fix: move v2 pkgs (#1331)

* fix: move eventstore pkgs

* fix: move eventstore pkgs

* fix: remove v2 view

* fix: remove v2 view

internal/query/converter.go

@@ -0,0 +1,172 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/iam/model"
+)
+
+func readModelToIAM(readModel *ReadModel) *model.IAM {
+	return &model.IAM{
+		ObjectRoot:                      readModelToObjectRoot(readModel.ReadModel),
+		GlobalOrgID:                     readModel.GlobalOrgID,
+		IAMProjectID:                    readModel.ProjectID,
+		SetUpDone:                       readModel.SetUpDone,
+		SetUpStarted:                    readModel.SetUpStarted,
+		Members:                         readModelToMembers(&readModel.Members),
+		DefaultLabelPolicy:              readModelToLabelPolicy(&readModel.DefaultLabelPolicy),
+		DefaultLoginPolicy:              readModelToLoginPolicy(&readModel.DefaultLoginPolicy),
+		DefaultOrgIAMPolicy:             readModelToOrgIAMPolicy(&readModel.DefaultOrgIAMPolicy),
+		DefaultPasswordAgePolicy:        readModelToPasswordAgePolicy(&readModel.DefaultPasswordAgePolicy),
+		DefaultPasswordComplexityPolicy: readModelToPasswordComplexityPolicy(&readModel.DefaultPasswordComplexityPolicy),
+		DefaultPasswordLockoutPolicy:    readModelToPasswordLockoutPolicy(&readModel.DefaultPasswordLockoutPolicy),
+		IDPs:                            readModelToIDPConfigs(&readModel.IDPs),
+	}
+}
+
+func readModelToIDPConfigView(rm *IAMIDPConfigReadModel) *domain.IDPConfigView {
+	converted := &domain.IDPConfigView{
+		AggregateID:     rm.AggregateID,
+		ChangeDate:      rm.ChangeDate,
+		CreationDate:    rm.CreationDate,
+		IDPConfigID:     rm.ConfigID,
+		IDPProviderType: rm.ProviderType,
+		IsOIDC:          rm.OIDCConfig != nil,
+		Name:            rm.Name,
+		Sequence:        rm.ProcessedSequence,
+		State:           rm.State,
+		StylingType:     rm.StylingType,
+	}
+	if rm.OIDCConfig != nil {
+		converted.OIDCClientID = rm.OIDCConfig.ClientID
+		converted.OIDCClientSecret = rm.OIDCConfig.ClientSecret
+		converted.OIDCIDPDisplayNameMapping = rm.OIDCConfig.IDPDisplayNameMapping
+		converted.OIDCIssuer = rm.OIDCConfig.Issuer
+		converted.OIDCScopes = rm.OIDCConfig.Scopes
+		converted.OIDCUsernameMapping = rm.OIDCConfig.UserNameMapping
+	}
+	return converted
+}
+
+func readModelToMember(readModel *MemberReadModel) *model.IAMMember {
+	return &model.IAMMember{
+		ObjectRoot: readModelToObjectRoot(readModel.ReadModel),
+		Roles:      readModel.Roles,
+		UserID:     readModel.UserID,
+	}
+}
+
+func readModelToMembers(readModel *IAMMembersReadModel) []*model.IAMMember {
+	members := make([]*model.IAMMember, len(readModel.Members))
+
+	for i, member := range readModel.Members {
+		members[i] = &model.IAMMember{
+			ObjectRoot: readModelToObjectRoot(member.ReadModel),
+			Roles:      member.Roles,
+			UserID:     member.UserID,
+		}
+	}
+
+	return members
+}
+
+func readModelToLabelPolicy(readModel *IAMLabelPolicyReadModel) *model.LabelPolicy {
+	return &model.LabelPolicy{
+		ObjectRoot:     readModelToObjectRoot(readModel.LabelPolicyReadModel.ReadModel),
+		PrimaryColor:   readModel.PrimaryColor,
+		SecondaryColor: readModel.SecondaryColor,
+		Default:        true,
+		//TODO: OTPState: int32,
+	}
+}
+
+func readModelToLoginPolicy(readModel *IAMLoginPolicyReadModel) *model.LoginPolicy {
+	return &model.LoginPolicy{
+		ObjectRoot:            readModelToObjectRoot(readModel.LoginPolicyReadModel.ReadModel),
+		AllowExternalIdp:      readModel.AllowExternalIDP,
+		AllowRegister:         readModel.AllowRegister,
+		AllowUsernamePassword: readModel.AllowUserNamePassword,
+		Default:               true,
+		//TODO: IDPProviders: []*model.IDPProvider,
+		//TODO: OTPState: int32,
+	}
+}
+func readModelToOrgIAMPolicy(readModel *IAMOrgIAMPolicyReadModel) *model.OrgIAMPolicy {
+	return &model.OrgIAMPolicy{
+		ObjectRoot:            readModelToObjectRoot(readModel.OrgIAMPolicyReadModel.ReadModel),
+		UserLoginMustBeDomain: readModel.UserLoginMustBeDomain,
+		Default:               true,
+		//TODO: OTPState: int32,
+	}
+}
+func readModelToPasswordAgePolicy(readModel *IAMPasswordAgePolicyReadModel) *model.PasswordAgePolicy {
+	return &model.PasswordAgePolicy{
+		ObjectRoot:     readModelToObjectRoot(readModel.PasswordAgePolicyReadModel.ReadModel),
+		ExpireWarnDays: uint64(readModel.ExpireWarnDays),
+		MaxAgeDays:     uint64(readModel.MaxAgeDays),
+		//TODO: OTPState: int32,
+	}
+}
+func readModelToPasswordComplexityPolicy(readModel *IAMPasswordComplexityPolicyReadModel) *model.PasswordComplexityPolicy {
+	return &model.PasswordComplexityPolicy{
+		ObjectRoot:   readModelToObjectRoot(readModel.PasswordComplexityPolicyReadModel.ReadModel),
+		HasLowercase: readModel.HasLowercase,
+		HasNumber:    readModel.HasNumber,
+		HasSymbol:    readModel.HasSymbol,
+		HasUppercase: readModel.HasUpperCase,
+		MinLength:    uint64(readModel.MinLength),
+		//TODO: OTPState: int32,
+	}
+}
+func readModelToPasswordLockoutPolicy(readModel *IAMPasswordLockoutPolicyReadModel) *model.PasswordLockoutPolicy {
+	return &model.PasswordLockoutPolicy{
+		ObjectRoot:          readModelToObjectRoot(readModel.PasswordLockoutPolicyReadModel.ReadModel),
+		MaxAttempts:         uint64(readModel.MaxAttempts),
+		ShowLockOutFailures: readModel.ShowLockOutFailures,
+		//TODO: OTPState: int32,
+	}
+}
+
+func readModelToIDPConfigs(rm *IAMIDPConfigsReadModel) []*model.IDPConfig {
+	configs := make([]*model.IDPConfig, len(rm.Configs))
+	for i, config := range rm.Configs {
+		configs[i] = readModelToIDPConfig(&IAMIDPConfigReadModel{IDPConfigReadModel: *config})
+	}
+	return configs
+}
+
+func readModelToIDPConfig(rm *IAMIDPConfigReadModel) *model.IDPConfig {
+	return &model.IDPConfig{
+		ObjectRoot:  readModelToObjectRoot(rm.ReadModel),
+		OIDCConfig:  readModelToIDPOIDCConfig(rm.OIDCConfig),
+		IDPConfigID: rm.ConfigID,
+		Name:        rm.Name,
+		State:       model.IDPConfigState(rm.State),
+		StylingType: model.IDPStylingType(rm.StylingType),
+	}
+}
+
+func readModelToIDPOIDCConfig(rm *OIDCConfigReadModel) *model.OIDCIDPConfig {
+	return &model.OIDCIDPConfig{
+		ObjectRoot:            readModelToObjectRoot(rm.ReadModel),
+		ClientID:              rm.ClientID,
+		ClientSecret:          rm.ClientSecret,
+		ClientSecretString:    string(rm.ClientSecret.Crypted),
+		IDPConfigID:           rm.IDPConfigID,
+		IDPDisplayNameMapping: model.OIDCMappingField(rm.IDPDisplayNameMapping),
+		Issuer:                rm.Issuer,
+		Scopes:                rm.Scopes,
+		UsernameMapping:       model.OIDCMappingField(rm.UserNameMapping),
+	}
+}
+
+func readModelToObjectRoot(readModel eventstore.ReadModel) models.ObjectRoot {
+	return models.ObjectRoot{
+		AggregateID:   readModel.AggregateID,
+		ChangeDate:    readModel.ChangeDate,
+		CreationDate:  readModel.CreationDate,
+		ResourceOwner: readModel.ResourceOwner,
+		Sequence:      readModel.ProcessedSequence,
+	}
+}

internal/query/iam_idp_config.go

@@ -0,0 +1,16 @@
+package query
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/domain"
+)
+
+func (r *QuerySide) DefaultIDPConfigByID(ctx context.Context, idpConfigID string) (*domain.IDPConfigView, error) {
+	idpConfig := NewIAMIDPConfigReadModel(r.iamID, idpConfigID)
+	err := r.eventstore.FilterToQueryReducer(ctx, idpConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return readModelToIDPConfigView(idpConfig), nil
+}

internal/query/iam_idp_config_model.go

@@ -0,0 +1,49 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+)
+
+type IAMIDPConfigReadModel struct {
+	IDPConfigReadModel
+
+	iamID    string
+	configID string
+}
+
+func NewIAMIDPConfigReadModel(iamID, configID string) *IAMIDPConfigReadModel {
+	return &IAMIDPConfigReadModel{
+		iamID:    iamID,
+		configID: configID,
+	}
+}
+
+func (rm *IAMIDPConfigReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.IDPConfigAddedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.IDPConfigAddedEvent)
+		case *iam.IDPConfigChangedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.IDPConfigChangedEvent)
+		case *iam.IDPConfigDeactivatedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.IDPConfigDeactivatedEvent)
+		case *iam.IDPConfigReactivatedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.IDPConfigReactivatedEvent)
+		case *iam.IDPConfigRemovedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.IDPConfigRemovedEvent)
+		case *iam.IDPOIDCConfigAddedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.OIDCConfigAddedEvent)
+		case *iam.IDPOIDCConfigChangedEvent:
+			rm.IDPConfigReadModel.AppendEvents(&e.OIDCConfigChangedEvent)
+		}
+	}
+}
+
+func (rm *IAMIDPConfigReadModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
+		AggregateIDs(rm.iamID).
+		EventData(map[string]interface{}{
+			"idpConfigId": rm.configID,
+		})
+}

internal/query/iam_idp_configs_model.go

@@ -0,0 +1,31 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+)
+
+type IAMIDPConfigsReadModel struct {
+	IDPConfigsReadModel
+}
+
+func (rm *IAMIDPConfigsReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.IDPConfigAddedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.IDPConfigAddedEvent)
+		case *iam.IDPConfigChangedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.IDPConfigChangedEvent)
+		case *iam.IDPConfigDeactivatedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.IDPConfigDeactivatedEvent)
+		case *iam.IDPConfigReactivatedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.IDPConfigReactivatedEvent)
+		case *iam.IDPConfigRemovedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.IDPConfigRemovedEvent)
+		case *iam.IDPOIDCConfigAddedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.OIDCConfigAddedEvent)
+		case *iam.IDPOIDCConfigChangedEvent:
+			rm.IDPConfigsReadModel.AppendEvents(&e.OIDCConfigChangedEvent)
+		}
+	}
+}

internal/query/iam_member_model.go

@@ -0,0 +1,42 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/member"
+)
+
+type IAMMemberReadModel struct {
+	MemberReadModel
+
+	userID string
+	iamID  string
+}
+
+func NewIAMMemberReadModel(iamID, userID string) *IAMMemberReadModel {
+	return &IAMMemberReadModel{
+		iamID:  iamID,
+		userID: userID,
+	}
+}
+
+func (rm *IAMMemberReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.MemberAddedEvent:
+			rm.MemberReadModel.AppendEvents(&e.MemberAddedEvent)
+		case *iam.MemberChangedEvent:
+			rm.MemberReadModel.AppendEvents(&e.MemberChangedEvent)
+		case *member.MemberAddedEvent, *member.MemberChangedEvent, *iam.MemberRemovedEvent:
+			rm.MemberReadModel.AppendEvents(e)
+		}
+	}
+}
+
+func (rm *IAMMemberReadModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
+		AggregateIDs(rm.iamID).
+		EventData(map[string]interface{}{
+			"userId": rm.userID,
+		})
+}

internal/query/iam_members_model.go

@@ -0,0 +1,23 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+)
+
+type IAMMembersReadModel struct {
+	MembersReadModel
+}
+
+func (rm *IAMMembersReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.MemberAddedEvent:
+			rm.MembersReadModel.AppendEvents(&e.MemberAddedEvent)
+		case *iam.MemberChangedEvent:
+			rm.MembersReadModel.AppendEvents(&e.MemberChangedEvent)
+		case *iam.MemberRemovedEvent:
+			rm.MembersReadModel.AppendEvents(&e.MemberRemovedEvent)
+		}
+	}
+}

internal/query/iam_model.go

@@ -0,0 +1,132 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/member"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type ReadModel struct {
+	eventstore.ReadModel
+
+	SetUpStarted domain.Step
+	SetUpDone    domain.Step
+
+	Members IAMMembersReadModel
+	IDPs    IAMIDPConfigsReadModel
+
+	GlobalOrgID string
+	ProjectID   string
+
+	DefaultLoginPolicy              IAMLoginPolicyReadModel
+	DefaultLabelPolicy              IAMLabelPolicyReadModel
+	DefaultOrgIAMPolicy             IAMOrgIAMPolicyReadModel
+	DefaultPasswordComplexityPolicy IAMPasswordComplexityPolicyReadModel
+	DefaultPasswordAgePolicy        IAMPasswordAgePolicyReadModel
+	DefaultPasswordLockoutPolicy    IAMPasswordLockoutPolicyReadModel
+}
+
+func NewReadModel(id string) *ReadModel {
+	return &ReadModel{
+		ReadModel: eventstore.ReadModel{
+			AggregateID: id,
+		},
+	}
+}
+
+func (rm *ReadModel) IDPByID(idpID string) *IAMIDPConfigReadModel {
+	_, config := rm.IDPs.ConfigByID(idpID)
+	if config == nil {
+		return nil
+	}
+	return &IAMIDPConfigReadModel{IDPConfigReadModel: *config}
+}
+
+func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
+	rm.ReadModel.AppendEvents(events...)
+	for _, event := range events {
+		switch event.(type) {
+		case *member.MemberAddedEvent,
+			*member.MemberChangedEvent,
+			*member.MemberRemovedEvent:
+
+			rm.Members.AppendEvents(event)
+		case *iam.IDPConfigAddedEvent,
+			*iam.IDPConfigChangedEvent,
+			*iam.IDPConfigDeactivatedEvent,
+			*iam.IDPConfigReactivatedEvent,
+			*iam.IDPConfigRemovedEvent,
+			*iam.IDPOIDCConfigAddedEvent,
+			*iam.IDPOIDCConfigChangedEvent:
+
+			rm.IDPs.AppendEvents(event)
+		case *policy.LabelPolicyAddedEvent,
+			*policy.LabelPolicyChangedEvent:
+
+			rm.DefaultLabelPolicy.AppendEvents(event)
+		case *policy.LoginPolicyAddedEvent,
+			*policy.LoginPolicyChangedEvent:
+
+			rm.DefaultLoginPolicy.AppendEvents(event)
+		case *policy.OrgIAMPolicyAddedEvent:
+			rm.DefaultOrgIAMPolicy.AppendEvents(event)
+		case *policy.PasswordComplexityPolicyAddedEvent,
+			*policy.PasswordComplexityPolicyChangedEvent:
+
+			rm.DefaultPasswordComplexityPolicy.AppendEvents(event)
+		case *policy.PasswordAgePolicyAddedEvent,
+			*policy.PasswordAgePolicyChangedEvent:
+
+			rm.DefaultPasswordAgePolicy.AppendEvents(event)
+		case *policy.PasswordLockoutPolicyAddedEvent,
+			*policy.PasswordLockoutPolicyChangedEvent:
+
+			rm.DefaultPasswordLockoutPolicy.AppendEvents(event)
+		}
+	}
+}
+
+func (rm *ReadModel) Reduce() (err error) {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *iam.ProjectSetEvent:
+			rm.ProjectID = e.ProjectID
+		case *iam.GlobalOrgSetEvent:
+			rm.GlobalOrgID = e.OrgID
+		case *iam.SetupStepEvent:
+			if e.Done {
+				rm.SetUpDone = e.Step
+			} else {
+				rm.SetUpStarted = e.Step
+			}
+		}
+	}
+	for _, reduce := range []func() error{
+		rm.Members.Reduce,
+		rm.IDPs.Reduce,
+		rm.DefaultLoginPolicy.Reduce,
+		rm.DefaultLabelPolicy.Reduce,
+		rm.DefaultOrgIAMPolicy.Reduce,
+		rm.DefaultPasswordComplexityPolicy.Reduce,
+		rm.DefaultPasswordAgePolicy.Reduce,
+		rm.DefaultPasswordLockoutPolicy.Reduce,
+		rm.ReadModel.Reduce,
+	} {
+		if err = reduce(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (rm *ReadModel) AppendAndReduce(events ...eventstore.EventReader) error {
+	rm.AppendEvents(events...)
+	return rm.Reduce()
+}
+
+func (rm *ReadModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).AggregateIDs(rm.AggregateID)
+}

internal/query/iam_policy_label_model.go

@@ -0,0 +1,22 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type IAMLabelPolicyReadModel struct{ LabelPolicyReadModel }
+
+func (rm *IAMLabelPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.LabelPolicyAddedEvent:
+			rm.LabelPolicyReadModel.AppendEvents(&e.LabelPolicyAddedEvent)
+		case *iam.LabelPolicyChangedEvent:
+			rm.LabelPolicyReadModel.AppendEvents(&e.LabelPolicyChangedEvent)
+		case *policy.LabelPolicyAddedEvent, *policy.LabelPolicyChangedEvent:
+			rm.LabelPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/iam_policy_login_model.go

@@ -0,0 +1,22 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type IAMLoginPolicyReadModel struct{ LoginPolicyReadModel }
+
+func (rm *IAMLoginPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.LoginPolicyAddedEvent:
+			rm.LoginPolicyReadModel.AppendEvents(&e.LoginPolicyAddedEvent)
+		case *iam.LoginPolicyChangedEvent:
+			rm.LoginPolicyReadModel.AppendEvents(&e.LoginPolicyChangedEvent)
+		case *policy.LoginPolicyAddedEvent, *policy.LoginPolicyChangedEvent:
+			rm.LoginPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/iam_policy_org_iam_model.go

@@ -0,0 +1,20 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type IAMOrgIAMPolicyReadModel struct{ OrgIAMPolicyReadModel }
+
+func (rm *IAMOrgIAMPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.OrgIAMPolicyAddedEvent:
+			rm.OrgIAMPolicyReadModel.AppendEvents(&e.OrgIAMPolicyAddedEvent)
+		case *policy.OrgIAMPolicyAddedEvent:
+			rm.OrgIAMPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/iam_policy_password_age_model.go

@@ -0,0 +1,26 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type IAMPasswordAgePolicyReadModel struct {
+	PasswordAgePolicyReadModel
+}
+
+func (rm *IAMPasswordAgePolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.PasswordAgePolicyAddedEvent:
+			rm.PasswordAgePolicyReadModel.AppendEvents(&e.PasswordAgePolicyAddedEvent)
+		case *iam.PasswordAgePolicyChangedEvent:
+			rm.PasswordAgePolicyReadModel.AppendEvents(&e.PasswordAgePolicyChangedEvent)
+		case *policy.PasswordAgePolicyAddedEvent,
+			*policy.PasswordAgePolicyChangedEvent:
+
+			rm.PasswordAgePolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/iam_policy_password_complexity_model.go

@@ -0,0 +1,26 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type IAMPasswordComplexityPolicyReadModel struct {
+	PasswordComplexityPolicyReadModel
+}
+
+func (rm *IAMPasswordComplexityPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.PasswordComplexityPolicyAddedEvent:
+			rm.PasswordComplexityPolicyReadModel.AppendEvents(&e.PasswordComplexityPolicyAddedEvent)
+		case *iam.PasswordComplexityPolicyChangedEvent:
+			rm.PasswordComplexityPolicyReadModel.AppendEvents(&e.PasswordComplexityPolicyChangedEvent)
+		case *policy.PasswordComplexityPolicyAddedEvent,
+			*policy.PasswordComplexityPolicyChangedEvent:
+
+			rm.PasswordComplexityPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/iam_policy_password_lockout_model.go

@@ -0,0 +1,24 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type IAMPasswordLockoutPolicyReadModel struct {
+	PasswordLockoutPolicyReadModel
+}
+
+func (rm *IAMPasswordLockoutPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *iam.PasswordLockoutPolicyAddedEvent:
+			rm.PasswordLockoutPolicyReadModel.AppendEvents(&e.PasswordLockoutPolicyAddedEvent)
+		case *iam.PasswordLockoutPolicyChangedEvent:
+			rm.PasswordLockoutPolicyReadModel.AppendEvents(&e.PasswordLockoutPolicyChangedEvent)
+		case *policy.PasswordLockoutPolicyAddedEvent, *policy.PasswordLockoutPolicyChangedEvent:
+			rm.PasswordLockoutPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/idp_config_model.go

@@ -0,0 +1,93 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+)
+
+type IDPConfigReadModel struct {
+	eventstore.ReadModel
+
+	State        domain.IDPConfigState
+	ConfigID     string
+	Name         string
+	StylingType  domain.IDPConfigStylingType
+	ProviderType domain.IdentityProviderType
+
+	OIDCConfig *OIDCConfigReadModel
+}
+
+func NewIDPConfigReadModel(configID string) *IDPConfigReadModel {
+	return &IDPConfigReadModel{
+		ConfigID: configID,
+	}
+}
+
+func (rm *IDPConfigReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *idpconfig.IDPConfigAddedEvent:
+			rm.ReadModel.AppendEvents(e)
+		case *idpconfig.IDPConfigChangedEvent:
+			rm.ReadModel.AppendEvents(e)
+		case *idpconfig.IDPConfigDeactivatedEvent:
+			rm.ReadModel.AppendEvents(e)
+		case *idpconfig.IDPConfigReactivatedEvent:
+			rm.ReadModel.AppendEvents(e)
+		case *idpconfig.IDPConfigRemovedEvent:
+			rm.ReadModel.AppendEvents(e)
+		case *idpconfig.OIDCConfigAddedEvent:
+			rm.OIDCConfig = &OIDCConfigReadModel{}
+			rm.ReadModel.AppendEvents(e)
+			rm.OIDCConfig.AppendEvents(event)
+		case *idpconfig.OIDCConfigChangedEvent:
+			rm.ReadModel.AppendEvents(e)
+			rm.OIDCConfig.AppendEvents(event)
+		}
+	}
+}
+
+func (rm *IDPConfigReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *idpconfig.IDPConfigAddedEvent:
+			rm.reduceConfigAddedEvent(e)
+		case *idpconfig.IDPConfigChangedEvent:
+			rm.reduceConfigChangedEvent(e)
+		case *idpconfig.IDPConfigDeactivatedEvent:
+			rm.reduceConfigStateChanged(e.ConfigID, domain.IDPConfigStateInactive)
+		case *idpconfig.IDPConfigReactivatedEvent:
+			rm.reduceConfigStateChanged(e.ConfigID, domain.IDPConfigStateActive)
+		case *idpconfig.IDPConfigRemovedEvent:
+			rm.reduceConfigStateChanged(e.ConfigID, domain.IDPConfigStateRemoved)
+		}
+	}
+
+	if rm.OIDCConfig != nil {
+		if err := rm.OIDCConfig.Reduce(); err != nil {
+			return err
+		}
+	}
+	return rm.ReadModel.Reduce()
+}
+
+func (rm *IDPConfigReadModel) reduceConfigAddedEvent(e *idpconfig.IDPConfigAddedEvent) {
+	rm.ConfigID = e.ConfigID
+	rm.Name = e.Name
+	rm.StylingType = e.StylingType
+	rm.State = domain.IDPConfigStateActive
+}
+
+func (rm *IDPConfigReadModel) reduceConfigChangedEvent(e *idpconfig.IDPConfigChangedEvent) {
+	if e.Name != nil {
+		rm.Name = *e.Name
+	}
+	if e.StylingType != nil && e.StylingType.Valid() {
+		rm.StylingType = *e.StylingType
+	}
+}
+
+func (rm *IDPConfigReadModel) reduceConfigStateChanged(configID string, state domain.IDPConfigState) {
+	rm.State = state
+}

internal/query/idp_configs_model.go

@@ -0,0 +1,64 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+)
+
+type IDPConfigsReadModel struct {
+	eventstore.ReadModel
+
+	Configs []*IDPConfigReadModel
+}
+
+func (rm *IDPConfigsReadModel) ConfigByID(id string) (idx int, config *IDPConfigReadModel) {
+	for idx, config = range rm.Configs {
+		if config.ConfigID == id {
+			return idx, config
+		}
+	}
+	return -1, nil
+}
+
+func (rm *IDPConfigsReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *idpconfig.IDPConfigAddedEvent:
+			config := NewIDPConfigReadModel(e.ConfigID)
+			rm.Configs = append(rm.Configs, config)
+			config.AppendEvents(event)
+		case *idpconfig.IDPConfigChangedEvent:
+			_, config := rm.ConfigByID(e.ConfigID)
+			config.AppendEvents(e)
+		case *idpconfig.IDPConfigDeactivatedEvent:
+			_, config := rm.ConfigByID(e.ConfigID)
+			config.AppendEvents(e)
+		case *idpconfig.IDPConfigReactivatedEvent:
+			_, config := rm.ConfigByID(e.ConfigID)
+			config.AppendEvents(e)
+		case *idpconfig.OIDCConfigAddedEvent:
+			_, config := rm.ConfigByID(e.IDPConfigID)
+			config.AppendEvents(e)
+		case *idpconfig.OIDCConfigChangedEvent:
+			_, config := rm.ConfigByID(e.IDPConfigID)
+			config.AppendEvents(e)
+		case *idpconfig.IDPConfigRemovedEvent:
+			idx, _ := rm.ConfigByID(e.ConfigID)
+			if idx < 0 {
+				continue
+			}
+			copy(rm.Configs[idx:], rm.Configs[idx+1:])
+			rm.Configs[len(rm.Configs)-1] = nil
+			rm.Configs = rm.Configs[:len(rm.Configs)-1]
+		}
+	}
+}
+
+func (rm *IDPConfigsReadModel) Reduce() error {
+	for _, config := range rm.Configs {
+		if err := config.Reduce(); err != nil {
+			return err
+		}
+	}
+	return nil
+}

internal/query/member.go

@@ -0,0 +1,19 @@
+package query
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/telemetry/tracing"
+)
+
+func (r *QuerySide) IAMMemberByID(ctx context.Context, iamID, userID string) (member *IAMMemberReadModel, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	member = NewIAMMemberReadModel(iamID, userID)
+	err = r.eventstore.FilterToQueryReducer(ctx, member)
+	if err != nil {
+		return nil, err
+	}
+
+	return member, nil
+}

internal/query/member_model.go

@@ -0,0 +1,35 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/member"
+)
+
+//MemberReadModel represenets the default member view.
+// It's computed from events.
+type MemberReadModel struct {
+	eventstore.ReadModel
+
+	UserID string
+	Roles  []string
+}
+
+//NewMemberReadModel is the default constructor of MemberReadModel
+func NewMemberReadModel(userID string) *MemberReadModel {
+	return &MemberReadModel{
+		UserID: userID,
+	}
+}
+
+//Reduce extends eventstore.MemberReadModel
+func (rm *MemberReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *member.MemberAddedEvent:
+			rm.Roles = e.Roles
+		case *member.MemberChangedEvent:
+			rm.Roles = e.Roles
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/members_model.go

@@ -0,0 +1,53 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/member"
+)
+
+type MembersReadModel struct {
+	eventstore.ReadModel
+
+	Members []*MemberReadModel
+}
+
+func (rm *MembersReadModel) MemberByUserID(id string) (idx int, member *MemberReadModel) {
+	for idx, member = range rm.Members {
+		if member.UserID == id {
+			return idx, member
+		}
+	}
+	return -1, nil
+}
+
+func (rm *MembersReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *member.MemberAddedEvent:
+			m := NewMemberReadModel(e.UserID)
+			rm.Members = append(rm.Members, m)
+			m.AppendEvents(e)
+		case *member.MemberChangedEvent:
+			_, m := rm.MemberByUserID(e.UserID)
+			m.AppendEvents(e)
+		case *member.MemberRemovedEvent:
+			idx, _ := rm.MemberByUserID(e.UserID)
+			if idx < 0 {
+				continue
+			}
+			copy(rm.Members[idx:], rm.Members[idx+1:])
+			rm.Members[len(rm.Members)-1] = nil
+			rm.Members = rm.Members[:len(rm.Members)-1]
+		}
+	}
+}
+
+func (rm *MembersReadModel) Reduce() (err error) {
+	for _, m := range rm.Members {
+		err = m.Reduce()
+		if err != nil {
+			return err
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/oidc_config_model.go

@@ -0,0 +1,61 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+)
+
+type OIDCConfigReadModel struct {
+	eventstore.ReadModel
+
+	IDPConfigID           string
+	ClientID              string
+	ClientSecret          *crypto.CryptoValue
+	Issuer                string
+	Scopes                []string
+	IDPDisplayNameMapping domain.OIDCMappingField
+	UserNameMapping       domain.OIDCMappingField
+}
+
+func (rm *OIDCConfigReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *idpconfig.OIDCConfigAddedEvent:
+			rm.reduceConfigAddedEvent(e)
+		case *idpconfig.OIDCConfigChangedEvent:
+			rm.reduceConfigChangedEvent(e)
+		}
+	}
+
+	return rm.ReadModel.Reduce()
+}
+
+func (rm *OIDCConfigReadModel) reduceConfigAddedEvent(e *idpconfig.OIDCConfigAddedEvent) {
+	rm.IDPConfigID = e.IDPConfigID
+	rm.ClientID = e.ClientID
+	rm.ClientSecret = e.ClientSecret
+	rm.Issuer = e.Issuer
+	rm.Scopes = e.Scopes
+	rm.IDPDisplayNameMapping = e.IDPDisplayNameMapping
+	rm.UserNameMapping = e.UserNameMapping
+}
+
+func (rm *OIDCConfigReadModel) reduceConfigChangedEvent(e *idpconfig.OIDCConfigChangedEvent) {
+	if e.ClientID != nil {
+		rm.ClientID = *e.ClientID
+	}
+	if e.Issuer != nil {
+		rm.Issuer = *e.Issuer
+	}
+	if len(e.Scopes) > 0 {
+		rm.Scopes = e.Scopes
+	}
+	if e.IDPDisplayNameMapping != nil && e.IDPDisplayNameMapping.Valid() {
+		rm.IDPDisplayNameMapping = *e.IDPDisplayNameMapping
+	}
+	if e.UserNameMapping != nil && e.UserNameMapping.Valid() {
+		rm.UserNameMapping = *e.UserNameMapping
+	}
+}

internal/query/org_member_model.go

@@ -0,0 +1,36 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+)
+
+type OrgMembersReadModel struct {
+	MembersReadModel
+}
+
+func (rm *OrgMembersReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.MemberAddedEvent:
+			rm.MembersReadModel.AppendEvents(&e.MemberAddedEvent)
+		case *org.MemberChangedEvent:
+			rm.MembersReadModel.AppendEvents(&e.MemberChangedEvent)
+		case *org.MemberRemovedEvent:
+			rm.MembersReadModel.AppendEvents(&e.MemberRemovedEvent)
+		}
+	}
+}
+
+type OrgMemberReadModel MemberReadModel
+
+func (rm *OrgMemberReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.MemberAddedEvent:
+			rm.ReadModel.AppendEvents(&e.MemberAddedEvent)
+		case *org.MemberChangedEvent:
+			rm.ReadModel.AppendEvents(&e.MemberChangedEvent)
+		}
+	}
+}

internal/query/org_policy_label_model.go

@@ -0,0 +1,22 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgLabelPolicyReadModel struct{ LabelPolicyReadModel }
+
+func (rm *OrgLabelPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.LabelPolicyAddedEvent:
+			rm.LabelPolicyReadModel.AppendEvents(&e.LabelPolicyAddedEvent)
+		case *org.LabelPolicyChangedEvent:
+			rm.LabelPolicyReadModel.AppendEvents(&e.LabelPolicyChangedEvent)
+		case *policy.LabelPolicyAddedEvent, *policy.LabelPolicyChangedEvent:
+			rm.LabelPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/org_policy_login_model.go

@@ -0,0 +1,22 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgLoginPolicyReadModel struct{ LoginPolicyReadModel }
+
+func (rm *OrgLoginPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.LoginPolicyAddedEvent:
+			rm.LoginPolicyReadModel.AppendEvents(&e.LoginPolicyAddedEvent)
+		case *org.LoginPolicyChangedEvent:
+			rm.LoginPolicyReadModel.AppendEvents(&e.LoginPolicyChangedEvent)
+		case *policy.LoginPolicyAddedEvent, *policy.LoginPolicyChangedEvent:
+			rm.LoginPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/org_policy_org_iam_model.go

@@ -0,0 +1,20 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgOrgIAMPolicyReadModel struct{ OrgIAMPolicyReadModel }
+
+func (rm *OrgOrgIAMPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.OrgIAMPolicyAddedEvent:
+			rm.OrgIAMPolicyReadModel.AppendEvents(&e.OrgIAMPolicyAddedEvent)
+		case *policy.OrgIAMPolicyAddedEvent:
+			rm.OrgIAMPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/org_policy_password_age_model.go

@@ -0,0 +1,24 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgPasswordAgePolicyReadModel struct {
+	PasswordAgePolicyReadModel
+}
+
+func (rm *OrgPasswordAgePolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.PasswordAgePolicyAddedEvent:
+			rm.PasswordAgePolicyReadModel.AppendEvents(&e.PasswordAgePolicyAddedEvent)
+		case *org.PasswordAgePolicyChangedEvent:
+			rm.PasswordAgePolicyReadModel.AppendEvents(&e.PasswordAgePolicyChangedEvent)
+		case *policy.PasswordAgePolicyAddedEvent, *policy.PasswordAgePolicyChangedEvent:
+			rm.PasswordAgePolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/org_policy_password_complexity_model.go

@@ -0,0 +1,24 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgPasswordComplexityPolicyReadModel struct {
+	PasswordComplexityPolicyReadModel
+}
+
+func (rm *OrgPasswordComplexityPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.PasswordComplexityPolicyAddedEvent:
+			rm.PasswordComplexityPolicyReadModel.AppendEvents(&e.PasswordComplexityPolicyAddedEvent)
+		case *org.PasswordComplexityPolicyChangedEvent:
+			rm.PasswordComplexityPolicyReadModel.AppendEvents(&e.PasswordComplexityPolicyChangedEvent)
+		case *policy.PasswordComplexityPolicyAddedEvent, *policy.PasswordComplexityPolicyChangedEvent:
+			rm.PasswordComplexityPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/org_policy_password_lockout_model.go

@@ -0,0 +1,24 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgPasswordLockoutPolicyReadModel struct {
+	PasswordLockoutPolicyReadModel
+}
+
+func (rm *OrgPasswordLockoutPolicyReadModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *org.PasswordLockoutPolicyAddedEvent:
+			rm.PasswordLockoutPolicyReadModel.AppendEvents(&e.PasswordLockoutPolicyAddedEvent)
+		case *org.PasswordLockoutPolicyChangedEvent:
+			rm.PasswordLockoutPolicyReadModel.AppendEvents(&e.PasswordLockoutPolicyChangedEvent)
+		case *policy.PasswordLockoutPolicyAddedEvent, *policy.PasswordLockoutPolicyChangedEvent:
+			rm.PasswordLockoutPolicyReadModel.AppendEvents(e)
+		}
+	}
+}

internal/query/policy_label_model.go

@@ -0,0 +1,35 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type LabelPolicyReadModel struct {
+	eventstore.ReadModel
+
+	PrimaryColor   string
+	SecondaryColor string
+	IsActive       bool
+}
+
+func (rm *LabelPolicyReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *policy.LabelPolicyAddedEvent:
+			rm.PrimaryColor = e.PrimaryColor
+			rm.SecondaryColor = e.SecondaryColor
+			rm.IsActive = true
+		case *policy.LabelPolicyChangedEvent:
+			if e.PrimaryColor != nil {
+				rm.PrimaryColor = *e.PrimaryColor
+			}
+			if e.SecondaryColor != nil {
+				rm.SecondaryColor = *e.SecondaryColor
+			}
+		case *policy.LabelPolicyRemovedEvent:
+			rm.IsActive = false
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/policy_login_model.go

@@ -0,0 +1,51 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type LoginPolicyReadModel struct {
+	eventstore.ReadModel
+
+	AllowUserNamePassword bool
+	AllowRegister         bool
+	AllowExternalIDP      bool
+	ForceMFA              bool
+	PasswordlessType      domain.PasswordlessType
+	IsActive              bool
+}
+
+func (rm *LoginPolicyReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *policy.LoginPolicyAddedEvent:
+			rm.AllowUserNamePassword = e.AllowUserNamePassword
+			rm.AllowExternalIDP = e.AllowExternalIDP
+			rm.AllowRegister = e.AllowRegister
+			rm.ForceMFA = e.ForceMFA
+			rm.PasswordlessType = e.PasswordlessType
+			rm.IsActive = true
+		case *policy.LoginPolicyChangedEvent:
+			if e.AllowUserNamePassword != nil {
+				rm.AllowUserNamePassword = *e.AllowUserNamePassword
+			}
+			if e.AllowExternalIDP != nil {
+				rm.AllowExternalIDP = *e.AllowExternalIDP
+			}
+			if e.AllowRegister != nil {
+				rm.AllowRegister = *e.AllowRegister
+			}
+			if e.ForceMFA != nil {
+				rm.ForceMFA = *e.ForceMFA
+			}
+			if e.PasswordlessType != nil {
+				rm.PasswordlessType = *e.PasswordlessType
+			}
+		case *policy.LoginPolicyRemovedEvent:
+			rm.IsActive = false
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/policy_org_iam_model.go

@@ -0,0 +1,26 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type OrgIAMPolicyReadModel struct {
+	eventstore.ReadModel
+
+	UserLoginMustBeDomain bool
+}
+
+func (rm *OrgIAMPolicyReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *policy.OrgIAMPolicyAddedEvent:
+			rm.UserLoginMustBeDomain = e.UserLoginMustBeDomain
+		case *policy.OrgIAMPolicyChangedEvent:
+			if e.UserLoginMustBeDomain != nil {
+				rm.UserLoginMustBeDomain = *e.UserLoginMustBeDomain
+			}
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/policy_password_age_model.go

@@ -0,0 +1,31 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type PasswordAgePolicyReadModel struct {
+	eventstore.ReadModel
+
+	ExpireWarnDays uint64
+	MaxAgeDays     uint64
+}
+
+func (rm *PasswordAgePolicyReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *policy.PasswordAgePolicyAddedEvent:
+			rm.ExpireWarnDays = e.ExpireWarnDays
+			rm.MaxAgeDays = e.MaxAgeDays
+		case *policy.PasswordAgePolicyChangedEvent:
+			if e.ExpireWarnDays != nil {
+				rm.ExpireWarnDays = *e.ExpireWarnDays
+			}
+			if e.MaxAgeDays != nil {
+				rm.MaxAgeDays = *e.MaxAgeDays
+			}
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/policy_password_complexity_model.go

@@ -0,0 +1,46 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type PasswordComplexityPolicyReadModel struct {
+	eventstore.ReadModel
+
+	MinLength    uint64
+	HasLowercase bool
+	HasUpperCase bool
+	HasNumber    bool
+	HasSymbol    bool
+}
+
+func (rm *PasswordComplexityPolicyReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *policy.PasswordComplexityPolicyAddedEvent:
+			rm.MinLength = e.MinLength
+			rm.HasLowercase = e.HasLowercase
+			rm.HasUpperCase = e.HasUppercase
+			rm.HasNumber = e.HasNumber
+			rm.HasSymbol = e.HasSymbol
+		case *policy.PasswordComplexityPolicyChangedEvent:
+			if e.MinLength != nil {
+				rm.MinLength = *e.MinLength
+			}
+			if e.HasLowercase != nil {
+				rm.HasLowercase = *e.HasLowercase
+			}
+			if e.HasUppercase != nil {
+				rm.HasUpperCase = *e.HasUppercase
+			}
+			if e.HasNumber != nil {
+				rm.HasNumber = *e.HasNumber
+			}
+			if e.HasSymbol != nil {
+				rm.HasSymbol = *e.HasSymbol
+			}
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/policy_password_lockout_model.go

@@ -0,0 +1,31 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+type PasswordLockoutPolicyReadModel struct {
+	eventstore.ReadModel
+
+	MaxAttempts         uint64
+	ShowLockOutFailures bool
+}
+
+func (rm *PasswordLockoutPolicyReadModel) Reduce() error {
+	for _, event := range rm.Events {
+		switch e := event.(type) {
+		case *policy.PasswordLockoutPolicyAddedEvent:
+			rm.MaxAttempts = e.MaxAttempts
+			rm.ShowLockOutFailures = e.ShowLockOutFailures
+		case *policy.PasswordLockoutPolicyChangedEvent:
+			if e.MaxAttempts != nil {
+				rm.MaxAttempts = *e.MaxAttempts
+			}
+			if e.ShowLockOutFailures != nil {
+				rm.ShowLockOutFailures = *e.ShowLockOutFailures
+			}
+		}
+	}
+	return rm.ReadModel.Reduce()
+}

internal/query/query.go

@@ -0,0 +1,64 @@
+package query
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+	usr_repo "github.com/caos/zitadel/internal/repository/user"
+
+	sd "github.com/caos/zitadel/internal/config/systemdefaults"
+	"github.com/caos/zitadel/internal/crypto"
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/id"
+	iam_repo "github.com/caos/zitadel/internal/repository/iam"
+	"github.com/caos/zitadel/internal/telemetry/tracing"
+)
+
+type QuerySide struct {
+	iamID        string
+	eventstore   *eventstore.Eventstore
+	idGenerator  id.Generator
+	secretCrypto crypto.Crypto
+}
+
+type Config struct {
+	Eventstore     *eventstore.Eventstore
+	SystemDefaults sd.SystemDefaults
+}
+
+func StartQuerySide(config *Config) (repo *QuerySide, err error) {
+	repo = &QuerySide{
+		iamID:       config.SystemDefaults.IamID,
+		eventstore:  config.Eventstore,
+		idGenerator: id.SonyFlakeGenerator,
+	}
+	iam_repo.RegisterEventMappers(repo.eventstore)
+	usr_repo.RegisterEventMappers(repo.eventstore)
+
+	repo.secretCrypto, err = crypto.NewAESCrypto(config.SystemDefaults.IDPConfigVerificationKey)
+	if err != nil {
+		return nil, err
+	}
+	return repo, nil
+}
+
+func (r *QuerySide) IAMByID(ctx context.Context, id string) (_ *iam_model.IAM, err error) {
+	readModel, err := r.iamByID(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+
+	return readModelToIAM(readModel), nil
+}
+
+func (r *QuerySide) iamByID(ctx context.Context, id string) (_ *ReadModel, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	readModel := NewReadModel(id)
+	err = r.eventstore.FilterToQueryReducer(ctx, readModel)
+	if err != nil {
+		return nil, err
+	}
+
+	return readModel, nil
+}

internal/query/user.go

@@ -0,0 +1,11 @@
+package query
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+)
+
+func (q *QuerySide) UserEvents(ctx context.Context, orgID, userID string, sequence uint64) ([]eventstore.EventReader, error) {
+	query := NewUserEventSearchQuery(userID, orgID, sequence)
+	return q.eventstore.FilterEvents(ctx, query)
+}

internal/query/user_model.go

@@ -0,0 +1,58 @@
+package query
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/user"
+)
+
+type UserReadModel struct {
+	eventstore.ReadModel
+}
+
+func NewUserReadModel(id string) *UserReadModel {
+	return &UserReadModel{
+		ReadModel: eventstore.ReadModel{
+			AggregateID: id,
+		},
+	}
+}
+
+func (rm *UserReadModel) AppendEvents(events ...eventstore.EventReader) {
+	rm.ReadModel.AppendEvents(events...)
+	for _, event := range events {
+		switch event.(type) {
+		// TODO: implement append events
+		}
+	}
+}
+
+func (rm *UserReadModel) Reduce() (err error) {
+	for _, event := range rm.Events {
+		switch event.(type) {
+		//TODO: implement reduce
+		}
+	}
+	for _, reduce := range []func() error{
+		rm.ReadModel.Reduce,
+	} {
+		if err = reduce(); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (rm *UserReadModel) AppendAndReduce(events ...eventstore.EventReader) error {
+	rm.AppendEvents(events...)
+	return rm.Reduce()
+}
+
+func (rm *UserReadModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, user.AggregateType).AggregateIDs(rm.AggregateID)
+}
+
+func NewUserEventSearchQuery(userID, orgID string, sequence uint64) *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, user.AggregateType).
+		AggregateIDs(userID).ResourceOwner(orgID).SequenceGreater(sequence)
+}