policy, idp, member.

member not working atm

internal/admin/repository/eventsourcing/eventstore/iam.go

@@ -305,6 +305,9 @@ func (repo *IAMRepository) SearchDefaultIDPProviders(ctx context.Context, reques
 
 func (repo *IAMRepository) AddIDPProviderToLoginPolicy(ctx context.Context, provider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
 	provider.AggregateID = repo.SystemDefaults.IamID
+	if repo.IAMV2 != nil {
+		return repo.IAMV2.AddIDPProviderToLoginPolicy(ctx, provider)
+	}
 	return repo.IAMEventstore.AddIDPProviderToLoginPolicy(ctx, provider)
 }
 

internal/admin/repository/eventsourcing/repository.go

@@ -16,7 +16,6 @@ import (
 	es_usr "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	iam_business "github.com/caos/zitadel/internal/v2/business/iam"
 	"github.com/caos/zitadel/internal/v2/repository/iam"
-	"github.com/caos/zitadel/internal/v2/repository/member"
 )
 
 type Config struct {
@@ -41,9 +40,9 @@ func Start(ctx context.Context, conf Config, systemDefaults sd.SystemDefaults, r
 		return nil, err
 	}
 	esV2 := es.V2()
-	esV2.RegisterFilterEventMapper(iam.MemberAddedEventType, member.AddedEventMapper).
+	esV2.RegisterFilterEventMapper(iam.MemberAddedEventType, iam.MemberAddedEventMapper).
-		RegisterFilterEventMapper(iam.MemberChangedEventType, member.ChangedEventMapper).
+		RegisterFilterEventMapper(iam.MemberChangedEventType, iam.MemberChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberRemovedEventType, member.RemovedEventMapper).
+		RegisterFilterEventMapper(iam.MemberRemovedEventType, iam.MemberRemovedEventMapper).
 		RegisterFilterEventMapper(iam.IDPConfigAddedEventType, iam.IDPConfigAddedEventMapper).
 		RegisterFilterEventMapper(iam.IDPConfigChangedEventType, iam.IDPConfigChangedEventMapper).
 		RegisterFilterEventMapper(iam.IDPConfigDeactivatedEventType, iam.IDPConfigDeactivatedEventMapper).

internal/auth/repository/eventsourcing/repository.go

@@ -23,8 +23,6 @@ import (
 	es_user "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	iam_business "github.com/caos/zitadel/internal/v2/business/iam"
 	"github.com/caos/zitadel/internal/v2/repository/iam"
-	"github.com/caos/zitadel/internal/v2/repository/member"
-	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
 type Config struct {
@@ -60,20 +58,20 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, au
 		RegisterFilterEventMapper(iam.SetupDoneEventType, iam.SetupStepMapper).
 		RegisterFilterEventMapper(iam.GlobalOrgSetEventType, iam.GlobalOrgSetMapper).
 		RegisterFilterEventMapper(iam.ProjectSetEventType, iam.ProjectSetMapper).
-		RegisterFilterEventMapper(iam.LabelPolicyAddedEventType, policy.LabelPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.LabelPolicyAddedEventType, iam.LabelPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.LabelPolicyChangedEventType, policy.LabelPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.LabelPolicyChangedEventType, iam.LabelPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.LoginPolicyAddedEventType, policy.LoginPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.LoginPolicyAddedEventType, iam.LoginPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.LoginPolicyChangedEventType, policy.LoginPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.LoginPolicyChangedEventType, iam.LoginPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.OrgIAMPolicyAddedEventType, policy.OrgIAMPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.OrgIAMPolicyAddedEventType, iam.OrgIAMPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordAgePolicyAddedEventType, policy.PasswordAgePolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordAgePolicyAddedEventType, iam.PasswordAgePolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordAgePolicyChangedEventType, policy.PasswordAgePolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordAgePolicyChangedEventType, iam.PasswordAgePolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordComplexityPolicyAddedEventType, policy.PasswordComplexityPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordComplexityPolicyAddedEventType, iam.PasswordComplexityPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordComplexityPolicyChangedEventType, policy.PasswordComplexityPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordComplexityPolicyChangedEventType, iam.PasswordComplexityPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordLockoutPolicyAddedEventType, policy.PasswordLockoutPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordLockoutPolicyAddedEventType, iam.PasswordLockoutPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordLockoutPolicyChangedEventType, policy.PasswordLockoutPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordLockoutPolicyChangedEventType, iam.PasswordLockoutPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberAddedEventType, member.AddedEventMapper).
+		RegisterFilterEventMapper(iam.MemberAddedEventType, iam.MemberAddedEventMapper).
-		RegisterFilterEventMapper(iam.MemberChangedEventType, member.ChangedEventMapper).
+		RegisterFilterEventMapper(iam.MemberChangedEventType, iam.MemberChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberRemovedEventType, member.RemovedEventMapper)
+		RegisterFilterEventMapper(iam.MemberRemovedEventType, iam.MemberRemovedEventMapper)
 
 	sqlClient, err := conf.View.Start()
 	if err != nil {

internal/authz/repository/eventsourcing/repository.go

@@ -5,8 +5,6 @@ import (
 
 	es_user "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/v2/repository/iam"
-	"github.com/caos/zitadel/internal/v2/repository/member"
-	"github.com/caos/zitadel/internal/v2/repository/policy"
 
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/auth_request/repository/cache"
@@ -50,20 +48,20 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults) (*
 		RegisterFilterEventMapper(iam.SetupDoneEventType, iam.SetupStepMapper).
 		RegisterFilterEventMapper(iam.GlobalOrgSetEventType, iam.GlobalOrgSetMapper).
 		RegisterFilterEventMapper(iam.ProjectSetEventType, iam.ProjectSetMapper).
-		RegisterFilterEventMapper(iam.LabelPolicyAddedEventType, policy.LabelPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.LabelPolicyAddedEventType, iam.LabelPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.LabelPolicyChangedEventType, policy.LabelPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.LabelPolicyChangedEventType, iam.LabelPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.LoginPolicyAddedEventType, policy.LoginPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.LoginPolicyAddedEventType, iam.LoginPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.LoginPolicyChangedEventType, policy.LoginPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.LoginPolicyChangedEventType, iam.LoginPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.OrgIAMPolicyAddedEventType, policy.OrgIAMPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.OrgIAMPolicyAddedEventType, iam.OrgIAMPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordAgePolicyAddedEventType, policy.PasswordAgePolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordAgePolicyAddedEventType, iam.PasswordAgePolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordAgePolicyChangedEventType, policy.PasswordAgePolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordAgePolicyChangedEventType, iam.PasswordAgePolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordComplexityPolicyAddedEventType, policy.PasswordComplexityPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordComplexityPolicyAddedEventType, iam.PasswordComplexityPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordComplexityPolicyChangedEventType, policy.PasswordComplexityPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordComplexityPolicyChangedEventType, iam.PasswordComplexityPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordLockoutPolicyAddedEventType, policy.PasswordLockoutPolicyAddedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordLockoutPolicyAddedEventType, iam.PasswordLockoutPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordLockoutPolicyChangedEventType, policy.PasswordLockoutPolicyChangedEventMapper).
+		RegisterFilterEventMapper(iam.PasswordLockoutPolicyChangedEventType, iam.PasswordLockoutPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberAddedEventType, member.AddedEventMapper).
+		RegisterFilterEventMapper(iam.MemberAddedEventType, iam.MemberAddedEventMapper).
-		RegisterFilterEventMapper(iam.MemberChangedEventType, member.ChangedEventMapper).
+		RegisterFilterEventMapper(iam.MemberChangedEventType, iam.MemberChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberRemovedEventType, member.RemovedEventMapper)
+		RegisterFilterEventMapper(iam.MemberRemovedEventType, iam.MemberRemovedEventMapper)
 
 	sqlClient, err := conf.View.Start()
 	if err != nil {

internal/eventstore/v2/write_model.go

@@ -2,12 +2,6 @@ package eventstore
 
 import "time"
 
-func NewWriteModel() *WriteModel {
-	return &WriteModel{
-		Events: []EventReader{},
-	}
-}
-
 //WriteModel is the minimum representation of a command side view model.
 // It implements a basic reducer
 // it's purpose is to reduce events to create new ones

internal/management/repository/eventsourcing/repository.go

@@ -18,9 +18,7 @@ import (
 	es_usr "github.com/caos/zitadel/internal/user/repository/eventsourcing"
 	es_grant "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
 	iam_business "github.com/caos/zitadel/internal/v2/business/iam"
-	"github.com/caos/zitadel/internal/v2/repository/iam"
+	iam_repo "github.com/caos/zitadel/internal/v2/repository/iam"
-	"github.com/caos/zitadel/internal/v2/repository/member"
-	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
 type Config struct {
@@ -47,24 +45,8 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
 		return nil, err
 	}
 	esV2 := es.V2()
-	esV2.RegisterFilterEventMapper(iam.SetupStartedEventType, iam.SetupStepMapper).
+	//TODO: should it be iam repo or iam business?
-		RegisterFilterEventMapper(iam.SetupDoneEventType, iam.SetupStepMapper).
+	iam_repo.RegisterEventMappers(esV2)
-		RegisterFilterEventMapper(iam.GlobalOrgSetEventType, iam.GlobalOrgSetMapper).
-		RegisterFilterEventMapper(iam.ProjectSetEventType, iam.ProjectSetMapper).
-		RegisterFilterEventMapper(iam.LabelPolicyAddedEventType, policy.LabelPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.LabelPolicyChangedEventType, policy.LabelPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.LoginPolicyAddedEventType, policy.LoginPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.LoginPolicyChangedEventType, policy.LoginPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.OrgIAMPolicyAddedEventType, policy.OrgIAMPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordAgePolicyAddedEventType, policy.PasswordAgePolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordAgePolicyChangedEventType, policy.PasswordAgePolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordComplexityPolicyAddedEventType, policy.PasswordComplexityPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordComplexityPolicyChangedEventType, policy.PasswordComplexityPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordLockoutPolicyAddedEventType, policy.PasswordLockoutPolicyAddedEventMapper).
-		RegisterFilterEventMapper(iam.PasswordLockoutPolicyChangedEventType, policy.PasswordLockoutPolicyChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberAddedEventType, member.AddedEventMapper).
-		RegisterFilterEventMapper(iam.MemberChangedEventType, member.ChangedEventMapper).
-		RegisterFilterEventMapper(iam.MemberRemovedEventType, member.RemovedEventMapper)
 
 	sqlClient, err := conf.View.Start()
 	if err != nil {

internal/v2/business/iam/converter.go

@@ -128,9 +128,9 @@ func readModelToMember(readModel *member.ReadModel) *model.IAMMember {
 
 func writeModelToMember(writeModel *iam.MemberWriteModel) *model.IAMMember {
 	return &model.IAMMember{
-		ObjectRoot: writeModelToObjectRoot(writeModel.WriteModel.WriteModel),
+		ObjectRoot: writeModelToObjectRoot(writeModel.Member.WriteModel),
-		Roles:      writeModel.Roles,
+		Roles:      writeModel.Member.Roles,
-		UserID:     writeModel.UserID,
+		UserID:     writeModel.Member.UserID,
 	}
 }
 
@@ -202,3 +202,11 @@ func writeModelToIDPOIDCConfig(wm *oidc.ConfigWriteModel) *model.OIDCIDPConfig {
 		UsernameMapping:       model.OIDCMappingField(wm.UserNameMapping),
 	}
 }
+
+func writeModelToIDPProvider(wm *iam.LoginPolicyIDPProviderWriteModel) *model.IDPProvider {
+	return &model.IDPProvider{
+		ObjectRoot:  writeModelToObjectRoot(wm.WriteModel),
+		IdpConfigID: wm.IDPConfigID,
+		Type:        model.IDPProviderType(wm.IDPProviderType),
+	}
+}

internal/v2/business/iam/idp_config.go

@@ -31,6 +31,8 @@ func (r *Repository) AddIDPConfig(ctx context.Context, config *iam_model.IDPConf
 		return nil, err
 	}
 
+	//TODO: check name unique on aggregate
+
 	clientSecret, err := crypto.Crypt([]byte(config.OIDCConfig.ClientSecretString), r.secretCrypto)
 	if err != nil {
 		return nil, err

internal/v2/business/iam/member.go

@@ -60,7 +60,7 @@ func (r *Repository) ChangeMember(ctx context.Context, member *iam_model.IAMMemb
 		return nil, err
 	}
 
-	iam := iam_repo.AggregateFromWriteModel(&existingMember.WriteModel.WriteModel).
+	iam := iam_repo.AggregateFromWriteModel(&existingMember.Member.WriteModel).
 		PushMemberChangedFromExisting(ctx, existingMember, member.Roles...)
 
 	events, err := r.eventstore.PushAggregates(ctx, iam)
@@ -130,7 +130,7 @@ func (r *Repository) memberWriteModelByID(ctx context.Context, iamID, userID str
 		return nil, err
 	}
 
-	if writeModel.IsRemoved {
+	if writeModel.Member.IsRemoved {
 		return nil, errors.ThrowNotFound(nil, "IAM-D8JxR", "Errors.NotFound")
 	}
 

internal/v2/business/iam/policy_login.go

@@ -0,0 +1,37 @@
+package iam
+
+import (
+	"context"
+
+	iam_model "github.com/caos/zitadel/internal/iam/model"
+	"github.com/caos/zitadel/internal/v2/repository/iam"
+	"github.com/caos/zitadel/internal/v2/repository/idp/provider"
+)
+
+func (r *Repository) AddIDPProviderToLoginPolicy(ctx context.Context, idpProvider *iam_model.IDPProvider) (*iam_model.IDPProvider, error) {
+	writeModel := iam.NewLoginPolicyIDPProviderWriteModel(idpProvider.AggregateID, idpProvider.IdpConfigID)
+	err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
+	if err != nil {
+		return nil, err
+	}
+	aggregate := iam.AggregateFromWriteModel(&writeModel.WriteModel).
+		PushLoginPolicyIDPProviderAddedEvent(ctx, idpProvider.IdpConfigID, provider.Type(idpProvider.Type))
+
+	if err = r.eventstore.PushAggregate(ctx, writeModel, aggregate); err != nil {
+		return nil, err
+	}
+
+	return writeModelToIDPProvider(writeModel), nil
+}
+
+func (r *Repository) RemoveIDPProviderFromLoginPolicy(ctx context.Context, idpProvider *iam_model.IDPProvider) error {
+	writeModel := iam.NewLoginPolicyIDPProviderWriteModel(idpProvider.AggregateID, idpProvider.IdpConfigID)
+	err := r.eventstore.FilterToQueryReducer(ctx, writeModel)
+	if err != nil {
+		return err
+	}
+	aggregate := iam.AggregateFromWriteModel(&writeModel.WriteModel).
+		PushLoginPolicyIDPProviderAddedEvent(ctx, idpProvider.IdpConfigID, provider.Type(idpProvider.Type))
+
+	return r.eventstore.PushAggregate(ctx, writeModel, aggregate)
+}

internal/v2/repository/iam/aggregate.go

@@ -7,6 +7,7 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
 	"github.com/caos/zitadel/internal/v2/repository/idp"
 	"github.com/caos/zitadel/internal/v2/repository/idp/oidc"
+	"github.com/caos/zitadel/internal/v2/repository/idp/provider"
 )
 
 const (
@@ -62,11 +63,6 @@ func (a *Aggregate) PushMemberAdded(ctx context.Context, userID string, roles ..
 	return a
 }
 
-func (a *Aggregate) PushMemberChanged(ctx context.Context, changed *MemberWriteModel) *Aggregate {
-	a.Aggregate = *a.PushEvents(NewMemberChangedEvent(ctx, changed.UserID, changed.Roles...))
-	return a
-}
-
 func (a *Aggregate) PushMemberChangedFromExisting(ctx context.Context, current *MemberWriteModel, roles ...string) *Aggregate {
 	e, err := MemberChangedEventFromExisting(ctx, current, roles...)
 	if err != nil {
@@ -167,3 +163,21 @@ func (a *Aggregate) PushIDPOIDCConfigChanged(
 	a.Aggregate = *a.PushEvents(event)
 	return a
 }
+
+func (a *Aggregate) PushLoginPolicyIDPProviderAddedEvent(
+	ctx context.Context,
+	idpConfigID string,
+	providerType provider.Type,
+) *Aggregate {
+	a.Aggregate = *a.PushEvents(NewLoginPolicyIDPProviderAddedEvent(ctx, idpConfigID, providerType))
+	return a
+}
+
+func (a *Aggregate) PushLoginPolicyIDPProviderRemovedEvent(
+	ctx context.Context,
+	idpConfigID string,
+	providerType provider.Type,
+) *Aggregate {
+	a.Aggregate = *a.PushEvents(NewLoginPolicyIDPProviderRemovedEvent(ctx, idpConfigID))
+	return a
+}

internal/v2/repository/iam/eventstore.go

@@ -0,0 +1,26 @@
+package iam
+
+import (
+	"github.com/caos/zitadel/internal/eventstore/v2"
+)
+
+func RegisterEventMappers(es *eventstore.Eventstore) {
+	es.RegisterFilterEventMapper(SetupStartedEventType, SetupStepMapper).
+		RegisterFilterEventMapper(SetupDoneEventType, SetupStepMapper).
+		RegisterFilterEventMapper(GlobalOrgSetEventType, GlobalOrgSetMapper).
+		RegisterFilterEventMapper(ProjectSetEventType, ProjectSetMapper).
+		RegisterFilterEventMapper(LabelPolicyAddedEventType, LabelPolicyAddedEventMapper).
+		RegisterFilterEventMapper(LabelPolicyChangedEventType, LabelPolicyChangedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyAddedEventType, LoginPolicyAddedEventMapper).
+		RegisterFilterEventMapper(LoginPolicyChangedEventType, LoginPolicyChangedEventMapper).
+		RegisterFilterEventMapper(OrgIAMPolicyAddedEventType, OrgIAMPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordAgePolicyAddedEventType, PasswordAgePolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordAgePolicyChangedEventType, PasswordAgePolicyChangedEventMapper).
+		RegisterFilterEventMapper(PasswordComplexityPolicyAddedEventType, PasswordComplexityPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordComplexityPolicyChangedEventType, PasswordComplexityPolicyChangedEventMapper).
+		RegisterFilterEventMapper(PasswordLockoutPolicyAddedEventType, PasswordLockoutPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PasswordLockoutPolicyChangedEventType, PasswordLockoutPolicyChangedEventMapper).
+		RegisterFilterEventMapper(MemberAddedEventType, MemberAddedEventMapper).
+		RegisterFilterEventMapper(MemberChangedEventType, MemberChangedEventMapper).
+		RegisterFilterEventMapper(MemberRemovedEventType, MemberRemovedEventMapper)
+}

internal/v2/repository/iam/idp_config.go

@@ -166,7 +166,7 @@ func IDPConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader,
 		return nil, err
 	}
 
-	return &IDPConfigAddedEvent{ConfigAddedEvent: *e}, nil
+	return &IDPConfigAddedEvent{ConfigAddedEvent: *e.(*idp.ConfigAddedEvent)}, nil
 }
 
 type IDPConfigChangedEvent struct {
@@ -206,7 +206,7 @@ func IDPConfigChangedEventMapper(event *repository.Event) (eventstore.EventReade
 		return nil, err
 	}
 
-	return &IDPConfigChangedEvent{ConfigChangedEvent: *e}, nil
+	return &IDPConfigChangedEvent{ConfigChangedEvent: *e.(*idp.ConfigChangedEvent)}, nil
 }
 
 type IDPConfigRemovedEvent struct {
@@ -235,7 +235,7 @@ func IDPConfigRemovedEventMapper(event *repository.Event) (eventstore.EventReade
 		return nil, err
 	}
 
-	return &IDPConfigRemovedEvent{ConfigRemovedEvent: *e}, nil
+	return &IDPConfigRemovedEvent{ConfigRemovedEvent: *e.(*idp.ConfigRemovedEvent)}, nil
 }
 
 type IDPConfigDeactivatedEvent struct {
@@ -264,7 +264,7 @@ func IDPConfigDeactivatedEventMapper(event *repository.Event) (eventstore.EventR
 		return nil, err
 	}
 
-	return &IDPConfigDeactivatedEvent{ConfigDeactivatedEvent: *e}, nil
+	return &IDPConfigDeactivatedEvent{ConfigDeactivatedEvent: *e.(*idp.ConfigDeactivatedEvent)}, nil
 }
 
 type IDPConfigReactivatedEvent struct {
@@ -293,5 +293,5 @@ func IDPConfigReactivatedEventMapper(event *repository.Event) (eventstore.EventR
 		return nil, err
 	}
 
-	return &IDPConfigReactivatedEvent{ConfigReactivatedEvent: *e}, nil
+	return &IDPConfigReactivatedEvent{ConfigReactivatedEvent: *e.(*idp.ConfigReactivatedEvent)}, nil
 }

internal/v2/repository/iam/idp_oidc_config.go

@@ -99,7 +99,7 @@ func IDPOIDCConfigAddedEventMapper(event *repository.Event) (eventstore.EventRea
 		return nil, err
 	}
 
-	return &IDPOIDCConfigAddedEvent{ConfigAddedEvent: *e}, nil
+	return &IDPOIDCConfigAddedEvent{ConfigAddedEvent: *e.(*oidc.ConfigAddedEvent)}, nil
 }
 
 type IDPOIDCConfigChangedEvent struct {
@@ -146,5 +146,5 @@ func IDPOIDCConfigChangedEventMapper(event *repository.Event) (eventstore.EventR
 		return nil, err
 	}
 
-	return &IDPOIDCConfigChangedEvent{ConfigChangedEvent: *e}, nil
+	return &IDPOIDCConfigChangedEvent{ConfigChangedEvent: *e.(*oidc.ConfigChangedEvent)}, nil
 }

internal/v2/repository/iam/member.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
 	"github.com/caos/zitadel/internal/v2/repository/member"
 )
 
@@ -31,30 +32,48 @@ func (rm *MemberReadModel) AppendEvents(events ...eventstore.EventReader) {
 }
 
 type MemberWriteModel struct {
-	member.WriteModel
+	eventstore.WriteModel
+	Member member.WriteModel
+
+	userID string
+	iamID  string
 }
 
 func NewMemberReadModel(iamID, userID string) *MemberWriteModel {
 	return &MemberWriteModel{
-		WriteModel: *member.NewWriteModel(userID, AggregateType, iamID),
+		userID: userID,
+		iamID:  iamID,
 	}
 }
 
 func (wm *MemberWriteModel) AppendEvents(events ...eventstore.EventReader) {
+	wm.WriteModel.AppendEvents(events...)
 	for _, event := range events {
 		switch e := event.(type) {
 		case *MemberAddedEvent:
-			wm.WriteModel.AppendEvents(&e.AddedEvent)
+			if e.UserID != wm.userID {
+				continue
+			}
+			wm.Member.AppendEvents(&e.AddedEvent)
 		case *MemberChangedEvent:
-			wm.WriteModel.AppendEvents(&e.ChangedEvent)
+			if e.UserID != wm.userID {
+				continue
+			}
+			wm.Member.AppendEvents(&e.ChangedEvent)
 		case *MemberRemovedEvent:
-			wm.WriteModel.AppendEvents(&e.RemovedEvent)
+			if e.UserID != wm.userID {
-		default:
+				continue
-			wm.WriteModel.AppendEvents(e)
+			}
+			wm.Member.AppendEvents(&e.RemovedEvent)
 		}
 	}
 }
 
+func (wm *MemberWriteModel) Query() *eventstore.SearchQueryFactory {
+	return eventstore.NewSearchQueryFactory(eventstore.ColumnsEvent, AggregateType).
+		AggregateIDs(wm.iamID)
+}
+
 type MemberAddedEvent struct {
 	member.AddedEvent
 }
@@ -77,6 +96,15 @@ func NewMemberAddedEvent(
 	}
 }
 
+func MemberAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := member.AddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MemberAddedEvent{AddedEvent: *e.(*member.AddedEvent)}, nil
+}
+
 type MemberChangedEvent struct {
 	member.ChangedEvent
 }
@@ -92,7 +120,7 @@ func MemberChangedEventFromExisting(
 			ctx,
 			MemberChangedEventType,
 		),
-		&current.WriteModel,
+		&current.Member,
 		roles...,
 	)
 	if err != nil {
@@ -104,22 +132,13 @@ func MemberChangedEventFromExisting(
 	}, nil
 }
 
-func NewMemberChangedEvent(
+func MemberChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
-	ctx context.Context,
+	e, err := member.ChangedEventMapper(event)
-	userID string,
+	if err != nil {
-	roles ...string,
+		return nil, err
-) *MemberChangedEvent {
-
-	return &MemberChangedEvent{
-		ChangedEvent: *member.NewChangedEvent(
-			eventstore.NewBaseEventForPush(
-				ctx,
-				MemberChangedEventType,
-			),
-			userID,
-			roles...,
-		),
 	}
+
+	return &MemberChangedEvent{ChangedEvent: *e.(*member.ChangedEvent)}, nil
 }
 
 type MemberRemovedEvent struct {
@@ -141,3 +160,12 @@ func NewMemberRemovedEvent(
 		),
 	}
 }
+
+func MemberRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := member.RemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &MemberRemovedEvent{RemovedEvent: *e.(*member.RemovedEvent)}, nil
+}

internal/v2/repository/iam/members.go

@@ -2,7 +2,6 @@ package iam
 
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
-	"github.com/caos/zitadel/internal/v2/repository/member"
 	"github.com/caos/zitadel/internal/v2/repository/members"
 )
 
@@ -19,11 +18,6 @@ func (rm *MembersReadModel) AppendEvents(events ...eventstore.EventReader) {
 			rm.ReadModel.AppendEvents(&e.ChangedEvent)
 		case *MemberRemovedEvent:
 			rm.ReadModel.AppendEvents(&e.RemovedEvent)
-		case *member.AddedEvent,
-			*member.ChangedEvent,
-			*member.RemovedEvent:
-
-			rm.ReadModel.AppendEvents(e)
 		}
 	}
 }

internal/v2/repository/iam/policy_label.go

@@ -2,6 +2,7 @@ package iam
 
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
 	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
@@ -29,10 +30,28 @@ type LabelPolicyAddedEvent struct {
 	policy.LabelPolicyAddedEvent
 }
 
+func LabelPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LabelPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyAddedEvent{LabelPolicyAddedEvent: *e.(*policy.LabelPolicyAddedEvent)}, nil
+}
+
 type LabelPolicyChangedEvent struct {
 	policy.LabelPolicyChangedEvent
 }
 
+func LabelPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LabelPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LabelPolicyChangedEvent{LabelPolicyChangedEvent: *e.(*policy.LabelPolicyChangedEvent)}, nil
+}
+
 // func NewLabelPolicyAddedEvent(
 // 	ctx context.Context,
 // 	primaryColor,

internal/v2/repository/iam/policy_login.go

@@ -1,13 +1,20 @@
 package iam
 
 import (
+	"context"
+
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
+	"github.com/caos/zitadel/internal/v2/repository/idp/provider"
 	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
 var (
 	LoginPolicyAddedEventType   = iamEventTypePrefix + policy.LoginPolicyAddedEventType
 	LoginPolicyChangedEventType = iamEventTypePrefix + policy.LoginPolicyChangedEventType
+
+	LoginPolicyIDPProviderAddedEventType   = iamEventTypePrefix + policy.LoginPolicyIDPProviderAddedEventType
+	LoginPolicyIDPProviderRemovedEventType = iamEventTypePrefix + policy.LoginPolicyIDPProviderRemovedEventType
 )
 
 type LoginPolicyReadModel struct{ policy.LoginPolicyReadModel }
@@ -29,6 +36,136 @@ type LoginPolicyAddedEvent struct {
 	policy.LoginPolicyAddedEvent
 }
 
+func LoginPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LoginPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyAddedEvent{LoginPolicyAddedEvent: *e.(*policy.LoginPolicyAddedEvent)}, nil
+}
+
 type LoginPolicyChangedEvent struct {
 	policy.LoginPolicyChangedEvent
 }
+
+func LoginPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.LoginPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyChangedEvent{LoginPolicyChangedEvent: *e.(*policy.LoginPolicyChangedEvent)}, nil
+}
+
+type LoginPolicyIDPProviderWriteModel struct {
+	eventstore.WriteModel
+	policy.IDPProviderWriteModel
+
+	idpConfigID string
+	iamID       string
+
+	IsRemoved bool
+}
+
+func NewLoginPolicyIDPProviderWriteModel(iamID, idpConfigID string) *LoginPolicyIDPProviderWriteModel {
+	return &LoginPolicyIDPProviderWriteModel{
+		iamID:       iamID,
+		idpConfigID: idpConfigID,
+	}
+}
+
+func (wm *LoginPolicyIDPProviderWriteModel) AppendEvents(events ...eventstore.EventReader) {
+	wm.WriteModel.AppendEvents(events...)
+	for _, event := range events {
+		switch e := event.(type) {
+		case *LoginPolicyIDPProviderAddedEvent:
+			if e.IDPConfigID != wm.idpConfigID {
+				continue
+			}
+			wm.IDPProviderWriteModel.AppendEvents(&e.IDPProviderAddedEvent)
+		}
+	}
+}
+
+func (wm *LoginPolicyIDPProviderWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *LoginPolicyIDPProviderAddedEvent:
+			if e.IDPConfigID != wm.idpConfigID {
+				continue
+			}
+			wm.IsRemoved = false
+		case *LoginPolicyIDPProviderRemovedEvent:
+			if e.IDPConfigID != wm.idpConfigID {
+				continue
+			}
+			wm.IsRemoved = true
+		}
+	}
+	if err := wm.IDPProviderWriteModel.Reduce(); err != nil {
+		return err
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *LoginPolicyIDPProviderWriteModel) Query() *eventstore.SearchQueryFactory {
+	return eventstore.NewSearchQueryFactory(eventstore.ColumnsEvent, AggregateType).
+		AggregateIDs(wm.iamID)
+}
+
+type LoginPolicyIDPProviderAddedEvent struct {
+	policy.IDPProviderAddedEvent
+}
+
+func NewLoginPolicyIDPProviderAddedEvent(
+	ctx context.Context,
+	idpConfigID string,
+	idpProviderType provider.Type,
+) *LoginPolicyIDPProviderAddedEvent {
+
+	return &LoginPolicyIDPProviderAddedEvent{
+		IDPProviderAddedEvent: *policy.NewIDPProviderAddedEvent(
+			eventstore.NewBaseEventForPush(ctx, LoginPolicyIDPProviderAddedEventType),
+			idpConfigID,
+			provider.TypeSystem),
+	}
+}
+
+func IDPProviderAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.IDPProviderAddedEventEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyIDPProviderAddedEvent{
+		IDPProviderAddedEvent: *e.(*policy.IDPProviderAddedEvent),
+	}, nil
+}
+
+type LoginPolicyIDPProviderRemovedEvent struct {
+	policy.IDPProviderRemovedEvent
+}
+
+func NewLoginPolicyIDPProviderRemovedEvent(
+	ctx context.Context,
+	idpConfigID string,
+) *LoginPolicyIDPProviderRemovedEvent {
+
+	return &LoginPolicyIDPProviderRemovedEvent{
+		IDPProviderRemovedEvent: *policy.NewIDPProviderRemovedEvent(
+			eventstore.NewBaseEventForPush(ctx, LoginPolicyIDPProviderRemovedEventType),
+			idpConfigID),
+	}
+}
+
+func IDPProviderRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.IDPProviderRemovedEventEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &LoginPolicyIDPProviderRemovedEvent{
+		IDPProviderRemovedEvent: *e.(*policy.IDPProviderRemovedEvent),
+	}, nil
+}

internal/v2/repository/iam/policy_org_iam.go

@@ -2,6 +2,7 @@ package iam
 
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
 	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
@@ -25,3 +26,12 @@ func (rm *OrgIAMPolicyReadModel) AppendEvents(events ...eventstore.EventReader)
 type OrgIAMPolicyAddedEvent struct {
 	policy.OrgIAMPolicyAddedEvent
 }
+
+func OrgIAMPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.OrgIAMPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &OrgIAMPolicyAddedEvent{OrgIAMPolicyAddedEvent: *e.(*policy.OrgIAMPolicyAddedEvent)}, nil
+}

internal/v2/repository/iam/policy_password_age.go

@@ -2,6 +2,7 @@ package iam
 
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
 	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
@@ -33,6 +34,24 @@ type PasswordAgePolicyAddedEvent struct {
 	policy.PasswordAgePolicyAddedEvent
 }
 
+func PasswordAgePolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordAgePolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordAgePolicyAddedEvent{PasswordAgePolicyAddedEvent: *e.(*policy.PasswordAgePolicyAddedEvent)}, nil
+}
+
 type PasswordAgePolicyChangedEvent struct {
 	policy.PasswordAgePolicyChangedEvent
 }
+
+func PasswordAgePolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordAgePolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordAgePolicyChangedEvent{PasswordAgePolicyChangedEvent: *e.(*policy.PasswordAgePolicyChangedEvent)}, nil
+}

internal/v2/repository/iam/policy_password_complexity.go

@@ -2,6 +2,7 @@ package iam
 
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
 	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
@@ -33,6 +34,24 @@ type PasswordComplexityPolicyAddedEvent struct {
 	policy.PasswordComplexityPolicyAddedEvent
 }
 
+func PasswordComplexityPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordComplexityPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordComplexityPolicyAddedEvent{PasswordComplexityPolicyAddedEvent: *e.(*policy.PasswordComplexityPolicyAddedEvent)}, nil
+}
+
 type PasswordComplexityPolicyChangedEvent struct {
 	policy.PasswordComplexityPolicyChangedEvent
 }
+
+func PasswordComplexityPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordComplexityPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordComplexityPolicyChangedEvent{PasswordComplexityPolicyChangedEvent: *e.(*policy.PasswordComplexityPolicyChangedEvent)}, nil
+}

internal/v2/repository/iam/policy_password_lockout.go

@@ -2,6 +2,7 @@ package iam
 
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
 	"github.com/caos/zitadel/internal/v2/repository/policy"
 )
 
@@ -31,6 +32,24 @@ type PasswordLockoutPolicyAddedEvent struct {
 	policy.PasswordLockoutPolicyAddedEvent
 }
 
+func PasswordLockoutPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordLockoutPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordLockoutPolicyAddedEvent{PasswordLockoutPolicyAddedEvent: *e.(*policy.PasswordLockoutPolicyAddedEvent)}, nil
+}
+
 type PasswordLockoutPolicyChangedEvent struct {
 	policy.PasswordLockoutPolicyChangedEvent
 }
+
+func PasswordLockoutPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PasswordLockoutPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PasswordLockoutPolicyChangedEvent{PasswordLockoutPolicyChangedEvent: *e.(*policy.PasswordLockoutPolicyChangedEvent)}, nil
+}

internal/v2/repository/idp/config.go

@@ -47,16 +47,3 @@ const (
 func (f StylingType) Valid() bool {
 	return f >= 0 && f < stylingTypeCount
 }
-
-type ProviderType int8
-
-const (
-	ProviderTypeSystem ProviderType = iota
-	ProviderTypeOrg
-
-	providerTypeCount
-)
-
-func (f ProviderType) Valid() bool {
-	return f >= 0 && f < providerTypeCount
-}

internal/v2/repository/idp/config_read_model.go

@@ -3,6 +3,7 @@ package idp
 import (
 	"github.com/caos/zitadel/internal/eventstore/v2"
 	"github.com/caos/zitadel/internal/v2/repository/idp/oidc"
+	"github.com/caos/zitadel/internal/v2/repository/idp/provider"
 )
 
 type ConfigReadModel struct {
@@ -12,7 +13,7 @@ type ConfigReadModel struct {
 	ConfigID     string
 	Name         string
 	StylingType  StylingType
-	ProviderType ProviderType
+	ProviderType provider.Type
 
 	OIDCConfig *oidc.ConfigReadModel
 }

internal/v2/repository/idp/event_config_added.go

@@ -42,7 +42,7 @@ func (e *ConfigAddedEvent) Data() interface{} {
 	return e
 }
 
-func ConfigAddedEventMapper(event *repository.Event) (*ConfigAddedEvent, error) {
+func ConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigAddedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/event_config_changed.go

@@ -53,7 +53,7 @@ func (e *ConfigChangedEvent) Data() interface{} {
 	return e
 }
 
-func ConfigChangedEventMapper(event *repository.Event) (*ConfigChangedEvent, error) {
+func ConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigChangedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/event_config_deactivated.go

@@ -33,7 +33,7 @@ func (e *ConfigDeactivatedEvent) Data() interface{} {
 	return e
 }
 
-func ConfigDeactivatedEventMapper(event *repository.Event) (*ConfigDeactivatedEvent, error) {
+func ConfigDeactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigDeactivatedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/event_config_reactivated.go

@@ -33,7 +33,7 @@ func (e *ConfigReactivatedEvent) Data() interface{} {
 	return e
 }
 
-func ConfigReactivatedEventMapper(event *repository.Event) (*ConfigReactivatedEvent, error) {
+func ConfigReactivatedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigReactivatedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/event_config_removed.go

@@ -33,7 +33,7 @@ func (e *ConfigRemovedEvent) Data() interface{} {
 	return e
 }
 
-func ConfigRemovedEventMapper(event *repository.Event) (*ConfigRemovedEvent, error) {
+func ConfigRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigRemovedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/oidc/event_added.go

@@ -53,7 +53,7 @@ func NewConfigAddedEvent(
 	}
 }
 
-func ConfigAddedEventMapper(event *repository.Event) (*ConfigAddedEvent, error) {
+func ConfigAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigAddedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/oidc/event_changed.go

@@ -91,7 +91,7 @@ func NewConfigChangedEvent(
 	return event, nil
 }
 
-func ConfigChangedEventMapper(event *repository.Event) (*ConfigChangedEvent, error) {
+func ConfigChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &ConfigChangedEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}

internal/v2/repository/idp/provider/event_added.go

@@ -0,0 +1,54 @@
+package provider
+
+import (
+	"encoding/json"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
+)
+
+const (
+	AddedEventType = "idpprovider.added"
+)
+
+type AddedEvent struct {
+	eventstore.BaseEvent
+
+	IDPConfigID     string `json:"idpConfigId"`
+	IDPProviderType Type   `json:"idpProviderType"`
+}
+
+func (e *AddedEvent) CheckPrevious() bool {
+	return true
+}
+
+func (e *AddedEvent) Data() interface{} {
+	return e
+}
+
+func NewAddedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+	idpProviderType Type,
+) *AddedEvent {
+
+	return &AddedEvent{
+		BaseEvent:       *base,
+		IDPConfigID:     idpConfigID,
+		IDPProviderType: idpProviderType,
+	}
+}
+
+func AddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &AddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "PROVI-bfNnp", "Errors.Internal")
+	}
+
+	return e, nil
+}

internal/v2/repository/idp/provider/event_removed.go

@@ -0,0 +1,51 @@
+package provider
+
+import (
+	"encoding/json"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/v2"
+	"github.com/caos/zitadel/internal/eventstore/v2/repository"
+)
+
+const (
+	RemovedEventType = "idpprovider.removed"
+)
+
+type RemovedEvent struct {
+	eventstore.BaseEvent
+
+	IDPConfigID string `json:"idpConfigId"`
+}
+
+func (e *RemovedEvent) CheckPrevious() bool {
+	return true
+}
+
+func (e *RemovedEvent) Data() interface{} {
+	return e
+}
+
+func NewRemovedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+) *RemovedEvent {
+
+	return &RemovedEvent{
+		BaseEvent:   *base,
+		IDPConfigID: idpConfigID,
+	}
+}
+
+func RemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &RemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "PROVI-6H0KQ", "Errors.Internal")
+	}
+
+	return e, nil
+}

internal/v2/repository/idp/provider/type.go

@@ -0,0 +1,14 @@
+package provider
+
+type Type int8
+
+const (
+	TypeSystem Type = iota
+	TypeOrg
+
+	typeCount
+)
+
+func (f Type) Valid() bool {
+	return f >= 0 && f < typeCount
+}

internal/v2/repository/idp/provider/write_model.go

@@ -0,0 +1,21 @@
+package provider
+
+import "github.com/caos/zitadel/internal/eventstore/v2"
+
+type WriteModel struct {
+	eventstore.WriteModel
+
+	IDPConfigID     string
+	IDPProviderType Type
+}
+
+func (wm *WriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *AddedEvent:
+			wm.IDPConfigID = e.IDPConfigID
+			wm.IDPProviderType = e.IDPProviderType
+		}
+	}
+	return wm.WriteModel.Reduce()
+}

internal/v2/repository/member/event_changed.go

@@ -35,7 +35,7 @@ func ChangeEventFromExisting(
 	roles ...string,
 ) (*ChangedEvent, error) {
 
-	change := NewChangedEvent(base, current.userID)
+	change := NewChangedEvent(base, current.UserID)
 	hasChanged := false
 
 	sort.Strings(current.Roles)

internal/v2/repository/member/read_model.go

@@ -11,8 +11,8 @@ type ReadModel struct {
 	Roles  []string
 }
 
-//NewMemberReadModel is the default constructor of ReadModel
+//NewReadModel is the default constructor of ReadModel
-func NewMemberReadModel(userID string) *ReadModel {
+func NewReadModel(userID string) *ReadModel {
 	return &ReadModel{
 		UserID: userID,
 	}
@@ -23,10 +23,8 @@ func (rm *ReadModel) Reduce() error {
 	for _, event := range rm.Events {
 		switch e := event.(type) {
 		case *AddedEvent:
-			rm.UserID = e.UserID
 			rm.Roles = e.Roles
 		case *ChangedEvent:
-			rm.UserID = e.UserID
 			rm.Roles = e.Roles
 		}
 	}

internal/v2/repository/member/write_model.go

@@ -11,23 +11,11 @@ type WriteModel struct {
 	UserID    string
 	Roles     []string
 	IsRemoved bool
-
-	userID        string
-	aggregateType eventstore.AggregateType
-	aggregateID   string
 }
 
-func NewWriteModel(
+func NewWriteModel(userID string) *WriteModel {
-	userID string,
-	aggregateType eventstore.AggregateType,
-	aggregateID string,
-) *WriteModel {
-
 	return &WriteModel{
-		WriteModel:    *eventstore.NewWriteModel(),
+		UserID: userID,
-		userID:        userID,
-		aggregateType: aggregateType,
-		aggregateID:   aggregateID,
 	}
 }
 
@@ -36,21 +24,11 @@ func (wm *WriteModel) Reduce() error {
 	for _, event := range wm.Events {
 		switch e := event.(type) {
 		case *AddedEvent:
-			if e.UserID != wm.userID {
-				continue
-			}
 			wm.UserID = e.UserID
 			wm.Roles = e.Roles
 		case *ChangedEvent:
-			if e.UserID != wm.userID {
-				continue
-			}
-			wm.UserID = e.UserID
 			wm.Roles = e.Roles
 		case *RemovedEvent:
-			if e.UserID != wm.userID {
-				continue
-			}
 			wm.Roles = nil
 			wm.IsRemoved = true
 		}
@@ -58,7 +36,7 @@ func (wm *WriteModel) Reduce() error {
 	return wm.WriteModel.Reduce()
 }
 
-func (wm *WriteModel) Query() *eventstore.SearchQueryFactory {
+// func (wm *WriteModel) Query() *eventstore.SearchQueryFactory {
-	return eventstore.NewSearchQueryFactory(eventstore.ColumnsEvent, wm.aggregateType).
+// 	return eventstore.NewSearchQueryFactory(eventstore.ColumnsEvent, wm.aggregateType).
-		AggregateIDs(wm.aggregateID)
+// 		AggregateIDs(wm.aggregateID)
-}
+// }

internal/v2/repository/members/read_models.go

@@ -24,7 +24,7 @@ func (rm *ReadModel) AppendEvents(events ...eventstore.EventReader) {
 	for _, event := range events {
 		switch e := event.(type) {
 		case *member.AddedEvent:
-			m := member.NewMemberReadModel(e.UserID)
+			m := member.NewReadModel(e.UserID)
 			rm.Members = append(rm.Members, m)
 			m.AppendEvents(e)
 		case *member.ChangedEvent:

internal/v2/repository/policy/label.go

@@ -1,7 +1,6 @@
 package policy
 
 import (
-	"context"
 	"encoding/json"
 
 	"github.com/caos/zitadel/internal/errors"
@@ -17,9 +16,6 @@ const (
 
 type LabelPolicyAggregate struct {
 	eventstore.Aggregate
-
-	PrimaryColor   string
-	SecondaryColor string
 }
 
 type LabelPolicyReadModel struct {
@@ -43,6 +39,17 @@ func (rm *LabelPolicyReadModel) Reduce() error {
 	return rm.ReadModel.Reduce()
 }
 
+type LabelPolicyWriteModel struct {
+	eventstore.WriteModel
+
+	PrimaryColor   string
+	SecondaryColor string
+}
+
+func (wm *LabelPolicyWriteModel) Reduce() error {
+	return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
+}
+
 type LabelPolicyAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
@@ -59,16 +66,13 @@ func (e *LabelPolicyAddedEvent) Data() interface{} {
 }
 
 func NewLabelPolicyAddedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	primaryColor,
 	secondaryColor string,
 ) *LabelPolicyAddedEvent {
 
 	return &LabelPolicyAddedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent:      *base,
-			ctx,
-			LabelPolicyAddedEventType,
-		),
 		PrimaryColor:   primaryColor,
 		SecondaryColor: secondaryColor,
 	}
@@ -103,22 +107,20 @@ func (e *LabelPolicyChangedEvent) Data() interface{} {
 }
 
 func NewLabelPolicyChangedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
-	current,
+	current *LabelPolicyWriteModel,
-	changed *LabelPolicyAggregate,
+	primaryColor,
+	secondaryColor string,
 ) *LabelPolicyChangedEvent {
 
 	e := &LabelPolicyChangedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			LabelPolicyChangedEventType,
-		),
 	}
-	if current.PrimaryColor != changed.PrimaryColor {
+	if primaryColor != "" && current.PrimaryColor != primaryColor {
-		e.PrimaryColor = changed.PrimaryColor
+		e.PrimaryColor = primaryColor
 	}
-	if current.SecondaryColor != changed.SecondaryColor {
+	if secondaryColor != "" && current.SecondaryColor != secondaryColor {
-		e.SecondaryColor = changed.SecondaryColor
+		e.SecondaryColor = secondaryColor
 	}
 
 	return e
@@ -149,12 +151,9 @@ func (e *LabelPolicyRemovedEvent) Data() interface{} {
 	return nil
 }
 
-func NewLabelPolicyRemovedEvent(ctx context.Context) *LabelPolicyRemovedEvent {
+func NewLabelPolicyRemovedEvent(base *eventstore.BaseEvent) *LabelPolicyRemovedEvent {
 	return &LabelPolicyRemovedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			LabelPolicyRemovedEventType,
-		),
 	}
 }
 

internal/v2/repository/policy/login.go

@@ -1,26 +1,24 @@
 package policy
 
 import (
-	"context"
 	"encoding/json"
 
 	"github.com/caos/zitadel/internal/errors"
 	"github.com/caos/zitadel/internal/eventstore/v2"
 	"github.com/caos/zitadel/internal/eventstore/v2/repository"
+	"github.com/caos/zitadel/internal/v2/repository/idp/provider"
 )
 
 const (
-	LoginPolicyAddedEventType   = "policy.login.added"
+	LoginPolicyAddedEventType              = "policy.login.added"
-	LoginPolicyChangedEventType = "policy.login.changed"
+	LoginPolicyChangedEventType            = "policy.login.changed"
-	LoginPolicyRemovedEventType = "policy.login.removed"
+	LoginPolicyRemovedEventType            = "policy.login.removed"
+	LoginPolicyIDPProviderAddedEventType   = "policy.login." + provider.AddedEventType
+	LoginPolicyIDPProviderRemovedEventType = "policy.login." + provider.RemovedEventType
 )
 
 type LoginPolicyAggregate struct {
 	eventstore.Aggregate
-
-	AllowUserNamePassword bool
-	AllowRegister         bool
-	AllowExternalIDP      bool
 }
 
 type LoginPolicyReadModel struct {
@@ -47,13 +45,24 @@ func (rm *LoginPolicyReadModel) Reduce() error {
 	return rm.ReadModel.Reduce()
 }
 
+type LoginPolicyWriteModel struct {
+	eventstore.WriteModel
+
+	AllowUserNamePassword bool
+	AllowRegister         bool
+	AllowExternalIDP      bool
+}
+
+func (wm *LoginPolicyWriteModel) Reduce() error {
+	return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
+}
+
 type LoginPolicyAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
 	AllowUserNamePassword bool `json:"allowUsernamePassword"`
 	AllowRegister         bool `json:"allowRegister"`
 	AllowExternalIDP      bool `json:"allowExternalIdp"`
-	// TODO: IDPProviders
 }
 
 func (e *LoginPolicyAddedEvent) CheckPrevious() bool {
@@ -65,17 +74,14 @@ func (e *LoginPolicyAddedEvent) Data() interface{} {
 }
 
 func NewLoginPolicyAddedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	allowUserNamePassword,
 	allowRegister,
 	allowExternalIDP bool,
 ) *LoginPolicyAddedEvent {
 
 	return &LoginPolicyAddedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent:             *base,
-			ctx,
-			LoginPolicyAddedEventType,
-		),
 		AllowExternalIDP:      allowExternalIDP,
 		AllowRegister:         allowRegister,
 		AllowUserNamePassword: allowUserNamePassword,
@@ -112,26 +118,25 @@ func (e *LoginPolicyChangedEvent) Data() interface{} {
 }
 
 func NewLoginPolicyChangedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
-	current,
+	current *LoginPolicyWriteModel,
-	changed *LoginPolicyAggregate,
+	allowUserNamePassword,
+	allowRegister,
+	allowExternalIDP bool,
 ) *LoginPolicyChangedEvent {
 
 	e := &LoginPolicyChangedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			LoginPolicyChangedEventType,
-		),
 	}
 
-	if current.AllowUserNamePassword != changed.AllowUserNamePassword {
+	if current.AllowUserNamePassword != allowUserNamePassword {
-		e.AllowUserNamePassword = changed.AllowUserNamePassword
+		e.AllowUserNamePassword = allowUserNamePassword
 	}
-	if current.AllowRegister != changed.AllowRegister {
+	if current.AllowRegister != allowRegister {
-		e.AllowRegister = changed.AllowRegister
+		e.AllowRegister = allowRegister
 	}
-	if current.AllowExternalIDP != changed.AllowExternalIDP {
+	if current.AllowExternalIDP != allowExternalIDP {
-		e.AllowExternalIDP = changed.AllowExternalIDP
+		e.AllowExternalIDP = allowExternalIDP
 	}
 
 	return e
@@ -162,12 +167,9 @@ func (e *LoginPolicyRemovedEvent) Data() interface{} {
 	return nil
 }
 
-func NewLoginPolicyRemovedEvent(ctx context.Context) *LoginPolicyRemovedEvent {
+func NewLoginPolicyRemovedEvent(base *eventstore.BaseEvent) *LoginPolicyRemovedEvent {
 	return &LoginPolicyRemovedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			LoginPolicyRemovedEventType,
-		),
 	}
 }
 
@@ -176,3 +178,70 @@ func LoginPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventRea
 		BaseEvent: *eventstore.BaseEventFromRepo(event),
 	}, nil
 }
+
+type IDPProviderWriteModel struct {
+	provider.WriteModel
+}
+
+func (wm *IDPProviderWriteModel) AppendEvents(events ...eventstore.EventReader) {
+	for _, event := range events {
+		switch e := event.(type) {
+		case *IDPProviderAddedEvent:
+			wm.WriteModel.AppendEvents(&e.AddedEvent)
+		}
+	}
+}
+
+type IDPProviderAddedEvent struct {
+	provider.AddedEvent
+}
+
+func NewIDPProviderAddedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+	idpProviderType provider.Type,
+) *IDPProviderAddedEvent {
+
+	return &IDPProviderAddedEvent{
+		AddedEvent: *provider.NewAddedEvent(
+			base,
+			idpConfigID,
+			idpProviderType),
+	}
+}
+
+func IDPProviderAddedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := provider.AddedEventEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPProviderAddedEvent{
+		AddedEvent: *e.(*provider.AddedEvent),
+	}, nil
+}
+
+type IDPProviderRemovedEvent struct {
+	provider.RemovedEvent
+}
+
+func NewIDPProviderRemovedEvent(
+	base *eventstore.BaseEvent,
+	idpConfigID string,
+) *IDPProviderRemovedEvent {
+
+	return &IDPProviderRemovedEvent{
+		RemovedEvent: *provider.NewRemovedEvent(base, idpConfigID),
+	}
+}
+
+func IDPProviderRemovedEventEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := provider.RemovedEventEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &IDPProviderRemovedEvent{
+		RemovedEvent: *e.(*provider.RemovedEvent),
+	}, nil
+}

internal/v2/repository/policy/org_iam.go

@@ -1,7 +1,6 @@
 package policy
 
 import (
-	"context"
 	"encoding/json"
 
 	"github.com/caos/zitadel/internal/errors"
@@ -15,8 +14,6 @@ const (
 
 type OrgIAMPolicyAggregate struct {
 	eventstore.Aggregate
-
-	UserLoginMustBeDomain bool
 }
 
 type OrgIAMPolicyReadModel struct {
@@ -35,6 +32,16 @@ func (rm *OrgIAMPolicyReadModel) Reduce() error {
 	return rm.ReadModel.Reduce()
 }
 
+type OrgIAMPolicyWriteModel struct {
+	eventstore.WriteModel
+
+	UserLoginMustBeDomain bool
+}
+
+func (wm *OrgIAMPolicyWriteModel) Reduce() error {
+	return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
+}
+
 type OrgIAMPolicyAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
@@ -50,15 +57,12 @@ func (e *OrgIAMPolicyAddedEvent) Data() interface{} {
 }
 
 func NewOrgIAMPolicyAddedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	userLoginMustBeDomain bool,
 ) *OrgIAMPolicyAddedEvent {
 
 	return &OrgIAMPolicyAddedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent:             *base,
-			ctx,
-			OrgIAMPolicyAddedEventType,
-		),
 		UserLoginMustBeDomain: userLoginMustBeDomain,
 	}
 }

internal/v2/repository/policy/password_age.go

@@ -1,7 +1,6 @@
 package policy
 
 import (
-	"context"
 	"encoding/json"
 
 	"github.com/caos/zitadel/internal/errors"
@@ -17,9 +16,6 @@ const (
 
 type PasswordAgePolicyAggregate struct {
 	eventstore.Aggregate
-
-	ExpireWarnDays uint16
-	MaxAgeDays     uint16
 }
 
 type PasswordAgePolicyReadModel struct {
@@ -43,6 +39,17 @@ func (rm *PasswordAgePolicyReadModel) Reduce() error {
 	return rm.ReadModel.Reduce()
 }
 
+type PasswordAgePolicyWriteModel struct {
+	eventstore.WriteModel
+
+	ExpireWarnDays uint16
+	MaxAgeDays     uint16
+}
+
+func (wm *PasswordAgePolicyWriteModel) Reduce() error {
+	return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
+}
+
 type PasswordAgePolicyAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
@@ -59,16 +66,13 @@ func (e *PasswordAgePolicyAddedEvent) Data() interface{} {
 }
 
 func NewPasswordAgePolicyAddedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	expireWarnDays,
 	maxAgeDays uint16,
 ) *PasswordAgePolicyAddedEvent {
 
 	return &PasswordAgePolicyAddedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent:      *base,
-			ctx,
-			PasswordAgePolicyAddedEventType,
-		),
 		ExpireWarnDays: expireWarnDays,
 		MaxAgeDays:     maxAgeDays,
 	}
@@ -103,23 +107,21 @@ func (e *PasswordAgePolicyChangedEvent) Data() interface{} {
 }
 
 func NewPasswordAgePolicyChangedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
-	current,
+	current *PasswordAgePolicyWriteModel,
-	changed *PasswordAgePolicyAggregate,
+	expireWarnDays,
+	maxAgeDays uint16,
 ) *PasswordAgePolicyChangedEvent {
 
 	e := &PasswordAgePolicyChangedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			PasswordAgePolicyChangedEventType,
-		),
 	}
 
-	if current.ExpireWarnDays != changed.ExpireWarnDays {
+	if current.ExpireWarnDays != expireWarnDays {
-		e.ExpireWarnDays = changed.ExpireWarnDays
+		e.ExpireWarnDays = expireWarnDays
 	}
-	if current.MaxAgeDays != changed.MaxAgeDays {
+	if current.MaxAgeDays != maxAgeDays {
-		e.MaxAgeDays = changed.ExpireWarnDays
+		e.MaxAgeDays = maxAgeDays
 	}
 
 	return e
@@ -151,16 +153,13 @@ func (e *PasswordAgePolicyRemovedEvent) Data() interface{} {
 }
 
 func NewPasswordAgePolicyRemovedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	current,
 	changed *PasswordAgePolicyRemovedEvent,
 ) *PasswordAgePolicyChangedEvent {
 
 	return &PasswordAgePolicyChangedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			PasswordAgePolicyRemovedEventType,
-		),
 	}
 }
 

internal/v2/repository/policy/password_complexity.go

@@ -1,7 +1,6 @@
 package policy
 
 import (
-	"context"
 	"encoding/json"
 
 	"github.com/caos/zitadel/internal/errors"
@@ -17,12 +16,6 @@ const (
 
 type PasswordComplexityPolicyAggregate struct {
 	eventstore.Aggregate
-
-	MinLength    uint8
-	HasLowercase bool
-	HasUpperCase bool
-	HasNumber    bool
-	HasSymbol    bool
 }
 
 type PasswordComplexityPolicyReadModel struct {
@@ -55,6 +48,20 @@ func (rm *PasswordComplexityPolicyReadModel) Reduce() error {
 	return rm.ReadModel.Reduce()
 }
 
+type PasswordComplexityPolicyWriteModel struct {
+	eventstore.WriteModel
+
+	MinLength    uint8
+	HasLowercase bool
+	HasUpperCase bool
+	HasNumber    bool
+	HasSymbol    bool
+}
+
+func (wm *PasswordComplexityPolicyWriteModel) Reduce() error {
+	return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
+}
+
 type PasswordComplexityPolicyAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
@@ -74,7 +81,7 @@ func (e *PasswordComplexityPolicyAddedEvent) Data() interface{} {
 }
 
 func NewPasswordComplexityPolicyAddedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	hasLowerCase,
 	hasUpperCase,
 	hasNumber,
@@ -83,10 +90,7 @@ func NewPasswordComplexityPolicyAddedEvent(
 ) *PasswordComplexityPolicyAddedEvent {
 
 	return &PasswordComplexityPolicyAddedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent:    *base,
-			ctx,
-			PasswordComplexityPolicyAddedEventType,
-		),
 		HasLowercase: hasLowerCase,
 		HasNumber:    hasNumber,
 		HasSymbol:    hasSymbol,
@@ -127,32 +131,33 @@ func (e *PasswordComplexityPolicyChangedEvent) Data() interface{} {
 }
 
 func NewPasswordComplexityPolicyChangedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
-	current,
+	current *PasswordComplexityPolicyWriteModel,
-	changed *PasswordComplexityPolicyAggregate,
+	minLength uint8,
+	hasLowerCase,
+	hasUpperCase,
+	hasNumber,
+	hasSymbol bool,
 ) *PasswordComplexityPolicyChangedEvent {
 
 	e := &PasswordComplexityPolicyChangedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			PasswordComplexityPolicyChangedEventType,
-		),
 	}
 
-	if current.MinLength != changed.MinLength {
+	if current.MinLength != minLength {
-		e.MinLength = changed.MinLength
+		e.MinLength = minLength
 	}
-	if current.HasLowercase != changed.HasLowercase {
+	if current.HasLowercase != hasLowerCase {
-		e.HasLowercase = changed.HasLowercase
+		e.HasLowercase = hasLowerCase
 	}
-	if current.HasUpperCase != changed.HasUpperCase {
+	if current.HasUpperCase != hasUpperCase {
-		e.HasUpperCase = changed.HasUpperCase
+		e.HasUpperCase = hasUpperCase
 	}
-	if current.HasNumber != changed.HasNumber {
+	if current.HasNumber != hasNumber {
-		e.HasNumber = changed.HasNumber
+		e.HasNumber = hasNumber
 	}
-	if current.HasSymbol != changed.HasSymbol {
+	if current.HasSymbol != hasSymbol {
-		e.HasSymbol = changed.HasSymbol
+		e.HasSymbol = hasSymbol
 	}
 
 	return e
@@ -183,15 +188,9 @@ func (e *PasswordComplexityPolicyRemovedEvent) Data() interface{} {
 	return nil
 }
 
-func NewPasswordComplexityPolicyRemovedEvent(
+func NewPasswordComplexityPolicyRemovedEvent(base *eventstore.BaseEvent) *PasswordComplexityPolicyRemovedEvent {
-	ctx context.Context,
-) *PasswordComplexityPolicyRemovedEvent {
-
 	return &PasswordComplexityPolicyRemovedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			PasswordComplexityPolicyRemovedEventType,
-		),
 	}
 }
 

internal/v2/repository/policy/password_lockout.go

@@ -1,7 +1,6 @@
 package policy
 
 import (
-	"context"
 	"encoding/json"
 
 	"github.com/caos/zitadel/internal/errors"
@@ -17,9 +16,6 @@ const (
 
 type PasswordLockoutPolicyAggregate struct {
 	eventstore.Aggregate
-
-	MaxAttempts         uint8
-	ShowLockOutFailures bool
 }
 
 type PasswordLockoutPolicyReadModel struct {
@@ -43,6 +39,17 @@ func (rm *PasswordLockoutPolicyReadModel) Reduce() error {
 	return rm.ReadModel.Reduce()
 }
 
+type PasswordLockoutPolicyWriteModel struct {
+	eventstore.WriteModel
+
+	MaxAttempts         uint8
+	ShowLockOutFailures bool
+}
+
+func (wm *PasswordLockoutPolicyWriteModel) Reduce() error {
+	return errors.ThrowUnimplemented(nil, "POLIC-xJjvN", "reduce unimpelemnted")
+}
+
 type PasswordLockoutPolicyAddedEvent struct {
 	eventstore.BaseEvent `json:"-"`
 
@@ -59,16 +66,13 @@ func (e *PasswordLockoutPolicyAddedEvent) Data() interface{} {
 }
 
 func NewPasswordLockoutPolicyAddedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 	maxAttempts uint8,
 	showLockOutFailures bool,
 ) *PasswordLockoutPolicyAddedEvent {
 
 	return &PasswordLockoutPolicyAddedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent:           *base,
-			ctx,
-			PasswordLockoutPolicyAddedEventType,
-		),
 		MaxAttempts:         maxAttempts,
 		ShowLockOutFailures: showLockOutFailures,
 	}
@@ -103,23 +107,21 @@ func (e *PasswordLockoutPolicyChangedEvent) Data() interface{} {
 }
 
 func NewPasswordLockoutPolicyChangedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
-	current,
+	current *PasswordLockoutPolicyWriteModel,
-	changed *PasswordLockoutPolicyAggregate,
+	maxAttempts uint8,
+	showLockOutFailures bool,
 ) *PasswordLockoutPolicyChangedEvent {
 
 	e := &PasswordLockoutPolicyChangedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			PasswordLockoutPolicyChangedEventType,
-		),
 	}
 
-	if current.MaxAttempts != changed.MaxAttempts {
+	if current.MaxAttempts != maxAttempts {
-		e.MaxAttempts = changed.MaxAttempts
+		e.MaxAttempts = maxAttempts
 	}
-	if current.ShowLockOutFailures != changed.ShowLockOutFailures {
+	if current.ShowLockOutFailures != showLockOutFailures {
-		e.ShowLockOutFailures = changed.ShowLockOutFailures
+		e.ShowLockOutFailures = showLockOutFailures
 	}
 
 	return e
@@ -151,14 +153,11 @@ func (e *PasswordLockoutPolicyRemovedEvent) Data() interface{} {
 }
 
 func NewPasswordLockoutPolicyRemovedEvent(
-	ctx context.Context,
+	base *eventstore.BaseEvent,
 ) *PasswordLockoutPolicyRemovedEvent {
 
 	return &PasswordLockoutPolicyRemovedEvent{
-		BaseEvent: *eventstore.NewBaseEventForPush(
+		BaseEvent: *base,
-			ctx,
-			PasswordLockoutPolicyRemovedEventType,
-		),
 	}
 }