Merge pull request #1719 from ruby-agent/dev

Release v5.2 [ci skip]

CHANGELOG.md

@@ -1,5 +1,19 @@
 # New Relic Ruby Agent Release Notes #
 
+  ## v5.2.0 ##
+
+  * Use priority sampling for errors and custom events
+
+    Priority sampling replaces the older reservoir event sampling method.
+    With this change, the agent will maintain randomness across a given
+    time period while improving coordination among transactions, errors,
+    and custom events.
+
+  * Bugfix for wrapping datastore operations
+
+    The agent will now complete the process of wrapping datastore
+    operations even if an error occurs during execution of a callback.
+
   ## v5.1.0 ##
 
   * Rails 5.2 support

lib/new_relic/agent/agent.rb

@@ -8,7 +8,6 @@
 require 'logger'
 require 'zlib'
 require 'stringio'
-require 'new_relic/agent/sampled_buffer'
 require 'new_relic/agent/autostart'
 require 'new_relic/agent/harvester'
 require 'new_relic/agent/hostname'
@@ -21,7 +20,6 @@
 require 'new_relic/agent/cross_app_monitor'
 require 'new_relic/agent/distributed_trace_monitor'
 require 'new_relic/agent/synthetics_monitor'
-require 'new_relic/agent/synthetics_event_buffer'
 require 'new_relic/agent/transaction_event_recorder'
 require 'new_relic/agent/custom_event_aggregator'
 require 'new_relic/agent/sampler_collection'
@@ -183,7 +181,8 @@ def after_fork(options={})
           return if !needs_restart ||
             !Agent.config[:agent_enabled] ||
             !Agent.config[:monitor_mode] ||
-            disconnected?
+            disconnected? ||
+            !control.security_settings_valid?
 
           ::NewRelic::Agent.logger.debug "Starting the worker thread in #{Process.pid} (parent #{Process.ppid}) after forking."
 
@@ -844,20 +843,35 @@ def finish_setup(config_data)
 
             @service.agent_id = config_data['agent_run_id']
 
+            security_policies = config_data.delete('security_policies')
+
+            add_server_side_config(config_data)
+            add_security_policy_config(security_policies) if security_policies
+
+            log_connection!(config_data)
+            @transaction_rules = RulesEngine.create_transaction_rules(config_data)
+            @stats_engine.metric_rules = RulesEngine.create_metric_rules(config_data)
+
+            # If you're adding something else here to respond to the server-side config,
+            # use Agent.instance.events.subscribe(:finished_configuring) callback instead!
+          end
+
+          def add_server_side_config(config_data)
             if config_data['agent_config']
               ::NewRelic::Agent.logger.debug "Using config from server"
             end
 
             ::NewRelic::Agent.logger.debug "Server provided config: #{config_data.inspect}"
             server_config = NewRelic::Agent::Configuration::ServerSource.new(config_data, Agent.config)
             Agent.config.replace_or_add_config(server_config)
-            log_connection!(config_data)
-
-            @transaction_rules = RulesEngine.create_transaction_rules(config_data)
-            @stats_engine.metric_rules = RulesEngine.create_metric_rules(config_data)
+          end
 
-            # If you're adding something else here to respond to the server-side config,
-            # use Agent.instance.events.subscribe(:finished_configuring) callback instead!
+          def add_security_policy_config(security_policies)
+            ::NewRelic::Agent.logger.info 'Installing security policies'
+            security_policy_source = NewRelic::Agent::Configuration::SecurityPolicySource.new(security_policies)
+            Agent.config.replace_or_add_config(security_policy_source)
+            # drop data collected before applying security policies
+            drop_buffered_data
           end
 
           class WaitOnConnectTimeout < StandardError

lib/new_relic/agent/configuration/default_source.rb

@@ -313,6 +313,13 @@ def self.convert_to_constant_list(raw_value)
           :allowed_from_server => false,
           :description => 'If <code>true</code>, enables <a href="https://docs.newrelic.com/docs/accounts-partnerships/accounts/security/high-security">high security mode</a>. Ensure you understand the implications of high security mode before enabling this setting.'
         },
+        :security_policies_token => {
+          :default => '',
+          :public => true,
+          :type => String,
+          :allowed_from_server => false,
+          :description => 'Applies Language Agent Security Policy settings.'
+        },
         :proxy_host => {
           :default => nil,
           :allow_nil => true,

lib/new_relic/agent/configuration/manager.rb

@@ -9,6 +9,7 @@
 require 'new_relic/agent/configuration/server_source'
 require 'new_relic/agent/configuration/environment_source'
 require 'new_relic/agent/configuration/high_security_source'
+require 'new_relic/agent/configuration/security_policy_source'
 
 module NewRelic
   module Agent
@@ -44,25 +45,27 @@ def add_config_for_testing(source, level=0)
 
         def remove_config_type(sym)
           source = case sym
-          when :high_security then @high_security_source
-          when :environment   then @environment_source
-          when :server        then @server_source
-          when :manual        then @manual_source
-          when :yaml          then @yaml_source
-          when :default       then @default_source
+          when :security_policy then @security_policy_source
+          when :high_security   then @high_security_source
+          when :environment     then @environment_source
+          when :server          then @server_source
+          when :manual          then @manual_source
+          when :yaml            then @yaml_source
+          when :default         then @default_source
           end
 
           remove_config(source)
         end
 
         def remove_config(source)
           case source
-          when HighSecuritySource then @high_security_source = nil
-          when EnvironmentSource  then @environment_source   = nil
-          when ServerSource       then @server_source        = nil
-          when ManualSource       then @manual_source        = nil
-          when YamlSource         then @yaml_source          = nil
-          when DefaultSource      then @default_source       = nil
+          when SecurityPolicySource then @security_policy_source = nil
+          when HighSecuritySource   then @high_security_source   = nil
+          when EnvironmentSource    then @environment_source     = nil
+          when ServerSource         then @server_source          = nil
+          when ManualSource         then @manual_source          = nil
+          when YamlSource           then @yaml_source            = nil
+          when DefaultSource        then @default_source         = nil
           else
             @configs_for_testing.delete_if {|src,lvl| src == source}
           end
@@ -78,12 +81,13 @@ def replace_or_add_config(source)
 
           invoke_callbacks(:add, source)
           case source
-          when HighSecuritySource then @high_security_source = source
-          when EnvironmentSource  then @environment_source   = source
-          when ServerSource       then @server_source        = source
-          when ManualSource       then @manual_source        = source
-          when YamlSource         then @yaml_source          = source
-          when DefaultSource      then @default_source       = source
+          when SecurityPolicySource then @security_policy_source = source
+          when HighSecuritySource   then @high_security_source   = source
+          when EnvironmentSource    then @environment_source     = source
+          when ServerSource         then @server_source          = source
+          when ManualSource         then @manual_source          = source
+          when YamlSource           then @yaml_source            = source
+          when DefaultSource        then @default_source         = source
           else
             NewRelic::Agent.logger.warn("Invalid config format; config will be ignored: #{source}")
           end
@@ -323,14 +327,15 @@ def parse_labels_from_dictionary
 
         # Generally only useful during initial construction and tests
         def reset_to_defaults
-          @high_security_source = nil
-          @environment_source   = EnvironmentSource.new
-          @server_source        = nil
-          @manual_source        = nil
-          @yaml_source          = nil
-          @default_source       = DefaultSource.new
+          @security_policy_source = nil
+          @high_security_source   = nil
+          @environment_source     = EnvironmentSource.new
+          @server_source          = nil
+          @manual_source          = nil
+          @yaml_source            = nil
+          @default_source         = DefaultSource.new
 
-          @configs_for_testing  = []
+          @configs_for_testing    = []
 
           reset_cache
         end
@@ -350,13 +355,14 @@ def log_config(direction, source)
         end
 
         def delete_all_configs_for_testing
-          @high_security_source = nil
-          @environment_source   = nil
-          @server_source        = nil
-          @manual_source        = nil
-          @yaml_source          = nil
-          @default_source       = nil
-          @configs_for_testing  = []
+          @security_policy_source = nil
+          @high_security_source   = nil
+          @environment_source     = nil
+          @server_source          = nil
+          @manual_source          = nil
+          @yaml_source            = nil
+          @default_source         = nil
+          @configs_for_testing    = []
         end
 
         def num_configs_for_testing
@@ -370,7 +376,8 @@ def config_classes_for_testing
         private
 
         def config_stack
-          stack = [@high_security_source,
+          stack = [@security_policy_source,
+                   @high_security_source,
                    @environment_source,
                    @server_source,
                    @manual_source,