From 49fb1afb0f2f082b85c4cab5df1bd5c49c0a892a Mon Sep 17 00:00:00 2001
From: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
Date: Wed, 1 Sep 2021 17:47:45 +0200
Subject: [PATCH] Refs #35985 - Implement optional Katello integration

Katello uses a different certificate structure. This moves over the
integration bits from puppet-foreman_proxy_content to this module. It
also means fewer variables need to be set in the installer itself.
---
 README.md                   |  9 +++++++++
 manifests/server/foreman.pp | 23 +++++++++++++++++++----
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e3bbd3a7..95626c59 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,15 @@ Since version 15.0.0 the integration bits depend on the standalone module where
 previously it depended on
 [theforeman/foreman](https://forge.puppetlabs.com/theforeman/foreman)
 
+There is also optional integration for [katello/certs](https://forge.puppetlabs.com/katello/certs).
+This can be enabled via Hiera:
+
+```yaml
+puppet::server::foreman::katello: true
+```
+
+Then the `foreman_ssl_{ca,cert,key}` parameters are ignored and `certs::puppet` is used as a source.
+
 ## PuppetDB integration
 
 The Puppet master can be configured to export catalogs and reports to a
diff --git a/manifests/server/foreman.pp b/manifests/server/foreman.pp
index 186d7d56..ffef3c90 100644
--- a/manifests/server/foreman.pp
+++ b/manifests/server/foreman.pp
@@ -1,6 +1,21 @@
 # @summary Set up Foreman integration
 # @api private
-class puppet::server::foreman {
+class puppet::server::foreman (
+  Boolean $katello = false,
+) {
+  if $katello {
+    include certs::puppet
+    Class['certs::puppet'] -> Class['puppetserver_foreman']
+
+    $ssl_ca = $certs::puppet::ssl_ca_cert
+    $ssl_cert = $certs::puppet::client_cert
+    $ssl_key = $certs::puppet::client_key
+  } else {
+    $ssl_ca = pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert)
+    $ssl_cert = pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert)
+    $ssl_key = pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key)
+  }
+
   # Include foreman components for the puppetmaster
   # ENC script, reporting script etc.
   class { 'puppetserver_foreman':
@@ -10,9 +25,9 @@
     puppet_home      => $puppet::server::puppetserver_vardir,
     puppet_basedir   => $puppet::server::puppet_basedir,
     puppet_etcdir    => $puppet::dir,
-    ssl_ca           => pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert),
-    ssl_cert         => pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert),
-    ssl_key          => pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key),
+    ssl_ca           => $ssl_ca,
+    ssl_cert         => $ssl_cert,
+    ssl_key          => $ssl_key,
   }
   contain puppetserver_foreman
 }