Params to control the following puppetca settings are missing:
puppetca_use_sudo
sudo_command

Furthermore, the sudo rule to allow foreman-proxy to run 'puppet cert' is set to run as root, should it not run as the 'puppet' user instead? There is no need to run as root, and if you have your puppetcerts on NFS running the 'puppet cert' command as root will not work (unless you use 'no_root_squash' which you really shouldnt).

I can provide a PR for this, just wanted to check first if it would be accepted...

I understand also that running the 'puppet cert' command as root is really set in the foreman-proxy code so there would need to be a change there as well. However, if you can set an alternative sudo command via the 'sudo_command' parameter you can fix this yourself with a simple bash wrapper.

You're right that we're just configuring what the proxy expects. Since the parameter is there, configuring it from this module is within the scope of this module and PRs are welcome.

@wiad do you think you could come up with a PR or can we help you with it?

@ekohl Since i reported this I have actually moved my certs from NFS to local storage, so it doesnt affect me anymore (I had actually forgotten about this issue, sorry). I would however be happy to contribute with a PR when I find the time.

@wiad good to hear it's no longer a problem. Given this could still be an issue for some users a PR would be great.

With Puppet 6 we no longer use commands and sudo so I'm closing this.