FQDN is used for producing puppet environment and parameters, not certname

Foreman appears to use the fqdn from a host’s facts to match to the host in Foreman.

Expected outcome:
IMHO Foreman should use the trusted certname.

Otherwise it’s easy to get access to environment data outside that assigned in Foreman.

We are running our software for many clients on their hardware using puppet. We use R10K with prefixes for each customer to create different puppet environments for each project/customer. I assumed this was safe since we carefully manage the signing of new agent certificates and that would lock that machine into only getting the catalog and data appropriate for that customer due to what environment the Foreman ENC sends. But it turns out if the customer has access to a machine to the point they can alter the hostname, or call the agent with FACTER_fqdn then they could get access to any puppet environment they can figure out a fqdn of.

Is this as scary as I think it is?

Foreman and Proxy versions:
Foreman 1.23

Other relevant data:
This has been brought up before: New hosts showing up with fqdn instead of certname, but with no resolution.