Where to begin…
I have tagged this topic up with multiple tags because I feel all of them are relevant.
Has anyone else experienced the output() helper function in the tfvars return the mock value intermittently when the value from the terraform state should be available?
I am deeply concerned about this problem we are experiencing on one of our projects, we use this output() helper function to fetch a KMS key in another stack for some ec2, databases, etc
Example tfvars:
kms_key_id = <%= output(‘kms.key_id’, mock: ‘arn:aws:kms:::key/mock-key2’) %>
However, intermittently we see terraspace fail to get the real value from state and rather then fail, just default to the mock value. When using terraspace all up this leads to terraform seeing the kms key as changed and forces a replace, deleting the resources and failing because the mock isn’t valid.
I think this is dangerous because the mock value should never be used in a deploy/up scenario, maybe only for planning when a stack depends on another stacks output that hasn’t been created yet.
I am not really sure why this is happening.
I think there is few ways this can be solved and would like to gather feedback.
- Terraspace
ouput()helper function has configurable number of retries to attempt to get the value from state. - Terraspace has an option to fail a deploy if it detects a mock in the compiled terraform code.
Currently this problem makes things very very difficult for us because we can’t trust terraspace all up because it may destroy some resources we really don’t want it too.
As mentioned before, I would be really interested to hear back from terraspace veterans about this problem.
Unsure if will get to it though 
Happy to take a look PRs. Of course no sweat either way 