Run a Custom Policy Check
To run your custom check, you must use the checks run
command. Liquibase provides additional security configuration parameters for this command to ensure you do not accidentally execute Python code on your database:
- Custom policy checks are disabled by default. Using the
checks run
command, you must do one of the following options:- Set
checks run --checks-scripts-enabled=true
in the CLI. - Set
liquibase.command.checks.run.checksScriptsEnabled: true
in the defaults file. - Set
LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCRIPTS_ENABLED=TRUE
via environment variable.
- Set
- Custom policy check Python scripts can filter to specific directory paths. Using the
checks run
command, you must do one of the following options:- you can set the
--checks-scripts-path
parameter in the CLI - Set
liquibase.command.checks.run.checksScriptsPath
in the liquibase.properties file. -
LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCRIPTS_PATH
environment variable.
- you can set the
-
Option 1: To run all policy checks including your new check run this in the CLI:
liquibase checks run --checks-scripts-enabled=true
-
Option 2: If you only want to run policy checks with the scope
database
(such as this check), you must set the--checks-scope
parameter todatabase
:liquibase checks run --checks-scope=database --checks-scripts-enabled=true
-
Option 3: If you only want to run this specific check, you must specify the check name with
--check-name
parameter:liquibase checks run --check-name=CustomCheckNoTables --checks-scripts-enabled=true