Adding options to user cli

User options [1] can be set by making POST and PATCH
request for /v3/users API calls but cannot by openstack
CLI because of no user options defined in create and update
user CLI [2]. This patch adds the user options [1] in
create user and update user CLI.

[1] https://docs.openstack.org/keystone/latest/admin/resource-options.html#multi-factor-auth-rules
[2] https://docs.openstack.org/api-ref/identity/v3/#create-user

Change-Id: I4e41bae2e8cfbe92d52b14d856991bedcd44164f

1 files changed, 126 insertions, 0 deletions

diff --git a/doc/source/cli/command-objects/user.rst b/doc/source/cli/command-objects/user.rst
index 632d0e25..d0fc3f87 100644
--- a/doc/source/cli/command-objects/user.rst
+++ b/doc/source/cli/command-objects/user.rst
@@ -19,6 +19,12 @@ Create new user
         [--password-prompt]
         [--email <email-address>]
         [--description <description>]
+        [--multi-factor-auth-rule <rule>]
+        [--ignore-lockout-failure-attempts| --no-ignore-lockout-failure-attempts]
+        [--ignore-password-expiry| --no-ignore-password-expiry]
+        [--ignore-change-password-upon-first-use| --no-ignore-change-password-upon-first-use]
+        [--enable-lock-password| --disable-lock-password]
+        [--enable-multi-factor-auth| --disable-multi-factor-auth]
         [--enable | --disable]
         [--or-show]
         <user-name>
@@ -56,6 +62,63 @@ Create new user
 
     .. versionadded:: 3
 
+.. option:: --ignore-lockout-failure-attempts
+
+    Opt into ignoring the number of times a user has authenticated and
+    locking out the user as a result
+
+.. option:: --no-ignore-lockout-failure-attempts
+
+    Opt out of ignoring the number of times a user has authenticated
+    and locking out the user as a result
+
+.. option:: --ignore-change-password-upon-first-use
+
+    Control if a user should be forced to change their password immediately
+    after they log into keystone for the first time. Opt into ignoring
+    the user to change their password during first time login in keystone.
+
+.. option:: --no-ignore-change-password-upon-first-use
+
+    Control if a user should be forced to change their password immediately
+    after they log into keystone for the first time. Opt out of ignoring
+    the user to change their password during first time login in keystone.
+
+.. option:: --ignore-password-expiry
+
+    Opt into allowing user to continue using passwords that may be
+    expired
+
+.. option:: --no-ignore-password-expiry
+
+    Opt out of allowing user to continue using passwords that may be
+    expired
+
+.. option:: --enable-lock-password
+
+    Disables the ability for a user to change its password through
+    self-service APIs
+
+.. option:: --disable-lock-password
+
+    Enables the ability for a user to change its password through
+    self-service APIs
+
+.. option:: --enable-multi-factor-auth
+
+    Enables the MFA (Multi Factor Auth)
+
+.. option:: --disable-multi-factor-auth
+
+    Disables the MFA (Multi Factor Auth)
+
+.. option:: --multi-factor-auth-rule <rule>
+
+    Set multi-factor auth rules. For example, to set a rule requiring the
+    "password" and "totp" auth methods to be provided,
+    use: "--multi-factor-auth-rule password,totp".
+    May be provided multiple times to set different rule combinations.
+
 .. option:: --enable
 
     Enable user (default)
@@ -146,6 +209,12 @@ Set user properties
         [--password-prompt]
         [--email <email-address>]
         [--description <description>]
+        [--multi-factor-auth-rule <rule>]
+        [--ignore-lockout-failure-attempts| --no-ignore-lockout-failure-attempts]
+        [--ignore-password-expiry| --no-ignore-password-expiry]
+        [--ignore-change-password-upon-first-use| --no-ignore-change-password-upon-first-use]
+        [--enable-lock-password| --disable-lock-password]
+        [--enable-multi-factor-auth| --disable-multi-factor-auth]
         [--enable|--disable]
         <user>
 
@@ -187,6 +256,63 @@ Set user properties
 
     .. versionadded:: 3
 
+.. option:: --ignore-lockout-failure-attempts
+
+    Opt into ignoring the number of times a user has authenticated and
+    locking out the user as a result
+
+.. option:: --no-ignore-lockout-failure-attempts
+
+    Opt out of ignoring the number of times a user has authenticated
+    and locking out the user as a result
+
+.. option:: --ignore-change-password-upon-first-use
+
+    Control if a user should be forced to change their password immediately
+    after they log into keystone for the first time. Opt into ignoring
+    the user to change their password during first time login in keystone.
+
+.. option:: --no-ignore-change-password-upon-first-use
+
+    Control if a user should be forced to change their password immediately
+    after they log into keystone for the first time. Opt out of ignoring
+    the user to change their password during first time login in keystone.
+
+.. option:: --ignore-password-expiry
+
+    Opt into allowing user to continue using passwords that may be
+    expired
+
+.. option:: --no-ignore-password-expiry
+
+    Opt out of allowing user to continue using passwords that may be
+    expired
+
+.. option:: --enable-lock-password
+
+    Disables the ability for a user to change its password through
+    self-service APIs
+
+.. option:: --disable-lock-password
+
+    Enables the ability for a user to change its password through
+    self-service APIs
+
+.. option:: --enable-multi-factor-auth
+
+    Enables the MFA (Multi Factor Auth)
+
+.. option:: --disable-multi-factor-auth
+
+    Disables the MFA (Multi Factor Auth)
+
+.. option:: --multi-factor-auth-rule <rule>
+
+    Set multi-factor auth rules. For example, to set a rule requiring the
+    "password" and "totp" auth methods to be provided,
+    use: "--multi-factor-auth-rule password,totp".
+    May be provided multiple times to set different rule combinations.
+
 .. option:: --enable
 
     Enable user (default)