[envsec] Enforce version (#1688)

## Summary

Previously we didn't want to enforce a version because it requires a
code change for every new version, but while testing this is good
because it forces everyone to the same version of envsec. (in the future
we won't use the envsec binary at all, so the version will be tightly
coupled anyway)

Don't merge this until v0.0.13 is actually created 

## How was it tested?

Author: mikeland73

go.mod

@@ -7,11 +7,11 @@ require (
 	github.com/MakeNowJust/heredoc/v2 v2.0.1
 	github.com/alessio/shellescape v1.4.2
 	github.com/aws/aws-sdk-go-v2 v1.24.0
-	github.com/aws/aws-sdk-go-v2/config v1.26.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.12
+	github.com/aws/aws-sdk-go-v2/config v1.26.2
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.13
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.87
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6
 	github.com/bmatcuk/doublestar/v4 v4.6.0
 	github.com/briandowns/spinner v1.23.0
 	github.com/cavaliergopher/grab/v3 v3.0.1
@@ -39,8 +39,8 @@ require (
 	github.com/tailscale/hujson v0.0.0-20221223112325-20486734a56a
 	github.com/wk8/go-ordered-map/v2 v2.1.8
 	github.com/zealic/go2node v0.1.0
-	go.jetpack.io/envsec v0.0.12-0.20231220042802-d784a6c23f33
-	go.jetpack.io/pkg v0.0.0-20231220014237-68ef53318b2e
+	go.jetpack.io/envsec v0.0.13
+	go.jetpack.io/pkg v0.0.0-20231220195442-0c2f1e897695
 	golang.org/x/exp v0.0.0-20231219180239-dc181d75b848
 	golang.org/x/mod v0.14.0
 	golang.org/x/sync v0.5.0
@@ -65,6 +65,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.1.36 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssm v1.44.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
@@ -120,7 +121,7 @@ require (
 	go.jetpack.io/typeid v1.0.0 // indirect
 	go4.org v0.0.0-20200411211856-f5505b9728dd // indirect
 	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/oauth2 v0.14.0 // indirect
+	golang.org/x/oauth2 v0.15.0 // indirect
 	golang.org/x/sys v0.15.0 // indirect
 	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/text v0.14.0 // indirect

go.sum

@@ -50,9 +50,13 @@ github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.4.13/go.mod h1:gpAbvyDG
 github.com/aws/aws-sdk-go-v2/config v1.18.42/go.mod h1:4AZM3nMMxwlG+eZlxvBKqwVbkDLlnN2a4UGTL6HjaZI=
 github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
 github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
+github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc=
+github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8=
 github.com/aws/aws-sdk-go-v2/credentials v1.13.40/go.mod h1:VtEHVAAqDWASwdOqj/1huyT6uHbs5s8FUHfDQdky/Rs=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.11/go.mod h1:TEPP4tENqBGO99KwVpV9MlOX4NSrSLP8u3KRy2CDwA8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
@@ -81,6 +85,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4 h1:v0jkRigbSD6uOd
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.15.4/go.mod h1:LhTyt8J04LL+9cIt7pYJ5lbS/U98ZmXovLOR/4LUsk8=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0 h1:wl5dxN1NONhTDQD9uaEvNsDRX29cBmGED/nl0jkWlt4=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.40.0/go.mod h1:rDGMZA7f4pbmTtPOk5v5UM2lmX6UAbRnMDJeDvnH7AM=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.44.6 h1:EZw+TRx/4qlfp6VJ0P1sx04Txd9yGNK+NiO1upaXmh4=
+github.com/aws/aws-sdk-go-v2/service/ssm v1.44.6/go.mod h1:uXndCJoDO9gpuK24rNWVCnrGNUydKFEAYAZ7UU9S0rQ=
 github.com/aws/aws-sdk-go-v2/service/sso v1.14.1/go.mod h1:fIAwKQKBFu90pBxx07BFOMJLpRUGu8VOzLJakeY+0K4=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
@@ -90,6 +96,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9b
 github.com/aws/aws-sdk-go-v2/service/sts v1.22.0/go.mod h1:VC7JDqsqiwXukYEDjoHh9U0fOJtNWh04FPQz4ct4GGU=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
 github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
@@ -367,8 +375,12 @@ github.com/zealic/go2node v0.1.0 h1:ofxpve08cmLJBwFdI0lPCk9jfwGWOSD+s6216x0oAaA=
 github.com/zealic/go2node v0.1.0/go.mod h1:GrkFr+HctXwP7vzcU9RsgtAeJjTQ6Ud0IPCQAqpTfBg=
 go.jetpack.io/envsec v0.0.12-0.20231220042802-d784a6c23f33 h1:E7PQw+0KO7LmtT2ANOql7/cpwm2pQ6OyxttIXYXSqLE=
 go.jetpack.io/envsec v0.0.12-0.20231220042802-d784a6c23f33/go.mod h1:bR8d9A7SnjABK0uvjJLRedJdFRiPOWkDoo+W374z6X4=
+go.jetpack.io/envsec v0.0.13 h1:ZtA747aKU/cjDOMwaiqybKu5HG9dly8/T0p4bxLEvK0=
+go.jetpack.io/envsec v0.0.13/go.mod h1:K+gqk7llRfXcGF4zB4WHu6m1/DocSthk4Fh6Dx71doc=
 go.jetpack.io/pkg v0.0.0-20231220014237-68ef53318b2e h1:XYnuIOYcIStIb2WG6krxtln5YlzY66+QdQU78jMAgmI=
 go.jetpack.io/pkg v0.0.0-20231220014237-68ef53318b2e/go.mod h1:3bunF5jJUIXf8vWXvu4PHWfHuDj3hgzOyhTXeoBH8Dk=
+go.jetpack.io/pkg v0.0.0-20231220195442-0c2f1e897695 h1:ttpYfHeXn9towh6MGjGbd9y+dbSvWYfu/WYoW4kRrlM=
+go.jetpack.io/pkg v0.0.0-20231220195442-0c2f1e897695/go.mod h1:3bunF5jJUIXf8vWXvu4PHWfHuDj3hgzOyhTXeoBH8Dk=
 go.jetpack.io/typeid v1.0.0 h1:8gQ+iYGdyiQ0Pr40ydSB/PzMOIwlXX5DTojp1CBeSPQ=
 go.jetpack.io/typeid v1.0.0/go.mod h1:+UPEaECUgFxgAjFPn5Yf9eO/3ft/3xZ98Eahv9JW/GQ=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -441,6 +453,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
 golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
+golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

internal/boxcli/envsec.go

@@ -6,11 +6,9 @@ package boxcli
 import (
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
-	"go.jetpack.io/devbox/internal/build"
 	"go.jetpack.io/devbox/internal/devbox"
 	"go.jetpack.io/devbox/internal/devbox/devopt"
-	"go.jetpack.io/envsec/pkg/envsec"
-	"go.jetpack.io/pkg/envvar"
+	envsecIntegration "go.jetpack.io/devbox/internal/integrations/envsec"
 )
 
 type envsecInitCmdFlags struct {
@@ -59,23 +57,10 @@ func envsecInitFunc(cmd *cobra.Command, flags envsecInitCmdFlags) error {
 	if err != nil {
 		return errors.WithStack(err)
 	}
-	envsec := defaultEnvsec(cmd, box.ProjectDir())
+	envsec := envsecIntegration.DefaultEnvsec(cmd.ErrOrStderr(), box.ProjectDir())
 	if err := envsec.NewProject(cmd.Context(), flags.force); err != nil {
 		return errors.WithStack(err)
 	}
 	box.Config().SetStringField("EnvFrom", "envsec")
 	return box.Config().SaveTo(box.ProjectDir())
 }
-
-func defaultEnvsec(cmd *cobra.Command, workingDir string) *envsec.Envsec {
-	return &envsec.Envsec{
-		APIHost: build.JetpackAPIHost(),
-		Auth: envsec.AuthConfig{
-			ClientID: envvar.Get("ENVSEC_CLIENT_ID", build.ClientID()),
-			Issuer:   envvar.Get("ENVSEC_ISSUER", build.Issuer()),
-		},
-		IsDev:      build.IsDev,
-		Stderr:     cmd.ErrOrStderr(),
-		WorkingDir: workingDir,
-	}
-}

internal/integrations/envsec/envsec.go

@@ -4,13 +4,18 @@ import (
 	"bytes"
 	"context"
 	"encoding/json"
+	"io"
+	"os"
 	"os/exec"
 	"path/filepath"
 
 	"github.com/pkg/errors"
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
+	"go.jetpack.io/devbox/internal/build"
 	"go.jetpack.io/devbox/internal/debug"
 	"go.jetpack.io/devbox/internal/devpkg/pkgtype"
+	"go.jetpack.io/envsec/pkg/envsec"
+	"go.jetpack.io/pkg/envvar"
 )
 
 var (
@@ -25,7 +30,7 @@ func Env(ctx context.Context, projectDir, environment string) (map[string]string
 		return envCache, nil
 	}
 
-	if err := ensureInitialized(ctx, projectDir); err != nil {
+	if err := ensureInitialized(projectDir); err != nil {
 		return nil, err
 	}
 
@@ -44,7 +49,7 @@ func EnsureInstalled(ctx context.Context) (string, error) {
 		return binPathCache, nil
 	}
 
-	paths, err := pkgtype.RunXClient().Install(ctx, "jetpack-io/envsec")
+	paths, err := pkgtype.RunXClient().Install(ctx, "jetpack-io/envsec@v0.0.13")
 	if err != nil {
 		return "", errors.Wrap(err, "failed to install envsec")
 	}
@@ -57,18 +62,13 @@ func EnsureInstalled(ctx context.Context) (string, error) {
 	return binPathCache, nil
 }
 
-func ensureInitialized(ctx context.Context, projectDir string) error {
-	binPath, err := EnsureInstalled(ctx)
+func ensureInitialized(projectDir string) error {
+	envsec := DefaultEnvsec(os.Stderr, projectDir)
+	_, err := envsec.ProjectConfig(projectDir)
 	if err != nil {
-		return err
-	}
-	cmd := exec.Command(binPath, "init", "--json-errors")
-	cmd.Dir = projectDir
-	var bufErr bytes.Buffer
-	cmd.Stderr = &bufErr
-
-	if err := cmd.Run(); err != nil {
-		return handleError(&bufErr, err)
+		return errors.New(
+			"envsec project is not initialized. Use `devbox envsec init` to initialize",
+		)
 	}
 	return nil
 }
@@ -118,3 +118,16 @@ func handleError(stderr *bytes.Buffer, err error) error {
 	}
 	return errors.WithStack(err)
 }
+
+func DefaultEnvsec(stderr io.Writer, workingDir string) *envsec.Envsec {
+	return &envsec.Envsec{
+		APIHost: build.JetpackAPIHost(),
+		Auth: envsec.AuthConfig{
+			ClientID: envvar.Get("ENVSEC_CLIENT_ID", build.ClientID()),
+			Issuer:   envvar.Get("ENVSEC_ISSUER", build.Issuer()),
+		},
+		IsDev:      build.IsDev,
+		Stderr:     stderr,
+		WorkingDir: workingDir,
+	}
+}