DynamoChangetypeAttributes
The DynamoChangetypeAttributes changelog check validates whether a specified attribute of a Dynamo changetype is set to an exact value or pattern.
About DynamoChangetypeAttributes |
|
|---|---|
| Liquibase version required | 4.31.0+ |
Scope (--checks-scope) |
changelog
|
| Default status | disabled
|
| Default severity (exit code) | 0 ("INFO") |
| Customizable settings | Yes (dynamic) |
Prerequisites
- You must have a valid Liquibase Pro license to use this policy check.
- You must download the Liquibase AWS extension 1.0.1 jar and save it to your
/libfolder.
Uses
Use this check to enforce naming conventions, security standards, or deployment rules by validating specific fields in DynamoDB changetypes. For example, you can:
- Ensure the
commandfield matches a specific structure - Block deployments if a certain field does not follow your internal naming policies
You can define multiple checks with different attributes and patterns to match your standards across various changetypes.
When does this check trigger?
This check is fully driven by how you configure it. Once configured, the check will trigger only when all of the following are true:
- A changeset contains the specific changetype you specified, such as
createIndex - That changetype includes the attribute that you're checking, such as
collectionName - The value of
'KEYS'or'OPTIONS'does not match the value or regex pattern you've defined
If the changetype isn’t used, or the attribute isn’t present, the check doesn’t run. This ensures you're only enforcing rules when that part of the changelog is relevant.
Note: Regex and partial matching is available to all values in checks with the exception of JSON-based values.
Configure the check
- This check is disabled by default. To enable it, run the enable command:
liquibase checks enable --check-name=DynamoChangetypeAttributes - Liquibase will prompt you to name your custom version of the check. By default, it will be named
DynamoChangetypeAttributes1. You can accept the default by pressing Enter or enter a custom name. - Set the severity level. This determines the exit code when the check is triggered. Choose one:
- INFO (0)
- MINOR (1)
- MAJOR (2)
- CRITICAL (3)
- BLOCKER (4)
- Set the DynamoDB changetype this check will inspect. You’ll be prompted with:
Set 'DYNAMO_CHANGE_TYPE' (options: PARTIQL_FILE, CREATE_DYNAMO_TABLE, CREATE_GLOBAL_SECONDARY_INDEX, UPDATE_DYNAMO_TABLE):- Only one changetype is allowed per check
- Input is case-insenesitive
- Don't include commas or multiple values. Only input one valid name
- Once you've selected the changetype, you'll be walked through its specific attributes. These are based on the changetype you chose.
You can modify these examples to fit your own use case.
CREATE_COLLECTION — Used to create new DynamoDB collections. See db.createCollection() to view all available 'OPTIONS'.
This example uses the capped option to require that collections are created as capped collections. When the collections reach the maximum size, older documents are removed to make space for new documents. Be sure to replace your_collection_name if you use the sample code.
Set 'COLLECTION_NAME' (requires string name of the collection): your_collection_name
Set 'OPTIONS' (requires string attributes specific to the change type): { "capped": true, "size": 5242880 }CREATE_INDEX — Used to create indexes on collections. You can enforce rules on the collection name, index structure, or index options. See db.createIndexes() to view all available 'OPTIONS'.
This example sets the unique option to true, which ensures that no two documents in the collection can have the same combination of name and type values. The name option assigns a custom name to the index. Be sure to replace your_collection_name and your_index_name if you use the sample code.
Set 'COLLECTION_NAME' (requires string name of the collection): your_collection_name
Set 'KEYS' (requires a document that defines the index's basic contents and structure): { name: 1, type: 1 }.
Set 'OPTIONS' (requires string attributes specific to the change type): { "unique": true, "name": "your_index_name" }DROP_INDEX — Used to drop indexes from collections. See db.dropIndex() to view all available 'OPTIONS'.
This example allows only the removal of an index on the collectionName collection where the index is defined on the fields name and type in ascending order. Be sure to replace your_collection_name if you use the sample code.
Set 'COLLECTION_NAME' (requires string name of the collection): your_collection_name
Set 'KEYS' (requires a document that defines the index's basic contents and structure): { name: 1, type: 1 }.INSERT_MANY — Used to insert multiple documents into a collection. See collection.insertMany() to view all available 'OPTIONS'.
This example shows multiple documents being inserted, and ensures that DynamoDB inserts documents in the order they appear in your DOCUMENTS field, stopping on the first error if one occurs. Be sure to replace your_collection_name and change the DOCUMENT to reflect documents you would like to add.
Set 'COLLECTION_NAME' (requires string name of the collection): your_collection_name
Set 'DOCUMENTS' (requires JSON that defines the objects to insert): [{ "name": "New York", "population": 222000000 }, { "name": "California", "population": 522000000 }]
Set 'OPTIONS' (requires string attributes specific to the change type): { "ordered": true }INSERT_ONE — Used to insert a single document into a collection. See collection.insertOne() to view all available 'OPTIONS'.
This example shows inserting a document . It also includes a comment in the 'OPTIONS' field, which serves as metadata attached to the insert operation. This comment is not stored in the document itself but can be viewed in DynamoDB logs, the profiler, or monitoring tools to help trace or audit operations. Be sure to replace your_collection_name and change the DOCUMENT to reflect document you would like to add.
Set 'COLLECTION_NAME' (requires string name of the collection): your_collection_name
Set 'DOCUMENT' (requires JSON that defines the object to insert): { "name": "New York", "population": 222000000 }
Set 'OPTIONS' (requires string attributes specific to the change type): { "comment": added a document }.
DYNAMO_FILE — Used to load DynamoDB commands from an external file. You can enforce rules on the file path or metadata related to the file.
This example shows how to require that the file path be located within a specific directory and be relative to the changelog file. The 'RELATIVE_TO_CHANGELOG' field determines whether the file path is interpreted as relative to the changelog file or as an absolute path.. Be sure to replace /your-directory with the actual path to the file that contains the DynamoDB commands you want to load.
Set 'DBMS' (options: DYNAMODB, DYNAMODB) [DYNAMODB]: DYNAMODB
Set 'PATH' (requires string for the file path of the Dynamo commands to load): /your-directory
Set 'RELATIVE_TO_CHANGELOG' (options: true, false) [false]: trueExample Output
| Short Name | Scope | Type | Status | Severity | Customization | Description |
|---|---|---|---|---|---|---|
| CapCol | changelog | sql, xml, yaml, json | enabled | 1 |
DYNAMO_CHANGE_TYPE = CREATE_COLLECTION COLLECTION_NAME = myCollection OPTIONS = { "capped": true, "size": 5242880 } |
This check triggers when a collection when a collection being created does not comply with the specified options. |
Liquibase command 'checks enable' was executed successfully. 