OnlySpecificSchemasAllowed

The OnlySpecificSchemasAllowed custom policy check allows you to filter what specific schemas are allowed.

In this example we are only allowing schemas titled lion or eagle.

PATTERN_A regex: (?is)(?=create|drop|alter|insert|select|delete)

PATTERN_B regex: (?is)(?:lion|eagle)\.

Before you begin

Scope

Database

changelog

Relational

  • Liquibase 4.29.0+

  • Python 3.10.14+

  • Configure a valid Liquibase Pro license key

  • Create a Check Settings file

  • Ensure the Liquibase Checks extension is installed. In Liquibase 4.31.0+, it is already installed in the /liquibase/internal/lib directory, so no action is needed.

  • If the checks JAR is not installed, download liquibase-checks-<version>.jar and put it in the liquibase/lib directory.

    • Maven users only:

      Add this dependency to your pom.xml

      file: <dependency> <groupId>org.liquibase.ext</groupId> <artifactId>liquibase-checks</artifactId> <version>2.0.0</version> </dependency>

  • Java Development Kit 17+ (available for Open JDK and Oracle JDK)

  • Linux, macOS, or Windows operating system

Procedure

These steps describe how to create the Custom Policy Check. It does not exist by default in Liquibase Pro.

1

Run this command in the CLI:

liquibase checks customize --check-name=SqlUserDefinedPatternCheck
2

Give your check a short name for easy identification

Use up to 64 alpha-numeric characters only.

In this example we will use:
OnlySpecificSchemasAllowed
3

Set the Severity to return a code of 0-4 when triggered.

These severity codes allow you to determine if the job moves forward or stops when this check triggers. Learn more here: Use Policy Checks in Automation: Severity and Exit Code options: 'INFO'=0, 'MINOR'=1, 'MAJOR'=2, 'CRITICAL'=3, 'BLOCKER'=4

4

Set 'PATTERN_A' to this valid regular expression:

In this example we will use:
(?is)(?=create|drop|alter|insert|select|delete)
5

Set 'PATTERN_B' to this valid regular expression:

(?is)(?:lion|eagle)\.
6

Set 'CASE_SENSITIVE' to true or false depending on how narrow you want your search to be.

In this example, we will set it to false.

7

Set the SEARCH_STRING to this valid regular expression:

(?i:select \*)
8

Set the MESSAGE for when a match for regular expression <SEARCH_STRING> is found in a Changeset:

In this example we will use:
Error! SELECT * not allowed.
9

Set STRIP_COMMENTS to true if you want to remove the comments from the output.