Comment 6 for bug 1871784

Thanks for the example, that clarifies the problem for me. The password_expires_at field is also visible when you do a 'openstack user show', and I can see how that would be confusing if you've set ignore_password_expiry for the user.

The resource option ignore_password_expiry only applies to how authentication is handled. It cannot and should not change the data associated with the user, whether that's directly in the database or in the presentation when the user is queried in the API. If adding the resource option caused the expiry field to appear as null, reversing it would be dangerous and could cause the user to be locked out.

I think this could be resolved by adding documentation in the resource options page and the API reference to clarify this confusing behavior. I will update the bug description to note that this is a documentation bug.