kubernetes_cluster_role aggregation_rule with multiple matchLabels #1303
Description
Terraform version, Kubernetes provider version and Kubernetes version
Terraform version: v0.14.10
Kubernetes Provider version: v2.1.0
Kubernetes version: v1.17.17-gke.4900
Terraform configuration
resource "kubernetes_cluster_role" "example" {
metadata {
name = "example"
}
aggregation_rule {
cluster_role_selectors {
match_labels = {
"rbac.authorization.k8s.io/aggregate-to-view" = "true"
}
match_labels = {
"example.io/aggregregate-to-app" = "true"
}
}
}
}
Question
The following is a valid cluster role and works as expected aggregating rules from roles that match either of the selectors:
aggregationRule:
clusterRoleSelectors:
- matchLabels:
example.io/aggregregate-to-app: "true"
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
How can I express that in terraform? The code above results in:
Error: Attribute redefined
On .terraform/modules/default.default/example.tf line 63: The argument
"match_labels" was already set at
.terraform/modules/default.default/example.tf:60,7-19. Each argument may be set
only once.
I can do the following:
aggregation_rule {
cluster_role_selectors {
match_labels = {
"rbac.authorization.k8s.io/aggregate-to-view" = "true"
"example.io/aggregregate-to-app" = "true"
}
}
but that results in:
aggregationRule:
clusterRoleSelectors:
- matchLabels:
example.io/aggregregate-to-app: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
which selects roles which match both labels not either.
Are multiple matchLabels supported? If so, how? If not, consider this a feature request :-)