- Basic CLI Features
- Command: taint
Command: taint
The opentf taint
command informs OpenTF that a particular object has
become degraded or damaged. OpenTF represents this by marking the
object as "tainted" in the OpenTF state, and OpenTF will
propose to replace it in the next plan you create.
This command is deprecated, we recommend using the -replace
option with opentf apply
instead (details below).
Recommended Alternative
We recommend using the -replace
option with opentf apply
to force OpenTF to replace an object even though there are no configuration changes that would require it.
$ opentf apply -replace="aws_instance.example[0]"
We recommend the -replace
option because the change will be reflected in the OpenTF plan, letting you understand how it will affect your infrastructure before you take any externally-visible action. When you use opentf taint
, other users could create a new plan against your tainted object before you can review the effects.
Usage
$ opentf taint [options] <address>
The address
argument is the address of the resource to mark as tainted.
The address is in
the resource address syntax,
as shown in the output from other commands, such as:
aws_instance.foo
aws_instance.bar[1]
aws_instance.baz[\"key\"]
(quotes in resource addresses must be escaped on the command line, so that they will not be interpreted by your shell)module.foo.module.bar.aws_instance.qux
This command accepts the following options:
-allow-missing
- If specified, the command will succeed (exit code 0) even if the resource is missing. The command might still return an error for other situations, such as if there is a problem reading or writing the state.-lock=false
- Disables OpenTF's default behavior of attempting to take a read/write lock on the state for the duration of the operation.-lock-timeout=DURATION
- Unless locking is disabled with-lock=false
, instructs OpenTF to retry acquiring a lock for a period of time before returning an error. The duration syntax is a number followed by a time unit letter, such as "3s" for three seconds.
For configurations using the cloud
backend or the remote
backend only, opentf taint
also accepts the option
-ignore-remote-version
.
For configurations using
the local
backend only,
opentf taint
also accepts the legacy options
-state
, -state-out
, and -backup
.