[STEP-2061] Enterprise api (#246)

* Added enterprise API client

* Added test

* Make baseURL fully overrideable

* Use the new API flag

* Update input override

* Update appstoreconnect.go

* Update URL creation

* Added codesigning integration test

* Add enterprise flag

* Use the new v2 devportalservice. Moved appleauth.Credentials to devportalservice.Credentials.

* Use new devportalservice.NewBitriseClient with new params

* Added codesinging e2e tests using dev step

* Disable Xcode managed signing for enterpries as not working yet

* lint

* Change workdir back

* lint

* yml formatting

* Speed up spaceships tests by removing sleep in tests

* Fix dev step path

* Convert e2e test step to scrip to work around go workspace issues due to CLI copying step dir

* step path lookup fix

* E2E test step path fixed

* Removed e2e from legacy WF

* Deduplicate legacy WF

* Fix step ref

* Lint

* Revert E2E test changes for now

---------

Co-authored-by: Szabolcs Toth <54896607+tothszabi@users.noreply.github.com>
Co-authored-by: Olivér Falvai <ofalvai@gmail.com>

Author: 3 people

autocodesign/autocodesign.go

@@ -11,9 +11,9 @@ import (
 
 	"github.com/bitrise-io/go-utils/log"
 	"github.com/bitrise-io/go-xcode/certificateutil"
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/profileutil"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 	"github.com/bitrise-io/go-xcode/xcodeproject/serialized"
 )
 

autocodesign/devices.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 
 	"github.com/bitrise-io/go-utils/log"
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 )
 
 // EnsureTestDevices fetches devices from Apple, and register missing devices.

autocodesign/devices_test.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/bitrise-io/go-xcode/devportalservice"
 	"github.com/bitrise-io/go-xcode/v2/autocodesign/devportalclient/appstoreconnect"
+	"github.com/bitrise-io/go-xcode/v2/devportalservice"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

autocodesign/devportalclient/appstoreconnect/appstoreconnect.go

@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"net/url"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/bitrise-io/go-utils/httputil"
@@ -23,7 +24,12 @@ import (
 )
 
 const (
-	baseURL    = "https://api.appstoreconnect.apple.com/"
+	clientBaseURL = "https://api.appstoreconnect.apple.com/"
+	tokenAudience = "appstoreconnect-v1"
+
+	clientBaseEnterpiseURL  = "https://api.enterprise.developer.apple.com/"
+	tokenEnterpriseAudience = "apple-developer-enterprise-v1"
+
 	apiVersion = "v1"
 )
 
@@ -52,6 +58,7 @@ type Client struct {
 	keyID             string
 	issuerID          string
 	privateKeyContent []byte
+	audience          string
 
 	token       *jwt.Token
 	signedToken string
@@ -83,8 +90,15 @@ func NewRetryableHTTPClient() *http.Client {
 }
 
 // NewClient creates a new client
-func NewClient(httpClient HTTPClient, keyID, issuerID string, privateKey []byte) *Client {
-	baseURL, err := url.Parse(baseURL)
+func NewClient(httpClient HTTPClient, keyID, issuerID string, privateKey []byte, isEnterpise bool) *Client {
+	targetURL := clientBaseURL
+	targetAudience := tokenAudience
+	if isEnterpise {
+		targetURL = clientBaseEnterpiseURL
+		targetAudience = tokenEnterpriseAudience
+	}
+
+	baseURL, err := url.Parse(targetURL)
 	if err != nil {
 		panic("invalid api base url: " + err.Error())
 	}
@@ -93,6 +107,7 @@ func NewClient(httpClient HTTPClient, keyID, issuerID string, privateKey []byte)
 		keyID:             keyID,
 		issuerID:          issuerID,
 		privateKeyContent: privateKey,
+		audience:          targetAudience,
 
 		client:  httpClient,
 		BaseURL: baseURL,
@@ -126,17 +141,29 @@ func (c *Client) ensureSignedToken() (string, error) {
 		log.Debugf("Generating JWT token")
 	}
 
-	c.token = createToken(c.keyID, c.issuerID)
+	c.token = createToken(c.keyID, c.issuerID, c.audience)
 	var err error
 	if c.signedToken, err = signToken(c.token, c.privateKeyContent); err != nil {
 		return "", err
 	}
 	return c.signedToken, nil
 }
 
+// NewRequestWithRelationshipURL ...
+func (c *Client) NewRequestWithRelationshipURL(method, endpoint string, body interface{}) (*http.Request, error) {
+	endpoint = strings.TrimPrefix(endpoint, c.BaseURL.String()+apiVersion+"/")
+
+	return c.NewRequest(method, endpoint, body)
+}
+
 // NewRequest creates a new http.Request
 func (c *Client) NewRequest(method, endpoint string, body interface{}) (*http.Request, error) {
 	endpoint = apiVersion + "/" + endpoint
+
+	return c.newRequest(method, endpoint, body)
+}
+
+func (c *Client) newRequest(method, endpoint string, body interface{}) (*http.Request, error) {
 	u, err := c.BaseURL.Parse(endpoint)
 	if err != nil {
 		return nil, fmt.Errorf("parsing endpoint failed: %v", err)

autocodesign/devportalclient/appstoreconnect/appstoreconnect_test.go

@@ -0,0 +1,31 @@
+// Package appstoreconnect implements a client for the App Store Connect API.
+//
+// It contains type definitions, authentication and API calls, without business logic built on those API calls.
+package appstoreconnect
+
+import (
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewClient(t *testing.T) {
+	got := NewClient(NewRetryableHTTPClient(), "keyID", "issuerID", []byte{}, false)
+
+	require.Equal(t, "appstoreconnect-v1", got.audience)
+
+	wantURL, err := url.Parse("https://api.appstoreconnect.apple.com/")
+	require.NoError(t, err)
+	require.Equal(t, wantURL, got.BaseURL)
+}
+
+func TestNewEnterpriseClient(t *testing.T) {
+	got := NewClient(NewRetryableHTTPClient(), "keyID", "issuerID", []byte{}, true)
+
+	require.Equal(t, "apple-developer-enterprise-v1", got.audience)
+
+	wantURL, err := url.Parse("https://api.enterprise.developer.apple.com/")
+	require.NoError(t, err)
+	require.Equal(t, wantURL, got.BaseURL)
+}

autocodesign/devportalclient/appstoreconnect/bundleids.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 )
 
 // BundleIDsEndpoint ...
@@ -125,8 +124,7 @@ func (s ProvisioningService) CreateBundleID(body BundleIDCreateRequest) (*Bundle
 
 // BundleID ...
 func (s ProvisioningService) BundleID(relationshipLink string) (*BundleIDResponse, error) {
-	endpoint := strings.TrimPrefix(relationshipLink, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, relationshipLink, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/capabilities.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 )
 
 // BundleIDCapabilitiesEndpoint ...
@@ -262,8 +261,7 @@ func (s ProvisioningService) UpdateCapability(id string, body BundleIDCapability
 
 // Capabilities ...
 func (s ProvisioningService) Capabilities(relationshipLink string) (*BundleIDCapabilitiesResponse, error) {
-	endpoint := strings.TrimPrefix(relationshipLink, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, relationshipLink, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/certificates.go

@@ -3,7 +3,6 @@ package appstoreconnect
 import (
 	"fmt"
 	"net/http"
-	"strings"
 )
 
 // CertificatesEndpoint ...
@@ -108,8 +107,7 @@ func (s ProvisioningService) Certificates(relationshipLink string, opt *PagingOp
 		return nil, err
 	}
 
-	endpoint := strings.TrimPrefix(u, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, u, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/devices.go

@@ -2,7 +2,6 @@ package appstoreconnect
 
 import (
 	"net/http"
-	"strings"
 )
 
 // DevicesEndpoint ...
@@ -145,8 +144,7 @@ func (s ProvisioningService) Devices(relationshipLink string, opt *PagingOptions
 		return nil, err
 	}
 
-	endpoint := strings.TrimPrefix(u, baseURL+apiVersion)
-	req, err := s.client.NewRequest(http.MethodGet, endpoint, nil)
+	req, err := s.client.NewRequestWithRelationshipURL(http.MethodGet, u, nil)
 	if err != nil {
 		return nil, err
 	}

autocodesign/devportalclient/appstoreconnect/jwt.go

@@ -31,11 +31,11 @@ func signToken(token *jwt.Token, privateKeyContent []byte) (string, error) {
 }
 
 // createToken creates a jwt.Token for the Apple API
-func createToken(keyID string, issuerID string) *jwt.Token {
+func createToken(keyID string, issuerID string, audience string) *jwt.Token {
 	payload := claims{
 		IssuerID:   issuerID,
 		Expiration: time.Now().Add(jwtDuration).Unix(),
-		Audience:   "appstoreconnect-v1",
+		Audience:   audience,
 	}
 
 	// registers headers: alg = ES256 and typ = JWT