newrelic_rpm 9.9.0 → 9.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ad2c3da566c3fda3369af14dd1d25b82a582c3db88c910474634b1b8169648fc
-  data.tar.gz: 1ebe2637f6cef4b3b3e70afb157b91516cc6bf37511f1acb1f3ec5e1caf917e5
+  metadata.gz: d3793bb498826b000ad9e00e7d57de0e95988c4ba213e341a6a8c18f90df772e
+  data.tar.gz: 6cb26b15c2faace4a7e1fd6775a3f69f965beaad10f395e0fb618cb411dbacfe
 SHA512:
-  metadata.gz: d86c1de9e30e3952b7d5dbec62845693795e6c3b0273b5f34a19a0a550e208314774d3da08246c26c8e903657c36b71b91ae170911869f3e801879e8c8ee4e05
-  data.tar.gz: bb5732481d984d24366be27b1186e35b753b7dff7613774b8f4f50749e516db6556edd93b1017e656535cf83ef306e31199e44b03d677ea8c249f472f7f30222
+  metadata.gz: acb8dd0c767f40796fa1afb9cc26c0a57a9bdd83a4cbf550589a094f5cf48da32caf1d4c0f10e154633b754086bd62aa17d393bffa37eee5a0128e72c3bd6160
+  data.tar.gz: 6ce06fe8f1506405b7696089bf366e1aa0ccd60ab0d5034b22db87ac3c4523bd9d8d4dc4a6b568515cd516cd5c64babf853cdfed4af1839fd45cbed0450994f5

data/CHANGELOG.md

@@ -1,5 +1,31 @@
 # New Relic Ruby Agent Release Notes
 
+## v9.10.0
+
+Version 9.10.0 introduces instrumentation for DynamoDB, adds a new feature to automatically apply nonces from the Rails content security policy, fixes a bug that would cause an expected error to negatively impact a transaction's Apdex, and fixes the agent's autostart logic so that by default `rails runner` and `rails db` commands will not cause the agent to start.
+
+- **Feature: Add instrumentation for DynamoDB**
+  
+    The agent has added instrumentation for the aws-sdk-dynamodb gem. The agent will now record datastore spans for DynamoDB client calls made with the aws-sdk-dynamodb gem.  [PR#2642](https://github.com/newrelic/newrelic-ruby-agent/pull/2642)
+
+- **Feature: Automatically apply nonces from the Rails content security policy**
+
+  To auto-inject browser monitoring with the New Relic Ruby agent, you either need to set your content security policy to 'unsafe-inline' or provide a nonce. Previously, the only way to provide a nonce was by using the [`NewRelic::Agent.browser_timing_header`](https://rubydoc.info/gems/newrelic_rpm/NewRelic/Agent#browser_timing_header-instance_method) API. Now, when a Rails application uses [the content security policy configuration to add a nonce](https://guides.rubyonrails.org/security.html#adding-a-nonce), the nonce will be automatically applied to the browser agent. A new configuration option, [`browser_monitoring.content_security_policy_nonce`](https://docs.newrelic.com/docs/apm/agents/ruby-agent/configuration/ruby-agent-configuration/#browser_monitoring-content_security_policy_nonce), toggles this feature. It is on by default. Thank you [@baldarn](https://github.com/baldarn) for submitting this feature! [PR#2544](https://github.com/newrelic/newrelic-ruby-agent/pull/2544)
+
+- **Bugfix: Expected errors related to HTTP status code, class, and message won't impact Apdex**
+
+  The agent is supposed to prevent observed application errors from negatively impacting Apdex if the errors are either ignored or expected. There are two ways for the agent to expect an error: via the `notice_error` API receiving an `expected: true` argument or via matches made against user-configured lists for expected HTTP status codes (`:'error_collector.expected_status_codes'`), expected error classes (`:'error_collector.expected_classes'`), or expected error messages (`:'error_collector.expected_messages'`). Previously, only errors expected via the `notice_error` API were correctly prevented from impacting Apdex. Expected errors set by configuration incorrectly impacted Apdex. This behavior has been fixed and now both types of expected errors will correctly not impact Apdex. Thanks very much to [@florianpilz](https://github.com/florianpilz) for bringing this issue to our attention. [PR#2619](https://github.com/newrelic/newrelic-ruby-agent/pull/2619)
+
+- **Bugfix: Do not start the agent automatically when `rails runner` or `rails db` commands are ran**
+
+  [PR#2239](https://github.com/newrelic/newrelic-ruby-agent/pull/2239) taught the agent how to recognize `bin/rails` based contexts that it should not automatically start up in. But `bin/rails runner` and `bin/rails db` commands would still see the agent start automatically. Those 2 contexts will now no longer see the agent start automatically. Thank you to [@jdelStrother](https://github.com/jdelStrother) for both bringing the `bin/rails` context to our attention and for letting us know about the `bin/rails runner` and `bin/rails db` outliers that still needed fixing. [PR#2623](https://github.com/newrelic/newrelic-ruby-agent/pull/2623)
+
+  Older agent versions that are still supported by New Relic can update to the new list of denylisted constants by having the following line added to the `newrelic.yml` configuration file:
+
+  ```yaml
+    autostart.denylisted_constants: "Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RakeCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole"
+  ```
+
 ## v9.9.0
 
 Version 9.9.0 introduces support for AWS Lambda serverless function observability, adds support for Elasticsearch 8.13.0, and adds the 'request.temperature' attribute to chat completion summaries in ruby-openai instrumentation.
@@ -8,6 +34,8 @@ Version 9.9.0 introduces support for AWS Lambda serverless function observabilit
 
   The Ruby agent is now capable of operating in a quick and light serverless mode suitable for observing AWS Lambda function invocations. For serverless use, the agent is delivered by a New Relic Lambda [layer](https://github.com/newrelic/newrelic-lambda-layers) that can be associated with a Lambda function. All reported data will appear in New Relic's dedicated serverless UI views. Only AWS based Lambda functions are supported for now, though support for other cloud hosted serverless offerings may be added in future depending on Ruby customer demand. The serverless functionality is only intended for use with the official New Relic Ruby layers for Lambda. Any existing workflows that involve the manual use of the Ruby agent in an AWS Lambda context without a New Relic layer should not be impacted.
 
+  For more details, see our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/).
+
 - **Feature: Add support for Elasticsearch 8.13.0**
 
   Elasticsearch 8.13.0 increased the number of arguments used in the method the agent instruments, `Elastic::Transport::Client#perform_request`. Now, the agent supports a variable number of arguments for the instrumented method to prevent future `ArgumentError`s.

data/README.md

@@ -23,6 +23,9 @@ can be found on [our docs site](http://docs.newrelic.com/docs/ruby/supported-fra
 You can also monitor non-web applications. Refer to the "Other
 Environments" section below.
 
+We offer an AWS Lambda layer for instrumenting your serverless Ruby functions.
+Details can be found on our [getting started guide](https://docs.newrelic.com/docs/serverless-function-monitoring/aws-lambda-monitoring/get-started/monitoring-aws-lambda-serverless-monitoring/).
+
 ## Installing and Using
 
 The latest released gem for the Ruby agent can be found at [RubyGems.org](https://rubygems.org/gems/newrelic_rpm)

data/Rakefile

@@ -134,5 +134,5 @@ task :console do
   require 'pry' if ENV['ENABLE_PRY']
   require 'newrelic_rpm'
   ARGV.clear
-  Pry.start
+  ENV['ENABLE_PRY'] ? Pry.start : binding.irb # rubocop:disable Lint/Debugger
 end

data/lib/bootstrap.rb

@@ -0,0 +1,105 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+# This file is designed to bootstrap a `Bundler.require`-based Ruby app (such as
+# a Ruby on Rails app) so the app can be instrumented and observed by the
+# New Relic Ruby agent without the agent being added to the app as a dependency.
+# NOTE: introducing the agent into your application via bootstrap is in beta.
+# Use at your own risk.
+#
+# Given a production-ready Ruby app that optionally has a pre-packaged "frozen"
+# or "deployment"–gem bundle, the New Relic Ruby agent can be introduced
+# to the app without modifying the app and keeping all of the app's content
+# read-only.
+#
+# Prerequisites:
+#   - Ruby (tested v2.4+)
+#   - Bundler (included with Ruby, tested v1.17+)
+#
+# Instructions:
+#   - First, make sure the New Relic Ruby agent exists on disk. For these
+#     instructions, we'll assume the agent exists at `/newrelic`.
+#     - The agent can be downloaded as the "newrelic_rpm" gem from RubyGems.org
+#       and unpacked with "gem unpack"
+#     - The agent can be cloned from the New Relic public GitHub repo:
+#       https://github.com/newrelic/newrelic-ruby-agent
+#   - Next, use the "RUBYOPT" environment variable to require ("-r") this
+#     file (note that the ".rb" extension is dropped):
+#       ```
+#       export RUBYOPT="-r /newrelic/lib/bootstrap"
+#       ```
+#    - Add your New Relic license key as an environment variable.
+#       ```
+#       export NEW_RELIC_LICENSE_KEY=1a2b3c4d5e67f8g9h0i
+#       ```
+#   - Launch an existing Ruby app as usual. For a Ruby on Rails app, this might
+#     involve running `bin/rails server`.
+#   - In the Ruby app's directory, look for and inspect
+#     `log/newrelic_agent.log`. If this file exists and there are no "WARN" or
+#     "ERROR" entries within it, then the agent was successfully introduced to
+#     the Ruby application.
+
+module NRBundlerPatch
+  NR_AGENT_GEM = 'newrelic_rpm'
+
+  def require(*_groups)
+    super
+
+    require_newrelic
+  end
+
+  def require_newrelic
+    lib = File.dirname(__FILE__)
+    $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+    Kernel.require NR_AGENT_GEM
+  end
+end
+
+class NRBundlerPatcher
+  BUNDLER = 'bundler'
+  RUBYOPT = 'RUBYOPT'
+
+  def self.patch
+    check_for_require
+    check_for_rubyopt
+    check_for_bundler
+    Bundler::Runtime.prepend(NRBundlerPatch)
+  end
+
+  private
+
+  def self.check_for_require
+    warn_and_exit "#{__FILE__} is meant to be required, not invoked directly" if $PROGRAM_NAME == __FILE__
+  end
+
+  def self.check_for_rubyopt
+    unless ENV[RUBYOPT].to_s.match?("-r #{__FILE__.rpartition('.').first}")
+      warn_and_exit "#{__FILE__} is meant to be required via the RUBYOPT env var"
+    end
+  end
+
+  def self.check_for_bundler
+    require_bundler
+
+    warn_and_exit 'Required Ruby Bundler class Bundler::Runtime not defined!' unless defined?(Bundler::Runtime)
+
+    unless Bundler::Runtime.method_defined?(:require)
+      warn_and_exit "The active Ruby Bundler instance doesn't offer Bundler::Runtime#require"
+    end
+  end
+
+  def self.require_bundler
+    require BUNDLER
+  rescue LoadError => e
+    warn_and_exit "Required Ruby library '#{BUNDLER}' could not be required - #{e}"
+  end
+
+  def self.warn_and_exit(msg)
+    warn "New Relic entrypoint at #{__FILE__} encountered an issue:\n\t#{msg}"
+
+    exit 1
+  end
+end
+
+NRBundlerPatcher.patch

data/lib/new_relic/agent/aws.rb

@@ -0,0 +1,56 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic
+  module Agent
+    module Aws
+      CHARACTERS = %w[A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 2 3 4 5 6 7].freeze
+      HEX_MASK = '7fffffffff80'
+
+      def self.create_arn(service, resource, config)
+        region = config.region
+        account_id = NewRelic::Agent::Aws.convert_access_key_to_account_id(config.credentials.access_key_id)
+
+        "arn:aws:#{service}:#{region}:#{account_id}:#{resource}"
+      rescue => e
+        NewRelic::Agent.logger.warn("Failed to create ARN: #{e}")
+      end
+
+      def self.convert_access_key_to_account_id(access_key)
+        decoded_key = Integer(decode_to_hex(access_key[4..-1]), 16)
+        mask = Integer(HEX_MASK, 16)
+        (decoded_key & mask) >> 7
+      end
+
+      def self.decode_to_hex(access_key)
+        bytes = access_key.delete('=').each_char.map { |c| CHARACTERS.index(c) }
+
+        bytes.each_slice(8).map do |section|
+          convert_section(section)
+        end.flatten[0...6].join
+      end
+
+      def self.convert_section(section)
+        buffer = 0
+        section.each do |chunk|
+          buffer = (buffer << 5) + chunk
+        end
+
+        chunk_count = (section.length * 5.0 / 8.0).floor
+
+        if section.length < 8
+          buffer >>= (5 - (chunk_count * 8)) % 5
+        end
+
+        decoded = []
+        chunk_count.times do |i|
+          shift = 8 * (chunk_count - 1 - i)
+          decoded << ((buffer >> shift) & 255).to_s(16)
+        end
+
+        decoded
+      end
+    end
+  end
+end

data/lib/new_relic/agent/configuration/default_source.rb

@@ -390,9 +390,11 @@ module NewRelic
           :description => <<~DESCRIPTION
             If `false`, LLM instrumentation (OpenAI only for now) will not capture input and output content on specific LLM events.
 
-            The excluded attributes include:
-              * `content` from LlmChatCompletionMessage events
-              * `input` from LlmEmbedding events
+              The excluded attributes include:
+                * `content` from LlmChatCompletionMessage events
+                * `input` from LlmEmbedding events
+
+              This is an optional security setting to prevent recording sensitive data sent to and received from your LLMs.
           DESCRIPTION
         },
         # this is only set via server side config
@@ -477,12 +479,9 @@ module NewRelic
           :public => true,
           :type => Boolean,
           :allowed_from_server => false,
-          :description => 'Forces the exit handler that sends all cached data to collector ' \
-            'before shutting down to be installed regardless of detecting scenarios where it generally should not be. ' \
-            'Known use-case for this option is where Sinatra is running as an embedded service within another framework ' \
-            'and the agent is detecting the Sinatra app and skipping the `at_exit` handler as a result. Sinatra classically ' \
-            'runs the entire application in an `at_exit` block and would otherwise misbehave if the agent\'s `at_exit` handler ' \
-            'was also installed in those circumstances. Note: `send_data_on_exit` should also be set to `true` in  tandem with this setting.'
+          :description => <<~DESC
+            Forces the exit handler that sends all cached data to collector before shutting down to be installed regardless of detecting scenarios where it generally should not be. Known use-case for this option is where Sinatra is running as an embedded service within another framework and the agent is detecting the Sinatra app and skipping the `at_exit` handler as a result. Sinatra classically runs the entire application in an `at_exit` block and would otherwise misbehave if the Agent's `at_exit` handler was also installed in those circumstances. Note: `send_data_on_exit` should also be set to `true` in  tandem with this setting."
+          DESC
         },
         :high_security => {
           :default => false,
@@ -780,6 +779,15 @@ module NewRelic
           :allowed_from_server => true,
           :description => 'If `true`, enables [auto-injection](/docs/browser/new-relic-browser/installation-configuration/adding-apps-new-relic-browser#select-apm-app) of the JavaScript header for page load timing (sometimes referred to as real user monitoring or RUM).'
         },
+        # CSP nonce
+        :'browser_monitoring.content_security_policy_nonce' => {
+          :default => value_of(:'rum.enabled'),
+          :documentation_default => false,
+          :public => true,
+          :type => Boolean,
+          :allowed_from_server => false,
+          :description => 'If `true`, enables auto-injection of [Content Security Policy Nonce](https://content-security-policy.com/nonce/) in browser monitoring scripts. For now, auto-injection only works with Rails 5.2+.'
+        },
         # Transaction events
         :'transaction_events.enabled' => {
           :default => true,
@@ -1069,7 +1077,9 @@ module NewRelic
             Rails::Command::GenerateCommand
             Rails::Command::InitializersCommand
             Rails::Command::NotesCommand
+            Rails::Command::RakeCommand
             Rails::Command::RoutesCommand
+            Rails::Command::RunnerCommand
             Rails::Command::SecretsCommand
             Rails::Console
             Rails::DBConsole].join(','),
@@ -1440,6 +1450,14 @@ module NewRelic
           :allowed_from_server => false,
           :description => 'Controls auto-instrumentation of bunny at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
         },
+        :'instrumentation.dynamodb' => {
+          :default => 'auto',
+          :public => true,
+          :type => String,
+          :dynamic_name => true,
+          :allowed_from_server => false,
+          :description => 'Controls auto-instrumentation of the aws-sdk-dynamodb library at start-up. May be one of `auto`, `prepend`, `chain`, `disabled`.'
+        },
         :'instrumentation.fiber' => {
           :default => 'auto',
           :public => true,
@@ -1488,7 +1506,7 @@ module NewRelic
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
-          :description => 'Controls auto-instrumentation of ethon at start up. May be one of [auto|prepend|chain|disabled]'
+          :description => 'Controls auto-instrumentation of ethon at start up. May be one of `auto`, `prepend`, `chain`, `disabled`'
         },
         :'instrumentation.excon' => {
           :default => 'enabled',
@@ -1558,7 +1576,7 @@ module NewRelic
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
-          :description => 'Controls auto-instrumentation of httpx at start up. May be one of [auto|prepend|chain|disabled]'
+          :description => 'Controls auto-instrumentation of httpx at start up. May be one of `auto`, `prepend`, `chain`, `disabled`'
         },
         :'instrumentation.logger' => {
           :default => instrumentation_value_from_boolean(:'application_logging.enabled'),
@@ -1620,7 +1638,7 @@ module NewRelic
           :type => String,
           :dynamic_name => true,
           :allowed_from_server => false,
-          :description => 'Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`.'
+          :description => 'Controls auto-instrumentation of the ruby-openai gem at start-up. May be one of: `auto`, `prepend`, `chain`, `disabled`. Defaults to `disabled` in high security mode.'
         },
         :'instrumentation.puma_rack' => {
           :default => value_of(:'instrumentation.rack'),
@@ -1963,7 +1981,11 @@ module NewRelic
           :public => true,
           :type => Integer,
           :allowed_from_server => true,
-          :description => 'Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
+          :description => <<~DESC
+            * Defines the maximum number of span events reported from a single harvest. Any Integer between `1` and `10000` is valid.'
+              * When configuring the agent for [AI monitoring](/docs/ai-monitoring/intro-to-ai-monitoring), set to max value `10000`.\
+              This ensures that the agent captures the maximum amount of distributed traces.
+          DESC
         },
         # Strip exception messages
         :'strip_exception_messages.enabled' => {

data/lib/new_relic/agent/error_collector.rb

@@ -110,6 +110,29 @@ module NewRelic
         false
       end
 
+      # Neither ignored nor expected errors impact apdex.
+      #
+      # Ignored errors are checked via `#error_is_ignored?`
+      # Expected errors are checked in 2 separate ways:
+      #   1. The presence of an `expected: true` attribute key/value pair in the
+      #      options hash, which will be set if that key/value pair was used in
+      #      the `notice_error` public API.
+      #   2. By calling `#expected?` which in turn calls `ErrorFilter#expected?`
+      #      which checks for 3 things:
+      #        - A match for user-defined HTTP status codes to expect
+      #        - A match for user-defined error classes to expect
+      #        - A match for user-defined error messages to expect
+      def error_affects_apdex?(error, options)
+        return false if error_is_ignored?(error)
+        return false if options[:expected]
+
+        !expected?(error, ::NewRelic::Agent::Tracer.state.current_transaction&.http_response_code)
+      rescue => e
+        NewRelic::Agent.logger.error("Could not determine if error '#{error}' should impact Apdex - " \
+                                     "#{e.class}: #{e.message}. Defaulting to 'true' (it should impact Apdex).")
+        true
+      end
+
       # Calling instance_variable_set on a wrapped Java object in JRuby will
       # generate a warning unless that object's class has already been marked
       # as persistent, so we skip tagging of exception objects that are actually

data/lib/new_relic/agent/instrumentation/dynamodb/chain.rb

@@ -0,0 +1,27 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module DynamoDB::Chain
+    def self.instrument!
+      ::Aws::DynamoDB::Client.class_eval do
+        include NewRelic::Agent::Instrumentation::DynamoDB
+
+        NewRelic::Agent::Instrumentation::DynamoDB::INSTRUMENTED_METHODS.each do |method_name|
+          alias_method("#{method_name}_without_new_relic".to_sym, method_name.to_sym)
+
+          define_method(method_name) do |*args|
+            instrument_method_with_new_relic(method_name, *args) { send("#{method_name}_without_new_relic".to_sym, *args) }
+          end
+        end
+
+        alias_method(:build_request_without_new_relic, :build_request)
+
+        def build_request(*args)
+          build_request_with_new_relic(*args) { build_request_without_new_relic(*args) }
+        end
+      end
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/dynamodb/instrumentation.rb

@@ -0,0 +1,58 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module DynamoDB
+    INSTRUMENTED_METHODS = %w[
+      create_table
+      delete_item
+      delete_table
+      get_item
+      put_item
+      query
+      scan
+      update_item
+    ].freeze
+
+    PRODUCT = 'DynamoDB'
+    DEFAULT_HOST = 'dynamodb.amazonaws.com'
+
+    def instrument_method_with_new_relic(method_name, *args)
+      return yield unless NewRelic::Agent::Tracer.tracing_enabled?
+
+      NewRelic::Agent.record_instrumentation_invocation(PRODUCT)
+
+      segment = NewRelic::Agent::Tracer.start_datastore_segment(
+        product: PRODUCT,
+        operation: method_name,
+        host: config&.endpoint&.host || DEFAULT_HOST,
+        port_path_or_id: config&.endpoint&.port,
+        collection: args[0][:table_name]
+      )
+
+      arn = get_arn(args[0])
+      segment&.add_agent_attribute('cloud.resource_id', arn) if arn
+
+      @nr_captured_request = nil # clear request just in case
+      begin
+        NewRelic::Agent::Tracer.capture_segment_error(segment) { yield }
+      ensure
+        segment&.add_agent_attribute('aws.operation', method_name)
+        segment&.add_agent_attribute('aws.requestId', @nr_captured_request&.context&.http_response&.headers&.[]('x-amzn-requestid'))
+        segment&.add_agent_attribute('aws.region', config&.region)
+        segment&.finish
+      end
+    end
+
+    def build_request_with_new_relic(*args)
+      @nr_captured_request = yield
+    end
+
+    def get_arn(params)
+      return unless params[:table_name]
+
+      NewRelic::Agent::Aws.create_arn(PRODUCT.downcase, "table/#{params[:table_name]}", config)
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/dynamodb/prepend.rb

@@ -0,0 +1,19 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+module NewRelic::Agent::Instrumentation
+  module DynamoDB::Prepend
+    include NewRelic::Agent::Instrumentation::DynamoDB
+
+    INSTRUMENTED_METHODS.each do |method_name|
+      define_method(method_name) do |*args|
+        instrument_method_with_new_relic(method_name, *args) { super(*args) }
+      end
+    end
+
+    def build_request(*args)
+      build_request_with_new_relic(*args) { super }
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/dynamodb.rb

@@ -0,0 +1,25 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require_relative 'dynamodb/instrumentation'
+require_relative 'dynamodb/chain'
+require_relative 'dynamodb/prepend'
+
+DependencyDetection.defer do
+  named :dynamodb
+
+  depends_on do
+    defined?(Aws::DynamoDB::Client)
+  end
+
+  executes do
+    NewRelic::Agent.logger.info('Installing DynamoDB instrumentation')
+
+    if use_prepend?
+      prepend_instrument Aws::DynamoDB::Client, NewRelic::Agent::Instrumentation::DynamoDB::Prepend
+    else
+      chain_instrument NewRelic::Agent::Instrumentation::DynamoDB::Chain
+    end
+  end
+end

data/lib/new_relic/agent/instrumentation/grpc/client/instrumentation.rb

@@ -50,7 +50,6 @@ module NewRelic
             attributes_hash.each do |attr, value|
               segment.add_agent_attribute(attr, value)
             end
-            segment.record_agent_attributes = true
           end
 
           def grpc_status_and_message_from_exception(exception)

data/lib/new_relic/agent/span_event_primitive.rb

@@ -79,17 +79,13 @@ module NewRelic
         intrinsics[SPAN_KIND_KEY] = CLIENT
         intrinsics[SERVER_ADDRESS_KEY] = segment.uri.host
         intrinsics[SERVER_PORT_KEY] = segment.uri.port
-        agent_attributes = error_attributes(segment) || {}
+        agent_attributes = {}
 
         if allowed?(HTTP_URL_KEY)
           agent_attributes[HTTP_URL_KEY] = truncate(segment.uri)
         end
 
-        if segment.respond_to?(:record_agent_attributes?) && segment.record_agent_attributes?
-          agent_attributes.merge!(agent_attributes(segment))
-        end
-
-        [intrinsics, custom_attributes(segment), agent_attributes]
+        [intrinsics, custom_attributes(segment), agent_attributes.merge(agent_attributes(segment))]
       end
 
       def for_datastore_segment(segment) # rubocop:disable Metrics/AbcSize
@@ -99,7 +95,7 @@ module NewRelic
         intrinsics[SPAN_KIND_KEY] = CLIENT
         intrinsics[CATEGORY_KEY] = DATASTORE_CATEGORY
 
-        agent_attributes = error_attributes(segment) || {}
+        agent_attributes = {}
 
         if segment.database_name && allowed?(DB_INSTANCE_KEY)
           agent_attributes[DB_INSTANCE_KEY] = truncate(segment.database_name)
@@ -123,7 +119,7 @@ module NewRelic
           agent_attributes[DB_STATEMENT_KEY] = truncate(segment.nosql_statement, 2000)
         end
 
-        [intrinsics, custom_attributes(segment), agent_attributes]
+        [intrinsics, custom_attributes(segment), agent_attributes.merge(agent_attributes(segment))]
       end
 
       private

data/lib/new_relic/agent/transaction/external_request_segment.rb

@@ -23,7 +23,6 @@ module NewRelic
         MISSING_STATUS_CODE = 'MissingHTTPStatusCode'
 
         attr_reader :library, :uri, :procedure, :http_status_code
-        attr_writer :record_agent_attributes
 
         def initialize(library, uri, procedure, start_time = nil) # :nodoc:
           @library = library
@@ -32,7 +31,6 @@ module NewRelic
           @host_header = nil
           @app_data = nil
           @http_status_code = nil
-          @record_agent_attributes = false
           super(nil, nil, start_time)
         end
 
@@ -44,14 +42,6 @@ module NewRelic
           @host_header || uri.host
         end
 
-        # By default external request segments only have errors and the http
-        # url recorded as agent attributes. To have all the agent attributes
-        # recorded, use the attr_writer like so `segment.record_agent_attributes = true`
-        # See: SpanEventPrimitive#for_external_request_segment
-        def record_agent_attributes?
-          @record_agent_attributes
-        end
-
         # This method adds New Relic request headers to a given request made to an
         # external API and checks to see if a host header is used for the request.
         # If a host header is used, it updates the segment name to match the host

data/lib/new_relic/agent/transaction.rb

@@ -816,13 +816,9 @@ module NewRelic
       end
 
       def had_error_affecting_apdex?
-        @exceptions.each do |exception, options|
-          ignored = NewRelic::Agent.instance.error_collector.error_is_ignored?(exception)
-          expected = options[:expected]
-
-          return true unless ignored || expected
+        @exceptions.each.any? do |exception, options|
+          NewRelic::Agent.instance.error_collector.error_affects_apdex?(exception, options)
         end
-        false
       end
 
       def apdex_bucket(duration, current_apdex_t)

data/lib/new_relic/agent.rb

@@ -64,6 +64,7 @@ module NewRelic
     require 'new_relic/agent/linking_metadata'
     require 'new_relic/agent/local_log_decorator'
     require 'new_relic/agent/llm'
+    require 'new_relic/agent/aws'
 
     require 'new_relic/agent/instrumentation/controller_instrumentation'
 

data/lib/new_relic/rack/browser_monitoring.rb

@@ -38,7 +38,7 @@ module NewRelic
         result = @app.call(env)
         (status, headers, response) = result
 
-        js_to_inject = NewRelic::Agent.browser_timing_header
+        js_to_inject = NewRelic::Agent.browser_timing_header(nonce(env))
         if (js_to_inject != NewRelic::EMPTY_STR) && should_instrument?(env, status, headers)
           response_string = autoinstrument_source(response, js_to_inject)
           if headers.key?(CONTENT_LENGTH)
@@ -58,6 +58,14 @@ module NewRelic
         end
       end
 
+      def nonce(env)
+        return unless NewRelic::Agent.config[:'browser_monitoring.content_security_policy_nonce']
+        return unless NewRelic::Agent.config[:framework] == :rails_notifications
+        return unless defined?(ActionDispatch::ContentSecurityPolicy::Request)
+
+        env[ActionDispatch::ContentSecurityPolicy::Request::NONCE]
+      end
+
       def should_instrument?(env, status, headers)
         NewRelic::Agent.config[:'browser_monitoring.auto_instrument'] &&
           status == 200 &&

data/lib/new_relic/version.rb

@@ -6,7 +6,7 @@
 module NewRelic
   module VERSION # :nodoc:
     MAJOR = 9
-    MINOR = 9
+    MINOR = 10
     TINY = 0
 
     STRING = "#{MAJOR}.#{MINOR}.#{TINY}"

data/lib/tasks/config.rake

@@ -20,7 +20,7 @@ namespace :newrelic do
       ATTRIBUTES => '[Attributes](/docs/features/agent-attributes) are key-value pairs containing information that determines the properties of an event or transaction. These key-value pairs can be viewed within transaction traces in APM, traced errors in APM, transaction events in dashboards, and page views in dashboards. You can customize exactly which attributes will be sent to each of these destinations',
       'transaction_tracer' => 'The [transaction traces](/docs/apm/traces/transaction-traces/transaction-traces) feature collects detailed information from a selection of transactions, including a summary of the calling sequence, a breakdown of time spent, and a list of SQL queries and their query plans (on mysql and postgresql). Available features depend on your New Relic subscription level.',
       'error_collector' => "The agent collects and reports all uncaught exceptions by default. These configuration options allow you to customize the error collection.\n\nFor information on ignored and expected errors, [see this page on Error Analytics in APM](/docs/agents/manage-apm-agents/agent-data/manage-errors-apm-collect-ignore-or-mark-expected/). To set expected errors via the `NewRelic::Agent.notice_error` Ruby method, [consult the Ruby agent API](/docs/agents/ruby-agent/api-guides/sending-handled-errors-new-relic/).",
-      'browser_monitoring' => "The browser monitoring [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
+      'browser_monitoring' => "The <InlinePopover type='browser' /> [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
       'application_logging' => "The Ruby agent supports [APM logs in context](/docs/apm/new-relic-apm/getting-started/get-started-logs-context). For some tips on configuring logs for the Ruby agent, see [Configure Ruby logs in context](/docs/logs/logs-context/configure-logs-context-ruby).\n\nAvailable logging-related config options include:",
       'analytics_events' => '[New Relic dashboards](/docs/query-your-data/explore-query-data/dashboards/introduction-new-relic-one-dashboards) is a resource to gather and visualize data about your software and what it says about your business. With it you can quickly and easily create real-time dashboards to get immediate answers about end-user experiences, clickstreams, mobile activities, and server transactions.',
       'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>"
@@ -28,7 +28,8 @@ namespace :newrelic do
 
     NAME_OVERRIDES = {
       'slow_sql' => 'Slow SQL [#slow-sql]',
-      'custom_insights_events' => 'Custom Events [#custom-events]'
+      'custom_insights_events' => 'Custom Events [#custom-events]',
+      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]'
     }
 
     desc 'Describe available New Relic configuration settings'

data/lib/tasks/helpers/config.html.erb

@@ -10,6 +10,7 @@ redirects:
   - /docs/ruby/ruby-agent-configuration
   - /docs/agents/ruby-agent/installation-and-configuration/ruby-agent-configuration
   - /docs/agents/ruby-agent/installation-configuration/ruby-agent-configuration
+freshnessValidatedDate: never
 ---
 
 <CONTRIBUTOR_NOTE>
@@ -70,12 +71,12 @@ The Ruby agent looks for the following environment variables, in this order, to
 
 If the Ruby agent doesn't detect values for any of those environment variables, it will default the application environment to `development` and read from the `development` section of the `newrelic.yml` config file.
 
-When running the Ruby agent in a Rails app, the agent first looks for the `NEW_RELIC_ENV` environment variable to determine the application environment and which section of the `newrelic.yml` to use. If `NEW_RELIC_ENV` is not present, the agent uses the Rails environment (`RAILS_ENV`).
+When running the Ruby agent in a Rails app, the agent first looks for the `NEW_RELIC_ENV` environment variable to find the application environment and which section of the `newrelic.yml` to use. If `NEW_RELIC_ENV` is not present, the agent uses the Rails environment (`RAILS_ENV`).
 
 When you edit the config file, be sure to:
 
 * Indent only with two spaces.
-* Indent only where relevant, in stanzas such as **`error_collector`**.
+* Indent only where relevant, in sections such as <DoNotTranslate>**`error_collector`**</DoNotTranslate>.
 
 If you do not indent correctly, the agent may throw an `Unable to parse configuration file` error on startup.
 

data/lib/tasks/helpers/format.rb

@@ -69,7 +69,7 @@ module Format
 
   def format_description(value)
     description = ''
-    description += '**DEPRECATED** ' if value[:deprecated]
+    description += '<DoNotTranslate>**DEPRECATED**</DoNotTranslate>' if value[:deprecated]
     description += value[:description]
     description
   end

data/newrelic.yml

@@ -114,7 +114,7 @@ common: &default_settings
   # Specify a list of constants that should prevent the agent from starting
   # automatically. Separate individual constants with a comma ,. For example,
   # "Rails::Console,UninstrumentedBackgroundJob".
-  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RoutesCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
+  # autostart.denylisted_constants: Rails::Command::ConsoleCommand,Rails::Command::CredentialsCommand,Rails::Command::Db::System::ChangeCommand,Rails::Command::DbConsoleCommand,Rails::Command::DestroyCommand,Rails::Command::DevCommand,Rails::Command::EncryptedCommand,Rails::Command::GenerateCommand,Rails::Command::InitializersCommand,Rails::Command::NotesCommand,Rails::Command::RakeCommand,Rails::Command::RoutesCommand,Rails::Command::RunnerCommand,Rails::Command::SecretsCommand,Rails::Console,Rails::DBConsole
 
   # Defines a comma-delimited list of executables that the agent should not
   # instrument. For example, "rake,my_ruby_script.rb".
@@ -144,6 +144,10 @@ common: &default_settings
   # (sometimes referred to as real user monitoring or RUM).
   # browser_monitoring.auto_instrument: true
 
+  # If true, enables auto-injection of Content Security Policy Nonce in browser
+  # monitoring scripts. For now, auto-injection only works with Rails 5.2+.
+  # browser_monitoring.content_security_policy_nonce: false
+
   # Manual override for the path to your local CA bundle. This CA bundle will be
   # used to validate the SSL certificate presented by New Relic's data collection
   # service.
@@ -415,6 +419,10 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.delayed_job: auto
 
+  # Controls auto-instrumentation of the aws-sdk-dynamodb library at start-up. May
+  # be one of [auto|prepend|chain|disabled].
+  # instrumentation.dynamodb: auto
+
   # Controls auto-instrumentation of the elasticsearch library at start-up. May be
   # one of: auto, prepend, chain, disabled.
   # instrumentation.elasticsearch: auto

data/test/agent_helper.rb

@@ -228,7 +228,9 @@ def assert_metrics_recorded(expected)
   expected.each do |specish, expected_attrs|
     expected_spec = metric_spec_from_specish(specish)
     actual_stats = NewRelic::Agent.instance.stats_engine.to_h[expected_spec]
-    if !actual_stats
+    if actual_stats
+      assert(actual_stats)
+    else
       all_specs = NewRelic::Agent.instance.stats_engine.to_h.keys.sort
       matches = all_specs.select { |spec| spec.name == expected_spec.name }
       matches.map! { |m| "  #{m.inspect}" }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: newrelic_rpm
 version: !ruby/object:Gem::Version
-  version: 9.9.0
+  version: 9.10.0
 platform: ruby
 authors:
 - Tanna McClure
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-04-17 00:00:00.000000000 Z
+date: 2024-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -243,6 +243,7 @@ files:
 - bin/nrdebug
 - init.rb
 - install.rb
+- lib/bootstrap.rb
 - lib/new_relic/agent.rb
 - lib/new_relic/agent/adaptive_sampler.rb
 - lib/new_relic/agent/agent.rb
@@ -260,6 +261,7 @@ files:
 - lib/new_relic/agent/attributes.rb
 - lib/new_relic/agent/audit_logger.rb
 - lib/new_relic/agent/autostart.rb
+- lib/new_relic/agent/aws.rb
 - lib/new_relic/agent/chained_call.rb
 - lib/new_relic/agent/commands/agent_command.rb
 - lib/new_relic/agent/commands/agent_command_router.rb
@@ -381,6 +383,10 @@ files:
 - lib/new_relic/agent/instrumentation/delayed_job/instrumentation.rb
 - lib/new_relic/agent/instrumentation/delayed_job/prepend.rb
 - lib/new_relic/agent/instrumentation/delayed_job_instrumentation.rb
+- lib/new_relic/agent/instrumentation/dynamodb.rb
+- lib/new_relic/agent/instrumentation/dynamodb/chain.rb
+- lib/new_relic/agent/instrumentation/dynamodb/instrumentation.rb
+- lib/new_relic/agent/instrumentation/dynamodb/prepend.rb
 - lib/new_relic/agent/instrumentation/elasticsearch.rb
 - lib/new_relic/agent/instrumentation/elasticsearch/chain.rb
 - lib/new_relic/agent/instrumentation/elasticsearch/instrumentation.rb
@@ -717,7 +723,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.4.10
+rubygems_version: 3.5.9
 signing_key: 
 specification_version: 4
 summary: New Relic Ruby Agent