Query anonymization should work in fallback log

legacy/src/main/java/org/opensearch/sql/legacy/plugin/RestSqlAction.java

@@ -167,7 +167,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
               LOG.info(
                   "[{}] Request {} is not supported and falling back to old SQL engine",
                   QueryContext.getRequestId(),
-                  newSqlRequest);
+                  newSqlRequest.toString(QueryDataAnonymizer::anonymizeData));
               LOG.info("Request Query: {}", QueryDataAnonymizer.anonymizeData(sqlRequest.getSql()));
               QueryAction queryAction = explainRequest(client, sqlRequest, format);
               executeSqlRequest(request, queryAction, client, restChannel);

legacy/src/test/java/org/opensearch/sql/legacy/unittest/utils/QueryDataAnonymizerTest.java

@@ -5,9 +5,11 @@
 
 package org.opensearch.sql.legacy.unittest.utils;
 
+import java.util.Map;
 import org.junit.Assert;
 import org.junit.Test;
 import org.opensearch.sql.legacy.utils.QueryDataAnonymizer;
+import org.opensearch.sql.sql.domain.SQLQueryRequest;
 
 public class QueryDataAnonymizerTest {
 
@@ -91,4 +93,19 @@ public void unionQueriesShouldAnonymizeSensitiveData() {
             + "UNION SELECT identifier, identifier FROM table )";
     Assert.assertEquals(expectedQuery, QueryDataAnonymizer.anonymizeData(query));
   }
+
+  @Test
+  public void test_to_anonymous_string_of_SQLQueryRequest() {
+    String query =
+        "SELECT a.account_number, a.firstname, a.lastname, e.id, e.name "
+            + "FROM accounts a JOIN employees e";
+    SQLQueryRequest request =
+        new SQLQueryRequest(null, query, "/_plugins/_sql", Map.of("pretty", "true"), null);
+    String actualQuery = request.toString(QueryDataAnonymizer::anonymizeData);
+    String expectedQuery =
+        "SQLQueryRequest(query=( SELECT identifier, identifier, identifier, identifier, identifier"
+            + " FROM table a JOIN table e ), path=/_plugins/_sql, format=jdbc,"
+            + " params={pretty=true}, sanitize=true, cursor=Optional.empty)";
+    Assert.assertEquals(expectedQuery, actualQuery);
+  }
 }

sql/src/main/java/org/opensearch/sql/sql/domain/SQLQueryRequest.java

@@ -10,6 +10,7 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.util.function.Function;
 import java.util.stream.Stream;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -148,4 +149,22 @@ private boolean shouldSanitize(Map<String, String> params) {
     }
     return true;
   }
+
+  /** A new toString() with anonymizer parameter to anonymize its query statement. */
+  public String toString(Function<String, String> anonymizer) {
+    return "SQLQueryRequest("
+        + "query="
+        + anonymizer.apply(getQuery())
+        + ", path="
+        + path
+        + ", format="
+        + format
+        + ", params="
+        + params
+        + ", sanitize="
+        + sanitize
+        + ", cursor="
+        + getCursor()
+        + ')';
+  }
 }

sql/src/test/java/org/opensearch/sql/sql/domain/SQLQueryRequestTest.java

@@ -222,6 +222,16 @@ public void should_support_raw_format() {
     assertTrue(csvRequest.isSupported());
   }
 
+  @Test
+  public void test_to_string_with_anonymizer() {
+    SQLQueryRequest request = SQLQueryRequestBuilder.request("SELECT 1").build();
+    String actual = request.toString(s -> "***");
+    String expected =
+        "SQLQueryRequest(query=***, path=_plugins/_sql, format=jdbc, params={}, sanitize=true,"
+            + " cursor=Optional.empty)";
+    assertEquals(expected, actual);
+  }
+
   /** SQL query request build helper to improve test data setup readability. */
   private static class SQLQueryRequestBuilder {
     private String jsonContent;