feat(api): add possibility to retrieve user schemas (#7614)

This PR extends the user schema service (V3 API) with the possibility to ListUserSchemas and GetUserSchemaByID.
The previously started guide is extended to demonstrate how to retrieve the schema(s) and notes the generated revision property.

internal/query/prepare_test.go

@@ -265,8 +265,8 @@ func validatePrepare(prepareType reflect.Type) error {
 	if prepareType.Kind() != reflect.Func {
 		return errors.New("prepare is not a function")
 	}
-	if prepareType.NumIn() < 2 {
-		return fmt.Errorf("prepare: invalid number of inputs: want: 0 got %d", prepareType.NumIn())
+	if prepareType.NumIn() != 0 && prepareType.NumIn() != 2 {
+		return fmt.Errorf("prepare: invalid number of inputs: want: 0 or 2 got %d", prepareType.NumIn())
 	}
 	if prepareType.NumOut() != 2 {
 		return fmt.Errorf("prepare: invalid number of outputs: want: 2 got %d", prepareType.NumOut())

internal/query/projection/projection.go

@@ -76,6 +76,7 @@ var (
 	InstanceFeatureProjection           *handler.Handler
 	TargetProjection                    *handler.Handler
 	ExecutionProjection                 *handler.Handler
+	UserSchemaProjection                *handler.Handler
 )
 
 type projection interface {
@@ -156,6 +157,7 @@ func Create(ctx context.Context, sqlClient *database.DB, es handler.EventStore,
 	InstanceFeatureProjection = newInstanceFeatureProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["instance_features"]))
 	TargetProjection = newTargetProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["targets"]))
 	ExecutionProjection = newExecutionProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["executions"]))
+	UserSchemaProjection = newUserSchemaProjection(ctx, applyCustomConfig(projectionConfig, config.Customizations["user_schemas"]))
 	newProjectionsList()
 	return nil
 }
@@ -269,5 +271,6 @@ func newProjectionsList() {
 		InstanceFeatureProjection,
 		ExecutionProjection,
 		TargetProjection,
+		UserSchemaProjection,
 	}
 }

internal/query/projection/user_schema.go

@@ -0,0 +1,203 @@
+package projection
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
+	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/user/schema"
+)
+
+const (
+	UserSchemaTable = "projections.user_schemas"
+
+	UserSchemaIDCol                     = "id"
+	UserSchemaChangeDateCol             = "change_date"
+	UserSchemaSequenceCol               = "sequence"
+	UserSchemaInstanceIDCol             = "instance_id"
+	UserSchemaStateCol                  = "state"
+	UserSchemaTypeCol                   = "type"
+	UserSchemaRevisionCol               = "revision"
+	UserSchemaSchemaCol                 = "schema"
+	UserSchemaPossibleAuthenticatorsCol = "possible_authenticators"
+)
+
+type userSchemaProjection struct{}
+
+func newUserSchemaProjection(ctx context.Context, config handler.Config) *handler.Handler {
+	return handler.NewHandler(ctx, &config, new(userSchemaProjection))
+}
+
+func (*userSchemaProjection) Name() string {
+	return UserSchemaTable
+}
+
+func (*userSchemaProjection) Init() *old_handler.Check {
+	return handler.NewTableCheck(
+		handler.NewTable([]*handler.InitColumn{
+			handler.NewColumn(UserSchemaIDCol, handler.ColumnTypeText),
+			handler.NewColumn(UserSchemaChangeDateCol, handler.ColumnTypeTimestamp),
+			handler.NewColumn(UserSchemaSequenceCol, handler.ColumnTypeInt64),
+			handler.NewColumn(UserSchemaStateCol, handler.ColumnTypeEnum),
+			handler.NewColumn(UserSchemaInstanceIDCol, handler.ColumnTypeText),
+			handler.NewColumn(UserSchemaTypeCol, handler.ColumnTypeText),
+			handler.NewColumn(UserSchemaRevisionCol, handler.ColumnTypeInt64),
+			handler.NewColumn(UserSchemaSchemaCol, handler.ColumnTypeJSONB, handler.Nullable()),
+			handler.NewColumn(UserSchemaPossibleAuthenticatorsCol, handler.ColumnTypeEnumArray, handler.Nullable()),
+		},
+			handler.NewPrimaryKey(UserSchemaInstanceIDCol, UserSchemaIDCol),
+		),
+	)
+}
+
+func (p *userSchemaProjection) Reducers() []handler.AggregateReducer {
+	return []handler.AggregateReducer{
+		{
+			Aggregate: schema.AggregateType,
+			EventReducers: []handler.EventReducer{
+				{
+					Event:  schema.CreatedType,
+					Reduce: p.reduceCreated,
+				},
+				{
+					Event:  schema.UpdatedType,
+					Reduce: p.reduceUpdated,
+				},
+				{
+					Event:  schema.DeactivatedType,
+					Reduce: p.reduceDeactivated,
+				},
+				{
+					Event:  schema.ReactivatedType,
+					Reduce: p.reduceReactivated,
+				},
+				{
+					Event:  schema.DeletedType,
+					Reduce: p.reduceDeleted,
+				},
+			},
+		},
+		{
+			Aggregate: instance.AggregateType,
+			EventReducers: []handler.EventReducer{
+				{
+					Event:  instance.InstanceRemovedEventType,
+					Reduce: reduceInstanceRemovedHelper(UserSchemaInstanceIDCol),
+				},
+			},
+		},
+	}
+}
+
+func (p *userSchemaProjection) reduceCreated(event eventstore.Event) (*handler.Statement, error) {
+	e, err := assertEvent[*schema.CreatedEvent](event)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewCreateStatement(
+		event,
+		[]handler.Column{
+			handler.NewCol(UserSchemaIDCol, event.Aggregate().ID),
+			handler.NewCol(UserSchemaChangeDateCol, event.CreatedAt()),
+			handler.NewCol(UserSchemaSequenceCol, event.Sequence()),
+			handler.NewCol(UserSchemaInstanceIDCol, event.Aggregate().InstanceID),
+			handler.NewCol(UserSchemaStateCol, domain.UserSchemaStateActive),
+			handler.NewCol(UserSchemaTypeCol, e.SchemaType),
+			handler.NewCol(UserSchemaRevisionCol, 1),
+			handler.NewCol(UserSchemaSchemaCol, e.Schema),
+			handler.NewCol(UserSchemaPossibleAuthenticatorsCol, e.PossibleAuthenticators),
+		},
+	), nil
+}
+
+func (p *userSchemaProjection) reduceUpdated(event eventstore.Event) (*handler.Statement, error) {
+	e, err := assertEvent[*schema.UpdatedEvent](event)
+	if err != nil {
+		return nil, err
+	}
+
+	cols := []handler.Column{
+		handler.NewCol(UserSchemaChangeDateCol, event.CreatedAt()),
+		handler.NewCol(UserSchemaSequenceCol, event.Sequence()),
+	}
+	if e.SchemaType != nil {
+		cols = append(cols, handler.NewCol(UserSchemaTypeCol, *e.SchemaType))
+	}
+
+	if len(e.Schema) > 0 {
+		cols = append(cols, handler.NewCol(UserSchemaSchemaCol, e.Schema))
+		cols = append(cols, handler.NewIncrementCol(UserSchemaRevisionCol, 1))
+	}
+
+	if len(e.PossibleAuthenticators) > 0 {
+		cols = append(cols, handler.NewCol(UserSchemaPossibleAuthenticatorsCol, e.PossibleAuthenticators))
+	}
+
+	return handler.NewUpdateStatement(
+		event,
+		cols,
+		[]handler.Condition{
+			handler.NewCond(UserSchemaIDCol, event.Aggregate().ID),
+			handler.NewCond(UserSchemaInstanceIDCol, event.Aggregate().InstanceID),
+		},
+	), nil
+}
+
+func (p *userSchemaProjection) reduceDeactivated(event eventstore.Event) (*handler.Statement, error) {
+	_, err := assertEvent[*schema.DeactivatedEvent](event)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewUpdateStatement(
+		event,
+		[]handler.Column{
+			handler.NewCol(UserSchemaChangeDateCol, event.CreatedAt()),
+			handler.NewCol(UserSchemaSequenceCol, event.Sequence()),
+			handler.NewCol(UserSchemaStateCol, domain.UserSchemaStateInactive),
+		},
+		[]handler.Condition{
+			handler.NewCond(UserSchemaIDCol, event.Aggregate().ID),
+			handler.NewCond(UserSchemaInstanceIDCol, event.Aggregate().InstanceID),
+		},
+	), nil
+}
+
+func (p *userSchemaProjection) reduceReactivated(event eventstore.Event) (*handler.Statement, error) {
+	_, err := assertEvent[*schema.ReactivatedEvent](event)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewUpdateStatement(
+		event,
+		[]handler.Column{
+			handler.NewCol(UserSchemaChangeDateCol, event.CreatedAt()),
+			handler.NewCol(UserSchemaSequenceCol, event.Sequence()),
+			handler.NewCol(UserSchemaStateCol, domain.UserSchemaStateActive),
+		},
+		[]handler.Condition{
+			handler.NewCond(UserSchemaIDCol, event.Aggregate().ID),
+			handler.NewCond(UserSchemaInstanceIDCol, event.Aggregate().InstanceID),
+		},
+	), nil
+}
+
+func (p *userSchemaProjection) reduceDeleted(event eventstore.Event) (*handler.Statement, error) {
+	_, err := assertEvent[*schema.DeletedEvent](event)
+	if err != nil {
+		return nil, err
+	}
+
+	return handler.NewDeleteStatement(
+		event,
+		[]handler.Condition{
+			handler.NewCond(UserSchemaIDCol, event.Aggregate().ID),
+			handler.NewCond(UserSchemaInstanceIDCol, event.Aggregate().InstanceID),
+		},
+	), nil
+}

internal/query/projection/user_schema_test.go

@@ -0,0 +1,219 @@
+package projection
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
+	"github.com/zitadel/zitadel/internal/repository/instance"
+	"github.com/zitadel/zitadel/internal/repository/user/schema"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func TestUserSchemaProjection_reduces(t *testing.T) {
+	type args struct {
+		event func(t *testing.T) eventstore.Event
+	}
+	tests := []struct {
+		name   string
+		args   args
+		reduce func(event eventstore.Event) (*handler.Statement, error)
+		want   wantReduce
+	}{
+		{
+			name: "reduceCreated",
+			args: args{
+				event: getEvent(
+					testEvent(
+						schema.CreatedType,
+						schema.AggregateType,
+						[]byte(`{"schemaType": "type", "schema": {"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}, "possibleAuthenticators": [1,2]}`),
+					), eventstore.GenericEventMapper[schema.CreatedEvent]),
+			},
+			reduce: (&userSchemaProjection{}).reduceCreated,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("user_schema"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "INSERT INTO projections.user_schemas (id, change_date, sequence, instance_id, state, type, revision, schema, possible_authenticators) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
+							expectedArgs: []interface{}{
+								"agg-id",
+								anyArg{},
+								uint64(15),
+								"instance-id",
+								domain.UserSchemaStateActive,
+								"type",
+								1,
+								json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+								[]domain.AuthenticatorType{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "reduceUpdated",
+			args: args{
+				event: getEvent(
+					testEvent(
+						schema.CreatedType,
+						schema.AggregateType,
+						[]byte(`{"schemaType": "type", "schema": {"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}, "possibleAuthenticators": [1,2]}`),
+					), eventstore.GenericEventMapper[schema.UpdatedEvent]),
+			},
+			reduce: (&userSchemaProjection{}).reduceUpdated,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("user_schema"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.user_schemas SET (change_date, sequence, type, schema, revision, possible_authenticators) = ($1, $2, $3, $4, revision + $5, $6) WHERE (id = $7) AND (instance_id = $8)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								"type",
+								json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+								1,
+								[]domain.AuthenticatorType{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+								"agg-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "reduceDeactivated",
+			args: args{
+				event: getEvent(
+					testEvent(
+						schema.DeactivatedType,
+						schema.AggregateType,
+						nil,
+					), eventstore.GenericEventMapper[schema.DeactivatedEvent]),
+			},
+			reduce: (&userSchemaProjection{}).reduceDeactivated,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("user_schema"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.user_schemas SET (change_date, sequence, state) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								domain.UserSchemaStateInactive,
+								"agg-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "reduceReactivated",
+			args: args{
+				event: getEvent(
+					testEvent(
+						schema.ReactivatedType,
+						schema.AggregateType,
+						nil,
+					), eventstore.GenericEventMapper[schema.ReactivatedEvent]),
+			},
+			reduce: (&userSchemaProjection{}).reduceReactivated,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("user_schema"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.user_schemas SET (change_date, sequence, state) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
+							expectedArgs: []interface{}{
+								anyArg{},
+								uint64(15),
+								domain.UserSchemaStateActive,
+								"agg-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "reduceDeleted",
+			args: args{
+				event: getEvent(
+					testEvent(
+						schema.DeletedType,
+						schema.AggregateType,
+						nil,
+					), eventstore.GenericEventMapper[schema.DeletedEvent]),
+			},
+			reduce: (&userSchemaProjection{}).reduceDeleted,
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("user_schema"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "DELETE FROM projections.user_schemas WHERE (id = $1) AND (instance_id = $2)",
+							expectedArgs: []interface{}{
+								"agg-id",
+								"instance-id",
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "instance reduceInstanceRemoved",
+			args: args{
+				event: getEvent(
+					testEvent(
+						instance.InstanceRemovedEventType,
+						instance.AggregateType,
+						nil,
+					), instance.InstanceRemovedEventMapper),
+			},
+			reduce: reduceInstanceRemovedHelper(UserSchemaInstanceIDCol),
+			want: wantReduce{
+				aggregateType: eventstore.AggregateType("instance"),
+				sequence:      15,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "DELETE FROM projections.user_schemas WHERE (instance_id = $1)",
+							expectedArgs: []interface{}{
+								"agg-id",
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			event := baseEvent(t)
+			got, err := tt.reduce(event)
+			if ok := zerrors.IsErrorInvalidArgument(err); !ok {
+				t.Errorf("no wrong event mapping: %v, got: %v", err, got)
+			}
+
+			event = tt.args.event(t)
+			got, err = tt.reduce(event)
+			assertReduce(t, got, err, UserSchemaTable, tt.want)
+		})
+	}
+}

internal/query/user_schema.go

@@ -0,0 +1,218 @@
+package query
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"errors"
+
+	sq "github.com/Masterminds/squirrel"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query/projection"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type UserSchemas struct {
+	SearchResponse
+	UserSchemas []*UserSchema
+}
+
+func (e *UserSchemas) SetState(s *State) {
+	e.State = s
+}
+
+type UserSchema struct {
+	ID string
+	domain.ObjectDetails
+	State                  domain.UserSchemaState
+	Type                   string
+	Revision               uint32
+	Schema                 json.RawMessage
+	PossibleAuthenticators database.Array[domain.AuthenticatorType]
+}
+
+type UserSchemaSearchQueries struct {
+	SearchRequest
+	Queries []SearchQuery
+}
+
+var (
+	userSchemaTable = table{
+		name:          projection.UserSchemaTable,
+		instanceIDCol: projection.UserSchemaInstanceIDCol,
+	}
+	UserSchemaIDCol = Column{
+		name:  projection.UserSchemaIDCol,
+		table: userSchemaTable,
+	}
+	UserSchemaChangeDateCol = Column{
+		name:  projection.UserSchemaChangeDateCol,
+		table: userSchemaTable,
+	}
+	UserSchemaInstanceIDCol = Column{
+		name:  projection.UserSchemaInstanceIDCol,
+		table: userSchemaTable,
+	}
+	UserSchemaSequenceCol = Column{
+		name:  projection.UserSchemaSequenceCol,
+		table: userSchemaTable,
+	}
+	UserSchemaStateCol = Column{
+		name:  projection.UserSchemaStateCol,
+		table: userSchemaTable,
+	}
+	UserSchemaTypeCol = Column{
+		name:  projection.UserSchemaTypeCol,
+		table: userSchemaTable,
+	}
+	UserSchemaRevisionCol = Column{
+		name:  projection.UserSchemaRevisionCol,
+		table: userSchemaTable,
+	}
+	UserSchemaSchemaCol = Column{
+		name:  projection.UserSchemaSchemaCol,
+		table: userSchemaTable,
+	}
+	UserSchemaPossibleAuthenticatorsCol = Column{
+		name:  projection.UserSchemaPossibleAuthenticatorsCol,
+		table: userSchemaTable,
+	}
+)
+
+func (q *Queries) GetUserSchemaByID(ctx context.Context, id string) (userSchema *UserSchema, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	eq := sq.Eq{
+		UserSchemaIDCol.identifier():         id,
+		UserSchemaInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+
+	query, scan := prepareUserSchemaQuery()
+	return genericRowQuery[*UserSchema](ctx, q.client, query.Where(eq), scan)
+}
+
+func (q *Queries) SearchUserSchema(ctx context.Context, queries *UserSchemaSearchQueries) (userSchemas *UserSchemas, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	eq := sq.Eq{
+		UserSchemaInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
+	}
+
+	query, scan := prepareUserSchemasQuery()
+	return genericRowsQueryWithState[*UserSchemas](ctx, q.client, userSchemaTable, combineToWhereStmt(query, queries.toQuery, eq), scan)
+}
+
+func (q *UserSchemaSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
+	query = q.SearchRequest.toQuery(query)
+	for _, q := range q.Queries {
+		query = q.toQuery(query)
+	}
+	return query
+}
+
+func NewUserSchemaTypeSearchQuery(value string, comparison TextComparison) (SearchQuery, error) {
+	return NewTextQuery(UserSchemaTypeCol, value, comparison)
+}
+
+func NewUserSchemaIDSearchQuery(value string, comparison TextComparison) (SearchQuery, error) {
+	return NewTextQuery(UserSchemaIDCol, value, comparison)
+}
+
+func NewUserSchemaStateSearchQuery(value domain.UserSchemaState) (SearchQuery, error) {
+	return NewNumberQuery(UserSchemaStateCol, value, NumberEquals)
+}
+
+func prepareUserSchemaQuery() (sq.SelectBuilder, func(*sql.Row) (*UserSchema, error)) {
+	return sq.Select(
+			UserSchemaIDCol.identifier(),
+			UserSchemaChangeDateCol.identifier(),
+			UserSchemaSequenceCol.identifier(),
+			UserSchemaInstanceIDCol.identifier(),
+			UserSchemaStateCol.identifier(),
+			UserSchemaTypeCol.identifier(),
+			UserSchemaRevisionCol.identifier(),
+			UserSchemaSchemaCol.identifier(),
+			UserSchemaPossibleAuthenticatorsCol.identifier(),
+		).
+			From(userSchemaTable.identifier()).
+			PlaceholderFormat(sq.Dollar),
+		func(row *sql.Row) (*UserSchema, error) {
+			u := new(UserSchema)
+			err := row.Scan(
+				&u.ID,
+				&u.EventDate,
+				&u.Sequence,
+				&u.ResourceOwner,
+				&u.State,
+				&u.Type,
+				&u.Revision,
+				&u.Schema,
+				&u.PossibleAuthenticators,
+			)
+
+			if err != nil {
+				if errors.Is(err, sql.ErrNoRows) {
+					return nil, zerrors.ThrowNotFound(err, "QUERY-SAF3t", "Errors.Metadata.NotFound")
+				}
+				return nil, zerrors.ThrowInternal(err, "QUERY-WRB2Q", "Errors.Internal")
+			}
+			return u, nil
+		}
+}
+
+func prepareUserSchemasQuery() (sq.SelectBuilder, func(*sql.Rows) (*UserSchemas, error)) {
+	return sq.Select(
+			UserSchemaIDCol.identifier(),
+			UserSchemaChangeDateCol.identifier(),
+			UserSchemaSequenceCol.identifier(),
+			UserSchemaInstanceIDCol.identifier(),
+			UserSchemaStateCol.identifier(),
+			UserSchemaTypeCol.identifier(),
+			UserSchemaRevisionCol.identifier(),
+			UserSchemaSchemaCol.identifier(),
+			UserSchemaPossibleAuthenticatorsCol.identifier(),
+			countColumn.identifier()).
+			From(userSchemaTable.identifier()).
+			PlaceholderFormat(sq.Dollar),
+		func(rows *sql.Rows) (*UserSchemas, error) {
+			schema := make([]*UserSchema, 0)
+			var count uint64
+			for rows.Next() {
+				u := new(UserSchema)
+				err := rows.Scan(
+					&u.ID,
+					&u.EventDate,
+					&u.Sequence,
+					&u.ResourceOwner,
+					&u.State,
+					&u.Type,
+					&u.Revision,
+					&u.Schema,
+					&u.PossibleAuthenticators,
+					&count,
+				)
+				if err != nil {
+					return nil, err
+				}
+
+				schema = append(schema, u)
+			}
+
+			if err := rows.Close(); err != nil {
+				return nil, zerrors.ThrowInternal(err, "QUERY-Lwj2e", "Errors.Query.CloseRows")
+			}
+
+			return &UserSchemas{
+				UserSchemas: schema,
+				SearchResponse: SearchResponse{
+					Count: count,
+				},
+			}, nil
+		}
+}

internal/query/user_schema_test.go

@@ -0,0 +1,290 @@
+package query
+
+import (
+	"database/sql"
+	"database/sql/driver"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+var (
+	prepareUserSchemasStmt = `SELECT projections.user_schemas.id,` +
+		` projections.user_schemas.change_date,` +
+		` projections.user_schemas.sequence,` +
+		` projections.user_schemas.instance_id,` +
+		` projections.user_schemas.state,` +
+		` projections.user_schemas.type,` +
+		` projections.user_schemas.revision,` +
+		` projections.user_schemas.schema,` +
+		` projections.user_schemas.possible_authenticators,` +
+		` COUNT(*) OVER ()` +
+		` FROM projections.user_schemas`
+	prepareUserSchemasCols = []string{
+		"id",
+		"change_date",
+		"sequence",
+		"instance_id",
+		"state",
+		"type",
+		"revision",
+		"schema",
+		"possible_authenticators",
+		"count",
+	}
+
+	prepareUserSchemaStmt = `SELECT projections.user_schemas.id,` +
+		` projections.user_schemas.change_date,` +
+		` projections.user_schemas.sequence,` +
+		` projections.user_schemas.instance_id,` +
+		` projections.user_schemas.state,` +
+		` projections.user_schemas.type,` +
+		` projections.user_schemas.revision,` +
+		` projections.user_schemas.schema,` +
+		` projections.user_schemas.possible_authenticators` +
+		` FROM projections.user_schemas`
+	prepareUserSchemaCols = []string{
+		"id",
+		"change_date",
+		"sequence",
+		"instance_id",
+		"state",
+		"type",
+		"revision",
+		"schema",
+		"possible_authenticators",
+	}
+)
+
+func Test_UserSchemaPrepares(t *testing.T) {
+	type want struct {
+		sqlExpectations sqlExpectation
+		err             checkErr
+	}
+	tests := []struct {
+		name    string
+		prepare interface{}
+		want    want
+		object  interface{}
+	}{
+		{
+			name:    "prepareUserSchemasQuery no result",
+			prepare: prepareUserSchemasQuery,
+			want: want{
+				sqlExpectations: mockQueries(
+					regexp.QuoteMeta(prepareUserSchemasStmt),
+					nil,
+					nil,
+				),
+			},
+			object: &UserSchemas{UserSchemas: []*UserSchema{}},
+		},
+		{
+			name:    "prepareUserSchemasQuery one result",
+			prepare: prepareUserSchemasQuery,
+			want: want{
+				sqlExpectations: mockQueries(
+					regexp.QuoteMeta(prepareUserSchemasStmt),
+					prepareUserSchemasCols,
+					[][]driver.Value{
+						{
+							"id",
+							testNow,
+							uint64(20211109),
+							"instance-id",
+							domain.UserSchemaStateActive,
+							"type",
+							1,
+							json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+							database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+						},
+					},
+				),
+			},
+			object: &UserSchemas{
+				SearchResponse: SearchResponse{
+					Count: 1,
+				},
+				UserSchemas: []*UserSchema{
+					{
+						ID: "id",
+						ObjectDetails: domain.ObjectDetails{
+							EventDate:     testNow,
+							Sequence:      20211109,
+							ResourceOwner: "instance-id",
+						},
+						State:                  domain.UserSchemaStateActive,
+						Type:                   "type",
+						Revision:               1,
+						Schema:                 json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+						PossibleAuthenticators: database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+					},
+				},
+			},
+		},
+		{
+			name:    "prepareUserSchemasQuery multiple result",
+			prepare: prepareUserSchemasQuery,
+			want: want{
+				sqlExpectations: mockQueries(
+					regexp.QuoteMeta(prepareUserSchemasStmt),
+					prepareUserSchemasCols,
+					[][]driver.Value{
+						{
+							"id-1",
+							testNow,
+							uint64(20211109),
+							"instance-id",
+							domain.UserSchemaStateActive,
+							"type1",
+							1,
+							json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+							database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+						},
+						{
+							"id-2",
+							testNow,
+							uint64(20211110),
+							"instance-id",
+							domain.UserSchemaStateInactive,
+							"type2",
+							2,
+							json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+							database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+						},
+					},
+				),
+			},
+			object: &UserSchemas{
+				SearchResponse: SearchResponse{
+					Count: 2,
+				},
+				UserSchemas: []*UserSchema{
+					{
+						ID: "id-1",
+						ObjectDetails: domain.ObjectDetails{
+							EventDate:     testNow,
+							Sequence:      20211109,
+							ResourceOwner: "instance-id",
+						},
+						State:                  domain.UserSchemaStateActive,
+						Type:                   "type1",
+						Revision:               1,
+						Schema:                 json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+						PossibleAuthenticators: database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+					},
+					{
+						ID: "id-2",
+						ObjectDetails: domain.ObjectDetails{
+							EventDate:     testNow,
+							Sequence:      20211110,
+							ResourceOwner: "instance-id",
+						},
+						State:                  domain.UserSchemaStateInactive,
+						Type:                   "type2",
+						Revision:               2,
+						Schema:                 json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+						PossibleAuthenticators: database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+					},
+				},
+			},
+		},
+		{
+			name:    "prepareUserSchemasQuery sql err",
+			prepare: prepareUserSchemasQuery,
+			want: want{
+				sqlExpectations: mockQueryErr(
+					regexp.QuoteMeta(prepareUserSchemasStmt),
+					sql.ErrConnDone,
+				),
+				err: func(err error) (error, bool) {
+					if !errors.Is(err, sql.ErrConnDone) {
+						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
+					}
+					return nil, true
+				},
+			},
+			object: (*UserSchema)(nil),
+		},
+		{
+			name:    "prepareUserSchemaQuery no result",
+			prepare: prepareUserSchemaQuery,
+			want: want{
+				sqlExpectations: mockQueriesScanErr(
+					regexp.QuoteMeta(prepareUserSchemaStmt),
+					nil,
+					nil,
+				),
+				err: func(err error) (error, bool) {
+					if !zerrors.IsNotFound(err) {
+						return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
+					}
+					return nil, true
+				},
+			},
+			object: (*UserSchema)(nil),
+		},
+		{
+			name:    "prepareUserSchemaQuery found",
+			prepare: prepareUserSchemaQuery,
+			want: want{
+				sqlExpectations: mockQuery(
+					regexp.QuoteMeta(prepareUserSchemaStmt),
+					prepareUserSchemaCols,
+					[]driver.Value{
+						"id",
+						testNow,
+						uint64(20211109),
+						"instance-id",
+						domain.UserSchemaStateActive,
+						"type",
+						1,
+						json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+						database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+					},
+				),
+			},
+			object: &UserSchema{
+				ID: "id",
+				ObjectDetails: domain.ObjectDetails{
+					EventDate:     testNow,
+					Sequence:      20211109,
+					ResourceOwner: "instance-id",
+				},
+				State:                  domain.UserSchemaStateActive,
+				Type:                   "type",
+				Revision:               1,
+				Schema:                 json.RawMessage(`{"$schema":"urn:zitadel:schema:v1","properties":{"name":{"type":"string","urn:zitadel:schema:permission":{"self":"rw"}}},"type":"object"}`),
+				PossibleAuthenticators: database.Array[domain.AuthenticatorType]{domain.AuthenticatorTypeUsername, domain.AuthenticatorTypePassword},
+			},
+		},
+		{
+			name:    "prepareUserSchemaQuery sql err",
+			prepare: prepareUserSchemaQuery,
+			want: want{
+				sqlExpectations: mockQueryErr(
+					regexp.QuoteMeta(prepareUserSchemaStmt),
+					sql.ErrConnDone,
+				),
+				err: func(err error) (error, bool) {
+					if !errors.Is(err, sql.ErrConnDone) {
+						return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
+					}
+					return nil, true
+				},
+			},
+			object: (*UserSchema)(nil),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err)
+		})
+	}
+}