Add prometheus metrics
📇 Context
The path traversal middleware is working pretty well. The context is explained here.
As we're preparing the next steps, we noted that the observability of the middleware was lacking.
We want to have a clear view on:
- the impact of the middleware in terms of execution time.
- the amount of rejected requests.
Thus, https://gitlab.com/gitlab-org/gitlab/-/issues/498510+ was created and the very first steps is to update the middleware code to start sending (promotheus) metrics.
🤔 What does this MR do and why?
- Add promotheus metrics to the path traversal check middleware.
- A duration histogram with custom buckets for the measured execution time.
- A counter for the number of rejected requests.
- Update the related specs.
The path traversal check middleware is still behind a feature flag. Thus, we don't need a changelog here.
We followed https://docs.gitlab.com/ee/development/prometheus_metrics.html.
🏎 MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
🦄 Screenshots or screen recordings
From the /-/metrics url:
⚙ How to set up and validate locally
In a rails console:
- Enable the general middleware feature flag :
Feature.enable(:check_path_traversal_middleware) - Enable (or not) the reject request behavior of the middleware:
Feature.enable(:check_path_traversal_middleware_reject_requests). If enabled, requests with attempts are rejected with a400 Bad Requestresponse else all requests are accepted.
You can also browse the GitLab instance as usual. This will execute the middleware on requests without attempts.
When ready, check /-/metrics and you should see something similar to the above screen.
Related to #498510