Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraform: taint all resources from one module
#!/bin/bash
module=$1
for resource in `terraform show -module-depth=1 | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
terraform taint -module ${module} ${resource}
done
@rmzi

This comment has been minimized.

Copy link

rmzi commented Mar 9, 2018

👍 v. helpful, thx

@avoidik

This comment has been minimized.

Copy link

avoidik commented Mar 31, 2018

for resource in `terraform show -module-depth=1 | grep -v tainted | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
  terraform taint -module ${module} ${resource}
done
@jeromba6

This comment has been minimized.

Copy link

jeromba6 commented Apr 18, 2018

for I in $(terraform show -module-depth=1 | grep module. | grep -v "^ " | sed 's/://')
do
M=$(echo ${I} | cut -d. -f2)
R=$(echo ${I} | cut -d. -f3-)
terraform taint -module ${M} ${R}
done

@gupta-alok

This comment has been minimized.

Copy link

gupta-alok commented Nov 14, 2018

Just a minor improvement to exclude data resources as well,

for resource in terraform show -module-depth=1 | grep -v tainted | grep -v "data." | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//' do terraform taint -module ${module} ${resource} done

@ferdinand-beyer

This comment has been minimized.

Copy link

ferdinand-beyer commented Feb 20, 2019

Did not work for me, as terraform taint requires the local resource name without the module.xxxx prefix. This worked:

#!/bin/bash
module=$1

id_regexp='[[:alnum:]_-]\{1,\}'
resource_regexp="module\\.${module}\\.\\(${id_regexp}\\.${id_regexp}\\)"
sed_program="s/^${resource_regexp}:.*/\\1/p"

for resource in $(terraform show | sed -n "${sed_program}"); do
    terraform taint -module ${module} ${resource}
done
@makennedy-clgx

This comment has been minimized.

Copy link

makennedy-clgx commented Aug 21, 2019

Version that also allows for exceptions to what gets taint and some helpers to make the cmd a little nicer to deal with

#!/bin/bash

array_contains () {
    local array="$1[@]"
    local seeking=$2
    local in=1
    for element in "${!array}"; do
        if [[ ${seeking} == *"${element}"* ]]; then
            in=0
            break
        fi
    done
    return $in
}

if [ -z "$1" ]; then
    echo "Current modules"
    terra state list | grep "\.module\." | cut -f 2 -d "." | sort | uniq
    echo "----"
    echo "Enter module to taint"
    read module
else
    module=$1
fi

#excluded_resources=('google_compute_address.ip_address')
excluded_resources=('google_compute_address.ip_address' 'google_compute_disk')

echo "Tainting all resources in ${module} excluding ${excluded_resources[*]}"
read -p "Press [Enter] key to start..."

for resource in $(terraform state list |                    # Get a list of all the 'resources'
                    grep "^module.${module}" |          # Filter to the specific module
                    grep -v "\.module\." |              # Ignore sub modules
                    sed "s/module\.${module}\.//g" |    # replace the module.* to get resource sans module prefix
                    sed -E "s/\[(.*)\]/.\1/g"           # replace the [#] suffix with .# (needed by taint command)
                    ); do
	if array_contains excluded_resources ${resource}; then
		echo "<<< Skipping ${resource} >>>"
	else
	    echo "--- Tainting ${resource} ---"
	    bash -c "terraform taint --module=${module} `echo ${resource} | tr -d '[:space:]'`"
	fi
done
@worldspawn

This comment has been minimized.

Copy link

worldspawn commented Oct 2, 2019

Invading this gist with 😱 POWERSHELL! :trollface:

 ~\source\terraform show | Select-String -Pattern "module.ingress.([\-\.\w]+)" | %{ $_.Matches[0].Groups[1].Value } | ?{ -Not $_.StartsWith("data.") } | %{ ~\source\terraform.exe taint "module.ingress.$_" }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.