From df9c7f21a598b210015867d9bc9940a321810638 Mon Sep 17 00:00:00 2001
From: TheFox0x7 <thefox0x7@gmail.com>
Date: Sun, 18 May 2025 20:18:50 +0200
Subject: [PATCH] inline flags for ldap commands

ensure flags don't carry state through tests
---
 cmd/admin.go                |   8 +-
 cmd/admin_auth_ldap.go      | 287 ++++++++++++++++--------------------
 cmd/admin_auth_ldap_test.go |  38 ++---
 3 files changed, 148 insertions(+), 185 deletions(-)

diff --git a/cmd/admin.go b/cmd/admin.go
index 32baa625aa..241579618d 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -53,10 +53,10 @@ var (
 		Commands: []*cli.Command{
 			microcmdAuthAddOauth,
 			microcmdAuthUpdateOauth,
-			microcmdAuthAddLdapBindDn,
-			microcmdAuthUpdateLdapBindDn,
-			microcmdAuthAddLdapSimpleAuth,
-			microcmdAuthUpdateLdapSimpleAuth,
+			newMicrocmdAuthAddLdapBindDn(),
+			newMicrocmdAuthUpdateLdapBindDn(),
+			newMicrocmdAuthAddLdapSimpleAuth(),
+			newMicrocmdAuthUpdateLdapSimpleAuth(),
 			microcmdAuthAddSMTP,
 			microcmdAuthUpdateSMTP,
 			microcmdAuthList,
diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go
index 7403294355..e36c64ba87 100644
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -24,182 +24,157 @@ type (
 	}
 )
 
-var (
-	commonLdapCLIFlags = []cli.Flag{
-		&cli.StringFlag{
-			Name:  "name",
-			Usage: "Authentication name.",
-		},
-		&cli.BoolFlag{
-			Name:  "not-active",
-			Usage: "Deactivate the authentication source.",
-		},
-		&cli.BoolFlag{
-			Name:  "active",
-			Usage: "Activate the authentication source.",
-		},
-		&cli.StringFlag{
-			Name:  "security-protocol",
-			Usage: "Security protocol name.",
-		},
-		&cli.BoolFlag{
-			Name:  "skip-tls-verify",
-			Usage: "Disable TLS verification.",
-		},
-		&cli.StringFlag{
-			Name:  "host",
-			Usage: "The address where the LDAP server can be reached.",
-		},
-		&cli.IntFlag{
-			Name:  "port",
-			Usage: "The port to use when connecting to the LDAP server.",
-		},
-		&cli.StringFlag{
-			Name:  "user-search-base",
-			Usage: "The LDAP base at which user accounts will be searched for.",
-		},
-		&cli.StringFlag{
-			Name:  "user-filter",
-			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
-		},
-		&cli.StringFlag{
-			Name:  "admin-filter",
-			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
-		},
-		&cli.StringFlag{
-			Name:  "restricted-filter",
-			Usage: "An LDAP filter specifying if a user should be given restricted status.",
-		},
-		&cli.BoolFlag{
-			Name:  "allow-deactivate-all",
-			Usage: "Allow empty search results to deactivate all users.",
-		},
-		&cli.StringFlag{
-			Name:  "username-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user name.",
-		},
-		&cli.StringFlag{
-			Name:  "firstname-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
-		},
-		&cli.StringFlag{
-			Name:  "surname-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
-		},
-		&cli.StringFlag{
-			Name:  "email-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
-		},
-		&cli.StringFlag{
-			Name:  "public-ssh-key-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
-		},
-		&cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Set to true to skip local 2fa for users authenticated by this source",
-		},
-		&cli.StringFlag{
-			Name:  "avatar-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
-		},
-	}
-
-	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
-		&cli.StringFlag{
-			Name:  "bind-dn",
-			Usage: "The DN to bind to the LDAP server with when searching for the user.",
-		},
-		&cli.StringFlag{
-			Name:  "bind-password",
-			Usage: "The password for the Bind DN, if any.",
-		},
-		&cli.BoolFlag{
-			Name:  "attributes-in-bind",
-			Usage: "Fetch attributes in bind DN context.",
-		},
-		&cli.BoolFlag{
-			Name:  "synchronize-users",
-			Usage: "Enable user synchronization.",
-		},
-		&cli.BoolFlag{
-			Name:  "disable-synchronize-users",
-			Usage: "Disable user synchronization.",
-		},
-		&cli.UintFlag{
-			Name:  "page-size",
-			Usage: "Search page size.",
-		},
-		&cli.BoolFlag{
-			Name:  "enable-groups",
-			Usage: "Enable LDAP groups",
-		},
-		&cli.StringFlag{
-			Name:  "group-search-base-dn",
-			Usage: "The LDAP base DN at which group accounts will be searched for",
-		},
-		&cli.StringFlag{
-			Name:  "group-member-attribute",
-			Usage: "Group attribute containing list of users",
-		},
-		&cli.StringFlag{
-			Name:  "group-user-attribute",
-			Usage: "User attribute listed in group",
-		},
-		&cli.StringFlag{
-			Name:  "group-filter",
-			Usage: "Verify group membership in LDAP",
-		},
-		&cli.StringFlag{
-			Name:  "group-team-map",
-			Usage: "Map LDAP groups to Organization teams",
-		},
-		&cli.BoolFlag{
-			Name:  "group-team-map-removal",
-			Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group",
-		})
-
-	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
-		&cli.StringFlag{
-			Name:  "user-dn",
-			Usage: "The user's DN.",
-		})
-
-	microcmdAuthAddLdapBindDn = &cli.Command{
+func newMicrocmdAuthAddLdapBindDn() *cli.Command {
+	return &cli.Command{
 		Name:  "add-ldap",
 		Usage: "Add new LDAP (via Bind DN) authentication source",
 		Action: func(ctx context.Context, cmd *cli.Command) error {
 			return newAuthService().addLdapBindDn(ctx, cmd)
 		},
-		Flags: ldapBindDnCLIFlags,
+		Flags: []cli.Flag{
+			&cli.StringFlag{Name: "name", Usage: "Authentication name.", Required: true},
+			&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
+			&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
+			&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name.", Required: true},
+			&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
+			&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached.", Required: true},
+			&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server.", Required: true},
+			&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for.", Required: true},
+			&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.", Required: true},
+			&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
+			&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
+			&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
+			&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
+			&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
+			&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
+			&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address.", Required: true},
+			&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
+			&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
+			&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
+			&cli.StringFlag{Name: "bind-dn", Usage: "The DN to bind to the LDAP server with when searching for the user."},
+			&cli.StringFlag{Name: "bind-password", Usage: "The password for the Bind DN, if any."},
+			&cli.BoolFlag{Name: "attributes-in-bind", Usage: "Fetch attributes in bind DN context."},
+			&cli.BoolFlag{Name: "synchronize-users", Usage: "Enable user synchronization."},
+			&cli.BoolFlag{Name: "disable-synchronize-users", Usage: "Disable user synchronization."},
+			&cli.UintFlag{Name: "page-size", Usage: "Search page size."},
+			&cli.BoolFlag{Name: "enable-groups", Usage: "Enable LDAP groups"},
+			&cli.StringFlag{Name: "group-search-base-dn", Usage: "The LDAP base DN at which group accounts will be searched for"},
+			&cli.StringFlag{Name: "group-member-attribute", Usage: "Group attribute containing list of users"},
+			&cli.StringFlag{Name: "group-user-attribute", Usage: "User attribute listed in group"},
+			&cli.StringFlag{Name: "group-filter", Usage: "Verify group membership in LDAP"},
+			&cli.StringFlag{Name: "group-team-map", Usage: "Map LDAP groups to Organization teams"},
+			&cli.BoolFlag{Name: "group-team-map-removal", Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group"},
+		},
 	}
+}
 
-	microcmdAuthUpdateLdapBindDn = &cli.Command{
+func newMicrocmdAuthUpdateLdapBindDn() *cli.Command {
+	return &cli.Command{
 		Name:  "update-ldap",
 		Usage: "Update existing LDAP (via Bind DN) authentication source",
 		Action: func(ctx context.Context, cmd *cli.Command) error {
 			return newAuthService().updateLdapBindDn(ctx, cmd)
 		},
-		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
+		Flags: []cli.Flag{
+			&cli.Int64Flag{Name: "id", Usage: "ID of authentication source", Required: true},
+			&cli.StringFlag{Name: "name", Usage: "Authentication name."},
+			&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
+			&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
+			&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name."},
+			&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
+			&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached."},
+			&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server."},
+			&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
+			&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate."},
+			&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
+			&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
+			&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
+			&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
+			&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
+			&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
+			&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address."},
+			&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
+			&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
+			&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
+			&cli.StringFlag{Name: "bind-dn", Usage: "The DN to bind to the LDAP server with when searching for the user."},
+			&cli.StringFlag{Name: "bind-password", Usage: "The password for the Bind DN, if any."},
+			&cli.BoolFlag{Name: "attributes-in-bind", Usage: "Fetch attributes in bind DN context."},
+			&cli.BoolFlag{Name: "synchronize-users", Usage: "Enable user synchronization."},
+			&cli.BoolFlag{Name: "disable-synchronize-users", Usage: "Disable user synchronization."},
+			&cli.UintFlag{Name: "page-size", Usage: "Search page size."},
+			&cli.BoolFlag{Name: "enable-groups", Usage: "Enable LDAP groups"},
+			&cli.StringFlag{Name: "group-search-base-dn", Usage: "The LDAP base DN at which group accounts will be searched for"},
+			&cli.StringFlag{Name: "group-member-attribute", Usage: "Group attribute containing list of users"},
+			&cli.StringFlag{Name: "group-user-attribute", Usage: "User attribute listed in group"},
+			&cli.StringFlag{Name: "group-filter", Usage: "Verify group membership in LDAP"},
+			&cli.StringFlag{Name: "group-team-map", Usage: "Map LDAP groups to Organization teams"},
+			&cli.BoolFlag{Name: "group-team-map-removal", Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group"},
+		},
 	}
+}
 
-	microcmdAuthAddLdapSimpleAuth = &cli.Command{
+func newMicrocmdAuthAddLdapSimpleAuth() *cli.Command {
+	return &cli.Command{
 		Name:  "add-ldap-simple",
 		Usage: "Add new LDAP (simple auth) authentication source",
 		Action: func(ctx context.Context, cmd *cli.Command) error {
 			return newAuthService().addLdapSimpleAuth(ctx, cmd)
 		},
-		Flags: ldapSimpleAuthCLIFlags,
+		Flags: []cli.Flag{
+			&cli.StringFlag{Name: "name", Usage: "Authentication name.", Required: true},
+			&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
+			&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
+			&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name.", Required: true},
+			&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
+			&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached.", Required: true},
+			&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server.", Required: true},
+			&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
+			&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.", Required: true},
+			&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
+			&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
+			&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
+			&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
+			&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
+			&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
+			&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address.", Required: true},
+			&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
+			&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
+			&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
+			&cli.StringFlag{Name: "user-dn", Usage: "The user's DN.", Required: true}},
 	}
+}
 
-	microcmdAuthUpdateLdapSimpleAuth = &cli.Command{
+func newMicrocmdAuthUpdateLdapSimpleAuth() *cli.Command {
+	return &cli.Command{
 		Name:  "update-ldap-simple",
 		Usage: "Update existing LDAP (simple auth) authentication source",
 		Action: func(ctx context.Context, cmd *cli.Command) error {
 			return newAuthService().updateLdapSimpleAuth(ctx, cmd)
 		},
-		Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
-	}
-)
+		Flags: []cli.Flag{
+			&cli.Int64Flag{Name: "id", Usage: "ID of authentication source", Required: true},
+			&cli.StringFlag{Name: "name", Usage: "Authentication name."},
+			&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
+			&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
+			&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name."},
+			&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
+			&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached."},
+			&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server."},
+			&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
+			&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate."},
+			&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
+			&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
+			&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
+			&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
+			&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
+			&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
+			&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address."},
+			&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
+			&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
+			&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
+			&cli.StringFlag{Name: "user-dn", Usage: "The user's DN."},
+		}}
+}
 
 // newAuthService creates a service with default functions.
 func newAuthService() *authService {
@@ -338,10 +313,6 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
 // getAuthSource gets the login source by its id defined in the command line flags.
 // It returns an error if the id is not set, does not match any source or if the source is not of expected type.
 func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authType auth.Type) (*auth.Source, error) {
-	if err := argsSet(c, "id"); err != nil {
-		return nil, err
-	}
-
 	authSource, err := a.getAuthSourceByID(ctx, c.Int64("id"))
 	if err != nil {
 		return nil, err
@@ -356,10 +327,6 @@ func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authTyp
 
 // addLdapBindDn adds a new LDAP via Bind DN authentication source.
 func (a *authService) addLdapBindDn(_ context.Context, c *cli.Command) error {
-	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
-		return err
-	}
-
 	ctx, cancel := installSignals()
 	defer cancel()
 
@@ -407,10 +374,6 @@ func (a *authService) updateLdapBindDn(_ context.Context, c *cli.Command) error
 
 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
 func (a *authService) addLdapSimpleAuth(_ context.Context, c *cli.Command) error {
-	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
-		return err
-	}
-
 	ctx, cancel := installSignals()
 	defer cancel()
 
diff --git a/cmd/admin_auth_ldap_test.go b/cmd/admin_auth_ldap_test.go
index 49061afdab..68a1f9b486 100644
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -148,7 +148,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 				"--email-attribute", "mail",
 			},
-			errMsg: "name is not set",
+			errMsg: "Required flag \"name\" not set",
 		},
 		// case 4
 		{
@@ -161,7 +161,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 				"--email-attribute", "mail",
 			},
-			errMsg: "security-protocol is not set",
+			errMsg: "Required flag \"security-protocol\" not set",
 		},
 		// case 5
 		{
@@ -174,7 +174,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 				"--email-attribute", "mail",
 			},
-			errMsg: "host is not set",
+			errMsg: "Required flag \"host\" not set",
 		},
 		// case 6
 		{
@@ -187,7 +187,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 				"--email-attribute", "mail",
 			},
-			errMsg: "port is not set",
+			errMsg: "Required flag \"port\" not set",
 		},
 		// case 7
 		{
@@ -200,7 +200,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--email-attribute", "mail",
 			},
-			errMsg: "user-filter is not set",
+			errMsg: "Required flag \"user-filter\" not set",
 		},
 		// case 8
 		{
@@ -213,7 +213,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 			},
-			errMsg: "email-attribute is not set",
+			errMsg: "Required flag \"email-attribute\" not set",
 		},
 	}
 
@@ -240,7 +240,7 @@ func TestAddLdapBindDn(t *testing.T) {
 
 		// Create a copy of command to test
 		app := cli.Command{
-			Flags:  microcmdAuthAddLdapBindDn.Flags,
+			Flags:  newMicrocmdAuthAddLdapBindDn().Flags,
 			Action: service.addLdapBindDn,
 		}
 
@@ -367,7 +367,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "name is not set",
+			errMsg: "Required flag \"name\" not set",
 		},
 		// case 4
 		{
@@ -380,7 +380,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "security-protocol is not set",
+			errMsg: "Required flag \"security-protocol\" not set",
 		},
 		// case 5
 		{
@@ -393,7 +393,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "host is not set",
+			errMsg: "Required flag \"host\" not set",
 		},
 		// case 6
 		{
@@ -406,7 +406,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "port is not set",
+			errMsg: "Required flag \"port\" not set",
 		},
 		// case 7
 		{
@@ -419,7 +419,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "user-filter is not set",
+			errMsg: "Required flag \"user-filter\" not set",
 		},
 		// case 8
 		{
@@ -432,7 +432,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "email-attribute is not set",
+			errMsg: "Required flag \"email-attribute\" not set",
 		},
 		// case 9
 		{
@@ -445,7 +445,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--email-attribute", "mail",
 			},
-			errMsg: "user-dn is not set",
+			errMsg: "Required flag \"user-dn\" not set",
 		},
 	}
 
@@ -472,7 +472,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 
 		// Create a copy of command to test
 		app := &cli.Command{
-			Flags:  microcmdAuthAddLdapSimpleAuth.Flags,
+			Flags:  newMicrocmdAuthAddLdapSimpleAuth().Flags,
 			Action: service.addLdapSimpleAuth,
 		}
 
@@ -873,7 +873,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			args: []string{
 				"ldap-test",
 			},
-			errMsg: "id is not set",
+			errMsg: "Required flag \"id\" not set",
 		},
 		// case 23
 		{
@@ -950,7 +950,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
 
 		// Create a copy of command to test
 		app := cli.Command{
-			Flags:  microcmdAuthUpdateLdapBindDn.Flags,
+			Flags:  newMicrocmdAuthUpdateLdapBindDn().Flags,
 			Action: service.updateLdapBindDn,
 		}
 		// Run it
@@ -1266,7 +1266,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			args: []string{
 				"ldap-test",
 			},
-			errMsg: "id is not set",
+			errMsg: "Required flag \"id\" not set",
 		},
 		// case 19
 		{
@@ -1340,7 +1340,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 
 		// Create a copy of command to test
 		app := cli.Command{
-			Flags:  microcmdAuthUpdateLdapSimpleAuth.Flags,
+			Flags:  newMicrocmdAuthUpdateLdapSimpleAuth().Flags,
 			Action: service.updateLdapSimpleAuth,
 		}
 		// Run it