Add puppet user to user_groups if server or client certificate contai…

…ns puppet path

manifests/config.pp

@@ -74,6 +74,12 @@
   }
 
   if $foreman::manage_user {
+    if $foreman::puppet_ssldir in $foreman::server_ssl_key or $foreman::puppet_ssldir in $foreman::client_ssl_key {
+      $_user_groups = $foreman::user_groups + ['puppet']
+    } else {
+      $_user_groups = $foreman::user_groups
+    }
+
     group { $foreman::group:
       ensure => 'present',
     }
@@ -83,7 +89,7 @@
       comment => 'Foreman',
       home    => $foreman::app_root,
       gid     => $foreman::group,
-      groups  => $foreman::user_groups,
+      groups  => unique($_user_groups),
     }
   }
 

manifests/params.pp

@@ -24,7 +24,7 @@
   $manage_user       = true
   $user              = 'foreman'
   $group             = 'foreman'
-  $user_groups       = ['puppet']
+  $user_groups       = []
   $rails_env         = 'production'
   $version           = 'present'
   $plugin_version    = 'present'

spec/acceptance/hieradata/common.yaml

@@ -5,4 +5,6 @@ foreman::server_ssl_cert: /etc/foreman-certs/certificate.pem
 foreman::server_ssl_chain: /etc/foreman-certs/certificate.pem
 foreman::server_ssl_crl: ""
 foreman::server_ssl_key: /etc/foreman-certs/key.pem
-foreman::user_groups: []
+foreman::client_ssl_ca: /etc/foreman-certs/certificate.pem
+foreman::client_ssl_cert: /etc/foreman-certs/certificate.pem
+foreman::client_ssl_key: /etc/foreman-certs/key.pem