I'd vote for A) as B) is probably prolonging the inevitable. Guang From: Dolph Mathews [mailto:dolph.mathews at gmail.com] Sent: Monday, March 18, 2013 1:38 PM To: OpenStack Development Mailing List Subject: [openstack-dev] [keystone] support for keystone.middleware.auth_token (bug 1143998) tl;dr keystone.middleware.auth_token is deprecated (and currently broken) in favor of keystoneclient.middleware.auth_token During grizzly we moved auth_token from keystone to keystoneclient, and provided a bit of backwards compatibility for configurations still using keystone.middleware.auth_token by having keystone import auth_token from keystoneclient. Unfortunately that backwards compatibility is now broken and being tracked in an RC-blocking bug: https://bugs.launchpad.net/nova/+bug/1143998 I described the root cause of the problem in comment #12: https://bugs.launchpad.net/nova/+bug/1143998/comments/12 I've proposed two fixes based on markmc's comments in that bug. A) Drop support for keystone.middleware.auth_token: https://review.openstack.org/#/c/24251/ B) Ignore the exception described in the bug and log a warning: https://review.openstack.org/#/c/24701/ Neither solution is ideal IMO but we need to fix this for RC1; feedback & alternative solutions welcome! -Dolph -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130319/d5441bbd/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6186 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130319/d5441bbd/attachment.bin>