diff --git a/docker/kolla-toolbox/kolla_keystone_user.py b/docker/kolla-toolbox/kolla_keystone_user.py
index d8af461ae2..e6a56f3c2c 100644
--- a/docker/kolla-toolbox/kolla_keystone_user.py
+++ b/docker/kolla-toolbox/kolla_keystone_user.py
@@ -14,14 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# This file is a barebones file needed to file a gap until Ansible 2.0. No
-# error checking, no deletions, no updates. Idempotent creation only.
-
-# If you look closely, you will see we arent _really_ using the shade module
-# we just use it to slightly abstract the authentication model. As patches land
-# in upstream shade we will be able to use more of the shade module. Until then
-# if we want to be 'stable' we really need to be using it as a passthrough
-
 import traceback
 
 import shade
@@ -47,37 +39,38 @@ def main():
         role = None
         user = None
 
-        cloud = shade.operator_cloud(**module.params)
+        cloud = shade.OperatorCloud(**module.params)
 
-        for _project in cloud.keystone_client.projects.list():
+        for _project in cloud.search_projects():
             if _project.name == project_name:
                 project = _project
 
-        for _role in cloud.keystone_client.roles.list():
+        for _role in cloud.search_roles():
             if _role.name == role_name:
                 role = _role
 
-        for _user in cloud.keystone_client.users.list():
+        for _user in cloud.search_users():
             if _user.name == user_name:
                 user = _user
 
         if not project:
             changed = True
-            project = cloud.keystone_client.projects.create(
-                name=project_name, domain='default')
+            project = cloud.create_project(project_name,
+                                           domain_id='default')
 
         if not role:
             changed = True
-            role = cloud.keystone_client.roles.create(name=role_name)
+            role = cloud.create_role(role_name)
 
         if not user:
             changed = True
-            user = cloud.keystone_client.users.create(name=user_name,
-                                                      password=password,
-                                                      project=project)
-            cloud.keystone_client.roles.grant(role=role,
-                                              user=user,
-                                              project=project)
+            user = cloud.create_user(user_name,
+                                     password=password,
+                                     default_project=project,
+                                     domain_id='default')
+            cloud.grant_role(role,
+                             user=user,
+                             project=project)
 
         module.exit_json(changed=changed)
     except Exception: