Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Never use user input for web metrics #511

Merged
merged 3 commits into from
Mar 10, 2023
Merged

Never use user input for web metrics #511

merged 3 commits into from
Mar 10, 2023

Conversation

n0tl3ss
Copy link
Member

@n0tl3ss n0tl3ss commented Mar 9, 2023
edited by graemerocher
Loading

  • Use service ID instead of host to identify clients
  • Fallback to a fixed unmatched URI when template is not found

Fixes #458 and Fixes #397

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ Java CI failed: https://ge.micronaut.io/s/n2l5mnrhir4xk

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ GraalVM CE CI 17 latest failed: https://ge.micronaut.io/s/er5uecux4i7ak

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ Java CI failed: https://ge.micronaut.io/s/6wuclqiwq4frc

@n0tl3ss n0tl3ss requested a review from graemerocher March 9, 2023 14:31
@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ GraalVM CE CI 17 latest failed: https://ge.micronaut.io/s/bkjw2awzxuk5i

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ Java CI failed: https://ge.micronaut.io/s/ki4cju5fixuzo

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ Java CI failed: https://ge.micronaut.io/s/dnkfqulme3ebs

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ GraalVM CE CI 17 latest failed: https://ge.micronaut.io/s/gnjxg7hyu4myg

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ GraalVM CE CI 17 latest failed: https://ge.micronaut.io/s/wkvzvue4cytga

@github-actions
Copy link

github-actions bot commented Mar 9, 2023

❌ Java CI failed: https://ge.micronaut.io/s/ty7kb6md7swmi

@graemerocher graemerocher changed the title Fix #458 (Issue with websockets) Never use user input for web metrics Mar 10, 2023
@graemerocher graemerocher added the type: bug Something isn't working label Mar 10, 2023
@graemerocher graemerocher self-assigned this Mar 10, 2023
@graemerocher graemerocher merged commit 1b57843 into 4.8.x Mar 10, 2023
@graemerocher graemerocher deleted the bug/458 branch March 10, 2023 11:32
@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

96.0% 96.0% Coverage
0.0% 0.0% Duplication

@frank-mueller-at-kiwigrid-com
Copy link

I'm new to Github, so please apologize if this is not the correct way to re-open a bug.
Please advise if I should do it in a different way.

After upgrading my Micronaut project to Micronaut Micrometer 5.8.0 the built-in metrics "http_client_requests_seconds_count" & "http_client_requests_seconds_sum" metrics seem to be broken.

Environment

  • Micronaut BOM
    io.micronaut.platform:micronaut-platform:4.6.2
    which resolves to
    io.micronaut.micrometer:micronaut-micrometer-registry-prometheus:5.8.0
    io.micrometer:micrometer-core:1.13.3
    io.prometheus:simpleclient:0.16.0

  • Micronaut app with 2 HTTP clients configured
    Client A neither sets "micronaut.http.route.template" nor "micronaut.http.serviceId" to the request
    Client B sets "micronaut.http.route.template" and "micronaut.http.serviceId" to the request

  • Micronaut app configured to write web metrics using Prometheus

Steps to reproduce

  • run your Micronaut App
  • initiate an action that let Client A send a request and thus
  • initiate an action that let Client B send a request
  • check the "http_client_requests_seconds_count" & "http_client_requests_seconds_sum" metrics at the "/prometheus" endpoint of your Micronaut App

Expected
You find metrics produced by both client.

Actual
You find metrics produced by Client A only. Or more general, you find metrics of those client that writes as the first to the metric. The same would happen if Client B goes first.

Assumption
With this bugfix, ClientRequestMetricRegistryFilter & WebMetricsPublisher only writes the "uri" and/or "serviceId" tag if the corresponding request attribute was set by the client.
In the given example, this behavior causes two write operations happen to the same metric with a different set of tags.
However the Prometheus client does not like that.
See micrometer-metrics/micrometer#877 and prometheus/client_java#696

As I'm just a user of the built-in "http_client_requests_seconds_count" & "http_client_requests_seconds_sum" metrics I have no chance to change that behavior.

Suggested fix
As there seems to be different opinions about whether this is a problem in Prometheus client or in Micrometer Prometheus integration and since it unclear when the actual problem gets fixed, I suggest to fix it in Micrometer core:

Let ClientRequestMetricRegistryFilter & WebMetricsPublisher always write the "uri" and "serviceId" tag. If "micronaut.http.route.template" or "micronaut.http.serviceId" are missing at the request, use an artifical constants as tag value.

@sdelamo
Copy link
Contributor

sdelamo commented Oct 29, 2024

@frank-mueller-at-kiwigrid-com create a separate issue if you think it is necessary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@graemerocher graemerocher Awaiting requested review from graemerocher

Assignees

@graemerocher graemerocher

Labels
type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@n0tl3ss @frank-mueller-at-kiwigrid-com @sdelamo @graemerocher