Why does the keystone module think my custom fact is a String and not a Hash?

Hi, I am trying to create a custom fact I can use as the value for a class parameter in a hiera yaml file. I am using the [openstack/puppet-keystone](https://github.com/openstack/puppet-keystone) module and I want to use fernet-keys. According to the comments in the module I can use this parameter. # [*fernet_keys*] # (Optional) Hash of Keystone fernet keys # If you enable this parameter, make sure enable_fernet_setup is set to True. # Example of valid value: # fernet_keys: # /etc/keystone/fernet-keys/0: # content: c_aJfy6At9y-toNS9SF1NQMTSkSzQ-OBYeYulTqKsWU= # /etc/keystone/fernet-keys/1: # content: zx0hNG7CStxFz5KXZRsf7sE4lju0dLYvXdGDIKGcd7k= # Puppet will create a file per key in $fernet_key_repository. # Note: defaults to false so keystone-manage fernet_setup will be executed. # Otherwise Puppet will manage keys with File resource. # Defaults to false So wrote this custom fact ... [root@puppetmaster modules]# cat keystone_fernet/lib/facter/fernet_keys.rb Facter.add(:fernet_keys) do setcode do fernet_keys = {} puts ( 'Debug keyrepo is /etc/keystone/fernet-keys' ) Dir.glob('/etc/keystone/fernet-keys/*').each do |fernet_file| data = File.read(fernet_file) if data content = {} puts ( "Debug Key file #{fernet_file} contains #{data}" ) fernet_keys[fernet_file] = { 'content' => data } end end fernet_keys end end Then in my keystone.yaml file I have this line: keystone::fernet_keys: '%{::fernet_keys}' But when I run `puppet agent -t` on my node I get this error: Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Function Call, "{\"/etc/keystone/fernet-keys/1\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}, \"/etc/keystone/fernet-keys/0\"=>{\"content\"=>\"xxxxxxxxxxxxxxxxxxxx=\"}}" is not a Hash. It looks to be a String at /etc/puppetlabs/code/environments/production/modules/keystone/manifests/init.pp:1144:7 on node mgmt-01 I had assumed that I had formatted the hash correctly because facter -p fernet_keys output this on the agent: { /etc/keystone/fernet-keys/1 => { content => "xxxxxxxxxxxxxxxxxxxx=" }, /etc/keystone/fernet-keys/0 => { content => "xxxxxxxxxxxxxxxxxxxx=" } } The code in the keystone module looks like this (with line numbers) 1142 1143 if $fernet_keys { 1144 validate_hash($fernet_keys) 1145 create_resources('file', $fernet_keys, { 1146 'owner' => $keystone_user, 1147 'group' => $keystone_group, 1148 'subscribe' => 'Anchor[keystone::install::end]', 1149 } 1150 ) 1151 } else {