feat: iam members in admin api (#272)

* feat: iam members in admin api * feat: add error id in translate error * fix: resolve merge conflicts
2025-08-11 21:37:32 +00:00 · 2020-06-25 08:12:29 +02:00
parent 8bfa1a083c
commit 62b654ea18
27 changed files with 3023 additions and 363 deletions
--- a/internal/admin/repository/eventsourcing/eventstore/iam.go
+++ b/internal/admin/repository/eventsourcing/eventstore/iam.go
@@ -0,0 +1,67 @@
+package eventstore
+
+import (
+	"context"
+	admin_view "github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
+	"github.com/caos/zitadel/internal/config/systemdefaults"
+	iam_es_model "github.com/caos/zitadel/internal/iam/repository/view/model"
+	"strings"
+
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	iam_es "github.com/caos/zitadel/internal/iam/repository/eventsourcing"
+)
+
+type IamRepository struct {
+	SearchLimit uint64
+	*iam_es.IamEventstore
+	View           *admin_view.View
+	SystemDefaults systemdefaults.SystemDefaults
+	Roles          []string
+}
+
+func (repo *IamRepository) IamMemberByID(ctx context.Context, orgID, userID string) (*iam_model.IamMemberView, error) {
+	member, err := repo.View.IamMemberByIDs(orgID, userID)
+	if err != nil {
+		return nil, err
+	}
+	return iam_es_model.IamMemberToModel(member), nil
+}
+
+func (repo *IamRepository) AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
+	member.AggregateID = repo.SystemDefaults.IamID
+	return repo.IamEventstore.AddIamMember(ctx, member)
+}
+
+func (repo *IamRepository) ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error) {
+	member.AggregateID = repo.SystemDefaults.IamID
+	return repo.IamEventstore.ChangeIamMember(ctx, member)
+}
+
+func (repo *IamRepository) RemoveIamMember(ctx context.Context, userID string) error {
+	member := iam_model.NewIamMember(repo.SystemDefaults.IamID, userID)
+	return repo.IamEventstore.RemoveIamMember(ctx, member)
+}
+
+func (repo *IamRepository) SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error) {
+	request.EnsureLimit(repo.SearchLimit)
+	members, count, err := repo.View.SearchIamMembers(request)
+	if err != nil {
+		return nil, err
+	}
+	return &iam_model.IamMemberSearchResponse{
+		Offset:      request.Offset,
+		Limit:       request.Limit,
+		TotalResult: uint64(count),
+		Result:      iam_es_model.IamMembersToModel(members),
+	}, nil
+}
+
+func (repo *IamRepository) GetIamMemberRoles() []string {
+	roles := make([]string, 0)
+	for _, roleMap := range repo.Roles {
+		if strings.HasPrefix(roleMap, "IAM") {
+			roles = append(roles, roleMap)
+		}
+	}
+	return roles
+}
--- a/internal/admin/repository/eventsourcing/handler/handler.go
+++ b/internal/admin/repository/eventsourcing/handler/handler.go
@@ -6,7 +6,6 @@ import (
 	"github.com/caos/zitadel/internal/admin/repository/eventsourcing/view"
 	"github.com/caos/zitadel/internal/config/types"
 	"github.com/caos/zitadel/internal/eventstore/spooler"
-	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
 	usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 )

@@ -24,13 +23,13 @@ type handler struct {
 }

 type EventstoreRepos struct {
-	ProjectEvents *proj_event.ProjectEventstore
-	UserEvents    *usr_event.UserEventstore
+	UserEvents *usr_event.UserEventstore
 }

-func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View) []spooler.Handler {
+func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, repos EventstoreRepos) []spooler.Handler {
 	return []spooler.Handler{
 		&Org{handler: handler{view, bulkLimit, configs.cycleDuration("Org"), errorCount}},
+		&IamMember{handler: handler{view, bulkLimit, configs.cycleDuration("IamMember"), errorCount}, userEvents: repos.UserEvents},
 	}
 }

--- a/internal/admin/repository/eventsourcing/handler/iam_member.go
+++ b/internal/admin/repository/eventsourcing/handler/iam_member.go
@@ -0,0 +1,127 @@
+package handler
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+	iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
+	"time"
+
+	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
+	"github.com/caos/zitadel/internal/eventstore/spooler"
+	usr_model "github.com/caos/zitadel/internal/user/model"
+	usr_event "github.com/caos/zitadel/internal/user/repository/eventsourcing"
+	usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
+)
+
+type IamMember struct {
+	handler
+	userEvents *usr_event.UserEventstore
+}
+
+const (
+	iamMemberTable = "admin_api.iam_members"
+)
+
+func (m *IamMember) MinimumCycleDuration() time.Duration { return m.cycleDuration }
+
+func (m *IamMember) ViewModel() string {
+	return iamMemberTable
+}
+
+func (m *IamMember) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := m.view.GetLatestIamMemberSequence()
+	if err != nil {
+		return nil, err
+	}
+	return es_models.NewSearchQuery().
+		AggregateTypeFilter(model.IamAggregate, usr_es_model.UserAggregate).
+		LatestSequenceFilter(sequence), nil
+}
+
+func (m *IamMember) Reduce(event *models.Event) (err error) {
+	switch event.AggregateType {
+	case model.IamAggregate:
+		err = m.processIamMember(event)
+	case usr_es_model.UserAggregate:
+		err = m.processUser(event)
+	}
+	return err
+}
+
+func (m *IamMember) processIamMember(event *models.Event) (err error) {
+	member := new(iam_model.IamMemberView)
+	switch event.Type {
+	case model.IamMemberAdded:
+		member.AppendEvent(event)
+		m.fillData(member)
+	case model.IamMemberChanged:
+		err := member.SetData(event)
+		if err != nil {
+			return err
+		}
+		member, err = m.view.IamMemberByIDs(event.AggregateID, member.UserID)
+		if err != nil {
+			return err
+		}
+		member.AppendEvent(event)
+	case model.IamMemberRemoved:
+		err := member.SetData(event)
+		if err != nil {
+			return err
+		}
+		return m.view.DeleteIamMember(event.AggregateID, member.UserID, event.Sequence)
+	default:
+		return m.view.ProcessedIamMemberSequence(event.Sequence)
+	}
+	if err != nil {
+		return err
+	}
+	return m.view.PutIamMember(member, member.Sequence)
+}
+
+func (m *IamMember) processUser(event *models.Event) (err error) {
+	switch event.Type {
+	case usr_es_model.UserProfileChanged,
+		usr_es_model.UserEmailChanged:
+		members, err := m.view.IamMembersByUserID(event.AggregateID)
+		if err != nil {
+			return err
+		}
+		user, err := m.userEvents.UserByID(context.Background(), event.AggregateID)
+		if err != nil {
+			return err
+		}
+		for _, member := range members {
+			m.fillUserData(member, user)
+			err = m.view.PutIamMember(member, event.Sequence)
+			if err != nil {
+				return err
+			}
+		}
+	default:
+		return m.view.ProcessedIamMemberSequence(event.Sequence)
+	}
+	return nil
+}
+
+func (m *IamMember) fillData(member *iam_model.IamMemberView) (err error) {
+	user, err := m.userEvents.UserByID(context.Background(), member.UserID)
+	if err != nil {
+		return err
+	}
+	m.fillUserData(member, user)
+	return nil
+}
+
+func (m *IamMember) fillUserData(member *iam_model.IamMemberView, user *usr_model.User) {
+	member.UserName = user.UserName
+	member.FirstName = user.FirstName
+	member.LastName = user.LastName
+	member.Email = user.EmailAddress
+}
+func (m *IamMember) OnError(event *models.Event, err error) error {
+	logging.LogWithFields("SPOOL-Ld9ow", "id", event.AggregateID).WithError(err).Warn("something went wrong in iammember handler")
+	return spooler.HandleError(event, err, m.view.GetLatestIamMemberFailedEvent, m.view.ProcessedIamMemberFailedEvent, m.view.ProcessedIamMemberSequence, m.errorCountUntilSkip)
+}
--- a/internal/admin/repository/eventsourcing/repository.go
+++ b/internal/admin/repository/eventsourcing/repository.go
@@ -2,6 +2,7 @@ package eventsourcing

 import (
 	"context"
+	"github.com/caos/zitadel/internal/admin/repository/eventsourcing/handler"
 	es_policy "github.com/caos/zitadel/internal/policy/repository/eventsourcing"

 	"github.com/caos/logging"
@@ -30,10 +31,11 @@ type Config struct {
 type EsRepository struct {
 	spooler *es_spol.Spooler
 	eventstore.OrgRepo
+	eventstore.IamRepository
 	eventstore.AdministratorRepo
 }

-func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults) (*EsRepository, error) {
+func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRepository, error) {
 	es, err := es_int.Start(conf.Eventstore)
 	if err != nil {
 		return nil, err
@@ -84,7 +86,7 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults) (
 	err = setup.StartSetup(systemDefaults, eventstoreRepos).Execute(ctx)
 	logging.Log("SERVE-djs3R").OnError(err).Panic("failed to execute setup")

-	spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient)
+	spool := spooler.StartSpooler(conf.Spooler, es, view, sqlClient, handler.EventstoreRepos{UserEvents: user})

 	return &EsRepository{
 		spooler: spool,
@@ -96,6 +98,13 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults) (
 			View:             view,
 			SearchLimit:      conf.SearchLimit,
 		},
+		IamRepository: eventstore.IamRepository{
+			IamEventstore:  iam,
+			View:           view,
+			SystemDefaults: systemDefaults,
+			SearchLimit:    conf.SearchLimit,
+			Roles:          roles,
+		},
 		AdministratorRepo: eventstore.AdministratorRepo{
 			View: view,
 		},
--- a/internal/admin/repository/eventsourcing/spooler/spooler.go
+++ b/internal/admin/repository/eventsourcing/spooler/spooler.go
@@ -16,12 +16,12 @@ type SpoolerConfig struct {
 	Handlers              handler.Configs
 }

-func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB) *spooler.Spooler {
+func StartSpooler(c SpoolerConfig, es eventstore.Eventstore, view *view.View, sql *sql.DB, repos handler.EventstoreRepos) *spooler.Spooler {
 	spoolerConfig := spooler.Config{
 		Eventstore:      es,
 		Locker:          &locker{dbClient: sql},
 		ConcurrentTasks: c.ConcurrentTasks,
-		ViewHandlers:    handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view),
+		ViewHandlers:    handler.Register(c.Handlers, c.BulkLimit, c.FailureCountUntilSkip, view, repos),
 	}
 	spool := spoolerConfig.New()
 	spool.Start()
--- a/internal/admin/repository/eventsourcing/view/iam_member.go
+++ b/internal/admin/repository/eventsourcing/view/iam_member.go
@@ -0,0 +1,56 @@
+package view
+
+import (
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/iam/repository/view"
+	"github.com/caos/zitadel/internal/iam/repository/view/model"
+	global_view "github.com/caos/zitadel/internal/view/repository"
+)
+
+const (
+	iamMemberTable = "admin_api.iam_members"
+)
+
+func (v *View) IamMemberByIDs(orgID, userID string) (*model.IamMemberView, error) {
+	return view.IamMemberByIDs(v.Db, iamMemberTable, orgID, userID)
+}
+
+func (v *View) SearchIamMembers(request *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, int, error) {
+	return view.SearchIamMembers(v.Db, iamMemberTable, request)
+}
+
+func (v *View) IamMembersByUserID(userID string) ([]*model.IamMemberView, error) {
+	return view.IamMembersByUserID(v.Db, iamMemberTable, userID)
+}
+
+func (v *View) PutIamMember(org *model.IamMemberView, sequence uint64) error {
+	err := view.PutIamMember(v.Db, iamMemberTable, org)
+	if err != nil {
+		return err
+	}
+	return v.ProcessedIamMemberSequence(sequence)
+}
+
+func (v *View) DeleteIamMember(orgID, userID string, eventSequence uint64) error {
+	err := view.DeleteIamMember(v.Db, iamMemberTable, orgID, userID)
+	if err != nil {
+		return nil
+	}
+	return v.ProcessedIamMemberSequence(eventSequence)
+}
+
+func (v *View) GetLatestIamMemberSequence() (uint64, error) {
+	return v.latestSequence(iamMemberTable)
+}
+
+func (v *View) ProcessedIamMemberSequence(eventSequence uint64) error {
+	return v.saveCurrentSequence(iamMemberTable, eventSequence)
+}
+
+func (v *View) GetLatestIamMemberFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
+	return v.latestFailedEvent(iamMemberTable, sequence)
+}
+
+func (v *View) ProcessedIamMemberFailedEvent(failedEvent *global_view.FailedEvent) error {
+	return v.saveFailedEvent(failedEvent)
+}
--- a/internal/admin/repository/iam.go
+++ b/internal/admin/repository/iam.go
@@ -0,0 +1,15 @@
+package repository
+
+import (
+	"context"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+)
+
+type IamRepository interface {
+	SearchIamMembers(ctx context.Context, request *iam_model.IamMemberSearchRequest) (*iam_model.IamMemberSearchResponse, error)
+	AddIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
+	ChangeIamMember(ctx context.Context, member *iam_model.IamMember) (*iam_model.IamMember, error)
+	RemoveIamMember(ctx context.Context, userID string) error
+
+	GetIamMemberRoles() []string
+}
--- a/internal/admin/repository/repository.go
+++ b/internal/admin/repository/repository.go
@@ -5,5 +5,6 @@ import "context"
 type Repository interface {
 	Health(ctx context.Context) error
 	OrgRepository
+	IamRepository
 	AdministratorRepository
 }
--- a/internal/api/grpc/caos_errors.go
+++ b/internal/api/grpc/caos_errors.go
@@ -12,40 +12,41 @@ func CaosToGRPCError(err error, ctx context.Context, translator *i18n.Translator
 	if err == nil {
 		return nil
 	}
-	code, msg, ok := Extract(err)
+	code, msg, id, ok := Extract(err)
 	if !ok {
 		return status.Convert(err).Err()
 	}
 	if translator != nil {
 		msg = translator.LocalizeFromCtx(ctx, msg, nil)
-
+		msg = msg + "(" + id + ")"
 	}
 	return status.Error(code, msg)
 }

-func Extract(err error) (c codes.Code, msg string, ok bool) {
+func Extract(err error) (c codes.Code, msg, id string, ok bool) {
 	switch caosErr := err.(type) {
 	case *caos_errs.AlreadyExistsError:
-		return codes.AlreadyExists, caosErr.GetMessage(), true
+
+		return codes.AlreadyExists, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.DeadlineExceededError:
-		return codes.DeadlineExceeded, caosErr.GetMessage(), true
+		return codes.DeadlineExceeded, caosErr.GetMessage(), caosErr.GetID(), true
 	case caos_errs.InternalError:
-		return codes.Internal, caosErr.GetMessage(), true
+		return codes.Internal, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.InvalidArgumentError:
-		return codes.InvalidArgument, caosErr.GetMessage(), true
+		return codes.InvalidArgument, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.NotFoundError:
-		return codes.NotFound, caosErr.GetMessage(), true
+		return codes.NotFound, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.PermissionDeniedError:
-		return codes.PermissionDenied, caosErr.GetMessage(), true
+		return codes.PermissionDenied, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.PreconditionFailedError:
-		return codes.FailedPrecondition, caosErr.GetMessage(), true
+		return codes.FailedPrecondition, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.UnauthenticatedError:
-		return codes.Unauthenticated, caosErr.GetMessage(), true
+		return codes.Unauthenticated, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.UnavailableError:
-		return codes.Unavailable, caosErr.GetMessage(), true
+		return codes.Unavailable, caosErr.GetMessage(), caosErr.GetID(), true
 	case *caos_errs.UnimplementedError:
-		return codes.Unimplemented, caosErr.GetMessage(), true
+		return codes.Unimplemented, caosErr.GetMessage(), caosErr.GetID(), true
 	default:
-		return codes.Unknown, err.Error(), false
+		return codes.Unknown, err.Error(), "", false
 	}
 }
--- a/internal/iam/model/iam_member.go
+++ b/internal/iam/model/iam_member.go
@@ -9,8 +9,8 @@ type IamMember struct {
 	Roles  []string
 }

-func NewIamMember(projectID, userID string) *IamMember {
-	return &IamMember{ObjectRoot: es_models.ObjectRoot{AggregateID: projectID}, UserID: userID}
+func NewIamMember(iamID, userID string) *IamMember {
+	return &IamMember{ObjectRoot: es_models.ObjectRoot{AggregateID: iamID}, UserID: userID}
 }

 func (i *IamMember) IsValid() bool {
--- a/internal/iam/model/iam_member_view.go
+++ b/internal/iam/model/iam_member_view.go
@@ -0,0 +1,58 @@
+package model
+
+import (
+	"github.com/caos/zitadel/internal/model"
+	"time"
+)
+
+type IamMemberView struct {
+	UserID       string
+	IamID        string
+	UserName     string
+	Email        string
+	FirstName    string
+	LastName     string
+	Roles        []string
+	CreationDate time.Time
+	ChangeDate   time.Time
+	Sequence     uint64
+}
+
+type IamMemberSearchRequest struct {
+	Offset        uint64
+	Limit         uint64
+	SortingColumn IamMemberSearchKey
+	Asc           bool
+	Queries       []*IamMemberSearchQuery
+}
+
+type IamMemberSearchKey int32
+
+const (
+	IamMemberSearchKeyUnspecified IamMemberSearchKey = iota
+	IamMemberSearchKeyUserName
+	IamMemberSearchKeyEmail
+	IamMemberSearchKeyFirstName
+	IamMemberSearchKeyLastName
+	IamMemberSearchKeyIamID
+	IamMemberSearchKeyUserID
+)
+
+type IamMemberSearchQuery struct {
+	Key    IamMemberSearchKey
+	Method model.SearchMethod
+	Value  interface{}
+}
+
+type IamMemberSearchResponse struct {
+	Offset      uint64
+	Limit       uint64
+	TotalResult uint64
+	Result      []*IamMemberView
+}
+
+func (r *IamMemberSearchRequest) EnsureLimit(limit uint64) {
+	if r.Limit == 0 || r.Limit > limit {
+		r.Limit = limit
+	}
+}
--- a/internal/iam/repository/view/iam_member_view.go
+++ b/internal/iam/repository/view/iam_member_view.go
@@ -0,0 +1,59 @@
+package view
+
+import (
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/iam/repository/view/model"
+	global_model "github.com/caos/zitadel/internal/model"
+	"github.com/caos/zitadel/internal/view/repository"
+	"github.com/jinzhu/gorm"
+)
+
+func IamMemberByIDs(db *gorm.DB, table, orgID, userID string) (*model.IamMemberView, error) {
+	member := new(model.IamMemberView)
+
+	orgIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyIamID, Value: orgID, Method: global_model.SearchMethodEquals}
+	userIDQuery := &model.IamMemberSearchQuery{Key: iam_model.IamMemberSearchKeyUserID, Value: userID, Method: global_model.SearchMethodEquals}
+	query := repository.PrepareGetByQuery(table, orgIDQuery, userIDQuery)
+	err := query(db, member)
+	return member, err
+}
+
+func SearchIamMembers(db *gorm.DB, table string, req *iam_model.IamMemberSearchRequest) ([]*model.IamMemberView, int, error) {
+	members := make([]*model.IamMemberView, 0)
+	query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
+	count, err := query(db, &members)
+	if err != nil {
+		return nil, 0, err
+	}
+	return members, count, nil
+}
+func IamMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.IamMemberView, error) {
+	members := make([]*model.IamMemberView, 0)
+	queries := []*iam_model.IamMemberSearchQuery{
+		{
+			Key:    iam_model.IamMemberSearchKeyUserID,
+			Value:  userID,
+			Method: global_model.SearchMethodEquals,
+		},
+	}
+	query := repository.PrepareSearchQuery(table, model.IamMemberSearchRequest{Queries: queries})
+	_, err := query(db, &members)
+	if err != nil {
+		return nil, err
+	}
+	return members, nil
+}
+
+func PutIamMember(db *gorm.DB, table string, role *model.IamMemberView) error {
+	save := repository.PrepareSave(table)
+	return save(db, role)
+}
+
+func DeleteIamMember(db *gorm.DB, table, orgID, userID string) error {
+	member, err := IamMemberByIDs(db, table, orgID, userID)
+	if err != nil {
+		return err
+	}
+	delete := repository.PrepareDeleteByObject(table, member)
+	return delete(db)
+}
--- a/internal/iam/repository/view/model/iam_member.go
+++ b/internal/iam/repository/view/model/iam_member.go
@@ -0,0 +1,100 @@
+package model
+
+import (
+	"encoding/json"
+	es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+	"time"
+
+	"github.com/caos/logging"
+	caos_errs "github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/models"
+	"github.com/caos/zitadel/internal/iam/model"
+	"github.com/lib/pq"
+)
+
+const (
+	IamMemberKeyUserID    = "user_id"
+	IamMemberKeyIamID     = "org_id"
+	IamMemberKeyUserName  = "user_name"
+	IamMemberKeyEmail     = "email"
+	IamMemberKeyFirstName = "first_name"
+	IamMemberKeyLastName  = "last_name"
+)
+
+type IamMemberView struct {
+	UserID    string         `json:"userId" gorm:"column:user_id;primary_key"`
+	IamID     string         `json:"-" gorm:"column:iam_id"`
+	UserName  string         `json:"-" gorm:"column:user_name"`
+	Email     string         `json:"-" gorm:"column:email_address"`
+	FirstName string         `json:"-" gorm:"column:first_name"`
+	LastName  string         `json:"-" gorm:"column:last_name"`
+	Roles     pq.StringArray `json:"roles" gorm:"column:roles"`
+	Sequence  uint64         `json:"-" gorm:"column:sequence"`
+
+	CreationDate time.Time `json:"-" gorm:"column:creation_date"`
+	ChangeDate   time.Time `json:"-" gorm:"column:change_date"`
+}
+
+func IamMemberViewFromModel(member *model.IamMemberView) *IamMemberView {
+	return &IamMemberView{
+		UserID:       member.UserID,
+		IamID:        member.IamID,
+		UserName:     member.UserName,
+		Email:        member.Email,
+		FirstName:    member.FirstName,
+		LastName:     member.LastName,
+		Roles:        member.Roles,
+		Sequence:     member.Sequence,
+		CreationDate: member.CreationDate,
+		ChangeDate:   member.ChangeDate,
+	}
+}
+
+func IamMemberToModel(member *IamMemberView) *model.IamMemberView {
+	return &model.IamMemberView{
+		UserID:       member.UserID,
+		IamID:        member.IamID,
+		UserName:     member.UserName,
+		Email:        member.Email,
+		FirstName:    member.FirstName,
+		LastName:     member.LastName,
+		Roles:        member.Roles,
+		Sequence:     member.Sequence,
+		CreationDate: member.CreationDate,
+		ChangeDate:   member.ChangeDate,
+	}
+}
+
+func IamMembersToModel(roles []*IamMemberView) []*model.IamMemberView {
+	result := make([]*model.IamMemberView, len(roles))
+	for i, r := range roles {
+		result[i] = IamMemberToModel(r)
+	}
+	return result
+}
+
+func (r *IamMemberView) AppendEvent(event *models.Event) (err error) {
+	r.Sequence = event.Sequence
+	r.ChangeDate = event.CreationDate
+	switch event.Type {
+	case es_model.IamMemberAdded:
+		r.setRootData(event)
+		r.CreationDate = event.CreationDate
+		err = r.SetData(event)
+	case es_model.IamMemberChanged:
+		err = r.SetData(event)
+	}
+	return err
+}
+
+func (r *IamMemberView) setRootData(event *models.Event) {
+	r.IamID = event.AggregateID
+}
+
+func (r *IamMemberView) SetData(event *models.Event) error {
+	if err := json.Unmarshal(event.Data, r); err != nil {
+		logging.Log("EVEN-Psl89").WithError(err).Error("could not unmarshal event data")
+		return caos_errs.ThrowInternal(err, "MODEL-lub6s", "Could not unmarshal data")
+	}
+	return nil
+}
--- a/internal/iam/repository/view/model/iam_member_query.go
+++ b/internal/iam/repository/view/model/iam_member_query.go
@@ -0,0 +1,69 @@
+package model
+
+import (
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	global_model "github.com/caos/zitadel/internal/model"
+	"github.com/caos/zitadel/internal/view/repository"
+)
+
+type IamMemberSearchRequest iam_model.IamMemberSearchRequest
+type IamMemberSearchQuery iam_model.IamMemberSearchQuery
+type IamMemberSearchKey iam_model.IamMemberSearchKey
+
+func (req IamMemberSearchRequest) GetLimit() uint64 {
+	return req.Limit
+}
+
+func (req IamMemberSearchRequest) GetOffset() uint64 {
+	return req.Offset
+}
+
+func (req IamMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
+	if req.SortingColumn == iam_model.IamMemberSearchKeyUnspecified {
+		return nil
+	}
+	return IamMemberSearchKey(req.SortingColumn)
+}
+
+func (req IamMemberSearchRequest) GetAsc() bool {
+	return req.Asc
+}
+
+func (req IamMemberSearchRequest) GetQueries() []repository.SearchQuery {
+	result := make([]repository.SearchQuery, len(req.Queries))
+	for i, q := range req.Queries {
+		result[i] = IamMemberSearchQuery{Key: q.Key, Value: q.Value, Method: q.Method}
+	}
+	return result
+}
+
+func (req IamMemberSearchQuery) GetKey() repository.ColumnKey {
+	return IamMemberSearchKey(req.Key)
+}
+
+func (req IamMemberSearchQuery) GetMethod() global_model.SearchMethod {
+	return req.Method
+}
+
+func (req IamMemberSearchQuery) GetValue() interface{} {
+	return req.Value
+}
+
+func (key IamMemberSearchKey) ToColumnName() string {
+	switch iam_model.IamMemberSearchKey(key) {
+	case iam_model.IamMemberSearchKeyEmail:
+		return IamMemberKeyEmail
+	case iam_model.IamMemberSearchKeyFirstName:
+		return IamMemberKeyFirstName
+	case iam_model.IamMemberSearchKeyLastName:
+		return IamMemberKeyLastName
+	case iam_model.IamMemberSearchKeyUserName:
+		return IamMemberKeyUserName
+	case iam_model.IamMemberSearchKeyUserID:
+		return IamMemberKeyUserID
+	case iam_model.IamMemberSearchKeyIamID:
+		return IamMemberKeyIamID
+	default:
+		return ""
+	}
+}
--- a/internal/org/repository/view/model/org_member_query.go
+++ b/internal/org/repository/view/model/org_member_query.go
@@ -2,13 +2,13 @@ package model

 import (
 	global_model "github.com/caos/zitadel/internal/model"
-	proj_model "github.com/caos/zitadel/internal/org/model"
+	org_model "github.com/caos/zitadel/internal/org/model"
 	"github.com/caos/zitadel/internal/view/repository"
 )

-type OrgMemberSearchRequest proj_model.OrgMemberSearchRequest
-type OrgMemberSearchQuery proj_model.OrgMemberSearchQuery
-type OrgMemberSearchKey proj_model.OrgMemberSearchKey
+type OrgMemberSearchRequest org_model.OrgMemberSearchRequest
+type OrgMemberSearchQuery org_model.OrgMemberSearchQuery
+type OrgMemberSearchKey org_model.OrgMemberSearchKey

 func (req OrgMemberSearchRequest) GetLimit() uint64 {
 	return req.Limit
@@ -19,7 +19,7 @@ func (req OrgMemberSearchRequest) GetOffset() uint64 {
 }

 func (req OrgMemberSearchRequest) GetSortingColumn() repository.ColumnKey {
-	if req.SortingColumn == proj_model.OrgMemberSearchKeyUnspecified {
+	if req.SortingColumn == org_model.OrgMemberSearchKeyUnspecified {
 		return nil
 	}
 	return OrgMemberSearchKey(req.SortingColumn)
@@ -50,18 +50,18 @@ func (req OrgMemberSearchQuery) GetValue() interface{} {
 }

 func (key OrgMemberSearchKey) ToColumnName() string {
-	switch proj_model.OrgMemberSearchKey(key) {
-	case proj_model.OrgMemberSearchKeyEmail:
+	switch org_model.OrgMemberSearchKey(key) {
+	case org_model.OrgMemberSearchKeyEmail:
 		return OrgMemberKeyEmail
-	case proj_model.OrgMemberSearchKeyFirstName:
+	case org_model.OrgMemberSearchKeyFirstName:
 		return OrgMemberKeyFirstName
-	case proj_model.OrgMemberSearchKeyLastName:
+	case org_model.OrgMemberSearchKeyLastName:
 		return OrgMemberKeyLastName
-	case proj_model.OrgMemberSearchKeyUserName:
+	case org_model.OrgMemberSearchKeyUserName:
 		return OrgMemberKeyUserName
-	case proj_model.OrgMemberSearchKeyUserID:
+	case org_model.OrgMemberSearchKeyUserID:
 		return OrgMemberKeyUserID
-	case proj_model.OrgMemberSearchKeyOrgID:
+	case org_model.OrgMemberSearchKeyOrgID:
 		return OrgMemberKeyOrgID
 	default:
 		return ""
--- a/internal/tracing/span.go
+++ b/internal/tracing/span.go
@@ -40,7 +40,7 @@ func (s *Span) SetStatusByError(err error) {
 }

 func statusFromError(err error) trace.Status {
-	code, msg, _ := grpc.Extract(err)
+	code, msg, _, _ := grpc.Extract(err)
 	return trace.Status{Code: int32(code), Message: msg}
 }