properly escape quotes in passwords by calling to_ruby

database passwords can contain special characters, especially " and '
so we can't just print the value of the field enclosed by double quotes
as that would break whenever the user uses a literal " in their password

using to_ruby here and not to_yaml, as the former gives us correct escaping
without the whole `---` and `\n` enclosing that to_yaml forces.
using to_yaml would require to pass *the whole* config hash to it

Author: evgeni

spec/classes/foreman_spec.rb

@@ -484,6 +484,17 @@
 
         it { should contain_user('foreman').with('groups' => []) }
       end
+
+      describe 'with sensitive passwords' do
+        let(:params) do
+          super().merge(db_password: sensitive('secret'))
+        end
+
+        it 'should configure the database' do
+          should contain_file('/etc/foreman/database.yml')
+            .with_content(/password: "secret"/)
+        end
+      end
     end
   end
 end

templates/database.yml.epp

@@ -30,6 +30,6 @@
   username: <%= $username %>
 <% } -%>
 <% if $password { -%>
-  password: "<%= $password %>"
+  password: <%= stdlib::to_ruby($password) %>
 <% } -%>
   pool: <%= $db_pool %>