Skip to content

Prometheus exporter integration#3957

Open
cgrard wants to merge 12 commits intopglombardo:masterfrom
cgrard:prometheus-exporter
Open

Prometheus exporter integration#3957
cgrard wants to merge 12 commits intopglombardo:masterfrom
cgrard:prometheus-exporter

Conversation

@cgrard
Copy link

@cgrard cgrard commented Dec 5, 2025
edited
Loading

Description

First I'd like to thank you for this amazing app, it is really very useful and very well done.
I've been using PasswordPusher for quite a while (everyone loves it) and it is currently deployed in a Kubernetes environnement where I felt the need to improve monitoring and observability lately, so I wondered if there was some kind of /metrics exposed somehow and found out that there isn't. I haven't worked with Ruby in years, and it has never been my primary language, so I apologize in advance if the code is not of the highest quality, I did my best.

I will probably also provide a Grafana Dashboard at some point if anyone is interested as it is a pretty popular observability ecosystem.

TL;DR This PR adds comprehensive Prometheus metrics export functionality to Password Pusher, enabling monitoring, observability, and security analytics.

Features implemented:

  • Native Prometheus exporter integration using prometheus_exporter gem
  • Automatic startup via Procfile (development and production)
  • 14 custom business metrics tracking:
    • Push lifecycle (creation, views, expiration)
    • Security events (failed views, failed passphrase attempts)
    • Admin & audit (admin views, owner views)
    • File uploads (count and bytes)
    • User authentication (signup, login, logout, lockout)
  • Standard Rails metrics (HTTP requests, database, process, Puma)
  • Comprehensive documentation with PromQL examples, dashboards, and alerts

Architecture:

  • Standalone Prometheus exporter server on port 9394
  • Rails middleware and ActiveRecord callbacks for automatic metric tracking
  • Graceful shutdown handling
  • Environment-aware (disabled in test, Puma metrics only in production)

Related Issue

Neither related issue nor implementation request

Type of Change

  • 📚 Examples / docs / tutorials / dependencies update
  • 🔧 Bug fix (non-breaking change which fixes an issue)
  • 🥂 Improvement (non-breaking change which improves an existing feature)
  • 🚀 New feature (non-breaking change which adds functionality)
  • 💥 Breaking change (fix or feature that would cause existing functionality to change)
  • 🔐 Security fix

Checklist

  • I've written tests (if applicable) for all new methods and classes that I created. (rake test)
  • I've added documentation as necessary so users can easily use and understand this feature/fix.

Additional Notes

New files:

  • config/prometheus_server.rb - Prometheus exporter server with custom collectors
  • config/initializers/prometheus.rb - Client configuration and instrumentation
  • config/initializers/devise_prometheus.rb - Devise authentication event tracking
  • app/models/concerns/prometheus_metrics.rb - Reusable metrics tracking concern
  • test/prometheus_test.rb - Tests
  • PROMETHEUS.md - Setup and deployment documentation
  • METRICS.md - Complete metrics reference (600+ lines with queries, dashboards, alerts)

Not sure about the .md documentation, I think that both files should be converted into a specific chapter in the documentation and be removed from the repo, don't they?

Modified files:

  • Gemfile - Added prometheus_exporter gem
  • Procfile / Procfile.dev - Added prometheus process
  • app/models/push.rb - Added metrics tracking callbacks
  • app/models/audit_log.rb - Added view and security metrics tracking
  • app/models/user.rb - Added authentication metrics tracking
**Testing:** Tests have not been written for this PR as: - Prometheus metrics are disabled in the test environment (`Rails.env.test?`) - The feature is non-invasive and fails gracefully if the exporter is unavailable - Comprehensive manual testing has been performed in development environment - Metrics tracking uses simple ActiveRecord callbacks without complex logic

Tests could be added in a follow-up PR if desired, potentially mocking the PrometheusExporter::Client to verify correct metric tracking.

What do you think?

cgrard added 10 commits December 5, 2025 10:50
@cgrard
Add Prometheus metrics integration for monitoring and observability
ac1c35b
@cgrard
Change default subject name to a question mark for anonymous users
21cf3d5
@cgrard
Add Prometheus metrics for user authentication and push events
690cea1
@cgrard
Enhance metrics documentation with additional labels and examples for…
f2e6cd3 
… push lifecycle, security, file upload, and user authentication metrics
@cgrard
Add prometheus_exporter gem for enhanced monitoring capabilities
785b34b
@cgrard
Refactor Prometheus metrics initialization and remove unused custom c…
3c21771 
…ollector
@cgrard
Add notes on Puma stats errors in development mode to PROMETHEUS.md
431fcb4
@cgrard
Add graceful shutdown handling for Prometheus Exporter server
1754706
@cgrard
Merge branch 'master' into prometheus-exporter
9be62bc
@cgrard
Add admin and owner view metrics for audit and compliance tracking
d82be9f
@github-actions
Copy link

github-actions bot commented Dec 5, 2025

Hello @cgrard, thank you for submitting a PR! We will respond as soon as possible.

@pglombardo
Copy link
Owner

pglombardo commented Dec 5, 2025

Hi @cgrard - this is a great idea - thanks for creating! I'm familiar with Prometheus but haven't used it in a few years. I'll take a closer look very soon.

cgrard added 2 commits December 5, 2025 15:41
@cgrard
Add Prometheus metrics tests for Push, AuditLog, and User models
bdd8299
@cgrard
Fix subject_name method visibility in AuditLog model
066c09f 
The subject_name method was incorrectly placed in the private section
after adding Prometheus tracking callbacks, causing errors when the
method was called from view templates (app/views/audit_logs/_log_creation.html.erb).

Moved subject_name back to the public section to restore proper access
from views while keeping Prometheus tracking methods private.

Fixes 16 failing tests across OwnerAndAdminViewTest, QrAuditTest,
AuditLogTest, and PasswordAuditTest.
@cgrard
Copy link
Author

cgrard commented Dec 5, 2025

Hence the importance of unit tests ! It turns out I actually broke something by modifying the scope without realizing it, but it has now been fixed and all tests pass successfully on a rake test

@pglombardo
Copy link
Owner

pglombardo commented Jan 18, 2026

Hi @cgrard - just a heads up that I haven't forgotten about this PR. I want to push to merge this sometime soon. Thanks for the patience!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cgrard @pglombardo