[net/http] add http.server.active_requests metric #4543
Conversation
hadrienk
requested review from
Aneurysm9,
dmathieu and
a team
as code owners
|
I suppose we could add a comment somewhere about the fact that only metrics recorded after the handler is called are modifiable using a |
|
➕ |
|
Please resolve the conflicts. Otherwise I cannot even run the GitHub workflows. |
hadrienk
force-pushed
the
add-active-requests
branch
from
8a917ed
to
4be1478
Compare
|
Tried hard to add the route tag to the |
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #4543 +/- ##
=====================================
Coverage 80.8% 80.8%
=====================================
Files 150 150
Lines 10371 10361 -10
=====================================
- Hits 8387 8380 -7
+ Misses 1840 1835 -5
- Partials 144 146 +2
|
|
Anything else you need me to do on this PR? |
| @@ -226,6 +244,10 @@ func (h *middleware) serveHTTP(w http.ResponseWriter, r *http.Request, next http | |||
| labeler := &Labeler{} | |||
| ctx = injectLabeler(ctx, labeler) | |||
|
|
|||
| attrs := metric.WithAttributes(httpSchemeFromRequest(r), semconv.HTTPMethod(r.Method)) | |||
There was a problem hiding this comment.
This line would bring back the vulnerability caused by unbound cardinality metric attribute (HTTP method) GHSA-rcjv-mgp8-qvmr
It is OK to not add it. Take notice that this attribute is not specified in v1.20.0 (https://github.com/open-telemetry/opentelemetry-specification/blob/v1.20.0/specification/metrics/semantic_conventions/http-metrics.md) nor in the latest (https://opentelemetry.io/docs/specs/semconv/http/http-metrics/#metric-httpserveractive_requests) |
Follow up of #2617. As @Aneurysm9 pointed out the
Labelercan only be used after the next handler has been called. This means that for active requests it is impossible to inject attributes this way.