@@ -88,9 +88,9 @@ function write_clouds_yaml {

         --file $CLOUDS_YAML \

         --os-cloud devstack \

         --os-region-name $REGION_NAME \

-        --os-identity-api-version $IDENTITY_API_VERSION \

+        --os-identity-api-version 3 \

         $CA_CERT_ARG \

-        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \

+        --os-auth-url $KEYSTONE_AUTH_URI \

         --os-username demo \

         --os-password $ADMIN_PASSWORD \

         --os-project-name demo

@@ -98,9 +98,9 @@ function write_clouds_yaml {

         --file $CLOUDS_YAML \

         --os-cloud devstack-admin \

         --os-region-name $REGION_NAME \

-        --os-identity-api-version $IDENTITY_API_VERSION \

+        --os-identity-api-version 3 \

         $CA_CERT_ARG \

-        --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \

+        --os-auth-url $KEYSTONE_AUTH_URI \

         --os-username admin \

         --os-password $ADMIN_PASSWORD \

         --os-project-name admin

@@ -735,16 +735,13 @@ function policy_add {

 # Usage: get_or_create_domain <name> <description>

 function get_or_create_domain {

     local domain_id

-    local os_url="$KEYSTONE_SERVICE_URI_V3"

     # Gets domain id

     domain_id=$(

         # Gets domain id

-        openstack --os-token=$OS_TOKEN --os-url=$os_url \

-            --os-identity-api-version=3 domain show $1 \

+        openstack domain show $1 \

             -f value -c id 2>/dev/null ||

         # Creates new domain

-        openstack --os-token=$OS_TOKEN --os-url=$os_url \

-            --os-identity-api-version=3 domain create $1 \

+        openstack domain create $1 \

             --description "$2" \

             -f value -c id

     )

@@ -755,13 +752,11 @@ function get_or_create_domain {

 # Usage: get_or_create_group <groupname> <domain> [<description>]

 function get_or_create_group {

     local desc="${3:-}"

-    local os_url="$KEYSTONE_SERVICE_URI_V3"

     local group_id

     # Gets group id

     group_id=$(

         # Creates new group with --or-show

-        openstack --os-token=$OS_TOKEN --os-url=$os_url \

-            --os-identity-api-version=3 group create $1 \

+        openstack group create $1 \

             --domain $2 --description "$desc" --or-show \

             -f value -c id

     )

@@ -783,8 +778,6 @@ function get_or_create_user {

         openstack user create \

             $1 \

             --password "$2" \

-            --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             --domain=$3 \

             $email \

             --or-show \

@@ -799,9 +792,7 @@ function get_or_create_project {

     local project_id

     project_id=$(

         # Creates new project with --or-show

-        openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

-            project create $1 \

+        openstack project create $1 \

             --domain=$2 \

             --or-show -f value -c id

     )

@@ -815,8 +806,6 @@ function get_or_create_role {

     role_id=$(

         # Creates role with --or-show

         openstack role create $1 \

-            --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             --or-show -f value -c id

     )

     echo $role_id

@@ -829,8 +818,6 @@ function get_or_add_user_project_role {

     # Gets user role id

     user_role_id=$(openstack role list \

         --user $2 \

-        --os-url=$KEYSTONE_SERVICE_URI_V3 \

-        --os-identity-api-version=3 \

         --column "ID" \

         --project $3 \

         --column "Name" \

@@ -839,13 +826,9 @@ function get_or_add_user_project_role {

         # Adds role to user and get it

         openstack role add $1 \

             --user $2 \

-            --project $3 \

-            --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3

+            --project $3

         user_role_id=$(openstack role list \

             --user $2 \

-            --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             --column "ID" \

             --project $3 \

             --column "Name" \

@@ -860,21 +843,15 @@ function get_or_add_group_project_role {

     local group_role_id

     # Gets group role id

     group_role_id=$(openstack role list \

-        --os-url=$KEYSTONE_SERVICE_URI_V3 \

-        --os-identity-api-version=3 \

         --group $2 \

         --project $3 \

         -c "ID" -f value)

     if [[ -z "$group_role_id" ]]; then

         # Adds role to group and get it

         openstack role add $1 \

-            --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             --group $2 \

             --project $3

         group_role_id=$(openstack role list \

-            --os-url=$KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             --group $2 \

             --project $3 \

             -c "ID" -f value)

@@ -892,8 +869,6 @@ function get_or_create_service {

         openstack service show $2 -f value -c id 2>/dev/null ||

         # Creates new service if not exists

         openstack service create \

-            --os-url $KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             $2 \

             --name $1 \

             --description="$3" \

@@ -912,8 +887,6 @@ function _get_or_create_endpoint_with_interface {

     # gets support for this, the check for the region name can be removed.

     # Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772

     endpoint_id=$(openstack endpoint list \

-        --os-url $KEYSTONE_SERVICE_URI_V3 \

-        --os-identity-api-version=3 \

         --service $1 \

         --interface $2 \

         --region $4 \

@@ -921,8 +894,6 @@ function _get_or_create_endpoint_with_interface {

     if [[ -z "$endpoint_id" ]]; then

         # Creates new endpoint

         endpoint_id=$(openstack endpoint create \

-            --os-url $KEYSTONE_SERVICE_URI_V3 \

-            --os-identity-api-version=3 \

             $1 $2 $3 --region $4 -f value -c id)

     fi

@@ -799,10 +799,10 @@ function stop_swift {

 function swift_configure_tempurls {

     OS_USERNAME=swift \

-        OS_TENANT_NAME=$SERVICE_TENANT_NAME \

+        OS_PROJECT_NAME=$SERVICE_TENANT_NAME \

         OS_PASSWORD=$SERVICE_PASSWORD \

-        OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \

-        swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"

+        OS_AUTH_URL=$SERVICE_ENDPOINT \

+        swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"

 }

 # Restore xtrace

@@ -973,13 +973,15 @@ if is_service_enabled keystone; then

         start_keystone

     fi

+    export OS_IDENTITY_API_VERSION=3

+

     # Set up a temporary admin URI for Keystone

-    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0

+    SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3

     if is_service_enabled tls-proxy; then

         export OS_CACERT=$INT_CA_DIR/ca-chain.pem

         # Until the client support is fixed, just use the internal endpoint

-        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0

+        SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3

     fi

     # Setup OpenStackClient token-endpoint auth

@@ -1003,14 +1005,13 @@ if is_service_enabled keystone; then

     # Begone token auth

     unset OS_TOKEN OS_URL

-    # force set to use v2 identity authentication even with v3 commands

-    export OS_AUTH_TYPE=v2password

-

     # Set up password auth credentials now that Keystone is bootstrapped

-    export OS_AUTH_URL=$SERVICE_ENDPOINT

-    export OS_TENANT_NAME=admin

+    export OS_AUTH_URL=$KEYSTONE_AUTH_URI

     export OS_USERNAME=admin

+    export OS_USER_DOMAIN_ID=default

     export OS_PASSWORD=$ADMIN_PASSWORD

+    export OS_PROJECT_NAME=admin

+    export OS_PROJECT_DOMAIN_ID=default

     export OS_REGION_NAME=$REGION_NAME

 fi