[STEP-2061] Enterprise api (#246)

* Added enterprise API client

* Added test

* Make baseURL fully overrideable

* Use the new API flag

* Update input override

* Update appstoreconnect.go

* Update URL creation

* Added codesigning integration test

* Add enterprise flag

* Use the new v2 devportalservice. Moved appleauth.Credentials to devportalservice.Credentials.

* Use new devportalservice.NewBitriseClient with new params

* Added codesinging e2e tests using dev step

* Disable Xcode managed signing for enterpries as not working yet

* lint

* Change workdir back

* lint

* yml formatting

* Speed up spaceships tests by removing sleep in tests

* Fix dev step path

* Convert e2e test step to scrip to work around go workspace issues due to CLI copying step dir

* step path lookup fix

* E2E test step path fixed

* Removed e2e from legacy WF

* Deduplicate legacy WF

* Fix step ref

* Lint

* Revert E2E test changes for now

---------

Co-authored-by: Szabolcs Toth <54896607+tothszabi@users.noreply.github.com>
Co-authored-by: Olivér Falvai <ofalvai@gmail.com>

Author: 3 people

autocodesign/autocodesign.go

@@ -11,9 +11,9 @@ import (
 
 	"github.com/bitrise-io/go-utils/log"
 	"github.com/bitrise-io/go-xcode/certificateutil"
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/profileutil"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 	"github.com/bitrise-io/go-xcode/xcodeproject/serialized"
 )
 

autocodesign/devices.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 
 	"github.com/bitrise-io/go-utils/log"
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 )
 
 // EnsureTestDevices fetches devices from Apple, and register missing devices.

autocodesign/devices_test.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

autocodesign/devportalclient/appstoreconnect/appstoreconnect.go

@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"net/url"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/bitrise-io/go-utils/httputil"
@@ -23,7 +24,12 @@ import (
 )
 
 const (
-	baseURL    = "https://api.appstoreconnect.apple.com/"
+	clientBaseURL = "https://api.appstoreconnect.apple.com/"
+	tokenAudience = "appstoreconnect-v1"
+
+	clientBaseEnterpiseURL  = "https://api.enterprise.developer.apple.com/"
+	tokenEnterpriseAudience = "apple-developer-enterprise-v1"
+
 	apiVersion = "v1"
 )
 
@@ -52,6 +58,7 @@ type Client struct {
 	keyID             string
 	issuerID          string
 	privateKeyContent []byte
+	audience          string
 
 	token       *jwt.Token
 	signedToken string
@@ -83,8 +90,15 @@ func NewRetryableHTTPClient() *http.Client {
 }
 
 // NewClient creates a new client
-func NewClient(httpClient HTTPClient, keyID, issuerID string, privateKey []byte) *Client {
-	baseURL, err := url.Parse(baseURL)
+func NewClient(httpClient HTTPClient, keyID, issuerID string, privateKey []byte, isEnterpise bool) *Client {
+	targetURL := clientBaseURL
+	targetAudience := tokenAudience
+	if isEnterpise {
+		targetURL = clientBaseEnterpiseURL
+		targetAudience = tokenEnterpriseAudience
+	}
+
+	baseURL, err := url.Parse(targetURL)
 	if err != nil {
 		panic("invalid api base url: " + err.Error())
 	}
@@ -93,6 +107,7 @@ func NewClient(httpClient HTTPClient, keyID, issuerID string, privateKey []byte)
 		keyID:             keyID,
 		issuerID:          issuerID,
 		privateKeyContent: privateKey,
+		audience:          targetAudience,
 
 		client:  httpClient,
 		BaseURL: baseURL,
@@ -126,17 +141,29 @@ func (c *Client) ensureSignedToken() (string, error) {
 		log.Debugf("Generating JWT token")
 	}
 
-	c.token = createToken(c.keyID, c.issuerID)
+	c.token = createToken(c.keyID, c.issuerID, c.audience)
 	var err error
 	if c.signedToken, err = signToken(c.token, c.privateKeyContent); err != nil {
 		return "", err
 	}
 	return c.signedToken, nil
 }
 
+// NewRequestWithRelationshipURL ...
+func (c *Client) NewRequestWithRelationshipURL(method, endpoint string, body interface{}) (*http.Request, error) {
+	endpoint = strings.TrimPrefix(endpoint, c.BaseURL.String()+apiVersion+"/")
+
+	return c.NewRequest(method, endpoint, body)
+}
+
 // NewRequest creates a new http.Request
 func (c *Client) NewRequest(method, endpoint string, body interface{}) (*http.Request, error) {
 	endpoint = apiVersion + "/" + endpoint
+
+	return c.newRequest(method, endpoint, body)
+}
+
+func (c *Client) newRequest(method, endpoint string, body interface{}) (*http.Request, error) {
 	u, err := c.BaseURL.Parse(endpoint)
 	if err != nil {
 		return nil, fmt.Errorf("parsing endpoint failed: %v", err)

autocodesign/devportalclient/appstoreconnect/appstoreconnect_test.go

@@ -0,0 +1,31 @@
+// Package appstoreconnect implements a client for the App Store Connect API.
+//
+// It contains type definitions, authentication and API calls, without business logic built on those API calls.
+package appstoreconnect
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewClient(t *testing.T) {
+	got := NewClient(NewRetryableHTTPClient(), "keyID", "issuerID", []byte{}, false)
+
+	require.Equal(t, "appstoreconnect-v1", got.audience)
+
+	wantURL, err := url.Parse("https://api.appstoreconnect.apple.com/")
+	require.NoError(t, err)
+	require.Equal(t, wantURL, got.BaseURL)
+}
+
+func TestNewEnterpriseClient(t *testing.T) {
+	got := NewClient(NewRetryableHTTPClient(), "keyID", "issuerID", []byte{}, true)
+
+	require.Equal(t, "apple-developer-enterprise-v1", got.audience)
+
+	wantURL, err := url.Parse("https://api.enterprise.developer.apple.com/")
+	require.NoError(t, err)
+	require.Equal(t, wantURL, got.BaseURL)
+}

autocodesign/devportalclient/appstoreconnect/bundleids.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 )
 
 // BundleIDsEndpoint ...
@@ -125,8 +124,7 @@ func (s ProvisioningService) CreateBundleID(body BundleIDCreateRequest) (*Bundle
 
 // BundleID ...
 func (s ProvisioningService) BundleID(relationshipLink string) (*BundleIDResponse, error) {
-	endpoint := strings.TrimPrefix(relationshipLink, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, relationshipLink, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/capabilities.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 )
 
 // BundleIDCapabilitiesEndpoint ...
@@ -262,8 +261,7 @@ func (s ProvisioningService) UpdateCapability(id string, body BundleIDCapability
 
 // Capabilities ...
 func (s ProvisioningService) Capabilities(relationshipLink string) (*BundleIDCapabilitiesResponse, error) {
-	endpoint := strings.TrimPrefix(relationshipLink, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, relationshipLink, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/certificates.go

@@ -3,7 +3,6 @@ package appstoreconnect
 import (
 	"fmt"
 	"net/http"
-	"strings"
 )
 
 // CertificatesEndpoint ...
@@ -108,8 +107,7 @@ func (s ProvisioningService) Certificates(relationshipLink string, opt *PagingOp
 		return nil, err
 	}
 
-	endpoint := strings.TrimPrefix(u, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, u, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/devices.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 )
 
 // DevicesEndpoint ...
@@ -145,8 +144,7 @@ func (s ProvisioningService) Devices(relationshipLink string, opt *PagingOptions
 		return nil, err
 	}
 
-	endpoint := strings.TrimPrefix(u, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, u, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/jwt.go

@@ -31,11 +31,11 @@ func signToken(token *jwt.Token, privateKeyContent []byte) (string, error) {
 }
 
 // createToken creates a jwt.Token for the Apple API
-func createToken(keyID string, issuerID string) *jwt.Token {
+func createToken(keyID string, issuerID string, audience string) *jwt.Token {
 	payload := claims{
 		IssuerID:   issuerID,
 		Expiration: time.Now().Add(jwtDuration).Unix(),
-		Audience:   "appstoreconnect-v1",
+		Audience:   audience,
 	}
 
 	// registers headers: alg = ES256 and typ = JWT

autocodesign/devportalclient/appstoreconnect/profiles.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/time"
 	"github.com/bitrise-io/go-xcode/xcodeproject/serialized"
@@ -286,8 +285,7 @@ func (s ProvisioningService) Profiles(relationshipLink string, opt *PagingOption
 		return nil, err
 	}
 
-	endpoint := strings.TrimPrefix(u, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, u, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnectclient/devices.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"net/http"
 
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 )
 
 // DeviceClient ...

autocodesign/devportalclient/appstoreconnectclient/devices_test.go

@@ -5,8 +5,8 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
@@ -39,7 +39,7 @@ func TestDeviceClient_RegisterDevice_WhenInvaludUUID(t *testing.T) {
 		},
 	})
 
-	client := appstoreconnect.NewClient(&mockClient, "keyID", "issueID", []byte("privateKey"))
+	client := appstoreconnect.NewClient(&mockClient, "keyID", "issueID", []byte("privateKey"), false)
 	deviceClient := NewDeviceClient(client)
 
 	got, err := deviceClient.RegisterDevice(devportalservice.TestDevice{

autocodesign/devportalclient/appstoreconnectclient/profiles_test.go

@@ -88,7 +88,7 @@ func TestEnsureProfile_ExpiredProfile(t *testing.T) {
 		On("PostProfilesSuccess", mock.AnythingOfType("*http.Request")).
 		Return(newResponse(t, http.StatusOK, map[string]interface{}{}), nil)
 
-	client := appstoreconnect.NewClient(mockClient, "keyID", "issueID", []byte("privateKey"))
+	client := appstoreconnect.NewClient(mockClient, "keyID", "issueID", []byte("privateKey"), false)
 	profileClient := NewProfileClient(client)
 	bundleID := appstoreconnect.BundleID{
 		Attributes: appstoreconnect.BundleIDAttributes{Identifier: "io.bitrise.testapp"},
@@ -133,9 +133,9 @@ func (c *MockClient) Do(req *http.Request) (*http.Response, error) {
 		}
 		// After deleting the expired profile, creating a new one succeed
 		return c.PostProfilesSuccess(req)
-	case req.URL.Path == "/v1//bundleID/capabilities" && req.Method == "GET":
+	case req.URL.Path == "/v1/bundleID/capabilities" && req.Method == "GET":
 		return c.GetBundleIDCapabilities(req)
-	case req.URL.Path == "/v1//bundleID/profiles" && req.Method == "GET":
+	case req.URL.Path == "/v1/bundleID/profiles" && req.Method == "GET":
 		return c.GetBundleIDProfiles(req)
 	case req.URL.Path == "/v1/profiles/1" && req.Method == "DELETE":
 		return c.DeleteProfiles(req)

autocodesign/devportalclient/devportalclient.go

@@ -9,13 +9,13 @@ import (
 	"github.com/bitrise-io/go-utils/retry"
 	"github.com/bitrise-io/go-utils/v2/command"
 	"github.com/bitrise-io/go-utils/v2/env"
+	"github.com/bitrise-io/go-utils/v2/fileutil"
 	"github.com/bitrise-io/go-utils/v2/log"
-	"github.com/bitrise-io/go-xcode/appleauth"
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnectclient"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/spaceship"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 )
 
 const (
@@ -27,21 +27,23 @@ Read more: https://devcenter.bitrise.io/getting-started/configuring-bitrise-step
 
 // Factory ...
 type Factory struct {
-	logger log.Logger
+	logger      log.Logger
+	filemanager fileutil.FileManager
 }
 
 // NewFactory ...
-func NewFactory(logger log.Logger) Factory {
+func NewFactory(logger log.Logger, filemanager fileutil.FileManager) Factory {
 	return Factory{
-		logger: logger,
+		logger:      logger,
+		filemanager: filemanager,
 	}
 }
 
 // CreateBitriseConnection ...
 func (f Factory) CreateBitriseConnection(buildURL, buildAPIToken string) (*devportalservice.AppleDeveloperConnection, error) {
 	f.logger.Println()
 	f.logger.Infof("Fetching Apple Service connection")
-	connectionProvider := devportalservice.NewBitriseClient(retry.NewHTTPClient().StandardClient(), buildURL, buildAPIToken)
+	connectionProvider := devportalservice.NewBitriseClient(f.logger, f.filemanager, retry.NewHTTPClient().StandardClient(), buildURL, buildAPIToken)
 	conn, err := connectionProvider.GetAppleDeveloperConnection()
 	if err != nil {
 		if networkErr, ok := err.(devportalservice.NetworkError); ok && networkErr.Status == http.StatusUnauthorized {
@@ -68,13 +70,13 @@ func (f Factory) CreateBitriseConnection(buildURL, buildAPIToken string) (*devpo
 }
 
 // Create ...
-func (f Factory) Create(credentials appleauth.Credentials, teamID string) (autocodesign.DevPortalClient, error) {
+func (f Factory) Create(credentials devportalservice.Credentials, teamID string) (autocodesign.DevPortalClient, error) {
 	f.logger.Println()
 	f.logger.Infof("Initializing Developer Portal client")
 	var devportalClient autocodesign.DevPortalClient
 	if credentials.APIKey != nil {
 		httpClient := appstoreconnect.NewRetryableHTTPClient()
-		client := appstoreconnect.NewClient(httpClient, credentials.APIKey.KeyID, credentials.APIKey.IssuerID, []byte(credentials.APIKey.PrivateKey))
+		client := appstoreconnect.NewClient(httpClient, credentials.APIKey.KeyID, credentials.APIKey.IssuerID, []byte(credentials.APIKey.PrivateKey), credentials.APIKey.EnterpriseAccount)
 		client.EnableDebugLogs = false // Turn off client debug logs including HTTP call debug logs
 		devportalClient = appstoreconnectclient.NewAPIDevPortalClient(client)
 		f.logger.Debugf("App Store Connect API client created with base URL: %s", client.BaseURL)

autocodesign/devportalclient/spaceship/devices.go

@@ -7,8 +7,8 @@ import (
 	"strings"
 
 	"github.com/bitrise-io/go-utils/log"
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 )
 
 // DeviceClient ...