Ceilometer Python Client Keystone V3 Upgrade

Keystone declared V2 deprecated in K cycle with the intent of maintaining V2 for another two cycles after that. All the services clients are going to add support to V3 in order to smooth this transition.

Problem description

Keystone V3 API has introduced the following major changes:

  • Authentication: Custom auth method can be developed as plug-ins, this enables support for: OAuth 1.0 and SAML based federation
  • Authorization: in V2 API there are only two levels “admin” or none. V3 API enables control of who can call each method if the policy file is correctly specified.
  • Richer set of APIs. Vendor specific extensions are not supported directly anymore and there is a set of optional extensions supported by Keystone.

Proposed change

Since Ceilometer Client imports keystoneclient, the main changes to client.py are to selectively import the correct keystoneclient library version and pass a number of new options. In shell.py the new options are added to the parser.



Data model impact


REST API impact


Security impact


Pipeline impact


Other end user impact

There will be new commands to be used with the ceilometer client to scope the request to Domain/Project and support different auth methods. Alarms are using the ceilometer client and there could be a potential impact.

Performance/Scalability Impacts


Other deployer impact


Developer impact




Who is leading the writing of the code? Or is this a blueprint where you’re throwing it out there to see who picks it up?

If more than one person is working on the implementation, please designate the primary author and contact.

Primary assignee:
Other contributors:
Ongoing maintainer:

Work Items

  • Add new parameters to the client and cli.
  • Call the V3 Keystone client.
  • Validate the authorization and authentication via python-keystoneclient.

Future lifecycle



  • Keystone client: python-keystoneclient.


Unit tests will be added to the Ceilometer client to support the new parameter submission as well as validation of the authorization and authentication with Keystone client.

Documentation Impact

Documentation changes specific to new parameters added to the client.