feat(commands): add access-control check-policy command (#2871)

This adds an access-control command that checks the policy enforcement for a given criteria using a configuration file and refactors the configuration validation command to include all configuration sources.
author: James Elliott <james-d-elliott@users.noreply.github.com> 2022-02-28 14:15:01 +1100
committer: GitHub <noreply@github.com> 2022-02-28 14:15:01 +1100
commit: 3c81e75d7904866029ad68e325ab19e6593d4826 (patch)
tree: 0c5501014f32a08ef06d6ee3af46c292b5bc510f /internal/configuration/validator/authentication_test.go
parent: d87a56fa1a529652acbdf042054e39cb568b18ed (diff)
1 files changed, 196 insertions, 202 deletions
diff --git a/internal/configuration/validator/authentication_test.go b/internal/configuration/validator/authentication_test.go
index aadc71659..c1d1aa2a0 100644
--- a/internal/configuration/validator/authentication_test.go
+++ b/internal/configuration/validator/authentication_test.go
@@ -23,7 +23,7 @@ func TestShouldRaiseErrorWhenBothBackendsProvided(t *testing.T) {
 	ValidateAuthenticationBackend(&backendConfig, validator)
 
 	require.Len(t, validator.Errors(), 1)
-	assert.EqualError(t, validator.Errors()[0], "You cannot provide both `ldap` and `file` objects in `authentication_backend`")
+	assert.EqualError(t, validator.Errors()[0], "authentication_backend: please ensure only one of the 'file' or 'ldap' backend is configured")
 }
 
 func TestShouldRaiseErrorWhenNoBackendProvided(t *testing.T) {
@@ -33,19 +33,19 @@ func TestShouldRaiseErrorWhenNoBackendProvided(t *testing.T) {
 	ValidateAuthenticationBackend(&backendConfig, validator)
 
 	require.Len(t, validator.Errors(), 1)
-	assert.EqualError(t, validator.Errors()[0], "Please provide `ldap` or `file` object in `authentication_backend`")
+	assert.EqualError(t, validator.Errors()[0], "authentication_backend: you must ensure either the 'file' or 'ldap' authentication backend is configured")
 }
 
 type FileBasedAuthenticationBackend struct {
 	suite.Suite
-	configuration schema.AuthenticationBackendConfiguration
-	validator     *schema.StructValidator
+	config    schema.AuthenticationBackendConfiguration
+	validator *schema.StructValidator
 }
 
 func (suite *FileBasedAuthenticationBackend) SetupTest() {
 	suite.validator = schema.NewStructValidator()
-	suite.configuration = schema.AuthenticationBackendConfiguration{}
-	suite.configuration.File = &schema.FileAuthenticationBackendConfiguration{Path: "/a/path", Password: &schema.PasswordConfiguration{
+	suite.config = schema.AuthenticationBackendConfiguration{}
+	suite.config.File = &schema.FileAuthenticationBackendConfiguration{Path: "/a/path", Password: &schema.PasswordConfiguration{
 		Algorithm:   schema.DefaultPasswordConfiguration.Algorithm,
 		Iterations:  schema.DefaultPasswordConfiguration.Iterations,
 		Parallelism: schema.DefaultPasswordConfiguration.Parallelism,
@@ -53,150 +53,150 @@ func (suite *FileBasedAuthenticationBackend) SetupTest() {
 		KeyLength:   schema.DefaultPasswordConfiguration.KeyLength,
 		SaltLength:  schema.DefaultPasswordConfiguration.SaltLength,
 	}}
-	suite.configuration.File.Password.Algorithm = schema.DefaultPasswordConfiguration.Algorithm
+	suite.config.File.Password.Algorithm = schema.DefaultPasswordConfiguration.Algorithm
 }
 func (suite *FileBasedAuthenticationBackend) TestShouldValidateCompleteConfiguration() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenNoPathProvided() {
-	suite.configuration.File.Path = ""
+	suite.config.File.Path = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a `path` for the users database in `authentication_backend`")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: option 'path' is required")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenMemoryNotMoreThanEightTimesParallelism() {
-	suite.configuration.File.Password.Memory = 8
-	suite.configuration.File.Password.Parallelism = 2
+	suite.config.File.Password.Memory = 8
+	suite.config.File.Password.Parallelism = 2
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Memory for argon2id must be 16 or more (parallelism * 8), you configured memory as 8 and parallelism as 2")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: password: option 'memory' must at least be parallelism multiplied by 8 when using algorithm 'argon2id' with parallelism 2 it should be at least 16 but it is configured as '8'")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldSetDefaultConfigurationWhenBlank() {
-	suite.configuration.File.Password = &schema.PasswordConfiguration{}
+	suite.config.File.Password = &schema.PasswordConfiguration{}
 
-	suite.Assert().Equal(0, suite.configuration.File.Password.KeyLength)
-	suite.Assert().Equal(0, suite.configuration.File.Password.Iterations)
-	suite.Assert().Equal(0, suite.configuration.File.Password.SaltLength)
-	suite.Assert().Equal("", suite.configuration.File.Password.Algorithm)
-	suite.Assert().Equal(0, suite.configuration.File.Password.Memory)
-	suite.Assert().Equal(0, suite.configuration.File.Password.Parallelism)
+	suite.Assert().Equal(0, suite.config.File.Password.KeyLength)
+	suite.Assert().Equal(0, suite.config.File.Password.Iterations)
+	suite.Assert().Equal(0, suite.config.File.Password.SaltLength)
+	suite.Assert().Equal("", suite.config.File.Password.Algorithm)
+	suite.Assert().Equal(0, suite.config.File.Password.Memory)
+	suite.Assert().Equal(0, suite.config.File.Password.Parallelism)
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().Len(suite.validator.Errors(), 0)
 
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.KeyLength, suite.configuration.File.Password.KeyLength)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Iterations, suite.configuration.File.Password.Iterations)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.SaltLength, suite.configuration.File.Password.SaltLength)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Algorithm, suite.configuration.File.Password.Algorithm)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Memory, suite.configuration.File.Password.Memory)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Parallelism, suite.configuration.File.Password.Parallelism)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.KeyLength, suite.config.File.Password.KeyLength)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Iterations, suite.config.File.Password.Iterations)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.SaltLength, suite.config.File.Password.SaltLength)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Algorithm, suite.config.File.Password.Algorithm)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Memory, suite.config.File.Password.Memory)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Parallelism, suite.config.File.Password.Parallelism)
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldSetDefaultConfigurationWhenOnlySHA512Set() {
-	suite.configuration.File.Password = &schema.PasswordConfiguration{}
-	suite.Assert().Equal("", suite.configuration.File.Password.Algorithm)
-	suite.configuration.File.Password.Algorithm = "sha512"
+	suite.config.File.Password = &schema.PasswordConfiguration{}
+	suite.Assert().Equal("", suite.config.File.Password.Algorithm)
+	suite.config.File.Password.Algorithm = "sha512"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().Len(suite.validator.Errors(), 0)
 
-	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.KeyLength, suite.configuration.File.Password.KeyLength)
-	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Iterations, suite.configuration.File.Password.Iterations)
-	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.SaltLength, suite.configuration.File.Password.SaltLength)
-	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Algorithm, suite.configuration.File.Password.Algorithm)
-	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Memory, suite.configuration.File.Password.Memory)
-	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Parallelism, suite.configuration.File.Password.Parallelism)
+	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.KeyLength, suite.config.File.Password.KeyLength)
+	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Iterations, suite.config.File.Password.Iterations)
+	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.SaltLength, suite.config.File.Password.SaltLength)
+	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Algorithm, suite.config.File.Password.Algorithm)
+	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Memory, suite.config.File.Password.Memory)
+	suite.Assert().Equal(schema.DefaultPasswordSHA512Configuration.Parallelism, suite.config.File.Password.Parallelism)
 }
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenKeyLengthTooLow() {
-	suite.configuration.File.Password.KeyLength = 1
+	suite.config.File.Password.KeyLength = 1
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Key length for argon2id must be 16, you configured 1")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: password: option 'key_length' must be 16 or more when using algorithm 'argon2id' but it is configured as '1'")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenSaltLengthTooLow() {
-	suite.configuration.File.Password.SaltLength = -1
+	suite.config.File.Password.SaltLength = -1
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "The salt length must be 2 or more, you configured -1")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: password: option 'salt_length' must be 2 or more but it is configured a '-1'")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenBadAlgorithmDefined() {
-	suite.configuration.File.Password.Algorithm = "bogus"
+	suite.config.File.Password.Algorithm = "bogus"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Unknown hashing algorithm supplied, valid values are argon2id and sha512, you configured 'bogus'")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: password: option 'algorithm' must be either 'argon2id' or 'sha512' but it is configured as 'bogus'")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenIterationsTooLow() {
-	suite.configuration.File.Password.Iterations = -1
+	suite.config.File.Password.Iterations = -1
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "The number of iterations specified is invalid, must be 1 or more, you configured -1")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: password: option 'iterations' must be 1 or more but it is configured as '-1'")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldRaiseErrorWhenParallelismTooLow() {
-	suite.configuration.File.Password.Parallelism = -1
+	suite.config.File.Password.Parallelism = -1
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Parallelism for argon2id must be 1 or more, you configured -1")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: file: password: option 'parallelism' must be 1 or more when using algorithm 'argon2id' but it is configured as '-1'")
 }
 
 func (suite *FileBasedAuthenticationBackend) TestShouldSetDefaultValues() {
-	suite.configuration.File.Password.Algorithm = ""
-	suite.configuration.File.Password.Iterations = 0
-	suite.configuration.File.Password.SaltLength = 0
-	suite.configuration.File.Password.Memory = 0
-	suite.configuration.File.Password.Parallelism = 0
+	suite.config.File.Password.Algorithm = ""
+	suite.config.File.Password.Iterations = 0
+	suite.config.File.Password.SaltLength = 0
+	suite.config.File.Password.Memory = 0
+	suite.config.File.Password.Parallelism = 0
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Algorithm, suite.configuration.File.Password.Algorithm)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Iterations, suite.configuration.File.Password.Iterations)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.SaltLength, suite.configuration.File.Password.SaltLength)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Memory, suite.configuration.File.Password.Memory)
-	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Parallelism, suite.configuration.File.Password.Parallelism)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Algorithm, suite.config.File.Password.Algorithm)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Iterations, suite.config.File.Password.Iterations)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.SaltLength, suite.config.File.Password.SaltLength)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Memory, suite.config.File.Password.Memory)
+	suite.Assert().Equal(schema.DefaultPasswordConfiguration.Parallelism, suite.config.File.Password.Parallelism)
 }
 
 func TestFileBasedAuthenticationBackend(t *testing.T) {
@@ -205,289 +205,265 @@ func TestFileBasedAuthenticationBackend(t *testing.T) {
 
 type LDAPAuthenticationBackendSuite struct {
 	suite.Suite
-	configuration schema.AuthenticationBackendConfiguration
-	validator     *schema.StructValidator
+	config    schema.AuthenticationBackendConfiguration
+	validator *schema.StructValidator
 }
 
 func (suite *LDAPAuthenticationBackendSuite) SetupTest() {
 	suite.validator = schema.NewStructValidator()
-	suite.configuration = schema.AuthenticationBackendConfiguration{}
-	suite.configuration.LDAP = &schema.LDAPAuthenticationBackendConfiguration{}
-	suite.configuration.LDAP.Implementation = schema.LDAPImplementationCustom
-	suite.configuration.LDAP.URL = testLDAPURL
-	suite.configuration.LDAP.User = testLDAPUser
-	suite.configuration.LDAP.Password = testLDAPPassword
-	suite.configuration.LDAP.BaseDN = testLDAPBaseDN
-	suite.configuration.LDAP.UsernameAttribute = "uid"
-	suite.configuration.LDAP.UsersFilter = "({username_attribute}={input})"
-	suite.configuration.LDAP.GroupsFilter = "(cn={input})"
+	suite.config = schema.AuthenticationBackendConfiguration{}
+	suite.config.LDAP = &schema.LDAPAuthenticationBackendConfiguration{}
+	suite.config.LDAP.Implementation = schema.LDAPImplementationCustom
+	suite.config.LDAP.URL = testLDAPURL
+	suite.config.LDAP.User = testLDAPUser
+	suite.config.LDAP.Password = testLDAPPassword
+	suite.config.LDAP.BaseDN = testLDAPBaseDN
+	suite.config.LDAP.UsernameAttribute = "uid"
+	suite.config.LDAP.UsersFilter = "({username_attribute}={input})"
+	suite.config.LDAP.GroupsFilter = "(cn={input})"
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldValidateCompleteConfiguration() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldValidateDefaultImplementationAndUsernameAttribute() {
-	suite.configuration.LDAP.Implementation = ""
-	suite.configuration.LDAP.UsernameAttribute = ""
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	suite.config.LDAP.Implementation = ""
+	suite.config.LDAP.UsernameAttribute = ""
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
-	suite.Assert().Equal(schema.LDAPImplementationCustom, suite.configuration.LDAP.Implementation)
+	suite.Assert().Equal(schema.LDAPImplementationCustom, suite.config.LDAP.Implementation)
 
-	suite.Assert().Equal(suite.configuration.LDAP.UsernameAttribute, schema.DefaultLDAPAuthenticationBackendConfiguration.UsernameAttribute)
+	suite.Assert().Equal(suite.config.LDAP.UsernameAttribute, schema.DefaultLDAPAuthenticationBackendConfiguration.UsernameAttribute)
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseErrorWhenImplementationIsInvalidMSAD() {
-	suite.configuration.LDAP.Implementation = "masd"
+	suite.config.LDAP.Implementation = "masd"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication backend ldap implementation must be blank or one of the following values `custom`, `activedirectory`")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'implementation' is configured as 'masd' but must be one of the following values: 'custom', 'activedirectory'")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseErrorWhenURLNotProvided() {
-	suite.configuration.LDAP.URL = ""
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	suite.config.LDAP.URL = ""
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a URL to the LDAP server")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'url' is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseErrorWhenUserNotProvided() {
-	suite.configuration.LDAP.User = ""
+	suite.config.LDAP.User = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a user name to connect to the LDAP server")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'user' is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseErrorWhenPasswordNotProvided() {
-	suite.configuration.LDAP.Password = ""
+	suite.config.LDAP.Password = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a password to connect to the LDAP server")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'password' is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseErrorWhenBaseDNNotProvided() {
-	suite.configuration.LDAP.BaseDN = ""
+	suite.config.LDAP.BaseDN = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a base DN to connect to the LDAP server")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'base_dn' is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseOnEmptyGroupsFilter() {
-	suite.configuration.LDAP.GroupsFilter = ""
+	suite.config.LDAP.GroupsFilter = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a groups filter with `groups_filter` attribute")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'groups_filter' is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseOnEmptyUsersFilter() {
-	suite.configuration.LDAP.UsersFilter = ""
+	suite.config.LDAP.UsersFilter = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Please provide a users filter with `users_filter` attribute")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'users_filter' is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldNotRaiseOnEmptyUsernameAttribute() {
-	suite.configuration.LDAP.UsernameAttribute = ""
+	suite.config.LDAP.UsernameAttribute = ""
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseOnBadRefreshInterval() {
-	suite.configuration.RefreshInterval = "blah"
+	suite.config.RefreshInterval = "blah"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Auth Backend `refresh_interval` is configured to 'blah' but it must be either a duration notation or one of 'disable', or 'always'. Error from parser: could not convert the input string of blah into a duration")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: option 'refresh_interval' is configured to 'blah' but it must be either a duration notation or one of 'disable', or 'always': could not parse 'blah' as a duration")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultImplementation() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal(schema.LDAPImplementationCustom, suite.configuration.LDAP.Implementation)
+	suite.Assert().Equal(schema.LDAPImplementationCustom, suite.config.LDAP.Implementation)
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseErrorOnBadFilterPlaceholders() {
-	suite.configuration.LDAP.UsersFilter = "(&({username_attribute}={0})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
-	suite.configuration.LDAP.GroupsFilter = "(&(member={0})(objectClass=group)(objectCategory=group))"
+	suite.config.LDAP.UsersFilter = "(&({username_attribute}={0})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
+	suite.config.LDAP.GroupsFilter = "(&({username_attribute}={1})(member={0})(objectClass=group)(objectCategory=group))"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().True(suite.validator.HasErrors())
 
-	suite.Require().Len(suite.validator.Errors(), 2)
-	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication backend ldap users filter must "+
-		"not contain removed placeholders, {0} has been replaced with {input}")
-	suite.Assert().EqualError(suite.validator.Errors()[1], "authentication backend ldap groups filter must "+
-		"not contain removed placeholders, "+
-		"{0} has been replaced with {input} and {1} has been replaced with {username}")
+	suite.Require().Len(suite.validator.Errors(), 4)
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'users_filter' has an invalid placeholder: '{0}' has been removed, please use '{input}' instead")
+	suite.Assert().EqualError(suite.validator.Errors()[1], "authentication_backend: ldap: option 'groups_filter' has an invalid placeholder: '{0}' has been removed, please use '{input}' instead")
+	suite.Assert().EqualError(suite.validator.Errors()[2], "authentication_backend: ldap: option 'groups_filter' has an invalid placeholder: '{1}' has been removed, please use '{username}' instead")
+	suite.Assert().EqualError(suite.validator.Errors()[3], "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{input}' but it is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultGroupNameAttribute() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal("cn", suite.configuration.LDAP.GroupNameAttribute)
+	suite.Assert().Equal("cn", suite.config.LDAP.GroupNameAttribute)
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultMailAttribute() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal("mail", suite.configuration.LDAP.MailAttribute)
+	suite.Assert().Equal("mail", suite.config.LDAP.MailAttribute)
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultDisplayNameAttribute() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal("displayName", suite.configuration.LDAP.DisplayNameAttribute)
+	suite.Assert().Equal("displayName", suite.config.LDAP.DisplayNameAttribute)
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultRefreshInterval() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal("5m", suite.configuration.RefreshInterval)
+	suite.Assert().Equal("5m", suite.config.RefreshInterval)
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseWhenUsersFilterDoesNotContainEnclosingParenthesis() {
-	suite.configuration.LDAP.UsersFilter = "{username_attribute}={input}"
+	suite.config.LDAP.UsersFilter = "{username_attribute}={input}"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "The users filter should contain enclosing parenthesis. For instance {username_attribute}={input} should be ({username_attribute}={input})")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'users_filter' must contain enclosing parenthesis: '{username_attribute}={input}' should probably be '({username_attribute}={input})'")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseWhenGroupsFilterDoesNotContainEnclosingParenthesis() {
-	suite.configuration.LDAP.GroupsFilter = "cn={input}"
+	suite.config.LDAP.GroupsFilter = "cn={input}"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "The groups filter should contain enclosing parenthesis. For instance cn={input} should be (cn={input})")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'groups_filter' must contain enclosing parenthesis: 'cn={input}' should probably be '(cn={input})'")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldRaiseWhenUsersFilterDoesNotContainUsernameAttribute() {
-	suite.configuration.LDAP.UsersFilter = "(&({mail_attribute}={input})(objectClass=person))"
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	suite.config.LDAP.UsersFilter = "(&({mail_attribute}={input})(objectClass=person))"
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Unable to detect {username_attribute} placeholder in users_filter, your configuration is broken. Please review configuration options listed at https://www.authelia.com/docs/configuration/authentication/ldap.html")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{username_attribute}' but it is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldHelpDetectNoInputPlaceholder() {
-	suite.configuration.LDAP.UsersFilter = "(&({username_attribute}={mail_attribute})(objectClass=person))"
+	suite.config.LDAP.UsersFilter = "(&({username_attribute}={mail_attribute})(objectClass=person))"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Unable to detect {input} placeholder in users_filter, your configuration might be broken. Please review configuration options listed at https://www.authelia.com/docs/configuration/authentication/ldap.html")
-}
-
-func (suite *LDAPAuthenticationBackendSuite) TestShouldAdaptLDAPURL() {
-	suite.Assert().Equal("", validateLDAPURLSimple(loopback, suite.validator))
-
-	suite.Assert().False(suite.validator.HasWarnings())
-	suite.Require().Len(suite.validator.Errors(), 1)
-
-	suite.Assert().EqualError(suite.validator.Errors()[0], "Unknown scheme for ldap url, should be ldap:// or ldaps://")
-
-	suite.Assert().Equal("", validateLDAPURLSimple("127.0.0.1:636", suite.validator))
-
-	suite.Assert().False(suite.validator.HasWarnings())
-	suite.Require().Len(suite.validator.Errors(), 2)
-	suite.Assert().EqualError(suite.validator.Errors()[1], "Unable to parse URL to ldap server. The scheme is probably missing: ldap:// or ldaps://")
-
-	suite.Assert().Equal("ldap://127.0.0.1", validateLDAPURLSimple("ldap://127.0.0.1", suite.validator))
-	suite.Assert().Equal("ldap://127.0.0.1:390", validateLDAPURLSimple("ldap://127.0.0.1:390", suite.validator))
-	suite.Assert().Equal("ldap://127.0.0.1/abc", validateLDAPURLSimple("ldap://127.0.0.1/abc", suite.validator))
-	suite.Assert().Equal("ldap://127.0.0.1/abc?test=abc&x=y", validateLDAPURLSimple("ldap://127.0.0.1/abc?test=abc&x=y", suite.validator))
-
-	suite.Assert().Equal("ldaps://127.0.0.1:390", validateLDAPURLSimple("ldaps://127.0.0.1:390", suite.validator))
-	suite.Assert().Equal("ldaps://127.0.0.1", validateLDAPURLSimple("ldaps://127.0.0.1", suite.validator))
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'users_filter' must contain the placeholder '{input}' but it is required")
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldSetDefaultTLSMinimumVersion() {
-	suite.configuration.LDAP.TLS = &schema.TLSConfig{MinimumVersion: ""}
+	suite.config.LDAP.TLS = &schema.TLSConfig{MinimumVersion: ""}
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
-	suite.Assert().Equal(schema.DefaultLDAPAuthenticationBackendConfiguration.TLS.MinimumVersion, suite.configuration.LDAP.TLS.MinimumVersion)
+	suite.Assert().Equal(schema.DefaultLDAPAuthenticationBackendConfiguration.TLS.MinimumVersion, suite.config.LDAP.TLS.MinimumVersion)
 }
 
 func (suite *LDAPAuthenticationBackendSuite) TestShouldNotAllowInvalidTLSValue() {
-	suite.configuration.LDAP.TLS = &schema.TLSConfig{
+	suite.config.LDAP.TLS = &schema.TLSConfig{
 		MinimumVersion: "SSL2.0",
 	}
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Require().Len(suite.validator.Errors(), 1)
 
-	suite.Assert().EqualError(suite.validator.Errors()[0], "error occurred validating the LDAP minimum_tls_version key with value SSL2.0: supplied TLS version isn't supported")
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: tls: option 'minimum_tls_version' is invalid: SSL2.0: supplied tls version isn't supported")
 }
 
 func TestLdapAuthenticationBackend(t *testing.T) {
@@ -496,83 +472,101 @@ func TestLdapAuthenticationBackend(t *testing.T) {
 
 type ActiveDirectoryAuthenticationBackendSuite struct {
 	suite.Suite
-	configuration schema.AuthenticationBackendConfiguration
-	validator     *schema.StructValidator
+	config    schema.AuthenticationBackendConfiguration
+	validator *schema.StructValidator
 }
 
 func (suite *ActiveDirectoryAuthenticationBackendSuite) SetupTest() {
 	suite.validator = schema.NewStructValidator()
-	suite.configuration = schema.AuthenticationBackendConfiguration{}
-	suite.configuration.LDAP = &schema.LDAPAuthenticationBackendConfiguration{}
-	suite.configuration.LDAP.Implementation = schema.LDAPImplementationActiveDirectory
-	suite.configuration.LDAP.URL = testLDAPURL
-	suite.configuration.LDAP.User = testLDAPUser
-	suite.configuration.LDAP.Password = testLDAPPassword
-	suite.configuration.LDAP.BaseDN = testLDAPBaseDN
-	suite.configuration.LDAP.TLS = schema.DefaultLDAPAuthenticationBackendConfiguration.TLS
+	suite.config = schema.AuthenticationBackendConfiguration{}
+	suite.config.LDAP = &schema.LDAPAuthenticationBackendConfiguration{}
+	suite.config.LDAP.Implementation = schema.LDAPImplementationActiveDirectory
+	suite.config.LDAP.URL = testLDAPURL
+	suite.config.LDAP.User = testLDAPUser
+	suite.config.LDAP.Password = testLDAPPassword
+	suite.config.LDAP.BaseDN = testLDAPBaseDN
+	suite.config.LDAP.TLS = schema.DefaultLDAPAuthenticationBackendConfiguration.TLS
 }
 
 func (suite *ActiveDirectoryAuthenticationBackendSuite) TestShouldSetActiveDirectoryDefaults() {
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().False(suite.validator.HasWarnings())
 	suite.Assert().False(suite.validator.HasErrors())
 
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendConfiguration.Timeout,
-		suite.configuration.LDAP.Timeout)
+		suite.config.LDAP.Timeout)
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsersFilter,
-		suite.configuration.LDAP.UsersFilter)
+		suite.config.LDAP.UsersFilter)
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsernameAttribute,
-		suite.configuration.LDAP.UsernameAttribute)
+		suite.config.LDAP.UsernameAttribute)
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.DisplayNameAttribute,
-		suite.configuration.LDAP.DisplayNameAttribute)
+		suite.config.LDAP.DisplayNameAttribute)
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.MailAttribute,
-		suite.configuration.LDAP.MailAttribute)
+		suite.config.LDAP.MailAttribute)
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupsFilter,
-		suite.configuration.LDAP.GroupsFilter)
+		suite.config.LDAP.GroupsFilter)
 	suite.Assert().Equal(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupNameAttribute,
-		suite.configuration.LDAP.GroupNameAttribute)
+		suite.config.LDAP.GroupNameAttribute)
 }
 
 func (suite *ActiveDirectoryAuthenticationBackendSuite) TestShouldOnlySetDefaultsIfNotManuallyConfigured() {
-	suite.configuration.LDAP.Timeout = time.Second * 2
-	suite.configuration.LDAP.UsersFilter = "(&({username_attribute}={input})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
-	suite.configuration.LDAP.UsernameAttribute = "cn"
-	suite.configuration.LDAP.MailAttribute = "userPrincipalName"
-	suite.configuration.LDAP.DisplayNameAttribute = "name"
-	suite.configuration.LDAP.GroupsFilter = "(&(member={dn})(objectClass=group)(objectCategory=group))"
-	suite.configuration.LDAP.GroupNameAttribute = "distinguishedName"
+	suite.config.LDAP.Timeout = time.Second * 2
+	suite.config.LDAP.UsersFilter = "(&({username_attribute}={input})(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
+	suite.config.LDAP.UsernameAttribute = "cn"
+	suite.config.LDAP.MailAttribute = "userPrincipalName"
+	suite.config.LDAP.DisplayNameAttribute = "name"
+	suite.config.LDAP.GroupsFilter = "(&(member={dn})(objectClass=group)(objectCategory=group))"
+	suite.config.LDAP.GroupNameAttribute = "distinguishedName"
 
-	ValidateAuthenticationBackend(&suite.configuration, suite.validator)
+	ValidateAuthenticationBackend(&suite.config, suite.validator)
 
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendConfiguration.Timeout,
-		suite.configuration.LDAP.Timeout)
+		suite.config.LDAP.Timeout)
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsersFilter,
-		suite.configuration.LDAP.UsersFilter)
+		suite.config.LDAP.UsersFilter)
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.UsernameAttribute,
-		suite.configuration.LDAP.UsernameAttribute)
+		suite.config.LDAP.UsernameAttribute)
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.DisplayNameAttribute,
-		suite.configuration.LDAP.DisplayNameAttribute)
+		suite.config.LDAP.DisplayNameAttribute)
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.MailAttribute,
-		suite.configuration.LDAP.MailAttribute)
+		suite.config.LDAP.MailAttribute)
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupsFilter,
-		suite.configuration.LDAP.GroupsFilter)
+		suite.config.LDAP.GroupsFilter)
 	suite.Assert().NotEqual(
 		schema.DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration.GroupNameAttribute,
-		suite.configuration.LDAP.GroupNameAttribute)
+		suite.config.LDAP.GroupNameAttribute)
+}
+
+func (suite *ActiveDirectoryAuthenticationBackendSuite) TestShouldRaiseErrorOnInvalidURLWithHTTP() {
+	suite.config.LDAP.URL = "http://dc1:389"
+
+	validateLDAPAuthenticationBackendURL(suite.config.LDAP, suite.validator)
+
+	suite.Require().Len(suite.validator.Errors(), 1)
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'url' must have either the 'ldap' or 'ldaps' scheme but it is configured as 'http'")
+}
+
+func (suite *ActiveDirectoryAuthenticationBackendSuite) TestShouldRaiseErrorOnInvalidURLWithBadCharacters() {
+	suite.config.LDAP.URL = "ldap://dc1:abc"
+
+	validateLDAPAuthenticationBackendURL(suite.config.LDAP, suite.validator)
+
+	suite.Require().Len(suite.validator.Errors(), 1)
+	suite.Assert().EqualError(suite.validator.Errors()[0], "authentication_backend: ldap: option 'url' could not be parsed: parse \"ldap://dc1:abc\": invalid port \":abc\" after host")
 }
 
 func TestActiveDirectoryAuthenticationBackend(t *testing.T) {
author	James Elliott <james-d-elliott@users.noreply.github.com>	2022-02-28 14:15:01 +1100
committer	GitHub <noreply@github.com>	2022-02-28 14:15:01 +1100
commit	3c81e75d7904866029ad68e325ab19e6593d4826 (patch)
tree	0c5501014f32a08ef06d6ee3af46c292b5bc510f /internal/configuration/validator/authentication_test.go
parent	d87a56fa1a529652acbdf042054e39cb568b18ed (diff)