columnDefaultValue

Last updated: September 2, 2025

columnDefaultValue is a custom policy check that ensures new columns do not have default values explicity listed.

Learn how to create and customize the columnDefaultValue Liquibase Custom Policy Check using a Python script.

This example was tested on Oracle. You can use this check as it is or customize it further to fit your needs in your SQL database.

For a conceptual overview of this feature, see Liquibase Secure Custom Policy Checks.

Before you begin

Scope	Database
database	Oracle

Liquibase Prerequisites

Liquibase 4.29.0+
Python 3.10.14+
Configure a valid Liquibase Secure license key
Create a Check Settings file
Ensure the Liquibase Checks extension is installed. In Liquibase 4.31.0+, it is already installed in the /liquibase/internal/lib directory, so no action is needed.
If the checks JAR is not installed, download liquibase-checks-<version>.jar and put it in the liquibase/lib directory.
(Maven users only) Add the liquibase-checks dependency to your pom.xml file. See Add extensions with Maven for more information.
Java Development Kit 17+ (available for Open JDK and Oracle JDK)
Linux, macOS, or Windows operating system

Procedure

These steps describe how to create the Custom Policy Check. It does not exist by default in Liquibase Secure.

Add this code to your Checks Settings file:

columnDefaultValue Python Script

# # #
# # # This script ensures new columns do not have
default
values explicity listed
# # #
# # # Notes:
    # # # 1. Only basic ALTER table statements are supported
# # # 2. Single and multiple columns in an alter statement * are * supported
# # #

# # #
# # # Helpers come from Liquibase
# # #
import sys
import liquibase_utilities

# # #
# # # Functions
# # #

# # #
# # # Retrieve log handler
# # # Ex.liquibase_logger.info(message)
# # #
liquibase_logger = liquibase_utilities.get_logger()

# # #
# # # Retrieve status handler
# # #
liquibase_status = liquibase_utilities.get_status()

# # #
# # # Retrieve all changes in changeset
# # #
changes = liquibase_utilities.get_changeset().getChanges()

# # #
# # # Loop through all changes
# # #
for change in changes:
    # # #
# # # LoadData change types are not currently supported
# # #
if "loaddatachange" in change.getClass().getSimpleName().lower():
    liquibase_logger.info("LoadData change type not supported. Statement skipped.")
continue
# # #
# # # Retrieve sql as string, remove extra whitespace
# # #
raw_sql = liquibase_utilities.strip_comments(liquibase_utilities.generate_sql(change)).casefold()
raw_sql = " ".join(raw_sql.split())
# # #
# # # Split sql into statements
# # #
raw_statements = liquibase_utilities.split_statements(raw_sql)
for raw_statement in raw_statements:
    # # #
# # # Split raw_statement into list, look
for alter table, remove schema
if provided
# # #
sql_list = raw_statement.split()
try:
if sql_list[0] == "alter"
and sql_list[1] == "table"
and sql_list[3] == "add":
    # # # Table name
table_name = sql_list[2].split(".")[-1]
start = table_name.rfind("(")
if start != -1:
    table_name = table_name[0: start]
else:
    raise UserWarning
except(IndexError, ValueError):
    liquibase_logger.warning(f "Unsupported Alter statement skipped: {raw_statement}")
continue
except UserWarning:
    liquibase_logger.info(f "Non Alter statement skipped: {raw_statement}")
continue
# # #
# # # ALTER
# # #
found = False
search_string = " add ("
start = raw_statement.find(search_string)
# # #
# # # ALTER TABLE NAME ADD column type[DEFAULT value]
# # #
if start == -1:
    if raw_statement.find("default") != -1:
    found = True
column_name = sql_list[4]
# # #
# # # ALTER TABLE NAME ADD(column1 type1[DEFAULT value1], column2 type2, [DEFAULT value2], ...)
# # #
else:
    start += len(search_string)
end = raw_statement.rfind(")")
if end != -1:
    column_list = raw_statement[start: end].split(",")
for column in column_list:
    if "default" in column:
    found = True
column_name = column.split()[0].strip()
# # #
# # # Report matches
# # #
if found == True:
    liquibase_status.fired = True
status_message = str(liquibase_utilities.get_script_message()).replace("__COLUMN_NAME__", f "\"{column_name}\"")
status_message = status_message.replace("__TABLE_NAME__", f "\"{table_name}\"")
liquibase_status.message = status_message
sys.exit(1)

# # #
# # # Default
return code
# # #
False

Initiate the customization process

liquibase checks customize --check-name=CustomCheckTemplate

The CLI prompts you to finish configuring your file. A message displays:

This check cannot be customized directly because one or more fields does not have a default value.

Liquibase will then create a copy ofCustomCheckTemplateand initiate the customization workflow.

Give your check a short name so you can easily identify what Python script it is associated with

You can use up to 64 alpha-numeric characters only. In this example, we will name the check: columnDefaultValue

Set the Severity to return a code of 0-4 when triggered.

These severity codes allow you to determine if the job moves forward or stops when this check triggers. Learn more here: Use Policy Checks in Automation: Severity and Exit Code options: 'INFO'=0, 'MINOR'=1, 'MAJOR'=2, 'CRITICAL'=3, 'BLOCKER'=4

Set the SCRIPT_DESCRIPTION

In this example, we will set the description to:


This script ensures new columns do not have default values explicity listed.

Set the SCRIPT_SCOPE

In this example, we will set the scope to:

database: If your check looks for the presence of keys, indexes, or table name patterns in your database schema including Liquibase Tracking Tables. With this value, the check runs once for each database object.

Set the SCRIPT_MESSAGE

This message will display when the check is triggered. In this example we will use:

This script identified that Column __COLUMN_NAME__ in table __TABLE_NAME__ should not have a default value.

Set the SCRIPT_PATH

This is the relative path where your script is stored in relation to the changelog specified in --changelog-file, whether it is stored locally or in a repository.

In this example, we will set the path to:

scripts/column-default-value.py

This check does not require a SCRIPT_ARGUMENT, so leave this blank.

Set the REQUIRES_SNAPSHOT

If your script scope is changelog, set whether the check requires a database snapshot. Specify true if your check needs to inspect database objects.

If your script scope is database, Liquibase always takes a snapshot, so this prompt does not appear.

Note: The larger your database, the more performance impact a snapshot causes. If you cannot run a snapshot due to memory limitations, see Memory Limits of Inspecting Large Schemas.