feat: adds templating, positional arg for common name and other impro…

…vements.

Signed-off-by: ianhundere <138915+ianhundere@users.noreply.github.com>

cmd/certificate_maker/certificate_maker.go

@@ -45,9 +45,14 @@ var (
 	}
 
 	createCmd = &cobra.Command{
-		Use:   "create",
+		Use:   "create [common-name]",
 		Short: "Create certificate chain",
-		RunE:  runCreate,
+		Long: `Create a certificate chain with the specified common name.
+The common name will be used as the Subject Common Name for the certificates.
+If no common name is provided, the values from the templates will be used.
+Example: fulcio-certificate-maker create "https://fulcio.example.com"`,
+		Args: cobra.RangeArgs(0, 1),
+		RunE: runCreate,
 	}
 )
 
@@ -92,19 +97,24 @@ func init() {
 
 	// Root certificate flags
 	createCmd.Flags().String("root-key-id", "", "KMS key identifier for root certificate")
-	createCmd.Flags().String("root-template", "pkg/certmaker/templates/root-template.json", "Path to root certificate template")
+	createCmd.Flags().String("root-template", "", "Path to root certificate template (optional)")
 	createCmd.Flags().String("root-cert", "root.pem", "Output path for root certificate")
 
 	// Intermediate certificate flags
 	createCmd.Flags().String("intermediate-key-id", "", "KMS key identifier for intermediate certificate")
-	createCmd.Flags().String("intermediate-template", "pkg/certmaker/templates/intermediate-template.json", "Path to intermediate certificate template")
+	createCmd.Flags().String("intermediate-template", "", "Path to intermediate certificate template (optional)")
 	createCmd.Flags().String("intermediate-cert", "intermediate.pem", "Output path for intermediate certificate")
 
 	// Leaf certificate flags
 	createCmd.Flags().String("leaf-key-id", "", "KMS key identifier for leaf certificate")
-	createCmd.Flags().String("leaf-template", "pkg/certmaker/templates/leaf-template.json", "Path to leaf certificate template")
+	createCmd.Flags().String("leaf-template", "", "Path to leaf certificate template (optional)")
 	createCmd.Flags().String("leaf-cert", "leaf.pem", "Output path for leaf certificate")
 
+	// Lifetime flags
+	createCmd.Flags().Duration("root-lifetime", 87600*time.Hour, "Root certificate lifetime")
+	createCmd.Flags().Duration("intermediate-lifetime", 43800*time.Hour, "Intermediate certificate lifetime")
+	createCmd.Flags().Duration("leaf-lifetime", 8760*time.Hour, "Leaf certificate lifetime")
+
 	mustBindPFlag("kms-type", createCmd.Flags().Lookup("kms-type"))
 	mustBindPFlag("aws-region", createCmd.Flags().Lookup("aws-region"))
 	mustBindPFlag("azure-tenant-id", createCmd.Flags().Lookup("azure-tenant-id"))
@@ -120,15 +130,25 @@ func init() {
 	mustBindPFlag("leaf-key-id", createCmd.Flags().Lookup("leaf-key-id"))
 	mustBindPFlag("leaf-template", createCmd.Flags().Lookup("leaf-template"))
 	mustBindPFlag("leaf-cert", createCmd.Flags().Lookup("leaf-cert"))
+	mustBindPFlag("root-lifetime", createCmd.Flags().Lookup("root-lifetime"))
+	mustBindPFlag("intermediate-lifetime", createCmd.Flags().Lookup("intermediate-lifetime"))
+	mustBindPFlag("leaf-lifetime", createCmd.Flags().Lookup("leaf-lifetime"))
 }
 
-func runCreate(_ *cobra.Command, _ []string) error {
+func runCreate(_ *cobra.Command, args []string) error {
 	defer func() { rootCmd.SilenceUsage = true }()
 	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 	defer cancel()
 
+	// Get common name from args if provided, otherwise templates used
+	var commonName string
+	if len(args) > 0 {
+		commonName = args[0]
+	}
+
 	// Build KMS config from flags and environment
 	config := certmaker.KMSConfig{
+		CommonName:        commonName,
 		Type:              viper.GetString("kms-type"),
 		RootKeyID:         viper.GetString("root-key-id"),
 		IntermediateKeyID: viper.GetString("intermediate-key-id"),
@@ -140,7 +160,7 @@ func runCreate(_ *cobra.Command, _ []string) error {
 	switch config.Type {
 	case "gcpkms":
 		if gcpCredsFile := viper.GetString("gcp-credentials-file"); gcpCredsFile != "" {
-			// Check if credentials file exists before trying to use it
+			// Check if gcp creds exists
 			if _, err := os.Stat(gcpCredsFile); err != nil {
 				if os.IsNotExist(err) {
 					return fmt.Errorf("failed to initialize KMS: credentials file not found: %s", gcpCredsFile)
@@ -171,19 +191,32 @@ func runCreate(_ *cobra.Command, _ []string) error {
 		return fmt.Errorf("failed to initialize KMS: %w", err)
 	}
 
-	// Validate template paths
+	// Validate template paths if provided
 	rootTemplate := viper.GetString("root-template")
 	leafTemplate := viper.GetString("leaf-template")
-	intermediateTemplate := viper.GetString("intermediate-template")
 
-	if err := certmaker.ValidateTemplatePath(rootTemplate); err != nil {
-		return fmt.Errorf("root template error: %w", err)
+	if rootTemplate != "" {
+		if err := certmaker.ValidateTemplatePath(rootTemplate); err != nil {
+			return fmt.Errorf("root template error: %w", err)
+		}
 	}
-	if err := certmaker.ValidateTemplatePath(leafTemplate); err != nil {
-		return fmt.Errorf("leaf template error: %w", err)
+	if leafTemplate != "" {
+		if err := certmaker.ValidateTemplatePath(leafTemplate); err != nil {
+			return fmt.Errorf("leaf template error: %w", err)
+		}
 	}
 
-	return certmaker.CreateCertificates(km, config, rootTemplate, leafTemplate, viper.GetString("root-cert"), viper.GetString("leaf-cert"), viper.GetString("intermediate-key-id"), intermediateTemplate, viper.GetString("intermediate-cert"))
+	return certmaker.CreateCertificates(km, config,
+		rootTemplate,
+		leafTemplate,
+		viper.GetString("root-cert"),
+		viper.GetString("leaf-cert"),
+		viper.GetString("intermediate-key-id"),
+		viper.GetString("intermediate-template"),
+		viper.GetString("intermediate-cert"),
+		viper.GetDuration("root-lifetime"),
+		viper.GetDuration("intermediate-lifetime"),
+		viper.GetDuration("leaf-lifetime"))
 }
 
 func main() {