The Nectar Identity service handles the authentication of users for the Nectar Research Cloud and is powered by the OpenStack Keystone project.

Keystone has supported two API versions, v2.0 and v3 for some time, but v2.0 is now deprecated. The v2.0 API will be available until April 2019, until which time, it will no longer be available. Therefore, users still using the v2.0 API will be required to migrate to the v3 API.

Switching to the v3 API

Most users will already be using the v3 API, as it has been the default since 2016. The simplest way to identify which version of the API you're using is to look at the value of the OS_AUTH_URL setting. The end of the URL will likely end in either /v2.0 or /v3 for API v2.0 and v3 respectively. 

For example:


If you are using the v2.0 API, the simplest way to switch over to the v3 API is to download a new openrc file from the Dashboard using the following URL:

Major changes between API v2.0 and v3

There are many technical changes between v2.0 and v3, but the most obvious for users is that a tenant is now known as a project. For more information, OpenStack's Identity API v2.0 and v3 History document is a very technical introduction to the changes.

From an openrc settings perspective, the differences are:

  • tenant has been renamed to project
  • user and project domains are now included. These will generally be set to default (id) or Default (name).
  • authentication methods other than password can be supported with the OS_AUTH_TYPE setting. Password is the default, but v3applicationcredential can be used for application credentials.