Skip to content

Limitations»

State management»

Spacelift handles the OpenTofu/Terraform state, even for run-all stacks. However, it doesn't work in a few cases:

  • Shared state between stacks in the same monorepo: States belong to their stack, and there is no option to get state from a different stack. For example, stacks with external dependencies where another stack reads the state of an external dependency.
  • Terragrunt explicit stacks: Terragrunt generates files and there is no consistent way to inject the Spacelift backend configuration. However, explicit stacks are supported with the Use Run All option, as Terragrunt detects stack files and auto-generates the proper configuration.

Terragrunt mocked outputs»

Mocked outputs in Terragrunt are placeholder values used during the development or planning phases of Terragrunt deployments.

For example, you may have a module that provides the output of a connection string to a database, but during the planning phase that database does not yet exist. In this case you would use a mocked output in Terragrunt to ensure that any dependencies that rely on this output in their planning phase have access to at least some data.

This mocked data is only used if the output does not already exist in the state. Therefore in situations such as the initial run of your stack, or the introduction of new outputs with mocked values, these mocked values will be used.

Mocked outputs and Plan policies»

Due to the nature of the mocked outputs and the way that Spacelift uses the plan data to provide the input to plan policies, it is possible that these mocked output values could be used as input values for your plan policies and you should take precaution when writing policies that check against values that could be mocked.

Mocked outputs and the Apply phase»

Terragrunt consumes the mocked outputs and places those values within the plan file that is stored on disk as part of the planning phase. Because the plan file has the possibility of containing mocked outputs Spacelift does not use the plan files in the apply phase. This does mean there is a possibility of changes happening between the planning and applying phase, but Spacelift has taken the stance that it is more important from a security standpoint to not allow any mocked outputs to be deployed here. Nobody wants to deploy something with a mocked, hardcoded password!

Usage of the run_cmd function»

The run_cmd function is currently limited to only work with the --terragrunt-quiet flag. Ensure this flag is included in your command to avoid run failures.