Show expired provisioning profiles in list (#1608)

rudrankriyam · web-flow · commit afce8d4c13ef · 2026-06-02T16:48:52.000+05:30
diff --git a/internal/asc/client_http_test.go b/internal/asc/client_http_test.go
@@ -7189,6 +7189,9 @@ func TestGetProfiles_WithFilter(t *testing.T) {
 		if values.Get("filter[profileType]") != "IOS_APP_DEVELOPMENT,IOS_APP_STORE" {
 			t.Fatalf("expected filter[profileType] to be set, got %q", values.Get("filter[profileType]"))
 		}
+		if values.Get("filter[profileState]") != "ACTIVE,INVALID" {
+			t.Fatalf("expected filter[profileState] to be set, got %q", values.Get("filter[profileState]"))
+		}
 		if values.Get("limit") != "5" {
 			t.Fatalf("expected limit=5, got %q", values.Get("limit"))
 		}
@@ -7198,6 +7201,7 @@ func TestGetProfiles_WithFilter(t *testing.T) {
 	if _, err := client.GetProfiles(
 		context.Background(),
 		WithProfilesTypes([]string{"IOS_APP_DEVELOPMENT", "IOS_APP_STORE"}),
+		WithProfilesStates([]string{"ACTIVE", "INVALID"}),
 		WithProfilesLimit(5),
 	); err != nil {
 		t.Fatalf("GetProfiles() error: %v", err)
diff --git a/internal/asc/client_options.go b/internal/asc/client_options.go
@@ -2552,6 +2552,13 @@ func WithProfilesTypes(types []string) ProfilesOption {
 	}
 }
 
+// WithProfilesStates filters profiles by profile state.
+func WithProfilesStates(states []string) ProfilesOption {
+	return func(q *profilesQuery) {
+		q.profileStates = normalizeUpperList(states)
+	}
+}
+
 // WithProfilesInclude sets include for profile responses.
 func WithProfilesInclude(include []string) ProfilesOption {
 	return func(q *profilesQuery) {
diff --git a/internal/asc/client_queries.go b/internal/asc/client_queries.go
@@ -464,9 +464,10 @@ type merchantIDCertificatesQuery struct {
 
 type profilesQuery struct {
 	listQuery
-	bundleID     string
-	profileTypes []string
-	include      []string
+	bundleID      string
+	profileTypes  []string
+	profileStates []string
+	include       []string
 }
 
 type usersQuery struct {
@@ -974,6 +975,7 @@ func buildProfilesQuery(query *profilesQuery) string {
 		values.Set("filter[bundleId]", strings.TrimSpace(query.bundleID))
 	}
 	addCSV(values, "filter[profileType]", query.profileTypes)
+	addCSV(values, "filter[profileState]", query.profileStates)
 	addCSV(values, "include", query.include)
 	addLimit(values, query.limit)
 	return values.Encode()
diff --git a/internal/asc/signing.go b/internal/asc/signing.go
@@ -173,7 +173,8 @@ type CertificateResponse = SingleResponse[CertificateAttributes]
 type ProfileState string
 
 const (
-	ProfileStateActive ProfileState = "ACTIVE"
+	ProfileStateActive  ProfileState = "ACTIVE"
+	ProfileStateInvalid ProfileState = "INVALID"
 )
 
 // ProfileAttributes describes a profile resource.
diff --git a/internal/cli/cmdtest/profiles_next_validation_test.go b/internal/cli/cmdtest/profiles_next_validation_test.go
@@ -2,6 +2,9 @@ package cmdtest
 
 import (
 	"context"
+	"encoding/json"
+	"errors"
+	"flag"
 	"io"
 	"net/http"
 	"path/filepath"
@@ -56,6 +59,166 @@ func TestProfilesListRejectsInvalidNextURL(t *testing.T) {
 	}
 }
 
+func TestProfilesListDefaultsToActiveAndInvalidStates(t *testing.T) {
+	setupAuth(t)
+	t.Setenv("ASC_CONFIG_PATH", filepath.Join(t.TempDir(), "nonexistent.json"))
+
+	originalTransport := http.DefaultTransport
+	t.Cleanup(func() {
+		http.DefaultTransport = originalTransport
+	})
+
+	http.DefaultTransport = roundTripFunc(func(req *http.Request) (*http.Response, error) {
+		if req.Method != http.MethodGet || req.URL.Path != "/v1/profiles" {
+			t.Fatalf("unexpected request: %s %s", req.Method, req.URL.String())
+		}
+		if got := req.URL.Query().Get("filter[profileState]"); got != "ACTIVE,INVALID" {
+			t.Fatalf("expected default profileState filter ACTIVE,INVALID, got %q", got)
+		}
+		body := `{"data":[` +
+			`{"type":"profiles","id":"profile-active","attributes":{"name":"Active","profileType":"IOS_APP_STORE","profileState":"ACTIVE"}},` +
+			`{"type":"profiles","id":"profile-invalid","attributes":{"name":"Expired","profileType":"IOS_APP_ADHOC","profileState":"INVALID"}}` +
+			`]}`
+		return &http.Response{
+			StatusCode: http.StatusOK,
+			Body:       io.NopCloser(strings.NewReader(body)),
+			Header:     http.Header{"Content-Type": []string{"application/json"}},
+		}, nil
+	})
+
+	root := RootCommand("1.2.3")
+	root.FlagSet.SetOutput(io.Discard)
+
+	var runErr error
+	stdout, stderr := captureOutput(t, func() {
+		if err := root.Parse([]string{"profiles", "list", "--output", "json"}); err != nil {
+			t.Fatalf("parse error: %v", err)
+		}
+		runErr = root.Run(context.Background())
+	})
+
+	if runErr != nil {
+		t.Fatalf("run error: %v", runErr)
+	}
+	if stderr != "" {
+		t.Fatalf("expected empty stderr, got %q", stderr)
+	}
+
+	var payload struct {
+		Data []struct {
+			ID         string `json:"id"`
+			Attributes struct {
+				ProfileState string `json:"profileState"`
+			} `json:"attributes"`
+		} `json:"data"`
+	}
+	if err := json.Unmarshal([]byte(stdout), &payload); err != nil {
+		t.Fatalf("unmarshal profiles output: %v\n%s", err, stdout)
+	}
+	if len(payload.Data) != 2 {
+		t.Fatalf("expected active and invalid profiles, got %d", len(payload.Data))
+	}
+	if payload.Data[0].Attributes.ProfileState != "ACTIVE" || payload.Data[1].Attributes.ProfileState != "INVALID" {
+		t.Fatalf("unexpected profile states: %+v", payload.Data)
+	}
+}
+
+func TestProfilesListProfileStateFilter(t *testing.T) {
+	setupAuth(t)
+	t.Setenv("ASC_CONFIG_PATH", filepath.Join(t.TempDir(), "nonexistent.json"))
+
+	originalTransport := http.DefaultTransport
+	t.Cleanup(func() {
+		http.DefaultTransport = originalTransport
+	})
+
+	http.DefaultTransport = roundTripFunc(func(req *http.Request) (*http.Response, error) {
+		if req.Method != http.MethodGet || req.URL.Path != "/v1/profiles" {
+			t.Fatalf("unexpected request: %s %s", req.Method, req.URL.String())
+		}
+		if got := req.URL.Query().Get("filter[profileState]"); got != "INVALID" {
+			t.Fatalf("expected profileState filter INVALID, got %q", got)
+		}
+		body := `{"data":[{"type":"profiles","id":"profile-invalid","attributes":{"name":"Expired","profileType":"IOS_APP_ADHOC","profileState":"INVALID"}}]}`
+		return &http.Response{
+			StatusCode: http.StatusOK,
+			Body:       io.NopCloser(strings.NewReader(body)),
+			Header:     http.Header{"Content-Type": []string{"application/json"}},
+		}, nil
+	})
+
+	root := RootCommand("1.2.3")
+	root.FlagSet.SetOutput(io.Discard)
+
+	var runErr error
+	stdout, stderr := captureOutput(t, func() {
+		if err := root.Parse([]string{"profiles", "list", "--profile-state", "invalid", "--output", "json"}); err != nil {
+			t.Fatalf("parse error: %v", err)
+		}
+		runErr = root.Run(context.Background())
+	})
+
+	if runErr != nil {
+		t.Fatalf("run error: %v", runErr)
+	}
+	if stderr != "" {
+		t.Fatalf("expected empty stderr, got %q", stderr)
+	}
+
+	var payload struct {
+		Data []struct {
+			ID         string `json:"id"`
+			Attributes struct {
+				ProfileState string `json:"profileState"`
+			} `json:"attributes"`
+		} `json:"data"`
+	}
+	if err := json.Unmarshal([]byte(stdout), &payload); err != nil {
+		t.Fatalf("unmarshal profiles output: %v\n%s", err, stdout)
+	}
+	if len(payload.Data) != 1 || payload.Data[0].ID != "profile-invalid" || payload.Data[0].Attributes.ProfileState != "INVALID" {
+		t.Fatalf("unexpected profiles output: %+v", payload.Data)
+	}
+}
+
+func TestProfilesListProfileStateInvalidValueReturnsUsageError(t *testing.T) {
+	originalTransport := http.DefaultTransport
+	t.Cleanup(func() {
+		http.DefaultTransport = originalTransport
+	})
+
+	requestCount := 0
+	http.DefaultTransport = roundTripFunc(func(req *http.Request) (*http.Response, error) {
+		requestCount++
+		t.Fatalf("unexpected HTTP request for invalid profile-state: %s %s", req.Method, req.URL.String())
+		return nil, nil
+	})
+
+	root := RootCommand("1.2.3")
+	root.FlagSet.SetOutput(io.Discard)
+
+	var runErr error
+	stdout, stderr := captureOutput(t, func() {
+		if err := root.Parse([]string{"profiles", "list", "--profile-state", "EXPIRED"}); err != nil {
+			t.Fatalf("parse error: %v", err)
+		}
+		runErr = root.Run(context.Background())
+	})
+
+	if !errors.Is(runErr, flag.ErrHelp) {
+		t.Fatalf("expected flag.ErrHelp usage error, got %v", runErr)
+	}
+	if stdout != "" {
+		t.Fatalf("expected empty stdout, got %q", stdout)
+	}
+	if !strings.Contains(stderr, "--profile-state must be one of: ACTIVE, INVALID") {
+		t.Fatalf("expected profile-state usage error, got %q", stderr)
+	}
+	if requestCount != 0 {
+		t.Fatalf("expected 0 requests, got %d", requestCount)
+	}
+}
+
 func TestProfilesListPaginateFromNext(t *testing.T) {
 	setupAuth(t)
 	t.Setenv("ASC_CONFIG_PATH", filepath.Join(t.TempDir(), "nonexistent.json"))
diff --git a/internal/cli/profiles/profiles.go b/internal/cli/profiles/profiles.go
@@ -59,6 +59,7 @@ func ProfilesListCommand() *ffcli.Command {
 	fs := flag.NewFlagSet("list", flag.ExitOnError)
 
 	profileType := fs.String("profile-type", "", "Filter by profile type(s), comma-separated")
+	profileState := fs.String("profile-state", "", "Filter by profile state(s): ACTIVE, INVALID (default: ACTIVE,INVALID)")
 	limit := fs.Int("limit", 0, "Maximum results per page (1-200)")
 	next := fs.String("next", "", "Fetch next page using a links.next URL")
 	paginate := fs.Bool("paginate", false, "Automatically fetch all pages (aggregate results)")
@@ -73,6 +74,7 @@ func ProfilesListCommand() *ffcli.Command {
 Examples:
   asc profiles list
   asc profiles list --profile-type IOS_APP_DEVELOPMENT
+  asc profiles list --profile-state INVALID
   asc profiles list --paginate`,
 		FlagSet:   fs,
 		UsageFunc: shared.DefaultUsageFunc,
@@ -85,6 +87,10 @@ Examples:
 			}
 
 			profileTypes := shared.SplitCSVUpper(*profileType)
+			profileStates, err := normalizeProfileStates(*profileState)
+			if err != nil {
+				return shared.UsageError(err.Error())
+			}
 
 			client, err := shared.GetASCClient()
 			if err != nil {
@@ -97,6 +103,7 @@ Examples:
 			opts := []asc.ProfilesOption{
 				asc.WithProfilesLimit(*limit),
 				asc.WithProfilesNextURL(*next),
+				asc.WithProfilesStates(profileStates),
 			}
 			if len(profileTypes) > 0 {
 				opts = append(opts, asc.WithProfilesTypes(profileTypes))
@@ -402,3 +409,28 @@ func normalizeProfileInclude(value string) ([]string, error) {
 func profileIncludeList() []string {
 	return []string{"bundleId", "certificates", "devices"}
 }
+
+func normalizeProfileStates(value string) ([]string, error) {
+	states := shared.SplitCSVUpper(value)
+	if len(states) == 0 {
+		return defaultProfileStates(), nil
+	}
+	allowed := map[string]struct{}{}
+	for _, item := range profileStateList() {
+		allowed[item] = struct{}{}
+	}
+	for _, item := range states {
+		if _, ok := allowed[item]; !ok {
+			return nil, fmt.Errorf("--profile-state must be one of: %s", strings.Join(profileStateList(), ", "))
+		}
+	}
+	return states, nil
+}
+
+func defaultProfileStates() []string {
+	return []string{string(asc.ProfileStateActive), string(asc.ProfileStateInvalid)}
+}
+
+func profileStateList() []string {
+	return []string{string(asc.ProfileStateActive), string(asc.ProfileStateInvalid)}
+}

Original file line number	Diff line number	Diff line change
`@@ -2552,6 +2552,13 @@ func WithProfilesTypes(types []string) ProfilesOption {`
`2552`	`2552`	`}`
`2553`	`2553`	`}`
`2554`	`2554`
	`2555`	`+// WithProfilesStates filters profiles by profile state.`
	`2556`	`+func WithProfilesStates(states []string) ProfilesOption {`
	`2557`	`+ return func(q *profilesQuery) {`
	`2558`	`+ q.profileStates = normalizeUpperList(states)`
	`2559`	`+ }`
	`2560`	`+}`
	`2561`	`+`
`2555`	`2562`	`// WithProfilesInclude sets include for profile responses.`
`2556`	`2563`	`func WithProfilesInclude(include []string) ProfilesOption {`
`2557`	`2564`	`return func(q *profilesQuery) {`
Original file line number	Diff line number	Diff line change
`@@ -173,7 +173,8 @@ type CertificateResponse = SingleResponse[CertificateAttributes]`
`173`	`173`	`type ProfileState string`
`174`	`174`
`175`	`175`	`const (`
`176`		`- ProfileStateActive ProfileState = "ACTIVE"`
	`176`	`+ ProfileStateActive ProfileState = "ACTIVE"`
	`177`	`+ ProfileStateInvalid ProfileState = "INVALID"`
`177`	`178`	`)`
`178`	`179`
`179`	`180`	`// ProfileAttributes describes a profile resource.`