ipsec secret template formatting #3
Description
This could be something I'm doing wrong but it appears to be a bug. Please review below and let me know. When passing a Hash to create an ipsec .secret, if the domain is not defined you get a malformed secrets file. In addition, the closing brace needs to be indented for secret to work. Honestly, not sure why that is.
Libreswan version: libreswan-3.15-7.5.el6_9.x86_64
Example:
Hiera:
ipsec_secret:
'ipsec':
ensure: 'present'
type: RSA
secret:
Modulus: '<redacted>'
PublicExponent: '<redacted>'
PrivateExponent: '<redacted>'
Prime1: '<redacted>'
Prime2: '<redacted>'
Exponent1: '<redacted>'
Exponent2: '<redacted>'
Coefficient: '<redacted>'
CKAIDNSS: '<redacted>'
profile:
...
...
create_resources('libreswan::secret', $ipsec_secret)
Resulting ipsec.secret file
Note the whitespace in the first line from start of line to the ':'. Also note the closing brace. It seem that closing brace needs to be aligned with the start brace for the secret to work.
: RSA {
Modulus: <redacted>
PublicExponent: <redacted>
PrivateExponent: <redacted>
Prime1: <redacted>
Prime2: <redacted>
Exponent1: <redacted>
Exponent2: <redacted>
Coefficient: <redacted>
CKAIDNSS:<redacted>
}
Proposed resolution:
Modify ipsec.secret.erb to something like the following
<% if @id %><%= @id %> <% end %>: <%= @type -%>
<% if @secret.is_a? Hash %> {
<% @secret.each do |key, value| -%>
<%= key %>: <%= value %>
<% end %> }
<% else -%>
"<%= @secret %>"
<% end -%>