Mandatory API Query Limits

Include the URL of your launchpad blueprint:

Currently, Ceilometer’s api allows users to query for as much or as little data as they desire. They are also allowed to query for everything no matter the size of results.

Problem description

Allowing the ability to have return the entire world of data is not a realistic use case. While it is easier in theory to query for everything, in reality, this is not viable as it puts a lot of strain on CPU and memory to manage all the data required. In addition, these queries take a significant amount of time to calculate and will always time out even if enough resources are available to the system.

As Ceilometer intends to remove unused pagination, another form of query restriction is required.

Proposed change

Mandatory limits must be enforced on queries, whether it be a limit value. If neither value is provided, a default restriction of 100 will be applied. This behaves similarly to other dbs such as ElasticSearch which limit the number of results returned if no restrictions are provided.

Users are still allowed to query the entire set of data if they choose to, but instead of implicitly doing so as it currently functions, users will need to explicitly do so.

These restrictions will apply to both events and meters api.


Nothing, and let users blame Ceilometer for insane queries.

Data model impact


REST API impact

All GET queries will require a limit value. If none is given, a default of 100 will be applied.

Security impact


Pipeline impact


Other end user impact

A limit value is required to get data as expected. If none is provided, the returned results may be truncated. A warning will be logged whenever the default limit is applied.

Performance/Scalability Impacts

This will limit the load created by unintentional large queries.

Other deployer impact

A new option will be defined to allow operators control of what the default return limit is.

Developer impact

Unit tests need to be written to consider this limit.



Primary assignee:


Other contributors:


Ongoing maintainer:


Work Items

  • Add option to control default limit value

  • Apply limit check to meter queries and fix UT

  • Apply limit check to event queries and fix UT

  • Update docs

Future lifecycle

We can derive a query link which returns next set of data based on last timestamp value of returned set.




Unit test to test default limits are applied.

Documentation Impact

This may be a breaking change to some – Ceilometer will probably be already broken to them. That said, this will need to be publicised.