DetectChangeType
This check warns a user when a changeset includes a Change Type listed by the user as forbidden.
About DetectChangeType |
|
|---|---|
| Liquibase version required | 4.19.0+ |
Scope (--checks-scope) |
changelog
|
| Default status | enabled
|
| Default severity (exit code) | 0 ("INFO") |
| Customizable settings | Yes (dynamic) |
Uses
Use the check to enhance deployment control of specific changesets by warning you if a forbidden Change Type is present. This way changesets do not violate policy by dropping tables or columns. This policy check, like other checks, can be configured with a severity level which returns an exit code designed to stop automated jobs, giving your team time to apply this Liquibase best practice.
Note: This check applies only to model-based changelogs such as XML, YAML, and JSON. It does not apply to SQL changelogs.
Use DetectChangeType
Prerequisites
- Ensure that you have correctly specified your Liquibase Pro license key.
- Ensure that the
--checks-scopeparameter includes the scope of this check.
For example:
--license-key=<string>--checks-scope=<string>globalArgs: { license-key: "<string>" }
cmdArgs: { checks-scope: "<string>" }liquibase.licenseKey: <string>
liquibase.command.checksScope: <string>liquibase.licenseKey: <string>
liquibase.command.checks.run.checksScope: <string>JAVA_OPTS=-Dliquibase.licenseKey=<string> -Dliquibase.command.checksScope=<string>JAVA_OPTS=-Dliquibase.licenseKey=<string> -Dliquibase.command.checks.run.checksScope=<string>LIQUIBASE_LICENSE_KEY=<string>
LIQUIBASE_COMMAND_CHECKS_SCOPE=<string>LIQUIBASE_LICENSE_KEY=<string>
LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCOPE=<string>Enable
This check is enabled by default. To verify that it is currently enabled, run the show command:
liquibase checks show --check-name=<string>Customize
This check is dynamic, meaning you can customize its settings. See the table on this page for more information.
- If you want to customize any default values of this check, run the
customizecommand: - When finished, verify that your configuration is correct by running the
showcommand:
liquibase checks customize --check-name=<string>liquibase checks show --check-name=<string>Run
To run the check, use the run command:
liquibase checks run --check-name=<string>stages:
Default:
actions:
- type: liquibase
command: checks run
cmdArgs: {check-name: <string>}And then run the flow command on your flow file:
liquibase flow
liquibase checks enable --check-name=DetectChangeType example output
Check 'DetectChangeType' has been enabled.
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| # | Check Name | Short Name | Description | Enabled | Customization | Severity | Scope |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 10 | Warn on Detection of 'GRANT' | SqlGrantWarn | This check warns a user when | false | None | 0 | changelog |
| | Statements | | SQL contains 'GRANT' | | | | |
| | | | statements so that they can | | | | |
| | | | ensure that the privilege | | | | |
| | | | being granted won't lead to | | | | |
| | | | security issues. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 20 | Warn on Detection of 'REVOKE' | SqlRevokeWarn | This check warns a user when | false | None | 0 | changelog |
| | Statements | | SQL contains 'REVOKE' | | | | |
| | | | statements so that they can | | | | |
| | | | ensure that the privilege | | | | |
| | | | being revoked won't lead to | | | | |
| | | | data access and dependency | | | | |
| | | | issues. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 30 | Warn when 'DROP TABLE' | ChangeDropTableWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | table is being dropped so that | | | | |
| | | | they can ensure that dropping | | | | |
| | | | the table won't lead to | | | | |
| | | | unintentional loss of data. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 40 | Warn when 'DROP COLUMN' | ChangeDropColumnWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | column is being dropped so | | | | |
| | | | that they can ensure that | | | | |
| | | | dropping the column won't lead | | | | |
| | | | to unintentional loss of data. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 50 | Warn when 'MODIFY column' | ModifyDataTypeWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | change will result in | | | | |
| | | | modification of a data type so | | | | |
| | | | they can ensure that modifying | | | | |
| | | | the data type won't lead to | | | | |
| | | | unintentional loss of data | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 60 | Check for specific patterns in | SqlUserDefinedPatternCheck | This check scans raw SQL for | false | SEARCH_STRING = null | 0 | changelog |
| | sql | | the presence of specific | | MESSAGE = A match for regular | | |
| | | | patterns and warns the user | | expression SEARCH_STRING was | | |
| | | | when they are found. | | detected in Changeset | | |
| | | | | | CHANGESET. | | |
| | | | | | STRIP_COMMENTS = true | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 70 | Check Table Column Count | TableColumnLimit | Ensures that no table has more | true | MAX_COLUMNS = 2 | 1 | changelog, |
| | | | than a threshold number of | | | | database |
| | | | columns. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 80 | Object name pattern match | ObjectNameMustMatch | This check confirms the listed | false | OPERATOR = STARTS_WITH | 0 | changelog, |
| | | | object names conform to the | | SEARCH_STRING = null | | database |
| | | | supplied pattern. | | OBJECT_TYPES = null | | |
| | | | | | CASE_SENSITIVE = true | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 85 | Object name pattern not match | ObjectNameMustNotMatch | This check confirms the listed | false | OPERATOR = STARTS_WITH | 0 | changelog, |
| | | | object names do not match the | | SEARCH_STRING = null | | database |
| | | | supplied pattern. | | OBJECT_TYPES = null | | |
| | | | | | CASE_SENSITIVE = true | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 90 | Warn on Grant of Specific | SqlGrantSpecificPrivsWarn | This check warns a user when | false | PRIVILEGE_LIST = null | 0 | changelog |
| | Privileges | | changeset includes or | | | | |
| | | | generates sql that grants | | | | |
| | | | specific privileges to a user | | | | |
| | | | or role | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 100 | Warn when 'TRUNCATE TABLE' | ChangeTruncateTableWarn | This check warns a user when a | false | None | 0 | changelog |
| | detected | | table is being truncated so | | | | |
| | | | that they can ensure that | | | | |
| | | | truncating the table won't | | | | |
| | | | lead to unintentional loss of | | | | |
| | | | data. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 110 | Warn on Detection of grant | SqlGrantOptionWarn | This check warns a user when | false | None | 0 | changelog |
| | that contains 'WITH GRANT | | SQL contains 'GRANT' | | | | |
| | OPTION' | | statements that include the | | | | |
| | | | 'WITH GRANT OPTION' clause so | | | | |
| | | | that they can ensure that the | | | | |
| | | | privilege being granted won't | | | | |
| | | | lead to security issues | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 130 | Warn on Detection of grant | SqlGrantAdminWarn | This check warns a user when | false | None | 0 | changelog |
| | that contains 'WITH ADMIN | | SQL contains 'GRANT' | | | | |
| | OPTION' | | statements that include the | | | | |
| | | | 'WITH ADMIN OPTION' clause so | | | | |
| | | | that they can ensure that the | | | | |
| | | | privilege being granted won't | | | | |
| | | | lead to security issues | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 160 | Rollback Required for | RollbackRequired | This check triggers when a | false | None | 0 | changelog |
| | Changeset | | changeset does not have a | | | | |
| | | | rollback defined. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 170 | Changesets Must Have a Label | ChangesetLabelCheck | This check enforces the | false | None | 0 | changelog |
| | Assigned | | Liquibase recommendation that | | | | |
| | | | labels be assigned to each | | | | |
| | | | changeset to provide better | | | | |
| | | | deployment control and to | | | | |
| | | | enhance traceability of | | | | |
| | | | efforts across changesets. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 173 | Changesets Must Have a Context | ChangesetContextCheck | This check enforces the | false | None | 0 | changelog |
| | Assigned | | Liquibase recommendation that | | | | |
| | | | contexts be assigned to each | | | | |
| | | | changeset to provide better | | | | |
| | | | deployment control and to | | | | |
| | | | enhance traceability of | | | | |
| | | | efforts across changesets. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 176 | Changesets Must Have a Comment | ChangesetCommentCheck | This check enforces the | false | None | 0 | changelog |
| | Assigned | | Liquibase recommendation that | | | | |
| | | | comments be added to each | | | | |
| | | | changeset to document the | | | | |
| | | | purpose of a changeset for | | | | |
| | | | other/future consumers of this | | | | |
| | | | changelog | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 500 | Table must have a comment | TableCommentCheck | This check flags any Table | true | None | 0 | database |
| | | | described in a changelog or | | | | |
| | | | existing on a database target | | | | |
| | | | which does not have a Comment. | | | | |
| | | | (Note: This is not a check for | | | | |
| | | | a Liquibase changelog | | | | |
| | | | comment.) | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 510 | Table Comment Pattern Check | ExamplePatternCheck | This check triggers when | true | OPERATOR = CONTAINS | 1 | changelog, |
| | | | specific user-supplied | | SEARCH_STRING = PRIMARY_TABLE | | database |
| | | | patterns are found in Table | | MESSAGE = MATCH | | |
| | | | Comments. | | | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| CheckTablesForIndex | database | true | 0 | <None> | This check scans your target | | | | | | URL database tables to find |
| | | | | | tables which do not have an |
| | | | | | associated index.
|
+---------------------------------+------------+---------+----------+--------------------------------+--------------------------------+
| 510 | Table Comment Pattern Check | TableCommentPatternCheck | This check triggers when | false | OPERATOR = CONTAINS | 0 | changelog, |
| | | | specific user-supplied | | SEARCH_STRING = null | | database |
| | | | patterns are found in Table | | MESSAGE = A match for regular | | |
| | | | Comments. | | expression SEARCH_STRING was | | |
| | | | | | detected in IDENTIFIER. | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 570 | Constraint must exist | ConstraintCheckShortName | Check for and alert when | true | CONSTRAINT_OPERATOR = CONTAINS | 1 | database |
| | | | specified table does not | | TABLE_NAME = PRIMARY_TABLE | | |
| | | | contain the required | | COLUMN_NAME = NULLABLECOL | | |
| | | | constraint(s). | | CONSTRAINT = PRIMARYKEY | | |
| | | | | | CASE_SENSITIVE = false | | |
| | | | | | MESSAGE = Example Message | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 570 | Constraint must exist | ConstraintMustExist | Check for and alert when | false | CONSTRAINT_OPERATOR = | 0 | database |
| | | | specified table does not | | STARTS_WITH | | |
| | | | contain the required | | TABLE_NAME = null | | |
| | | | constraint(s). | | COLUMN_NAME = null | | |
| | | | | | CONSTRAINT = PRIMARYKEY | | |
| | | | | | CASE_SENSITIVE = true | | |
| | | | | | MESSAGE = The specified table | | |
| | | | | | 'TABLE_NAME' does not | | |
| | | | | | contain the required | | |
| | | | | | 'CONSTRAINT' constraint. | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
| 570 | Constraint must exist | ConstraintMustExistTEST | Check for and alert when | true | CONSTRAINT_OPERATOR = ALL | 0 | database |
| | | | specified table does not | | CONSTRAINT = Primarykey | | |
| | | | contain the required | | CASE_SENSITIVE = false | | |
| | | | constraint(s). | | MESSAGE = any | | |
+-----+--------------------------------+----------------------------+--------------------------------+---------+--------------------------------+----------+------------+
Liquibase command 'checks enable' was executed successfully.