[SDBM-2635] postgres: include dbms=postgresql in SQL obfuscation options (DataDog#23926)

jasonmp85 · claude · web-flow · commit 9311b89817a7 · 2026-06-04T21:11:31.000Z
* [SDBM-2635] postgres: include dbms=postgresql in SQL obfuscation options

Both statement_samples.py and statements.py construct an obfuscate_options dict
from ObfuscatorOptions.model_dump() and patch in key renames (table_names,
dollar_quoted_func, return_json_metadata). The dbms field was never included,
so the Go obfuscator received DBMS="" instead of "postgresql".

While no PostgreSQL-specific tokenizer branches exist today, explicitly setting
dbms ensures parity with dbm-logs-processor and protects against future
PostgreSQL-specific lexer paths being added in go-sqllexer.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;

* [SDBM-2635] postgres: add changelog entry for dbms obfuscation option fix

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;

* [SDBM-2635] postgres: test that obfuscate_sql receives dbms=postgresql option

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;

* [SDBM-2635] postgres: strengthen obfuscation options test and fix changelog

- Assert directly on _obfuscate_options attributes of both classes to
  unconditionally cover both code paths regardless of DB query activity
- Also assert return_json_metadata=True alongside dbms=postgresql
- Fix changelog entry missing trailing period

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;

* [SDBM-2635] postgres: fix line length in test_obfuscate_sql_options

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;

---------

Co-authored-by: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/postgres/changelog.d/23926.fixed b/postgres/changelog.d/23926.fixed
@@ -0,0 +1 @@
+Set dbms=postgresql in obfuscation options to align query_signature with dbm-logs-processor.
diff --git a/postgres/datadog_checks/postgres/statement_samples.py b/postgres/datadog_checks/postgres/statement_samples.py
@@ -176,6 +176,7 @@ def __init__(self, check: PostgreSql, config: InstanceConfig):
         obfuscate_options['table_names'] = self._config.obfuscator_options.collect_tables
         obfuscate_options['dollar_quoted_func'] = self._config.obfuscator_options.keep_dollar_quoted_func
         obfuscate_options['return_json_metadata'] = self._config.obfuscator_options.collect_metadata
+        obfuscate_options['dbms'] = 'postgresql'
         self._obfuscate_options = to_native_string(json.dumps(obfuscate_options))
 
         self._collect_raw_query_statement = config.collect_raw_query_statement.enabled
diff --git a/postgres/datadog_checks/postgres/statements.py b/postgres/datadog_checks/postgres/statements.py
@@ -195,6 +195,7 @@ def __init__(self, check, config: InstanceConfig):
         obfuscate_options['table_names'] = self._config.obfuscator_options.collect_tables
         obfuscate_options['dollar_quoted_func'] = self._config.obfuscator_options.keep_dollar_quoted_func
         obfuscate_options['return_json_metadata'] = self._config.obfuscator_options.collect_metadata
+        obfuscate_options['dbms'] = 'postgresql'
         self._obfuscate_options = to_native_string(json.dumps(obfuscate_options))
         # full_statement_text_cache: limit the ingestion rate of full statement text events per query_signature
         self._full_statement_text_cache = TTLCache(
diff --git a/postgres/tests/test_statements.py b/postgres/tests/test_statements.py
@@ -415,6 +415,38 @@ def obfuscate_sql(query, options=None):
     assert row['calls'] == 2
 
 
+def test_obfuscate_sql_options(aggregator, integration_check, dbm_instance, datadog_agent):
+    """Verify obfuscate_sql is called with dbms=postgresql for both metrics and samples."""
+    dbm_instance['collect_schemas'] = {'enabled': False}
+
+    check = integration_check(dbm_instance)
+    check._connect()
+
+    # Unconditionally verify both classes have the correct options set at init time,
+    # independent of whether the DB produces any queries to obfuscate.
+    for name, obj in [('statement_metrics', check.statement_metrics), ('statement_samples', check.statement_samples)]:
+        opts = json.loads(obj._obfuscate_options)
+        assert opts.get('dbms') == 'postgresql', f"{name}: missing dbms=postgresql in obfuscation options"
+        assert opts.get('return_json_metadata') is True, (
+            f"{name}: missing return_json_metadata=True in obfuscation options"
+        )
+
+    captured_options = []
+
+    def obfuscate_sql(query, options=None):
+        if options is not None:
+            captured_options.append(json.loads(options))
+        return json.dumps({'query': query, 'metadata': {}})
+
+    with mock.patch.object(datadog_agent, 'obfuscate_sql', passthrough=True) as mock_agent:
+        mock_agent.side_effect = obfuscate_sql
+        run_one_check(check, cancel=False)
+
+    assert captured_options, "obfuscate_sql was never called with options"
+    for opts in captured_options:
+        assert opts.get('dbms') == 'postgresql', f"missing dbms=postgresql in obfuscation options: {opts}"
+
+
 @pytest.fixture
 def bob_conn():
     conn = psycopg.connect(host=HOST, dbname=DB_NAME, user="bob", password="bob")

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Set dbms=postgresql in obfuscation options to align query_signature with dbm-logs-processor.`