Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Terraform: taint all resources from one module
#!/bin/bash
module=$1
for resource in `terraform show -module-depth=1 | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
terraform taint -module ${module} ${resource}
done
@rmzi

This comment has been minimized.

Copy link

commented Mar 9, 2018

👍 v. helpful, thx

@avoidik

This comment has been minimized.

Copy link

commented Mar 31, 2018

for resource in `terraform show -module-depth=1 | grep -v tainted | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//'`; do
  terraform taint -module ${module} ${resource}
done
@jeromba6

This comment has been minimized.

Copy link

commented Apr 18, 2018

for I in $(terraform show -module-depth=1 | grep module. | grep -v "^ " | sed 's/://')
do
M=$(echo ${I} | cut -d. -f2)
R=$(echo ${I} | cut -d. -f3-)
terraform taint -module ${M} ${R}
done

@gupta-alok

This comment has been minimized.

Copy link

commented Nov 14, 2018

Just a minor improvement to exclude data resources as well,

for resource in terraform show -module-depth=1 | grep -v tainted | grep -v "data." | grep module.${module} | tr -d ':' | sed -e 's/module.${module}.//' do terraform taint -module ${module} ${resource} done

@ferdinand-beyer

This comment has been minimized.

Copy link

commented Feb 20, 2019

Did not work for me, as terraform taint requires the local resource name without the module.xxxx prefix. This worked:

#!/bin/bash
module=$1

id_regexp='[[:alnum:]_-]\{1,\}'
resource_regexp="module\\.${module}\\.\\(${id_regexp}\\.${id_regexp}\\)"
sed_program="s/^${resource_regexp}:.*/\\1/p"

for resource in $(terraform show | sed -n "${sed_program}"); do
    terraform taint -module ${module} ${resource}
done
@makennedy-clgx

This comment has been minimized.

Copy link

commented Aug 21, 2019

Version that also allows for exceptions to what gets taint and some helpers to make the cmd a little nicer to deal with

#!/bin/bash

array_contains () {
    local array="$1[@]"
    local seeking=$2
    local in=1
    for element in "${!array}"; do
        if [[ ${seeking} == *"${element}"* ]]; then
            in=0
            break
        fi
    done
    return $in
}

if [ -z "$1" ]; then
    echo "Current modules"
    terra state list | grep "\.module\." | cut -f 2 -d "." | sort | uniq
    echo "----"
    echo "Enter module to taint"
    read module
else
    module=$1
fi

#excluded_resources=('google_compute_address.ip_address')
excluded_resources=('google_compute_address.ip_address' 'google_compute_disk')

echo "Tainting all resources in ${module} excluding ${excluded_resources[*]}"
read -p "Press [Enter] key to start..."

for resource in $(terraform state list |                    # Get a list of all the 'resources'
                    grep "^module.${module}" |          # Filter to the specific module
                    grep -v "\.module\." |              # Ignore sub modules
                    sed "s/module\.${module}\.//g" |    # replace the module.* to get resource sans module prefix
                    sed -E "s/\[(.*)\]/.\1/g"           # replace the [#] suffix with .# (needed by taint command)
                    ); do
	if array_contains excluded_resources ${resource}; then
		echo "<<< Skipping ${resource} >>>"
	else
	    echo "--- Tainting ${resource} ---"
	    bash -c "terraform taint --module=${module} `echo ${resource} | tr -d '[:space:]'`"
	fi
done
@worldspawn

This comment has been minimized.

Copy link

commented Oct 2, 2019

Invading this gist with 😱 POWERSHELL! :trollface:

 ~\source\terraform show | Select-String -Pattern "module.ingress.([\-\.\w]+)" | %{ $_.Matches[0].Groups[1].Value } | ?{ -Not $_.StartsWith("data.") } | %{ ~\source\terraform.exe taint "module.ingress.$_" }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.