fnox 1.25.1

A flexible secret management tool supporting multiple providers and encryption methods
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

#!/usr/bin/env bash

# Common assertion helpers for fnox bats tests

# Assert that fnox command succeeds
# Usage: assert_fnox_success <command> [args...]
assert_fnox_success() {
	run "$FNOX_BIN" "$@"
	assert_success
}

# Assert that fnox command fails
# Usage: assert_fnox_failure <command> [args...]
assert_fnox_failure() {
	run "$FNOX_BIN" "$@"
	assert_failure
}

# Assert that config file contains specific content
# Usage: assert_config_contains <content>
assert_config_contains() {
	local content="$1"
	local config_file="${FNOX_CONFIG_FILE:-fnox.toml}"

	if [[ ! -f $config_file ]]; then
		echo "Config file $config_file does not exist" >&2
		return 1
	fi

	if ! grep -q "$content" "$config_file"; then
		echo "Config file $config_file does not contain: $content" >&2
		echo "Config contents:" >&2
		cat "$config_file" >&2
		return 1
	fi
}

# Assert that config file does not contain specific content
# Usage: assert_config_not_contains <content>
assert_config_not_contains() {
	local content="$1"
	local config_file="${FNOX_CONFIG_FILE:-fnox.toml}"

	if [[ ! -f $config_file ]]; then
		return 0 # File doesn't exist, so it doesn't contain the content
	fi

	if grep -q "$content" "$config_file"; then
		echo "Config file $config_file contains (should not): $content" >&2
		echo "Config contents:" >&2
		cat "$config_file" >&2
		return 1
	fi
}

# Assert that a secret exists in the config
# Usage: assert_secret_exists <secret_name>
assert_secret_exists() {
	local secret_name="$1"
	assert_config_contains "\"$secret_name\""
}

# Assert that a secret does not exist in the config
# Usage: assert_secret_not_exists <secret_name>
assert_secret_not_exists() {
	local secret_name="$1"
	assert_config_not_contains "\"$secret_name\""
}

# Assert that a profile exists in the config
# Usage: assert_profile_exists <profile_name>
assert_profile_exists() {
	local profile_name="$1"
	assert_config_contains "\\[profiles\\.$profile_name\\]"
}

# Assert that a profile does not exist in the config
# Usage: assert_profile_not_exists <profile_name>
assert_profile_not_exists() {
	local profile_name="$1"
	assert_config_not_contains "\\[profiles\\.$profile_name\\]"
}

# Assert that output contains a specific secret value (for testing get command)
# Usage: assert_secret_output <secret_name> <expected_value>
assert_secret_output() {
	local secret_name="$1"
	local expected_value="$2"

	assert_output --partial "$secret_name"
	assert_output --partial "$expected_value"
}

# Create a basic fnox config for testing
# Usage: create_test_config [provider]
create_test_config() {
	local provider="${1:-age}"
	cat >"${FNOX_CONFIG_FILE:-fnox.toml}" <<EOF
root = true

[secrets]

[secrets.test_secret]
value = "test_value"

[providers.test-provider]
type = "age"
recipients = ["age1exampleexampleexampleexampleexampleexampleexampleexampleexampleexample"]

[profiles.test]
EOF
}

# Create a test profile with specific provider
# Usage: create_test_profile <profile_name> <provider>
create_test_profile() {
	local profile_name="$1"
	local provider="$2"

	cat >"${FNOX_CONFIG_FILE:-fnox.toml}" <<EOF
root = true

[providers.$provider-provider]
type = "$provider"

[profiles.$profile_name]
EOF
}

# Generate a simple age key pair for testing
# Usage: generate_test_age_key
generate_test_age_key() {
	if ! command -v age-keygen >/dev/null 2>&1; then
		echo "age-keygen not found, skipping age key generation" >&2
		return 1
	fi

	age-keygen -o key.txt 2>/dev/null
	local public_key
	public_key=$(grep "public key:" key.txt | cut -d' ' -f3)
	echo "$public_key"
}

# Assert that output contains fnox version pattern
# Usage: assert_fnox_version_output
assert_fnox_version_output() {
	assert_output --regexp "^fnox\ [0-9]+\.[0-9]+\.[0-9]+$"
}

# Assert that command output is valid JSON (for export command)
# Usage: assert_json_output
assert_json_output() {
	# shellcheck disable=SC2154
	# Try to parse with python, jq, or node (whichever is available)
	if command -v python3 >/dev/null 2>&1; then
		echo "$output" | python3 -m json.tool >/dev/null
	elif command -v jq >/dev/null 2>&1; then
		echo "$output" | jq . >/dev/null
	elif command -v node >/dev/null 2>&1; then
		echo "$output" | node -e "console.log(JSON.parse(require('fs').readFileSync(0, 'utf8')))" >/dev/null 2>&1
	else
		echo "No JSON parser available to validate output" >&2
		return 1
	fi
}