I wasn't able to recreate this, but I did notice a weird usability issue. Options require that you updated the user options dictionary [0]. Otherwise it will store the option in extras and get relayed in the client, which looks correct but isn't [1].
Sam, do you think it was something with how you updated your system time? Marking this as invalid based on comment #2 and this comment. I think the functionality is working as expected, it just has some warts given the overlap with `extras`. [0] http://paste.openstack.org/show/614127/ [1] http://paste.openstack.org/show/614126/ because of http://paste.openstack.org/show/614120/ ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1688123 Title: ignore_password_expiry is not honored Status in OpenStack Identity (keystone): Invalid Bug description: ignore_password_expiry is set for admin user and is not working properly. With it set to true, the user should not be affected if their password has expired. keystone.conf: [cache] # Global toggle for caching. (boolean value) enabled = false [security_compliance] # Configuring password expiration password_expires_days = 1 (demo) samueldmq@workstation:~/workspace$ date -u Qua Mai 3 21:41:29 UTC 2017 (demo) samueldmq@workstation:~/workspace$ openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-03T21:41:53+0000 | | id | gAAAAABZCk6NvFEKGZuUxYrij80hLxFU3mw0s0qYR8N6ekNZ6vok-Cnto1pDZSSoJ7JJOwDRGUCzNjYCCyHmqx-kllUpcNFDpPU-eC72Ni5PEqlV9ZVFvVjkmnXLp6b2uplacYafyEFbFeHJAfEdOY8hQDgDCqO3zbaOx-FGs4XWDLbVMv5bz8c | | project_id | 2a642e78f42f43ce8458974e7c6aded4 | | user_id | 8cff3292355d4571a7cb7c5165c4cc73 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ (demo) samueldmq@workstation:~/workspace$ openstack user show 8cff3292355d4571a7cb7c5165c4cc73 +---------------------+--------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +---------------------+--------------------------------------------------------------------------------------------------------------------------+ | domain_id | default | | enabled | True | | id | 8cff3292355d4571a7cb7c5165c4cc73 | | name | admin | | options | {'ignore_lockout_failure_attempts': True, 'ignore_password_expiry': True, 'ignore_change_password_upon_first_use': True} | | password_expires_at | 2017-05-04T21:04:24.000000 | +---------------------+--------------------------------------------------------------------------------------------------------------------------+ (demo) samueldmq@workstation:~/workspace$ date -u Qua Mai 3 21:41:44 UTC 2017 [[ Manually updated system date +1d ]] (demo) samueldmq@workstation:~/workspace$ date -u Qui Mai 4 21:41:55 UTC 2017 (demo) samueldmq@workstation:~/workspace$ openstack token issue The password is expired and needs to be changed for user: 8cff3292355d4571a7cb7c5165c4cc73. (HTTP 401) (Request-ID: req-278ccb52-582e-426d-a58d-5ba3a297eeaf) Environment: - Ubuntu 14.04 LTS - Using virtualenv-15.0.1 with Python 3.5 - keystone master version - python-openstackclient master version To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1688123/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
