fix: move v2 pkgs (#1331)

* fix: move eventstore pkgs * fix: move eventstore pkgs * fix: remove v2 view * fix: remove v2 view
2025-08-11 21:37:32 +00:00 · 2021-02-23 15:13:04 +01:00
parent 57b277bc7c
commit d8e42744b4
797 changed files with 2116 additions and 2224 deletions
--- a/internal/repository/policy/label.go
+++ b/internal/repository/policy/label.go
@@ -0,0 +1,137 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	LabelPolicyAddedEventType   = "policy.label.added"
+	LabelPolicyChangedEventType = "policy.label.changed"
+	LabelPolicyRemovedEventType = "policy.label.removed"
+)
+
+type LabelPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PrimaryColor   string `json:"primaryColor,omitempty"`
+	SecondaryColor string `json:"secondaryColor,omitempty"`
+}
+
+func (e *LabelPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *LabelPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	primaryColor,
+	secondaryColor string,
+) *LabelPolicyAddedEvent {
+
+	return &LabelPolicyAddedEvent{
+		BaseEvent:      *base,
+		PrimaryColor:   primaryColor,
+		SecondaryColor: secondaryColor,
+	}
+}
+
+func LabelPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &LabelPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-puqv4", "unable to unmarshal label policy")
+	}
+
+	return e, nil
+}
+
+type LabelPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PrimaryColor   *string `json:"primaryColor,omitempty"`
+	SecondaryColor *string `json:"secondaryColor,omitempty"`
+}
+
+func (e *LabelPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *LabelPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []LabelPolicyChanges,
+) (*LabelPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-Asfd3", "Errors.NoChangesFound")
+	}
+	changeEvent := &LabelPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type LabelPolicyChanges func(*LabelPolicyChangedEvent)
+
+func ChangePrimaryColor(primaryColor string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.PrimaryColor = &primaryColor
+	}
+}
+
+func ChangeSecondaryColor(secondaryColor string) func(*LabelPolicyChangedEvent) {
+	return func(e *LabelPolicyChangedEvent) {
+		e.SecondaryColor = &secondaryColor
+	}
+}
+
+func LabelPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &LabelPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-qhfFb", "unable to unmarshal label policy")
+	}
+
+	return e, nil
+}
+
+type LabelPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LabelPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *LabelPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewLabelPolicyRemovedEvent(base *eventstore.BaseEvent) *LabelPolicyRemovedEvent {
+	return &LabelPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func LabelPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &LabelPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/login.go
+++ b/internal/repository/policy/login.go
@@ -0,0 +1,171 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	loginPolicyPrefix           = "policy.login."
+	LoginPolicyAddedEventType   = loginPolicyPrefix + "added"
+	LoginPolicyChangedEventType = loginPolicyPrefix + "changed"
+	LoginPolicyRemovedEventType = loginPolicyPrefix + "removed"
+)
+
+type LoginPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	AllowUserNamePassword bool                    `json:"allowUsernamePassword,omitempty"`
+	AllowRegister         bool                    `json:"allowRegister,omitempty"`
+	AllowExternalIDP      bool                    `json:"allowExternalIdp,omitempty"`
+	ForceMFA              bool                    `json:"forceMFA,omitempty"`
+	PasswordlessType      domain.PasswordlessType `json:"passwordlessType,omitempty"`
+}
+
+func (e *LoginPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *LoginPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewLoginPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	allowUserNamePassword,
+	allowRegister,
+	allowExternalIDP,
+	forceMFA bool,
+	passwordlessType domain.PasswordlessType,
+) *LoginPolicyAddedEvent {
+	return &LoginPolicyAddedEvent{
+		BaseEvent:             *base,
+		AllowExternalIDP:      allowExternalIDP,
+		AllowRegister:         allowRegister,
+		AllowUserNamePassword: allowUserNamePassword,
+		ForceMFA:              forceMFA,
+		PasswordlessType:      passwordlessType,
+	}
+}
+
+func LoginPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &LoginPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-nWndT", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type LoginPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	AllowUserNamePassword *bool                    `json:"allowUsernamePassword,omitempty"`
+	AllowRegister         *bool                    `json:"allowRegister,omitempty"`
+	AllowExternalIDP      *bool                    `json:"allowExternalIdp,omitempty"`
+	ForceMFA              *bool                    `json:"forceMFA,omitempty"`
+	PasswordlessType      *domain.PasswordlessType `json:"passwordlessType,omitempty"`
+}
+
+type LoginPolicyEventData struct {
+}
+
+func (e *LoginPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *LoginPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewLoginPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []LoginPolicyChanges,
+) (*LoginPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-ADg34", "Errors.NoChangesFound")
+	}
+	changeEvent := &LoginPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type LoginPolicyChanges func(*LoginPolicyChangedEvent)
+
+func ChangeAllowUserNamePassword(allowUserNamePassword bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowUserNamePassword = &allowUserNamePassword
+	}
+}
+
+func ChangeAllowRegister(allowRegister bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowRegister = &allowRegister
+	}
+}
+
+func ChangeAllowExternalIDP(allowExternalIDP bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.AllowExternalIDP = &allowExternalIDP
+	}
+}
+
+func ChangeForceMFA(forceMFA bool) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.ForceMFA = &forceMFA
+	}
+}
+
+func ChangePasswordlessType(passwordlessType domain.PasswordlessType) func(*LoginPolicyChangedEvent) {
+	return func(e *LoginPolicyChangedEvent) {
+		e.PasswordlessType = &passwordlessType
+	}
+}
+
+func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &LoginPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-ehssl", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type LoginPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *LoginPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *LoginPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewLoginPolicyRemovedEvent(base *eventstore.BaseEvent) *LoginPolicyRemovedEvent {
+	return &LoginPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func LoginPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &LoginPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/mail_template.go
+++ b/internal/repository/policy/mail_template.go
@@ -0,0 +1,128 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	mailPolicyPrefix                   = "mail."
+	mailTemplatePolicyPrefix           = mailPolicyPrefix + "template."
+	MailTemplatePolicyAddedEventType   = mailTemplatePolicyPrefix + "added"
+	MailTemplatePolicyChangedEventType = mailTemplatePolicyPrefix + "changed"
+	MailTemplatePolicyRemovedEventType = mailTemplatePolicyPrefix + "removed"
+)
+
+type MailTemplateAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template []byte `json:"template,omitempty"`
+}
+
+func (e *MailTemplateAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MailTemplateAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMailTemplateAddedEvent(
+	base *eventstore.BaseEvent,
+	template []byte,
+) *MailTemplateAddedEvent {
+	return &MailTemplateAddedEvent{
+		BaseEvent: *base,
+		Template:  template,
+	}
+}
+
+func MailTemplateAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &MailTemplateAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail template")
+	}
+
+	return e, nil
+}
+
+type MailTemplateChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	Template *[]byte `json:"template,omitempty"`
+}
+
+func (e *MailTemplateChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MailTemplateChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMailTemplateChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []MailTemplateChanges,
+) (*MailTemplateChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound")
+	}
+	changeEvent := &MailTemplateChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type MailTemplateChanges func(*MailTemplateChangedEvent)
+
+func ChangeTemplate(template []byte) func(*MailTemplateChangedEvent) {
+	return func(e *MailTemplateChangedEvent) {
+		e.Template = &template
+	}
+}
+
+func MailTemplateChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &MailTemplateChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-3uu8K", "unable to unmarshal mail template policy")
+	}
+
+	return e, nil
+}
+
+type MailTemplateRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *MailTemplateRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *MailTemplateRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMailTemplateRemovedEvent(base *eventstore.BaseEvent) *MailTemplateRemovedEvent {
+	return &MailTemplateRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func MailTemplateRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &MailTemplateRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/mail_text.go
+++ b/internal/repository/policy/mail_text.go
@@ -0,0 +1,209 @@
+package policy
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	UniqueMailText                 = "mail_text"
+	mailTextPolicyPrefix           = mailPolicyPrefix + "text."
+	MailTextPolicyAddedEventType   = mailTextPolicyPrefix + "added"
+	MailTextPolicyChangedEventType = mailTextPolicyPrefix + "changed"
+	MailTextPolicyRemovedEventType = mailTextPolicyPrefix + "removed"
+)
+
+func NewAddMailTextUniqueConstraint(aggregateID, mailTextType, langugage string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewAddEventUniqueConstraint(
+		UniqueMailText,
+		fmt.Sprintf("%v:%v:%v", aggregateID, mailTextType, langugage),
+		"Errors.Org.AlreadyExists")
+}
+
+func NewRemoveMailTextUniqueConstraint(aggregateID, mailTextType, langugage string) *eventstore.EventUniqueConstraint {
+	return eventstore.NewRemoveEventUniqueConstraint(
+		UniqueMailText,
+		fmt.Sprintf("%v:%v:%v", aggregateID, mailTextType, langugage))
+}
+
+type MailTextAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MailTextType string `json:"mailTextType,omitempty"`
+	Language     string `json:"language,omitempty"`
+	Title        string `json:"title,omitempty"`
+	PreHeader    string `json:"preHeader,omitempty"`
+	Subject      string `json:"subject,omitempty"`
+	Greeting     string `json:"greeting,omitempty"`
+	Text         string `json:"text,omitempty"`
+	ButtonText   string `json:"buttonText,omitempty"`
+}
+
+func (e *MailTextAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MailTextAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewAddMailTextUniqueConstraint(e.Aggregate().ResourceOwner, e.MailTextType, e.Language)}
+}
+
+func NewMailTextAddedEvent(
+	base *eventstore.BaseEvent,
+	mailTextType,
+	language,
+	title,
+	preHeader,
+	subject,
+	greeting,
+	text,
+	buttonText string,
+) *MailTextAddedEvent {
+	return &MailTextAddedEvent{
+		BaseEvent:    *base,
+		MailTextType: mailTextType,
+		Language:     language,
+		Title:        title,
+		PreHeader:    preHeader,
+		Subject:      subject,
+		Greeting:     greeting,
+		Text:         text,
+		ButtonText:   buttonText,
+	}
+}
+
+func MailTextAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &MailTextAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-5m9if", "unable to unmarshal mail text policy")
+	}
+
+	return e, nil
+}
+
+type MailTextChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MailTextType string  `json:"mailTextType,omitempty"`
+	Language     string  `json:"language,omitempty"`
+	Title        *string `json:"title,omitempty"`
+	PreHeader    *string `json:"preHeader,omitempty"`
+	Subject      *string `json:"subject,omitempty"`
+	Greeting     *string `json:"greeting,omitempty"`
+	Text         *string `json:"text,omitempty"`
+	ButtonText   *string `json:"buttonText,omitempty"`
+}
+
+func (e *MailTextChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MailTextChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewMailTextChangedEvent(
+	base *eventstore.BaseEvent,
+	mailTextType,
+	language string,
+	changes []MailTextChanges,
+) (*MailTextChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-m9osd", "Errors.NoChangesFound")
+	}
+	changeEvent := &MailTextChangedEvent{
+		BaseEvent:    *base,
+		MailTextType: mailTextType,
+		Language:     language,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type MailTextChanges func(*MailTextChangedEvent)
+
+func ChangeTitle(title string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Title = &title
+	}
+}
+
+func ChangePreHeader(preHeader string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.PreHeader = &preHeader
+	}
+}
+
+func ChangeSubject(greeting string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Subject = &greeting
+	}
+}
+
+func ChangeGreeting(greeting string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Greeting = &greeting
+	}
+}
+
+func ChangeText(text string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.Text = &text
+	}
+}
+
+func ChangeButtonText(buttonText string) func(*MailTextChangedEvent) {
+	return func(e *MailTextChangedEvent) {
+		e.ButtonText = &buttonText
+	}
+}
+
+func MailTextChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &MailTextChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-bn88u", "unable to unmarshal mail text policy")
+	}
+
+	return e, nil
+}
+
+type MailTextRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MailTextType string `json:"mailTextType,omitempty"`
+	Language     string `json:"language,omitempty"`
+}
+
+func (e *MailTextRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *MailTextRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return []*eventstore.EventUniqueConstraint{NewRemoveMailTextUniqueConstraint(e.Aggregate().ResourceOwner, e.MailTextType, e.Language)}
+}
+
+func NewMailTextRemovedEvent(base *eventstore.BaseEvent, mailTextType, language string) *MailTextRemovedEvent {
+	return &MailTextRemovedEvent{
+		BaseEvent:    *base,
+		MailTextType: mailTextType,
+		Language:     language,
+	}
+}
+
+func MailTextRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &MailTextRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/policy_login_factors.go
+++ b/internal/repository/policy/policy_login_factors.go
@@ -0,0 +1,165 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	loginPolicySecondFactorPrefix           = loginPolicyPrefix + "secondfactor."
+	LoginPolicySecondFactorAddedEventType   = loginPolicySecondFactorPrefix + "added"
+	LoginPolicySecondFactorRemovedEventType = loginPolicySecondFactorPrefix + "removed"
+
+	loginPolicyMultiFactorPrefix           = "policy.login.multifactor."
+	LoginPolicyMultiFactorAddedEventType   = loginPolicyMultiFactorPrefix + "added"
+	LoginPolicyMultiFactorRemovedEventType = loginPolicyMultiFactorPrefix + "removed"
+)
+
+type SecondFactorAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MFAType domain.SecondFactorType `json:"mfaType,omitempty"`
+}
+
+func NewSecondFactorAddedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.SecondFactorType,
+) *SecondFactorAddedEvent {
+	return &SecondFactorAddedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func SecondFactorAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &SecondFactorAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-Lp0dE", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *SecondFactorAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *SecondFactorAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+type SecondFactorRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	MFAType              domain.SecondFactorType `json:"mfaType"`
+}
+
+func NewSecondFactorRemovedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.SecondFactorType,
+) *SecondFactorRemovedEvent {
+	return &SecondFactorRemovedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func SecondFactorRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &SecondFactorRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-5M9gd", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *SecondFactorRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *SecondFactorRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+type MultiFactorAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MFAType domain.MultiFactorType `json:"mfaType"`
+}
+
+func NewMultiFactorAddedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.MultiFactorType,
+) *MultiFactorAddedEvent {
+	return &MultiFactorAddedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func MultiFactorAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &MultiFactorAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-5Ms90", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *MultiFactorAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MultiFactorAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+type MultiFactorRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+	MFAType              domain.MultiFactorType `json:"mfaType"`
+}
+
+func NewMultiFactorRemovedEvent(
+	base *eventstore.BaseEvent,
+	mfaType domain.MultiFactorType,
+) *MultiFactorRemovedEvent {
+	return &MultiFactorRemovedEvent{
+		BaseEvent: *base,
+		MFAType:   mfaType,
+	}
+}
+
+func MultiFactorRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &MultiFactorRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-1N8sd", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+func (e *MultiFactorRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *MultiFactorRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
--- a/internal/repository/policy/policy_login_identity_provider.go
+++ b/internal/repository/policy/policy_login_identity_provider.go
@@ -0,0 +1,131 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	loginPolicyIDPProviderPrevix             = loginPolicyPrefix + "idpprovider."
+	LoginPolicyIDPProviderAddedType          = loginPolicyIDPProviderPrevix + "added"
+	LoginPolicyIDPProviderRemovedType        = loginPolicyIDPProviderPrevix + "removed"
+	LoginPolicyIDPProviderCascadeRemovedType = loginPolicyIDPProviderPrevix + "cascade.removed"
+)
+
+type IdentityProviderAddedEvent struct {
+	eventstore.BaseEvent
+
+	IDPConfigID     string                      `json:"idpConfigId,omitempty"`
+	IDPProviderType domain.IdentityProviderType `json:"idpProviderType,omitempty"`
+}
+
+func (e *IdentityProviderAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *IdentityProviderAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewIdentityProviderAddedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+	idpProviderType domain.IdentityProviderType,
+) *IdentityProviderAddedEvent {
+
+	return &IdentityProviderAddedEvent{
+		*base,
+		idpConfigID,
+		idpProviderType,
+	}
+}
+
+func IdentityProviderAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &IdentityProviderAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "PROVI-bfNnp", "Errors.Internal")
+	}
+
+	return e, nil
+}
+
+type IdentityProviderRemovedEvent struct {
+	eventstore.BaseEvent
+
+	IDPConfigID string `json:"idpConfigId"`
+}
+
+func (e *IdentityProviderRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *IdentityProviderRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewIdentityProviderRemovedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+) *IdentityProviderRemovedEvent {
+	return &IdentityProviderRemovedEvent{
+		BaseEvent:   *base,
+		IDPConfigID: idpConfigID,
+	}
+}
+
+func IdentityProviderRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &IdentityProviderRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "PROVI-6H0KQ", "Errors.Internal")
+	}
+
+	return e, nil
+}
+
+type IdentityProviderCascadeRemovedEvent struct {
+	eventstore.BaseEvent
+
+	IDPConfigID string `json:"idpConfigId"`
+}
+
+func (e *IdentityProviderCascadeRemovedEvent) Data() interface{} {
+	return e
+}
+
+func (e *IdentityProviderCascadeRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewIdentityProviderCascadeRemovedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+) *IdentityProviderCascadeRemovedEvent {
+	return &IdentityProviderCascadeRemovedEvent{
+		BaseEvent:   *base,
+		IDPConfigID: idpConfigID,
+	}
+}
+
+func IdentityProviderCascadeRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &IdentityProviderCascadeRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "PROVI-7M9fs", "Errors.Internal")
+	}
+
+	return e, nil
+}
--- a/internal/repository/policy/policy_org_iam.go
+++ b/internal/repository/policy/policy_org_iam.go
@@ -0,0 +1,128 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	//TODO: use for org events as suffix (when possible)
+	OrgIAMPolicyAddedEventType   = "policy.org.iam.added"
+	OrgIAMPolicyChangedEventType = "policy.org.iam.changed"
+)
+
+type OrgIAMPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserLoginMustBeDomain bool `json:"userLoginMustBeDomain,omitempty"`
+}
+
+func (e *OrgIAMPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgIAMPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewOrgIAMPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	userLoginMustBeDomain bool,
+) *OrgIAMPolicyAddedEvent {
+
+	return &OrgIAMPolicyAddedEvent{
+		BaseEvent:             *base,
+		UserLoginMustBeDomain: userLoginMustBeDomain,
+	}
+}
+
+func OrgIAMPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &OrgIAMPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-TvSmA", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type OrgIAMPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	UserLoginMustBeDomain *bool `json:"userLoginMustBeDomain,omitempty"`
+}
+
+func (e *OrgIAMPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *OrgIAMPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewOrgIAMPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []OrgIAMPolicyChanges,
+) (*OrgIAMPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-DAf3h", "Errors.NoChangesFound")
+	}
+	changeEvent := &OrgIAMPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type OrgIAMPolicyChanges func(*OrgIAMPolicyChangedEvent)
+
+func ChangeUserLoginMustBeDomain(userLoginMustBeDomain bool) func(*OrgIAMPolicyChangedEvent) {
+	return func(e *OrgIAMPolicyChangedEvent) {
+		e.UserLoginMustBeDomain = &userLoginMustBeDomain
+	}
+}
+
+func OrgIAMPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &OrgIAMPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-0Pl9d", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type OrgIAMPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *OrgIAMPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *OrgIAMPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewOrgIAMPolicyRemovedEvent(base *eventstore.BaseEvent) *OrgIAMPolicyRemovedEvent {
+	return &OrgIAMPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func OrgIAMPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &OrgIAMPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/policy_password_age.go
+++ b/internal/repository/policy/policy_password_age.go
@@ -0,0 +1,137 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	PasswordAgePolicyAddedEventType   = "policy.password.age.added"
+	PasswordAgePolicyChangedEventType = "policy.password.age.changed"
+	PasswordAgePolicyRemovedEventType = "policy.password.age.removed"
+)
+
+type PasswordAgePolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ExpireWarnDays uint64 `json:"expireWarnDays,omitempty"`
+	MaxAgeDays     uint64 `json:"maxAgeDays,omitempty"`
+}
+
+func (e *PasswordAgePolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasswordAgePolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordAgePolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	expireWarnDays,
+	maxAgeDays uint64,
+) *PasswordAgePolicyAddedEvent {
+
+	return &PasswordAgePolicyAddedEvent{
+		BaseEvent:      *base,
+		ExpireWarnDays: expireWarnDays,
+		MaxAgeDays:     maxAgeDays,
+	}
+}
+
+func PasswordAgePolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PasswordAgePolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-T3mGp", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordAgePolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	ExpireWarnDays *uint64 `json:"expireWarnDays,omitempty"`
+	MaxAgeDays     *uint64 `json:"maxAgeDays,omitempty"`
+}
+
+func (e *PasswordAgePolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasswordAgePolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordAgePolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PasswordAgePolicyChanges,
+) (*PasswordAgePolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-DAgt5", "Errors.NoChangesFound")
+	}
+	changeEvent := &PasswordAgePolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PasswordAgePolicyChanges func(*PasswordAgePolicyChangedEvent)
+
+func ChangeExpireWarnDays(expireWarnDay uint64) func(*PasswordAgePolicyChangedEvent) {
+	return func(e *PasswordAgePolicyChangedEvent) {
+		e.ExpireWarnDays = &expireWarnDay
+	}
+}
+
+func ChangeMaxAgeDays(maxAgeDays uint64) func(*PasswordAgePolicyChangedEvent) {
+	return func(e *PasswordAgePolicyChangedEvent) {
+		e.MaxAgeDays = &maxAgeDays
+	}
+}
+
+func PasswordAgePolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PasswordAgePolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-PqaVq", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordAgePolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PasswordAgePolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *PasswordAgePolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordAgePolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordAgePolicyRemovedEvent {
+	return &PasswordAgePolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PasswordAgePolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &PasswordAgePolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/policy_password_complexity.go
+++ b/internal/repository/policy/policy_password_complexity.go
@@ -0,0 +1,167 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	PasswordComplexityPolicyAddedEventType   = "policy.password.complexity.added"
+	PasswordComplexityPolicyChangedEventType = "policy.password.complexity.changed"
+	PasswordComplexityPolicyRemovedEventType = "policy.password.complexity.removed"
+)
+
+type PasswordComplexityPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MinLength    uint64 `json:"minLength,omitempty"`
+	HasLowercase bool   `json:"hasLowercase,omitempty"`
+	HasUppercase bool   `json:"hasUppercase,omitempty"`
+	HasNumber    bool   `json:"hasNumber,omitempty"`
+	HasSymbol    bool   `json:"hasSymbol,omitempty"`
+}
+
+func (e *PasswordComplexityPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasswordComplexityPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordComplexityPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	minLength uint64,
+	hasLowerCase,
+	hasUpperCase,
+	hasNumber,
+	hasSymbol bool,
+) *PasswordComplexityPolicyAddedEvent {
+	return &PasswordComplexityPolicyAddedEvent{
+		BaseEvent:    *base,
+		MinLength:    minLength,
+		HasLowercase: hasLowerCase,
+		HasUppercase: hasUpperCase,
+		HasNumber:    hasNumber,
+		HasSymbol:    hasSymbol,
+	}
+}
+
+func PasswordComplexityPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PasswordComplexityPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-wYxlM", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordComplexityPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MinLength    *uint64 `json:"minLength,omitempty"`
+	HasLowercase *bool   `json:"hasLowercase,omitempty"`
+	HasUppercase *bool   `json:"hasUppercase,omitempty"`
+	HasNumber    *bool   `json:"hasNumber,omitempty"`
+	HasSymbol    *bool   `json:"hasSymbol,omitempty"`
+}
+
+func (e *PasswordComplexityPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasswordComplexityPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordComplexityPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PasswordComplexityPolicyChanges,
+) (*PasswordComplexityPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-Rdhu3", "Errors.NoChangesFound")
+	}
+	changeEvent := &PasswordComplexityPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PasswordComplexityPolicyChanges func(*PasswordComplexityPolicyChangedEvent)
+
+func ChangeMinLength(minLength uint64) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.MinLength = &minLength
+	}
+}
+
+func ChangeHasLowercase(hasLowercase bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasLowercase = &hasLowercase
+	}
+}
+
+func ChangeHasUppercase(hasUppercase bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasUppercase = &hasUppercase
+	}
+}
+
+func ChangeHasNumber(hasNumber bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasNumber = &hasNumber
+	}
+}
+
+func ChangeHasSymbol(hasSymbol bool) func(*PasswordComplexityPolicyChangedEvent) {
+	return func(e *PasswordComplexityPolicyChangedEvent) {
+		e.HasSymbol = &hasSymbol
+	}
+}
+
+func PasswordComplexityPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PasswordComplexityPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-zBGB0", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordComplexityPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PasswordComplexityPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *PasswordComplexityPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordComplexityPolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordComplexityPolicyRemovedEvent {
+	return &PasswordComplexityPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PasswordComplexityPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &PasswordComplexityPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/policy/policy_password_lockout.go
+++ b/internal/repository/policy/policy_password_lockout.go
@@ -0,0 +1,138 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	PasswordLockoutPolicyAddedEventType   = "policy.password.lockout.added"
+	PasswordLockoutPolicyChangedEventType = "policy.password.lockout.changed"
+	PasswordLockoutPolicyRemovedEventType = "policy.password.lockout.removed"
+)
+
+type PasswordLockoutPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MaxAttempts         uint64 `json:"maxAttempts,omitempty"`
+	ShowLockOutFailures bool   `json:"showLockOutFailures,omitempty"`
+}
+
+func (e *PasswordLockoutPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasswordLockoutPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordLockoutPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	maxAttempts uint64,
+	showLockOutFailures bool,
+) *PasswordLockoutPolicyAddedEvent {
+
+	return &PasswordLockoutPolicyAddedEvent{
+		BaseEvent:           *base,
+		MaxAttempts:         maxAttempts,
+		ShowLockOutFailures: showLockOutFailures,
+	}
+}
+
+func PasswordLockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PasswordLockoutPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-8XiVd", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordLockoutPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	MaxAttempts         *uint64 `json:"maxAttempts,omitempty"`
+	ShowLockOutFailures *bool   `json:"showLockOutFailures,omitempty"`
+}
+
+func (e *PasswordLockoutPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PasswordLockoutPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordLockoutPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PasswordLockoutPolicyChanges,
+) (*PasswordLockoutPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-sdgh6", "Errors.NoChangesFound")
+	}
+	changeEvent := &PasswordLockoutPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PasswordLockoutPolicyChanges func(*PasswordLockoutPolicyChangedEvent)
+
+func ChangeMaxAttempts(maxAttempts uint64) func(*PasswordLockoutPolicyChangedEvent) {
+	return func(e *PasswordLockoutPolicyChangedEvent) {
+		e.MaxAttempts = &maxAttempts
+	}
+}
+
+func ChangeShowLockOutFailures(showLockOutFailures bool) func(*PasswordLockoutPolicyChangedEvent) {
+	return func(e *PasswordLockoutPolicyChangedEvent) {
+		e.ShowLockOutFailures = &showLockOutFailures
+	}
+}
+
+func PasswordLockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PasswordLockoutPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-lWGRc", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PasswordLockoutPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PasswordLockoutPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *PasswordLockoutPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPasswordLockoutPolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordLockoutPolicyRemovedEvent {
+	return &PasswordLockoutPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PasswordLockoutPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &PasswordLockoutPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}