How can I use Foreman host groups with Puppet?

I have this manifest:

$foremanlogin = file('/etc/puppetlabs/code/environments/production/manifests/foremanlogin.txt')
$foremanpass = file('/etc/puppetlabs/code/environments/production/manifests/foremanpass.txt')

$query = foreman({foreman_user => "$foremanlogin",
                  foreman_pass => "$foremanpass",
                  item         => 'hosts',
                  search       => 'hostgroup = "Web Servers"',
filter_result => 'name',
})

$quoted = regsubst($query, '(.*)', '"\1"')
$query6 = join($quoted, ",")

notify{"The value is: ${query6}": }

node ${query6} {

package { 'atop':
    ensure => 'installed',
  }

}

When I execute this on agent I got error:

Server Error: Could not parse for environment production: Syntax error at ''

Error in my node block

node ${query6} {

package { 'atop':
    ensure => 'installed',
  }

}

I see correct output from notify, my variable looks like this:

"test-ubuntu1","test-ubuntu2"

Variable in correct node manifest format.

I don't understand whats wrong? variable query6 is correct.

How to fix that?

I just want to apply this manifest to foreman host group, how to do this right?

On the Puppet side, you create classes describing how to manage appropriate subunits of your machines' overall configuration, and organize those classes into modules. The details of this are far too broad to cover in an SO answer -- it would be analogous to answering "How do I program in [language X]?".

Having prepared your classes, the task is to instruct Puppet which ones to assign to each node. This is called "classification". Node blocks are one way to perform classification. Another is external node classifiers (ENCs). There are also alternatives based on ordinary top-level Puppet code in your site manifest. None of these are exclusive.

If you are running Puppet with The Foreman, however, then you should configure Puppet to use the ENC that Foreman provides. You then use Foreman to assign (Puppet) classes to nodes and / or node groups, and Foreman communicates the details to Puppet via its ENC. That does not require any classification code on the Puppet side at all.

See also How does host groups work with foreman?