Parameterize metric/label name validation scheme #11848
Conversation
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
3 times, most recently
from
e47a7e5 to
78ba72c
Compare
pkg/mimirtool/rules/rules.go
Outdated
| @@ -255,7 +256,8 @@ func (r RuleNamespace) Validate(groupNodes []rulefmt.RuleGroupNode) []error { | |||
| func ValidateRuleGroup(g rwrulefmt.RuleGroup, node rulefmt.RuleGroupNode) []error { | |||
| var errs []error | |||
| for i, r := range g.Rules { | |||
| for _, err := range r.Validate(node.Rules[i]) { | |||
| // TODO(juliusmh): | |||
| for _, err := range r.Validate(node.Rules[i], validation.LegacyNamingScheme) { | |||
There was a problem hiding this comment.
Q: How should we handle validation checks in mimirtool?
There was a problem hiding this comment.
I can think about it after the initial review :D
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
from
78ba72c to
549cafd
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
| if e.limits.NameValidationScheme(tenantID) == prom_validation.LegacyNamingScheme { | ||
| return prom_validation.LegacyNamingScheme, nil | ||
| } |
There was a problem hiding this comment.
Isn't it bad to enforce the legacy name validation scheme on the query path? All it will do is prevent the user from querying any metrics they ingested in the past with the UTF-8 name validation scheme?
There was a problem hiding this comment.
This PR tries to maintain the current behavior, and currently, we validate label names in label_join, label_replace and count_values with legacy scheme. Queries that don't use those functions support UTF8, today. This can be seen in the tests I did.
The question we have to answer: is there any scenario in which data returned by a querier or frontend is fed back to mimir without validation (e.g. to ingesters directly, or with label validation disabled)? If the answer is no, we can safely remove the validation. I'm assuming the answer is yes though, based on this comment.
There was a problem hiding this comment.
I believe that data will always be validated when written back by rulers. They don't skip validation.
However, I believe we should validate names in at least label_replace and label_join, as not validating may lead to unexpected results:
- functions that consume the results of
label_replaceandlabel_joinmay have undefined behaviour with invalid label names - a user testing a recording or alerting rule as a query may not realise that their rule will later fail to write samples when evaluated by rulers
pkg/streamingpromql/operators/aggregations/count_values_test.go
Outdated
Show resolved
Hide resolved
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
3 times, most recently
from
c1310a3 to
3888883
Compare
pkg/cardinality/request.go
Outdated
| @@ -262,10 +263,10 @@ func extractLabelNames(values url.Values) ([]model.LabelName, error) { | |||
|
|
|||
| labelNames := make([]model.LabelName, 0, len(labelNamesParams)) | |||
| for _, labelNameParam := range labelNamesParams { | |||
| labelName := model.LabelName(labelNameParam) | |||
| if !labelName.IsValid() { | |||
| if !validation.UTF8NamingScheme.IsValidLabelName(labelNameParam) { | |||
There was a problem hiding this comment.
Should the naming scheme used here be configurable?
There was a problem hiding this comment.
I am wondering in this case whether this code should use a parameter (instead of hard coding), but not let it be user configurable since, as I explain above, I'm not sure we want to enforce the legacy naming scheme in queries. WDYT @charleskorn?
There was a problem hiding this comment.
I don't know enough about this code path to know what makes sense here. Does Prometheus apply validation to the label names here as well?
There was a problem hiding this comment.
Does Prometheus apply validation to the label names here as well?
@juliusmh Did you check?
In any case, this is an example of read path isn't it, where we don't want to enforce the "legacy" naming scheme? If so, I think it could a non-configurable parameter/argument, just to avoid hard coding.
There was a problem hiding this comment.
Afaik, the api/v1/cardinality/* endpoints are Mimir specific.
The closest is probably db stats in prometheus admin API (calculated here), where you can get some analysis on label name/value cardinality, which, as far as I can see, doesn't involve any validation. But I'm not super confident in that analysis.
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
5 times, most recently
from
756ef29 to
448dde2
Compare
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
2 times, most recently
from
35aeae6 to
cc723b6
Compare
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
from
cc723b6 to
936bd5c
Compare
|
As discussed @aknuds1 :
For promql, the main problem is that query opts are directly constructed and passed to query engine in prometheus' v1.NewApi. Unless we want to rewrite that handler we need to somehow "modify" You're right, for MQE this can be implemented differently, see this commit. The wrapper, is/was a way of unifying this logic for promql/mimir query engine paths. |
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
from
936bd5c to
0522664
Compare
you're right 👍 |
There was a problem hiding this comment.
@dimitarvdimitrov requests a test case for an invalid label name in the cardinality API. Could you add that @juliusmh?
Also, could you add a CHANGE type changelog entry about how the read path now supports all valid UTF-8 strings at least for the label value cardinality API (/api/v1/cardinality/label_values)? Please see Slack discussion regarding the latter.
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
from
6fc01ca to
b83fffe
Compare
|
Given this was a bit chaotic, quick summary of what was addressed:
and what is still open:
|
|
thanks @juliusmh . i think only the last thread still needs resolving. i left a suggestion |
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
2 times, most recently
from
72ecc48 to
25e0428
Compare
CHANGELOG.md
Outdated
| * [CHANGE] Query-frontend: Add support for utf8 label/metric names in `/api/v1/cardinality/{label_values|label_values|active_series}` endpoints. #11848. | ||
| * [CHANGE] Querier: Add support for utf8 metric names, support utf8 label names in `label_join`, `label_replace` and `count_values` PromQL functions. #11848. |
There was a problem hiding this comment.
| * [CHANGE] Query-frontend: Add support for utf8 label/metric names in `/api/v1/cardinality/{label_values|label_values|active_series}` endpoints. #11848. | |
| * [CHANGE] Querier: Add support for utf8 metric names, support utf8 label names in `label_join`, `label_replace` and `count_values` PromQL functions. #11848. | |
| * [CHANGE] Query-frontend: Add support for UTF-8 metric and label names in `/api/v1/cardinality/{label_values|label_values|active_series}` endpoints. #11848. | |
| * [CHANGE] Querier: Add support for UTF-8 metric and label names in `label_join`, `label_replace`, and `count_values` PromQL functions. #11848. |
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
from
25e0428 to
5cc2c4b
Compare
juliusmh
changed the title
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
…(rather than NameValidatingEngine)
juliusmh
force-pushed
the
juliusmh/remove_global_name_validation
branch
from
5cc2c4b to
65bc6f8
Compare
What this PR does
Direct and indirect references to the global name validation scheme were removed in favor of a per-tenant override.
TODO:
streamingpromqlcompat.NameValidatingEngineis the right approach: Decided to do UTF8 validation in query path.Which issue(s) this PR fixes or relates to
Depends on
Fixes: #11503
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]. If changelog entry is not needed, please add thechangelog-not-neededlabel to the PR.about-versioning.mdupdated with experimental features.