TableCommentPatternCheck

The TableCommentPatternCheck check triggers when specific user-supplied patterns are present in table comments.

About TableCommentPatternCheck
Liquibase version required 4.12.0+
Scope (--checks-scope) changelog, database
Default status disabled
Default severity (exit code) 0 ("INFO")
Customizable settings Yes (dynamic)

Uses

You can use the check to look for the presence of specific patterns in their table comments. These patterns can directly affect security and velocity, so it is pertinent they have checks run against them. There are statements, patterns, and actions necessary to catch as early as possible because they can directly affect security and velocity.

Use TableCommentPatternCheck check

Prerequisites

  1. Ensure that you have correctly specified your Liquibase Pro license key.
  2. Ensure that the --checks-scope parameter includes the scope of this check.

For example:

--license-key=<string>
--checks-scope=<string>
globalArgs: { license-key: "<string>" }
cmdArgs: { checks-scope: "<string>" }
liquibase.licenseKey: <string>
liquibase.command.checksScope: <string>
liquibase.licenseKey: <string>
liquibase.command.checks.run.checksScope: <string>
JAVA_OPTS=-Dliquibase.licenseKey=<string> -Dliquibase.command.checksScope=<string>
JAVA_OPTS=-Dliquibase.licenseKey=<string> -Dliquibase.command.checks.run.checksScope=<string>
LIQUIBASE_LICENSE_KEY=<string>
LIQUIBASE_COMMAND_CHECKS_SCOPE=<string>
LIQUIBASE_LICENSE_KEY=<string>
LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCOPE=<string>

Enable

This check is disabled by default. To enable it, run the enable command:

liquibase checks enable --check-name=<string>

When you try to enable the check, Liquibase displays the following message:

This check can not be enabled directly because one or more fields does not have a default value.  Create a copy of this check and initiate the customization workflow.

Liquibase then prompts you to specify a name for the new check. By default, the name of the copy is <CheckName>1. You can use the default value by pressing Enter or you can specify a custom name.

Customize

This check is dynamic, meaning you can customize its settings. See the table on this page for more information.

  1. Once you've enabled the check, follow the steps in the CLI to set new values:
    • Default values are shown in [brackets]. You can use these by pressing Enter. Alternatively, specify custom values.
    • If a customization setting does not have a default value, you must specify custom values.
  2. When finished, verify that your configuration is correct by running the show command:
  3. liquibase checks show --check-name=<string>
  4. If you need to make any other changes, run the customize command:
  5. liquibase checks customize --check-name=<string>

    Note: If you want to create another variant of this check with different settings, use the copy command to create a copy of the original check and then use the customize command to customize it.

Run

To run the check, use the run command:

liquibase checks run --check-name=<string>
stages:
  Default:
    actions:
      - type: liquibase
        command: checks run
        cmdArgs: {check-name: <string>}

And then run the flow command on your flow file:

liquibase flow

Customization settings

Attribute Name Type Description Customization Default Value
SEVERITY String/enum

Set the severity to return a code of 0–4 when the check is triggered. Default: 0.

  • 'INFO' | 0
  • 'MINOR' | 1
  • 'MAJOR' | 2
  • 'CRITICAL' | 3
  • 'BLOCKER' | 4

'INFO' | 0

OPERATOR String/enum

The location to look for the provided SEARCH_STRING value

  • STARTS_WITH – Value of SEARCH_STRING should be found at the beginning of the table.
  • ENDS_WITH – Value of SEARCH_STRING should be found at the end of the table.
  • CONTAINS – Value of SEARCH_STRING can be anywhere in the table.
  • REGEXP – Value of SEARCH_STRING is a regexp that should be matched.

STARTS_WITH

SEARCH_STRING String/enum

The substring or regular expression to match with the one in the changelog file. Cannot be empty.

Must be true or false.

--
MESSAGE String/enum

The output printed when the check detects a pattern match

-- A match for regular expression SEARCH_STRING was detected in IDENTIFIER.

Note: Liquibase uses the java.util.regex engine to match regular expressions.

The output displays the comment pattern credential match, if they exist.