From 05da145eaee329e299b449ba2d7ea88d1325e432 Mon Sep 17 00:00:00 2001 From: Vishakha Agarwal Date: Thu, 5 Dec 2019 16:48:16 +0530 Subject: Adding options to user cli User options [1] can be set by making POST and PATCH request for /v3/users API calls but cannot by openstack CLI because of no user options defined in create and update user CLI [2]. This patch adds the user options [1] in create user and update user CLI. [1] https://docs.openstack.org/keystone/latest/admin/resource-options.html#multi-factor-auth-rules [2] https://docs.openstack.org/api-ref/identity/v3/#create-user Change-Id: I4e41bae2e8cfbe92d52b14d856991bedcd44164f --- doc/source/cli/command-objects/user.rst | 126 ++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+) (limited to 'doc/source/cli/command-objects/user.rst') diff --git a/doc/source/cli/command-objects/user.rst b/doc/source/cli/command-objects/user.rst index 632d0e25..d0fc3f87 100644 --- a/doc/source/cli/command-objects/user.rst +++ b/doc/source/cli/command-objects/user.rst @@ -19,6 +19,12 @@ Create new user [--password-prompt] [--email ] [--description ] + [--multi-factor-auth-rule ] + [--ignore-lockout-failure-attempts| --no-ignore-lockout-failure-attempts] + [--ignore-password-expiry| --no-ignore-password-expiry] + [--ignore-change-password-upon-first-use| --no-ignore-change-password-upon-first-use] + [--enable-lock-password| --disable-lock-password] + [--enable-multi-factor-auth| --disable-multi-factor-auth] [--enable | --disable] [--or-show] @@ -56,6 +62,63 @@ Create new user .. versionadded:: 3 +.. option:: --ignore-lockout-failure-attempts + + Opt into ignoring the number of times a user has authenticated and + locking out the user as a result + +.. option:: --no-ignore-lockout-failure-attempts + + Opt out of ignoring the number of times a user has authenticated + and locking out the user as a result + +.. option:: --ignore-change-password-upon-first-use + + Control if a user should be forced to change their password immediately + after they log into keystone for the first time. Opt into ignoring + the user to change their password during first time login in keystone. + +.. option:: --no-ignore-change-password-upon-first-use + + Control if a user should be forced to change their password immediately + after they log into keystone for the first time. Opt out of ignoring + the user to change their password during first time login in keystone. + +.. option:: --ignore-password-expiry + + Opt into allowing user to continue using passwords that may be + expired + +.. option:: --no-ignore-password-expiry + + Opt out of allowing user to continue using passwords that may be + expired + +.. option:: --enable-lock-password + + Disables the ability for a user to change its password through + self-service APIs + +.. option:: --disable-lock-password + + Enables the ability for a user to change its password through + self-service APIs + +.. option:: --enable-multi-factor-auth + + Enables the MFA (Multi Factor Auth) + +.. option:: --disable-multi-factor-auth + + Disables the MFA (Multi Factor Auth) + +.. option:: --multi-factor-auth-rule + + Set multi-factor auth rules. For example, to set a rule requiring the + "password" and "totp" auth methods to be provided, + use: "--multi-factor-auth-rule password,totp". + May be provided multiple times to set different rule combinations. + .. option:: --enable Enable user (default) @@ -146,6 +209,12 @@ Set user properties [--password-prompt] [--email ] [--description ] + [--multi-factor-auth-rule ] + [--ignore-lockout-failure-attempts| --no-ignore-lockout-failure-attempts] + [--ignore-password-expiry| --no-ignore-password-expiry] + [--ignore-change-password-upon-first-use| --no-ignore-change-password-upon-first-use] + [--enable-lock-password| --disable-lock-password] + [--enable-multi-factor-auth| --disable-multi-factor-auth] [--enable|--disable] @@ -187,6 +256,63 @@ Set user properties .. versionadded:: 3 +.. option:: --ignore-lockout-failure-attempts + + Opt into ignoring the number of times a user has authenticated and + locking out the user as a result + +.. option:: --no-ignore-lockout-failure-attempts + + Opt out of ignoring the number of times a user has authenticated + and locking out the user as a result + +.. option:: --ignore-change-password-upon-first-use + + Control if a user should be forced to change their password immediately + after they log into keystone for the first time. Opt into ignoring + the user to change their password during first time login in keystone. + +.. option:: --no-ignore-change-password-upon-first-use + + Control if a user should be forced to change their password immediately + after they log into keystone for the first time. Opt out of ignoring + the user to change their password during first time login in keystone. + +.. option:: --ignore-password-expiry + + Opt into allowing user to continue using passwords that may be + expired + +.. option:: --no-ignore-password-expiry + + Opt out of allowing user to continue using passwords that may be + expired + +.. option:: --enable-lock-password + + Disables the ability for a user to change its password through + self-service APIs + +.. option:: --disable-lock-password + + Enables the ability for a user to change its password through + self-service APIs + +.. option:: --enable-multi-factor-auth + + Enables the MFA (Multi Factor Auth) + +.. option:: --disable-multi-factor-auth + + Disables the MFA (Multi Factor Auth) + +.. option:: --multi-factor-auth-rule + + Set multi-factor auth rules. For example, to set a rule requiring the + "password" and "totp" auth methods to be provided, + use: "--multi-factor-auth-rule password,totp". + May be provided multiple times to set different rule combinations. + .. option:: --enable Enable user (default) -- cgit v1.2.1