Skip to content

Remove doPrivileged call in Calcite script execution #4900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
penghuo merged 1 commit into from
Dec 4, 2025
Merged

Remove doPrivileged call in Calcite script execution #4900

penghuo merged 1 commit into from
Dec 4, 2025

Conversation

@Swiddis
Copy link
Collaborator

@Swiddis Swiddis commented Dec 3, 2025
edited
Loading

Description

Seems to delete a major perf bottleneck: we create an access controller context for every individual document we process in a script, which involves a lot of stack trace traversal and locking for accessing that context. Curious what the breakage is if I just delete this controller step, since it passes tests locally. At least for the query I was interested in, it reduced the runtime from 70 seconds (2mil documents) to 4.

Better approach if we need it: move the privilege step to outside the core script loop.

Measured from slow query (big5 dataset):

source = big5
| where `agent.name` = 'filebeat'
| where `@timestamp` >= '2023-01-01 00:00:00' and `@timestamp` <= '2023-01-02 00:00:00'
| where `metrics.size` > 1000 and `metrics.size` != 5000
| stats count(`agent.name`)

Before (70s/query):
image

After (4s/query):
image

Related Issues

N/A

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • New functionality has javadoc added.
  • New functionality has a user manual doc added.
  • New PPL command checklist all confirmed.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff or -s.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 3, 2025

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

@Swiddis Swiddis added performance Make it fast! calcite calcite migration releated labels Dec 3, 2025
@Swiddis Swiddis changed the title Remove access controller step in Calcite script Remove access controller step in Calcite script execution Dec 3, 2025
@Swiddis Swiddis changed the title Remove access controller step in Calcite script execution Remove doPrivileged call in Calcite script execution Dec 3, 2025
@Swiddis Swiddis added the maintenance Improves code quality, but not the product label Dec 3, 2025
@songkant-aws
Copy link
Contributor

songkant-aws commented Dec 4, 2025

Grreat! I remember somehow 2.19 still needs it. But it was removed in OpenSearch since 3.x version.

@Swiddis Swiddis marked this pull request as ready for review December 4, 2025 16:47
@Swiddis Swiddis requested a review from RyanL1997 as a code owner December 4, 2025 16:47
@penghuo penghuo enabled auto-merge (squash) December 4, 2025 17:19
dai-chen
dai-chen approved these changes Dec 4, 2025
View reviewed changes
Copy link
Collaborator

@dai-chen dai-chen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes! If I recall right, this is mostly for action whitelisted in plugin-security.policy?

@penghuo penghuo merged commit 2942d4b into opensearch-project:main Dec 4, 2025
40 of 53 checks passed
@Swiddis Swiddis mentioned this pull request Dec 9, 2025
Merged
8 tasks
asifabashar pushed a commit to asifabashar/sql that referenced this pull request Dec 10, 2025
@Swiddis @asifabashar
Remove access controller step in Calcite script (opensearch-project#4900
58025be 
)

Signed-off-by: Simeon Widdis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@penghuo penghuo penghuo approved these changes

@dai-chen dai-chen dai-chen approved these changes

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@vamsimanohar vamsimanohar Awaiting requested review from vamsimanohar vamsimanohar is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

@MaxKsyunz MaxKsyunz Awaiting requested review from MaxKsyunz MaxKsyunz is a code owner

@Yury-Fridlyand Yury-Fridlyand Awaiting requested review from Yury-Fridlyand Yury-Fridlyand is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@forestmvey forestmvey Awaiting requested review from forestmvey forestmvey is a code owner

@acarbonetto acarbonetto Awaiting requested review from acarbonetto acarbonetto is a code owner

@GumpacG GumpacG Awaiting requested review from GumpacG GumpacG is a code owner

@ykmr1224 ykmr1224 Awaiting requested review from ykmr1224 ykmr1224 is a code owner

@LantaoJin LantaoJin Awaiting requested review from LantaoJin LantaoJin is a code owner

@noCharger noCharger Awaiting requested review from noCharger noCharger is a code owner

@qianheng-aws qianheng-aws Awaiting requested review from qianheng-aws qianheng-aws is a code owner

@yuancu yuancu Awaiting requested review from yuancu yuancu is a code owner

@RyanL1997 RyanL1997 Awaiting requested review from RyanL1997 RyanL1997 is a code owner

Assignees

No one assigned

Labels

calcite calcite migration releated maintenance Improves code quality, but not the product performance Make it fast!

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Swiddis @songkant-aws @penghuo @dai-chen