SqlUserDefinedPatternCheck

This check scans SQL for the presence of specific patterns and warns the user when they are found.

About SqlUserDefinedPatternCheck
Liquibase version required 4.5.0+
Scope (--checks-scope) changelog
Default status disabled
Default severity (exit code) 0 ("INFO")
Customizable settings Yes (dynamic)

Uses

Use the check to notify you when your custom specific patterns in the changelog are found. This policy check is an "open-ended" check which you can copy and customize for as many custom patterns, defined as simple strings or regex, as your naming, security, compliance, and other policies require. For example, if your polices require all tables to begin with tbl_ or indexes to end with _id, this check is easy copied and customized into two checks with those patterns. If you are handy with regex, the limit for pattern finding is greatly expanded. This policy check, like other checks, can be configured with a severity level which returns an exit code designed to stop automated jobs, giving your team time to investigate your user-defined patterns before they are deployed.

Use SqlUserDefinedPatternCheck

Prerequisites

  1. Ensure that you have correctly specified your Liquibase Pro license key.
  2. Ensure that the --checks-scope parameter includes the scope of this check.

For example:

--license-key=<string>
--checks-scope=<string>
globalArgs: { license-key: "<string>" }
cmdArgs: { checks-scope: "<string>" }
liquibase.licenseKey: <string>
liquibase.command.checksScope: <string>
liquibase.licenseKey: <string>
liquibase.command.checks.run.checksScope: <string>
JAVA_OPTS=-Dliquibase.licenseKey=<string> -Dliquibase.command.checksScope=<string>
JAVA_OPTS=-Dliquibase.licenseKey=<string> -Dliquibase.command.checks.run.checksScope=<string>
LIQUIBASE_LICENSE_KEY=<string>
LIQUIBASE_COMMAND_CHECKS_SCOPE=<string>
LIQUIBASE_LICENSE_KEY=<string>
LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCOPE=<string>

Enable

This check is disabled by default. To enable it, run the enable command:

liquibase checks enable --check-name=<string>

When you try to enable the check, Liquibase displays the following message:

This check can not be enabled directly because one or more fields does not have a default value.  Create a copy of this check and initiate the customization workflow.

Liquibase then prompts you to specify a name for the new check. By default, the name of the copy is <CheckName>1. You can use the default value by pressing Enter or you can specify a custom name.

Customize

This check is dynamic, meaning you can customize its settings. See the table on this page for more information.

  1. Once you've enabled the check, follow the steps in the CLI to set new values:
    • Default values are shown in [brackets]. You can use these by pressing Enter. Alternatively, specify custom values.
    • If a customization setting does not have a default value, you must specify custom values.
  2. When finished, verify that your configuration is correct by running the show command:
    3. liquibase checks show --check-name=<string>
  3. If you need to make any other changes, run the customize command:
    4. liquibase checks customize --check-name=<string>

    Note: If you want to create another variant of this check with different settings, use the copy command to create a copy of the original check and then use the customize command to customize it.

Run

To run the check, use the run command:

liquibase checks run --check-name=<string>
stages:
  Default:
    actions:
      - type: liquibase
        command: checks run
        cmdArgs: {check-name: <string>}

And then run the flow command on your flow file:

liquibase flow

Customization settings

Tip: In Liquibase 4.27.0+ you can choose to enable the PATH_FILTER option. This can be used to filter all changesets in changelogs in a specific directory that contain a specified string or regex.

Configurable Filter Option

 Value Path

PATH_FILTER_REGEX

 String or Regex

Relative

Compatible with:

  • S3 and GitHub paths
  • include/includeAll changelogs
  • changelogs using relative paths
 
Customization complete. Review the table below to confirm your changes.
...
+-------------------------------------+------------+----------+----------+--------------------------------+--------------------------------+
| SqlUserDefinedPatternCheck          | changelog  | disabled | 0        | SEARCH_STRING = null           | This check scans SQL for the   |
|                                     |            |          |          | MESSAGE = A match for regular  | presence of specific patterns  |
|                                     |            |          |          | expression <SEARCH_STRING> was | in specified changelog paths,  |
|                                     |            |          |          | detected in Changeset          | and warns the user when they   |
|                                     |            |          |          | <CHANGESET>.             | are found.                     |
|                                     |            |          |          | STRIP_COMMENTS = true          |                                |
|                                     |            |          |          | PATH_FILTER_REGEX = null       |                                |
+-------------------------------------+------------+----------+----------+--------------------------------+--------------------------------+
Liquibase command 'checks enable' was executed successfully.