diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py
index 7136f272b..3513779db 100755
--- a/keystoneclient/v2_0/shell.py
+++ b/keystoneclient/v2_0/shell.py
@@ -21,11 +21,11 @@ from keystoneclient import utils
 CLIENT_CLASS = client.Client
 
 
-@utils.arg('tenant', metavar='<tenant-id>', nargs='?', default=None,
-           help='Tenant ID (Optional);  lists all users if not specified')
+@utils.arg('--tenant_id', metavar='<tenant-id>',
+           help='Tenant ID;  lists all users if not specified')
 def do_user_list(kc, args):
     """List users"""
-    users = kc.users.list(tenant_id=args.tenant)
+    users = kc.users.list(tenant_id=args.tenant_id)
     utils.print_list(users, ['id', 'enabled', 'email', 'name'])
 
 
@@ -215,24 +215,24 @@ def do_role_delete(kc, args):
 
 
 # TODO(jakedahn): refactor this to allow role, user, and tenant names.
-@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
-@utils.arg('--role', metavar='<role-id>', required=True, help='Role ID')
+@utils.arg('--user_id', metavar='<user-id>', required=True, help='User ID')
+@utils.arg('--role_id', metavar='<role-id>', required=True, help='Role ID')
 @utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
 def do_user_role_add(kc, args):
     """Add role to user"""
-    kc.roles.add_user_role(args.user, args.role, args.tenant_id)
+    kc.roles.add_user_role(args.user_id, args.role_id, args.tenant_id)
 
 
 # TODO(jakedahn): refactor this to allow role, user, and tenant names.
-@utils.arg('--user', metavar='<user-id>', required=True, help='User ID')
-@utils.arg('--role', metavar='<role-id>', required=True, help='Role ID')
+@utils.arg('--user_id', metavar='<user-id>', required=True, help='User ID')
+@utils.arg('--role_id', metavar='<role-id>', required=True, help='Role ID')
 @utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
 def do_user_role_remove(kc, args):
     """Remove role from user"""
-    kc.roles.remove_user_role(args.user, args.role, args.tenant_id)
+    kc.roles.remove_user_role(args.user_id, args.role_id, args.tenant_id)
 
 
-@utils.arg('--user', metavar='<user-id>',
+@utils.arg('--user_id', metavar='<user-id>',
            help='List roles granted to a user')
 @utils.arg('--tenant_id', metavar='<tenant-id>',
            help='List roles granted on a tenant')
@@ -241,53 +241,53 @@ def do_user_role_list(kc, args):
     if not args.tenant_id:
         # use the authenticated tenant id as a default
         args.tenant_id = kc.auth_tenant_id
-    if not args.user:
+    if not args.user_id:
         # use the authenticated user id as a default
-        args.user = kc.auth_user_id
-    roles = kc.roles.roles_for_user(user=args.user, tenant=args.tenant_id)
+        args.user_id = kc.auth_user_id
+    roles = kc.roles.roles_for_user(user=args.user_id, tenant=args.tenant_id)
 
     # this makes the command output a bit more intuitive
     for role in roles:
-        role.user_id = args.user
+        role.user_id = args.user_id
         role.tenant_id = args.tenant_id
 
     utils.print_list(roles, ['id', 'name', 'user_id', 'tenant_id'])
 
 
-@utils.arg('--user', metavar='<user-id>', help='User ID')
+@utils.arg('--user_id', metavar='<user-id>', help='User ID')
 @utils.arg('--tenant_id', metavar='<tenant-id>', help='Tenant ID')
 def do_ec2_credentials_create(kc, args):
     """Create EC2-compatibile credentials for user per tenant"""
     if not args.tenant_id:
         # use the authenticated tenant id as a default
         args.tenant_id = kc.auth_tenant_id
-    if not args.user:
+    if not args.user_id:
         # use the authenticated user id as a default
-        args.user = kc.auth_user_id
-    credentials = kc.ec2.create(args.user, args.tenant_id)
+        args.user_id = kc.auth_user_id
+    credentials = kc.ec2.create(args.user_id, args.tenant_id)
     utils.print_dict(credentials._info)
 
 
-@utils.arg('--user', metavar='<user-id>', help='User ID')
+@utils.arg('--user_id', metavar='<user-id>', help='User ID')
 @utils.arg('--access', metavar='<access-key>', required=True,
         help='Access Key')
 def do_ec2_credentials_get(kc, args):
     """Display EC2-compatibile credentials"""
-    if not args.user:
+    if not args.user_id:
         # use the authenticated user id as a default
-        args.user = kc.auth_user_id
-    cred = kc.ec2.get(args.user, args.access)
+        args.user_id = kc.auth_user_id
+    cred = kc.ec2.get(args.user_id, args.access)
     if cred:
         utils.print_dict(cred._info)
 
 
-@utils.arg('--user', metavar='<user-id>', help='User ID')
+@utils.arg('--user_id', metavar='<user-id>', help='User ID')
 def do_ec2_credentials_list(kc, args):
     """List EC2-compatibile credentials for a user"""
-    if not args.user:
+    if not args.user_id:
         # use the authenticated user id as a default
-        args.user = kc.auth_user_id
-    credentials = kc.ec2.list(args.user)
+        args.user_id = kc.auth_user_id
+    credentials = kc.ec2.list(args.user_id)
     for cred in credentials:
         try:
             cred.tenant = getattr(kc.tenants.get(cred.tenant_id), 'name')
@@ -298,16 +298,16 @@ def do_ec2_credentials_list(kc, args):
     utils.print_list(credentials, ['tenant', 'access', 'secret'])
 
 
-@utils.arg('--user', metavar='<user-id>', help='User ID')
+@utils.arg('--user_id', metavar='<user-id>', help='User ID')
 @utils.arg('--access', metavar='<access-key>', required=True,
         help='Access Key')
 def do_ec2_credentials_delete(kc, args):
     """Delete EC2-compatibile credentials"""
-    if not args.user:
+    if not args.user_id:
         # use the authenticated user id as a default
-        args.user = kc.auth_user_id
+        args.user_id = kc.auth_user_id
     try:
-        kc.ec2.delete(args.user, args.access)
+        kc.ec2.delete(args.user_id, args.access)
         print 'Credential has been deleted.'
     except Exception, e:
         print 'Unable to delete credential: %s' % e
diff --git a/tests/test_shell.py b/tests/test_shell.py
index bf8f086d8..1195c3d7f 100644
--- a/tests/test_shell.py
+++ b/tests/test_shell.py
@@ -142,7 +142,7 @@ class ShellTest(utils.TestCase):
 
             # Test case with one --tenant_id args present: ec2 creds
             shell('ec2-credentials-create '
-                  '--tenant_id=ec2-tenant --user=ec2-user')
+                  '--tenant_id=ec2-tenant --user_id=ec2-user')
             assert do_ec2_mock.called
             ((a, b), c) = do_ec2_mock.call_args
             actual = (b.os_auth_url, b.os_password, b.os_tenant_id,
@@ -151,13 +151,13 @@ class ShellTest(utils.TestCase):
             expect = (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, DEFAULT_TENANT_ID,
                       DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
             self.assertTrue(all([x == y for x, y in zip(actual, expect)]))
-            actual = (b.tenant_id, b.user)
+            actual = (b.tenant_id, b.user_id)
             expect = ('ec2-tenant', 'ec2-user')
             self.assertTrue(all([x == y for x, y in zip(actual, expect)]))
 
             # Test case with two --tenant_id args present
             shell('--os_tenant_id=os-tenant ec2-credentials-create '
-                  '--tenant_id=ec2-tenant --user=ec2-user')
+                  '--tenant_id=ec2-tenant --user_id=ec2-user')
             assert do_ec2_mock.called
             ((a, b), c) = do_ec2_mock.call_args
             actual = (b.os_auth_url, b.os_password, b.os_tenant_id,
@@ -166,7 +166,7 @@ class ShellTest(utils.TestCase):
             expect = (DEFAULT_AUTH_URL, DEFAULT_PASSWORD, 'os-tenant',
                       DEFAULT_TENANT_NAME, DEFAULT_USERNAME, '')
             self.assertTrue(all([x == y for x, y in zip(actual, expect)]))
-            actual = (b.tenant_id, b.user)
+            actual = (b.tenant_id, b.user_id)
             expect = ('ec2-tenant', 'ec2-user')
             self.assertTrue(all([x == y for x, y in zip(actual, expect)]))