fix: move v2 pkgs (#1331)

* fix: move eventstore pkgs

* fix: move eventstore pkgs

* fix: remove v2 view

* fix: remove v2 view

internal/repository/org/aggregate.go

@@ -0,0 +1,18 @@
+package org
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+)
+
+const (
+	orgEventTypePrefix = eventstore.EventType("org.")
+)
+
+const (
+	AggregateType    = "org"
+	AggregateVersion = "v1"
+)
+
+type Aggregate struct {
+	eventstore.Aggregate
+}

internal/repository/org/domain.go

@@ -0,0 +1,271 @@
+package org
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	UniqueOrgDomain                      = "org_domain"
+	domainEventPrefix                    = orgEventTypePrefix + "domain."
+	OrgDomainAddedEventType              = domainEventPrefix + "added"
+	OrgDomainVerificationAddedEventType  = domainEventPrefix + "verification.added"
+	OrgDomainVerificationFailedEventType = domainEventPrefix + "verification.failed"
+	OrgDomainVerifiedEventType           = domainEventPrefix + "verified"
+	OrgDomainPrimarySetEventType         = domainEventPrefix + "primary.set"
+	OrgDomainRemovedEventType            = domainEventPrefix + "removed"
+)
+
+func NewAddOrgDomainUniqueConstraint(orgDomain string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewAddEventUniqueConstraint(
+		UniqueOrgDomain,
+		orgDomain,
+		"Errors.Org.Domain.AlreadyExists")
+}
+
+func NewRemoveOrgDomainUniqueConstraint(orgDomain string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewRemoveEventUniqueConstraint(
+		UniqueOrgDomain,
+		orgDomain)
+}
+
+type DomainAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Domain string `json:"domain,omitempty"`
+}
+
+func (e *DomainAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewDomainAddedEvent(ctx context.Context, aggregate *eventstore.Aggregate, domain string) *DomainAddedEvent {
+	return &DomainAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDomainAddedEventType,
+		),
+		Domain: domain,
+	}
+}
+
+func DomainAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgDomainAdded := &DomainAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgDomainAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-GBr52", "unable to unmarshal org domain added")
+	}
+
+	return orgDomainAdded, nil
+}
+
+type DomainVerificationAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Domain         string                         `json:"domain,omitempty"`
+	ValidationType domain.OrgDomainValidationType `json:"validationType,omitempty"`
+	ValidationCode *crypto.CryptoValue            `json:"validationCode,omitempty"`
+}
+
+func (e *DomainVerificationAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainVerificationAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewDomainVerificationAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	domain string,
+	validationType domain.OrgDomainValidationType,
+	validationCode *crypto.CryptoValue) *DomainVerificationAddedEvent {
+	return &DomainVerificationAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDomainVerificationAddedEventType,
+		),
+		Domain:         domain,
+		ValidationType: validationType,
+		ValidationCode: validationCode,
+	}
+}
+
+func DomainVerificationAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgDomainVerificationAdded := &DomainVerificationAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgDomainVerificationAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-NRN32", "unable to unmarshal org domain verification added")
+	}
+
+	return orgDomainVerificationAdded, nil
+}
+
+type DomainVerificationFailedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Domain string `json:"domain,omitempty"`
+}
+
+func (e *DomainVerificationFailedEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainVerificationFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewDomainVerificationFailedEvent(ctx context.Context, aggregate *eventstore.Aggregate, domain string) *DomainVerificationFailedEvent {
+	return &DomainVerificationFailedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDomainVerificationFailedEventType,
+		),
+		Domain: domain,
+	}
+}
+
+func DomainVerificationFailedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgDomainVerificationFailed := &DomainVerificationFailedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgDomainVerificationFailed)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-Bhm37", "unable to unmarshal org domain verification failed")
+	}
+
+	return orgDomainVerificationFailed, nil
+}
+
+type DomainVerifiedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Domain string `json:"domain,omitempty"`
+}
+
+func (e *DomainVerifiedEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainVerifiedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddOrgDomainUniqueConstraint(e.Domain)}
+}
+
+func NewDomainVerifiedEvent(ctx context.Context, aggregate *eventstore.Aggregate, domain string) *DomainVerifiedEvent {
+	return &DomainVerifiedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDomainVerifiedEventType,
+		),
+		Domain: domain,
+	}
+}
+
+func DomainVerifiedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgDomainVerified := &DomainVerifiedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgDomainVerified)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-BFSwt", "unable to unmarshal org domain verified")
+	}
+
+	return orgDomainVerified, nil
+}
+
+type DomainPrimarySetEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Domain string `json:"domain,omitempty"`
+}
+
+func (e *DomainPrimarySetEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainPrimarySetEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewDomainPrimarySetEvent(ctx context.Context, aggregate *eventstore.Aggregate, domain string) *DomainPrimarySetEvent {
+	return &DomainPrimarySetEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDomainPrimarySetEventType,
+		),
+		Domain: domain,
+	}
+}
+
+func DomainPrimarySetEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgDomainPrimarySet := &DomainPrimarySetEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgDomainPrimarySet)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-N5787", "unable to unmarshal org domain primary set")
+	}
+
+	return orgDomainPrimarySet, nil
+}
+
+type DomainRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Domain     string `json:"domain,omitempty"`
+	isVerified bool
+}
+
+func (e *DomainRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *DomainRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	if !e.isVerified {
+		return nil
+	}
+	return []*eventstore.EventUniqueConstraint{NewRemoveOrgDomainUniqueConstraint(e.Domain)}
+}
+
+func NewDomainRemovedEvent(ctx context.Context, aggregate *eventstore.Aggregate, domain string) *DomainRemovedEvent {
+	return &DomainRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDomainRemovedEventType,
+		),
+		Domain: domain,
+	}
+}
+
+func DomainRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgDomainRemoved := &DomainRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgDomainRemoved)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-BngB2", "unable to unmarshal org domain removed")
+	}
+
+	return orgDomainRemoved, nil
+}

internal/repository/org/eventstore.go

@@ -0,0 +1,60 @@
+package org
+
+import (
+	"github.com/caos/zitadel/internal/eventstore"
+)
+
+func RegisterEventMappers(es *eventstore.Eventstore) {
+	es.RegisterFilterEventMapper(OrgAddedEventType, OrgAddedEventMapper).
+		RegisterFilterEventMapper(OrgChangedEventType, OrgChangedEventMapper).
+		RegisterFilterEventMapper(OrgDeactivatedEventType, OrgDeactivatedEventMapper).
+		RegisterFilterEventMapper(OrgReactivatedEventType, OrgReactivatedEventMapper).
+		//RegisterFilterEventMapper(OrgRemovedEventType, OrgRemovedEventMapper).  //TODO: implement
+		RegisterFilterEventMapper(OrgDomainAddedEventType, DomainAddedEventMapper).
+		RegisterFilterEventMapper(OrgDomainVerificationAddedEventType, DomainVerificationAddedEventMapper).
+		RegisterFilterEventMapper(OrgDomainVerificationFailedEventType, DomainVerificationFailedEventMapper).
+		RegisterFilterEventMapper(OrgDomainVerifiedEventType, DomainVerifiedEventMapper).
+		RegisterFilterEventMapper(OrgDomainPrimarySetEventType, DomainPrimarySetEventMapper).
+		RegisterFilterEventMapper(OrgDomainRemovedEventType, DomainRemovedEventMapper).
+		RegisterFilterEventMapper(MemberAddedEventType, MemberAddedEventMapper).
+		RegisterFilterEventMapper(MemberChangedEventType, MemberChangedEventMapper).
+		RegisterFilterEventMapper(MemberRemovedEventType, MemberRemovedEventMapper).
+		RegisterFilterEventMapper(LabelPolicyAddedEventType, LabelPolicyAddedEventMapper).
+		RegisterFilterEventMapper(LabelPolicyChangedEventType, LabelPolicyChangedEventMapper).
+		RegisterFilterEventMapper(LabelPolicyRemovedEventType, LabelPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyAddedEventType, LoginPolicyAddedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyChangedEventType, LoginPolicyChangedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyRemovedEventType, LoginPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(LoginPolicySecondFactorAddedEventType, SecondFactorAddedEventEventMapper).
+		RegisterFilterEventMapper(LoginPolicySecondFactorRemovedEventType, SecondFactorRemovedEventEventMapper).
+		RegisterFilterEventMapper(LoginPolicyMultiFactorAddedEventType, MultiFactorAddedEventEventMapper).
+		RegisterFilterEventMapper(LoginPolicyMultiFactorRemovedEventType, MultiFactorRemovedEventEventMapper).
+		RegisterFilterEventMapper(LoginPolicyIDPProviderAddedEventType, IdentityProviderAddedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyIDPProviderRemovedEventType, IdentityProviderRemovedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyIDPProviderCascadeRemovedEventType, IdentityProviderCascadeRemovedEventMapper).
+		RegisterFilterEventMapper(OrgIAMPolicyAddedEventType, OrgIAMPolicyAddedEventMapper).
+		RegisterFilterEventMapper(OrgIAMPolicyChangedEventType, OrgIAMPolicyChangedEventMapper).
+		RegisterFilterEventMapper(OrgIAMPolicyRemovedEventType, OrgIAMPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(PasswordAgePolicyAddedEventType, PasswordAgePolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordAgePolicyChangedEventType, PasswordAgePolicyChangedEventMapper).
+		RegisterFilterEventMapper(PasswordAgePolicyRemovedEventType, PasswordAgePolicyRemovedEventMapper).
+		RegisterFilterEventMapper(PasswordComplexityPolicyAddedEventType, PasswordComplexityPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordComplexityPolicyChangedEventType, PasswordComplexityPolicyChangedEventMapper).
+		RegisterFilterEventMapper(PasswordComplexityPolicyRemovedEventType, PasswordComplexityPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(PasswordLockoutPolicyAddedEventType, PasswordLockoutPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordLockoutPolicyChangedEventType, PasswordLockoutPolicyChangedEventMapper).
+		RegisterFilterEventMapper(PasswordLockoutPolicyRemovedEventType, PasswordLockoutPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(MailTemplateAddedEventType, MailTemplateAddedEventMapper).
+		RegisterFilterEventMapper(MailTemplateChangedEventType, MailTemplateChangedEventMapper).
+		RegisterFilterEventMapper(MailTemplateRemovedEventType, MailTemplateRemovedEventMapper).
+		RegisterFilterEventMapper(MailTextAddedEventType, MailTextAddedEventMapper).
+		RegisterFilterEventMapper(MailTextChangedEventType, MailTextChangedEventMapper).
+		RegisterFilterEventMapper(MailTextRemovedEventType, MailTextRemovedEventMapper).
+		RegisterFilterEventMapper(IDPConfigAddedEventType, IDPConfigAddedEventMapper).
+		RegisterFilterEventMapper(IDPConfigChangedEventType, IDPConfigChangedEventMapper).
+		RegisterFilterEventMapper(IDPConfigRemovedEventType, IDPConfigRemovedEventMapper).
+		RegisterFilterEventMapper(IDPConfigDeactivatedEventType, IDPConfigDeactivatedEventMapper).
+		RegisterFilterEventMapper(IDPConfigReactivatedEventType, IDPConfigReactivatedEventMapper).
+		RegisterFilterEventMapper(IDPOIDCConfigAddedEventType, IDPOIDCConfigAddedEventMapper).
+		RegisterFilterEventMapper(IDPOIDCConfigChangedEventType, IDPOIDCConfigChangedEventMapper)
+}

internal/repository/org/idp_config.go

@@ -0,0 +1,184 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+)
+
+const (
+	IDPConfigAddedEventType       eventstore.EventType = "org.idp.config.added"
+	IDPConfigChangedEventType     eventstore.EventType = "org.idp.config.changed"
+	IDPConfigRemovedEventType     eventstore.EventType = "org.idp.config.removed"
+	IDPConfigDeactivatedEventType eventstore.EventType = "org.idp.config.deactivated"
+	IDPConfigReactivatedEventType eventstore.EventType = "org.idp.config.reactivated"
+)
+
+type IDPConfigAddedEvent struct {
+	idpconfig.IDPConfigAddedEvent
+}
+
+func NewIDPConfigAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	configID,
+	name string,
+	configType domain.IDPConfigType,
+	stylingType domain.IDPConfigStylingType,
+) *IDPConfigAddedEvent {
+
+	return &IDPConfigAddedEvent{
+		IDPConfigAddedEvent: *idpconfig.NewIDPConfigAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				IDPConfigAddedEventType,
+			),
+			configID,
+			name,
+			configType,
+			stylingType,
+		),
+	}
+}
+
+func IDPConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.IDPConfigAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPConfigAddedEvent{IDPConfigAddedEvent: *e.(*idpconfig.IDPConfigAddedEvent)}, nil
+}
+
+type IDPConfigChangedEvent struct {
+	idpconfig.IDPConfigChangedEvent
+}
+
+func NewIDPConfigChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	configID,
+	oldName string,
+	changes []idpconfig.IDPConfigChanges,
+) (*IDPConfigChangedEvent, error) {
+	changeEvent, err := idpconfig.NewIDPConfigChangedEvent(
+		eventstore.NewBaseEventForPush(ctx,
+			aggregate,
+			IDPConfigChangedEventType),
+		configID,
+		oldName,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &IDPConfigChangedEvent{IDPConfigChangedEvent: *changeEvent}, nil
+}
+
+func IDPConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.IDPConfigChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPConfigChangedEvent{IDPConfigChangedEvent: *e.(*idpconfig.IDPConfigChangedEvent)}, nil
+}
+
+type IDPConfigRemovedEvent struct {
+	idpconfig.IDPConfigRemovedEvent
+}
+
+func NewIDPConfigRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	configID,
+	name string,
+) *IDPConfigRemovedEvent {
+
+	return &IDPConfigRemovedEvent{
+		IDPConfigRemovedEvent: *idpconfig.NewIDPConfigRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				IDPConfigRemovedEventType,
+			),
+			configID,
+			name,
+		),
+	}
+}
+
+func IDPConfigRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.IDPConfigRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPConfigRemovedEvent{IDPConfigRemovedEvent: *e.(*idpconfig.IDPConfigRemovedEvent)}, nil
+}
+
+type IDPConfigDeactivatedEvent struct {
+	idpconfig.IDPConfigDeactivatedEvent
+}
+
+func NewIDPConfigDeactivatedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	configID string,
+) *IDPConfigDeactivatedEvent {
+
+	return &IDPConfigDeactivatedEvent{
+		IDPConfigDeactivatedEvent: *idpconfig.NewIDPConfigDeactivatedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				IDPConfigDeactivatedEventType,
+			),
+			configID,
+		),
+	}
+}
+
+func IDPConfigDeactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.IDPConfigDeactivatedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPConfigDeactivatedEvent{IDPConfigDeactivatedEvent: *e.(*idpconfig.IDPConfigDeactivatedEvent)}, nil
+}
+
+type IDPConfigReactivatedEvent struct {
+	idpconfig.IDPConfigReactivatedEvent
+}
+
+func NewIDPConfigReactivatedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	configID string,
+) *IDPConfigReactivatedEvent {
+
+	return &IDPConfigReactivatedEvent{
+		IDPConfigReactivatedEvent: *idpconfig.NewIDPConfigReactivatedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				IDPConfigReactivatedEventType,
+			),
+			configID,
+		),
+	}
+}
+
+func IDPConfigReactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.IDPConfigReactivatedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPConfigReactivatedEvent{IDPConfigReactivatedEvent: *e.(*idpconfig.IDPConfigReactivatedEvent)}, nil
+}

internal/repository/org/idp_oidc_config.go

@@ -0,0 +1,92 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/crypto"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/idpconfig"
+)
+
+const (
+	IDPOIDCConfigAddedEventType   eventstore.EventType = "org.idp." + idpconfig.OIDCConfigAddedEventType
+	IDPOIDCConfigChangedEventType eventstore.EventType = "org.idp." + idpconfig.ConfigChangedEventType
+)
+
+type IDPOIDCConfigAddedEvent struct {
+	idpconfig.OIDCConfigAddedEvent
+}
+
+func NewIDPOIDCConfigAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	clientID,
+	idpConfigID,
+	issuer string,
+	clientSecret *crypto.CryptoValue,
+	idpDisplayNameMapping,
+	userNameMapping domain.OIDCMappingField,
+	scopes ...string,
+) *IDPOIDCConfigAddedEvent {
+
+	return &IDPOIDCConfigAddedEvent{
+		OIDCConfigAddedEvent: *idpconfig.NewOIDCConfigAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				IDPOIDCConfigAddedEventType,
+			),
+			clientID,
+			idpConfigID,
+			issuer,
+			clientSecret,
+			idpDisplayNameMapping,
+			userNameMapping,
+			scopes...,
+		),
+	}
+}
+
+func IDPOIDCConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.OIDCConfigAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPOIDCConfigAddedEvent{OIDCConfigAddedEvent: *e.(*idpconfig.OIDCConfigAddedEvent)}, nil
+}
+
+type IDPOIDCConfigChangedEvent struct {
+	idpconfig.OIDCConfigChangedEvent
+}
+
+func NewIDPOIDCConfigChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID string,
+	changes []idpconfig.OIDCConfigChanges,
+) (*IDPOIDCConfigChangedEvent, error) {
+	changeEvent, err := idpconfig.NewOIDCConfigChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			IDPOIDCConfigChangedEventType),
+		idpConfigID,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &IDPOIDCConfigChangedEvent{OIDCConfigChangedEvent: *changeEvent}, nil
+}
+
+func IDPOIDCConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := idpconfig.OIDCConfigChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPOIDCConfigChangedEvent{OIDCConfigChangedEvent: *e.(*idpconfig.OIDCConfigChangedEvent)}, nil
+}

internal/repository/org/member.go

@@ -0,0 +1,111 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/member"
+)
+
+var (
+	MemberAddedEventType   = orgEventTypePrefix + member.AddedEventType
+	MemberChangedEventType = orgEventTypePrefix + member.ChangedEventType
+	MemberRemovedEventType = orgEventTypePrefix + member.RemovedEventType
+)
+
+type MemberAddedEvent struct {
+	member.MemberAddedEvent
+}
+
+func NewMemberAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userID string,
+	roles ...string,
+) *MemberAddedEvent {
+	return &MemberAddedEvent{
+		MemberAddedEvent: *member.NewMemberAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				MemberAddedEventType,
+			),
+			userID,
+			roles...,
+		),
+	}
+}
+
+func MemberAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := member.MemberAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MemberAddedEvent{MemberAddedEvent: *e.(*member.MemberAddedEvent)}, nil
+}
+
+type MemberChangedEvent struct {
+	member.MemberChangedEvent
+}
+
+func NewMemberChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userID string,
+	roles ...string,
+) *MemberChangedEvent {
+
+	return &MemberChangedEvent{
+		MemberChangedEvent: *member.NewMemberChangedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				MemberChangedEventType,
+			),
+			userID,
+			roles...,
+		),
+	}
+}
+
+func MemberChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := member.ChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MemberChangedEvent{MemberChangedEvent: *e.(*member.MemberChangedEvent)}, nil
+}
+
+type MemberRemovedEvent struct {
+	member.MemberRemovedEvent
+}
+
+func NewMemberRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userID string,
+) *MemberRemovedEvent {
+
+	return &MemberRemovedEvent{
+		MemberRemovedEvent: *member.NewRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				MemberRemovedEventType,
+			),
+			userID,
+		),
+	}
+}
+
+func MemberRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := member.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MemberRemovedEvent{MemberRemovedEvent: *e.(*member.MemberRemovedEvent)}, nil
+}

internal/repository/org/org.go

@@ -0,0 +1,215 @@
+package org
+
+import (
+	"context"
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	uniqueOrgname           = "org_name"
+	OrgAddedEventType       = orgEventTypePrefix + "added"
+	OrgChangedEventType     = orgEventTypePrefix + "changed"
+	OrgDeactivatedEventType = orgEventTypePrefix + "deactivated"
+	OrgReactivatedEventType = orgEventTypePrefix + "reactivated"
+	OrgRemovedEventType     = orgEventTypePrefix + "removed"
+)
+
+func NewAddOrgNameUniqueConstraint(orgName string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewAddEventUniqueConstraint(
+		uniqueOrgname,
+		orgName,
+		"Errors.Org.AlreadyExists")
+}
+
+func NewRemoveOrgNameUniqueConstraint(orgName string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewRemoveEventUniqueConstraint(
+		uniqueOrgname,
+		orgName)
+}
+
+type OrgAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Name string `json:"name,omitempty"`
+}
+
+func (e *OrgAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddOrgNameUniqueConstraint(e.Name)}
+}
+
+func NewOrgAddedEvent(ctx context.Context, aggregate *eventstore.Aggregate, name string) *OrgAddedEvent {
+	return &OrgAddedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgAddedEventType,
+		),
+		Name: name,
+	}
+}
+
+func OrgAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgAdded := &OrgAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgAdded)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-Bren2", "unable to unmarshal org added")
+	}
+
+	return orgAdded, nil
+}
+
+type OrgChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Name    string `json:"name,omitempty"`
+	oldName string `json:"-"`
+}
+
+func (e *OrgChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{
+		NewRemoveOrgNameUniqueConstraint(e.oldName),
+		NewAddOrgNameUniqueConstraint(e.Name),
+	}
+}
+
+func NewOrgChangedEvent(ctx context.Context, aggregate *eventstore.Aggregate, oldName, newName string) *OrgChangedEvent {
+	return &OrgChangedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgChangedEventType,
+		),
+		Name:    newName,
+		oldName: oldName,
+	}
+}
+
+func OrgChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgChanged := &OrgChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-Bren2", "unable to unmarshal org added")
+	}
+
+	return orgChanged, nil
+}
+
+type OrgDeactivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *OrgDeactivatedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgDeactivatedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewOrgDeactivatedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *OrgDeactivatedEvent {
+	return &OrgDeactivatedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgDeactivatedEventType,
+		),
+	}
+}
+
+func OrgDeactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgChanged := &OrgDeactivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-DAfbs", "unable to unmarshal org deactivated")
+	}
+
+	return orgChanged, nil
+}
+
+type OrgReactivatedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *OrgReactivatedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgReactivatedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewOrgReactivatedEvent(ctx context.Context, aggregate *eventstore.Aggregate) *OrgReactivatedEvent {
+	return &OrgReactivatedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgReactivatedEventType,
+		),
+	}
+}
+
+func OrgReactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgChanged := &OrgReactivatedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-DAfbs", "unable to unmarshal org deactivated")
+	}
+
+	return orgChanged, nil
+}
+
+type OrgRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	name                 string
+}
+
+func (e *OrgRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewRemoveOrgNameUniqueConstraint(e.name)}
+}
+
+func NewOrgRemovedEvent(ctx context.Context, aggregate *eventstore.Aggregate, name string) *OrgRemovedEvent {
+	return &OrgRemovedEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgRemovedEventType,
+		),
+		name: name,
+	}
+}
+
+func OrgRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	orgChanged := &OrgRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, orgChanged)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "ORG-DAfbs", "unable to unmarshal org deactivated")
+	}
+
+	return orgChanged, nil
+}

internal/repository/org/policy_label.go

@@ -0,0 +1,103 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	LabelPolicyAddedEventType   = orgEventTypePrefix + policy.LabelPolicyAddedEventType
+	LabelPolicyChangedEventType = orgEventTypePrefix + policy.LabelPolicyChangedEventType
+	LabelPolicyRemovedEventType = orgEventTypePrefix + policy.LabelPolicyRemovedEventType
+)
+
+type LabelPolicyAddedEvent struct {
+	policy.LabelPolicyAddedEvent
+}
+
+func NewLabelPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	primaryColor,
+	secondaryColor string,
+) *LabelPolicyAddedEvent {
+	return &LabelPolicyAddedEvent{
+		LabelPolicyAddedEvent: *policy.NewLabelPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LabelPolicyAddedEventType),
+			primaryColor,
+			secondaryColor),
+	}
+}
+
+func LabelPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LabelPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyAddedEvent{LabelPolicyAddedEvent: *e.(*policy.LabelPolicyAddedEvent)}, nil
+}
+
+type LabelPolicyChangedEvent struct {
+	policy.LabelPolicyChangedEvent
+}
+
+func NewLabelPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.LabelPolicyChanges,
+) (*LabelPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewLabelPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			LabelPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &LabelPolicyChangedEvent{LabelPolicyChangedEvent: *changedEvent}, nil
+}
+
+func LabelPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LabelPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyChangedEvent{LabelPolicyChangedEvent: *e.(*policy.LabelPolicyChangedEvent)}, nil
+}
+
+type LabelPolicyRemovedEvent struct {
+	policy.LabelPolicyRemovedEvent
+}
+
+func NewLabelPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *LabelPolicyRemovedEvent {
+	return &LabelPolicyRemovedEvent{
+		LabelPolicyRemovedEvent: *policy.NewLabelPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LabelPolicyRemovedEventType),
+		),
+	}
+}
+
+func LabelPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LabelPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyRemovedEvent{LabelPolicyRemovedEvent: *e.(*policy.LabelPolicyRemovedEvent)}, nil
+}

internal/repository/org/policy_login.go

@@ -0,0 +1,110 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	LoginPolicyAddedEventType   = orgEventTypePrefix + policy.LoginPolicyAddedEventType
+	LoginPolicyChangedEventType = orgEventTypePrefix + policy.LoginPolicyChangedEventType
+	LoginPolicyRemovedEventType = orgEventTypePrefix + policy.LoginPolicyRemovedEventType
+)
+
+type LoginPolicyAddedEvent struct {
+	policy.LoginPolicyAddedEvent
+}
+
+func NewLoginPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	allowUsernamePassword,
+	allowRegister,
+	allowExternalIDP,
+	forceMFA bool,
+	passwordlessType domain.PasswordlessType,
+) *LoginPolicyAddedEvent {
+	return &LoginPolicyAddedEvent{
+		LoginPolicyAddedEvent: *policy.NewLoginPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicyAddedEventType),
+			allowUsernamePassword,
+			allowRegister,
+			allowExternalIDP,
+			forceMFA,
+			passwordlessType),
+	}
+}
+
+func LoginPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LoginPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyAddedEvent{LoginPolicyAddedEvent: *e.(*policy.LoginPolicyAddedEvent)}, nil
+}
+
+type LoginPolicyChangedEvent struct {
+	policy.LoginPolicyChangedEvent
+}
+
+func NewLoginPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.LoginPolicyChanges,
+) (*LoginPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewLoginPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			LoginPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &LoginPolicyChangedEvent{LoginPolicyChangedEvent: *changedEvent}, nil
+}
+
+func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LoginPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyChangedEvent{LoginPolicyChangedEvent: *e.(*policy.LoginPolicyChangedEvent)}, nil
+}
+
+type LoginPolicyRemovedEvent struct {
+	policy.LoginPolicyRemovedEvent
+}
+
+func NewLoginPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *LoginPolicyRemovedEvent {
+	return &LoginPolicyRemovedEvent{
+		LoginPolicyRemovedEvent: *policy.NewLoginPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicyRemovedEventType),
+		),
+	}
+}
+
+func LoginPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LoginPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyRemovedEvent{LoginPolicyRemovedEvent: *e.(*policy.LoginPolicyRemovedEvent)}, nil
+}

internal/repository/org/policy_login_factors.go

@@ -0,0 +1,140 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	LoginPolicySecondFactorAddedEventType   = orgEventTypePrefix + policy.LoginPolicySecondFactorAddedEventType
+	LoginPolicySecondFactorRemovedEventType = orgEventTypePrefix + policy.LoginPolicySecondFactorRemovedEventType
+
+	LoginPolicyMultiFactorAddedEventType   = orgEventTypePrefix + policy.LoginPolicyMultiFactorAddedEventType
+	LoginPolicyMultiFactorRemovedEventType = orgEventTypePrefix + policy.LoginPolicyMultiFactorRemovedEventType
+)
+
+type LoginPolicySecondFactorAddedEvent struct {
+	policy.SecondFactorAddedEvent
+}
+
+func NewLoginPolicySecondFactorAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mfaType domain.SecondFactorType,
+) *LoginPolicySecondFactorAddedEvent {
+	return &LoginPolicySecondFactorAddedEvent{
+		SecondFactorAddedEvent: *policy.NewSecondFactorAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicySecondFactorAddedEventType),
+			mfaType),
+	}
+}
+
+func SecondFactorAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.SecondFactorAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicySecondFactorAddedEvent{
+		SecondFactorAddedEvent: *e.(*policy.SecondFactorAddedEvent),
+	}, nil
+}
+
+type LoginPolicySecondFactorRemovedEvent struct {
+	policy.SecondFactorRemovedEvent
+}
+
+func NewLoginPolicySecondFactorRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mfaType domain.SecondFactorType,
+) *LoginPolicySecondFactorRemovedEvent {
+
+	return &LoginPolicySecondFactorRemovedEvent{
+		SecondFactorRemovedEvent: *policy.NewSecondFactorRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicySecondFactorRemovedEventType),
+			mfaType),
+	}
+}
+
+func SecondFactorRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.SecondFactorRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicySecondFactorRemovedEvent{
+		SecondFactorRemovedEvent: *e.(*policy.SecondFactorRemovedEvent),
+	}, nil
+}
+
+type LoginPolicyMultiFactorAddedEvent struct {
+	policy.MultiFactorAddedEvent
+}
+
+func NewLoginPolicyMultiFactorAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mfaType domain.MultiFactorType,
+) *LoginPolicyMultiFactorAddedEvent {
+	return &LoginPolicyMultiFactorAddedEvent{
+		MultiFactorAddedEvent: *policy.NewMultiFactorAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicyMultiFactorAddedEventType),
+			mfaType),
+	}
+}
+
+func MultiFactorAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MultiFactorAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyMultiFactorAddedEvent{
+		MultiFactorAddedEvent: *e.(*policy.MultiFactorAddedEvent),
+	}, nil
+}
+
+type LoginPolicyMultiFactorRemovedEvent struct {
+	policy.MultiFactorRemovedEvent
+}
+
+func NewLoginPolicyMultiFactorRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mfaType domain.MultiFactorType,
+) *LoginPolicyMultiFactorRemovedEvent {
+
+	return &LoginPolicyMultiFactorRemovedEvent{
+		MultiFactorRemovedEvent: *policy.NewMultiFactorRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicyMultiFactorRemovedEventType),
+			mfaType),
+	}
+}
+
+func MultiFactorRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MultiFactorRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyMultiFactorRemovedEvent{
+		MultiFactorRemovedEvent: *e.(*policy.MultiFactorRemovedEvent),
+	}, nil
+}

internal/repository/org/policy_login_identity_provider.go

@@ -0,0 +1,106 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	LoginPolicyIDPProviderAddedEventType          = orgEventTypePrefix + policy.LoginPolicyIDPProviderAddedType
+	LoginPolicyIDPProviderRemovedEventType        = orgEventTypePrefix + policy.LoginPolicyIDPProviderRemovedType
+	LoginPolicyIDPProviderCascadeRemovedEventType = orgEventTypePrefix + policy.LoginPolicyIDPProviderCascadeRemovedType
+)
+
+type IdentityProviderAddedEvent struct {
+	policy.IdentityProviderAddedEvent
+}
+
+func NewIdentityProviderAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID string,
+	idpProviderType domain.IdentityProviderType,
+) *IdentityProviderAddedEvent {
+
+	return &IdentityProviderAddedEvent{
+		IdentityProviderAddedEvent: *policy.NewIdentityProviderAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicyIDPProviderAddedEventType),
+			idpConfigID,
+			idpProviderType),
+	}
+}
+
+func IdentityProviderAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.IdentityProviderAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IdentityProviderAddedEvent{
+		IdentityProviderAddedEvent: *e.(*policy.IdentityProviderAddedEvent),
+	}, nil
+}
+
+type IdentityProviderRemovedEvent struct {
+	policy.IdentityProviderRemovedEvent
+}
+
+func NewIdentityProviderRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID string,
+) *IdentityProviderRemovedEvent {
+	return &IdentityProviderRemovedEvent{
+		IdentityProviderRemovedEvent: *policy.NewIdentityProviderRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				LoginPolicyIDPProviderRemovedEventType),
+			idpConfigID),
+	}
+}
+
+func IdentityProviderRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.IdentityProviderRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IdentityProviderRemovedEvent{
+		IdentityProviderRemovedEvent: *e.(*policy.IdentityProviderRemovedEvent),
+	}, nil
+}
+
+type IdentityProviderCascadeRemovedEvent struct {
+	policy.IdentityProviderCascadeRemovedEvent
+}
+
+func NewIdentityProviderCascadeRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	idpConfigID string,
+) *IdentityProviderCascadeRemovedEvent {
+	return &IdentityProviderCascadeRemovedEvent{
+		IdentityProviderCascadeRemovedEvent: *policy.NewIdentityProviderCascadeRemovedEvent(
+			eventstore.NewBaseEventForPush(ctx, aggregate, LoginPolicyIDPProviderRemovedEventType),
+			idpConfigID),
+	}
+}
+
+func IdentityProviderCascadeRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.IdentityProviderCascadeRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IdentityProviderCascadeRemovedEvent{
+		IdentityProviderCascadeRemovedEvent: *e.(*policy.IdentityProviderCascadeRemovedEvent),
+	}, nil
+}

internal/repository/org/policy_mail_template.go

@@ -0,0 +1,92 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	MailTemplateAddedEventType   = orgEventTypePrefix + policy.MailTemplatePolicyAddedEventType
+	MailTemplateChangedEventType = orgEventTypePrefix + policy.MailTemplatePolicyChangedEventType
+	MailTemplateRemovedEventType = orgEventTypePrefix + policy.MailTemplatePolicyRemovedEventType
+)
+
+type MailTemplateAddedEvent struct {
+	policy.MailTemplateAddedEvent
+}
+
+func NewMailTemplateAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	template []byte,
+) *MailTemplateAddedEvent {
+	return &MailTemplateAddedEvent{
+		MailTemplateAddedEvent: *policy.NewMailTemplateAddedEvent(
+			eventstore.NewBaseEventForPush(ctx, aggregate, MailTemplateAddedEventType),
+			template),
+	}
+}
+
+func MailTemplateAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MailTemplateAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MailTemplateAddedEvent{MailTemplateAddedEvent: *e.(*policy.MailTemplateAddedEvent)}, nil
+}
+
+type MailTemplateChangedEvent struct {
+	policy.MailTemplateChangedEvent
+}
+
+func NewMailTemplateChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.MailTemplateChanges,
+) (*MailTemplateChangedEvent, error) {
+	changedEvent, err := policy.NewMailTemplateChangedEvent(
+		eventstore.NewBaseEventForPush(ctx, aggregate, MailTemplateChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &MailTemplateChangedEvent{MailTemplateChangedEvent: *changedEvent}, nil
+}
+
+func MailTemplateChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MailTemplateChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MailTemplateChangedEvent{MailTemplateChangedEvent: *e.(*policy.MailTemplateChangedEvent)}, nil
+}
+
+type MailTemplateRemovedEvent struct {
+	policy.MailTemplateRemovedEvent
+}
+
+func NewMailTemplateRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *MailTemplateRemovedEvent {
+	return &MailTemplateRemovedEvent{
+		MailTemplateRemovedEvent: *policy.NewMailTemplateRemovedEvent(
+			eventstore.NewBaseEventForPush(ctx, aggregate, MailTemplateRemovedEventType),
+		),
+	}
+}
+
+func MailTemplateRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MailTemplateRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MailTemplateRemovedEvent{MailTemplateRemovedEvent: *e.(*policy.MailTemplateRemovedEvent)}, nil
+}

internal/repository/org/policy_mail_text.go

@@ -0,0 +1,114 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	MailTextAddedEventType   = orgEventTypePrefix + policy.MailTextPolicyAddedEventType
+	MailTextChangedEventType = orgEventTypePrefix + policy.MailTextPolicyChangedEventType
+	MailTextRemovedEventType = orgEventTypePrefix + policy.MailTextPolicyRemovedEventType
+)
+
+type MailTextAddedEvent struct {
+	policy.MailTextAddedEvent
+}
+
+func NewMailTextAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mailTextType,
+	language,
+	title,
+	preHeader,
+	subject,
+	greeting,
+	text,
+	buttonText string,
+) *MailTextAddedEvent {
+	return &MailTextAddedEvent{
+		MailTextAddedEvent: *policy.NewMailTextAddedEvent(
+			eventstore.NewBaseEventForPush(ctx, aggregate, MailTextAddedEventType),
+			mailTextType,
+			language,
+			title,
+			preHeader,
+			subject,
+			greeting,
+			text,
+			buttonText),
+	}
+}
+
+func MailTextAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MailTextAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MailTextAddedEvent{MailTextAddedEvent: *e.(*policy.MailTextAddedEvent)}, nil
+}
+
+type MailTextChangedEvent struct {
+	policy.MailTextChangedEvent
+}
+
+func NewMailTextChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mailTextType,
+	language string,
+	changes []policy.MailTextChanges,
+) (*MailTextChangedEvent, error) {
+	changedEvent, err := policy.NewMailTextChangedEvent(
+		eventstore.NewBaseEventForPush(ctx, aggregate, MailTextChangedEventType),
+		mailTextType,
+		language,
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &MailTextChangedEvent{MailTextChangedEvent: *changedEvent}, nil
+}
+
+func MailTextChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MailTextChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MailTextChangedEvent{MailTextChangedEvent: *e.(*policy.MailTextChangedEvent)}, nil
+}
+
+type MailTextRemovedEvent struct {
+	policy.MailTextRemovedEvent
+}
+
+func NewMailTextRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	mailTextType,
+	language string,
+) *MailTextRemovedEvent {
+	return &MailTextRemovedEvent{
+		MailTextRemovedEvent: *policy.NewMailTextRemovedEvent(
+			eventstore.NewBaseEventForPush(ctx, aggregate, MailTextRemovedEventType),
+			mailTextType,
+			language,
+		),
+	}
+}
+
+func MailTextRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.MailTextRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MailTextRemovedEvent{MailTextRemovedEvent: *e.(*policy.MailTextRemovedEvent)}, nil
+}

internal/repository/org/policy_org_iam.go

@@ -0,0 +1,105 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	//TODO: enable when possible
+	//OrgIAMPolicyAddedEventType   = orgEventTypePrefix + policy.OrgIAMPolicyAddedEventType
+	//OrgIAMPolicyChangedEventType = orgEventTypePrefix + policy.OrgIAMPolicyChangedEventType
+	OrgIAMPolicyAddedEventType   = orgEventTypePrefix + "iam.policy.added"
+	OrgIAMPolicyChangedEventType = orgEventTypePrefix + "iam.policy.changed"
+	OrgIAMPolicyRemovedEventType = orgEventTypePrefix + "iam.policy.removed"
+)
+
+type OrgIAMPolicyAddedEvent struct {
+	policy.OrgIAMPolicyAddedEvent
+}
+
+func NewOrgIAMPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	userLoginMustBeDomain bool,
+) *OrgIAMPolicyAddedEvent {
+	return &OrgIAMPolicyAddedEvent{
+		OrgIAMPolicyAddedEvent: *policy.NewOrgIAMPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				OrgIAMPolicyAddedEventType),
+			userLoginMustBeDomain,
+		),
+	}
+}
+
+func OrgIAMPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.OrgIAMPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OrgIAMPolicyAddedEvent{OrgIAMPolicyAddedEvent: *e.(*policy.OrgIAMPolicyAddedEvent)}, nil
+}
+
+type OrgIAMPolicyChangedEvent struct {
+	policy.OrgIAMPolicyChangedEvent
+}
+
+func NewOrgIAMPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.OrgIAMPolicyChanges,
+) (*OrgIAMPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewOrgIAMPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			OrgIAMPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &OrgIAMPolicyChangedEvent{OrgIAMPolicyChangedEvent: *changedEvent}, nil
+}
+
+func OrgIAMPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.OrgIAMPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OrgIAMPolicyChangedEvent{OrgIAMPolicyChangedEvent: *e.(*policy.OrgIAMPolicyChangedEvent)}, nil
+}
+
+type OrgIAMPolicyRemovedEvent struct {
+	policy.OrgIAMPolicyRemovedEvent
+}
+
+func NewOrgIAMPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *OrgIAMPolicyRemovedEvent {
+	return &OrgIAMPolicyRemovedEvent{
+		OrgIAMPolicyRemovedEvent: *policy.NewOrgIAMPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				OrgIAMPolicyRemovedEventType),
+		),
+	}
+}
+
+func OrgIAMPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.OrgIAMPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OrgIAMPolicyRemovedEvent{OrgIAMPolicyRemovedEvent: *e.(*policy.OrgIAMPolicyRemovedEvent)}, nil
+}

internal/repository/org/policy_password_age.go

@@ -0,0 +1,103 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	PasswordAgePolicyAddedEventType   = orgEventTypePrefix + policy.PasswordAgePolicyAddedEventType
+	PasswordAgePolicyChangedEventType = orgEventTypePrefix + policy.PasswordAgePolicyChangedEventType
+	PasswordAgePolicyRemovedEventType = orgEventTypePrefix + policy.PasswordAgePolicyRemovedEventType
+)
+
+type PasswordAgePolicyAddedEvent struct {
+	policy.PasswordAgePolicyAddedEvent
+}
+
+func NewPasswordAgePolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	expireWarnDays,
+	maxAgeDays uint64,
+) *PasswordAgePolicyAddedEvent {
+	return &PasswordAgePolicyAddedEvent{
+		PasswordAgePolicyAddedEvent: *policy.NewPasswordAgePolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PasswordAgePolicyAddedEventType),
+			expireWarnDays,
+			maxAgeDays),
+	}
+}
+
+func PasswordAgePolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordAgePolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordAgePolicyAddedEvent{PasswordAgePolicyAddedEvent: *e.(*policy.PasswordAgePolicyAddedEvent)}, nil
+}
+
+type PasswordAgePolicyChangedEvent struct {
+	policy.PasswordAgePolicyChangedEvent
+}
+
+func NewPasswordAgePolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.PasswordAgePolicyChanges,
+) (*PasswordAgePolicyChangedEvent, error) {
+	changedEvent, err := policy.NewPasswordAgePolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PasswordAgePolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &PasswordAgePolicyChangedEvent{PasswordAgePolicyChangedEvent: *changedEvent}, nil
+}
+
+func PasswordAgePolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordAgePolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordAgePolicyChangedEvent{PasswordAgePolicyChangedEvent: *e.(*policy.PasswordAgePolicyChangedEvent)}, nil
+}
+
+type PasswordAgePolicyRemovedEvent struct {
+	policy.PasswordAgePolicyRemovedEvent
+}
+
+func NewPasswordAgePolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *PasswordAgePolicyRemovedEvent {
+	return &PasswordAgePolicyRemovedEvent{
+		PasswordAgePolicyRemovedEvent: *policy.NewPasswordAgePolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PasswordAgePolicyRemovedEventType),
+		),
+	}
+}
+
+func PasswordAgePolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordAgePolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordAgePolicyRemovedEvent{PasswordAgePolicyRemovedEvent: *e.(*policy.PasswordAgePolicyRemovedEvent)}, nil
+}

internal/repository/org/policy_password_complexity.go

@@ -0,0 +1,109 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	PasswordComplexityPolicyAddedEventType   = orgEventTypePrefix + policy.PasswordComplexityPolicyAddedEventType
+	PasswordComplexityPolicyChangedEventType = orgEventTypePrefix + policy.PasswordComplexityPolicyChangedEventType
+	PasswordComplexityPolicyRemovedEventType = orgEventTypePrefix + policy.PasswordComplexityPolicyRemovedEventType
+)
+
+type PasswordComplexityPolicyAddedEvent struct {
+	policy.PasswordComplexityPolicyAddedEvent
+}
+
+func NewPasswordComplexityPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	minLength uint64,
+	hasLowercase,
+	hasUppercase,
+	hasNumber,
+	hasSymbol bool,
+) *PasswordComplexityPolicyAddedEvent {
+	return &PasswordComplexityPolicyAddedEvent{
+		PasswordComplexityPolicyAddedEvent: *policy.NewPasswordComplexityPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PasswordComplexityPolicyAddedEventType),
+			minLength,
+			hasLowercase,
+			hasUppercase,
+			hasNumber,
+			hasSymbol),
+	}
+}
+
+func PasswordComplexityPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordComplexityPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordComplexityPolicyAddedEvent{PasswordComplexityPolicyAddedEvent: *e.(*policy.PasswordComplexityPolicyAddedEvent)}, nil
+}
+
+type PasswordComplexityPolicyChangedEvent struct {
+	policy.PasswordComplexityPolicyChangedEvent
+}
+
+func NewPasswordComplexityPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.PasswordComplexityPolicyChanges,
+) (*PasswordComplexityPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewPasswordComplexityPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PasswordComplexityPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &PasswordComplexityPolicyChangedEvent{PasswordComplexityPolicyChangedEvent: *changedEvent}, nil
+}
+
+func PasswordComplexityPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordComplexityPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordComplexityPolicyChangedEvent{PasswordComplexityPolicyChangedEvent: *e.(*policy.PasswordComplexityPolicyChangedEvent)}, nil
+}
+
+type PasswordComplexityPolicyRemovedEvent struct {
+	policy.PasswordComplexityPolicyRemovedEvent
+}
+
+func NewPasswordComplexityPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *PasswordComplexityPolicyRemovedEvent {
+	return &PasswordComplexityPolicyRemovedEvent{
+		PasswordComplexityPolicyRemovedEvent: *policy.NewPasswordComplexityPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PasswordComplexityPolicyRemovedEventType),
+		),
+	}
+}
+
+func PasswordComplexityPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordComplexityPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordComplexityPolicyRemovedEvent{PasswordComplexityPolicyRemovedEvent: *e.(*policy.PasswordComplexityPolicyRemovedEvent)}, nil
+}

internal/repository/org/policy_password_lockout.go

@@ -0,0 +1,103 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	PasswordLockoutPolicyAddedEventType   = orgEventTypePrefix + policy.PasswordLockoutPolicyAddedEventType
+	PasswordLockoutPolicyChangedEventType = orgEventTypePrefix + policy.PasswordLockoutPolicyChangedEventType
+	PasswordLockoutPolicyRemovedEventType = orgEventTypePrefix + policy.PasswordLockoutPolicyRemovedEventType
+)
+
+type PasswordLockoutPolicyAddedEvent struct {
+	policy.PasswordLockoutPolicyAddedEvent
+}
+
+func NewPasswordLockoutPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	maxAttempts uint64,
+	showLockoutFailure bool,
+) *PasswordLockoutPolicyAddedEvent {
+	return &PasswordLockoutPolicyAddedEvent{
+		PasswordLockoutPolicyAddedEvent: *policy.NewPasswordLockoutPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PasswordLockoutPolicyAddedEventType),
+			maxAttempts,
+			showLockoutFailure),
+	}
+}
+
+func PasswordLockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordLockoutPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordLockoutPolicyAddedEvent{PasswordLockoutPolicyAddedEvent: *e.(*policy.PasswordLockoutPolicyAddedEvent)}, nil
+}
+
+type PasswordLockoutPolicyChangedEvent struct {
+	policy.PasswordLockoutPolicyChangedEvent
+}
+
+func NewPasswordLockoutPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.PasswordLockoutPolicyChanges,
+) (*PasswordLockoutPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewPasswordLockoutPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PasswordLockoutPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &PasswordLockoutPolicyChangedEvent{PasswordLockoutPolicyChangedEvent: *changedEvent}, nil
+}
+
+func PasswordLockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordLockoutPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordLockoutPolicyChangedEvent{PasswordLockoutPolicyChangedEvent: *e.(*policy.PasswordLockoutPolicyChangedEvent)}, nil
+}
+
+type PasswordLockoutPolicyRemovedEvent struct {
+	policy.PasswordLockoutPolicyRemovedEvent
+}
+
+func NewPasswordLockoutPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *PasswordLockoutPolicyRemovedEvent {
+	return &PasswordLockoutPolicyRemovedEvent{
+		PasswordLockoutPolicyRemovedEvent: *policy.NewPasswordLockoutPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PasswordLockoutPolicyRemovedEventType),
+		),
+	}
+}
+
+func PasswordLockoutPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordLockoutPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordLockoutPolicyRemovedEvent{PasswordLockoutPolicyRemovedEvent: *e.(*policy.PasswordLockoutPolicyRemovedEvent)}, nil
+}