nova.context._ContextAuthPlugin is (sometimes) being used as the basis for keystoneauth1 endpoint discovery. With the advent of ksa 3.1.0, there are some new methods consumers are expecting to be able to run on an auth via a ksa Session or Adapter. (Note that they were added to BaseIdentityPlugin without being added as abstract methods to BaseAuthPlugin - this is probably a ksa bug.) An example of such a method is get_endpoint_data().
Now, it appears from the docstring that the only reason _ContextAuthPlugin exists is that the auths we get from keystone middleware are not serializable. This may have changed since that docstring was written in 2014.
So: we should either update _ContextAuthPlugin to provide the methods ksa expects (perhaps in response to a fixup in ksa's BaseAuthPlugin abc that mandates those methods be implemented); or (better) figure out a way to get rid of _ContextAuthPlugin entirely and just use what keystone provides.
A manifestation of this problem can be seen in the work for bp use-service-catalog-for-endpoints. This change [1] is in response to ksa Adapter.get_endpoint_data() raising AttributeError because Adapter.get_endpoint_data eventually filters down to Adapter.auth.get_endpoint_data; which breaks when the auth is a _ContextAuthPlugin.
[1] https://review.openstack.org/#/c/490057/3..4/nova/image/glance.py
It's possible https:/