feat(querier): validate label/metric names with per-tenant naming scheme

Author: juliusmh

pkg/cardinality/request.go

@@ -13,6 +13,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/prometheus/common/model"
 	"github.com/prometheus/prometheus/model/labels"
+	"github.com/prometheus/prometheus/model/validation"
 	"github.com/prometheus/prometheus/promql/parser"
 )
 
@@ -145,27 +146,38 @@ func (r *LabelValuesRequest) String() string {
 
 // DecodeLabelValuesRequest decodes the input http.Request into a LabelValuesRequest.
 // The input http.Request can either be a GET or POST with URL-encoded parameters.
-func DecodeLabelValuesRequest(r *http.Request, tenantMaxLimit int) (*LabelValuesRequest, error) {
+func DecodeLabelValuesRequest(
+	r *http.Request,
+	tenantMaxLimit int,
+	tenantNameValidationScheme validation.NamingScheme,
+) (*LabelValuesRequest, error) {
 	if err := r.ParseForm(); err != nil {
 		return nil, err
 	}
-
-	return DecodeLabelValuesRequestFromValuesWithTenantMaxLimit(r.Form, tenantMaxLimit)
+	return DecodeLabelValuesRequestFromValuesWithTenantLimits(
+		r.Form,
+		tenantMaxLimit,
+		tenantNameValidationScheme,
+	)
 }
 
 // DecodeLabelValuesRequestFromValues is like DecodeLabelValuesRequest but takes url.Values in input.
 func DecodeLabelValuesRequestFromValues(values url.Values) (*LabelValuesRequest, error) {
-	return DecodeLabelValuesRequestFromValuesWithTenantMaxLimit(values, 0)
+	return DecodeLabelValuesRequestFromValuesWithTenantLimits(values, 0, validation.LegacyNamingScheme)
 }
 
-// DecodeLabelValuesRequestFromValuesWithTenantMaxLimit is like DecodeLabelValuesRequestFromValues but also accepts the tenantMaxLimit
-func DecodeLabelValuesRequestFromValuesWithTenantMaxLimit(values url.Values, tenantMaxLimit int) (*LabelValuesRequest, error) {
+// DecodeLabelValuesRequestFromValuesWithTenantLimits decodes label values from url.Values, respecting tenant limits.
+func DecodeLabelValuesRequestFromValuesWithTenantLimits(
+	values url.Values,
+	tenantMaxLimit int,
+	tenantNameValidationScheme validation.NamingScheme,
+) (*LabelValuesRequest, error) {
 	var (
 		parsed = &LabelValuesRequest{}
 		err    error
 	)
 
-	parsed.LabelNames, err = extractLabelNames(values)
+	parsed.LabelNames, err = extractLabelNames(values, tenantNameValidationScheme)
 	if err != nil {
 		return nil, err
 	}
@@ -254,18 +266,18 @@ func extractLimit(values url.Values, tenantMaxLimit int) (limit int, err error)
 }
 
 // extractLabelNames parses and gets label_names query parameter containing an array of label values
-func extractLabelNames(values url.Values) ([]model.LabelName, error) {
+func extractLabelNames(values url.Values, nameValidationScheme validation.NamingScheme) ([]model.LabelName, error) {
 	labelNamesParams := values["label_names[]"]
 	if len(labelNamesParams) == 0 {
 		return nil, fmt.Errorf("'label_names[]' param is required")
 	}
 
 	labelNames := make([]model.LabelName, 0, len(labelNamesParams))
 	for _, labelNameParam := range labelNamesParams {
-		labelName := model.LabelName(labelNameParam)
-		if !labelName.IsValid() {
+		if !nameValidationScheme.IsValidLabelName(labelNameParam) {
 			return nil, fmt.Errorf("invalid 'label_names' param '%v'", labelNameParam)
 		}
+		labelName := model.LabelName(labelNameParam)
 		labelNames = append(labelNames, labelName)
 	}
 

pkg/cardinality/request_test.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/prometheus/common/model"
 	"github.com/prometheus/prometheus/model/labels"
+	"github.com/prometheus/prometheus/model/validation"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -98,7 +99,7 @@ func TestDecodeLabelValuesRequest(t *testing.T) {
 		req, err := http.NewRequest("GET", "http://localhost?"+params.Encode(), nil)
 		require.NoError(t, err)
 
-		actual, err := DecodeLabelValuesRequest(req, 0)
+		actual, err := DecodeLabelValuesRequest(req, 0, validation.LegacyNamingScheme)
 		require.NoError(t, err)
 
 		assert.Equal(t, expected, actual)
@@ -109,7 +110,7 @@ func TestDecodeLabelValuesRequest(t *testing.T) {
 		require.NoError(t, err)
 		req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 
-		actual, err := DecodeLabelValuesRequest(req, 0)
+		actual, err := DecodeLabelValuesRequest(req, 0, validation.LegacyNamingScheme)
 		require.NoError(t, err)
 
 		assert.Equal(t, expected, actual)

pkg/mimir/modules.go

@@ -827,6 +827,8 @@ func (t *Mimir) initQueryFrontendTripperware() (serv services.Service, err error
 		panic(fmt.Sprintf("invalid config not caught by validation: unknown PromQL engine '%s'", t.Cfg.Querier.QueryEngine))
 	}
 
+	eng = streamingpromqlcompat.NameValidatingEngine(eng, t.Overrides)
+
 	tripperware, err := querymiddleware.NewTripperware(
 		t.Cfg.Frontend.QueryMiddleware,
 		util_log.Logger,

pkg/querier/cardinality_analysis_handler.go

@@ -67,7 +67,8 @@ func LabelValuesCardinalityHandler(distributor Distributor, limits *validation.O
 			return
 		}
 		tenantMaxLimit := limits.CardinalityAnalysisMaxResults(tenantID)
-		cardinalityRequest, err := cardinality.DecodeLabelValuesRequest(r, tenantMaxLimit)
+		tenantValidationScheme := limits.NameValidationScheme(tenantID)
+		cardinalityRequest, err := cardinality.DecodeLabelValuesRequest(r, tenantMaxLimit, tenantValidationScheme)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return

pkg/querier/engine/config.go

@@ -53,7 +53,12 @@ func (cfg *Config) RegisterFlags(f *flag.FlagSet) {
 }
 
 // NewPromQLEngineOptions returns the PromQL engine options based on the provided config.
-func NewPromQLEngineOptions(cfg Config, activityTracker *activitytracker.ActivityTracker, logger log.Logger, reg prometheus.Registerer) (promql.EngineOpts, streamingpromql.EngineOpts) {
+func NewPromQLEngineOptions(
+	cfg Config,
+	activityTracker *activitytracker.ActivityTracker,
+	logger log.Logger,
+	reg prometheus.Registerer,
+) (promql.EngineOpts, streamingpromql.EngineOpts) {
 	commonOpts := promql.EngineOpts{
 		Logger:               util_log.SlogFromGoKit(logger),
 		Reg:                  reg,

pkg/querier/querier.go

@@ -197,6 +197,7 @@ func New(cfg Config, limits *validation.Overrides, distributor Distributor, quer
 		panic(fmt.Sprintf("invalid config not caught by validation: unknown PromQL engine '%s'", cfg.QueryEngine))
 	}
 
+	eng = compat.NameValidatingEngine(eng, limits)
 	return NewSampleAndChunkQueryable(lazyQueryable), exemplarQueryable, eng, nil
 }
 

pkg/querier/stats_renderer_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/grafana/dskit/user"
 	"github.com/grafana/regexp"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/common/model"
 	"github.com/prometheus/common/promslog"
 	"github.com/prometheus/common/route"
 	"github.com/prometheus/prometheus/config"
@@ -26,12 +25,6 @@ import (
 	mimir_stats "github.com/grafana/mimir/pkg/querier/stats"
 )
 
-func init() {
-	// Mimir doesn't support Prometheus' UTF-8 metric/label name scheme yet.
-	// nolint:staticcheck
-	model.NameValidationScheme = model.LegacyValidation
-}
-
 func TestStatsRenderer(t *testing.T) {
 
 	testCases := map[string]struct {

pkg/streamingpromql/compat/name_validating_engine.go

@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: AGPL-3.0-only
+
+package compat
+
+import (
+	"context"
+	"time"
+
+	"github.com/grafana/dskit/tenant"
+	prom_validation "github.com/prometheus/prometheus/model/validation"
+	"github.com/prometheus/prometheus/promql"
+	"github.com/prometheus/prometheus/storage"
+
+	"github.com/grafana/mimir/pkg/util/validation"
+)
+
+type nameValidatingEngine struct {
+	engine promql.QueryEngine
+	limits *validation.Overrides
+}
+
+// NameValidatingEngine creates a new promql.QueryEngine that wraps engine and overrides query options
+// with the tenants naming scheme from limits.
+func NameValidatingEngine(engine promql.QueryEngine, limits *validation.Overrides) promql.QueryEngine {
+	return &nameValidatingEngine{engine: engine, limits: limits}
+}
+
+type optsWithNamingScheme struct {
+	promql.QueryOpts
+	namingScheme prom_validation.NamingScheme
+}
+
+func (o optsWithNamingScheme) EnablePerStepStats() bool {
+	return o.QueryOpts.EnablePerStepStats()
+}
+
+func (o optsWithNamingScheme) LookbackDelta() time.Duration {
+	return o.QueryOpts.LookbackDelta()
+}
+
+func (o optsWithNamingScheme) NameValidationScheme() prom_validation.NamingScheme {
+	return o.namingScheme
+}
+
+func (e nameValidatingEngine) NewInstantQuery(ctx context.Context, q storage.Queryable, opts promql.QueryOpts, qs string, ts time.Time) (promql.Query, error) {
+	userID, err := tenant.TenantID(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if opts == nil {
+		opts = promql.NewPrometheusQueryOpts(false, 0, prom_validation.UTF8NamingScheme)
+	}
+	opts = &optsWithNamingScheme{
+		QueryOpts:    opts,
+		namingScheme: e.limits.NameValidationScheme(userID),
+	}
+	return e.engine.NewInstantQuery(ctx, q, opts, qs, ts)
+}
+
+func (e nameValidatingEngine) NewRangeQuery(ctx context.Context, q storage.Queryable, opts promql.QueryOpts, qs string, start, end time.Time, interval time.Duration) (promql.Query, error) {
+	userID, err := tenant.TenantID(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if opts == nil {
+		opts = promql.NewPrometheusQueryOpts(false, 0, prom_validation.UTF8NamingScheme)
+	}
+	opts = &optsWithNamingScheme{
+		QueryOpts:    opts,
+		namingScheme: e.limits.NameValidationScheme(userID),
+	}
+	return e.engine.NewRangeQuery(ctx, q, opts, qs, start, end, interval)
+}

pkg/streamingpromql/engine_test.go

@@ -24,6 +24,7 @@ import (
 	"github.com/prometheus/prometheus/model/histogram"
 	"github.com/prometheus/prometheus/model/labels"
 	"github.com/prometheus/prometheus/model/timestamp"
+	"github.com/prometheus/prometheus/model/validation"
 	"github.com/prometheus/prometheus/promql"
 	"github.com/prometheus/prometheus/promql/parser"
 	"github.com/prometheus/prometheus/promql/parser/posrange"
@@ -3207,7 +3208,7 @@ func TestQueryStats(t *testing.T) {
 	runQueryAndGetSamplesStats := func(t *testing.T, engine promql.QueryEngine, expr string, isInstantQuery bool) *promstats.QuerySamples {
 		var q promql.Query
 		var err error
-		opts := promql.NewPrometheusQueryOpts(true, 0)
+		opts := promql.NewPrometheusQueryOpts(true, 0, validation.LegacyNamingScheme)
 		if isInstantQuery {
 			q, err = engine.NewInstantQuery(context.Background(), storage, opts, expr, end)
 		} else {
@@ -3501,7 +3502,7 @@ func TestQueryStatsUpstreamTestCases(t *testing.T) {
 	runQueryAndGetSamplesStats := func(t *testing.T, engine promql.QueryEngine, expr string, start, end time.Time, interval time.Duration) *promstats.QuerySamples {
 		var q promql.Query
 		var err error
-		opts := promql.NewPrometheusQueryOpts(true, 0)
+		opts := promql.NewPrometheusQueryOpts(true, 0, validation.LegacyNamingScheme)
 
 		if interval == 0 {
 			// Instant query
@@ -3882,7 +3883,7 @@ func TestQueryStatementLookbackDelta(t *testing.T) {
 		require.NoError(t, err)
 
 		t.Run("lookback delta not set in query options", func(t *testing.T) {
-			queryOpts := promql.NewPrometheusQueryOpts(false, 0)
+			queryOpts := promql.NewPrometheusQueryOpts(false, 0, validation.LegacyNamingScheme)
 			runTest(t, engine, queryOpts, defaultLookbackDelta)
 		})
 
@@ -3891,7 +3892,7 @@ func TestQueryStatementLookbackDelta(t *testing.T) {
 		})
 
 		t.Run("lookback delta set in query options", func(t *testing.T) {
-			queryOpts := promql.NewPrometheusQueryOpts(false, 14*time.Minute)
+			queryOpts := promql.NewPrometheusQueryOpts(false, 14*time.Minute, validation.LegacyNamingScheme)
 			runTest(t, engine, queryOpts, 14*time.Minute)
 		})
 	})
@@ -3903,7 +3904,7 @@ func TestQueryStatementLookbackDelta(t *testing.T) {
 		require.NoError(t, err)
 
 		t.Run("lookback delta not set in query options", func(t *testing.T) {
-			queryOpts := promql.NewPrometheusQueryOpts(false, 0)
+			queryOpts := promql.NewPrometheusQueryOpts(false, 0, validation.LegacyNamingScheme)
 			runTest(t, engine, queryOpts, 12*time.Minute)
 		})
 
@@ -3912,7 +3913,7 @@ func TestQueryStatementLookbackDelta(t *testing.T) {
 		})
 
 		t.Run("lookback delta set in query options", func(t *testing.T) {
-			queryOpts := promql.NewPrometheusQueryOpts(false, 14*time.Minute)
+			queryOpts := promql.NewPrometheusQueryOpts(false, 14*time.Minute, validation.LegacyNamingScheme)
 			runTest(t, engine, queryOpts, 14*time.Minute)
 		})
 	})

pkg/streamingpromql/operators/aggregations/aggregation_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/prometheus/prometheus/model/histogram"
 	"github.com/prometheus/prometheus/model/labels"
 	"github.com/prometheus/prometheus/model/timestamp"
+	"github.com/prometheus/prometheus/model/validation"
 	"github.com/prometheus/prometheus/promql"
 	"github.com/prometheus/prometheus/promql/parser"
 	"github.com/prometheus/prometheus/promql/parser/posrange"
@@ -337,7 +338,16 @@ func TestAggregations_ReturnIncompleteGroupsOnEarlyClose(t *testing.T) {
 		"count_values": {
 			createOperator: func(inner types.InstantVectorOperator, queryTimeRange types.QueryTimeRange, memoryConsumptionTracker *limiter.MemoryConsumptionTracker) (types.InstantVectorOperator, error) {
 				labelName := operators.NewStringLiteral("value", posrange.PositionRange{})
-				return NewCountValues(inner, labelName, queryTimeRange, []string{"group"}, false, memoryConsumptionTracker, posrange.PositionRange{}), nil
+				return NewCountValues(
+					inner,
+					labelName,
+					queryTimeRange,
+					[]string{"group"},
+					false,
+					memoryConsumptionTracker,
+					posrange.PositionRange{},
+					validation.LegacyNamingScheme,
+				), nil
 			},
 			instant:                       true,
 			allowExpectedSeriesInAnyOrder: true,