fix: auth provider indentation

charts/authelia/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: authelia
-version: 0.1.6
+version: 0.1.7
 kubeVersion: ">= 1.13.0"
 description: Authelia is a Single Sign-On Multi-Factor portal for web apps
 type: application

charts/authelia/values.local.yaml

@@ -444,134 +444,134 @@ configMap:
     ## Disable both the HTML element and the API for reset password functionality
     disable_reset_password: false
 
-  ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
-  ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
-  ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
-  ## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
-  ## See the below documentation for more information.
-  ## Duration Notation docs:  https://www.authelia.com/docs/configuration/index.html#duration-notation-format
-  ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
-  refresh_interval: 5m
-
-  ## LDAP backend configuration.
-  ##
-  ## This backend allows Authelia to be scaled to more
-  ## than one instance and therefore is recommended for
-  ## production.
-  ldap: {}
-  # ldap:
-    ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
-    ## Acceptable options are as follows:
-    ## - 'activedirectory' - For Microsoft Active Directory.
-    ## - 'custom' - For custom specifications of attributes and filters.
-    ## This currently defaults to 'custom' to maintain existing behaviour.
+    ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
+    ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
+    ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
+    ## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
+    ## See the below documentation for more information.
+    ## Duration Notation docs:  https://www.authelia.com/docs/configuration/index.html#duration-notation-format
+    ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
+    refresh_interval: 5m
+
+    ## LDAP backend configuration.
     ##
-    ## Depending on the option here certain other values in this section have a default value, notably all of the
-    ## attribute mappings have a default value that this config overrides, you can read more about these default values
-    ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
-    # implementation: custom
-
-    ## The url to the ldap server. Format: <scheme>://<address>[:<port>].
-    ## Scheme can be ldap or ldaps in the format (port optional).
-    # url: ldap://openldap.default.svc.cluster.local
-
-    ## Use StartTLS with the LDAP connection.
-    # start_tls: false
-
-    # tls:
-      ## Server Name for certificate validation (in case it's not set correctly in the URL).
-      # server_name: ldap.example.com
+    ## This backend allows Authelia to be scaled to more
+    ## than one instance and therefore is recommended for
+    ## production.
+    ldap: {}
+    # ldap:
+      ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
+      ## Acceptable options are as follows:
+      ## - 'activedirectory' - For Microsoft Active Directory.
+      ## - 'custom' - For custom specifications of attributes and filters.
+      ## This currently defaults to 'custom' to maintain existing behaviour.
+      ##
+      ## Depending on the option here certain other values in this section have a default value, notably all of the
+      ## attribute mappings have a default value that this config overrides, you can read more about these default values
+      ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
+      # implementation: custom
+
+      ## The url to the ldap server. Format: <scheme>://<address>[:<port>].
+      ## Scheme can be ldap or ldaps in the format (port optional).
+      # url: ldap://openldap.default.svc.cluster.local
+
+      ## Use StartTLS with the LDAP connection.
+      # start_tls: false
+
+      # tls:
+        ## Server Name for certificate validation (in case it's not set correctly in the URL).
+        # server_name: ldap.example.com
+
+        ## Skip verifying the server certificate (to allow a self-signed certificate).
+        # skip_verify: false
+
+        ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
+        # minimum_version: TLS1.2
+
+      ## The base dn for every LDAP query.
+      # base_dn: DC=example,DC=com
+
+      ## The attribute holding the username of the user. This attribute is used to populate the username in the session
+      ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
+      ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
+      ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
+      ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
+      ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
+      ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
+      ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
+      # username_attribute: uid
+
+      ## An additional dn to define the scope to all users.
+      # additional_users_dn: OU=Users
+
+      ## The users filter used in search queries to find the user profile based on input filled in login form.
+      ## Various placeholders are available in the user filter:
+      ## - {input} is a placeholder replaced by what the user inputs in the login form.
+      ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
+      ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
+      ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
+      ##   versions, so please don't use it.
+      ##
+      ## Recommended settings are as follows:
+      ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
+      ## - OpenLDAP:
+      ##   - (&({username_attribute}={input})(objectClass=person))
+      ##   - (&({username_attribute}={input})(objectClass=inetOrgPerson))
+      ##
+      ## To allow sign in both with username and email, one can use a filter like
+      ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
+      # users_filter: (&({username_attribute}={input})(objectClass=person))
 
-      ## Skip verifying the server certificate (to allow a self-signed certificate).
-      # skip_verify: false
+      ## An additional dn to define the scope of groups.
+      # additional_groups_dn: OU=Groups
+
+      ## The groups filter used in search queries to find the groups of the user.
+      ## - {input} is a placeholder replaced by what the user inputs in the login form.
+      ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
+      ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
+      ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
+      ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
+      ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
+      ##   versions, so please don't use it.
+      ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
+      ##   later version, so please don't use it.
+      ##
+      ## If your groups use the `groupOfUniqueNames` structure use this instead:
+      ##    (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
+      # groups_filter: (&(member={dn})(objectclass=groupOfNames))
+
+      ## The attribute holding the name of the group
+      # group_name_attribute: cn
+
+      ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
+      ## first one returned by the LDAP server is used.
+      # mail_attribute: mail
+
+      ## The attribute holding the display name of the user. This will be used to greet an authenticated user.
+      # display_name_attribute: displayname
+
+      ## The username of the admin user.
+      # user: CN=Authelia,DC=example,DC=com
 
-      ## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
-      # minimum_version: TLS1.2
-
-    ## The base dn for every LDAP query.
-    # base_dn: DC=example,DC=com
-
-    ## The attribute holding the username of the user. This attribute is used to populate the username in the session
-    ## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
-    ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
-    ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
-    ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
-    ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
-    ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
-    ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
-    # username_attribute: uid
-
-    ## An additional dn to define the scope to all users.
-    # additional_users_dn: OU=Users
-
-    ## The users filter used in search queries to find the user profile based on input filled in login form.
-    ## Various placeholders are available in the user filter:
-    ## - {input} is a placeholder replaced by what the user inputs in the login form.
-    ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
-    ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
-    ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
-    ##   versions, so please don't use it.
     ##
-    ## Recommended settings are as follows:
-    ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
-    ## - OpenLDAP:
-    ##   - (&({username_attribute}={input})(objectClass=person))
-    ##   - (&({username_attribute}={input})(objectClass=inetOrgPerson))
+    ## File (Authentication Provider)
     ##
-    ## To allow sign in both with username and email, one can use a filter like
-    ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
-    # users_filter: (&({username_attribute}={input})(objectClass=person))
-
-    ## An additional dn to define the scope of groups.
-    # additional_groups_dn: OU=Groups
-
-    ## The groups filter used in search queries to find the groups of the user.
-    ## - {input} is a placeholder replaced by what the user inputs in the login form.
-    ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
-    ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
-    ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
-    ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
-    ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
-    ##   versions, so please don't use it.
-    ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
-    ##   later version, so please don't use it.
+    ## With this backend, the users database is stored in a file which is updated when users reset their passwords.
+    ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
+    ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
+    ## implications it is highly recommended you leave the default values. Before considering changing these settings
+    ## please read the docs page below:
+    ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
     ##
-    ## If your groups use the `groupOfUniqueNames` structure use this instead:
-    ##    (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
-    # groups_filter: (&(member={dn})(objectclass=groupOfNames))
-
-    ## The attribute holding the name of the group
-    # group_name_attribute: cn
-
-    ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
-    ## first one returned by the LDAP server is used.
-    # mail_attribute: mail
-
-    ## The attribute holding the display name of the user. This will be used to greet an authenticated user.
-    # display_name_attribute: displayname
-
-    ## The username of the admin user.
-    # user: CN=Authelia,DC=example,DC=com
-
-  ##
-  ## File (Authentication Provider)
-  ##
-  ## With this backend, the users database is stored in a file which is updated when users reset their passwords.
-  ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
-  ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
-  ## implications it is highly recommended you leave the default values. Before considering changing these settings
-  ## please read the docs page below:
-  ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
-  ##
-  ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
-  ##
-  file:
-    path: /config/users_database.yml
-    password:
-      algorithm: sha512
-      iterations: 100000
-      key_length: 32
-      salt_length: 16
+    ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
+    ##
+    file:
+      path: /config/users_database.yml
+      password:
+        algorithm: sha512
+        iterations: 100000
+        key_length: 32
+        salt_length: 16
 
   ##
   ## Access Control Configuration