Skip to content

Querier: block query by hash #8953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 30, 2023
Merged

Querier: block query by hash #8953

merged 5 commits into from
Mar 30, 2023

Conversation

dannykopping
Copy link
Contributor

@dannykopping dannykopping commented Mar 30, 2023
edited
Loading

What this PR does / why we need it:
Using the query blocker can be unergonomic since queries can be long, require escaping, or hard to copy from logs. This change enables an operator to block queries by their hash.

Which issue(s) this PR fixes:
N/A

Special notes for your reviewer:
We should probably provide a tool for creating uint32 representations of 32-bit FNV-1 hashes; all the online tools I found produce a hex value. It's not strictly necessary though since we have the query_hash in the logs, but it would be nice.

Checklist

  • Reviewed the CONTRIBUTING.md guide (required)
  • Documentation added
  • Tests updated
  • CHANGELOG.md updated
  • Changes that require user attention or interaction to upgrade are documented in docs/sources/upgrading/_index.md
@dannykopping
Querier: block query by hash
1a78c92 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
@github-actions github-actions bot added the type/docs Issues related to technical documentation; the Docs Squad uses this label across many repositories label Mar 30, 2023
@dannykopping
CHANGELOG
ff838e2 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
@dannykopping dannykopping force-pushed the dannykopping/block-by-hash branch from 291c977 to ff838e2 Compare March 30, 2023 09:35
@dannykopping dannykopping marked this pull request as ready for review March 30, 2023 09:37
@dannykopping dannykopping requested review from JStickler and a team as code owners March 30, 2023 09:37
chaudum
chaudum reviewed Mar 30, 2023
View reviewed changes
@dannykopping
Clarify runtime behaviour
3662d15 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
@chaudum
Copy link
Contributor

chaudum commented Mar 30, 2023

The query hash changes when the order of the labels in the matcher changes, right? At some point we should hash the AST of the query so that logically ident queries have the same hash.
@dannykopping
Fix CHANGELOG
eb03618 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
@dannykopping
Copy link
Contributor Author

The query hash changes when the order of the labels in the matcher changes, right? At some point we should hash the AST of the query so that logically ident queries have the same hash.

Yes, it's a hash of the query string - the contents of the string are not considered at all.
owen-d
owen-d approved these changes Mar 30, 2023
View reviewed changes
Copy link
Member

@owen-d owen-d left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️ lgtm
@dannykopping
Kick CI
7ecb0bc 
Signed-off-by: Danny Kopping <danny.kopping@grafana.com>
JStickler
JStickler approved these changes Mar 30, 2023
View reviewed changes
Copy link
Contributor

@JStickler JStickler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[docs team] LGTM.

Just one question, how would a tenant know if their query had been blocked? I'm guessing that not every user will have access to the logs, some users might run a query in the UI and have no idea why it did not complete?
@dannykopping
Copy link
Contributor Author

[docs team] LGTM.

Just one question, how would a tenant know if their query had been blocked? I'm guessing that not every user will have access to the logs, some users might run a query in the UI and have no idea why it did not complete?

They will currently get a simple error stating "query blocked by policy". They'll then likely make contact with support to ask why this is happening. We have to be a bit circumspect sometimes because a bad actor might be trying to disrupt the service, and we don't want to give away too much - but on the other hand we want to be user-friendly for the majority of folks who will see this who will not be bad actors.

Definitely a topic to discuss further, let's touch base on it tomorrow?
I'll merge this so long, and we can improve the user experience if necessary in another PR.
@dannykopping dannykopping merged commit 6bb8a07 into grafana:main Mar 30, 2023
@JStickler
Copy link
Contributor

JStickler commented Mar 30, 2023
edited
Loading

They will currently get a simple error stating "query blocked by policy".

OK, good, there's at least some indication why the query didn't run as expected. That's mainly what I was looking for.
@dannykopping dannykopping deleted the dannykopping/block-by-hash branch March 30, 2023 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
size/M type/docs Issues related to technical documentation; the Docs Squad uses this label across many repositories
4 participants
@dannykopping @chaudum @JStickler @owen-d