Run a Custom Policy Check

To run your custom check, you must use the checks run command. Liquibase provides additional security configuration parameters for this command to ensure you do not accidentally execute Python code on your database:

  1. Custom policy checks are disabled by default. Using the checks run command, you must do one of the following options:
    1. Set checks run --checks-scripts-enabled=true in the CLI.
    2. Set liquibase.command.checks.run.checksScriptsEnabled: true in the defaults file.
    3. Set LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCRIPTS_ENABLED=TRUE via environment variable.
  2. Custom policy check Python scripts can filter to specific directory paths. Using the checks run command, you must do one of the following options:
    1. you can set the --checks-scripts-path parameter in the CLI
    2. Set liquibase.command.checks.run.checksScriptsPath in the liquibase.properties file.
    3.  LIQUIBASE_COMMAND_CHECKS_RUN_CHECKS_SCRIPTS_PATH environment variable.
  3. Option 1: To run all policy checks including your new check run this in the CLI:

    liquibase checks run --checks-scripts-enabled=true
  4. Option 2: If you only want to run policy checks with the scope database (such as this check), you must set the --checks-scope parameter to database:

    liquibase checks run --checks-scope=database --checks-scripts-enabled=true
  5. Option 3: If you only want to run this specific check, you must specify the check name with --check-name parameter:

    liquibase checks run --check-name=CustomCheckNoTables --checks-scripts-enabled=true