Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraform: taint all resources from one module
#!/bin/bash
module=$1
for resource in `terraform show -module-depth=1 | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
terraform taint -module ${module} ${resource}
done
@rmzi

This comment has been minimized.

Copy link

@rmzi rmzi commented Mar 9, 2018

👍 v. helpful, thx

@avoidik

This comment has been minimized.

Copy link

@avoidik avoidik commented Mar 31, 2018

for resource in `terraform show -module-depth=1 | grep -v tainted | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
  terraform taint -module ${module} ${resource}
done
@jeromba6

This comment has been minimized.

Copy link

@jeromba6 jeromba6 commented Apr 18, 2018

for I in $(terraform show -module-depth=1 | grep module. | grep -v "^ " | sed 's/://')
do
M=$(echo ${I} | cut -d. -f2)
R=$(echo ${I} | cut -d. -f3-)
terraform taint -module ${M} ${R}
done

@gupta-alok

This comment has been minimized.

Copy link

@gupta-alok gupta-alok commented Nov 14, 2018

Just a minor improvement to exclude data resources as well,

for resource in terraform show -module-depth=1 | grep -v tainted | grep -v "data." | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//' do terraform taint -module ${module} ${resource} done

@ferdinand-beyer

This comment has been minimized.

Copy link

@ferdinand-beyer ferdinand-beyer commented Feb 20, 2019

Did not work for me, as terraform taint requires the local resource name without the module.xxxx prefix. This worked:

#!/bin/bash
module=$1

id_regexp='[[:alnum:]_-]\{1,\}'
resource_regexp="module\\.${module}\\.\\(${id_regexp}\\.${id_regexp}\\)"
sed_program="s/^${resource_regexp}:.*/\\1/p"

for resource in $(terraform show | sed -n "${sed_program}"); do
    terraform taint -module ${module} ${resource}
done
@makennedy-clgx

This comment has been minimized.

Copy link

@makennedy-clgx makennedy-clgx commented Aug 21, 2019

Version that also allows for exceptions to what gets taint and some helpers to make the cmd a little nicer to deal with

#!/bin/bash

array_contains () {
    local array="$1[@]"
    local seeking=$2
    local in=1
    for element in "${!array}"; do
        if [[ ${seeking} == *"${element}"* ]]; then
            in=0
            break
        fi
    done
    return $in
}

if [ -z "$1" ]; then
    echo "Current modules"
    terra state list | grep "\.module\." | cut -f 2 -d "." | sort | uniq
    echo "----"
    echo "Enter module to taint"
    read module
else
    module=$1
fi

#excluded_resources=('google_compute_address.ip_address')
excluded_resources=('google_compute_address.ip_address' 'google_compute_disk')

echo "Tainting all resources in ${module} excluding ${excluded_resources[*]}"
read -p "Press [Enter] key to start..."

for resource in $(terraform state list |                    # Get a list of all the 'resources'
                    grep "^module.${module}" |          # Filter to the specific module
                    grep -v "\.module\." |              # Ignore sub modules
                    sed "s/module\.${module}\.//g" |    # replace the module.* to get resource sans module prefix
                    sed -E "s/\[(.*)\]/.\1/g"           # replace the [#] suffix with .# (needed by taint command)
                    ); do
	if array_contains excluded_resources ${resource}; then
		echo "<<< Skipping ${resource} >>>"
	else
	    echo "--- Tainting ${resource} ---"
	    bash -c "terraform taint --module=${module} `echo ${resource} | tr -d '[:space:]'`"
	fi
done
@worldspawn

This comment has been minimized.

Copy link

@worldspawn worldspawn commented Oct 2, 2019

Invading this gist with 😱 POWERSHELL! :trollface:

 ~\source\terraform show | Select-String -Pattern "module.ingress.([\-\.\w]+)" | %{ $_.Matches[0].Groups[1].Value } | ?{ -Not $_.StartsWith("data.") } | %{ ~\source\terraform.exe taint "module.ingress.$_" }
@deadanon

This comment has been minimized.

Copy link

@deadanon deadanon commented Sep 8, 2020

For the lazy 1 liner crowd

for x in $(terraform state list | grep module.name_to_search); do terraform taint $x; done
@Console32

This comment has been minimized.

Copy link

@Console32 Console32 commented Nov 2, 2020

A bit late, but this still pops up on google:

terraform state list | grep module.module_name | xargs -n1 terraform taint
@Arlington1985

This comment has been minimized.

Copy link

@Arlington1985 Arlington1985 commented Nov 23, 2020

| xargs -n1 terraform taint

Very nice, just want I was looking for. Thanks

@dmitry-mightydevops

This comment has been minimized.

Copy link

@dmitry-mightydevops dmitry-mightydevops commented Jan 27, 2021

For those who needs a makefile recipe:

taint_module: ## Recreate entire module `MODULE="module.cassandra-cluster" make taint_module`
	for resource in `terraform state list | grep module.${MODULE}`; do terraform taint $$resource; done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment