fix: address issue in Invoke-IamDeployment

- Fixed `Invoke-IamDeployment` cmdlet where reduced privileges are applied to the incorrect service account.

Signed-off-by: Gary Blake <gblake@vmware.com>

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Release History
 
+## v2.10.1
+
+> Release Date: 2024-06-14
+
+- Fixed `Invoke-IamDeployment` cmdlet where reduced privileges are applied to the incorrect service account.
+
 ## v2.10.0
 
 > Release Date: 2024-05-28

PowerValidatedSolutions.psd1

@@ -3,15 +3,15 @@
 
 # Module manifest for module 'PowerValidatedSolutions'
 # Generated by: Broadcom
-# Generated on: 2024-05-28
+# Generated on: 2024-06-14
 
 @{
 
     # Script module or binary module file associated with this manifest.
     RootModule = 'PowerValidatedSolutions.psm1'
 
     # Version number of this module.
-    ModuleVersion = '2.10.0.1056'
+    ModuleVersion = '2.10.1.1000'
     # Supported PSEditions
     # CompatiblePSEditions = @()
 

PowerValidatedSolutions.psm1

@@ -381,25 +381,25 @@ Function Invoke-IamDeployment {
 
                         if (!$failureDetected) {
                             Show-PowerValidatedSolutionsOutput -message "Reconfiguring the vSphere Role and Permissions Scope for NSX Service Accounts"
-                            Show-PowerValidatedSolutionsOutput -TYPE ADVISORY -message "Going to Sleep for 5 Minutes to Allow vCenter Server Single Sign-On to Finishing Replicating"
-                            Start-Sleep 360
+                            Show-PowerValidatedSolutionsOutput -TYPE ADVISORY -message "Going to Sleep for 2 Minutes to Allow vCenter Server Single Sign-On to Finishing Replicating"
+                            Start-Sleep 120
                             foreach ($sddcDomain in $allWorkloadDomains) {
-                                $serviceAccount = (Get-VCFCredential | Where-Object { $_.accountType -eq "SERVICE" -and $_.resource.domainName -eq $sddcDomain.name -and $_.resource.resourceType -eq "VCENTER" }).username.Split("@")[-0]
+                                $serviceAccount = (Get-VCFCredential | Where-Object { $_.accountType -eq "SERVICE" -and $_.resource.domainName -eq $sddcDomain.name -and $_.resource.resourceType -eq "VCENTER" -and $_.username -match (($sddcDomain.nsxtCluster.vipFqdn).Split('.',2)[-0]) }).username.Split("@")[-0]
                                 $StatusMsg = Add-vCenterGlobalPermission -server $jsonInput.sddcManagerFqdn -user $jsonInput.sddcManagerUser -pass $jsonInput.sddcManagerPass -sddcDomain $sddcDomain.name -domain $sddcDomain.ssoName -principal $serviceAccount -role $jsonInput.vsphereRoleName -propagate true -type user -localdomain -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -WarningVariable WarnMsg -ErrorVariable ErrorMsg
                                 if ($StatusMsg -or $WarnMsg) { $null = $ErrorMsg } elseif ($ErrorMsg) { $failureDetected = $true }
                                 messageHandler -statusMessage $StatusMsg -warningMessage $WarnMsg -errorMessage $ErrorMsg
                                 if ($sddcDomain.type -eq "MANAGEMENT") {
                                     $viWorkloadDomains = Get-VCFWorkloadDomain | Where-Object { $_.type -eq "VI" }
                                     foreach ($viDomain in $viWorkloadDomains) {
-                                        $viServiceAccount = (Get-VCFCredential | Where-Object { $_.accountType -eq "SERVICE" -and $_.resource.domainName -eq $viDomain.name -and $_.resource.resourceType -eq "VCENTER" }).username.Split("@")[-0]
+                                        $viServiceAccount = (Get-VCFCredential | Where-Object { $_.accountType -eq "SERVICE" -and $_.resource.domainName -eq $viDomain.name -and $_.resource.resourceType -eq "VCENTER" -and $_.username -match (($viDomain.nsxtCluster.vipFqdn).Split('.',2)[-0]) }).username.Split("@")[-0]
                                         $StatusMsg = Set-vCenterPermission -server $jsonInput.sddcManagerFqdn -user $jsonInput.sddcManagerUser -pass $jsonInput.sddcManagerPass -domain $sddcDomain.ssoName -workloadDomain $sddcDomain.name -principal $viServiceAccount -role "NoAccess" -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -WarningVariable WarnMsg -ErrorVariable ErrorMsg
                                         if ($StatusMsg -or $WarnMsg) { $null = $ErrorMsg } elseif ($ErrorMsg) { $failureDetected = $true }
                                         messageHandler -statusMessage $StatusMsg -warningMessage $WarnMsg -errorMessage $ErrorMsg
                                     }
                                 }
                                 if ($sddcDomain.type -eq "VI" -and $sddcDomain.ssoName -eq "vsphere.local") {
                                     $mgmtWorkloadDomain = Get-VCFWorkloadDomain | Where-Object { $_.type -eq "MANAGEMENT" }
-                                    $mgmtServiceAccount = (Get-VCFCredential | Where-Object { $_.accountType -eq "SERVICE" -and $_.resource.domainName -eq $mgmtWorkloadDomain.name -and $_.resource.resourceType -eq "VCENTER" }).username.Split("@")[-0]
+                                    $mgmtServiceAccount = (Get-VCFCredential | Where-Object { $_.accountType -eq "SERVICE" -and $_.resource.domainName -eq $mgmtWorkloadDomain.name -and $_.resource.resourceType -eq "VCENTER" -and $_.username -match (($mgmtWorkloadDomain.nsxtCluster.vipFqdn).Split('.',2)[-0]) }).username.Split("@")[-0]
                                     $StatusMsg = Set-vCenterPermission -server $jsonInput.sddcManagerFqdn -user $jsonInput.sddcManagerUser -pass $jsonInput.sddcManagerPass -domain $sddcDomain.ssoName -workloadDomain $sddcDomain.name -principal $mgmtServiceAccount -role "NoAccess" -WarningAction SilentlyContinue -ErrorAction SilentlyContinue -WarningVariable WarnMsg -ErrorVariable ErrorMsg
                                     if ($StatusMsg -or $WarnMsg) { $null = $ErrorMsg } elseif ($ErrorMsg) { $failureDetected = $true }
                                     messageHandler -statusMessage $StatusMsg -warningMessage $WarnMsg -errorMessage $ErrorMsg