Fix cluster role aggregation rules selectors (#1697)

Author: stevehipwell

kubernetes/resource_kubernetes_cluster_role_test.go

@@ -182,6 +182,46 @@ func TestAccKubernetesClusterRole_aggregationRuleBasic(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesClusterRole_aggregationRuleMultiple(t *testing.T) {
+	var conf api.ClusterRole
+	resourceName := "kubernetes_cluster_role.test"
+	name := acctest.RandomWithPrefix("tf-acc-test")
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		IDRefreshName:     resourceName,
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccCheckKubernetesClusterRoleDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccKubernetesClusterRoleConfig_aggRuleMultiple(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesClusterRoleExists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.0.cluster_role_selectors.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.0.cluster_role_selectors.0.match_labels.foo", "bar"),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.0.cluster_role_selectors.1.match_labels.bar", "foo"),
+				),
+			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"metadata.0.resource_version"},
+			},
+			{
+				Config: testAccKubernetesClusterRoleConfig_aggRuleMultipleModified(name),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					testAccCheckKubernetesClusterRoleExists(resourceName, &conf),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.#", "1"),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.0.cluster_role_selectors.#", "2"),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.0.cluster_role_selectors.0.match_labels.bar", "foo"),
+					resource.TestCheckResourceAttr(resourceName, "aggregation_rule.0.cluster_role_selectors.1.match_labels.foo", "bar"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccKubernetesClusterRole_aggregationRuleRuleAggregation(t *testing.T) {
 	var conf api.ClusterRole
 	resourceName := "kubernetes_cluster_role.test"
@@ -447,6 +487,50 @@ func testAccKubernetesClusterRoleConfig_aggRuleModified(name string) string {
 `, name)
 }
 
+func testAccKubernetesClusterRoleConfig_aggRuleMultiple(name string) string {
+	return fmt.Sprintf(`resource "kubernetes_cluster_role" "test" {
+  metadata {
+    name = "%s"
+  }
+
+  aggregation_rule {
+    cluster_role_selectors {
+      match_labels = {
+        foo = "bar"
+      }
+    }
+    cluster_role_selectors {
+      match_labels = {
+        bar = "foo"
+      }
+    }
+  }
+}
+`, name)
+}
+
+func testAccKubernetesClusterRoleConfig_aggRuleMultipleModified(name string) string {
+	return fmt.Sprintf(`resource "kubernetes_cluster_role" "test" {
+  metadata {
+    name = "%s"
+  }
+
+  aggregation_rule {
+    cluster_role_selectors {
+      match_labels = {
+        bar = "foo"
+      }
+    }
+    cluster_role_selectors {
+      match_labels = {
+        foo = "bar"
+      }
+    }
+  }
+}
+`, name)
+}
+
 func testAccKubernetesClusterRoleConfig_aggRule2(name string) string {
 	return fmt.Sprintf(`resource "kubernetes_cluster_role" "test" {
   metadata {

kubernetes/structures_rbac.go

@@ -88,8 +88,10 @@ func expandClusterRoleAggregationRule(in []interface{}) *api.AggregationRule {
 	m := in[0].(map[string]interface{})
 
 	if v, ok := m["cluster_role_selectors"].([]interface{}); ok && len(v) > 0 {
-		crs := make([]metav1.LabelSelector, 0)
-		crs = append(crs, *expandLabelSelector(v))
+		crs := make([]metav1.LabelSelector, len(v))
+		for i, w := range v {
+			crs[i] = *expandLabelSelector([]interface{}{w})
+		}
 		ref.ClusterRoleSelectors = crs
 	}
 
@@ -142,9 +144,11 @@ func flattenClusterRoleAggregationRule(in *api.AggregationRule) []interface{} {
 	att := make(map[string]interface{})
 
 	if len(in.ClusterRoleSelectors) > 0 {
-		for _, crs := range in.ClusterRoleSelectors {
-			att["cluster_role_selectors"] = flattenLabelSelector(&crs)
+		crs := make([]interface{}, 0)
+		for _, v := range in.ClusterRoleSelectors {
+			crs = append(crs, flattenLabelSelector(&v)...)
 		}
+		att["cluster_role_selectors"] = crs
 	}
 
 	return []interface{}{att}

kubernetes/structures_rbac_test.go

@@ -0,0 +1,133 @@
+package kubernetes
+
+import (
+	"reflect"
+	"testing"
+
+	api "k8s.io/api/rbac/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func TestExpandClusterRoleAggregationRule(t *testing.T) {
+	cases := []struct {
+		Input          []interface{}
+		ExpectedOutput *api.AggregationRule
+	}{
+		{
+			[]interface{}{},
+			&api.AggregationRule{},
+		},
+		{
+			[]interface{}{
+				map[string]interface{}{
+					"cluster_role_selectors": []interface{}{
+						map[string]interface{}{
+							"match_labels": map[string]interface{}{"key": "value"},
+						},
+					},
+				},
+			},
+			&api.AggregationRule{
+				ClusterRoleSelectors: []metav1.LabelSelector{
+					{
+						MatchLabels: map[string]string{"key": "value"},
+					},
+				},
+			},
+		},
+		{
+			[]interface{}{
+				map[string]interface{}{
+					"cluster_role_selectors": []interface{}{
+						map[string]interface{}{
+							"match_labels": map[string]interface{}{"key": "value"},
+						},
+						map[string]interface{}{
+							"match_labels": map[string]interface{}{"foo": "bar"},
+						},
+					},
+				},
+			},
+			&api.AggregationRule{
+				ClusterRoleSelectors: []metav1.LabelSelector{
+					{
+						MatchLabels: map[string]string{"key": "value"},
+					},
+					{
+						MatchLabels: map[string]string{"foo": "bar"},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		output := expandClusterRoleAggregationRule(tc.Input)
+		if !reflect.DeepEqual(output, tc.ExpectedOutput) {
+			t.Fatalf("Unexpected output from expander.\nExpected: %#v\nGiven:    %#v",
+				tc.ExpectedOutput, output)
+		}
+	}
+}
+
+func TestFlattenClusterRoleAggregationRule(t *testing.T) {
+	cases := []struct {
+		Input          *api.AggregationRule
+		ExpectedOutput []interface{}
+	}{
+		{
+			&api.AggregationRule{},
+			[]interface{}{map[string]interface{}{}},
+		},
+		{
+			&api.AggregationRule{
+				ClusterRoleSelectors: []metav1.LabelSelector{
+					{
+						MatchLabels: map[string]string{"key": "value"},
+					},
+				},
+			},
+			[]interface{}{
+				map[string]interface{}{
+					"cluster_role_selectors": []interface{}{
+						map[string]interface{}{
+							"match_labels": map[string]string{"key": "value"},
+						},
+					},
+				},
+			},
+		},
+		{
+			&api.AggregationRule{
+				ClusterRoleSelectors: []metav1.LabelSelector{
+					{
+						MatchLabels: map[string]string{"key": "value"},
+					},
+					{
+						MatchLabels: map[string]string{"foo": "bar"},
+					},
+				},
+			},
+			[]interface{}{
+				map[string]interface{}{
+					"cluster_role_selectors": []interface{}{
+						map[string]interface{}{
+							"match_labels": map[string]string{"key": "value"},
+						},
+						map[string]interface{}{
+							"match_labels": map[string]string{"foo": "bar"},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tc := range cases {
+		output := flattenClusterRoleAggregationRule(tc.Input)
+		if !reflect.DeepEqual(output, tc.ExpectedOutput) {
+			t.Fatalf("Unexpected output from flattener.\nExpected: %#v\nGiven:    %#v",
+				tc.ExpectedOutput, output)
+		}
+	}
+}