Skip to content

TFBlocker - Terraform HCL Parsing PowerShell Module

This module provides a robust parser for Terraform HCL configuration files. It recursively scans a given path for Terraform modules (directories containing .tf files) and constructs a complete, in-memory object graph of the infrastructure configuration.

The output represents all configuration blocks as nodes (TFBlock) and their inter-dependencies as directed edges (TFLink), providing a powerful and queryable model of your Terraform code.

Core Concepts

The module's output is built on three fundamental object types:

TFModule: The Container

A TFModule represents a single Terraform module as it exists on the filesystem: a collection of .tf files within a single directory. It is the container for all configuration blocks within that scope.

  • Name: The relative path of the module from the initial scan directory.
  • FullPath: The absolute path to the module directory.
  • Blocks: An array of all TFBlock objects defined within this module.

TFBlock: The Nodes

A TFBlock is the abstract base class for any HCL configuration block (e.g., resource, variable, module). All blocks are nodes in the graph.

Base Properties (Shared by all block types):

  • BlockType: The type of block (e.g., "resource", "variable").
  • BlockName: The user-defined name of the block (e.g., "main" in resource "azurerm_virtual_network" "main" {}).
  • ContainingModule: A reference to the TFModule object that contains this block.
  • SourceFile: The name of the .tf file where the block is defined.
  • Links: An array of TFLink objects representing all outgoing relationships from this block.

Concrete Subclasses:

  • TFResource / TFData
  • TFVariable
  • TFOutput
  • TFLocal
  • TFModuleCall (Represents the module block which calls another module)
  • TFProvider
  • TFTerraform

A TFLink represents a directed relationship between two TFBlock nodes. It models every dependency and reference within the configuration.

  • From: A reference to the TFBlock where the link originates.
  • To: A reference to the TFBlock being referenced.
  • Type: A classification of the relationship (e.g., VariableReference, ModuleOutputAccess).
  • Context: The specific property or expression that established the link (e.g., the argument name subnet_id).

Output Format

The Get-TFBlocks cmdlet returns a single, flat hashtable of all discovered TFBlock objects, keyed by a unique identifier.

This flat structure allows for easy querying and analysis of all nodes in the graph. The complete graph structure is preserved, as each TFBlock object contains its array of TFLink objects, which in turn hold direct references to the other TFBlock objects they connect to.

Installation

The module should be installed like any other PowerShell module by copying the TFBlocker folder to a location in your $env:PSModulePath. The module will be automatically imported the first time you use one of its commands.

You may also manually import the module:

Import-Module ./path/to/TFBlocker

Usage

Get all blocks as a hashtable of PowerShell objects

$graphNodes = Get-TFBlocks -Path path/to/your/terraform/project

Get all blocks and convert the flat hashtable to a JSON string

$jsonOutput = Get-TFBlocks -Path path/to/your/terraform/project | ConvertTo-Json -Depth 10

Development

Build the module with the included helper script:

./build.ps1

Then, run the import helper script to load the new build into your session:

./ImportModule.ps1