feat(cli): seeder updates already existing entries

README.OGCIO.md

@@ -113,3 +113,17 @@ This command can take a parameter to specify the input data file, called `seeder
 Usage: `npm run cli db ogcio -- --seeder-filepath="DATA_FILE_PATH"`
 
 To seed the default data for local dev environments, run `npm run cli db ogcio -- --seeder-filepath="./packages/cli/src/commands/database/ogcio/ogcio-seeder-local.json"`.
+
+### Limitations
+
+In most cases, we have predefined IDs in our seeder to ensure the same database structure, even if the database was cleared and re-seeded. Logto IDs are simple text fields (no UUID or other validations are applied) with a maximum length of 21 characters. Do not use IDs longer than 21 characters; otherwise, the seeder will fail with a database error!
+
+Be careful when defining a new ID because data duplication is avoided based on this field. If you later want to change the ID of any of your entries, the seeder won't be able to detect the existence of the affected entry, and it will try to create a new one. Creating a duplicate entry with a different ID can cause a database error if some other fields have a unique constraint. If this is not the case, a duplicate entry will be created, which is also a mistake, and we want to avoid any of these situations. Once you have defined an ID, do not change it if unnecessary.
+
+Using resources other than those declared in the seeder's data file is also impossible because referencing any resource outside of the seeder's scope is not supported. The seeder is supposed to create all the required resources and use them to seed the custom configuration into the database.
+
+### Edge cases
+
+Some changes might affect other entries from the database, like the user entities. In this case, a custom migration script is required to resolve the changes necessary to the affected entries. Before any change in the seeder data, analyse the situation to determine if it is safe to perform. The seeder is not intended to resolve conflicts or update other data than the configuration it seeds.
+
+Deletion of existing seeded data via the seeder is not yet possible. Only the permissions (scopes) will be removed and recreated every time the seeder is executed because that is safe and does not cause conflicts with other entries. A custom script or manual action is required for any other data that must be eliminated.

packages/cli/src/commands/database/ogcio/applications.ts

@@ -5,7 +5,7 @@ import { Applications } from '@logto/schemas';
 import { sql, type DatabaseTransactionConnection } from '@silverhand/slonik';
 
 import { type ApplicationSeeder } from './ogcio-seeder.js';
-import { createItem } from './queries.js';
+import { createOrUpdateItem } from './queries.js';
 
 type SeedingApplication = {
  id: string;
@@ -24,12 +24,12 @@ const createApplication = async (
  tenantId: string,
  appToSeed: SeedingApplication
 ) =>
- createItem({
+ createOrUpdateItem({
  transaction,
  tenantId,
  toInsert: appToSeed,
  toLogFieldName: 'name',
- whereClauses: [sql`name = ${appToSeed.name}`],
+ whereClauses: [sql`tenant_id = ${tenantId}`, sql`id = ${appToSeed.id}`],
  tableName: Applications.table,
  });
 

packages/cli/src/commands/database/ogcio/connectors.ts

@@ -5,7 +5,7 @@ import { Connectors } from '@logto/schemas';
 import { sql, type DatabaseTransactionConnection } from '@silverhand/slonik';
 
 import { type ConnectorSeeder } from './ogcio-seeder.js';
-import { createItemWithoutId } from './queries.js';
+import { createOrUpdateItemWithoutId } from './queries.js';
 
 type SeedingConnector = {
  tenant_id: string;
@@ -21,12 +21,12 @@ const createConnector = async (
  tenantId: string,
  connectorToSeed: SeedingConnector
 ) =>
- createItemWithoutId({
+ createOrUpdateItemWithoutId({
  transaction,
  tenantId,
  toInsert: connectorToSeed,
  toLogFieldName: 'id',
- whereClauses: [sql`id = ${connectorToSeed.id}`],
+ whereClauses: [sql`tenant_id = ${tenantId}`, sql`id = ${connectorToSeed.id}`],
  tableName: Connectors.table,
  columnToGet: 'id',
  });

packages/cli/src/commands/database/ogcio/ogcio-seeder-local.json

@@ -21,6 +21,7 @@
  },
  "organization_roles": [
  {
+ "id": "bb-public-servant",
  "name": "Public Servant",
  "description": "Building Blocks Public servant",
  "specific_permissions": [
@@ -31,6 +32,7 @@
  ]
  },
  {
+ "id": "msg-public-servant",
  "name": "Messaging Public Servant",
  "description": "Messaging Public servant",
  "specific_permissions": [
@@ -94,6 +96,7 @@
  ],
  "resource_roles": [
  {
+ "id": "bb-citizen",
  "name": "Citizen",
  "description": "A citizen using Life Events and the Building Blocks ecosystem",
  "permissions": [
@@ -173,7 +176,7 @@
  ],
  "webhooks": [
  {
- "id": "login_webhook",
+ "id": "login-webhook",
  "name": "User log in",
  "events": [
  "PostRegister",

packages/cli/src/commands/database/ogcio/ogcio-seeder.json

@@ -21,6 +21,7 @@
  },
  "organization_roles": [
  {
+ "id": "bb-public-servant",
  "name": "Public Servant",
  "description": "Building Blocks Public servant",
  "specific_permissions": [
@@ -31,6 +32,7 @@
  ]
  },
  {
+ "id": "msg-public-servant",
  "name": "Messaging Public Servant",
  "description": "Messaging Public servant",
  "specific_permissions": [
@@ -49,7 +51,8 @@
  "redirect_uri": "<SEEDER_PAYMENTS_APP_REDIRECT_URI>",
  "logout_redirect_uri": "<SEEDER_PAYMENTS_APP_LOGOUT_REDIRECT_URI>",
  "secret": "<SEEDER_PAYMENTS_APP_SECRET>",
- "id": "r5f56tpkytpqyyshiutd2"
+ "id": "r5f56tpkytpqyyshiutd2",
+ "is_third_party": false
  },
  {
  "name": "Messaging Building Block",
@@ -58,7 +61,8 @@
  "redirect_uri": "<SEEDER_MESSAGING_APP_REDIRECT_URI>",
  "logout_redirect_uri": "<SEEDER_MESSAGING_APP_LOGOUT_REDIRECT_URI>",
  "secret": "<SEEDER_MESSAGING_APP_SECRET>",
- "id": "1lvmteh2ao3xrswyq7j3e"
+ "id": "1lvmteh2ao3xrswyq7j3e",
+ "is_third_party": false
  }
  ],
  "resources": [
@@ -92,6 +96,7 @@
  ],
  "resource_roles": [
  {
+ "id": "bb-citizen",
  "name": "Citizen",
  "description": "A citizen using Life Events and the Building Blocks ecosystem",
  "permissions": [
@@ -171,7 +176,7 @@
  ],
  "webhooks": [
  {
- "id": "login_webhook",
+ "id": "login-webhook",
  "name": "User log in",
  "events": [
  "PostRegister",

packages/cli/src/commands/database/ogcio/ogcio-seeder.ts

@@ -19,26 +19,27 @@ export type OgcioSeeder = {
 export type OrganizationSeeder = {
  name: string;
  description: string;
- id?: string;
+ id: string;
 };
 
 export type OrganizationPermissionSeeder = {
  specific_permissions: string[];
 };
 
 export type OrganizationRoleSeeder = {
+ id: string;
  name: string;
  specific_permissions: string[];
  description: string;
 };
 
 export type ApplicationSeeder = {
+ id: string;
  name: string;
  description: string;
  type: string;
  redirect_uri: string | string[];
  logout_redirect_uri: string | string[];
- id: string;
  secret: string;
  is_third_party?: boolean;
 };
@@ -105,6 +106,7 @@ export type ResourcePermissionSeeder = {
 };
 
 export type ResourceRoleSeeder = {
+ id: string;
  name: string;
  description: string;
  permissions: ScopePerResourceRoleSeeder[];