Add IDP configuration update function for mcsp BR

YCShen1010 · YCShen1010 · commit 5b1b4bcd0cc2 · 2025-08-26T08:24:11.000-07:00
Signed-off-by: YuChen &lt;yuchen.shen@mail.utoronto.ca&gt;
diff --git a/velero/schedule/common-service-db/cs-db-br-script-cm-4.6.10.4.11.yaml b/velero/schedule/common-service-db/cs-db-br-script-cm-4.6.10.4.11.yaml
@@ -98,6 +98,9 @@ data:
             if [[ $ACCOUNT_IAM != "False" ]]; then
                 info "Beginning restore of account_iam database..."
                 oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- pg_restore -U postgres --dbname account_iam --format=c --clean --exit-on-error -v /run/cs-db_backup/cs-db_account_iam_backup.dump        
+                
+                # Update IDP configuration with actual cluster domain
+                update_idp_config
             fi
             oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- psql -U postgres -c "\list" -c "\dn" -c "\du"
         else
@@ -115,6 +118,42 @@ data:
         wait_for_oidc
     }
 
+    function update_idp_config {
+        info "Updating IDP configuration with actual cluster domain..."
+        
+        # Get the cluster domain from the management ingress
+        CLUSTER_DOMAIN=$(oc get route console -n openshift-console -o jsonpath='{.spec.host}' | sed 's/^console-openshift-console\.//')
+        
+        if [[ -z $CLUSTER_DOMAIN ]]; then
+            error "Could not determine cluster domain. Please update IDP configuration manually."
+            return 1
+        fi
+        
+        info "Detected cluster domain: $CLUSTER_DOMAIN"
+        
+        # Construct the new IDP URL based on the cluster domain and namespace
+        NEW_IDP_URL="https://cp-console.${CSDB_NAMESPACE}.${CLUSTER_DOMAIN}/idprovider/v1/auth"
+        
+        info "Updating IDP URLs to: $NEW_IDP_URL"
+        
+        # Check if account_iam database exists
+        ACCOUNT_IAM_EXISTS=$(oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- psql -U postgres -c "\list" | grep "account_iam" || echo False)
+        
+        if [[ $ACCOUNT_IAM_EXISTS != "False" ]]; then
+            # Update the idp column in the idp_config table
+            oc -n $CSDB_NAMESPACE exec -t $CNPG_PRIMARY_POD -c postgres -- psql -U postgres -d account_iam -c "
+                UPDATE accountiam.idp_config 
+                SET idp = '$NEW_IDP_URL', 
+                    modified_ts = NOW()
+                WHERE idp LIKE '%/idprovider/v1/%';
+            "
+            
+            success "IDP configuration updated successfully."
+        else
+            warning "account_iam database not found, skipping IDP configuration update."
+        fi
+    }
+
     function wait_for_oidc {
         job_name="oidc-client-registration"
         info "Waiting for job $job_name to complete in namespace $CSDB_NAMESPACE."
