Get controller labels from controller, not params #293
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prometheus_exporter currently reads the controller and action label from action_dispatch.request.parameters. This can lead to conflicts, where there's a form parameter called "action", or "controller" which takes precedence over "which controller action is this?". This can be validated with a curl request to a rails application instrumented with prometheus_exporter: curl -v http://127.0.0.1:3000/ --data 'controller=test' Results in: # HELP http_requests_total Total HTTP requests from web app. # TYPE http_requests_total counter http_requests_total{action="other",controller="test",status="404"} 1 This commit pulls the controller instance from `action_controller.instance`, and then calls the controller_name / action_name methods, which should be accurate even when conflicting form parameters are provided.
richardTowers
added a commit
to alphagov/govuk_app_config
that referenced
this pull request
Oct 3, 2023
I've got an open PR to do this for the default default in prometheus_exporter itself: github[.]com/discourse/prometheus_exporter/pull/293 But it's unclear whether the maintainers will accept that, and if so how long that will take. In the meantime, we've got quite a bit of noise in our metrics because it's currently possible for an HTTP request to overwrite the action / controller labels by passing them in as request parameters like this: curl -v http://127.0.0.1:3000/ --data 'controller=test' This commit extends the default middleware so we have more sensible defaults for both Rails and Sinatra apps. I couldn't work out any good labels for sinatra apps that wouldn't be potentially high cardinality, so those are just blank.
richardTowers
added a commit
to alphagov/govuk_app_config
that referenced
this pull request
Oct 3, 2023
I've got an open PR to do this for the default default in prometheus_exporter itself: github.com/discourse/prometheus_exporter/pull/293 But it's unclear whether the maintainers will accept that, and if so how long that will take. In the meantime, we've got quite a bit of noise in our metrics because it's currently possible for an HTTP request to overwrite the action / controller labels by passing them in as request parameters like this: curl -v http://127.0.0.1:3000/ --data 'controller=test' This commit extends the default middleware so we have more sensible defaults for both Rails and Sinatra apps. I couldn't work out any good labels for sinatra apps that wouldn't be potentially high cardinality, so those are just blank.
richardTowers
added a commit
to alphagov/govuk_app_config
that referenced
this pull request
Oct 3, 2023
I've got an open PR to do this for the default default in prometheus_exporter itself: github.com/discourse/prometheus_exporter/pull/293 But it's unclear whether the maintainers will accept that, and if so how long that will take. In the meantime, we've got quite a bit of noise in our metrics because it's currently possible for an HTTP request to overwrite the action / controller labels by passing them in as request parameters like this: curl -v http://127.0.0.1:3000/ --data 'controller=test' This commit extends the default middleware so we have more sensible defaults for both Rails and Sinatra apps. I couldn't work out any good labels for sinatra apps that wouldn't be potentially high cardinality, so those are just blank.
tgxworld
approved these changes
Apr 17, 2025
Collaborator
|
Hi there! Any news? |
Member
|
thanks. sorry it has taken so long to merge. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
prometheus_exporter currently reads the controller and action label from action_dispatch.request.parameters. This can lead to conflicts, where there's a form parameter called "action", or "controller" which takes precedence over "which controller action is this?".
This can be validated with a curl request to a rails application instrumented with prometheus_exporter:
Results in:
This commit pulls the controller instance from
action_controller.instance, and then calls the controller_name / action_name methods, which should be accurate even when conflicting form parameters are provided.I haven't added any new tests for this, but I have tested it locally (by pointing a local rails app at a local copy of the gem, and doing the curl request above). Please let me know if you'd like a test (I might need a hint as to where to put it though).