newrelic · fallwith · Apr 12, 2024 · Apr 10, 2024 · Apr 11, 2024 · Apr 11, 2024
diff --git a/config/database.yml b/config/database.yml
@@ -52,9 +52,24 @@ def default_values
           result
         end
 
+        def self.default_settings(key)
+          ::NewRelic::Agent::Configuration::DEFAULTS[key]
+        end
+
+        def self.value_from_defaults(key, subkey)
+          default_settings(key)&.send(:[], subkey)
+        end
+
+        def self.allowlist_for(key)
+          value_from_defaults(key, :allowlist)
+        end
+
+        def self.default_for(key)
+          value_from_defaults(key, :default)
+        end
+
         def self.transform_for(key)
-          default_settings = ::NewRelic::Agent::Configuration::DEFAULTS[key]
-          default_settings[:transform] if default_settings
+          value_from_defaults(key, :transform)
         end
 
         def self.config_search_paths # rubocop:disable Metrics/AbcSize
@@ -800,6 +815,7 @@ def self.enforce_fallback(allowed_values: nil, fallback: nil)
           :public => true,
           :type => String,
           :allowed_from_server => false,
+          :allowlist => %w[debug info warn error fatal unknown],
           :description => <<~DESCRIPTION
             Sets the minimum level a log event must have to be forwarded to New Relic.
 
@@ -2263,6 +2279,7 @@ def self.enforce_fallback(allowed_values: nil, fallback: nil)
           :public => true,
           :type => Symbol,
           :allowed_from_server => false,
+          :allowlist => %i[none low medium high],
           :external => :infinite_tracing,
           :description => <<~DESC
             Configure the compression level for data sent to the trace observer.

@@ -138,7 +138,11 @@ def evaluate_procs(value)
         end
 
         def evaluate_and_apply_transformations(key, value)
-          apply_transformations(key, evaluate_procs(value))
+          evaluated = evaluate_procs(value)
+          default = enforce_allowlist(key, evaluated)
+          return default if default
+
+          apply_transformations(key, evaluated)
         end
 
         def apply_transformations(key, value)
@@ -154,8 +158,21 @@ def apply_transformations(key, value)
           end
         end
 
+        def enforce_allowlist(key, value)
+          return unless allowlist = default_source.allowlist_for(key)
+          return if allowlist.include?(value)
+
+          default = default_source.default_for(key)
+          ::NewRelic::Agent.logger.warn "Invalid value '#{value}' for #{key}, applying default value of '#{default}'"
+          default
+        end
+
         def transform_from_default(key)
-          ::NewRelic::Agent::Configuration::DefaultSource.transform_for(key)
+          default_source.transform_for(key)
+        end
+
+        def default_source
+          ::NewRelic::Agent::Configuration::DefaultSource
         end
 
         def register_callback(key, &proc)

@@ -273,6 +273,24 @@ def test_convert_to_hash_raises_error_with_wrong_data_type
       assert_raises(ArgumentError) { DefaultSource.convert_to_hash(value) }
     end
 
+    def test_allowlist_permits_valid_values
+      valid_value = 'info'
+      key = :'application_logging.forwarding.log_level'
+
+      with_config(key => valid_value) do
+        assert_equal valid_value, NewRelic::Agent.config[key]
+      end
+    end
+
+    def test_allowlist_blocks_invalid_values_and_uses_a_default
+      key = :'application_logging.forwarding.log_level'
+      default = ::NewRelic::Agent::Configuration::DefaultSource.default_for(key)
+
+      with_config(key => 'bogus') do
+        assert_equal default, NewRelic::Agent.config[key]
+      end
+    end
+
     def get_config_value_class(value)
       type = value.class