fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! added first event

2025-08-11 13:19:21 +00:00 · 2025-08-01 09:53:42 +01:00
parent 1f4acc22e6
commit 63639769c4
5 changed files with 567 additions and 205 deletions
--- a/backend/v3/domain/id_provider.go
+++ b/backend/v3/domain/id_provider.go
@@ -189,6 +189,18 @@ type IDPGitlab struct {
 	Gitlab
 }

+type GitlabSelfHosting struct {
+	Issuer       string              `json:"issuer"`
+	ClientID     string              `json:"clientId,omitempty"`
+	ClientSecret *crypto.CryptoValue `json:"clientSecret,omitempty"`
+	Scopes       []string            `json:"scopes,omitempty"`
+}
+
+type IDPGitlabSelfHosting struct {
+	*IdentityProvider
+	GitlabSelfHosting
+}
+
 // IDPIdentifierCondition is used to help specify a single identity_provider,
 // it will either be used as the  identity_provider ID or identity_provider name,
 // as identity_provider can be identified either using (instanceID + OrgID + ID) OR (instanceID + OrgID + name)
@@ -267,4 +279,5 @@ type IDProviderRepository interface {
 	GetGithub(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithub, error)
 	GetGithubEnterprise(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGithubEnterprise, error)
 	GetGitlab(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGitlab, error)
+	GetGitlabSelfHosting(ctx context.Context, id IDPIdentifierCondition, instanceID string, orgID *string) (*IDPGitlabSelfHosting, error)
 }
--- a/backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql
+++ b/backend/v3/storage/database/dialect/postgres/migration/003_identity_providers_table/up.sql
@@ -12,6 +12,7 @@ CREATE TYPE zitadel.idp_type AS ENUM (
    'github',
    'githubenterprise',
    'gitlab',
+    'gitlabselfhosted',
    'azure',
    'google',
    'microsoft',
--- a/backend/v3/storage/database/events_testing/id_provider_test.go
+++ b/backend/v3/storage/database/events_testing/id_provider_test.go
@@ -1471,24 +1471,24 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 		// check values for gitlab
 		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
 		assert.EventuallyWithT(t, func(t *assert.CollectT) {
-			githubEnterprise, err := idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, nil)
+			gitlab, err := idpRepo.GetGitlab(CTX, idpRepo.IDCondition(addGithubEnterprise.Id), instanceID, nil)
 			require.NoError(t, err)

 			// event instance.idp.gitlab.added
 			// idp
-			assert.Equal(t, addGithubEnterprise.Id, githubEnterprise.ID)
-			assert.Equal(t, name, githubEnterprise.Name)
+			assert.Equal(t, addGithubEnterprise.Id, gitlab.ID)
+			assert.Equal(t, name, gitlab.Name)

-			assert.Equal(t, domain.IDPTypeGitlab.String(), githubEnterprise.Type)
-			assert.Equal(t, "clientId", githubEnterprise.ClientID)
-			assert.NotNil(t, githubEnterprise.ClientSecret)
-			assert.Equal(t, []string{"scope"}, githubEnterprise.Scopes)
-			assert.Equal(t, false, githubEnterprise.AllowLinking)
-			assert.Equal(t, false, githubEnterprise.AllowCreation)
-			assert.Equal(t, false, githubEnterprise.AllowAutoUpdate)
-			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), githubEnterprise.AllowAutoLinking)
-			assert.WithinRange(t, githubEnterprise.CreatedAt, beforeCreate, afterCreate)
-			assert.WithinRange(t, githubEnterprise.UpdatedAt, beforeCreate, afterCreate)
+			assert.Equal(t, domain.IDPTypeGitlab.String(), gitlab.Type)
+			assert.Equal(t, "clientId", gitlab.ClientID)
+			assert.NotNil(t, gitlab.ClientSecret)
+			assert.Equal(t, []string{"scope"}, gitlab.Scopes)
+			assert.Equal(t, false, gitlab.AllowLinking)
+			assert.Equal(t, false, gitlab.AllowCreation)
+			assert.Equal(t, false, gitlab.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), gitlab.AllowAutoLinking)
+			assert.WithinRange(t, gitlab.CreatedAt, beforeCreate, afterCreate)
+			assert.WithinRange(t, gitlab.UpdatedAt, beforeCreate, afterCreate)
 		}, retryDuration, tick)
 	})

@@ -1563,4 +1563,247 @@ func TestServer_TestIDProviderReduces(t *testing.T) {
 			assert.WithinRange(t, updateGithlab.UpdatedAt, beforeCreate, afterCreate)
 		}, retryDuration, tick)
 	})
+
+	t.Run("test instance idp gitlab self hosted added reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add gitlab self hosted
+		beforeCreate := time.Now()
+		addGitlabSelfHosted, err := AdminClient.AddGitLabSelfHostedProvider(CTX, &admin.AddGitLabSelfHostedProviderRequest{
+			Name:         name,
+			Issuer:       "issuer",
+			ClientId:     "clientId",
+			ClientSecret: "clientSecret",
+			Scopes:       []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		// check values for gitlab self hosted
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			gitlabSelfHosted, err := idpRepo.GetGitlabSelfHosting(CTX, idpRepo.IDCondition(addGitlabSelfHosted.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.gitlab_self_hosted.added
+			// idp
+			assert.Equal(t, addGitlabSelfHosted.Id, gitlabSelfHosted.ID)
+			assert.Equal(t, name, gitlabSelfHosted.Name)
+
+			assert.Equal(t, domain.IDPTypeGitlabSelfHosted.String(), gitlabSelfHosted.Type)
+			assert.Equal(t, "clientId", gitlabSelfHosted.ClientID)
+			assert.Equal(t, "issuer", gitlabSelfHosted.Issuer)
+			assert.NotNil(t, gitlabSelfHosted.ClientSecret)
+			assert.Equal(t, []string{"scope"}, gitlabSelfHosted.Scopes)
+			assert.Equal(t, false, gitlabSelfHosted.AllowLinking)
+			assert.Equal(t, false, gitlabSelfHosted.AllowCreation)
+			assert.Equal(t, false, gitlabSelfHosted.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), gitlabSelfHosted.AllowAutoLinking)
+			assert.WithinRange(t, gitlabSelfHosted.CreatedAt, beforeCreate, afterCreate)
+			assert.WithinRange(t, gitlabSelfHosted.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
+
+	t.Run("test instance idp gitlab self hosted changed reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add gitlab self hosted
+		addGitlabSelfHosted, err := AdminClient.AddGitLabSelfHostedProvider(CTX, &admin.AddGitLabSelfHostedProviderRequest{
+			Name:         name,
+			Issuer:       "issuer",
+			ClientId:     "clientId",
+			ClientSecret: "clientSecret",
+			Scopes:       []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		var githlabSelfHosted *domain.IDPGitlabSelfHosting
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			githlabSelfHosted, err = idpRepo.GetGitlabSelfHosting(CTX, idpRepo.IDCondition(addGitlabSelfHosted.Id), instanceID, nil)
+			require.NoError(t, err)
+			assert.Equal(t, addGitlabSelfHosted.Id, githlabSelfHosted.ID)
+		}, retryDuration, tick)
+
+		name = "new_" + name
+		// change gitlab self hosted
+		beforeCreate := time.Now()
+		_, err = AdminClient.UpdateGitLabSelfHostedProvider(CTX, &admin.UpdateGitLabSelfHostedProviderRequest{
+			Id:           addGitlabSelfHosted.Id,
+			Name:         name,
+			ClientId:     "new_clientId",
+			Issuer:       "new_issuer",
+			ClientSecret: "new_clientSecret",
+			Scopes:       []string{"new_scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  true,
+				IsCreationAllowed: true,
+				IsAutoCreation:    true,
+				IsAutoUpdate:      true,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		// check values for gitlab self hosted
+		retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			updateGithlabSelfHosted, err := idpRepo.GetGitlabSelfHosting(CTX, idpRepo.IDCondition(addGitlabSelfHosted.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.gitlab_self_hosted.changed
+			// idp
+			assert.Equal(t, addGitlabSelfHosted.Id, updateGithlabSelfHosted.ID)
+			assert.Equal(t, name, updateGithlabSelfHosted.Name)
+
+			assert.Equal(t, "new_clientId", updateGithlabSelfHosted.ClientID)
+			assert.Equal(t, "new_issuer", updateGithlabSelfHosted.Issuer)
+			assert.NotEqual(t, githlabSelfHosted.ClientSecret, updateGithlabSelfHosted.ClientSecret)
+			assert.Equal(t, domain.IDPTypeGitlabSelfHosted.String(), updateGithlabSelfHosted.Type)
+			assert.Equal(t, []string{"new_scope"}, updateGithlabSelfHosted.Scopes)
+			assert.Equal(t, true, updateGithlabSelfHosted.AllowLinking)
+			assert.Equal(t, true, updateGithlabSelfHosted.AllowCreation)
+			assert.Equal(t, true, updateGithlabSelfHosted.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGithlabSelfHosted.AllowAutoLinking)
+			assert.WithinRange(t, updateGithlabSelfHosted.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
+
+	t.Run("test instance idp google added reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add google
+		beforeCreate := time.Now()
+		addGoogle, err := AdminClient.AddGoogleProvider(CTX, &admin.AddGoogleProviderRequest{
+			Name:         name,
+			ClientId:     "clientId",
+			ClientSecret: "clientSecret",
+			Scopes:       []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		// check values for google
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			google, err := idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addGoogle.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.google.added
+			// idp
+			assert.Equal(t, addGoogle.Id, google.ID)
+			assert.Equal(t, name, google.Name)
+
+			assert.Equal(t, domain.IDPTypeGoogle.String(), google.Type)
+			assert.Equal(t, "clientId", google.ClientID)
+			assert.NotNil(t, google.ClientSecret)
+			assert.Equal(t, []string{"scope"}, google.Scopes)
+			assert.Equal(t, false, google.AllowLinking)
+			assert.Equal(t, false, google.AllowCreation)
+			assert.Equal(t, false, google.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionEmail.String(), google.AllowAutoLinking)
+			assert.WithinRange(t, google.CreatedAt, beforeCreate, afterCreate)
+			assert.WithinRange(t, google.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
+
+	t.Run("test instance idp google changed reduces", func(t *testing.T) {
+		name := gofakeit.Name()
+
+		// add google
+		addGoogle, err := AdminClient.AddGoogleProvider(CTX, &admin.AddGoogleProviderRequest{
+			Name:         name,
+			ClientId:     "clientId",
+			ClientSecret: "clientSecret",
+			Scopes:       []string{"scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  false,
+				IsCreationAllowed: false,
+				IsAutoCreation:    false,
+				IsAutoUpdate:      false,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_EMAIL,
+			},
+		})
+		require.NoError(t, err)
+
+		idpRepo := repository.IDProviderRepository(pool)
+
+		var google *domain.IDPGoogle
+		retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			google, err = idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addGoogle.Id), instanceID, nil)
+			require.NoError(t, err)
+			assert.Equal(t, addGoogle.Id, google.ID)
+		}, retryDuration, tick)
+
+		name = "new_" + name
+		// change google
+		beforeCreate := time.Now()
+		_, err = AdminClient.UpdateGoogleProvider(CTX, &admin.UpdateGoogleProviderRequest{
+			Id:           addGoogle.Id,
+			Name:         name,
+			ClientId:     "new_clientId",
+			ClientSecret: "new_clientSecret",
+			Scopes:       []string{"new_scope"},
+			ProviderOptions: &idp_grpc.Options{
+				IsLinkingAllowed:  true,
+				IsCreationAllowed: true,
+				IsAutoCreation:    true,
+				IsAutoUpdate:      true,
+				AutoLinking:       idp.AutoLinkingOption_AUTO_LINKING_OPTION_USERNAME,
+			},
+		})
+		afterCreate := time.Now()
+		require.NoError(t, err)
+
+		// check values for google
+		retryDuration, tick = integration.WaitForAndTickWithMaxDuration(CTX, time.Second*5)
+		assert.EventuallyWithT(t, func(t *assert.CollectT) {
+			updateGoogle, err := idpRepo.GetGoogle(CTX, idpRepo.IDCondition(addGoogle.Id), instanceID, nil)
+			require.NoError(t, err)
+
+			// event instance.idp.google.changed
+			// idp
+			assert.Equal(t, addGoogle.Id, updateGoogle.ID)
+			assert.Equal(t, name, updateGoogle.Name)
+
+			assert.Equal(t, "new_clientId", updateGoogle.ClientID)
+			assert.NotEqual(t, google.ClientSecret, updateGoogle.ClientSecret)
+			assert.Equal(t, domain.IDPTypeGoogle.String(), updateGoogle.Type)
+			assert.Equal(t, []string{"new_scope"}, updateGoogle.Scopes)
+			assert.Equal(t, true, updateGoogle.AllowLinking)
+			assert.Equal(t, true, updateGoogle.AllowCreation)
+			assert.Equal(t, true, updateGoogle.AllowAutoUpdate)
+			assert.Equal(t, domain.IDPAutoLinkingOptionUserName.String(), updateGoogle.AllowAutoLinking)
+			assert.WithinRange(t, updateGoogle.UpdatedAt, beforeCreate, afterCreate)
+		}, retryDuration, tick)
+	})
 }
--- a/backend/v3/storage/database/repository/id_provider.go
+++ b/backend/v3/storage/database/repository/id_provider.go
@@ -295,6 +295,28 @@ func (i *idProvider) GetGitlab(ctx context.Context, id domain.IDPIdentifierCondi
 	return idpGitlab, nil
 }

+func (i *idProvider) GetGitlabSelfHosting(ctx context.Context, id domain.IDPIdentifierCondition, instnaceID string, orgID *string) (*domain.IDPGitlabSelfHosting, error) {
+	idpGitlabSelfHosting := &domain.IDPGitlabSelfHosting{}
+	var err error
+
+	idpGitlabSelfHosting.IdentityProvider, err = i.Get(ctx, id, instnaceID, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	if idpGitlabSelfHosting.Type != domain.IDPTypeGitlabSelfHosted.String() {
+		// TODO
+		return nil, errors.New("WRONG TYPE")
+	}
+
+	err = json.Unmarshal([]byte(*idpGitlabSelfHosting.Payload), idpGitlabSelfHosting)
+	if err != nil {
+		return nil, err
+	}
+
+	return idpGitlabSelfHosting, nil
+}
+
 // -------------------------------------------------------------
 // columns
 // -------------------------------------------------------------
--- a/internal/query/projection/idp_template_relational.go
+++ b/internal/query/projection/idp_template_relational.go
@@ -139,22 +139,22 @@ func (p *idpTemplateRelationalProjection) Reducers() []handler.AggregateReducer
 					Event:  instance.GitLabIDPChangedEventType,
 					Reduce: p.reduceGitLabIDPRelationalChanged,
 				},
-				// 		{
-				// 			Event:  instance.GitLabSelfHostedIDPAddedEventType,
-				// 			Reduce: p.reduceGitLabSelfHostedIDPAdded,
-				// 		},
-				// 		{
-				// 			Event:  instance.GitLabSelfHostedIDPChangedEventType,
-				// 			Reduce: p.reduceGitLabSelfHostedIDPChanged,
-				// 		},
-				// 		{
-				// 			Event:  instance.GoogleIDPAddedEventType,
-				// 			Reduce: p.reduceGoogleIDPAdded,
-				// 		},
-				// 		{
-				// 			Event:  instance.GoogleIDPChangedEventType,
-				// 			Reduce: p.reduceGoogleIDPChanged,
-				// 		},
+				{
+					Event:  instance.GitLabSelfHostedIDPAddedEventType,
+					Reduce: p.reduceGitLabSelfHostedIDPRelationalAdded,
+				},
+				{
+					Event:  instance.GitLabSelfHostedIDPChangedEventType,
+					Reduce: p.reduceGitLabSelfHostedIDPRelationalChanged,
+				},
+				{
+					Event:  instance.GoogleIDPAddedEventType,
+					Reduce: p.reduceGoogleIDPRelationalAdded,
+				},
+				{
+					Event:  instance.GoogleIDPChangedEventType,
+					Reduce: p.reduceGoogleIDPRelationalChanged,
+				},
 				// 		{
 				// 			Event:  instance.LDAPIDPAddedEventType,
 				// 			Reduce: p.reduceLDAPIDPAdded,
@@ -617,13 +617,13 @@ func (p *idpTemplateRelationalProjection) reduceOIDCIDPRelationalMigratedGoogle(
 		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.OIDCIDPMigratedGoogleEventType, instance.OIDCIDPMigratedGoogleEventType})
 	}

-	azure := domain.Google{
+	google := domain.Google{
 		ClientID:     e.ClientID,
 		ClientSecret: e.ClientSecret,
 		Scopes:       e.Scopes,
 	}

-	payload, err := json.Marshal(azure)
+	payload, err := json.Marshal(google)
 	if err != nil {
 		return nil, err
 	}
@@ -1430,38 +1430,9 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 			},
 		),
 	), nil
-
-	// ops := make([]func(eventstore.Event) handler.Exec, 0, 2)
-	// ops = append(ops,
-	// 	handler.AddUpdateStatement(
-	// reduceIDPChangedTemplateColumns(idpEvent.Name, idpEvent.CreationDate(), idpEvent.Sequence(), idpEvent.OptionChanges),
-	// 		[]handler.Condition{
-	// 			handler.NewCond(IDPTemplateIDCol, idpEvent.ID),
-	// 			handler.NewCond(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-	// 		},
-	// 	),
-	// )
-	// gitlabCols := reduceGitLabIDPChangedColumns(idpEvent)
-	// if len(gitlabCols) > 0 {
-	// 	ops = append(ops,
-	// 		handler.AddUpdateStatement(
-	// 			gitlabCols,
-	// 			[]handler.Condition{
-	// 				handler.NewCond(GitLabIDCol, idpEvent.ID),
-	// 				handler.NewCond(GitLabInstanceIDCol, idpEvent.Aggregate().InstanceID),
-	// 			},
-	// 			handler.WithTableSuffix(IDPTemplateGitLabSuffix),
-	// 		),
-	// 	)
-	// }
-
-	// return handler.NewMultiStatement(
-	// 	&idpEvent,
-	// 	ops...,
-	// ), nil
 }

-// func (p *idpTemplateProjection) reduceGitLabSelfHostedIDPAdded(event eventstore.Event) (*handler.Statement, error) {
+func (p *idpTemplateRelationalProjection) reduceGitLabSelfHostedIDPRelationalAdded(event eventstore.Event) (*handler.Statement, error) {
 	// var idpEvent idp.GitLabSelfHostedIDPAddedEvent
 	// var idpOwnerType domain.IdentityProviderType
 	// switch e := event.(type) {
@@ -1475,42 +1446,45 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAF3gw", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPAddedEventType, instance.GitLabSelfHostedIDPAddedEventType})
 	// }

-// 	return handler.NewMultiStatement(
-// 		&idpEvent,
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(IDPTemplateIDCol, idpEvent.ID),
-// 				handler.NewCol(IDPTemplateCreationDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
-// 				handler.NewCol(IDPTemplateResourceOwnerCol, idpEvent.Aggregate().ResourceOwner),
-// 				handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive),
-// 				handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
-// 				handler.NewCol(IDPTemplateOwnerTypeCol, idpOwnerType),
-// 				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGitLabSelfHosted),
-// 				handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
-// 				handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
-// 				handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
-// 				handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
-// 				handler.NewCol(IDPTemplateAutoLinkingCol, idpEvent.AutoLinkingOption),
-// 			},
-// 		),
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(GitLabSelfHostedIDCol, idpEvent.ID),
-// 				handler.NewCol(GitLabSelfHostedInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(GitLabSelfHostedIssuerCol, idpEvent.Issuer),
-// 				handler.NewCol(GitLabSelfHostedClientIDCol, idpEvent.ClientID),
-// 				handler.NewCol(GitLabSelfHostedClientSecretCol, idpEvent.ClientSecret),
-// 				handler.NewCol(GitLabSelfHostedScopesCol, database.TextArray[string](idpEvent.Scopes)),
-// 			},
-// 			handler.WithTableSuffix(IDPTemplateGitLabSelfHostedSuffix),
-// 		),
-// 	), nil
-// }
+	e, ok := event.(*instance.GitLabSelfHostedIDPAddedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAF3gw", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPAddedEventType, instance.GitLabSelfHostedIDPAddedEventType})
+	}

-// func (p *idpTemplateProjection) reduceGitLabSelfHostedIDPChanged(event eventstore.Event) (*handler.Statement, error) {
+	gitlabSelfHosting := domain.GitlabSelfHosting{
+		Issuer:       e.Issuer,
+		ClientID:     e.ClientID,
+		ClientSecret: e.ClientSecret,
+		Scopes:       e.Scopes,
+	}
+
+	payload, err := json.Marshal(gitlabSelfHosting)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddCreateStatement(
+			[]handler.Column{
+				handler.NewCol(IDPTemplateIDCol, e.ID),
+				handler.NewCol(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+				handler.NewCol(IDPTemplateNameCol, e.Name),
+				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGitlabSelfHosted.String()),
+				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive.String()),
+				handler.NewCol(IDPRelationalAllowCreationCol, e.IsCreationAllowed),
+				handler.NewCol(IDPRelationalAllowLinkingCol, e.IsLinkingAllowed),
+				handler.NewCol(IDPRelationalAllowAutoCreationCol, e.IsAutoCreation),
+				handler.NewCol(IDPRelationalAllowAutoUpdateCol, e.IsAutoUpdate),
+				handler.NewCol(IDPRelationalAllowAutoLinkingCol, domain.IDPAutoLinkingOption(e.AutoLinkingOption).String()),
+				handler.NewCol(CreatedAt, e.CreationDate()),
+				handler.NewCol(IDPRelationalPayloadCol, payload),
+			},
+		),
+	), nil
+}
+
+func (p *idpTemplateRelationalProjection) reduceGitLabSelfHostedIDPRelationalChanged(event eventstore.Event) (*handler.Statement, error) {
 	// var idpEvent idp.GitLabSelfHostedIDPChangedEvent
 	// switch e := event.(type) {
 	// case *org.GitLabSelfHostedIDPChangedEvent:
@@ -1521,6 +1495,40 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAf3g2", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPChangedEventType, instance.GitLabSelfHostedIDPChangedEventType})
 	// }

+	e, ok := event.(*instance.GitLabSelfHostedIDPChangedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-SAf3g2", "reduce.wrong.event.type %v", []eventstore.EventType{org.GitLabSelfHostedIDPChangedEventType, instance.GitLabSelfHostedIDPChangedEventType})
+	}
+
+	gitlabSelfHosted, err := p.idpRepo.GetGitlabSelfHosting(context.Background(), p.idpRepo.IDCondition(e.ID), e.Agg.InstanceID, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	columns := make([]handler.Column, 0, 7)
+	reduceIDPRelationalChangedTemplateColumns(e.Name, e.OptionChanges, &columns)
+
+	payload := &gitlabSelfHosted.GitlabSelfHosting
+	payloadChanged := reduceGitLabSelfHostedIDPRelationalChangedColumns(payload, &e.GitLabSelfHostedIDPChangedEvent)
+	if payloadChanged {
+		payload, err := json.Marshal(payload)
+		if err != nil {
+			return nil, err
+		}
+		columns = append(columns, handler.NewCol(IDPRelationalPayloadCol, payload))
+	}
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddUpdateStatement(
+			columns,
+			[]handler.Condition{
+				handler.NewCond(IDPTemplateIDCol, e.ID),
+				handler.NewCond(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+			},
+		),
+	), nil
+
 	// ops := make([]func(eventstore.Event) handler.Exec, 0, 2)
 	// ops = append(ops,
 	// 	handler.AddUpdateStatement(
@@ -1531,7 +1539,7 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 		},
 	// 	),
 	// )
-// 	gitlabCols := reduceGitLabSelfHostedIDPChangedColumns(idpEvent)
+	// gitlabCols := reduceGitLabSelfHostedIDPRelationalChangedColumns(idpEvent)
 	// if len(gitlabCols) > 0 {
 	// 	ops = append(ops,
 	// 		handler.AddUpdateStatement(
@@ -1549,9 +1557,9 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 	&idpEvent,
 	// 	ops...,
 	// ), nil
-// }
+}

-// func (p *idpTemplateProjection) reduceGoogleIDPAdded(event eventstore.Event) (*handler.Statement, error) {
+func (p *idpTemplateRelationalProjection) reduceGoogleIDPRelationalAdded(event eventstore.Event) (*handler.Statement, error) {
 	// var idpEvent idp.GoogleIDPAddedEvent
 	// var idpOwnerType domain.IdentityProviderType
 	// switch e := event.(type) {
@@ -1565,41 +1573,44 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPAddedEventType, instance.GoogleIDPAddedEventType})
 	// }

-// 	return handler.NewMultiStatement(
-// 		&idpEvent,
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(IDPTemplateIDCol, idpEvent.ID),
-// 				handler.NewCol(IDPTemplateCreationDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateChangeDateCol, idpEvent.CreationDate()),
-// 				handler.NewCol(IDPTemplateSequenceCol, idpEvent.Sequence()),
-// 				handler.NewCol(IDPTemplateResourceOwnerCol, idpEvent.Aggregate().ResourceOwner),
-// 				handler.NewCol(IDPTemplateInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive),
-// 				handler.NewCol(IDPTemplateNameCol, idpEvent.Name),
-// 				handler.NewCol(IDPTemplateOwnerTypeCol, idpOwnerType),
-// 				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGoogle),
-// 				handler.NewCol(IDPTemplateIsCreationAllowedCol, idpEvent.IsCreationAllowed),
-// 				handler.NewCol(IDPTemplateIsLinkingAllowedCol, idpEvent.IsLinkingAllowed),
-// 				handler.NewCol(IDPTemplateIsAutoCreationCol, idpEvent.IsAutoCreation),
-// 				handler.NewCol(IDPTemplateIsAutoUpdateCol, idpEvent.IsAutoUpdate),
-// 				handler.NewCol(IDPTemplateAutoLinkingCol, idpEvent.AutoLinkingOption),
-// 			},
-// 		),
-// 		handler.AddCreateStatement(
-// 			[]handler.Column{
-// 				handler.NewCol(GoogleIDCol, idpEvent.ID),
-// 				handler.NewCol(GoogleInstanceIDCol, idpEvent.Aggregate().InstanceID),
-// 				handler.NewCol(GoogleClientIDCol, idpEvent.ClientID),
-// 				handler.NewCol(GoogleClientSecretCol, idpEvent.ClientSecret),
-// 				handler.NewCol(GoogleScopesCol, database.TextArray[string](idpEvent.Scopes)),
-// 			},
-// 			handler.WithTableSuffix(IDPTemplateGoogleSuffix),
-// 		),
-// 	), nil
-// }
+	e, ok := event.(*instance.GoogleIDPAddedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ap9ihb", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPAddedEventType, instance.GoogleIDPAddedEventType})
+	}

-// func (p *idpTemplateProjection) reduceGoogleIDPChanged(event eventstore.Event) (*handler.Statement, error) {
+	google := domain.Google{
+		ClientID:     e.ClientID,
+		ClientSecret: e.ClientSecret,
+		Scopes:       e.Scopes,
+	}
+
+	payload, err := json.Marshal(google)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddCreateStatement(
+			[]handler.Column{
+				handler.NewCol(IDPTemplateIDCol, e.ID),
+				handler.NewCol(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+				handler.NewCol(IDPTemplateNameCol, e.Name),
+				handler.NewCol(IDPTemplateTypeCol, domain.IDPTypeGoogle.String()),
+				handler.NewCol(IDPTemplateStateCol, domain.IDPStateActive.String()),
+				handler.NewCol(IDPRelationalAllowCreationCol, e.IsCreationAllowed),
+				handler.NewCol(IDPRelationalAllowLinkingCol, e.IsLinkingAllowed),
+				handler.NewCol(IDPRelationalAllowAutoCreationCol, e.IsAutoCreation),
+				handler.NewCol(IDPRelationalAllowAutoUpdateCol, e.IsAutoUpdate),
+				handler.NewCol(IDPRelationalAllowAutoLinkingCol, domain.IDPAutoLinkingOption(e.AutoLinkingOption).String()),
+				handler.NewCol(CreatedAt, e.CreationDate()),
+				handler.NewCol(IDPRelationalPayloadCol, payload),
+			},
+		),
+	), nil
+}
+
+func (p *idpTemplateRelationalProjection) reduceGoogleIDPRelationalChanged(event eventstore.Event) (*handler.Statement, error) {
 	// var idpEvent idp.GoogleIDPChangedEvent
 	// switch e := event.(type) {
 	// case *org.GoogleIDPChangedEvent:
@@ -1610,6 +1621,40 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 	return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPChangedEventType, instance.GoogleIDPChangedEventType})
 	// }

+	e, ok := event.(*instance.GoogleIDPChangedEvent)
+	if !ok {
+		return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-p1582ks", "reduce.wrong.event.type %v", []eventstore.EventType{org.GoogleIDPChangedEventType, instance.GoogleIDPChangedEventType})
+	}
+
+	oauth, err := p.idpRepo.GetGoogle(context.Background(), p.idpRepo.IDCondition(e.ID), e.Agg.InstanceID, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	columns := make([]handler.Column, 0, 7)
+	reduceIDPRelationalChangedTemplateColumns(e.Name, e.OptionChanges, &columns)
+
+	payload := &oauth.Google
+	payloadChanged := reduceGoogleIDPRelationalChangedColumns(payload, &e.GoogleIDPChangedEvent)
+	if payloadChanged {
+		payload, err := json.Marshal(payload)
+		if err != nil {
+			return nil, err
+		}
+		columns = append(columns, handler.NewCol(IDPRelationalPayloadCol, payload))
+	}
+
+	return handler.NewMultiStatement(
+		e,
+		handler.AddUpdateStatement(
+			columns,
+			[]handler.Condition{
+				handler.NewCond(IDPTemplateIDCol, e.ID),
+				handler.NewCond(IDPTemplateInstanceIDCol, e.Aggregate().InstanceID),
+			},
+		),
+	), nil
+
 	// ops := make([]func(eventstore.Event) handler.Exec, 0, 2)
 	// ops = append(ops,
 	// 	handler.AddUpdateStatement(
@@ -1620,7 +1665,7 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 		},
 	// 	),
 	// )
-// 	googleCols := reduceGoogleIDPChangedColumns(idpEvent)
+	// googleCols := reduceGoogleIDPRelationalChangedColumns(idpEvent)
 	// if len(googleCols) > 0 {
 	// 	ops = append(ops,
 	// 		handler.AddUpdateStatement(
@@ -1638,7 +1683,7 @@ func (p *idpTemplateRelationalProjection) reduceGitLabIDPRelationalChanged(event
 	// 	&idpEvent,
 	// 	ops...,
 	// ), nil
-// }
+}

 // func (p *idpTemplateProjection) reduceLDAPIDPAdded(event eventstore.Event) (*handler.Statement, error) {
 // 	var idpEvent idp.LDAPIDPAddedEvent
@@ -2510,3 +2555,41 @@ func reduceGitLabIDPRelationalChangedColumns(payload *domain.Gitlab, idpEvent *i
 	}
 	return payloadChange
 }
+
+func reduceGitLabSelfHostedIDPRelationalChangedColumns(payload *domain.GitlabSelfHosting, idpEvent *idp.GitLabSelfHostedIDPChangedEvent) bool {
+	payloadChange := false
+	if idpEvent.ClientID != nil {
+		payloadChange = true
+		payload.ClientID = *idpEvent.ClientID
+	}
+	if idpEvent.ClientSecret != nil {
+		payloadChange = true
+		payload.ClientSecret = idpEvent.ClientSecret
+	}
+	if idpEvent.Issuer != nil {
+		payloadChange = true
+		payload.Issuer = *idpEvent.Issuer
+	}
+	if idpEvent.Scopes != nil {
+		payloadChange = true
+		payload.Scopes = idpEvent.Scopes
+	}
+	return payloadChange
+}
+
+func reduceGoogleIDPRelationalChangedColumns(payload *domain.Google, idpEvent *idp.GoogleIDPChangedEvent) bool {
+	payloadChange := false
+	if idpEvent.ClientID != nil {
+		payloadChange = true
+		payload.ClientID = *idpEvent.ClientID
+	}
+	if idpEvent.ClientSecret != nil {
+		payloadChange = true
+		payload.ClientSecret = idpEvent.ClientSecret
+	}
+	if idpEvent.Scopes != nil {
+		payloadChange = true
+		payload.Scopes = idpEvent.Scopes
+	}
+	return payloadChange
+}