Schema Validation

Custom Error Payloads for Schema Violations: Precision Diagnostics and Safe Recovery in MongoDB Pipelines

When enforcing document structure at the database layer, the default MongoDB validation error output is notoriously opaque for automated systems. A raw MongoServerError containing a nested errInfo object rarely survives intact through modern application routers, message queues, or Python-based ETL frameworks. Platform teams and data engineers require deterministic, machine-readable payloads that map directly to schema rules, field paths, and remediation steps. This guide details the exact server-side configuration, driver-level interception, and payload transformation required to convert opaque validation failures into actionable, custom error payloads.

The Default Error Signature and Production Failure Modes

When a document violates a $jsonSchema rule, MongoDB returns a WriteError with code 121. The raw payload includes a verbose errInfo object that can break down under production load: connection pool timeouts occasionally truncate deeply nested diagnostics, driver-specific BSON serializers inconsistently render ObjectId or Decimal128 types, and the schemaRulesNotSatisfied array lacks deterministic routing metadata. For teams building Automated Schema Enforcement & Monitoring, relying on raw server output introduces parsing fragility and obscures the exact validation boundary that failed. Incident responders cannot reliably trigger automated rollback or dead-letter queue routing when error payloads drift across driver versions or connection multiplexers.

The Validator and the Structured Error It Produces

MongoDB does not let you customize the validation error code or inject an arbitrary payload from inside the validator: a $jsonSchema violation always surfaces as error code 121 (DocumentValidationFailure). What MongoDB 5.0+ provides is a richly structured errInfo.details.schemaRulesNotSatisfied object that names the failing rule, the property path, and the expected constraint. The reliable pattern is therefore to define a precise validator — using description keywords for human-readable hints — and then translate that structured errInfo into your own stable, machine-readable payload at the driver boundary (shown in the next section). The validator below is applied atomically via collMod and persists across replica set elections.

db.runCommand({
  collMod: "user_events",
  validator: {
    $jsonSchema: {
      bsonType: "object",
      required: ["user_id", "event_type", "timestamp"],
      properties: {
        user_id: { bsonType: "string" },
        event_type: {
          enum: ["click", "view", "purchase"],
          description: "event_type must be one of [click, view, purchase]"
        },
        timestamp: { bsonType: "date" }
      }
    }
  },
  validationLevel: "strict",
  validationAction: "error"
})

Critical Constraints:

  • The error code for any validator failure is always 121; it cannot be customized server-side. Branch your handling on the rule names inside errInfo, not on a bespoke code.
  • A description keyword on a property is echoed back in errInfo, giving you a human-readable hint without walking the entire tree.
  • Dynamic interpolation (injecting the actual violating value) is not supported server-side; use application-layer enrichment if runtime values are required.
  • Applying a validator requires collMod privileges and triggers a brief metadata lock on the collection. Schedule during low-write windows or use rolling validator deployments.

Reference the official collMod documentation for exact privilege requirements and lock behavior.

flowchart TD
  W["insert_one"] --> C{"WriteError<br/>code 121?"}
  C -->|"no"| RE["Re-raise"]
  C -->|"yes"| P["Parse errInfo<br/>schemaRulesNotSatisfied"]
  P --> M["Map to custom payload:<br/>field, severity"]
  M --> L["Structured log"]
  M --> DLQ["Route to DLQ"]

Driver-Level Interception and Python Transformation

Raw server errors must be intercepted immediately at the driver boundary before entering business logic. In Python automation pipelines, pymongo.errors.WriteError and pymongo.errors.BulkWriteError expose the structured payload. The following pattern extracts a custom error, normalizes it, and routes it to a structured logging sink without blocking the primary write thread.

from pymongo import MongoClient, errors
from datetime import datetime, timezone
import logging
import json

logger = logging.getLogger("schema_validator")

def _first_failing_path(err_info):
    """Pull the first failing property path out of a 121 errInfo tree."""
    details = (err_info or {}).get("details", {})
    for rule in details.get("schemaRulesNotSatisfied", []):
        # Required violations list missing properties directly
        missing = rule.get("missingProperties")
        if missing:
            return missing[0]
        # Property-level violations nest under propertiesNotSatisfied
        props = rule.get("propertiesNotSatisfied")
        if props:
            return props[0].get("propertyName", "unknown")
    return "unknown"

def execute_with_schema_guard(collection, document):
    try:
        collection.insert_one(document)
    except errors.WriteError as e:
        # Every $jsonSchema violation surfaces as code 121; build the custom
        # payload from the structured errInfo rather than a bespoke error code.
        if e.code == 121:
            field = _first_failing_path(e.details.get("errInfo"))
            log_entry = {
                "severity": "SCHEMA_VIOLATION",
                "code": e.code,
                "collection": collection.name,
                "field": field,
                "remediation": "manual_review",
                "document_id": str(document.get("_id", "unassigned")),
                "timestamp_utc": datetime.now(timezone.utc).isoformat()
            }
            logger.warning(json.dumps(log_entry))
            # Route to async validation queue or DLQ
            return {"status": "rejected", "route": "dlq", "payload": log_entry}
        # Fallback for non-validation write errors or network failures
        raise

For bulk operations, iterate through e.details["writeErrors"] and apply the same extraction logic. Always validate against the PyMongo error handling reference to ensure compatibility with driver 4.x+ exception hierarchies.

Zero-Downtime Recovery and Validation Pipeline Patterns

Enforcing strict schemas on high-throughput collections requires graceful degradation paths. When a custom error payload triggers, the system must avoid cascading backpressure or blocking ingestion pipelines. Implement the following zero-downtime patterns:

  1. Decouple rejection from write acknowledgment: Accept the document into a staging collection with a validation_status: "pending" flag, then process it through a background worker that applies the $jsonSchema rules asynchronously. On failure, emit the custom payload to a metric sink and update the document status.
  2. Fallback Validation Chains: Maintain dual validators during schema migrations. Apply the legacy validator with validationLevel: "moderate" and the new validator with validationAction: "warn" initially. Once error rates drop below threshold, switch to validationAction: "error". This prevents hard failures during rolling deployments.
  3. Partitioned consumer groups: If validation workers consume from the same change stream as the primary ingestion service, implement partitioned consumer groups keyed by shardKey or tenantId. Avoid global locks on validation queues.

Teams implementing these patterns should align their error routing with established Categorizing Schema Validation Errors taxonomies to ensure consistent alerting thresholds and automated remediation playbooks.

Incident Runbook: Exact Log Matching and Rapid Triage

When schema violations spike, incident commanders require deterministic log patterns to isolate the failure domain within minutes. Use the following exact matching rules in your observability stack:

Pattern Regex / Query Severity Action
Enum Mismatch severity:SCHEMA_VIOLATION AND field:event_type P2 Route to DLQ, notify data engineering
Missing Required Field severity:SCHEMA_VIOLATION AND field:<required_field> P1 Block upstream producer, trigger schema drift alert
Schema Violation (generic) code:121 P2 Quarantine document, run type-cast remediation job
Unhandled Write Error code:11000 OR code:13 P3 Distinguish duplicate-key / auth failures from validation

Triage Steps:

  1. Query logs for severity:SCHEMA_VIOLATION grouped by field and collection.
  2. Cross-reference with deployment timestamps to identify recent schema pushes.
  3. If field resolves to unknown, inspect the raw errInfo.details.schemaRulesNotSatisfied tree to confirm the parser covers the failing rule type.
  4. If rejection rate exceeds 5% of total writes, temporarily switch validationAction to "warn" to restore ingestion velocity while root cause analysis proceeds.
  5. Validate that the fallback chain or async queue is draining. Confirm zero data loss before re-enforcing strict mode.

Custom error payloads transform schema validation from a blocking database constraint into a diagnosable, automatable pipeline control point. By standardizing driver-level extraction and zero-downtime routing, platform teams eliminate parsing ambiguity and accelerate incident resolution without sacrificing data integrity.

Related in this section

Async Validation Monitoring DashboardsAsynchronous validation monitoring dashboards serve as the observability backbone for decoupled schema enforcement in high-throughput… Building Fallback Validation Chains: MongoDB Schema EnforcementModern data ingestion pipelines rarely operate in a static schema environment. As product features evolve, third-party integrations shift… Categorizing Schema Validation ErrorsIn production MongoDB environments, schema validation failures are rarely uniform. A single BulkWriteError can surface dozens of distinct… Implementing Collection-Level ValidatorsCollection-level validators serve as the enforcement boundary between application logic and persistent storage in MongoDB. When deployed…