General improvement on certificate agent settings

Author: carlosmonastyrski

certificate-agent-config.yaml

@@ -1,3 +1,5 @@
+certificate-management: v1
+
 infisical:
   address: "https://app.infisical.com/"
 
@@ -9,28 +11,26 @@ auth:
     remove_client_secret_on_read: false
 
 certificates:
-  - profile-id: "5882cac9-b182-4209-a311-64b7c12c4610"
+  - profile-name: "my-profile-name"
+    project-slug: "my-project-slug"
 
     # Certificate parameters
-    common-name: "api.mycompany.com"
-    alt-names:
-      - "www.api.mycompany.com"
-      - "internal-api.mycompany.com"
-    key-algorithm: "RSA_2048"
-    signature-algorithm: "RSA-SHA256"
-    key-usages:
-      - "digital_signature"
-      - "key_encipherment"
-    extended-key-usages:
-      - "server_auth"
-
-    # Certificate lifecycle configuration
-    ttl: "30d"
+    attributes:
+      common-name: "api.mycompany.com"
+      alt-names:
+        - "www.api.mycompany.com"
+        - "internal-api.mycompany.com"
+      key-algorithm: "RSA_2048"
+      signature-algorithm: "RSA-SHA256"
+      key-usages:
+        - "digital_signature"
+        - "key_encipherment"
+      extended-key-usages:
+        - "server_auth"
+      ttl: "30d"
     lifecycle:
-      renew-before-expiry: "7d"            # When to start checking for renewal before expiration
+      renew-before-expiry: "1d"            # When to start checking for renewal before expiration
       status-check-interval: "6h"          # How often to check certificate status and renewal needs
-      max-failure-retries: 3               # Maximum number of failed operation retries before giving up
-      failure-retry-interval: "1h"         # How long to wait between failed operation retry attempts
 
     # Post-hooks for automation
     post-hooks:

packages/api/api.go

@@ -294,6 +294,45 @@ func CallGetProjectById(httpClient *resty.Client, id string) (Project, error) {
 	return projectResponse.Project, nil
 }
 
+func CallGetProjectBySlug(httpClient *resty.Client, slug string) (Project, error) {
+	var projectResponse GetProjectBySlugResponse
+	response, err := httpClient.
+		R().
+		SetResult(&projectResponse).
+		SetHeader("User-Agent", USER_AGENT).
+		Get(fmt.Sprintf("%v/v1/projects/slug/%s", config.INFISICAL_URL, slug))
+
+	if err != nil {
+		return Project{}, NewGenericRequestError("CallGetProjectBySlug", err)
+	}
+
+	if response.IsError() {
+		return Project{}, NewAPIErrorWithResponse("CallGetProjectBySlug", response, nil)
+	}
+
+	return Project(projectResponse), nil
+}
+
+func CallGetCertificateProfileBySlug(httpClient *resty.Client, projectId, slug string) (CertificateProfile, error) {
+	var profileResponse GetCertificateProfileResponse
+	response, err := httpClient.
+		R().
+		SetResult(&profileResponse).
+		SetHeader("User-Agent", USER_AGENT).
+		SetQueryParam("projectId", projectId).
+		Get(fmt.Sprintf("%v/v1/cert-manager/certificate-profiles/slug/%s", config.INFISICAL_URL, slug))
+
+	if err != nil {
+		return CertificateProfile{}, NewGenericRequestError("CallGetCertificateProfileBySlug", err)
+	}
+
+	if response.IsError() {
+		return CertificateProfile{}, NewAPIErrorWithResponse("CallGetCertificateProfileBySlug", response, nil)
+	}
+
+	return profileResponse.CertificateProfile, nil
+}
+
 func CallIsAuthenticated(httpClient *resty.Client) bool {
 	var workSpacesResponse GetWorkSpacesResponse
 	response, err := httpClient.

packages/api/model.go

@@ -136,6 +136,21 @@ type GetProjectByIdResponse struct {
 	Project Project `json:"workspace"`
 }
 
+type GetProjectBySlugResponse Project
+
+type CertificateProfile struct {
+	ID                    string `json:"id"`
+	Name                  string `json:"name"`
+	Description           string `json:"description"`
+	ProjectID             string `json:"projectId"`
+	CaID                  string `json:"caId"`
+	CertificateTemplateID string `json:"certificateTemplateId"`
+}
+
+type GetCertificateProfileResponse struct {
+	CertificateProfile CertificateProfile `json:"certificateProfile"`
+}
+
 type GetOrganizationsResponse struct {
 	Organizations []struct {
 		ID   string `json:"id"`