diff --git a/manifests/rgw/keystone/auth.pp b/manifests/rgw/keystone/auth.pp
index 4ba61842..4483d6b3 100644
--- a/manifests/rgw/keystone/auth.pp
+++ b/manifests/rgw/keystone/auth.pp
@@ -66,31 +66,24 @@ class ceph::rgw::keystone::auth (
 
   include openstacklib::openstackclient
 
-  ensure_resource('keystone_service', "${service_name}::${service_type}", {
-    'ensure'      => 'present',
-    'description' => $service_description,
-  } )
+  Keystone::Resource::Service_identity['rgw'] -> Service<| tag == 'ceph-radosgw' |>
 
-  ensure_resource('keystone_endpoint', "${region}/${service_name}::${service_type}", {
-    'ensure'       => 'present',
-    'public_url'   => $public_url,
-    'admin_url'    => $admin_url,
-    'internal_url' => $internal_url,
-  } )
-
-  keystone_user { $user:
-    ensure   => present,
-    password => $password,
-    email    => $email,
-  }
-
-  ensure_resource('keystone_role', $roles, {
-    'ensure' => 'present'
-  } )
-
-  keystone_user_role { "${user}@${tenant}":
-    ensure => present,
-    roles  => $roles,
+  keystone::resource::service_identity { 'rgw':
+    configure_user      => true,
+    configure_user_role => true,
+    configure_endpoint  => true,
+    service_name        => $service_name,
+    service_type        => $service_type,
+    service_description => $service_description,
+    region              => $region,
+    auth_name           => $user,
+    password            => $password,
+    email               => $email,
+    tenant              => $tenant,
+    roles               => $roles,
+    public_url          => $public_url,
+    internal_url        => $internal_url,
+    admin_url           => $admin_url,
   }
 }
 
diff --git a/spec/classes/ceph_rgw_keystone_auth_spec.rb b/spec/classes/ceph_rgw_keystone_auth_spec.rb
index 4d394395..f18ae41c 100644
--- a/spec/classes/ceph_rgw_keystone_auth_spec.rb
+++ b/spec/classes/ceph_rgw_keystone_auth_spec.rb
@@ -13,27 +13,22 @@ describe 'ceph::rgw::keystone::auth' do
 
     it {
       should contain_class('openstacklib::openstackclient')
-      should contain_keystone_service('swift::object-store').with(
-        :ensure      => 'present',
-        :description => 'Ceph RGW Service',
-      )
-      should contain_keystone_endpoint('RegionOne/swift::object-store').with(
-        :ensure       => 'present',
-        :public_url   => 'http://127.0.0.1:8080/swift/v1',
-        :admin_url    => 'http://127.0.0.1:8080/swift/v1',
-        :internal_url => 'http://127.0.0.1:8080/swift/v1',
-      )
-      should contain_keystone_user('rgw_user').with(
-        :ensure   => 'present',
-        :password => 'rgw_password',
-        :email    => 'rgwuser@localhost',
-      )
-      should contain_keystone_role('admin').with(
-        :ensure => 'present',
-      )
-      should contain_keystone_user_role('rgw_user@services').with(
-        :ensure => 'present',
-        :roles  => ['admin'],
+      should contain_keystone__resource__service_identity('rgw').with(
+        :configure_user      => true,
+        :configure_endpoint  => true,
+        :configure_user_role => true,
+        :service_name        => 'swift',
+        :service_type        => 'object-store',
+        :service_description => 'Ceph RGW Service',
+        :region              => 'RegionOne',
+        :auth_name           => 'rgw_user',
+        :password            => 'rgw_password',
+        :email               => 'rgwuser@localhost',
+        :tenant              => 'services',
+        :roles               => ['admin'],
+        :public_url          => 'http://127.0.0.1:8080/swift/v1',
+        :admin_url           => 'http://127.0.0.1:8080/swift/v1',
+        :internal_url        => 'http://127.0.0.1:8080/swift/v1',
       )
     }
   end