@@ -695,9 +695,8 @@ function get_or_create_domain {

 }

 # Gets or creates group

-# Usage: get_or_create_group <groupname> [<domain> <description>]

+# Usage: get_or_create_group <groupname> <domain> [<description>]

 function get_or_create_group {

-    local domain=${2:+--domain ${2}}

     local desc="${3:-}"

     local os_url="$KEYSTONE_SERVICE_URI_V3"

     # Gets group id

@@ -705,34 +704,30 @@ function get_or_create_group {

         # Creates new group with --or-show

         openstack --os-token=$OS_TOKEN --os-url=$os_url \

             --os-identity-api-version=3 group create $1 \

-            $domain --description "$desc" --or-show \

+            --domain $2 --description "$desc" --or-show \

             -f value -c id

     )

     echo $group_id

 }

 # Gets or creates user

-# Usage: get_or_create_user <username> <password> [<email> [<domain>]]

+# Usage: get_or_create_user <username> <password> <domain> [<email>]

 function get_or_create_user {

-    if [[ ! -z "$3" ]]; then

-        local email="--email=$3"

+    if [[ ! -z "$4" ]]; then

+        local email="--email=$4"

     else

         local email=""

     fi

-    local os_cmd="openstack"

-    local domain=""

-    if [[ ! -z "$4" ]]; then

-        domain="--domain=$4"

-        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"

-    fi

     # Gets user id

     local user_id=$(

         # Creates new user with --or-show

-        $os_cmd user create \

+        openstack user create \

             $1 \

             --password "$2" \

+            --os-url=$KEYSTONE_SERVICE_URI_V3 \

+            --os-identity-api-version=3 \

+            --domain=$3 \

             $email \

-            $domain \

             --or-show \

             -f value -c id

     )

@@ -264,7 +264,7 @@ function create_glance_accounts {

         if is_service_enabled s-proxy; then

             local glance_swift_user=$(get_or_create_user "glance-swift" \

-                "$SERVICE_PASSWORD" "glance-swift@example.com")

+                "$SERVICE_PASSWORD" "default" "glance-swift@example.com")

             get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME

         fi

@@ -358,7 +358,7 @@ function create_keystone_accounts {

     # admin

     local admin_tenant=$(get_or_create_project "admin" default)

-    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")

+    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)

     local admin_role=$(get_or_create_role "admin")

     get_or_add_user_project_role $admin_role $admin_user $admin_tenant

@@ -387,7 +387,7 @@ function create_keystone_accounts {

     # demo

     local demo_tenant=$(get_or_create_project "demo" default)

     local demo_user=$(get_or_create_user "demo" \

-        "$ADMIN_PASSWORD" "demo@example.com")

+        "$ADMIN_PASSWORD" "default" "demo@example.com")

     get_or_add_user_project_role $member_role $demo_user $demo_tenant

     get_or_add_user_project_role $admin_role $admin_user $demo_tenant

@@ -426,7 +426,7 @@ function create_keystone_accounts {

 function create_service_user {

     local role=${2:-service}

-    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")

+    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)

     get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"

 }

@@ -618,18 +618,21 @@ function create_swift_accounts {

     local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)

     die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"

-    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")

+    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \

+                        "default" "test@example.com")

     die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"

     get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1

-    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")

+    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \

+                                "default" "test3@example.com")

     die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"

     get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1

     local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)

     die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"

-    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")

+    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \

+                                "default" "test2@example.com")

     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"

     get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2

@@ -639,7 +642,8 @@ function create_swift_accounts {

     local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)

     die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"

-    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)

+    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \

+                                $swift_domain "test4@example.com")

     die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"

     get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4

 }

@@ -551,7 +551,7 @@ function create_tempest_accounts {

         # Tempest has some tests that validate various authorization checks

         # between two regular users in separate tenants

         get_or_create_project alt_demo default

-        get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"

+        get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"

         get_or_add_user_project_role Member alt_demo alt_demo

     fi

 }

@@ -1012,6 +1012,9 @@ if is_service_enabled keystone; then

     # Begone token auth

     unset OS_TOKEN OS_URL

+    # force set to use v2 identity authentication even with v3 commands

+    export OS_AUTH_TYPE=v2password

+

     # Set up password auth credentials now that Keystone is bootstrapped

     export OS_AUTH_URL=$SERVICE_ENDPOINT

     export OS_TENANT_NAME=admin