {
+            this.user.machine.name = machineData.name;
+            this.user.machine.description = machineData.description;
+
+            this.mgmtUserService
+                .UpdateUserMachine(
+                    this.user.id,
+                    this.user.machine.description)
+                .then((data: MachineResponse) => {
+                    this.toast.showInfo('USER.TOAST.SAVED', true);
+                    this.user = Object.assign(this.user, data.toObject());
+                })
+                .catch(error => {
+                    this.toast.showError(error);
+                });
+        }
+    }
 
     public resendVerification(): void {
         this.mgmtUserService.ResendEmailVerification(this.user.id).then(() => {
@@ -121,7 +144,9 @@ export class UserDetailComponent implements OnInit, OnDestroy {
     public deletePhone(): void {
         this.mgmtUserService.RemoveUserPhone(this.user.id).then(() => {
             this.toast.showInfo('USER.TOAST.PHONEREMOVED', true);
-            this.user.phone = '';
+            if (this.user.human) {
+                this.user.human.phone = '';
+            }
             this.phoneEditState = false;
         }).catch(error => {
             this.toast.showError(error);
@@ -130,26 +155,34 @@ export class UserDetailComponent implements OnInit, OnDestroy {
 
     public saveEmail(): void {
         this.emailEditState = false;
+        if (this.user && this.user.human?.phone) {
             this.mgmtUserService
-            .SaveUserEmail(this.user.id, this.user.email).then((data: UserEmail) => {
+                .SaveUserEmail(this.user.id, this.user.human.email).then((data: UserEmail) => {
                     this.toast.showInfo('USER.TOAST.EMAILSENT', true);
-                this.user.email = data.toObject().email;
+                    if (this.user.human) {
+                        this.user.human.email = data.toObject().email;
+                    }
                 }).catch(error => {
                     this.toast.showError(error);
                 });
         }
+    }
 
     public savePhone(): void {
         this.phoneEditState = false;
+        if (this.user && this.user.human?.phone) {
             this.mgmtUserService
-            .SaveUserPhone(this.user.id, this.user.phone).then((data: UserPhone) => {
+                .SaveUserPhone(this.user.id, this.user.human.phone).then((data: UserPhone) => {
                     this.toast.showInfo('USER.TOAST.PHONESAVED', true);
-                this.user.phone = data.toObject().phone;
+                    if (this.user.human) {
+                        this.user.human.phone = data.toObject().phone;
+                    }
                     this.phoneEditState = false;
                 }).catch(error => {
                     this.toast.showError(error);
                 });
         }
+    }
 
     public navigateBack(): void {
         this._location.back();

console/src/app/pages/users/user-list/user-list-routing.module.ts

@@ -1,14 +1,25 @@
 import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
 
-import { UserListComponent } from './user-list.component';
+import { UserListComponent, UserType } from './user-list.component';
 
 
 const routes: Routes = [
     {
-        path: '',
+        path: 'humans',
         component: UserListComponent,
-        data: { animation: 'HomePage' },
+        data: {
+            animation: 'HomePage',
+            type: UserType.HUMAN,
+        },
+    },
+    {
+        path: 'machines',
+        component: UserListComponent,
+        data: {
+            animation: 'HomePage',
+            type: UserType.MACHINE,
+        },
     },
 ];
 

console/src/app/pages/users/user-list/user-list.component.html

@@ -1,74 +1,17 @@
-<div class="max-width-container">
+<div class="max-width-container" [ngSwitch]="type">
+    <ng-container *ngSwitchCase="UserType.HUMAN">
         <h1>{{ 'USER.PAGES.LIST' | translate }}</h1>
         <p class="sub">{{ 'USER.PAGES.DESCRIPTION' | translate }}</p>
 
-    <app-refresh-table [loading]="loading$ | async" (refreshed)="refreshPage()" [dataSize]="dataSource.data.length"
+        <app-user-table [userType]="UserType.HUMAN"></app-user-table>
-        [timestamp]="userResult?.viewTimestamp">
-        <ng-template appHasRole [appHasRole]="['user.write']" actions>
-            <button (click)="deactivateSelectedUsers()" matTooltip="{{'ORG_DETAIL.TABLE.DEACTIVATE' | translate}}"
-                class="icon-button" mat-icon-button *ngIf="selection.hasValue()">
-                <mat-icon svgIcon="mdi_account_cancel"></mat-icon>
-            </button>
-            <button (click)="reactivateSelectedUsers()" matTooltip="{{'ORG_DETAIL.TABLE.ACTIVATE' | translate}}"
-                class="icon-button" mat-icon-button *ngIf="selection.hasValue()">
-                <mat-icon svgIcon="mdi_account_check_outline"></mat-icon>
-            </button>
-            <a class="add-button" [routerLink]="[ '/users', 'create']" color="primary" mat-raised-button>
-                <mat-icon class="icon">add</mat-icon>{{ 'ACTIONS.NEW' | translate }}
-            </a>
-        </ng-template>
-
-        <div class="table-wrapper">
-            <table class="table background-style" mat-table [dataSource]="dataSource">
-                <ng-container matColumnDef="select">
-                    <th mat-header-cell *matHeaderCellDef>
-                        <mat-checkbox color="primary" (change)="$event ? masterToggle() : null"
-                            [checked]="selection.hasValue() && isAllSelected()"
-                            [indeterminate]="selection.hasValue() && !isAllSelected()">
-                        </mat-checkbox>
-                    </th>
-                    <td mat-cell *matCellDef="let user">
-                        <mat-checkbox color="primary" (click)="$event.stopPropagation()"
-                            (change)="$event ? selection.toggle(user) : null" [checked]="selection.isSelected(user)">
-                            <app-avatar *ngIf="user && user.displayName" class="avatar" [name]="user.displayName"
-                                [size]="32">
-                            </app-avatar>
-                        </mat-checkbox>
-                    </td>
     </ng-container>
 
-                <ng-container matColumnDef="firstname">
+    <ng-container *ngSwitchCase="UserType.MACHINE">
-                    <th mat-header-cell *matHeaderCellDef> {{ 'USER.PROFILE.FIRSTNAME' | translate }} </th>
+        <h1>{{ 'USER.PAGES.LISTMACHINE' | translate }}</h1>
-                    <td mat-cell *matCellDef="let user"> {{user.firstName}} </td>
+        <p class="sub">{{ 'USER.PAGES.DESCRIPTIONMACHINE' | translate }}</p>
-                </ng-container>
 
-                <ng-container matColumnDef="lastname">
+        <app-user-table [userType]="UserType.MACHINE"
-                    <th mat-header-cell *matHeaderCellDef> {{ 'USER.PROFILE.LASTNAME' | translate }} </th>
+            [displayedColumns]="['select','name', 'username', 'description','state']">
-                    <td mat-cell *matCellDef="let user"> {{user.lastName}} </td>
+        </app-user-table>
     </ng-container>
-
-                <ng-container matColumnDef="username">
-                    <th mat-header-cell *matHeaderCellDef> {{ 'USER.PROFILE.USERNAME' | translate }} </th>
-                    <td mat-cell *matCellDef="let user"> {{user.userName}} </td>
-                </ng-container>
-
-                <ng-container matColumnDef="email">
-                    <th mat-header-cell *matHeaderCellDef> {{ 'USER.EMAIL' | translate }} </th>
-                    <td mat-cell *matCellDef="let user"> {{user.email}} </td>
-                </ng-container>
-                <ng-container matColumnDef="state">
-                    <th mat-header-cell *matHeaderCellDef> {{ 'USER.DATA.STATE' | translate }} </th>
-                    <td mat-cell *matCellDef="let user"> {{ 'USER.DATA.STATE'+user.state | translate }} </td>
-                </ng-container>
-
-                <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
-                <tr class="data-row" mat-row *matRowDef="let row; columns: displayedColumns;"
-                    [routerLink]="['/users', row.id]">
-                </tr>
-
-            </table>
-            <mat-paginator #paginator class="paginator background-style" [length]="userResult?.totalResult || 0"
-                [pageSize]="10" [pageSizeOptions]="[5, 10, 20]" (page)="changePage($event)"></mat-paginator>
-        </div>
-    </app-refresh-table>
 </div>

console/src/app/pages/users/user-list/user-list.component.scss

@@ -6,42 +6,3 @@ h1 {
   color: #8795a1;
   margin-bottom: 2rem;
 }
-
-.add-button {
-  border-radius: .5rem;
-}
-
-.table-wrapper {
-  overflow: auto;
-
-  .table,
-  .paginator {
-    width: 100%;
-
-    td,
-    th {
-      padding: 0 1rem;
-
-      &:first-child {
-        padding-left: 0;
-        padding-right: 1rem;
-      }
-
-      &:last-child {
-        padding-right: 0;
-      }
-    }
-
-    .data-row {
-      cursor: pointer;
-
-      &:hover {
-        background-color: #ffffff05;
-      }
-    }
-  }
-}
-
-tr {
-  outline: none;
-}

console/src/app/pages/users/user-list/user-list.component.ts

@@ -1,91 +1,24 @@
-import { SelectionModel } from '@angular/cdk/collections';
+import { Component } from '@angular/core';
-import { Component, EventEmitter, OnDestroy, Output, ViewChild } from '@angular/core';
-import { MatPaginator, PageEvent } from '@angular/material/paginator';
-import { MatTableDataSource } from '@angular/material/table';
 import { ActivatedRoute } from '@angular/router';
 import { TranslateService } from '@ngx-translate/core';
-import { BehaviorSubject, Observable, Subscription } from 'rxjs';
+import { take } from 'rxjs/operators';
-import { User, UserSearchResponse } from 'src/app/proto/generated/management_pb';
-import { ManagementService } from 'src/app/services/mgmt.service';
-import { ToastService } from 'src/app/services/toast.service';
 
+export enum UserType {
+    HUMAN = 'human',
+    MACHINE = 'machine',
+}
 @Component({
     selector: 'app-user-list',
     templateUrl: './user-list.component.html',
     styleUrls: ['./user-list.component.scss'],
 })
-export class UserListComponent implements OnDestroy {
+export class UserListComponent {
-    @ViewChild(MatPaginator) public paginator!: MatPaginator;
+    public UserType: any = UserType;
-    public dataSource: MatTableDataSource<User.AsObject> = new MatTableDataSource<User.AsObject>();
+    public type: UserType = UserType.HUMAN;
-    public userResult!: UserSearchResponse.AsObject;
+    constructor(public translate: TranslateService, activatedRoute: ActivatedRoute) {
-    private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
+        activatedRoute.data.pipe(take(1)).subscribe(params => {
-    public loading$: Observable<boolean> = this.loadingSubject.asObservable();
+            const { type } = params;
-    public displayedColumns: string[] = ['select', 'firstname', 'lastname', 'username', 'email', 'state'];
+            this.type = type;
-    public selection: SelectionModel<User.AsObject> = new SelectionModel<User.AsObject>(true, []);
-    @Output() public changedSelection: EventEmitter<Array<User.AsObject>> = new EventEmitter();
-
-    private subscription?: Subscription;
-
-    constructor(public translate: TranslateService, private route: ActivatedRoute, private userService: ManagementService,
-        private toast: ToastService) {
-        this.subscription = this.route.params.subscribe(() => this.getData(10, 0));
-
-        this.selection.changed.subscribe(() => {
-            this.changedSelection.emit(this.selection.selected);
         });
     }
-
-    public isAllSelected(): boolean {
-        const numSelected = this.selection.selected.length;
-        const numRows = this.dataSource.data.length;
-        return numSelected === numRows;
-    }
-
-    public masterToggle(): void {
-        this.isAllSelected() ?
-            this.selection.clear() :
-            this.dataSource.data.forEach(row => this.selection.select(row));
-    }
-
-    public ngOnDestroy(): void {
-        this.subscription?.unsubscribe();
-    }
-
-    public changePage(event: PageEvent): void {
-        this.getData(event.pageSize, event.pageIndex * event.pageSize);
-    }
-
-    public deactivateSelectedUsers(): void {
-        Promise.all(this.selection.selected.map(value => {
-            return this.userService.DeactivateUser(value.id);
-        })).then(() => {
-            this.toast.showInfo('USER.TOAST.SELECTEDDEACTIVATED', true);
-            this.getData(10, 0);
-        });
-    }
-
-    public reactivateSelectedUsers(): void {
-        Promise.all(this.selection.selected.map(value => {
-            return this.userService.ReactivateUser(value.id);
-        })).then(() => {
-            this.toast.showInfo('USER.TOAST.SELECTEDREACTIVATED', true);
-            this.getData(10, 0);
-        });
-    }
-
-    private async getData(limit: number, offset: number): Promise<void> {
-        this.loadingSubject.next(true);
-        this.userService.SearchUsers(limit, offset).then(resp => {
-            this.userResult = resp.toObject();
-            this.dataSource.data = this.userResult.resultList;
-            this.loadingSubject.next(false);
-        }).catch(error => {
-            this.toast.showError(error);
-            this.loadingSubject.next(false);
-        });
-    }
-
-    public refreshPage(): void {
-        this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize);
-    }
 }

console/src/app/pages/users/user-list/user-list.module.ts

@@ -18,11 +18,13 @@ import { SharedModule } from 'src/app/modules/shared/shared.module';
 
 import { UserListRoutingModule } from './user-list-routing.module';
 import { UserListComponent } from './user-list.component';
+import { UserTableComponent } from './user-table/user-table.component';
 
 
 @NgModule({
     declarations: [
         UserListComponent,
+        UserTableComponent,
     ],
     imports: [
         AvatarModule,

console/src/app/pages/users/user-list/user-table/user-table.component.html

@@ -0,0 +1,80 @@
+<app-refresh-table [loading]="loading$ | async" (refreshed)="refreshPage()" [dataSize]="dataSource.data.length"
+    [timestamp]="userResult?.viewTimestamp" [selection]="selection">
+    <ng-template appHasRole [appHasRole]="['user.write']" actions>
+        <button (click)="deactivateSelectedUsers()" matTooltip="{{'ORG_DETAIL.TABLE.DEACTIVATE' | translate}}"
+            class="icon-button" mat-icon-button *ngIf="selection.hasValue()">
+            <mat-icon svgIcon="mdi_account_cancel"></mat-icon>
+        </button>
+        <button (click)="reactivateSelectedUsers()" matTooltip="{{'ORG_DETAIL.TABLE.ACTIVATE' | translate}}"
+            class="icon-button" mat-icon-button *ngIf="selection.hasValue()">
+            <mat-icon svgIcon="mdi_account_check_outline"></mat-icon>
+        </button>
+        <a class="add-button" [routerLink]="[ '/users',userType == UserType.HUMAN ? 'create' : 'create-machine']"
+            color="primary" mat-raised-button>
+            <mat-icon class="icon">add</mat-icon>{{ 'ACTIONS.NEW' | translate }}
+        </a>
+    </ng-template>
+
+    <div class="table-wrapper">
+        <table class="table background-style" mat-table [dataSource]="dataSource">
+            <ng-container matColumnDef="select">
+                <th mat-header-cell *matHeaderCellDef>
+                    <mat-checkbox color="primary" (change)="$event ? masterToggle() : null"
+                        [checked]="selection.hasValue() && isAllSelected()"
+                        [indeterminate]="selection.hasValue() && !isAllSelected()">
+                    </mat-checkbox>
+                </th>
+                <td mat-cell *matCellDef="let user">
+                    <mat-checkbox color="primary" (click)="$event.stopPropagation()"
+                        (change)="$event ? selection.toggle(user) : null" [checked]="selection.isSelected(user)">
+                        <app-avatar *ngIf="user[userType] && user[userType].displayName" class="avatar"
+                            [name]="user[userType].displayName" [size]="32">
+                        </app-avatar>
+                    </mat-checkbox>
+                </td>
+            </ng-container>
+
+            <ng-container matColumnDef="firstname">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.PROFILE.FIRSTNAME' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{user[userType]?.firstName}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="lastname">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.PROFILE.LASTNAME' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{user[userType]?.lastName}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="name">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MACHINE.NAME' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{user[userType]?.name}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="description">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.MACHINE.DESCRIPTION' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{user[userType]?.description}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="username">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.PROFILE.USERNAME' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{user.userName}} </td>
+            </ng-container>
+
+            <ng-container matColumnDef="email">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.EMAIL' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{user[userType]?.email}} </td>
+            </ng-container>
+            <ng-container matColumnDef="state">
+                <th mat-header-cell *matHeaderCellDef> {{ 'USER.DATA.STATE' | translate }} </th>
+                <td mat-cell *matCellDef="let user"> {{ 'USER.DATA.STATE'+user.state | translate }} </td>
+            </ng-container>
+
+            <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
+            <tr class="data-row" mat-row *matRowDef="let row; columns: displayedColumns;"
+                [routerLink]="row.id ? ['/users', row.id ]: null">
+            </tr>
+
+        </table>
+        <mat-paginator #paginator class="paginator background-style" [length]="userResult?.totalResult || 0"
+            [pageSize]="10" [pageSizeOptions]="[5, 10, 20]" (page)="changePage($event)"></mat-paginator>
+    </div>
+</app-refresh-table>

console/src/app/pages/users/user-list/user-table/user-table.component.scss

@@ -0,0 +1,39 @@
+
+.table-wrapper {
+  overflow: auto;
+
+  .table,
+  .paginator {
+    width: 100%;
+
+    td,
+    th {
+      padding: 0 1rem;
+
+      &:first-child {
+        padding-left: 0;
+        padding-right: 1rem;
+      }
+
+      &:last-child {
+        padding-right: 0;
+      }
+    }
+
+    .data-row {
+      cursor: pointer;
+
+      &:hover {
+        background-color: #ffffff05;
+      }
+    }
+  }
+}
+
+tr {
+  outline: none;
+}
+
+.add-button {
+  border-radius: .5rem;
+}

console/src/app/pages/users/user-list/user-table/user-table.component.spec.ts

@@ -0,0 +1,25 @@
+import { async, ComponentFixture, TestBed } from '@angular/core/testing';
+
+import { UserTableComponent } from './user-table.component';
+
+describe('UserTableComponent', () => {
+    let component: UserTableComponent;
+    let fixture: ComponentFixture<UserTableComponent>;
+
+    beforeEach(async(() => {
+        TestBed.configureTestingModule({
+            declarations: [UserTableComponent],
+        })
+            .compileComponents();
+    }));
+
+    beforeEach(() => {
+        fixture = TestBed.createComponent(UserTableComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+    });
+
+    it('should create', () => {
+        expect(component).toBeTruthy();
+    });
+});

console/src/app/pages/users/user-list/user-table/user-table.component.ts

@@ -0,0 +1,98 @@
+import { SelectionModel } from '@angular/cdk/collections';
+import { Component, EventEmitter, Input, OnInit, Output, ViewChild } from '@angular/core';
+import { MatPaginator, PageEvent } from '@angular/material/paginator';
+import { MatTableDataSource } from '@angular/material/table';
+import { TranslateService } from '@ngx-translate/core';
+import { BehaviorSubject, Observable } from 'rxjs';
+import { UserView } from 'src/app/proto/generated/auth_pb';
+import { UserSearchKey, UserSearchQuery, UserSearchResponse } from 'src/app/proto/generated/management_pb';
+import { ManagementService } from 'src/app/services/mgmt.service';
+import { ToastService } from 'src/app/services/toast.service';
+
+import { UserType } from '../user-list.component';
+
+@Component({
+    selector: 'app-user-table',
+    templateUrl: './user-table.component.html',
+    styleUrls: ['./user-table.component.scss'],
+})
+export class UserTableComponent implements OnInit {
+    public UserType: any = UserType;
+    @Input() userType: UserType = UserType.HUMAN;
+    @ViewChild(MatPaginator) public paginator!: MatPaginator;
+    public dataSource: MatTableDataSource<UserView.AsObject> = new MatTableDataSource<UserView.AsObject>();
+    public selection: SelectionModel<UserView.AsObject> = new SelectionModel<UserView.AsObject>(true, []);
+    public userResult!: UserSearchResponse.AsObject;
+    private loadingSubject: BehaviorSubject<boolean> = new BehaviorSubject<boolean>(false);
+    public loading$: Observable<boolean> = this.loadingSubject.asObservable();
+    @Input() public displayedColumns: string[] = ['select', 'firstname', 'lastname', 'username', 'email', 'state'];
+
+    @Output() public changedSelection: EventEmitter<Array<UserView.AsObject>> = new EventEmitter();
+
+    constructor(public translate: TranslateService, private userService: ManagementService,
+        private toast: ToastService) {
+        this.selection.changed.subscribe(() => {
+            this.changedSelection.emit(this.selection.selected);
+        });
+    }
+
+    ngOnInit(): void {
+        this.getData(10, 0, this.userType);
+    }
+
+    public isAllSelected(): boolean {
+        const numSelected = this.selection.selected.length;
+        const numRows = this.dataSource.data.length;
+        return numSelected === numRows;
+    }
+
+    public masterToggle(): void {
+        this.isAllSelected() ?
+            this.selection.clear() :
+            this.dataSource.data.forEach(row => this.selection.select(row));
+    }
+
+
+    public changePage(event: PageEvent): void {
+        this.getData(event.pageSize, event.pageIndex * event.pageSize, this.userType);
+    }
+
+    public deactivateSelectedUsers(): void {
+        Promise.all(this.selection.selected.map(value => {
+            return this.userService.DeactivateUser(value.id);
+        })).then(() => {
+            this.toast.showInfo('USER.TOAST.SELECTEDDEACTIVATED', true);
+            this.getData(10, 0, this.userType);
+        });
+    }
+
+    public reactivateSelectedUsers(): void {
+        Promise.all(this.selection.selected.map(value => {
+            return this.userService.ReactivateUser(value.id);
+        })).then(() => {
+            this.toast.showInfo('USER.TOAST.SELECTEDREACTIVATED', true);
+            this.getData(10, 0, this.userType);
+        });
+    }
+
+    private async getData(limit: number, offset: number, filterTypeValue: UserType): Promise<void> {
+        this.loadingSubject.next(true);
+        const query = new UserSearchQuery();
+        query.setKey(UserSearchKey.USERSEARCHKEY_TYPE);
+        query.setValue(filterTypeValue);
+
+        this.userService.SearchUsers(limit, offset).then(resp => {
+            this.userResult = resp.toObject();
+            this.dataSource.data = this.userResult.resultList;
+            console.log(this.userResult.resultList);
+            this.loadingSubject.next(false);
+        }).catch(error => {
+            this.toast.showError(error);
+            this.loadingSubject.next(false);
+        });
+    }
+
+    public refreshPage(): void {
+        this.getData(this.paginator.pageSize, this.paginator.pageIndex * this.paginator.pageSize, this.userType);
+    }
+}

console/src/app/services/admin.service.ts

@@ -4,6 +4,7 @@ import { Empty } from 'google-protobuf/google/protobuf/empty_pb';
 import {
     AddIamMemberRequest,
     ChangeIamMemberRequest,
+    CreateHumanRequest,
     CreateOrgRequest,
     CreateUserRequest,
     FailedEventID,
@@ -32,12 +33,15 @@ export class AdminService {
 
     public async SetUpOrg(
         createOrgRequest: CreateOrgRequest,
-        registerUserRequest: CreateUserRequest,
+        humanRequest: CreateHumanRequest,
     ): Promise<OrgSetUpResponse> {
         const req: OrgSetUpRequest = new OrgSetUpRequest();
+        const userReq: CreateUserRequest = new CreateUserRequest();
+
+        userReq.setHuman(humanRequest);
 
         req.setOrg(createOrgRequest);
-        req.setUser(registerUserRequest);
+        req.setUser(userReq);
 
         return this.grpcService.admin.setUpOrg(req);
     }

console/src/app/services/mgmt.service.ts

@@ -1,7 +1,10 @@
 import { Injectable } from '@angular/core';
 import { Empty } from 'google-protobuf/google/protobuf/empty_pb';
+import { Timestamp } from 'google-protobuf/google/protobuf/timestamp_pb';
 
 import {
+    AddMachineKeyRequest,
+    AddMachineKeyResponse,
     AddOrgDomainRequest,
     AddOrgMemberRequest,
     Application,
@@ -14,12 +17,19 @@ import {
     ChangeOrgMemberRequest,
     ChangeRequest,
     Changes,
+    CreateHumanRequest,
+    CreateMachineRequest,
     CreateUserRequest,
     Domain,
     Gender,
     GrantedProjectSearchRequest,
     Iam,
     LoginName,
+    MachineKeyIDRequest,
+    MachineKeySearchRequest,
+    MachineKeySearchResponse,
+    MachineKeyType,
+    MachineResponse,
     MultiFactors,
     NotificationType,
     OIDCApplicationCreate,
@@ -35,7 +45,6 @@ import {
     OrgDomainValidationResponse,
     OrgDomainValidationType,
     OrgIamPolicy,
-    OrgID,
     OrgMember,
     OrgMemberRoles,
     OrgMemberSearchRequest,
@@ -95,11 +104,11 @@ import {
     RemoveOrgDomainRequest,
     RemoveOrgMemberRequest,
     SetPasswordNotificationRequest,
+    UpdateMachineRequest,
     UpdateUserAddressRequest,
     UpdateUserEmailRequest,
     UpdateUserPhoneRequest,
     UpdateUserProfileRequest,
-    User,
     UserAddress,
     UserEmail,
     UserGrant,
@@ -117,6 +126,7 @@ import {
     UserMembershipSearchResponse,
     UserPhone,
     UserProfile,
+    UserResponse,
     UserSearchQuery,
     UserSearchRequest,
     UserSearchResponse,
@@ -134,6 +144,77 @@ export type ResponseMapper<TResp, TMappedResp> = (resp: TResp) => TMappedResp;
 export class ManagementService {
     constructor(private readonly grpcService: GrpcService) { }
 
+    public async CreateUserHuman(username: string, user: CreateHumanRequest): Promise<UserResponse> {
+        const req = new CreateUserRequest();
+
+        req.setUserName(username);
+        req.setHuman(user);
+
+        return this.grpcService.mgmt.createUser(req);
+    }
+
+    public async CreateUserMachine(username: string, user: CreateMachineRequest): Promise<UserResponse> {
+        const req = new CreateUserRequest();
+
+        req.setUserName(username);
+        req.setMachine(user);
+
+        return this.grpcService.mgmt.createUser(req);
+    }
+
+    public async UpdateUserMachine(
+        id: string,
+        description?: string,
+    ): Promise<MachineResponse> {
+        const req = new UpdateMachineRequest();
+        req.setId(id);
+        if (description) {
+            req.setDescription(description);
+        }
+        return this.grpcService.mgmt.updateUserMachine(req);
+    }
+
+    public async AddMachineKey(
+        userId: string,
+        type: MachineKeyType,
+        date?: Timestamp,
+    ): Promise<AddMachineKeyResponse> {
+        const req = new AddMachineKeyRequest();
+        req.setType(type);
+        req.setUserId(userId);
+        if (date) {
+            req.setExpirationDate(date);
+        }
+        return this.grpcService.mgmt.addMachineKey(req);
+    }
+
+    public async DeleteMachineKey(
+        keyId: string,
+        userId: string,
+    ): Promise<Empty> {
+        const req = new MachineKeyIDRequest();
+        req.setKeyId(keyId);
+        req.setUserId(userId);
+
+        return this.grpcService.mgmt.deleteMachineKey(req);
+    }
+
+    public async SearchMachineKeys(
+        userId: string,
+        limit: number,
+        offset: number,
+        asc?: boolean,
+    ): Promise<MachineKeySearchResponse> {
+        const req = new MachineKeySearchRequest();
+        req.setUserId(userId);
+        req.setLimit(limit);
+        req.setOffset(offset);
+        if (asc) {
+            req.setAsc(asc);
+        }
+        return this.grpcService.mgmt.searchMachineKeys(req);
+    }
+
     public async GetIam(): Promise<Iam> {
         const req = new Empty();
         return this.grpcService.mgmt.getIam(req);
@@ -238,7 +319,7 @@ export class ManagementService {
     }
 
     public async ReactivateMyOrg(): Promise<Org> {
-        const req = new OrgID();
+        const req = new Empty();
         return this.grpcService.mgmt.reactivateMyOrg(req);
     }
 
@@ -400,25 +481,6 @@ export class ManagementService {
         }
     }
 
-    public async CreateUser(user: CreateUserRequest.AsObject): Promise<User> {
-        const req = new CreateUserRequest();
-        req.setEmail(user.email);
-        req.setUserName(user.userName);
-        req.setFirstName(user.firstName);
-        req.setLastName(user.lastName);
-        req.setNickName(user.nickName);
-        req.setPassword(user.password);
-        req.setPreferredLanguage(user.preferredLanguage);
-        req.setGender(user.gender);
-        req.setPhone(user.phone);
-        req.setStreetAddress(user.streetAddress);
-        req.setPostalCode(user.postalCode);
-        req.setLocality(user.locality);
-        req.setRegion(user.region);
-        req.setCountry(user.country);
-        return this.grpcService.mgmt.createUser(req);
-    }
-
     public async GetUserByID(id: string): Promise<UserView> {
         const req = new UserID();
         req.setId(id);
@@ -525,7 +587,7 @@ export class ManagementService {
         return this.grpcService.mgmt.removeUserPhone(req);
     }
 
-    public async DeactivateUser(id: string): Promise<UserPhone> {
+    public async DeactivateUser(id: string): Promise<UserResponse> {
         const req = new UserID();
         req.setId(id);
         return this.grpcService.mgmt.deactivateUser(req);
@@ -545,7 +607,8 @@ export class ManagementService {
 
         return this.grpcService.mgmt.createUserGrant(req);
     }
-    public async ReactivateUser(id: string): Promise<UserPhone> {
+
+    public async ReactivateUser(id: string): Promise<UserResponse> {
         const req = new UserID();
         req.setId(id);
         return this.grpcService.mgmt.reactivateUser(req);

console/src/assets/i18n/de.json

@@ -30,7 +30,8 @@
         "PROJECT": "Projekte",
         "GRANTEDPROJECT":"Berechtigte Projekte",
         "USERSECTION":"Benutzersektion",
-        "USER": "Benutzer",
+        "HUMANUSERS": "Benutzer",
+        "MACHINEUSERS":"Service Benutzer",
         "LOGOUT": "Alle Benutzer abmelden",
         "NEWORG":"Neue Organisation",
         "IAMADMIN":"Du bist ein IAM Administrator. Achtung du hast erhöhte Rechte!",
@@ -73,6 +74,8 @@
             "LIST": "Benutzer",
             "TITLE": "Benutzer",
             "DESCRIPTION": "Erfasse und verwalte die Benutzer in deiner Organisation",
+            "LISTMACHINE": "Service Benutzer",
+            "DESCRIPTIONMACHINE": "Erfassen und verwalten Sie die Service Benutzer Ihrer Organisation",
             "DETAIL": "Detail",
             "CREATE": "Erstellen",
             "MY": "Meine Informationen",
@@ -143,6 +146,26 @@
             "GENDER": "Geschlecht",
             "PASSWORD":"Passwort"
         },
+        "MACHINE": {
+            "TITLE":"Service Benutzer Details",
+            "USERNAME":"Benutzername",
+            "NAME":"Name",
+            "DESCRIPTION":"Beschreibung",
+            "KEYSTITLE":"Schlüssel",
+            "KEYSDESC":"Definieren Sie Ihre Schlüssel mit einem optionalen Ablaufdatum",
+            "ID":"Schlüssel Id",
+            "TYPE":"Typ",
+            "EXPIRYDATE":"Ablaufdatum",
+            "CHOOSEEXPIRY":"Definieren Sie ein Ablaufdatum",
+            "CREATIONDATE":"Erstelldatum",
+            "ADD": {
+                "TITLE":"Schlüssel hinzufügen",
+                "DESCRIPTION":"Wählen Sie den Typ und selektieren Sie ein optionales Ablaufdatum."
+            },
+            "KEYTYPES": {
+                "1":"JSON"
+            }
+        },
         "PASSWORD": {
             "TITLE": "Passwort",
             "DESCRIPTION": "Gib das neue Password unter Einhaltung der Richtlinie für die Komplexität ein.",
@@ -226,7 +249,8 @@
             "REACTIVATED":"User reaktiviert!",
             "DEACTIVATED":"User deaktiviert!",
             "SELECTEDREACTIVATED":"Selektierte User reaktiviert!",
-            "SELECTEDDEACTIVATED":"Selektierte User deaktiviert!"
+            "SELECTEDDEACTIVATED":"Selektierte Benutzer deaktiviert!",
+            "SELECTEDKEYSDELETED":"Selektierte Schlüssel gelöscht!"
         },
         "MEMBERSHIPS": {
             "TITLE":"Zitadel Manager Rollen",

console/src/assets/i18n/en.json

@@ -30,7 +30,8 @@
         "PROJECT": "Projects",
         "GRANTEDPROJECT":"Granted Projects",
         "USERSECTION":"user section",
-        "USER": "Users",
+        "HUMANUSERS": "Users",
+        "MACHINEUSERS":"Service Users",
         "LOGOUT": "Logout all users",
         "NEWORG":"New Organisation",
         "IAMADMIN":"You are an IAM Administrator. Note that you have extended permissions!",
@@ -73,6 +74,8 @@
             "LIST": "Users",
             "TITLE": "User",
             "DESCRIPTION": "Create new user in your organisation and manage existing ones.",
+            "LISTMACHINE": "Service Users",
+            "DESCRIPTIONMACHINE": "Create and manage Service Users of your organisation",
             "DETAIL": "Detail",
             "CREATE": "Create",
             "MY": "My Informations",
@@ -143,6 +146,26 @@
             "GENDER": "Gender",
             "PASSWORD":"Password"
         },
+        "MACHINE": {
+            "TITLE":"Service User Details",
+            "USERNAME":"Username",
+            "NAME":"Name",
+            "DESCRIPTION":"Description",
+            "KEYSTITLE":"Keys",
+            "KEYSDESC":"Define your keys and add an optional expiration date.",
+            "ID":"Key Id",
+            "TYPE":"Type",
+            "EXPIRYDATE":"Expiration date",
+            "CHOOSEEXPIRY":"Select an expiration Date",
+            "CREATIONDATE":"Creation Date",
+            "ADD": {
+                "TITLE":"Add Key",
+                "DESCRIPTION":"Select your key type and choose an optional expiry date."
+            },
+            "KEYTYPES": {
+                "1":"JSON"
+            }
+        },
         "PASSWORD": {
             "TITLE": "Password",
             "DESCRIPTION": "Enter the new password according to the policy below.",
@@ -226,7 +249,8 @@
             "REACTIVATED":"User reactivated",
             "DEACTIVATED":"User deactivated",
             "SELECTEDREACTIVATED":"Selected Users reactivated",
-            "SELECTEDDEACTIVATED":"Selected Users deactivated"
+            "SELECTEDDEACTIVATED":"Selected Users deactivated",
+            "SELECTEDKEYSDELETED":"Selected Keys deleted!"
         },
         "MEMBERSHIPS": {
             "TITLE":"Zitadel Manager Roles",

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/caos/oidc v0.7.4
 	github.com/census-instrumentation/opencensus-proto v0.3.0 // indirect
 	github.com/cockroachdb/cockroach-go/v2 v2.0.5
-	github.com/envoyproxy/protoc-gen-validate v0.4.0
+	github.com/envoyproxy/protoc-gen-validate v0.4.1
 	github.com/ghodss/yaml v1.0.0
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/mock v1.4.4

go.sum

@@ -103,8 +103,8 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v0.4.0 h1:0Hedkeb8AtERQoi/wLDxdMr6iOU4g6Mw0RfB2IEpEhk=
+github.com/envoyproxy/protoc-gen-validate v0.4.1 h1:7dLaJvASGRD7X49jSCSXXHwKPm0ZN9r9kJD+p+vS7dM=
-github.com/envoyproxy/protoc-gen-validate v0.4.0/go.mod h1:amr46FC2KZvleZB2VXz+QeQDF+iIKKjQimiDrtp1rYA=
+github.com/envoyproxy/protoc-gen-validate v0.4.1/go.mod h1:E+IEazqdaWv3FrnGtZIu3b9fPFMK8AzeTTrk9SfVwWs=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
 github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
@@ -278,6 +278,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -292,7 +293,7 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.4.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lyft/protoc-gen-star v0.4.10/go.mod h1:mE8fbna26u7aEA2QCVvvfBU/ZrPgocG1206xAFPcs94=
+github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw=
@@ -320,6 +321,7 @@ github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFSt
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok=
@@ -345,7 +347,8 @@ github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM=
 github.com/sony/sonyflake v1.0.0/go.mod h1:Jv3cfhf/UFtolOTTRd3q4Nl6ENqM+KfyZ5PseKfZGF4=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
+github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

internal/admin/repository/eventsourcing/handler/iam_member.go

@@ -82,7 +82,10 @@ func (m *IamMember) processIamMember(event *models.Event) (err error) {
 func (m *IamMember) processUser(event *models.Event) (err error) {
 	switch event.Type {
 	case usr_es_model.UserProfileChanged,
-		usr_es_model.UserEmailChanged:
+		usr_es_model.UserEmailChanged,
+		usr_es_model.HumanProfileChanged,
+		usr_es_model.HumanEmailChanged,
+		usr_es_model.MachineChanged:
 		members, err := m.view.IAMMembersByUserID(event.AggregateID)
 		if err != nil {
 			return err
@@ -115,10 +118,15 @@ func (m *IamMember) fillData(member *iam_model.IAMMemberView) (err error) {
 
 func (m *IamMember) fillUserData(member *iam_model.IAMMemberView, user *usr_model.User) {
 	member.UserName = user.UserName
+	if user.Human != nil {
 		member.FirstName = user.FirstName
 		member.LastName = user.LastName
+		member.DisplayName = user.FirstName + " " + user.LastName
 		member.Email = user.EmailAddress
-	member.DisplayName = user.DisplayName
+	}
+	if user.Machine != nil {
+		member.DisplayName = user.Machine.Name
+	}
 }
 func (m *IamMember) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-Ld9ow", "id", event.AggregateID).WithError(err).Warn("something went wrong in iammember handler")

internal/admin/repository/eventsourcing/handler/user.go

@@ -55,7 +55,10 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
 	user := new(view_model.UserView)
 	switch event.Type {
 	case es_model.UserAdded,
-		es_model.UserRegistered:
+		es_model.UserRegistered,
+		es_model.HumanRegistered,
+		es_model.MachineAdded,
+		es_model.HumanAdded:
 		err = user.AppendEvent(event)
 		if err != nil {
 			return err
@@ -72,9 +75,20 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
 		es_model.UserReactivated,
 		es_model.UserLocked,
 		es_model.UserUnlocked,
-		es_model.MfaOtpAdded,
+		es_model.MFAOTPAdded,
-		es_model.MfaOtpVerified,
+		es_model.MFAOTPVerified,
-		es_model.MfaOtpRemoved:
+		es_model.MFAOTPRemoved,
+		es_model.HumanProfileChanged,
+		es_model.HumanEmailChanged,
+		es_model.HumanEmailVerified,
+		es_model.HumanPhoneChanged,
+		es_model.HumanPhoneVerified,
+		es_model.HumanPhoneRemoved,
+		es_model.HumanAddressChanged,
+		es_model.HumanMFAOTPAdded,
+		es_model.HumanMFAOTPVerified,
+		es_model.HumanMFAOTPRemoved,
+		es_model.MachineChanged:
 		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
@@ -173,6 +187,6 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
 }
 
 func (u *User) OnError(event *models.Event, err error) error {
-	logging.LogWithFields("SPOOL-is8wa", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
+	logging.LogWithFields("SPOOL-vLmwQ", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
 	return spooler.HandleError(event, err, u.view.GetLatestUserFailedEvent, u.view.ProcessedUserFailedEvent, u.view.ProcessedUserSequence, u.errorCountUntilSkip)
 }

internal/api/authz/permissions.go

@@ -59,9 +59,9 @@ func addRoleContextIDToPerm(perm, roleContextID string) string {
 	return perm
 }
 
-func ExistsPerm(existing []string, perm string) bool {
+func ExistsPerm(existingPermissions []string, perm string) bool {
-	for _, e := range existing {
+	for _, existingPermission := range existingPermissions {
-		if e == perm {
+		if existingPermission == perm {
 			return true
 		}
 	}

internal/api/authz/permissions_test.go

@@ -419,7 +419,7 @@ func Test_AddRoleContextIDToPerm(t *testing.T) {
 
 func Test_ExistisPerm(t *testing.T) {
 	type args struct {
-		existing []string
+		existingPermissions []string
 		perm                string
 	}
 	tests := []struct {
@@ -430,7 +430,7 @@ func Test_ExistisPerm(t *testing.T) {
 		{
 			name: "not existing perm",
 			args: args{
-				existing: []string{"perm1", "perm2", "perm3"},
+				existingPermissions: []string{"perm1", "perm2", "perm3"},
 				perm:                "perm4",
 			},
 			result: false,
@@ -438,7 +438,7 @@ func Test_ExistisPerm(t *testing.T) {
 		{
 			name: "existing perm",
 			args: args{
-				existing: []string{"perm1", "perm2", "perm3"},
+				existingPermissions: []string{"perm1", "perm2", "perm3"},
 				perm:                "perm2",
 			},
 			result: true,
@@ -446,7 +446,7 @@ func Test_ExistisPerm(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			result := ExistsPerm(tt.args.existing, tt.args.perm)
+			result := ExistsPerm(tt.args.existingPermissions, tt.args.perm)
 			if result != tt.result {
 				t.Errorf("got wrong result, expecting: %v, actual: %v ", tt.result, result)
 			}

internal/api/grpc/admin/org_converter.go

@@ -3,7 +3,6 @@ package admin
 import (
 	"github.com/caos/logging"
 	"github.com/golang/protobuf/ptypes"
-	"golang.org/x/text/language"
 
 	admin_model "github.com/caos/zitadel/internal/admin/model"
 	"github.com/caos/zitadel/internal/eventstore/models"
@@ -32,39 +31,6 @@ func orgCreateRequestToModel(org *admin.CreateOrgRequest) *org_model.Org {
 	return o
 }
 
-func userCreateRequestToModel(user *admin.CreateUserRequest) *usr_model.User {
-	preferredLanguage, err := language.Parse(user.PreferredLanguage)
-	logging.Log("GRPC-30hwz").OnError(err).Debug("unable to parse language")
-	result := &usr_model.User{
-		Profile: &usr_model.Profile{
-			UserName:          user.UserName,
-			FirstName:         user.FirstName,
-			LastName:          user.LastName,
-			NickName:          user.NickName,
-			PreferredLanguage: preferredLanguage,
-			Gender:            genderToModel(user.Gender),
-		},
-		Password: &usr_model.Password{
-			SecretString: user.Password,
-		},
-		Email: &usr_model.Email{
-			EmailAddress:    user.Email,
-			IsEmailVerified: user.IsEmailVerified,
-		},
-		Address: &usr_model.Address{
-			Country:       user.Country,
-			Locality:      user.Locality,
-			PostalCode:    user.PostalCode,
-			Region:        user.Region,
-			StreetAddress: user.StreetAddress,
-		},
-	}
-	if user.Phone != "" {
-		result.Phone = &usr_model.Phone{PhoneNumber: user.Phone, IsPhoneVerified: user.IsPhoneVerified}
-	}
-	return result
-}
-
 func setUpOrgResponseFromModel(setUp *admin_model.SetupOrg) *admin.OrgSetUpResponse {
 	return &admin.OrgSetUpResponse{
 		Org:  orgFromModel(setUp.Org),
@@ -126,45 +92,6 @@ func orgViewFromModel(org *org_model.OrgView) *admin.Org {
 	}
 }
 
-func userFromModel(user *usr_model.User) *admin.User {
-	creationDate, err := ptypes.TimestampProto(user.CreationDate)
-	logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp")
-
-	changeDate, err := ptypes.TimestampProto(user.ChangeDate)
-	logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
-
-	converted := &admin.User{
-		Id:                user.AggregateID,
-		State:             userStateFromModel(user.State),
-		CreationDate:      creationDate,
-		ChangeDate:        changeDate,
-		Sequence:          user.Sequence,
-		UserName:          user.UserName,
-		FirstName:         user.FirstName,
-		LastName:          user.LastName,
-		DisplayName:       user.DisplayName,
-		NickName:          user.NickName,
-		PreferredLanguage: user.PreferredLanguage.String(),
-		Gender:            genderFromModel(user.Gender),
-	}
-	if user.Email != nil {
-		converted.Email = user.EmailAddress
-		converted.IsEmailVerified = user.IsEmailVerified
-	}
-	if user.Phone != nil {
-		converted.Phone = user.PhoneNumber
-		converted.IsPhoneVerified = user.IsPhoneVerified
-	}
-	if user.Address != nil {
-		converted.Country = user.Country
-		converted.Locality = user.Locality
-		converted.PostalCode = user.PostalCode
-		converted.Region = user.Region
-		converted.StreetAddress = user.StreetAddress
-	}
-	return converted
-}
-
 func orgStateFromModel(state org_model.OrgState) admin.OrgState {
 	switch state {
 	case org_model.OrgStateActive:
@@ -247,7 +174,7 @@ func orgQueryKeyToModel(key admin.OrgSearchKey) org_model.OrgSearchKey {
 	switch key {
 	case admin.OrgSearchKey_ORGSEARCHKEY_DOMAIN:
 		return org_model.OrgSearchKeyOrgDomain
-	case admin.OrgSearchKey_ORGSEARCHKEY_ORG_NAME:
+	case admin.OrgSearchKey_ORGSEARCHKEY_NAME:
 		return org_model.OrgSearchKeyOrgName
 	case admin.OrgSearchKey_ORGSEARCHKEY_STATE:
 		return org_model.OrgSearchKeyState

internal/api/grpc/admin/user_converter.go

@@ -0,0 +1,128 @@
+package admin
+
+import (
+	"github.com/caos/logging"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/admin"
+	"github.com/golang/protobuf/ptypes"
+	"golang.org/x/text/language"
+)
+
+func userCreateRequestToModel(user *admin.CreateUserRequest) *usr_model.User {
+	var human *usr_model.Human
+	var machine *usr_model.Machine
+
+	if h := user.GetHuman(); h != nil {
+		human = humanCreateToModel(h)
+	}
+	if m := user.GetMachine(); m != nil {
+		machine = machineCreateToModel(m)
+	}
+
+	return &usr_model.User{
+		UserName: user.UserName,
+		Human:    human,
+		Machine:  machine,
+	}
+}
+
+func humanCreateToModel(u *admin.CreateHumanRequest) *usr_model.Human {
+	preferredLanguage, err := language.Parse(u.PreferredLanguage)
+	logging.Log("GRPC-1ouQc").OnError(err).Debug("language malformed")
+
+	human := &usr_model.Human{
+		Profile: &usr_model.Profile{
+			FirstName:         u.FirstName,
+			LastName:          u.LastName,
+			NickName:          u.NickName,
+			PreferredLanguage: preferredLanguage,
+			Gender:            genderToModel(u.Gender),
+		},
+		Email: &usr_model.Email{
+			EmailAddress:    u.Email,
+			IsEmailVerified: u.IsEmailVerified,
+		},
+		Address: &usr_model.Address{
+			Country:       u.Country,
+			Locality:      u.Locality,
+			PostalCode:    u.PostalCode,
+			Region:        u.Region,
+			StreetAddress: u.StreetAddress,
+		},
+	}
+	if u.Password != "" {
+		human.Password = &usr_model.Password{SecretString: u.Password}
+	}
+	if u.Phone != "" {
+		human.Phone = &usr_model.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified}
+	}
+	return human
+}
+
+func machineCreateToModel(machine *admin.CreateMachineRequest) *usr_model.Machine {
+	return &usr_model.Machine{
+		Name:        machine.Name,
+		Description: machine.Description,
+	}
+}
+
+func userFromModel(user *usr_model.User) *admin.UserResponse {
+	creationDate, err := ptypes.TimestampProto(user.CreationDate)
+	logging.Log("GRPC-yo0FW").OnError(err).Debug("unable to parse timestamp")
+
+	changeDate, err := ptypes.TimestampProto(user.ChangeDate)
+	logging.Log("GRPC-jxoQr").OnError(err).Debug("unable to parse timestamp")
+
+	userResp := &admin.UserResponse{
+		Id:           user.AggregateID,
+		State:        userStateFromModel(user.State),
+		CreationDate: creationDate,
+		ChangeDate:   changeDate,
+		Sequence:     user.Sequence,
+		UserName:     user.UserName,
+	}
+
+	if user.Machine != nil {
+		userResp.User = &admin.UserResponse_Machine{Machine: machineFromModel(user.Machine)}
+	}
+	if user.Human != nil {
+		userResp.User = &admin.UserResponse_Human{Human: humanFromModel(user.Human)}
+	}
+
+	return userResp
+}
+
+func machineFromModel(account *usr_model.Machine) *admin.MachineResponse {
+	return &admin.MachineResponse{
+		Name:        account.Name,
+		Description: account.Description,
+	}
+}
+
+func humanFromModel(user *usr_model.Human) *admin.HumanResponse {
+	human := &admin.HumanResponse{
+		FirstName:         user.FirstName,
+		LastName:          user.LastName,
+		DisplayName:       user.DisplayName,
+		NickName:          user.NickName,
+		PreferredLanguage: user.PreferredLanguage.String(),
+		Gender:            genderFromModel(user.Gender),
+	}
+
+	if user.Email != nil {
+		human.Email = user.EmailAddress
+		human.IsEmailVerified = user.IsEmailVerified
+	}
+	if user.Phone != nil {
+		human.Phone = user.PhoneNumber
+		human.IsPhoneVerified = user.IsPhoneVerified
+	}
+	if user.Address != nil {
+		human.Country = user.Country
+		human.Locality = user.Locality
+		human.PostalCode = user.PostalCode
+		human.Region = user.Region
+		human.StreetAddress = user.StreetAddress
+	}
+	return human
+}

internal/api/grpc/auth/user_converter.go

@@ -27,37 +27,28 @@ func userViewFromModel(user *usr_model.UserView) *auth.UserView {
 	lastLogin, err := ptypes.TimestampProto(user.LastLogin)
 	logging.Log("GRPC-Gteh2").OnError(err).Debug("unable to parse timestamp")
 
-	passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
+	userView := &auth.UserView{
-	logging.Log("GRPC-fgQFT").OnError(err).Debug("unable to parse timestamp")
-
-	return &auth.UserView{
 		Id:                 user.ID,
 		State:              userStateFromModel(user.State),
 		CreationDate:       creationDate,
 		ChangeDate:         changeDate,
 		LastLogin:          lastLogin,
-		PasswordChanged:    passwordChanged,
 		UserName:           user.UserName,
-		FirstName:          user.FirstName,
-		LastName:           user.LastName,
-		DisplayName:        user.DisplayName,
-		NickName:           user.NickName,
-		PreferredLanguage:  user.PreferredLanguage,
-		Gender:             genderFromModel(user.Gender),
-		Email:              user.Email,
-		IsEmailVerified:    user.IsEmailVerified,
-		Phone:              user.Phone,
-		IsPhoneVerified:    user.IsPhoneVerified,
-		Country:            user.Country,
-		Locality:           user.Locality,
-		PostalCode:         user.PostalCode,
-		Region:             user.Region,
-		StreetAddress:      user.StreetAddress,
 		Sequence:           user.Sequence,
 		ResourceOwner:      user.ResourceOwner,
 		LoginNames:         user.LoginNames,
 		PreferredLoginName: user.PreferredLoginName,
 	}
+
+	if user.HumanView != nil {
+		userView.User = &auth.UserView_Human{Human: humanViewFromModel(user.HumanView)}
+	}
+	if user.MachineView != nil {
+		userView.User = &auth.UserView_Machine{Machine: machineViewFromModel(user.MachineView)}
+
+	}
+
+	return userView
 }
 
 func profileFromModel(profile *usr_model.Profile) *auth.UserProfile {
@@ -72,7 +63,6 @@ func profileFromModel(profile *usr_model.Profile) *auth.UserProfile {
 		CreationDate:      creationDate,
 		ChangeDate:        changeDate,
 		Sequence:          profile.Sequence,
-		UserName:          profile.UserName,
 		FirstName:         profile.FirstName,
 		LastName:          profile.LastName,
 		DisplayName:       profile.DisplayName,
@@ -94,7 +84,6 @@ func profileViewFromModel(profile *usr_model.Profile) *auth.UserProfileView {
 		CreationDate:       creationDate,
 		ChangeDate:         changeDate,
 		Sequence:           profile.Sequence,
-		UserName:           profile.UserName,
 		FirstName:          profile.FirstName,
 		LastName:           profile.LastName,
 		DisplayName:        profile.DisplayName,
@@ -366,7 +355,7 @@ func userChangesToAPI(changes *usr_model.UserChanges) (_ []*auth.Change) {
 			EventType:  message.NewLocalizedEventType(change.EventType),
 			Sequence:   change.Sequence,
 			Data:       data,
-			EditorId:   change.ModifierId,
+			EditorId:   change.ModifierID,
 			Editor:     change.ModifierName,
 		}
 	}

internal/api/grpc/auth/user_human_converter.go

@@ -0,0 +1,32 @@
+package auth
+
+import (
+	"github.com/caos/logging"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	auth "github.com/caos/zitadel/pkg/grpc/auth"
+	"github.com/golang/protobuf/ptypes"
+)
+
+func humanViewFromModel(user *usr_model.HumanView) *auth.HumanView {
+	passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
+	logging.Log("MANAG-h4ByY").OnError(err).Debug("unable to parse date")
+
+	return &auth.HumanView{
+		FirstName:         user.FirstName,
+		LastName:          user.LastName,
+		DisplayName:       user.DisplayName,
+		NickName:          user.NickName,
+		PreferredLanguage: user.PreferredLanguage,
+		Gender:            genderFromModel(user.Gender),
+		Email:             user.Email,
+		IsEmailVerified:   user.IsEmailVerified,
+		Phone:             user.Phone,
+		IsPhoneVerified:   user.IsPhoneVerified,
+		Country:           user.Country,
+		Locality:          user.Locality,
+		PostalCode:        user.PostalCode,
+		Region:            user.Region,
+		StreetAddress:     user.StreetAddress,
+		PasswordChanged:   passwordChanged,
+	}
+}

internal/api/grpc/auth/user_machine_converter.go

@@ -0,0 +1,51 @@
+package auth
+
+import (
+	"github.com/caos/logging"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+	"github.com/golang/protobuf/ptypes"
+)
+
+func machineViewFromModel(machine *usr_model.MachineView) *auth.MachineView {
+	lastKeyAdded, err := ptypes.TimestampProto(machine.LastKeyAdded)
+	logging.Log("MANAG-wGcAQ").OnError(err).Debug("unable to parse date")
+	return &auth.MachineView{
+		Description:  machine.Description,
+		Name:         machine.Name,
+		LastKeyAdded: lastKeyAdded,
+	}
+}
+
+func machineKeyViewsFromModel(keys ...*usr_model.MachineKeyView) []*auth.MachineKeyView {
+	keyViews := make([]*auth.MachineKeyView, len(keys))
+	for i, key := range keys {
+		keyViews[i] = machineKeyViewFromModel(key)
+	}
+	return keyViews
+}
+
+func machineKeyViewFromModel(key *usr_model.MachineKeyView) *auth.MachineKeyView {
+	creationDate, err := ptypes.TimestampProto(key.CreationDate)
+	logging.Log("MANAG-gluk7").OnError(err).Debug("unable to parse timestamp")
+
+	expirationDate, err := ptypes.TimestampProto(key.CreationDate)
+	logging.Log("MANAG-gluk7").OnError(err).Debug("unable to parse timestamp")
+
+	return &auth.MachineKeyView{
+		Id:             key.ID,
+		CreationDate:   creationDate,
+		ExpirationDate: expirationDate,
+		Sequence:       key.Sequence,
+		Type:           machineKeyTypeFromModel(key.Type),
+	}
+}
+
+func machineKeyTypeFromModel(typ usr_model.MachineKeyType) auth.MachineKeyType {
+	switch typ {
+	case usr_model.MachineKeyTypeJSON:
+		return auth.MachineKeyType_MACHINEKEY_JSON
+	default:
+		return auth.MachineKeyType_MACHINEKEY_UNSPECIFIED
+	}
+}

internal/api/grpc/management/user.go

@@ -3,11 +3,10 @@ package management
 import (
 	"context"
 
-	"github.com/golang/protobuf/ptypes/empty"
-
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/pkg/grpc/management"
+	"github.com/golang/protobuf/ptypes/empty"
 )
 
 func (s *Server) GetUserByID(ctx context.Context, id *management.UserID) (*management.UserView, error) {
@@ -52,7 +51,7 @@ func (s *Server) IsUserUnique(ctx context.Context, request *management.UniqueUse
 	return &management.UniqueUserResponse{IsUnique: unique}, nil
 }
 
-func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserRequest) (*management.User, error) {
+func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserRequest) (*management.UserResponse, error) {
 	user, err := s.user.CreateUser(ctx, userCreateToModel(in))
 	if err != nil {
 		return nil, err
@@ -60,7 +59,7 @@ func (s *Server) CreateUser(ctx context.Context, in *management.CreateUserReques
 	return userFromModel(user), nil
 }
 
-func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*management.User, error) {
+func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
 	user, err := s.user.DeactivateUser(ctx, in.Id)
 	if err != nil {
 		return nil, err
@@ -68,7 +67,7 @@ func (s *Server) DeactivateUser(ctx context.Context, in *management.UserID) (*ma
 	return userFromModel(user), nil
 }
 
-func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*management.User, error) {
+func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
 	user, err := s.user.ReactivateUser(ctx, in.Id)
 	if err != nil {
 		return nil, err
@@ -76,7 +75,7 @@ func (s *Server) ReactivateUser(ctx context.Context, in *management.UserID) (*ma
 	return userFromModel(user), nil
 }
 
-func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*management.User, error) {
+func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
 	user, err := s.user.LockUser(ctx, in.Id)
 	if err != nil {
 		return nil, err
@@ -84,7 +83,7 @@ func (s *Server) LockUser(ctx context.Context, in *management.UserID) (*manageme
 	return userFromModel(user), nil
 }
 
-func (s *Server) UnlockUser(ctx context.Context, in *management.UserID) (*management.User, error) {
+func (s *Server) UnlockUser(ctx context.Context, in *management.UserID) (*management.UserResponse, error) {
 	user, err := s.user.UnlockUser(ctx, in.Id)
 	if err != nil {
 		return nil, err
@@ -96,6 +95,14 @@ func (s *Server) DeleteUser(ctx context.Context, in *management.UserID) (*empty.
 	return nil, errors.ThrowUnimplemented(nil, "GRPC-as4fg", "Not implemented")
 }
 
+func (s *Server) UpdateUserMachine(ctx context.Context, in *management.UpdateMachineRequest) (*management.MachineResponse, error) {
+	machine, err := s.user.ChangeMachine(ctx, updateMachineToModel(in))
+	if err != nil {
+		return nil, err
+	}
+	return machineFromModel(machine), nil
+}
+
 func (s *Server) GetUserProfile(ctx context.Context, in *management.UserID) (*management.UserProfileView, error) {
 	profile, err := s.user.ProfileByID(ctx, in.Id)
 	if err != nil {

internal/api/grpc/management/user_converter.go

@@ -15,77 +15,48 @@ import (
 	"github.com/caos/zitadel/pkg/grpc/message"
 )
 
-func userFromModel(user *usr_model.User) *management.User {
+func userFromModel(user *usr_model.User) *management.UserResponse {
 	creationDate, err := ptypes.TimestampProto(user.CreationDate)
 	logging.Log("GRPC-8duwe").OnError(err).Debug("unable to parse timestamp")
 
 	changeDate, err := ptypes.TimestampProto(user.ChangeDate)
 	logging.Log("GRPC-ckoe3d").OnError(err).Debug("unable to parse timestamp")
 
-	converted := &management.User{
+	userResp := &management.UserResponse{
 		Id:           user.AggregateID,
 		State:        userStateFromModel(user.State),
 		CreationDate: creationDate,
 		ChangeDate:   changeDate,
 		Sequence:     user.Sequence,
 		UserName:     user.UserName,
-		FirstName:         user.FirstName,
-		LastName:          user.LastName,
-		DisplayName:       user.DisplayName,
-		NickName:          user.NickName,
-		PreferredLanguage: user.PreferredLanguage.String(),
-		Gender:            genderFromModel(user.Gender),
-	}
-	if user.Email != nil {
-		converted.Email = user.EmailAddress
-		converted.IsEmailVerified = user.IsEmailVerified
-	}
-	if user.Phone != nil {
-		converted.Phone = user.PhoneNumber
-		converted.IsPhoneVerified = user.IsPhoneVerified
-	}
-	if user.Address != nil {
-		converted.Country = user.Country
-		converted.Locality = user.Locality
-		converted.PostalCode = user.PostalCode
-		converted.Region = user.Region
-		converted.StreetAddress = user.StreetAddress
-	}
-	return converted
 	}
 
-func userCreateToModel(u *management.CreateUserRequest) *usr_model.User {
+	if user.Machine != nil {
-	preferredLanguage, err := language.Parse(u.PreferredLanguage)
+		userResp.User = &management.UserResponse_Machine{Machine: machineFromModel(user.Machine)}
-	logging.Log("GRPC-cK5k2").OnError(err).Debug("language malformed")
+	}
+	if user.Human != nil {
+		userResp.User = &management.UserResponse_Human{Human: humanFromModel(user.Human)}
+	}
 
-	user := &usr_model.User{
+	return userResp
-		Profile: &usr_model.Profile{
-			UserName:          u.UserName,
-			FirstName:         u.FirstName,
-			LastName:          u.LastName,
-			NickName:          u.NickName,
-			PreferredLanguage: preferredLanguage,
-			Gender:            genderToModel(u.Gender),
-		},
-		Email: &usr_model.Email{
-			EmailAddress:    u.Email,
-			IsEmailVerified: u.IsEmailVerified,
-		},
-		Address: &usr_model.Address{
-			Country:       u.Country,
-			Locality:      u.Locality,
-			PostalCode:    u.PostalCode,
-			Region:        u.Region,
-			StreetAddress: u.StreetAddress,
-		},
 }
-	if u.Password != "" {
+
-		user.Password = &usr_model.Password{SecretString: u.Password}
+func userCreateToModel(user *management.CreateUserRequest) *usr_model.User {
+	var human *usr_model.Human
+	var machine *usr_model.Machine
+
+	if h := user.GetHuman(); h != nil {
+		human = humanCreateToModel(h)
 	}
-	if u.Phone != "" {
+	if m := user.GetMachine(); m != nil {
-		user.Phone = &usr_model.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified}
+		machine = machineCreateToModel(m)
+	}
+
+	return &usr_model.User{
+		UserName: user.UserName,
+		Human:    human,
+		Machine:  machine,
 	}
-	return user
 }
 
 func passwordRequestToModel(r *management.PasswordRequest) *usr_model.Password {
@@ -135,6 +106,8 @@ func userSearchKeyToModel(key management.UserSearchKey) usr_model.UserSearchKey
 		return usr_model.UserSearchKeyEmail
 	case management.UserSearchKey_USERSEARCHKEY_STATE:
 		return usr_model.UserSearchKeyState
+	case management.UserSearchKey_USERSEARCHKEY_TYPE:
+		return usr_model.UserSearchKeyType
 	default:
 		return usr_model.UserSearchKeyUnspecified
 	}
@@ -187,7 +160,6 @@ func profileFromModel(profile *usr_model.Profile) *management.UserProfile {
 		CreationDate:      creationDate,
 		ChangeDate:        changeDate,
 		Sequence:          profile.Sequence,
-		UserName:          profile.UserName,
 		FirstName:         profile.FirstName,
 		LastName:          profile.LastName,
 		DisplayName:       profile.DisplayName,
@@ -209,7 +181,6 @@ func profileViewFromModel(profile *usr_model.Profile) *management.UserProfileVie
 		CreationDate:       creationDate,
 		ChangeDate:         changeDate,
 		Sequence:           profile.Sequence,
-		UserName:           profile.UserName,
 		FirstName:          profile.FirstName,
 		LastName:           profile.LastName,
 		DisplayName:        profile.DisplayName,
@@ -400,37 +371,26 @@ func userViewFromModel(user *usr_model.UserView) *management.UserView {
 	lastLogin, err := ptypes.TimestampProto(user.LastLogin)
 	logging.Log("GRPC-dksi3").OnError(err).Debug("unable to parse timestamp")
 
-	passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
+	userView := &management.UserView{
-	logging.Log("GRPC-dl9ws").OnError(err).Debug("unable to parse timestamp")
-
-	return &management.UserView{
 		Id:                 user.ID,
 		State:              userStateFromModel(user.State),
 		CreationDate:       creationDate,
 		ChangeDate:         changeDate,
 		LastLogin:          lastLogin,
-		PasswordChanged:    passwordChanged,
-		UserName:           user.UserName,
-		FirstName:          user.FirstName,
-		LastName:           user.LastName,
-		DisplayName:        user.DisplayName,
-		NickName:           user.NickName,
-		PreferredLanguage:  user.PreferredLanguage,
-		Gender:             genderFromModel(user.Gender),
-		Email:              user.Email,
-		IsEmailVerified:    user.IsEmailVerified,
-		Phone:              user.Phone,
-		IsPhoneVerified:    user.IsPhoneVerified,
-		Country:            user.Country,
-		Locality:           user.Locality,
-		PostalCode:         user.PostalCode,
-		Region:             user.Region,
-		StreetAddress:      user.StreetAddress,
 		Sequence:           user.Sequence,
 		ResourceOwner:      user.ResourceOwner,
 		LoginNames:         user.LoginNames,
 		PreferredLoginName: user.PreferredLoginName,
+		UserName:           user.UserName,
 	}
+	if user.HumanView != nil {
+		userView.User = &management.UserView_Human{Human: humanViewFromModel(user.HumanView)}
+	}
+	if user.MachineView != nil {
+		userView.User = &management.UserView_Machine{Machine: machineViewFromModel(user.MachineView)}
+
+	}
+	return userView
 }
 
 func userMembershipSearchResponseFromModel(response *usr_model.UserMembershipSearchResponse) *management.UserMembershipSearchResponse {
@@ -603,7 +563,7 @@ func userChangesToMgtAPI(changes *usr_model.UserChanges) (_ []*management.Change
 			EventType:  message.NewLocalizedEventType(change.EventType),
 			Sequence:   change.Sequence,
 			Data:       data,
-			EditorId:   change.ModifierId,
+			EditorId:   change.ModifierID,
 			Editor:     change.ModifierName,
 		}
 	}

internal/api/grpc/management/user_grant_converter.go

@@ -28,14 +28,6 @@ func usergrantFromModel(grant *grant_model.UserGrant) *management.UserGrant {
 	}
 }
 
-func userGrantCreateBulkToModel(u *management.UserGrantCreateBulk) []*grant_model.UserGrant {
-	grants := make([]*grant_model.UserGrant, len(u.UserGrants))
-	for i, grant := range u.UserGrants {
-		grants[i] = userGrantCreateToModel(grant)
-	}
-	return grants
-}
-
 func userGrantCreateToModel(u *management.UserGrantCreate) *grant_model.UserGrant {
 	return &grant_model.UserGrant{
 		ObjectRoot: models.ObjectRoot{AggregateID: u.UserId},
@@ -46,14 +38,6 @@ func userGrantCreateToModel(u *management.UserGrantCreate) *grant_model.UserGran
 	}
 }
 
-func userGrantUpdateBulkToModel(u *management.UserGrantUpdateBulk) []*grant_model.UserGrant {
-	grants := make([]*grant_model.UserGrant, len(u.UserGrants))
-	for i, grant := range u.UserGrants {
-		grants[i] = userGrantUpdateToModel(grant)
-	}
-	return grants
-}
-
 func userGrantUpdateToModel(u *management.UserGrantUpdate) *grant_model.UserGrant {
 	return &grant_model.UserGrant{
 		ObjectRoot: models.ObjectRoot{AggregateID: u.Id},
@@ -171,19 +155,3 @@ func usergrantStateFromModel(state grant_model.UserGrantState) management.UserGr
 		return management.UserGrantState_USERGRANTSTATE_UNSPECIFIED
 	}
 }
-
-func projectUserGrantSearchRequestsToModel(project *management.ProjectUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
-	return &grant_model.UserGrantSearchRequest{
-		Offset:  project.Offset,
-		Limit:   project.Limit,
-		Queries: userGrantSearchQueriesToModel(project.Queries),
-	}
-}
-
-func projectGrantUserGrantSearchRequestsToModel(project *management.ProjectGrantUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
-	return &grant_model.UserGrantSearchRequest{
-		Offset:  project.Offset,
-		Limit:   project.Limit,
-		Queries: userGrantSearchQueriesToModel(project.Queries),
-	}
-}

internal/api/grpc/management/user_human_converter.go

@@ -0,0 +1,94 @@
+package management
+
+import (
+	"github.com/caos/logging"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/management"
+	"github.com/golang/protobuf/ptypes"
+	"golang.org/x/text/language"
+)
+
+func humanFromModel(user *usr_model.Human) *management.HumanResponse {
+	human := &management.HumanResponse{
+		FirstName:         user.FirstName,
+		LastName:          user.LastName,
+		DisplayName:       user.DisplayName,
+		NickName:          user.NickName,
+		PreferredLanguage: user.PreferredLanguage.String(),
+		Gender:            genderFromModel(user.Gender),
+	}
+
+	if user.Email != nil {
+		human.Email = user.EmailAddress
+		human.IsEmailVerified = user.IsEmailVerified
+	}
+	if user.Phone != nil {
+		human.Phone = user.PhoneNumber
+		human.IsPhoneVerified = user.IsPhoneVerified
+	}
+	if user.Address != nil {
+		human.Country = user.Country
+		human.Locality = user.Locality
+		human.PostalCode = user.PostalCode
+		human.Region = user.Region
+		human.StreetAddress = user.StreetAddress
+	}
+	return human
+}
+
+func humanViewFromModel(user *usr_model.HumanView) *management.HumanView {
+	passwordChanged, err := ptypes.TimestampProto(user.PasswordChanged)
+	logging.Log("MANAG-h4ByY").OnError(err).Debug("unable to parse date")
+
+	return &management.HumanView{
+		FirstName:         user.FirstName,
+		LastName:          user.LastName,
+		DisplayName:       user.DisplayName,
+		NickName:          user.NickName,
+		PreferredLanguage: user.PreferredLanguage,
+		Gender:            genderFromModel(user.Gender),
+		Email:             user.Email,
+		IsEmailVerified:   user.IsEmailVerified,
+		Phone:             user.Phone,
+		IsPhoneVerified:   user.IsPhoneVerified,
+		Country:           user.Country,
+		Locality:          user.Locality,
+		PostalCode:        user.PostalCode,
+		Region:            user.Region,
+		StreetAddress:     user.StreetAddress,
+		PasswordChanged:   passwordChanged,
+	}
+}
+
+func humanCreateToModel(u *management.CreateHumanRequest) *usr_model.Human {
+	preferredLanguage, err := language.Parse(u.PreferredLanguage)
+	logging.Log("GRPC-cK5k2").OnError(err).Debug("language malformed")
+
+	human := &usr_model.Human{
+		Profile: &usr_model.Profile{
+			FirstName:         u.FirstName,
+			LastName:          u.LastName,
+			NickName:          u.NickName,
+			PreferredLanguage: preferredLanguage,
+			Gender:            genderToModel(u.Gender),
+		},
+		Email: &usr_model.Email{
+			EmailAddress:    u.Email,
+			IsEmailVerified: u.IsEmailVerified,
+		},
+		Address: &usr_model.Address{
+			Country:       u.Country,
+			Locality:      u.Locality,
+			PostalCode:    u.PostalCode,
+			Region:        u.Region,
+			StreetAddress: u.StreetAddress,
+		},
+	}
+	if u.Password != "" {
+		human.Password = &usr_model.Password{SecretString: u.Password}
+	}
+	if u.Phone != "" {
+		human.Phone = &usr_model.Phone{PhoneNumber: u.Phone, IsPhoneVerified: u.IsPhoneVerified}
+	}
+	return human
+}

internal/api/grpc/management/user_machine.go

@@ -0,0 +1,37 @@
+package management
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/pkg/grpc/management"
+	"github.com/golang/protobuf/ptypes/empty"
+)
+
+func (s *Server) AddMachineKey(ctx context.Context, req *management.AddMachineKeyRequest) (*management.AddMachineKeyResponse, error) {
+	key, err := s.user.AddMachineKey(ctx, addMachineKeyToModel(req))
+	if err != nil {
+		return nil, err
+	}
+	return addMachineKeyFromModel(key), nil
+}
+
+func (s *Server) DeleteMachineKey(ctx context.Context, req *management.MachineKeyIDRequest) (*empty.Empty, error) {
+	err := s.user.RemoveMachineKey(ctx, req.UserId, req.KeyId)
+	return &empty.Empty{}, err
+}
+
+func (s *Server) GetMachineKey(ctx context.Context, req *management.MachineKeyIDRequest) (*management.MachineKeyView, error) {
+	key, err := s.user.GetMachineKey(ctx, req.UserId, req.KeyId)
+	if err != nil {
+		return nil, err
+	}
+	return machineKeyViewFromModel(key), nil
+}
+
+func (s *Server) SearchMachineKeys(ctx context.Context, req *management.MachineKeySearchRequest) (*management.MachineKeySearchResponse, error) {
+	result, err := s.user.SearchMachineKeys(ctx, machineKeySearchRequestToModel(req))
+	if err != nil {
+		return nil, err
+	}
+	return machineKeySearchResponseFromModel(result), nil
+}

internal/api/grpc/management/user_machine_converter.go

@@ -0,0 +1,160 @@
+package management
+
+import (
+	"encoding/json"
+	"time"
+
+	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	"github.com/caos/zitadel/internal/model"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/management"
+	"github.com/golang/protobuf/ptypes"
+)
+
+func machineCreateToModel(machine *management.CreateMachineRequest) *usr_model.Machine {
+	return &usr_model.Machine{
+		Name:        machine.Name,
+		Description: machine.Description,
+	}
+}
+
+func updateMachineToModel(machine *management.UpdateMachineRequest) *usr_model.Machine {
+	return &usr_model.Machine{
+		ObjectRoot:  models.ObjectRoot{AggregateID: machine.Id},
+		Description: machine.Description,
+	}
+}
+
+func machineFromModel(account *usr_model.Machine) *management.MachineResponse {
+	return &management.MachineResponse{
+		Name:        account.Name,
+		Description: account.Description,
+	}
+}
+
+func machineViewFromModel(machine *usr_model.MachineView) *management.MachineView {
+	lastKeyAdded, err := ptypes.TimestampProto(machine.LastKeyAdded)
+	logging.Log("MANAG-wGcAQ").OnError(err).Debug("unable to parse date")
+	return &management.MachineView{
+		Description:  machine.Description,
+		Name:         machine.Name,
+		LastKeyAdded: lastKeyAdded,
+	}
+}
+
+func machineKeyViewsFromModel(keys ...*usr_model.MachineKeyView) []*management.MachineKeyView {
+	keyViews := make([]*management.MachineKeyView, len(keys))
+	for i, key := range keys {
+		keyViews[i] = machineKeyViewFromModel(key)
+	}
+	return keyViews
+}
+
+func machineKeyViewFromModel(key *usr_model.MachineKeyView) *management.MachineKeyView {
+	creationDate, err := ptypes.TimestampProto(key.CreationDate)
+	logging.Log("MANAG-gluk7").OnError(err).Debug("unable to parse timestamp")
+
+	expirationDate, err := ptypes.TimestampProto(key.ExpirationDate)
+	logging.Log("MANAG-gluk7").OnError(err).Debug("unable to parse timestamp")
+
+	return &management.MachineKeyView{
+		Id:             key.ID,
+		CreationDate:   creationDate,
+		ExpirationDate: expirationDate,
+		Sequence:       key.Sequence,
+		Type:           machineKeyTypeFromModel(key.Type),
+	}
+}
+
+func addMachineKeyToModel(key *management.AddMachineKeyRequest) *usr_model.MachineKey {
+	expirationDate := time.Time{}
+	if key.ExpirationDate != nil {
+		var err error
+		expirationDate, err = ptypes.Timestamp(key.ExpirationDate)
+		logging.Log("MANAG-iNshR").OnError(err).Debug("unable to parse expiration date")
+	}
+
+	return &usr_model.MachineKey{
+		ExpirationDate: expirationDate,
+		Type:           machineKeyTypeToModel(key.Type),
+		ObjectRoot:     models.ObjectRoot{AggregateID: key.UserId},
+	}
+}
+
+func addMachineKeyFromModel(key *usr_model.MachineKey) *management.AddMachineKeyResponse {
+	creationDate, err := ptypes.TimestampProto(key.CreationDate)
+	logging.Log("MANAG-dlb8m").OnError(err).Debug("unable to parse cretaion date")
+
+	expirationDate, err := ptypes.TimestampProto(key.ExpirationDate)
+	logging.Log("MANAG-dlb8m").OnError(err).Debug("unable to parse cretaion date")
+
+	detail, err := json.Marshal(struct {
+		Type   string `json:"type"`
+		KeyID  string `json:"keyId"`
+		Key    []byte `json:"key"`
+		UserID string `json:"userId"`
+	}{
+		Type:   "serviceaccount",
+		KeyID:  key.KeyID,
+		Key:    key.PrivateKey,
+		UserID: key.AggregateID,
+	})
+	logging.Log("MANAG-lFQ2g").OnError(err).Warn("unable to marshall key")
+
+	return &management.AddMachineKeyResponse{
+		Id:             key.KeyID,
+		CreationDate:   creationDate,
+		ExpirationDate: expirationDate,
+		Sequence:       key.Sequence,
+		KeyDetails:     detail,
+		Type:           machineKeyTypeFromModel(key.Type),
+	}
+}
+
+func machineKeyTypeToModel(typ management.MachineKeyType) usr_model.MachineKeyType {
+	switch typ {
+	case management.MachineKeyType_MACHINEKEY_JSON:
+		return usr_model.MachineKeyTypeJSON
+	default:
+		return usr_model.MachineKeyTypeNONE
+	}
+}
+
+func machineKeyTypeFromModel(typ usr_model.MachineKeyType) management.MachineKeyType {
+	switch typ {
+	case usr_model.MachineKeyTypeJSON:
+		return management.MachineKeyType_MACHINEKEY_JSON
+	default:
+		return management.MachineKeyType_MACHINEKEY_UNSPECIFIED
+	}
+}
+
+func machineKeySearchRequestToModel(req *management.MachineKeySearchRequest) *usr_model.MachineKeySearchRequest {
+	return &usr_model.MachineKeySearchRequest{
+		Offset: req.Offset,
+		Limit:  req.Limit,
+		Asc:    req.Asc,
+		Queries: []*usr_model.MachineKeySearchQuery{
+			{
+				Key:    usr_model.MachineKeyKeyUserID,
+				Method: model.SearchMethodEquals,
+				Value:  req.UserId,
+			},
+		},
+	}
+}
+
+func machineKeySearchResponseFromModel(req *usr_model.MachineKeySearchResponse) *management.MachineKeySearchResponse {
+	viewTimestamp, err := ptypes.TimestampProto(req.Timestamp)
+	logging.Log("MANAG-Sk9ds").OnError(err).Debug("unable to parse cretaion date")
+
+	return &management.MachineKeySearchResponse{
+		Offset:            req.Offset,
+		Limit:             req.Limit,
+		TotalResult:       req.TotalResult,
+		ProcessedSequence: req.Sequence,
+		ViewTimestamp:     viewTimestamp,
+		Result:            machineKeyViewsFromModel(req.Result...),
+	}
+}

internal/api/grpc/server/middleware/validation_interceptor.go

@@ -0,0 +1,31 @@
+package middleware
+
+import (
+	"context"
+
+	"google.golang.org/grpc"
+
+	_ "github.com/caos/zitadel/internal/statik"
+)
+
+func ValidationHandler() grpc.UnaryServerInterceptor {
+	return func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+		return validate(ctx, req, info, handler)
+	}
+}
+
+type validator interface {
+	Validate() error
+}
+
+func validate(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
+	validate, ok := req.(validator)
+	if !ok {
+		return handler(ctx, req)
+	}
+	err := validate.Validate()
+	if err != nil {
+		return nil, err
+	}
+	return handler(ctx, req)
+}

internal/api/grpc/server/server.go

@@ -33,6 +33,7 @@ func CreateServer(verifier *authz.TokenVerifier, authConfig authz.Config, lang l
 				middleware.ErrorHandler(),
 				middleware.AuthorizationInterceptor(verifier, authConfig),
 				middleware.TranslationHandler(lang),
+				middleware.ValidationHandler(),
 			),
 		),
 	)

internal/auth/repository/eventsourcing/eventstore/auth_request.go

@@ -356,7 +356,12 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve
 			es_model.MfaOtpCheckFailed,
 			es_model.SignedOut,
 			es_model.UserLocked,
-			es_model.UserDeactivated:
+			es_model.UserDeactivated,
+			es_model.HumanPasswordCheckSucceeded,
+			es_model.HumanPasswordCheckFailed,
+			es_model.HumanMfaOtpCheckSucceeded,
+			es_model.HumanMfaOtpCheckFailed,
+			es_model.HumanSignedOut:
 			eventData, err := user_view_model.UserSessionFromEvent(event)
 			if err != nil {
 				logging.Log("EVENT-sdgT3").WithError(err).Debug("error getting event data")
@@ -378,6 +383,11 @@ func activeUserByID(ctx context.Context, userViewProvider userViewProvider, user
 	if err != nil {
 		return nil, err
 	}
+
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Lm69x", "Errors.User.NotHuman")
+	}
+
 	if user.State == user_model.UserStateLocked || user.State == user_model.UserStateSuspend {
 		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-FJ262", "Errors.User.Locked")
 	}

internal/auth/repository/eventsourcing/eventstore/auth_request_test.go

@@ -106,6 +106,10 @@ type mockViewUser struct {
 
 func (m *mockViewUser) UserByID(string) (*user_view_model.UserView, error) {
 	return &user_view_model.UserView{
+		State:    int32(user_model.UserStateActive),
+		UserName: "schofseckel",
+		HumanView: &user_view_model.HumanView{
+			FirstName:              "schof",
 			InitRequired:           m.InitRequired,
 			PasswordSet:            m.PasswordSet,
 			PasswordChangeRequired: m.PasswordChangeRequired,
@@ -113,7 +117,7 @@ func (m *mockViewUser) UserByID(string) (*user_view_model.UserView, error) {
 			OTPState:               m.OTPState,
 			MfaMaxSetUp:            m.MfaMaxSetUp,
 			MfaInitSkipped:         m.MfaInitSkipped,
-		State:                  int32(user_model.UserStateActive),
+		},
 	}, nil
 }
 
@@ -564,9 +568,11 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 			args{
 				request: &model.AuthRequest{},
 				user: &user_model.UserView{
+					HumanView: &user_model.HumanView{
 						MfaMaxSetUp: model.MfaLevelNotSetUp,
 					},
 				},
+			},
 			&model.MfaPromptStep{
 				MfaProviders: []model.MfaType{
 					model.MfaTypeOTP,
@@ -582,10 +588,12 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 			args{
 				request: &model.AuthRequest{},
 				user: &user_model.UserView{
+					HumanView: &user_model.HumanView{
 						MfaMaxSetUp:    model.MfaLevelNotSetUp,
 						MfaInitSkipped: time.Now().UTC(),
 					},
 				},
+			},
 			nil,
 			true,
 		},
@@ -597,9 +605,11 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 			args{
 				request: &model.AuthRequest{},
 				user: &user_model.UserView{
+					HumanView: &user_model.HumanView{
 						MfaMaxSetUp: model.MfaLevelSoftware,
 						OTPState:    user_model.MfaStateReady,
 					},
+				},
 				userSession: &user_model.UserSessionView{MfaSoftwareVerification: time.Now().UTC().Add(-5 * time.Hour)},
 			},
 			nil,
@@ -613,9 +623,11 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) {
 			args{
 				request: &model.AuthRequest{},
 				user: &user_model.UserView{
+					HumanView: &user_model.HumanView{
 						MfaMaxSetUp: model.MfaLevelSoftware,
 						OTPState:    user_model.MfaStateReady,
 					},
+				},
 				userSession: &user_model.UserSessionView{},
 			},
 
@@ -658,7 +670,9 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
 			"mfa set up, true",
 			fields{},
 			args{&user_model.UserView{
+				HumanView: &user_model.HumanView{
 					MfaMaxSetUp: model.MfaLevelSoftware,
+				},
 			}},
 			true,
 		},
@@ -668,8 +682,10 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
 				MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{&user_model.UserView{
+				HumanView: &user_model.HumanView{
 					MfaMaxSetUp:    -1,
 					MfaInitSkipped: time.Now().UTC().Add(-10 * time.Hour),
+				},
 			}},
 			true,
 		},
@@ -679,8 +695,10 @@ func TestAuthRequestRepo_mfaSkippedOrSetUp(t *testing.T) {
 				MfaInitSkippedLifeTime: 30 * 24 * time.Hour,
 			},
 			args{&user_model.UserView{
+				HumanView: &user_model.HumanView{
 					MfaMaxSetUp:    -1,
 					MfaInitSkipped: time.Now().UTC().Add(-40 * 24 * time.Hour),
+				},
 			}},
 			false,
 		},
@@ -735,7 +753,7 @@ func Test_userSessionByIDs(t *testing.T) {
 				userProvider: &mockViewUserSession{
 					PasswordVerification: time.Now().UTC().Round(1 * time.Second),
 				},
-				user:          &user_model.UserView{ID: "id"},
+				user:          &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "schof"}},
 				eventProvider: &mockEventErrUser{},
 			},
 			&user_model.UserSessionView{
@@ -752,7 +770,7 @@ func Test_userSessionByIDs(t *testing.T) {
 					PasswordVerification: time.Now().UTC().Round(1 * time.Second),
 				},
 				agentID: "agentID",
-				user:    &user_model.UserView{ID: "id"},
+				user:    &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "schof"}},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
 						AggregateType: user_es_model.UserAggregate,
@@ -802,7 +820,7 @@ func Test_userSessionByIDs(t *testing.T) {
 					PasswordVerification: time.Now().UTC().Round(1 * time.Second),
 				},
 				agentID: "agentID",
-				user:    &user_model.UserView{ID: "id"},
+				user:    &user_model.UserView{ID: "id", HumanView: &user_model.HumanView{FirstName: "schof"}},
 				eventProvider: &mockEventUser{
 					&es_models.Event{
 						AggregateType: user_es_model.UserAggregate,
@@ -884,8 +902,12 @@ func Test_userByID(t *testing.T) {
 				eventProvider: &mockEventErrUser{},
 			},
 			&user_model.UserView{
-				PasswordChangeRequired: true,
 				State:    user_model.UserStateActive,
+				UserName: "schofseckel",
+				HumanView: &user_model.HumanView{
+					PasswordChangeRequired: true,
+					FirstName:              "schof",
+				},
 			},
 			nil,
 		},
@@ -905,8 +927,12 @@ func Test_userByID(t *testing.T) {
 				},
 			},
 			&user_model.UserView{
-				PasswordChangeRequired: true,
 				State:    user_model.UserStateActive,
+				UserName: "schofseckel",
+				HumanView: &user_model.HumanView{
+					PasswordChangeRequired: true,
+					FirstName:              "schof",
+				},
 			},
 			nil,
 		},
@@ -929,10 +955,14 @@ func Test_userByID(t *testing.T) {
 				},
 			},
 			&user_model.UserView{
-				PasswordChangeRequired: false,
 				ChangeDate: time.Now().UTC().Round(1 * time.Second),
 				State:      user_model.UserStateActive,
+				UserName:   "schofseckel",
+				HumanView: &user_model.HumanView{
+					PasswordChangeRequired: false,
 					PasswordChanged:        time.Now().UTC().Round(1 * time.Second),
+					FirstName:              "schof",
+				},
 			},
 			nil,
 		},

internal/auth/repository/eventsourcing/eventstore/user.go

@@ -74,7 +74,10 @@ func (repo *UserRepo) MyProfile(ctx context.Context) (*model.Profile, error) {
 	if err != nil {
 		return nil, err
 	}
-	return user.GetProfile(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-H2JIT", "Errors.User.NotHuman")
+	}
+	return user.GetProfile()
 }
 
 func (repo *UserRepo) ChangeMyProfile(ctx context.Context, profile *model.Profile) (*model.Profile, error) {
@@ -89,7 +92,10 @@ func (repo *UserRepo) MyEmail(ctx context.Context) (*model.Email, error) {
 	if err != nil {
 		return nil, err
 	}
-	return user.GetEmail(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-oGRpc", "Errors.User.NotHuman")
+	}
+	return user.GetEmail()
 }
 
 func (repo *UserRepo) ChangeMyEmail(ctx context.Context, email *model.Email) (*model.Email, error) {
@@ -120,7 +126,10 @@ func (repo *UserRepo) MyPhone(ctx context.Context) (*model.Phone, error) {
 	if err != nil {
 		return nil, err
 	}
-	return user.GetPhone(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-DTWJb", "Errors.User.NotHuman")
+	}
+	return user.GetPhone()
 }
 
 func (repo *UserRepo) ChangeMyPhone(ctx context.Context, phone *model.Phone) (*model.Phone, error) {
@@ -147,7 +156,10 @@ func (repo *UserRepo) MyAddress(ctx context.Context) (*model.Address, error) {
 	if err != nil {
 		return nil, err
 	}
-	return user.GetAddress(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Ok9nI", "Errors.User.NotHuman")
+	}
+	return user.GetAddress()
 }
 
 func (repo *UserRepo) ChangeMyAddress(ctx context.Context, address *model.Address) (*model.Address, error) {
@@ -190,7 +202,7 @@ func (repo *UserRepo) AddMfaOTP(ctx context.Context, userID string) (*model.OTP,
 	accountName := ""
 	user, err := repo.UserByID(ctx, userID)
 	if err != nil {
-		logging.Log("EVENT-Fk93s").OnError(err).Debug("unable to get user for loginname")
+		logging.Log("EVENT-Fk93s").WithError(err).Debug("unable to get user for loginname")
 	} else {
 		accountName = user.PreferredLoginName
 	}
@@ -201,7 +213,7 @@ func (repo *UserRepo) AddMyMfaOTP(ctx context.Context) (*model.OTP, error) {
 	accountName := ""
 	user, err := repo.UserByID(ctx, authz.GetCtxData(ctx).UserID)
 	if err != nil {
-		logging.Log("EVENT-Ml0sd").OnError(err).Debug("unable to get user for loginname")
+		logging.Log("EVENT-Ml0sd").WithError(err).Debug("unable to get user for loginname")
 	} else {
 		accountName = user.PreferredLoginName
 	}
@@ -298,8 +310,8 @@ func (repo *UserRepo) MyUserChanges(ctx context.Context, lastSequence uint64, li
 		return nil, err
 	}
 	for _, change := range changes.Changes {
-		change.ModifierName = change.ModifierId
+		change.ModifierName = change.ModifierID
-		user, _ := repo.UserEvents.UserByID(ctx, change.ModifierId)
+		user, _ := repo.UserEvents.UserByID(ctx, change.ModifierID)
 		if user != nil {
 			change.ModifierName = user.DisplayName
 		}

internal/auth/repository/eventsourcing/handler/token.go

@@ -3,10 +3,8 @@ package handler
 import (
 	"context"
 	"encoding/json"
-	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 
 	"github.com/caos/logging"
-
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/models"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
@@ -14,6 +12,7 @@ import (
 	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
 	project_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
 	user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
+	view_model "github.com/caos/zitadel/internal/user/repository/view/model"
 )
 
 type Token struct {
@@ -44,7 +43,8 @@ func (u *Token) EventQuery() (*models.SearchQuery, error) {
 
 func (u *Token) Reduce(event *models.Event) (err error) {
 	switch event.Type {
-	case user_es_model.UserProfileChanged:
+	case user_es_model.UserProfileChanged,
+		user_es_model.HumanProfileChanged:
 		user := new(view_model.UserView)
 		user.AppendEvent(event)
 		tokens, err := u.view.TokensByUserID(event.AggregateID)
@@ -55,7 +55,8 @@ func (u *Token) Reduce(event *models.Event) (err error) {
 			token.PreferredLanguage = user.PreferredLanguage
 		}
 		return u.view.PutTokens(tokens, event.Sequence)
-	case user_es_model.SignedOut:
+	case user_es_model.SignedOut,
+		user_es_model.HumanSignedOut:
 		id, err := agentIDFromSession(event)
 		if err != nil {
 			return err
@@ -86,7 +87,6 @@ func (u *Token) Reduce(event *models.Event) (err error) {
 	default:
 		return u.view.ProcessedTokenSequence(event.Sequence)
 	}
-	return nil
 }
 
 func (u *Token) OnError(event *models.Event, err error) error {

internal/auth/repository/eventsourcing/handler/user.go

@@ -56,7 +56,10 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
 	user := new(view_model.UserView)
 	switch event.Type {
 	case es_model.UserAdded,
-		es_model.UserRegistered:
+		es_model.MachineAdded,
+		es_model.HumanAdded,
+		es_model.UserRegistered,
+		es_model.HumanRegistered:
 		err = user.AppendEvent(event)
 		if err != nil {
 			return err
@@ -73,11 +76,24 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
 		es_model.UserReactivated,
 		es_model.UserLocked,
 		es_model.UserUnlocked,
-		es_model.MfaOtpAdded,
+		es_model.MFAOTPAdded,
-		es_model.MfaOtpVerified,
+		es_model.MFAOTPVerified,
-		es_model.MfaOtpRemoved,
+		es_model.MFAOTPRemoved,
-		es_model.MfaInitSkipped,
+		es_model.MFAInitSkipped,
-		es_model.UserPasswordChanged:
+		es_model.UserPasswordChanged,
+		es_model.HumanProfileChanged,
+		es_model.HumanEmailChanged,
+		es_model.HumanEmailVerified,
+		es_model.HumanPhoneChanged,
+		es_model.HumanPhoneVerified,
+		es_model.HumanPhoneRemoved,
+		es_model.HumanAddressChanged,
+		es_model.HumanMFAOTPAdded,
+		es_model.HumanMFAOTPVerified,
+		es_model.HumanMFAOTPRemoved,
+		es_model.HumanMfaInitSkipped,
+		es_model.MachineChanged,
+		es_model.HumanPasswordChanged:
 		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
@@ -176,6 +192,6 @@ func (u *User) fillPreferredLoginNamesOnOrgUsers(event *models.Event) error {
 }
 
 func (u *User) OnError(event *models.Event, err error) error {
-	logging.LogWithFields("SPOOL-is8wa", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
+	logging.LogWithFields("SPOOL-is8aAWima", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
 	return spooler.HandleError(event, err, u.view.GetLatestUserFailedEvent, u.view.ProcessedUserFailedEvent, u.view.ProcessedUserSequence, u.errorCountUntilSkip)
 }

internal/auth/repository/eventsourcing/handler/user_grant.go

@@ -110,7 +110,10 @@ func (u *UserGrant) processUserGrant(event *models.Event) (err error) {
 func (u *UserGrant) processUser(event *models.Event) (err error) {
 	switch event.Type {
 	case usr_es_model.UserProfileChanged,
-		usr_es_model.UserEmailChanged:
+		usr_es_model.UserEmailChanged,
+		usr_es_model.HumanProfileChanged,
+		usr_es_model.HumanEmailChanged,
+		usr_es_model.MachineChanged:
 		grants, err := u.view.UserGrantsByUserID(event.AggregateID)
 		if err != nil {
 			return err
@@ -276,13 +279,13 @@ func suffixRoles(suffix string, roles []string) []string {
 
 func mergeExistingRoles(rolePrefix, suffix string, existingRoles, newRoles []string) []string {
 	mergedRoles := make([]string, 0)
-	for _, existing := range existingRoles {
+	for _, existingRole := range existingRoles {
-		if !strings.HasPrefix(existing, rolePrefix) {
+		if !strings.HasPrefix(existingRole, rolePrefix) {
-			mergedRoles = append(mergedRoles, existing)
+			mergedRoles = append(mergedRoles, existingRole)
 			continue
 		}
-		if suffix != "" && !strings.HasSuffix(existing, suffix) {
+		if suffix != "" && !strings.HasSuffix(existingRole, suffix) {
-			mergedRoles = append(mergedRoles, existing)
+			mergedRoles = append(mergedRoles, existingRole)
 		}
 	}
 	return append(mergedRoles, newRoles...)
@@ -325,10 +328,16 @@ func (u *UserGrant) fillData(grant *view_model.UserGrantView, resourceOwner stri
 
 func (u *UserGrant) fillUserData(grant *view_model.UserGrantView, user *usr_model.User) {
 	grant.UserName = user.UserName
+	if user.Human != nil {
 		grant.FirstName = user.FirstName
 		grant.LastName = user.LastName
+		grant.DisplayName = user.FirstName + " " + user.LastName
 		grant.Email = user.EmailAddress
 	}
+	if user.Machine != nil {
+		grant.DisplayName = user.Machine.Name
+	}
+}
 
 func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) {
 	grant.ProjectName = project.Name

internal/auth/repository/eventsourcing/handler/user_session.go

@@ -42,7 +42,12 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
 		es_model.UserPasswordCheckFailed,
 		es_model.MfaOtpCheckSucceeded,
 		es_model.MfaOtpCheckFailed,
-		es_model.SignedOut:
+		es_model.SignedOut,
+		es_model.HumanPasswordCheckSucceeded,
+		es_model.HumanPasswordCheckFailed,
+		es_model.HumanMfaOtpCheckSucceeded,
+		es_model.HumanMfaOtpCheckFailed,
+		es_model.HumanSignedOut:
 		eventData, err := view_model.UserSessionFromEvent(event)
 		if err != nil {
 			return err
@@ -62,10 +67,13 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
 		}
 		return u.updateSession(session, event)
 	case es_model.UserPasswordChanged,
-		es_model.MfaOtpRemoved,
+		es_model.MFAOTPRemoved,
 		es_model.UserProfileChanged,
 		es_model.UserLocked,
 		es_model.UserDeactivated,
+		es_model.HumanPasswordChanged,
+		es_model.HumanMFAOTPRemoved,
+		es_model.HumanProfileChanged,
 		es_model.DomainClaimed,
 		es_model.UserUserNameChanged:
 		sessions, err := u.view.UserSessionsByUserID(event.AggregateID)

internal/authz/repository/eventsourcing/handler/user_grant.go

@@ -76,7 +76,6 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
 	default:
 		return u.view.ProcessedUserGrantSequence(event.Sequence)
 	}
-	return nil
 }
 
 func (u *UserGrant) processOrg(event *models.Event) (err error) {
@@ -88,7 +87,6 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
 	default:
 		return u.view.ProcessedUserGrantSequence(event.Sequence)
 	}
-	return nil
 }
 
 func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
@@ -194,13 +192,13 @@ func suffixRoles(suffix string, roles []string) []string {
 
 func mergeExistingRoles(rolePrefix, suffix string, existingRoles, newRoles []string) []string {
 	mergedRoles := make([]string, 0)
-	for _, existing := range existingRoles {
+	for _, existingRole := range existingRoles {
-		if !strings.HasPrefix(existing, rolePrefix) {
+		if !strings.HasPrefix(existingRole, rolePrefix) {
-			mergedRoles = append(mergedRoles, existing)
+			mergedRoles = append(mergedRoles, existingRole)
 			continue
 		}
-		if suffix != "" && !strings.HasSuffix(existing, suffix) {
+		if suffix != "" && !strings.HasSuffix(existingRole, suffix) {
-			mergedRoles = append(mergedRoles, existing)
+			mergedRoles = append(mergedRoles, existingRole)
 		}
 	}
 	return append(mergedRoles, newRoles...)

internal/config/systemdefaults/system_defaults.go

@@ -40,6 +40,7 @@ type SecretGenerators struct {
 	EmailVerificationCode    crypto.GeneratorConfig
 	PhoneVerificationCode    crypto.GeneratorConfig
 	PasswordVerificationCode crypto.GeneratorConfig
+	MachineKeySize           uint32
 }
 
 type MultifactorConfig struct {

internal/eventstore/models/aggregate.go

@@ -86,9 +86,6 @@ func (a *Aggregate) Validate() error {
 		return errors.ThrowPreconditionFailed(nil, "MODEL-eBYUW", "resource owner not set")
 	}
 	if a.Precondition != nil && (a.Precondition.Query == nil || a.Precondition.Validation == nil) {
-		if err := a.Precondition.Query.Validate(); err != nil {
-			return err
-		}
 		return errors.ThrowPreconditionFailed(nil, "MODEL-EEUvA", "invalid precondition")
 	}
 

internal/eventstore/spooler/spooler.go

@@ -90,7 +90,7 @@ func (s *spooledHandler) awaitError(cancel func(), errs chan error, workerID str
 	select {
 	case err := <-errs:
 		cancel()
-		logging.Log("SPOOL-K2lst").OnError(err).WithField("view", s.ViewModel()).WithField("worker", workerID).Debug("load canceled")
+		logging.Log("SPOOL-OT8di").OnError(err).WithField("view", s.ViewModel()).WithField("worker", workerID).Debug("load canceled")
 	}
 }
 
@@ -164,7 +164,7 @@ func (s *spooledHandler) lock(ctx context.Context, errs chan<- error, workerID s
 			case <-renewTimer:
 				logging.Log("SPOOL-K2lst").WithField("view", s.ViewModel()).WithField("worker", workerID).Debug("renew")
 				err := s.locker.Renew(workerID, s.ViewModel(), s.MinimumCycleDuration()*2)
-				logging.Log("SPOOL-K2lst").WithField("view", s.ViewModel()).WithField("worker", workerID).WithError(err).Debug("renew done")
+				logging.Log("SPOOL-u4j6k").WithField("view", s.ViewModel()).WithField("worker", workerID).WithError(err).Debug("renew done")
 				if err == nil {
 					locked <- true
 					renewTimer = time.After(renewDuration)

internal/iam/model/iam_member_view.go

@@ -1,8 +1,9 @@
 package model
 
 import (
-	"github.com/caos/zitadel/internal/model"
 	"time"
+
+	"github.com/caos/zitadel/internal/model"
 )
 
 type IAMMemberView struct {

internal/iam/repository/eventsourcing/eventstore.go

@@ -2,6 +2,7 @@ package eventsourcing
 
 import (
 	"context"
+
 	"github.com/caos/zitadel/internal/cache/config"
 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/crypto"
@@ -190,12 +191,12 @@ func (es *IAMEventstore) RemoveIAMMember(ctx context.Context, member *iam_model.
 	if _, m := existing.GetMember(member.UserID); m == nil {
 		return caos_errs.ThrowPreconditionFailed(nil, "EVENT-29skr", "Errors.IAM.MemberNotExisting")
 	}
-	repoIam := model.IAMFromModel(existing)
+	repoIAM := model.IAMFromModel(existing)
 	repoMember := model.IAMMemberFromModel(member)
 
-	projectAggregate := IAMMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIam, repoMember)
+	projectAggregate := IAMMemberRemovedAggregate(es.Eventstore.AggregateCreator(), repoIAM, repoMember)
-	err = es_sdk.Push(ctx, es.PushAggregates, repoIam.AppendEvents, projectAggregate)
+	err = es_sdk.Push(ctx, es.PushAggregates, repoIAM.AppendEvents, projectAggregate)
-	es.iamCache.cacheIAM(repoIam)
+	es.iamCache.cacheIAM(repoIAM)
 	return err
 }
 

internal/iam/repository/eventsourcing/eventstore_test.go

@@ -556,7 +556,7 @@ func TestRemoveIamMember(t *testing.T) {
 	type args struct {
 		es          *IAMEventstore
 		ctx         context.Context
-		existing *model.IAM
+		existingIAM *model.IAM
 		member      *iam_model.IAMMember
 	}
 	type res struct {
@@ -573,7 +573,7 @@ func TestRemoveIamMember(t *testing.T) {
 			args: args{
 				es:  GetMockManipulateIamWithMember(ctrl),
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 					Members:    []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}},
 				},
@@ -588,7 +588,7 @@ func TestRemoveIamMember(t *testing.T) {
 			args: args{
 				es:  GetMockManipulateIam(ctrl),
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 					Members:    []*model.IAMMember{{UserID: "UserID", Roles: []string{"Roles"}}},
 				},
@@ -603,7 +603,7 @@ func TestRemoveIamMember(t *testing.T) {
 			args: args{
 				es:  GetMockManipulateIam(ctrl),
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 				},
 				member: &iam_model.IAMMember{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}, UserID: "UserID", Roles: []string{"Roles"}},

internal/iam/repository/eventsourcing/iam.go

@@ -2,6 +2,7 @@ package eventsourcing
 
 import (
 	"context"
+
 	"github.com/caos/zitadel/internal/errors"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
@@ -83,12 +84,12 @@ func IAMSetIamProjectAggregate(aggCreator *es_models.AggregateCreator, iam *mode
 	}
 }
 
-func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
+func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
 	return func(ctx context.Context) (*es_models.Aggregate, error) {
 		if member == nil {
 			return nil, errors.ThrowPreconditionFailed(nil, "EVENT-9sope", "Errors.Internal")
 		}
-		agg, err := IAMAggregate(ctx, aggCreator, existing)
+		agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
 		if err != nil {
 			return nil, err
 		}
@@ -96,13 +97,13 @@ func IAMMemberAddedAggregate(aggCreator *es_models.AggregateCreator, existing *m
 	}
 }
 
-func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
+func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
 	return func(ctx context.Context) (*es_models.Aggregate, error) {
 		if member == nil {
 			return nil, errors.ThrowPreconditionFailed(nil, "EVENT-38skf", "Errors.Internal")
 		}
 
-		agg, err := IAMAggregate(ctx, aggCreator, existing)
+		agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
 		if err != nil {
 			return nil, err
 		}
@@ -110,12 +111,12 @@ func IAMMemberChangedAggregate(aggCreator *es_models.AggregateCreator, existing
 	}
 }
 
-func IAMMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
+func IAMMemberRemovedAggregate(aggCreator *es_models.AggregateCreator, existingIAM *model.IAM, member *model.IAMMember) func(ctx context.Context) (*es_models.Aggregate, error) {
 	return func(ctx context.Context) (*es_models.Aggregate, error) {
 		if member == nil {
 			return nil, errors.ThrowPreconditionFailed(nil, "EVENT-90lsw", "Errors.Internal")
 		}
-		agg, err := IAMAggregate(ctx, aggCreator, existing)
+		agg, err := IAMAggregate(ctx, aggCreator, existingIAM)
 		if err != nil {
 			return nil, err
 		}

internal/iam/repository/eventsourcing/iam_test.go

@@ -2,12 +2,12 @@ package eventsourcing
 
 import (
 	"context"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
 	"testing"
 
 	"github.com/caos/zitadel/internal/api/authz"
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/models"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
 	"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 )
 
@@ -73,7 +73,7 @@ func TestSetUpStartedAggregate(t *testing.T) {
 func TestSetUpDoneAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -90,7 +90,7 @@ func TestSetUpDoneAggregate(t *testing.T) {
 			name: "setup done aggregate ok",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -102,7 +102,7 @@ func TestSetUpDoneAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -114,7 +114,7 @@ func TestSetUpDoneAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IAMSetupDoneAggregate(tt.args.aggCreator, tt.args.existing)(tt.args.ctx)
+			agg, err := IAMSetupDoneAggregate(tt.args.aggCreator, tt.args.existingIAM)(tt.args.ctx)
 
 			if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -132,7 +132,7 @@ func TestSetUpDoneAggregate(t *testing.T) {
 func TestGlobalOrgAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
 		orgID       string
 		aggCreator  *models.AggregateCreator
 	}
@@ -150,7 +150,7 @@ func TestGlobalOrgAggregate(t *testing.T) {
 			name: "global org set aggregate ok",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
 				orgID:       "orgID",
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
@@ -163,7 +163,7 @@ func TestGlobalOrgAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				orgID:       "orgID",
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
@@ -175,7 +175,7 @@ func TestGlobalOrgAggregate(t *testing.T) {
 			name: "global org empty",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -185,7 +185,7 @@ func TestGlobalOrgAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IAMSetGlobalOrgAggregate(tt.args.aggCreator, tt.args.existing, tt.args.orgID)(tt.args.ctx)
+			agg, err := IAMSetGlobalOrgAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.orgID)(tt.args.ctx)
 
 			if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -203,7 +203,7 @@ func TestGlobalOrgAggregate(t *testing.T) {
 func TestIamProjectAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
 		projectID   string
 		aggCreator  *models.AggregateCreator
 	}
@@ -221,7 +221,7 @@ func TestIamProjectAggregate(t *testing.T) {
 			name: "iam project id set aggregate ok",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
 				projectID:   "projectID",
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
@@ -234,7 +234,7 @@ func TestIamProjectAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				projectID:   "projectID",
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
@@ -246,7 +246,7 @@ func TestIamProjectAggregate(t *testing.T) {
 			name: "project id empty",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -256,7 +256,7 @@ func TestIamProjectAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IAMSetIamProjectAggregate(tt.args.aggCreator, tt.args.existing, tt.args.projectID)(tt.args.ctx)
+			agg, err := IAMSetIamProjectAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.projectID)(tt.args.ctx)
 
 			if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -274,8 +274,8 @@ func TestIamProjectAggregate(t *testing.T) {
 func TestIamMemberAddedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IAMMember
+		newMember   *model.IAMMember
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -292,8 +292,8 @@ func TestIamMemberAddedAggregate(t *testing.T) {
 			name: "iammember added ok",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
-				new:        &model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, UserID: "UserID", Roles: []string{"Roles"}},
+				newMember:   &model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, UserID: "UserID", Roles: []string{"Roles"}},
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -305,7 +305,7 @@ func TestIamMemberAddedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -318,8 +318,8 @@ func TestIamMemberAddedAggregate(t *testing.T) {
 			name: "member nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
-				new:        nil,
+				newMember:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -331,7 +331,7 @@ func TestIamMemberAddedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IAMMemberAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IAMMemberAddedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newMember)(tt.args.ctx)
 
 			if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -352,8 +352,8 @@ func TestIamMemberAddedAggregate(t *testing.T) {
 func TestIamMemberChangedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IAMMember
+		newMember   *model.IAMMember
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -371,8 +371,8 @@ func TestIamMemberChangedAggregate(t *testing.T) {
 			name: "iammember changed ok",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
-				new:        &model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, UserID: "UserID", Roles: []string{"Roles"}},
+				newMember:   &model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, UserID: "UserID", Roles: []string{"Roles"}},
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -384,7 +384,7 @@ func TestIamMemberChangedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -398,8 +398,8 @@ func TestIamMemberChangedAggregate(t *testing.T) {
 			name: "member nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
-				new:        nil,
+				newMember:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -412,7 +412,7 @@ func TestIamMemberChangedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IAMMemberChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IAMMemberChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newMember)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -433,8 +433,8 @@ func TestIamMemberChangedAggregate(t *testing.T) {
 func TestIamMemberRemovedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IAMMember
+		newMember   *model.IAMMember
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -452,8 +452,8 @@ func TestIamMemberRemovedAggregate(t *testing.T) {
 			name: "iammember removed ok",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
-				new:        &model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, UserID: "UserID", Roles: []string{"Roles"}},
+				newMember:   &model.IAMMember{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, UserID: "UserID", Roles: []string{"Roles"}},
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -465,7 +465,7 @@ func TestIamMemberRemovedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -479,8 +479,8 @@ func TestIamMemberRemovedAggregate(t *testing.T) {
 			name: "member nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}},
-				new:        nil,
+				newMember:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -493,7 +493,7 @@ func TestIamMemberRemovedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IAMMemberRemovedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IAMMemberRemovedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newMember)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -515,7 +515,7 @@ func TestIdpConfigAddedAggregate(t *testing.T) {
 	type args struct {
 		ctx        context.Context
 		existing   *model.IAM
-		new        *model.IDPConfig
+		newConfig  *model.IDPConfig
 		aggCreator *models.AggregateCreator
 	}
 	type res struct {
@@ -534,7 +534,7 @@ func TestIdpConfigAddedAggregate(t *testing.T) {
 			args: args{
 				ctx:      authz.NewMockContext("orgID", "userID"),
 				existing: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new: &model.IDPConfig{
+				newConfig: &model.IDPConfig{
 					ObjectRoot:    models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID:   "IDPConfigID",
 					Name:          "Name",
@@ -564,7 +564,7 @@ func TestIdpConfigAddedAggregate(t *testing.T) {
 			args: args{
 				ctx:        authz.NewMockContext("orgID", "userID"),
 				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newConfig:  nil,
 				aggCreator: models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -575,7 +575,7 @@ func TestIdpConfigAddedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IDPConfigAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IDPConfigAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.newConfig)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -601,8 +601,8 @@ func TestIdpConfigAddedAggregate(t *testing.T) {
 func TestIdpConfigurationChangedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IDPConfig
+		newConfig   *model.IDPConfig
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -620,13 +620,13 @@ func TestIdpConfigurationChangedAggregate(t *testing.T) {
 			name: "change idp configuration",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "IDPName"},
 					}},
-				new: &model.IDPConfig{
+				newConfig: &model.IDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					Name:        "NameChanged",
@@ -642,7 +642,7 @@ func TestIdpConfigurationChangedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -654,8 +654,8 @@ func TestIdpConfigurationChangedAggregate(t *testing.T) {
 			name: "idp config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newConfig:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -666,7 +666,7 @@ func TestIdpConfigurationChangedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IDPConfigChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IDPConfigChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newConfig)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -690,8 +690,8 @@ func TestIdpConfigurationChangedAggregate(t *testing.T) {
 func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IDPConfig
+		newConfig   *model.IDPConfig
 		provider    *model.IDPProvider
 		aggCreator  *models.AggregateCreator
 	}
@@ -710,13 +710,13 @@ func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 			name: "remove idp config",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name"},
 					}},
-				new: &model.IDPConfig{
+				newConfig: &model.IDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					Name:        "Name",
@@ -732,13 +732,13 @@ func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 			name: "remove idp config with provider",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name"},
 					}},
-				new: &model.IDPConfig{
+				newConfig: &model.IDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					Name:        "Name",
@@ -757,7 +757,7 @@ func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -769,8 +769,8 @@ func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 			name: "idp config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newConfig:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -781,7 +781,7 @@ func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IDPConfigRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existing, tt.args.new, tt.args.provider)
+			agg, err := IDPConfigRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existingIAM, tt.args.newConfig, tt.args.provider)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -805,8 +805,8 @@ func TestIdpConfigurationRemovedAggregate(t *testing.T) {
 func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IDPConfig
+		newConfig   *model.IDPConfig
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -824,13 +824,13 @@ func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
 			name: "deactivate idp config",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name"},
 					}},
-				new: &model.IDPConfig{
+				newConfig: &model.IDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					Name:        "Name",
@@ -846,7 +846,7 @@ func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -858,8 +858,8 @@ func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
 			name: "idp config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newConfig:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -870,7 +870,7 @@ func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IDPConfigDeactivatedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IDPConfigDeactivatedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newConfig)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -894,8 +894,8 @@ func TestIdpConfigurationDeactivatedAggregate(t *testing.T) {
 func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IDPConfig
+		newConfig   *model.IDPConfig
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -913,13 +913,13 @@ func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
 			name: "deactivate app",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name"},
 					}},
-				new: &model.IDPConfig{
+				newConfig: &model.IDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					Name:        "Name",
@@ -935,7 +935,7 @@ func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -947,8 +947,8 @@ func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
 			name: "idp config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newConfig:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -959,7 +959,7 @@ func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := IDPConfigReactivatedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := IDPConfigReactivatedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newConfig)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -983,8 +983,8 @@ func TestIdpConfigurationReactivatedAggregate(t *testing.T) {
 func TestOIDCConfigChangedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.OIDCIDPConfig
+		newConfig   *model.OIDCIDPConfig
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -1002,13 +1002,13 @@ func TestOIDCConfigChangedAggregate(t *testing.T) {
 			name: "change oidc config",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name", OIDCIDPConfig: &model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}},
 					}},
-				new: &model.OIDCIDPConfig{
+				newConfig: &model.OIDCIDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					ClientID:    "ClientIDChanged",
@@ -1024,13 +1024,13 @@ func TestOIDCConfigChangedAggregate(t *testing.T) {
 			name: "no changes",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name", OIDCIDPConfig: &model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}},
 					}},
-				new: &model.OIDCIDPConfig{
+				newConfig: &model.OIDCIDPConfig{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					IDPConfigID: "IDPConfigID",
 					ClientID:    "ClientID",
@@ -1046,7 +1046,7 @@ func TestOIDCConfigChangedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1058,8 +1058,8 @@ func TestOIDCConfigChangedAggregate(t *testing.T) {
 			name: "oidc config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newConfig:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1070,7 +1070,7 @@ func TestOIDCConfigChangedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := OIDCIDPConfigChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := OIDCIDPConfigChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newConfig)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -1094,8 +1094,8 @@ func TestOIDCConfigChangedAggregate(t *testing.T) {
 func TestLoginPolicyAddedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.LoginPolicy
+		newPolicy   *model.LoginPolicy
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -1113,13 +1113,13 @@ func TestLoginPolicyAddedAggregate(t *testing.T) {
 			name: "add login polciy",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					IDPs: []*model.IDPConfig{
 						{IDPConfigID: "IDPConfigID", Name: "Name", OIDCIDPConfig: &model.OIDCIDPConfig{IDPConfigID: "IDPConfigID", ClientID: "ClientID"}},
 					}},
-				new: &model.LoginPolicy{
+				newPolicy: &model.LoginPolicy{
 					ObjectRoot:            models.ObjectRoot{AggregateID: "AggregateID"},
 					AllowUsernamePassword: true,
 				},
@@ -1134,7 +1134,7 @@ func TestLoginPolicyAddedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1146,8 +1146,8 @@ func TestLoginPolicyAddedAggregate(t *testing.T) {
 			name: "login policy config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newPolicy:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1158,7 +1158,7 @@ func TestLoginPolicyAddedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := LoginPolicyAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := LoginPolicyAddedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -1182,8 +1182,8 @@ func TestLoginPolicyAddedAggregate(t *testing.T) {
 func TestLoginPolicyChangedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.LoginPolicy
+		newPolicy   *model.LoginPolicy
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -1201,13 +1201,13 @@ func TestLoginPolicyChangedAggregate(t *testing.T) {
 			name: "change login policy",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					DefaultLoginPolicy: &model.LoginPolicy{
 						AllowUsernamePassword: true,
 					}},
-				new: &model.LoginPolicy{
+				newPolicy: &model.LoginPolicy{
 					ObjectRoot:            models.ObjectRoot{AggregateID: "AggregateID"},
 					AllowUsernamePassword: true,
 					AllowRegister:         true,
@@ -1223,13 +1223,13 @@ func TestLoginPolicyChangedAggregate(t *testing.T) {
 			name: "no changes",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					DefaultLoginPolicy: &model.LoginPolicy{
 						AllowUsernamePassword: true,
 					}},
-				new: &model.LoginPolicy{
+				newPolicy: &model.LoginPolicy{
 					ObjectRoot:            models.ObjectRoot{AggregateID: "AggregateID"},
 					AllowUsernamePassword: true,
 				},
@@ -1244,7 +1244,7 @@ func TestLoginPolicyChangedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1256,8 +1256,8 @@ func TestLoginPolicyChangedAggregate(t *testing.T) {
 			name: "login policy config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newPolicy:   nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1268,7 +1268,7 @@ func TestLoginPolicyChangedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := LoginPolicyChangedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := LoginPolicyChangedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newPolicy)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -1292,8 +1292,8 @@ func TestLoginPolicyChangedAggregate(t *testing.T) {
 func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
 	type args struct {
 		ctx         context.Context
-		existing   *model.IAM
+		existingIAM *model.IAM
-		new        *model.IDPProvider
+		newProvider *model.IDPProvider
 		aggCreator  *models.AggregateCreator
 	}
 	type res struct {
@@ -1311,13 +1311,13 @@ func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
 			name: "add idp provider to login policy",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					DefaultLoginPolicy: &model.LoginPolicy{
 						AllowUsernamePassword: true,
 					}},
-				new: &model.IDPProvider{
+				newProvider: &model.IDPProvider{
 					ObjectRoot:  models.ObjectRoot{AggregateID: "AggregateID"},
 					Type:        int32(iam_model.IDPProviderTypeSystem),
 					IDPConfigID: "IDPConfigID",
@@ -1333,7 +1333,7 @@ func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1345,8 +1345,8 @@ func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
 			name: "idp config config nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM: &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newProvider: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1357,7 +1357,7 @@ func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := LoginPolicyIDPProviderAddedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := LoginPolicyIDPProviderAddedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newProvider)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))
@@ -1381,8 +1381,8 @@ func TestLoginPolicyIdpProviderAddedAggregate(t *testing.T) {
 func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
 	type args struct {
 		ctx           context.Context
-		existing   *model.IAM
+		existingIAM   *model.IAM
-		new        *model.IDPProviderID
+		newProviderID *model.IDPProviderID
 		aggCreator    *models.AggregateCreator
 	}
 	type res struct {
@@ -1400,7 +1400,7 @@ func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
 			name: "remove idp provider to login policy",
 			args: args{
 				ctx: authz.NewMockContext("orgID", "userID"),
-				existing: &model.IAM{
+				existingIAM: &model.IAM{
 					ObjectRoot:   models.ObjectRoot{AggregateID: "AggregateID"},
 					IAMProjectID: "IAMProjectID",
 					DefaultLoginPolicy: &model.LoginPolicy{
@@ -1409,7 +1409,7 @@ func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
 							{IDPConfigID: "IDPConfigID", Type: int32(iam_model.IDPProviderTypeSystem)},
 						},
 					}},
-				new: &model.IDPProviderID{
+				newProviderID: &model.IDPProviderID{
 					IDPConfigID: "IDPConfigID",
 				},
 				aggCreator: models.NewAggregateCreator("Test"),
@@ -1423,7 +1423,7 @@ func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
 			name: "existing iam nil",
 			args: args{
 				ctx:         authz.NewMockContext("orgID", "userID"),
-				existing:   nil,
+				existingIAM: nil,
 				aggCreator:  models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1435,8 +1435,8 @@ func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
 			name: "idp config config nil",
 			args: args{
 				ctx:           authz.NewMockContext("orgID", "userID"),
-				existing:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
+				existingIAM:   &model.IAM{ObjectRoot: models.ObjectRoot{AggregateID: "AggregateID"}, IAMProjectID: "IAMProjectID"},
-				new:        nil,
+				newProviderID: nil,
 				aggCreator:    models.NewAggregateCreator("Test"),
 			},
 			res: res{
@@ -1447,7 +1447,7 @@ func TestLoginPolicyIdpProviderRemovedAggregate(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			agg, err := LoginPolicyIDPProviderRemovedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx)
+			agg, err := LoginPolicyIDPProviderRemovedAggregate(tt.args.aggCreator, tt.args.existingIAM, tt.args.newProviderID)(tt.args.ctx)
 
 			if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen {
 				t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events))

internal/key/repository/eventsourcing/eventstore.go

@@ -64,6 +64,7 @@ func (es *KeyEventstore) GenerateKeyPair(ctx context.Context, usage key_model.Ke
 		},
 	})
 }
+
 func (es *KeyEventstore) CreateKeyPair(ctx context.Context, pair *key_model.KeyPair) (*key_model.KeyPair, error) {
 	if !pair.IsValid() {
 		return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-G34ga", "Name is required")

internal/management/repository/eventsourcing/eventstore/project.go

@@ -501,8 +501,8 @@ func (repo *ProjectRepo) ChangeProjectGrant(ctx context.Context, grant *proj_mod
 			ProjectID:  grant.ProjectID,
 			UserID:     grant.UserID,
 		}
-		existing := changed.RemoveRoleKeysIfExisting(removedRoles)
+		roleDeleted := changed.RemoveRoleKeysIfExisting(removedRoles)
-		if existing {
+		if roleDeleted {
 			_, agg, err := repo.UserGrantEvents.PrepareChangeUserGrant(ctx, changed, true)
 			if err != nil {
 				return nil, err

internal/management/repository/eventsourcing/eventstore/user.go

@@ -2,20 +2,20 @@ package eventstore
 
 import (
 	"context"
-	"github.com/caos/zitadel/internal/config/systemdefaults"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	global_model "github.com/caos/zitadel/internal/model"
-	"github.com/caos/zitadel/internal/view/repository"
 
 	"github.com/caos/logging"
-
 	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/config/systemdefaults"
+	"github.com/caos/zitadel/internal/errors"
+	caos_errs "github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/management/repository/eventsourcing/view"
+	global_model "github.com/caos/zitadel/internal/model"
 	org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	policy_event "github.com/caos/zitadel/internal/policy/repository/eventsourcing"
 	usr_model "github.com/caos/zitadel/internal/user/model"
 	usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/user/repository/view/model"
+	"github.com/caos/zitadel/internal/view/repository"
 )
 
 type UserRepo struct {
@@ -123,8 +123,8 @@ func (repo *UserRepo) UserChanges(ctx context.Context, id string, lastSequence u
 		return nil, err
 	}
 	for _, change := range changes.Changes {
-		change.ModifierName = change.ModifierId
+		change.ModifierName = change.ModifierID
-		user, _ := repo.UserEvents.UserByID(ctx, change.ModifierId)
+		user, _ := repo.UserEvents.UserByID(ctx, change.ModifierID)
 		if user != nil {
 			change.ModifierName = user.DisplayName
 		}
@@ -149,6 +149,9 @@ func (repo *UserRepo) UserMfas(ctx context.Context, userID string) ([]*usr_model
 	if err != nil {
 		return nil, err
 	}
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-xx0hV", "Errors.User.NotHuman")
+	}
 	if user.OTPState == usr_model.MfaStateUnspecified {
 		return []*usr_model.MultiFactor{}, nil
 	}
@@ -172,7 +175,51 @@ func (repo *UserRepo) ProfileByID(ctx context.Context, userID string) (*usr_mode
 	if err != nil {
 		return nil, err
 	}
-	return user.GetProfile(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-gDFC2", "Errors.User.NotHuman")
+	}
+	return user.GetProfile()
+}
+
+func (repo *UserRepo) ChangeMachine(ctx context.Context, machine *usr_model.Machine) (*usr_model.Machine, error) {
+	return repo.UserEvents.ChangeMachine(ctx, machine)
+}
+
+func (repo *UserRepo) GetMachineKey(ctx context.Context, userID, keyID string) (*usr_model.MachineKeyView, error) {
+	key, err := repo.View.MachineKeyByIDs(userID, keyID)
+	if err != nil {
+		return nil, err
+	}
+	return model.MachineKeyToModel(key), nil
+}
+
+func (repo *UserRepo) SearchMachineKeys(ctx context.Context, request *usr_model.MachineKeySearchRequest) (*usr_model.MachineKeySearchResponse, error) {
+	request.EnsureLimit(repo.SearchLimit)
+	sequence, seqErr := repo.View.GetLatestMachineKeySequence()
+	logging.Log("EVENT-Sk8fs").OnError(seqErr).Warn("could not read latest user sequence")
+	keys, count, err := repo.View.SearchMachineKeys(request)
+	if err != nil {
+		return nil, err
+	}
+	result := &usr_model.MachineKeySearchResponse{
+		Offset:      request.Offset,
+		Limit:       request.Limit,
+		TotalResult: count,
+		Result:      model.MachineKeysToModel(keys),
+	}
+	if seqErr == nil {
+		result.Sequence = sequence.CurrentSequence
+		result.Timestamp = sequence.CurrentTimestamp
+	}
+	return result, nil
+}
+
+func (repo *UserRepo) AddMachineKey(ctx context.Context, key *usr_model.MachineKey) (*usr_model.MachineKey, error) {
+	return repo.UserEvents.AddMachineKey(ctx, key)
+}
+
+func (repo *UserRepo) RemoveMachineKey(ctx context.Context, userID, keyID string) error {
+	return repo.UserEvents.RemoveMachineKey(ctx, userID, keyID)
 }
 
 func (repo *UserRepo) ChangeProfile(ctx context.Context, profile *usr_model.Profile) (*usr_model.Profile, error) {
@@ -192,7 +239,10 @@ func (repo *UserRepo) EmailByID(ctx context.Context, userID string) (*usr_model.
 	if err != nil {
 		return nil, err
 	}
-	return user.GetEmail(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-pt7HY", "Errors.User.NotHuman")
+	}
+	return user.GetEmail()
 }
 
 func (repo *UserRepo) ChangeEmail(ctx context.Context, email *usr_model.Email) (*usr_model.Email, error) {
@@ -208,7 +258,10 @@ func (repo *UserRepo) PhoneByID(ctx context.Context, userID string) (*usr_model.
 	if err != nil {
 		return nil, err
 	}
-	return user.GetPhone(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-hliQl", "Errors.User.NotHuman")
+	}
+	return user.GetPhone()
 }
 
 func (repo *UserRepo) ChangePhone(ctx context.Context, email *usr_model.Phone) (*usr_model.Phone, error) {
@@ -228,7 +281,10 @@ func (repo *UserRepo) AddressByID(ctx context.Context, userID string) (*usr_mode
 	if err != nil {
 		return nil, err
 	}
-	return user.GetAddress(), nil
+	if user.HumanView == nil {
+		return nil, errors.ThrowPreconditionFailed(nil, "EVENT-LQh4I", "Errors.User.NotHuman")
+	}
+	return user.GetAddress()
 }
 
 func (repo *UserRepo) ChangeAddress(ctx context.Context, address *usr_model.Address) (*usr_model.Address, error) {

internal/management/repository/eventsourcing/handler/handler.go

@@ -1,13 +1,13 @@
 package handler
 
 import (
-	"github.com/caos/zitadel/internal/config/systemdefaults"
-	iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
 	"time"
 
+	"github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/config/types"
 	"github.com/caos/zitadel/internal/eventstore"
 	"github.com/caos/zitadel/internal/eventstore/query"
+	iam_event "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/management/repository/eventsourcing/view"
 	org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
@@ -48,6 +48,7 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, ev
 		&OrgMember{handler: handler{view, bulkLimit, configs.cycleDuration("OrgMember"), errorCount}, userEvents: repos.UserEvents},
 		&OrgDomain{handler: handler{view, bulkLimit, configs.cycleDuration("OrgDomain"), errorCount}},
 		&UserMembership{handler: handler{view, bulkLimit, configs.cycleDuration("UserMembership"), errorCount}, orgEvents: repos.OrgEvents, projectEvents: repos.ProjectEvents},
+		&MachineKeys{handler: handler{view, bulkLimit, configs.cycleDuration("MachineKeys"), errorCount}},
 		&IDPConfig{handler: handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount}},
 		&LoginPolicy{handler: handler{view, bulkLimit, configs.cycleDuration("LoginPolicy"), errorCount}},
 		&IDPProvider{handler: handler{view, bulkLimit, configs.cycleDuration("IDPProvider"), errorCount}, systemDefaults: defaults, iamEvents: repos.IamEvents, orgEvents: repos.OrgEvents},