db_encryption_key is not yaml escaped

[sethboyles]

Issue

db_encryption_key is incorrectly parsed if it has a leading #. This is because hashes are interpreted as comments if not escaped/quoted

We need to yaml_escape it (and potentially review other password/key fields) before rendering it to cloud_controller.yml

Context

with the following password:

egrep db_encryption_key /var/vcap/jobs/cloud_controller_ng/config/cloud_controller_ng.yml
db_encryption_key: #mypassword

bosh deployment prestart fails on cloud_controller_ng job with prestart logs reporting the following

Running migrations
[2022-01-06 14:29:08+0000] Running migration try number 1 of 3
[2022-01-06 14:31:43+0000] VCAP::CloudController::ValidateDatabaseKeys::DatabaseEncryptionKeyMissingError
[2022-01-06 14:31:43+0000] No database encryption keys are specified
[2022-01-06 15:16:55+0000] Waiting for bosh_dns

Steps to Reproduce

1. Set cc.db_encryption_key to something like #mypassword in the bosh manifest
2. Deploy

Expected result

The key is set correctly and the deploy succeeds

Current result

prestart fails with DatabaseEncryptionKeyMissingError

Possible Fix

Use

capi-release/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb

Lines 11 to 19 in e0582bc

	def yaml_escape(input_string)
	chars_to_escape = /[:\\"\x00-\x1f\x7f]/
	chars_needing_quotes = /[ !#'&%*,:>@\[\]\\`{|}]/
	delimiter = (chars_needing_quotes.match(input_string) ||
	chars_to_escape.match(input_string)) ? '"' : ''
	fixed_string = input_string.gsub(/(#{chars_to_escape})/) { |m| "\\x#{'%x' % m.ord}" }
	"#{delimiter}#{fixed_string}#{delimiter}"
	end

We should probably also do a review and see if there are other fields that should be escaped