newrelic_rpm 9.11.0 → 9.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc36449c6f2ea3322f353181809c05d3e84e28f85fb15544c82e088946384046
-  data.tar.gz: f8fa907597f05f47c5dbe9c38a005cb1d09f971183aa7075664e6ade029186fc
+  metadata.gz: 3c551a88ec42cceb53ade85126fe41272598c367b11d70e5167d374556b6fe8d
+  data.tar.gz: 912ff4f8d33e2ba318b4ec74fa8a3e0680c21fda3521a2382658855219ec81d6
 SHA512:
-  metadata.gz: 622cdf275eb70aa1f57e027f2e73559855c17c4351741c80ec0db8ae45b773f2d7aa2831ae562e228b24a71a0532ae93dced167be3ecfdd3561886224d212070
-  data.tar.gz: a68a148e494bfc0e5f9da3c369eb56f7170664e78ffd12cc178e77b7361da39edefbc967b5c71c2905b993b5d4075b2189abc3ec7692081d6b4dd422149902f3
+  metadata.gz: 61472afe9cf52eea1a86e4394b613666372c6a0086ea1173c28d8341ff417cf980feb6fd7a25f23ec2e78bb02cc4a32efeb5102f1f42175300d0a0f8ba7eea1b
+  data.tar.gz: e3de1701d6f580a18ceb05c1607d3eada9081012e6bc8edec503b2e945d7128312224c63604dd40debb8554fcc13621a731251f4e349dbcdef909cf09c60c867

data/CHANGELOG.md

@@ -1,5 +1,79 @@
 # New Relic Ruby Agent Release Notes
 
+## v9.12.0
+
+Version 9.12.0 adds support for the `newrelic_security` agent, introduces instrumentation for the LogStasher gem, improves instrumentation for the `redis-clustering` gem, and updates the Elasticsearch instrumentation to only attempt to get the cluster name once per client, even if it fails.
+
+- **Feature: Add support for the newrelic_security agent**
+
+  [New Relic Interactive Application Security Testing (IAST)](https://docs.newrelic.com/docs/iast/introduction/) can help you prevent cyberattacks and breaches on your applications by probing your running code for exploitable vulnerabilities.
+
+  The `newrelic_security` gem provides this feature for Ruby. It depends on `newrelic_rpm`. This is the first version of `newrelic_rpm` compatible with `newrelic_security`.
+
+  At this time, the security agent is intended for use only within a dedicated security testing environment with data that can tolerate modification or deletion. The security agent is available as a separate Ruby gem, `newrelic_security`. It is recommended that this separate gem only be introduced to a security testing environment by leveraging Bundler grouping like so:
+
+  ```ruby
+    # Gemfile
+    gem 'newrelic_rpm'               # New Relic APM observability agent
+    gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
+
+    group :security do
+      gem 'newrelic_security', require: false        # New Relic security agent
+    end
+  ```
+
+  In order to run the security agent, you need to update your configuration. At a minimum, `security.agent.enabled` and `security.enabled` must be set to `true`. They are `false` by default. Similar to the gem installation, we recommend you set these configurations for a special security testing environment only.
+
+  Here's an example using `newrelic.yml`:
+
+  ```yaml
+    common: &default_settings
+      license_key: <%= ENV['NEW_RELIC_LICENSE_KEY'] %>
+      app_name: "Example app"
+
+    development:
+      <<: *default_settings
+      app_name: <%= app_name %> (Development)
+
+    security:
+      <<: *default_settings
+      security.enabled: true
+      security.agent.enabled: true
+
+    production:
+      <<: *default_settings
+  ```
+
+  The following configuration relate to the `newrelic_security` gem:
+
+  | Configuration name | Default | Behavior |
+  | ------------------ | ------- |----------|
+  | security.agent.enabled | `false` | If `true`, the security agent is loaded (a Ruby 'require' is performed) |
+  | security.enabled | `false` |  If `true`, the security agent is started (the agent runs in its event loop) |
+  | security.mode | `'IAST'` | Defines the mode for the security agent to operate in. Currently only 'IAST' is supported |
+  | security.validator_service_url | `'wss://csec.nr-data.net'` | Defines the endpoint URL for posting security related data |
+  | security.detection.rci.enabled | `true` | If `true`, enables RCI (remote code injection) detection |
+  | security.detection.rxss.enabled | `true` | If `true`, enables RXSS (reflected cross-site scripting) detection |
+  | security.detection.deserialization.enabled | `true` |  If `true`, enables deserialization detection |
+  | security.application_info.port | `nil` | An Integer representing the port the application is listening on. This setting is mandatory for Passenger servers. Other servers should be detected by default. |
+
+- **Feature: Add instrumentation for LogStasher**
+
+  The agent will now record logs generated by [LogStasher](https://github.com/shadabahmed/logstasher). Versions 1.0.0 and above of the LogStasher gem are supported. [PR#2559](https://github.com/newrelic/newrelic-ruby-agent/pull/2559)
+
+- **Feature: Add instrumentation for redis-clustering**
+
+  Version 5.x of the `redis` gem moved cluster behavior into a different gem, `redis-clustering`. This gem can access instrumentation registered through `RedisClient::Middleware`. Previously, the agent only instrumented the `call_pipelined` method through this approach, but now users of the `redis-clustering` gem will also have instrumentation registered for `connect` and `call` methods. In addition, the way the `database_name` attribute is set for Redis datastore spans is now compatible with all versions of Redis supported by the New Relic Ruby agent. Thank you, [@praveen-ks](https://github.com/praveen-ks) for bringing this to our attention. [Issue#2444](https://github.com/newrelic/newrelic-ruby-agent/issues/2444) [PR#2720](https://github.com/newrelic/newrelic-ruby-agent/pull/2720)
+
+- **Bugfix: Update Elasticsearch instrumentation to only attempt to get the cluster name once per client**
+
+  Previously, the agent would attempt to get the cluster name every time a call was made if it was not already captured. This could lead to a large number of failures if the cluster name could not be retrieved. Now, the agent will only attempt to get the cluster name once per client, even if it fails. Thank you, [@ascoppa](https://github.com/ascoppa) for bringing this to our attention. [Issue#2730](https://github.com/newrelic/newrelic-ruby-agent/issues/2730) [PR#2743](https://github.com/newrelic/newrelic-ruby-agent/pull/2743)
+
+- **Feature: Produce metrics for 4 additional Action Controller Rails notifications**
+
+  Four additional Action Controller related Rails notifications are now subscribed to by the agent to produce telemetry. These 4 are `exist_fragment?`, `expire_fragment`, `read_fragment`, and `write_fragment`. As with instrumentation for Action Controller itself, these notifications are enabled by default and can be disabled by setting `:disable_action_controller` to `true` in the agent's `newrelic.yml` configuration file. [PR#2745](https://github.com/newrelic/newrelic-ruby-agent/pull/2745)
+
+
 ## v9.11.0
 
 Version 9.11.0 introduces instrumentation for the aws-sdk-sqs gem, fixes a bug related to expected errors not bearing a "true" value for the "expected" attribute if expected as a result of an HTTP status code match and changes the way Stripe instrumentation metrics are named to prevent high-cardinality issues.

data/README.md

@@ -24,7 +24,7 @@ You can also monitor non-web applications. Refer to the "Other
 Environments" section below.
 
 We offer an AWS Lambda layer for instrumenting your serverless Ruby functions.
-Details can be found on our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/).
+Details can be found on our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/instrument-lambda-function/instrument-your-own/).
 
 ## Installing and Using
 

data/lib/new_relic/agent/agent_logger.rb

@@ -4,6 +4,7 @@
 
 require 'thread'
 require 'logger'
+require 'singleton'
 require 'new_relic/agent/hostname'
 require 'new_relic/agent/log_once'
 require 'new_relic/agent/instrumentation/logger/instrumentation'

data/lib/new_relic/agent/configuration/default_source.rb

@@ -72,7 +72,7 @@ module NewRelic
           value_from_defaults(key, :transform)
         end
 
-        def self.config_search_paths # rubocop:disable Metrics/AbcSize
+        def self.config_search_paths
           proc {
             yaml = 'newrelic.yml'
             config_yaml = File.join('config', yaml)
@@ -1112,7 +1112,7 @@ module NewRelic
           :public => true,
           :type => Boolean,
           :allowed_from_server => true,
-          :description => "If `true`, the agent will report source code level metrics for traced methods.\nsee: " \
+          :description => "If `true`, the agent will report source code level metrics for traced methods.\nSee: " \
                           'https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/'
         },
         # Cross application tracer
@@ -1150,7 +1150,7 @@ module NewRelic
           :allowed_from_server => true,
           :dynamic_name => true,
           :description => <<~DESC
-            * Specify a maximum number of custom events to buffer in memory at a time.'
+            * Specify a maximum number of custom events to buffer in memory at a time.
             * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), \
             set to max value `100000`. This ensures the agent captures the maximum amount of LLM events.
           DESC
@@ -1444,6 +1444,7 @@ module NewRelic
         },
         :'instrumentation.async_http' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1452,6 +1453,7 @@ module NewRelic
         },
         :'instrumentation.bunny' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1468,6 +1470,7 @@ module NewRelic
         },
         :'instrumentation.dynamodb' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1476,6 +1479,7 @@ module NewRelic
         },
         :'instrumentation.fiber' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1484,6 +1488,7 @@ module NewRelic
         },
         :'instrumentation.concurrent_ruby' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1510,6 +1515,7 @@ module NewRelic
         },
         :'instrumentation.elasticsearch' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1518,6 +1524,7 @@ module NewRelic
         },
         :'instrumentation.ethon' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1535,6 +1542,7 @@ module NewRelic
         },
         :'instrumentation.grape' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1603,8 +1611,18 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'Controls auto-instrumentation of Ruby standard library Logger at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },
+        :'instrumentation.logstasher' => {
+          :default => instrumentation_value_from_boolean(:'application_logging.enabled'),
+          :documentation_default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the LogStasher library at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
+        },
         :'instrumentation.memcache' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1698,6 +1716,7 @@ module NewRelic
         },
         :'instrumentation.rake' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1706,6 +1725,7 @@ module NewRelic
         },
         :'instrumentation.redis' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1723,6 +1743,7 @@ module NewRelic
         },
         :'instrumentation.roda' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1731,6 +1752,7 @@ module NewRelic
         },
         :'instrumentation.sinatra' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1746,6 +1768,7 @@ module NewRelic
         },
         :'instrumentation.view_component' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1782,6 +1805,7 @@ module NewRelic
         },
         :'instrumentation.thread' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -1804,6 +1828,7 @@ module NewRelic
         },
         :'instrumentation.tilt' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,
@@ -2514,6 +2539,84 @@ module NewRelic
           :type => Integer,
           :allowed_from_server => false,
           :description => 'This value represents the total amount of memory available to the host (not the process), in mebibytes (1024 squared or 1,048,576 bytes).'
+        },
+        # security agent
+        :'security.agent.enabled' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => "If `true`, the security agent is loaded (a Ruby 'require' is performed)"
+        },
+        :'security.enabled' => {
+          :default => false,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, the security agent is started (the agent runs in its event loop)'
+        },
+        :'security.mode' => {
+          :default => 'IAST',
+          :external => true,
+          :public => true,
+          :type => String,
+          :allowed_from_server => true,
+          :allowlist => %w[IAST RASP],
+          :description => 'Defines the mode for the security agent to operate in. Currently only `IAST` is supported',
+          :dynamic_name => true
+        },
+        :'security.validator_service_url' => {
+          :default => 'wss://csec.nr-data.net',
+          :external => true,
+          :public => true,
+          :type => String,
+          :allowed_from_server => true,
+          :description => 'Defines the endpoint URL for posting security-related data',
+          :dynamic_name => true
+        },
+        :'security.detection.rci.enabled' => {
+          :default => true,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables RCI (remote code injection) detection'
+        },
+        :'security.detection.rxss.enabled' => {
+          :default => true,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables RXSS (reflected cross-site scripting) detection'
+        },
+        :'security.detection.deserialization.enabled' => {
+          :default => true,
+          :external => true,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables deserialization detection'
+        },
+        :'security.application_info.port' => {
+          :default => nil,
+          :allow_nil => true,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => false,
+          :description => 'The port the application is listening on. This setting is mandatory for Passenger servers. Other servers should be detected by default.'
+        },
+        :'security.request.body_limit' => {
+          :default => 300,
+          :allow_nil => true,
+          :public => true,
+          :type => Integer,
+          :external => true,
+          :allowed_from_server => false,
+          :description => 'Defines the request body limit to process in security events (in KB). The default value is 300, for 300KB.'
         }
       }.freeze
       # rubocop:enable Metrics/CollectionLiteralLength

data/lib/new_relic/agent/database/obfuscator.rb

@@ -2,6 +2,7 @@
 # See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
 # frozen_string_literal: true
 
+require 'singleton'
 require 'new_relic/agent/database/obfuscation_helpers'
 
 module NewRelic

data/lib/new_relic/agent/instrumentation/bunny/instrumentation.rb

@@ -48,6 +48,12 @@ module NewRelic
                 correlation_id: opts[:correlation_id],
                 exchange_type: type
               )
+              if segment
+                segment.add_agent_attribute('server.address', channel&.connection&.hostname)
+                segment.add_agent_attribute('server.port', channel&.connection&.port)
+                segment.add_agent_attribute('messaging.destination.name', destination) # for produce, this is exchange name
+                segment.add_agent_attribute('messaging.rabbitmq.destination.routing_key', opts[:routing_key])
+              end
             rescue => e
               NewRelic::Agent.logger.error('Error starting message broker segment in Bunny::Exchange#publish', e)
               yield
@@ -94,6 +100,14 @@ module NewRelic
                 queue_name: name,
                 start_time: t0
               )
+              if segment
+                segment.add_agent_attribute('server.address', channel&.connection&.hostname)
+                segment.add_agent_attribute('server.port', channel&.connection&.port)
+                segment.add_agent_attribute('messaging.destination.name', name) # for consume, this is queue name
+                segment.add_agent_attribute('messaging.destination_publish.name', exch_name)
+                segment.add_agent_attribute('message.queueName', name)
+                segment.add_agent_attribute('messaging.rabbitmq.destination.routing_key', delivery_info&.routing_key)
+              end
             rescue => e
               NewRelic::Agent.logger.error('Error starting message broker segment in Bunny::Queue#pop', e)
             else

data/lib/new_relic/agent/instrumentation/elasticsearch/instrumentation.rb

@@ -102,7 +102,7 @@ module NewRelic::Agent::Instrumentation
     end
 
     def nr_cluster_name
-      return @nr_cluster_name if @nr_cluster_name
+      return @nr_cluster_name if defined?(@nr_cluster_name)
       return if nr_hosts.empty?
 
       NewRelic::Agent.disable_all_tracing do

data/lib/new_relic/agent/instrumentation/logstasher/chain.rb

@@ -0,0 +1,21 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module LogStasher::Chain
+    def self.instrument!
+      ::LogStasher.singleton_class.class_eval do
+        include NewRelic::Agent::Instrumentation::LogStasher
+
+        alias_method(:build_logstash_event_without_new_relic, :build_logstash_event)
+
+        def build_logstash_event(*args)
+          build_logstash_event_with_new_relic(*args) do
+            build_logstash_event_without_new_relic(*args)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/logstasher/instrumentation.rb

@@ -0,0 +1,24 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module LogStasher
+    INSTRUMENTATION_NAME = NewRelic::Agent.base_name(name)
+
+    def self.enabled?
+      NewRelic::Agent.config[:'instrumentation.logstasher'] != 'disabled'
+    end
+
+    def build_logstash_event_with_new_relic(*args)
+      logstasher_event = yield
+      log = logstasher_event.instance_variable_get(:@data)
+
+      ::NewRelic::Agent.record_instrumentation_invocation(INSTRUMENTATION_NAME)
+      ::NewRelic::Agent.agent.log_event_aggregator.record_logstasher_event(log)
+      ::NewRelic::Agent::LocalLogDecorator.decorate(log)
+
+      logstasher_event
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/logstasher/prepend.rb

@@ -0,0 +1,13 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module LogStasher::Prepend
+    include NewRelic::Agent::Instrumentation::LogStasher
+
+    def build_logstash_event(*args)
+      build_logstash_event_with_new_relic(*args) { super }
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/logstasher.rb

@@ -0,0 +1,27 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require_relative 'logstasher/instrumentation'
+require_relative 'logstasher/chain'
+require_relative 'logstasher/prepend'
+
+DependencyDetection.defer do
+  named :logstasher
+
+  depends_on do
+    defined?(LogStasher) &&
+      Gem::Version.new(LogStasher::VERSION) >= Gem::Version.new('1.0.0') &&
+      NewRelic::Agent.config[:'application_logging.enabled']
+  end
+
+  executes do
+    NewRelic::Agent.logger.info('Installing LogStasher instrumentation')
+
+    if use_prepend?
+      prepend_instrument LogStasher.singleton_class, NewRelic::Agent::Instrumentation::LogStasher::Prepend
+    else
+      chain_instrument NewRelic::Agent::Instrumentation::LogStasher::Chain
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/rack/instrumentation.rb

@@ -13,6 +13,7 @@ module NewRelic
             attr_accessor :_nr_deferred_detection_ran
           end
           builder_class._nr_deferred_detection_ran = false
+          NewRelic::Control::SecurityInterface.instance.wait = true
         end
 
         def deferred_dependency_check
@@ -21,6 +22,8 @@ module NewRelic
           NewRelic::Agent.logger.info('Doing deferred dependency-detection before Rack startup')
           DependencyDetection.detect!
           self.class._nr_deferred_detection_ran = true
+          NewRelic::Control::SecurityInterface.instance.wait = false
+          NewRelic::Control::SecurityInterface.instance.init_agent
         end
 
         def check_for_late_instrumentation(app)

data/lib/new_relic/agent/instrumentation/rails_notifications/action_controller.rb

@@ -32,15 +32,19 @@ DependencyDetection.defer do
     NewRelic::Agent::Instrumentation::ActionControllerSubscriber \
       .subscribe(/^process_action.action_controller$/)
 
-    subs = %w[send_file
+    subs = %w[exist_fragment?
+      expire_fragment
+      halted_callback
+      read_fragment
+      redirect_to
       send_data
+      send_file
       send_stream
-      redirect_to
-      halted_callback
-      unpermitted_parameters]
+      write_fragment
+      unpermitted_parameters].map { |s| Regexp.escape(s) }
 
     # have to double escape period because its going from string -> regex
     NewRelic::Agent::Instrumentation::ActionControllerOtherSubscriber \
-      .subscribe(Regexp.new("^(#{subs.join('|')})\\.action_controller$"))
+      .subscribe(Regexp.new("^(?:#{subs.join('|')})\\.action_controller$"))
   end
 end

data/lib/new_relic/agent/instrumentation/redis/cluster_middleware.rb

@@ -0,0 +1,26 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module RedisClient
+    module ClusterMiddleware
+      include NewRelic::Agent::Instrumentation::Redis
+
+      # Until we decide to move our Redis instrumentation entirely off patches
+      # keep the middleware instrumentation for the call and connect methods
+      # limited to the redis-clustering instrumentation.
+      #
+      # Redis's middleware option does not capture errors as high in the stack
+      # as our patches. Leaving the patches for call and connect on the main
+      # Redis gem limits the feature disparity our customers experience.
+      def call(*args, &block)
+        call_with_tracing(args[0]) { super }
+      end
+
+      def connect(*args, &block)
+        connect_with_tracing { super }
+      end
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/redis/instrumentation.rb

@@ -9,14 +9,14 @@ module NewRelic::Agent::Instrumentation
     INSTRUMENTATION_NAME = NewRelic::Agent.base_name(name)
 
     def connect_with_tracing
-      with_tracing(Constants::CONNECT, database: db) { yield }
+      with_tracing(Constants::CONNECT, database: _nr_db) { yield }
     end
 
     def call_with_tracing(command, &block)
       operation = command[0]
       statement = ::NewRelic::Agent::Datastores::Redis.format_command(command)
 
-      with_tracing(operation, statement: statement, database: db) { yield }
+      with_tracing(operation, statement: statement, database: _nr_db) { yield }
     end
 
     # Used for Redis 4.x and 3.x
@@ -24,22 +24,15 @@ module NewRelic::Agent::Instrumentation
       operation = pipeline.is_a?(::Redis::Pipeline::Multi) ? Constants::MULTI_OPERATION : Constants::PIPELINE_OPERATION
       statement = ::NewRelic::Agent::Datastores::Redis.format_pipeline_commands(pipeline.commands)
 
-      with_tracing(operation, statement: statement, database: db) { yield }
+      with_tracing(operation, statement: statement, database: _nr_db) { yield }
     end
 
     # Used for Redis 5.x+
     def call_pipelined_with_tracing(pipeline)
-      db = begin
-        _nr_redis_client_config.db
-      rescue StandardError => e
-        NewRelic::Agent.logger.error("Failed to determine configured Redis db value: #{e.class} - #{e.message}")
-        nil
-      end
-
       operation = pipeline.flatten.include?('MULTI') ? Constants::MULTI_OPERATION : Constants::PIPELINE_OPERATION
       statement = ::NewRelic::Agent::Datastores::Redis.format_pipeline_commands(pipeline)
 
-      with_tracing(operation, statement: statement, database: db) { yield }
+      with_tracing(operation, statement: statement, database: _nr_db) { yield }
     end
 
     private
@@ -94,5 +87,15 @@ module NewRelic::Agent::Instrumentation
         config
       end
     end
+
+    def _nr_db
+      # db is a method on the Redis client in versions < 5.x
+      return db if respond_to?(:db)
+      # db is accessible through the RedisClient::Config object in versions > 5.x
+      return _nr_redis_client_config.db if _nr_redis_client_config.respond_to?(:db)
+    rescue StandardError => e
+      NewRelic::Agent.logger.debug("Failed to determine configured Redis db value: #{e.class} - #{e.message}")
+      nil
+    end
   end
 end

data/lib/new_relic/agent/instrumentation/redis/middleware.rb

@@ -6,6 +6,9 @@ module NewRelic::Agent::Instrumentation
   module RedisClient
     module Middleware
       # This module is used to instrument Redis 5.x+
+      #
+      # It only instruments call_pipelined because connect and call are accessed
+      # too late in the stack to capture all errors
       include NewRelic::Agent::Instrumentation::Redis
 
       def call_pipelined(*args, &block)

data/lib/new_relic/agent/instrumentation/redis.rb

@@ -10,6 +10,7 @@ require_relative 'redis/chain'
 require_relative 'redis/constants'
 require_relative 'redis/prepend'
 require_relative 'redis/middleware'
+require_relative 'redis/cluster_middleware'
 
 DependencyDetection.defer do
   # Why not :redis? newrelic-redis used that name, so avoid conflicting
@@ -33,6 +34,10 @@ DependencyDetection.defer do
     NewRelic::Agent.logger.info('Installing Redis Instrumentation')
     if NewRelic::Agent::Instrumentation::Redis::Constants::HAS_REDIS_CLIENT
       RedisClient.register(NewRelic::Agent::Instrumentation::RedisClient::Middleware)
+
+      if defined?(Redis::Cluster::Client)
+        return RedisClient.register(NewRelic::Agent::Instrumentation::RedisClient::ClusterMiddleware)
+      end
     end
 
     if use_prepend?