Make it easier to taint terraform modules

[bernadinm]

Current Terraform Version

 $ terraform -v
Terraform v0.11.10

Use-cases

Currently tainting terraform resources can be quite difficult, especially when there are modules invoved, let alone nested modules.

Attempted Solutions

I wrote a handy bash command that allows you to taint a module'd terraform resource:

Here is an example of what this looks like:

$ terraform state list
module.dcos1.module.dcos-infrastructure.module.dcos-master-instances.module.dcos-master-instances.null_resource.instance-prereq
module.dcos1.module.dcos-infrastructure.module.dcos-publicagent-instances.module.dcos-public-agent-instances.aws_instance.instance
module.dcos1.module.dcos-infrastructure.module.dcos-privateagent-instances.module.dcos-private-agent-instances.aws_instance.instance[0]
module.dcos1.module.dcos-infrastructure.module.dcos-privateagent-instances.module.dcos-private-agent-instances.aws_instance.instance[1]

Now if you wanted to taint them, you'd need to remove all the modules from this, and replace the [y] to .y.

Here is a workaround that helps relieve this issue:

echo <insert_resource> | sed 's/module\.//g;s/\(.*\)\.\(.*\.\)/\1\ \2/;s/]//g;s/\[/\./g' | xargs terraform taint -module

You'll get this below:

$ echo module.dcos1.module.dcos-infrastructure.module.dcos-master-instances.module.dcos-master-instances.null_resource.instance-prereq | sed 's/module\.//g;s/\(.*\)\.\(.*\.\)/\1\ \2/;s/]//g;s/\[/\./g' | xargs terraform taint -module
The resource null_resource.instance-prereq in the module root.dcos1.dcos-infrastructure.dcos-master-instances.dcos-master-instances has been marked as tainted!
$ echo module.dcos1.module.dcos-infrastructure.module.dcos-publicagent-instances.module.dcos-public-agent-instances.aws_instance.instance | sed 's/module\.//g;s/\(.*\)\.\(.*\.\)/\1\ \2/;s/]//g;s/\[/\./g' | xargs terraform taint -module
The resource aws_instance.instance in the module root.dcos1.dcos-infrastructure.dcos-publicagent-instances.dcos-public-agent-instances has been marked as tainted!
$ echo module.dcos1.module.dcos-infrastructure.module.dcos-privateagent-instances.module.dcos-private-agent-instances.aws_instance.instance[0] | sed 's/module\.//g;s/\(.*\)\.\(.*\.\)/\1\ \2/;s/]//g;s/\[/\./g' | xargs terraform taint -module
The resource aws_instance.instance.0 in the module root.dcos1.dcos-infrastructure.dcos-privateagent-instances.dcos-private-agent-instances has been marked as tainted!
$ echo module.dcos1.module.dcos-infrastructure.module.dcos-privateagent-instances.module.dcos-private-agent-instances.aws_instance.instance[1] | sed 's/module\.//g;s/\(.*\)\.\(.*\.\)/\1\ \2/;s/]//g;s/\[/\./g' | xargs terraform taint -module
The resource aws_instance.instance.1 in the module root.dcos1.dcos-infrastructure.dcos-privateagent-instances.dcos-private-agent-instances has been marked as tainted!

Proposal

I propose that terraform should be able to know how to properly translate and taint a resource from the output of terraform state list if a user specifies it.

For example, this should work:

$ terraform taint module.dcos1.module.dcos-infrastructure.module.dcos-privateagent-instances.module.dcos-private-agent-instances.aws_instance.instance[0]
Failed to parse resource name: Malformed resource state key: module.dcos1.module.dcos-infrastructure.module.dcos-privateagent-instances.module.dcos-private-agent-instances.aws_instance.instance[0]

[apparentlymart]

Hi @bernadinm! Thanks for this feature request.

The change you proposed is already implemented in master and ready to be included in the forthcoming v0.12.0 release. It now uses the same module syntax as all of the other commands. More details/discussion about that are over in #11570.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.