ipsec secret template formatting

[cjedwa]

This could be something I'm doing wrong but it appears to be a bug. Please review below and let me know. When passing a Hash to create an ipsec .secret, if the domain is not defined you get a malformed secrets file. In addition, the closing brace needs to be indented for secret to work. Honestly, not sure why that is.
Libreswan version: libreswan-3.15-7.5.el6_9.x86_64

Example:

Hiera:

ipsec_secret:
  'ipsec':
    ensure: 'present'
    type: RSA
    secret:
      Modulus: '<redacted>'
      PublicExponent: '<redacted>'
      PrivateExponent: '<redacted>'
      Prime1: '<redacted>'
      Prime2: '<redacted>'
      Exponent1: '<redacted>'
      Exponent2: '<redacted>'
      Coefficient: '<redacted>'
      CKAIDNSS: '<redacted>'

profile:

...
...
create_resources('libreswan::secret', $ipsec_secret)

Resulting ipsec.secret file

Note the whitespace in the first line from start of line to the ':'. Also note the closing brace. It seem that closing brace needs to be aligned with the start brace for the secret to work.

 : RSA {
  Modulus: <redacted>
  PublicExponent: <redacted>
  PrivateExponent: <redacted>
  Prime1: <redacted>
  Prime2: <redacted>
  Exponent1: <redacted>
  Exponent2: <redacted>
  Coefficient: <redacted>
  CKAIDNSS:<redacted>
}

Proposed resolution:
Modify ipsec.secret.erb to something like the following

<% if @id %><%= @id %> <% end %>: <%= @type -%>
<% if @secret.is_a? Hash %> {
<% @secret.each do |key, value| -%>
  <%= key %>: <%= value %>
<% end %>      }
<% else -%>
 "<%= @secret %>"
<% end -%>