A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
If the query string contains non-static values, then a new prometheus metric will be created for each request. The number of metrics increasing over time could cause stability issues.
The expected metrics should be a collapsed path like:
[x] I confirm that this pull request does not address a security
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
security@ory.sh) from the maintainers to push
the changes.
[x] I have added tests that prove my fix is effective or that my feature
works.
When the first path segment of a request has a query string the metrics middleware includes the query string in a collapsed path.
For example,
/hello?uid=46cfcbdd-fd45-4fb2-a301-47bc24024b5c
produces a metric like this:If the query string contains non-static values, then a new prometheus metric will be created for each request. The number of metrics increasing over time could cause stability issues.
The expected metrics should be a collapsed path like:
This PR truncates any query string when collapsing the path.
Related issue(s)
Original metrics cardinality issue: https://github.com/ory/oathkeeper/issues/446
Checklist
Further Comments
The results of this issue are also visible in standard Oathkeeper Grafana dashboard: