Added opportunity to set extra user options.
Change-Id: I191eca8806f92c84896e776ddc8b9263f00947ae
Related-PROD: PROD-28027
diff --git a/README.rst b/README.rst
index 7f7fbe7..b4fe47b 100644
--- a/README.rst
+++ b/README.rst
@@ -920,6 +920,60 @@
password_regex_description: 'Your password must contains at least 1 letter, 1 digit, and have a minimum length of 7 characters'
change_password_upon_first_use: true
+
+Define extra user options.
+-------------------------
+
+ To ignore `change_password_upon_first_use` requirement for specific users,
+such as service users, set the `options` attribute `ignore_change_password_upon_first_use`
+to `True` for the desired user via the update user API.
+
+ To ignore `password_expires_days` requirement for specific users,
+such as service users, set the `options` attribute `ignore_password_expiry`
+to `True` for the desired user via the update user API.
+
+ To ignore `lockout_failure_attempts` requirement for specific users,
+such as service users, set the `options` attribute `ignore_lockout_failure_attempts`
+to `True` for the desired user via the update user API.
+
+ Also If there exists a user who should not be able to change her own password via
+the keystone password change API, keystone supports setting that user’s option `lock_password`
+to True via the user update API.
+
+#For release since Q
+.. code-block:: yaml
+
+keystone:
+ client:
+ resources:
+ v3:
+ users:
+ cinder:
+ options:
+ ignore_change_password_upon_first_use: True
+ ignore_password_expiry: False
+ ignore_lockout_failure_attempts: False
+ lock_password: True
+.. code-block::
+
+#For all early releases
+.. code-block:: yaml
+
+keystone:
+ client:
+ server:
+ identity:
+ project:
+ service:
+ user:
+ cinder:
+ options:
+ ignore_change_password_upon_first_use: True
+ ignore_password_expiry: False
+ ignore_lockout_failure_attempts: False
+ lock_password: True
+.. code-block::
+
Upgrades
========