The thothctl check command group provides tools for validating various aspects of your infrastructure code, project structure, and environment. These commands help ensure that your projects follow best practices, adhere to defined structures, and meet security requirements.
Validates Infrastructure as Code (IaC) artifacts against predefined rules and best practices.
thothctl check iac [OPTIONS]Options:
--mode [soft|hard]: Validation mode (default: soft)-deps, --dependencies TEXT: View a dependency graph in ASCII pretty shell output--recursive [local|recursive]: Validate your terraform plan recursively or in one directory--outmd: Output markdown file path-type, --check_type [tfplan|module|project]: Check module or project structure format, or check tfplan (default: project)
This command can validate:
- Project structure against defined rules
- Module structure against best practices
- Terraform plans for security and compliance
Detailed documentation for check iac
Validates project configuration and structure.
thothctl check project [OPTIONS]This command is currently under development.
Validates the development environment and required tools.
thothctl check environment [OPTIONS]This command is currently under development.
The check iac command validates your project structure against rules defined in the .thothcf.toml file. The validation includes:
- Required Folders: Checks if all mandatory folders exist
- Required Files: Checks if all required files exist in the project root
- Folder Content: Checks if folders contain required files
- Folder Hierarchy: Validates the parent-child relationship between folders
[project_structure]
root_files = [
".gitignore",
".pre-commit-config.yaml",
"README.md"
]
ignore_folders = [
".git",
".terraform",
"Reports"
]
[[project_structure.folders]]
name = "modules"
mandatory = true
content = [
"variables.tf",
"main.tf",
"outputs.tf",
"README.md"
]
type = "root"
[[project_structure.folders]]
name = "environments"
mandatory = true
type = "root"The check commands support two validation modes:
- soft: Reports issues but doesn't fail the command (exit code 0)
- hard: Reports issues and fails the command with a non-zero exit code if any issues are found
thothctl check iac --mode hardAdd check commands to your CI/CD pipeline to validate infrastructure code before deployment:
# Example GitHub Actions workflow
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install ThothCTL
run: pip install thothctl
- name: Validate IaC
run: thothctl check iac --mode hardUse check commands in pre-commit hooks to validate changes before committing:
# .pre-commit-config.yaml
repos:
- repo: local
hooks:
- id: thothctl-check-iac
name: ThothCTL Check IaC
entry: thothctl check iac
language: system
pass_filenames: falseRun check commands during development to ensure your code meets requirements:
# Before submitting a pull request
thothctl check iac --check_type projectthothctl check iacthothctl check iac --check_type module --mode hardthothctl check iac --check_type tfplan --recursive recursive --outmdthothctl check iac --dependencies- Define Clear Rules: Create detailed structure rules in your
.thothcf.tomlfile - Version Control Rules: Include your validation rules in version control
- Consistent Validation: Use the same validation rules across all environments
- Automated Checks: Integrate validation into your CI/CD pipeline
- Documentation: Document your project structure requirements
Using default options
Solution: Create a .thothcf.toml file with your project structure rules.
❌ - Required file main.tf missing in modules/network
Project structure is invalid
Solution: Add the missing file or update your structure rules if the file is not actually required.
Error: [Errno 13] Permission denied: '/path/to/directory'
Solution: Ensure you have read permissions for all directories being validated.
For more detailed logs, run ThothCTL with the --debug flag:
thothctl --debug check iac- thothctl init project: Initialize a new project with the correct structure
- thothctl scan: Scan infrastructure code for security issues