[pull] master from DataDog:master#582
Merged
Merged
Conversation
* Add SQL Server diagnostics * Add SQL Server diagnostics changelog * Address Codex review on SQL Server diagnostics - skip server-level VIEW SERVER STATE probe on Azure SQL Database and validate via sys.dm_exec_sessions (VIEW DATABASE STATE) - probe msdb.dbo.syssessions when agent_jobs is enabled and not on RDS Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Explicitly check VIEW DATABASE STATE on Azure SQL Database On Azure SQL Database, `sys.dm_exec_sessions` always returns the caller's own session row, so probing it cannot detect a missing `VIEW DATABASE STATE`. Validate the permission with `HAS_PERMS_BY_NAME(DB_NAME(), 'DATABASE', 'VIEW DATABASE STATE')` before the session probe. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Eliminate reference cycle in SQL Server diagnose Mirrors the postgres fix in #23647: register a module-level ``run_diagnostics`` via ``functools.partial`` so a fresh ``SqlserverDiagnose`` worker is built per invocation and disposed of when ``_run()`` returns. The previous shape kept a ``SqlserverDiagnose`` instance alive whose bound ``_run`` was held by ``Diagnosis``, forming a check → diagnosis → bound method → diagnose worker → check cycle. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Use NULL securable in HAS_PERMS_BY_NAME for VIEW DATABASE STATE Azure SQL Database names can contain a dot. Passing ``DB_NAME()`` as the securable made ``HAS_PERMS_BY_NAME`` parse the name as a multipart identifier, returning 0 even when ``VIEW DATABASE STATE`` was granted and producing a false-negative diagnostic. Using NULL targets the current database unambiguously. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Skip baseline diagnostic probes under only_custom_queries When only_custom_queries is set the check skips load_basic_metrics and database_metrics, so the Datadog login does not need access to sys.dm_os_performance_counters or the database_metrics-only msdb tables. Guard those probes (and VIEW SERVER STATE / VIEW ANY DEFINITION) so they only run when the corresponding metric path is active or DBM is enabled. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Address SQL Server diagnose review feedback * Improve SQL Server diagnose remediation * Add SQL Server diagnostics for Azure perf state, ODBC driver, and per-db access Adds three high-signal pre-flight probes inspired by recurring SDBM escalations: - VIEW DATABASE PERFORMANCE STATE on Azure SQL Database / Managed Instance, probed with sys.dm_io_virtual_file_stats (SDBM-1707, SDBM-1504). - ODBC driver installed: compares the configured driver to pyodbc.drivers() before connecting (SDBM-1939). - Per-database access under autodiscovery: enumerates online user databases, applies the autodiscovery include/exclude filters, and probes each with USE/SELECT TOP 1 1 (SDBM-2293, SDBM-2401). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Add per-database VIEW DATABASE STATE diagnostic The existing per-database access probe only verified that the Datadog login could USE each autodiscovered database. A login can pass that probe and still produce no per-database DBM data because the per-db DMV reads (sys.dm_exec_sessions filtered by database_id, sys.dm_db_index_usage_stats, sys.dm_db_file_space_usage, ...) require VIEW DATABASE STATE on the database — the exact permission the existing remediation already told users to grant but never checked. Extends the per-database loop to call HAS_PERMS_BY_NAME for VIEW DATABASE STATE on each accessible database and emits a new missing-per-database-view-state diagnosis with failures listed by database name. Skipped on Azure SQL Database (per_database_access is also skipped there) and when no database was accessible (the access probe already reports that case). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * format --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )