So trying to get auth not scoped to a project but domain instead, I get this:
failed: [primary] (item={u'service_type': u'identity', u'name': u'keystone'}) => {
    "action": "os_keystone_service", 
    "attempts": 5, 
    "changed": false, 
    "invocation": {
        "module_args": {
            "api_version": "auto", 
            "module_args": {
                "auth": {
                    "auth_url": "http://192.0.2.10:35357", 
                    "domain_name": "default", 
                    "password": "9PJVm6kJI1k00JgNzhXpRAosMAXBkIqSSmDYDwR3", 
                    "user_domain_name": "default", 
                    "username": "admin"
                }, 
                "cacert": "", 
                "description": "Openstack Identity Service", 
                "interface": "admin", 
                "name": "keystone", 
                "region_name": "RegionOne", 
                "service_type": "identity"
            }, 
            "module_extra_vars": null, 
            "module_name": "os_keystone_service", 
            "timeout": 180, 
            "user": null
        }
    }, 
    "item": {
        "description": "Openstack Identity Service", 
        "endpoints": [
            {
                "interface": "admin", 
                "url": "http://192.0.2.10:35357"
            }, 
            {
                "interface": "internal", 
                "url": "http://192.0.2.10:5000"
            }, 
            {
                "interface": "public", 
                "url": "http://192.0.2.10:5000"
            }
        ], 
        "name": "keystone", 
        "type": "identity"
    }, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible-tmp-1572531912.06-54869509402289/AnsiballZ_os_keystone_service.py\", line 114, in <module>\n    _ansiballz_main()\n  File \"/tmp/ansible-tmp-1572531912.06-54869509402289/AnsiballZ_os_keystone_service.py\", line 106, in _ansiballz_main\n    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n  File \"/tmp/ansible-tmp-1572531912.06-54869509402289/AnsiballZ_os_keystone_service.py\", line 49, in invoke_module\n    imp.load_module('__main__', mod, module, MOD_DESC)\n  File \"/tmp/ansible_os_keystone_service_payload_RpqMjI/__main__.py\", line 194, in <module>\n  File \"/tmp/ansible_os_keystone_service_payload_RpqMjI/__main__.py\", line 153, in main\n  File \"/opt/ansible/lib/python2.7/site-packages/openstack/cloud/_identity.py\", line 510, in search_services\n    services = self.list_services()\n  File \"/opt/ansible/lib/python2.7/site-packages/openstack/cloud/_identity.py\", line 485, in list_services\n    if self._is_client_version('identity', 2):\n  File \"/opt/ansible/lib/python2.7/site-packages/openstack/cloud/openstackcloud.py\", line 459, in _is_client_version\n    client = getattr(self, client_name)\n  File \"/opt/ansible/lib/python2.7/site-packages/openstack/cloud/_identity.py\", line 32, in _identity_client\n    'identity', min_version=2, max_version='3.latest')\n  File \"/opt/ansible/lib/python2.7/site-packages/openstack/cloud/openstackcloud.py\", line 422, in _get_versioned_client\n    endpoint_override=self.config.get_endpoint(service_type))\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/adapter.py\", line 345, in get_api_major_version\n    return self.session.get_api_major_version(auth or self.auth, **kwargs)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/session.py\", line 1233, in get_api_major_version\n    return auth.get_api_major_version(self, **kwargs)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/identity/base.py\", line 500, in get_api_major_version\n    data = get_endpoint_data(discover_versions=discover_versions)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/identity/base.py\", line 271, in get_endpoint_data\n    service_catalog = self.get_access(session).service_catalog\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/identity/base.py\", line 134, in get_access\n    self.auth_ref = self.get_auth_ref(session)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/identity/generic/base.py\", line 208, in get_auth_ref\n    return self._plugin.get_auth_ref(session, **kwargs)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py\", line 184, in get_auth_ref\n    authenticated=False, log=False, **rkwargs)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/session.py\", line 1106, in post\n    return self.request(url, 'POST', **kwargs)\n  File \"/opt/ansible/lib/python2.7/site-packages/keystoneauth1/session.py\", line 943, in request\n    raise exceptions.from_response(resp, method, url)\nkeystoneauth1.exceptions.http.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-2eed28d1-00fd-4878-8acc-9d5eee838a93)\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", 
    "rc": 1
}

I have a bad feeling this client is unable to handle the new stricter situation.