Skip to content

Add fn::validate for opt-in schema validation#618

Merged
nyobe merged 8 commits intomainfrom
claire/fn-conform
Feb 10, 2026
Merged

Add fn::validate for opt-in schema validation#618
nyobe merged 8 commits intomainfrom
claire/fn-conform

Conversation

@nyobe
Copy link
Contributor

@nyobe nyobe commented Feb 6, 2026
edited
Loading

Adds a new built-in function fn::validate that takes a value and validate it according to a json schema. If the value conforms to the schema, it's passed through unchanged. If there is a validation error, check will fail with a diagnostic indicating the problem.

Referencing a schema using an implicit import gives the user a light weight way to apply their own validations to their config. For example, a schema might require that an Owner tag be present in pulumiConfig aws:defaultTags:

# schema/awsProvider
values:
  type: object
  properties:
    aws:defaultTags:
      type: object
      properties:
        tags:
          additionalProperties:
            type: string
          # Require Owner tag to be set
          properties:
            Owner:
              type: string
          required: ["Owner"]
      required: ["tags"]
    required: ["aws:defaultTags"]

Then, using fn::validate, you can ensure that your config conforms to the schema:

# default/example
values:
  pulumiConfig:
    fn::conform:
      schema: ${environments.schema.awsProvider}
      value:
        aws:defaultTags:
          tags:
            Owner: Claire

We might consider allowing fn::validate at the top level, so a schema can define the expected shape of the overall environment. I'll explore this in a followup.

@nyobe nyobe requested a review from a team February 7, 2026 05:14
borisschlosser
borisschlosser reviewed Feb 9, 2026
View reviewed changes
Copy link
Contributor

@borisschlosser borisschlosser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you guide me how to use the feature exactly? Users can define an own schema environments right? Are there any edge cases which need to be considered (like mixing schema and non-schema content in one environment)?

@tehsis
Copy link
Collaborator

tehsis commented Feb 9, 2026

Can you guide me how to use the feature exactly? Users can define an own schema environments right? Are there any edge cases which need to be considered (like mixing schema and non-schema content in one environment)?

On how to use it, I've wrote some docs around it http://www-testing-pulumi-docs-origin-pr-17337-78e223f9.s3-website.us-west-2.amazonaws.com/docs/esc/environments/syntax/builtin-functions/fn-conform/

@nyobe
Copy link
Contributor Author

nyobe commented Feb 9, 2026

there shouldn't be edge cases, schemas are valid json. they might pollute the environment with information you don't care about, so I recommend using inline imports to references.

@nyobe nyobe force-pushed the claire/fn-conform branch from ee64f66 to 0c51e28 Compare February 9, 2026 21:57
@nyobe nyobe force-pushed the claire/fn-conform branch from 0c51e28 to fec57c7 Compare February 10, 2026 01:01
@nyobe nyobe changed the title Add fn::conform for opt-in schema validation Add fn::validate for opt-in schema validation Feb 10, 2026
@nyobe nyobe merged commit 62922cf into main Feb 10, 2026
8 checks passed
@nyobe nyobe deleted the claire/fn-conform branch February 10, 2026 20:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@borisschlosser borisschlosser borisschlosser left review comments

@tehsis tehsis tehsis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nyobe @tehsis @borisschlosser