Summary
Per-service export modes still suppress span-derived metrics, but process-event handling continues to emit target_info and traces_target_info unconditionally. Services configured with metrics disabled therefore still leak metadata into metrics outputs.
Impact
Service identifiers and labels can still be disclosed to metrics readers even when operators explicitly disable metrics for those services. The leak is limited to metadata, so low severity is appropriate.
Environment
- First identified in: 5bcef4d
- Reviewed against current
main commit: d51a98d
Evidence
pkg/appolly/services/export.go still defines per-service metric gating through CanExportMetrics().pkg/export/otel/metrics.go still creates target metrics from process events without that guard.pkg/export/prom/prom.go still does the same for Prometheus target-info metrics.
Steps to reproduce
- From the repository root on
main, run make generate so the generated eBPF types are present, then start OBI with a service configuration that disables metrics export for a target workload.
- Start an instrumented process that is discovered by OBI and allow it to emit process events.
- Scrape the Prometheus endpoint or inspect the OTEL metrics stream for
target_info or traces_target_info.
- Observe that
target_info metrics are still emitted for the service even though metrics export was disabled for it, proving the export-mode bypass.
Suggested Fix Direction
Apply per-service export-mode checks to process-event target-info and traces-target-info creation paths.
Acceptance Criteria
- Services with metrics disabled do not emit target-info metrics.
- Export-mode behavior is consistent between span-derived metrics and process-event metrics.
- Tests cover
exports: [] and traces-only service configurations.
Note
I have reviewed this issue before posting it. It was identified by OpenAI Codex, and the draft was prepared with its assistance, but it may still contain mistakes, missing context, or incorrect conclusions. Please independently validate the behavior, impact, and proposed fix before acting on it.
Summary
Per-service export modes still suppress span-derived metrics, but process-event handling continues to emit
target_infoandtraces_target_infounconditionally. Services configured with metrics disabled therefore still leak metadata into metrics outputs.Impact
Service identifiers and labels can still be disclosed to metrics readers even when operators explicitly disable metrics for those services. The leak is limited to metadata, so
lowseverity is appropriate.Environment
maincommit: d51a98dEvidence
pkg/appolly/services/export.gostill defines per-service metric gating throughCanExportMetrics().pkg/export/otel/metrics.gostill creates target metrics from process events without that guard.pkg/export/prom/prom.gostill does the same for Prometheus target-info metrics.Steps to reproduce
main, runmake generateso the generated eBPF types are present, then start OBI with a service configuration that disables metrics export for a target workload.target_infoortraces_target_info.target_infometrics are still emitted for the service even though metrics export was disabled for it, proving the export-mode bypass.Suggested Fix Direction
Apply per-service export-mode checks to process-event target-info and traces-target-info creation paths.
Acceptance Criteria
exports: []and traces-only service configurations.Note
I have reviewed this issue before posting it. It was identified by OpenAI Codex, and the draft was prepared with its assistance, but it may still contain mistakes, missing context, or incorrect conclusions. Please independently validate the behavior, impact, and proposed fix before acting on it.