Merge pull request #6411 from JAORMX/etcd-encryption-rem

ocp4: Add automatic remediation for etcd encryption provider

applications/openshift/api-server/api_server_encryption_provider_config/kubernetes/shared.yml

@@ -0,0 +1,8 @@
+# platform = multi_platform_ocp
+apiVersion: config.openshift.io/v1
+kind: APIServer
+metadata:
+  name: cluster
+spec:
+  encryption:
+    type: aescbc

applications/openshift/api-server/api_server_encryption_provider_config/tests/ocp4/e2e-remediation.sh

@@ -1,14 +1,11 @@
 #!/bin/bash
 #
-# This applies the remediation needed for this rule. Which enables etcd encryption
-# This rule wasn't able to be done via a standard remediation since we only need to
-# apply a partial part of the Kubernetes object. PATCH support for the
-# compliance-operator would be needed to make this work
+# This waits for etcd encryption to be enabled. The operator can apply the
+# remediation, but waiting for this to get applied is still something that
+# needs to be done outside of the operator.
 #
 # This patch sets the encryption setting and waits for it to be applied
 
-oc patch apiservers cluster -p '{"spec":{"encryption":{"type":"aescbc"}}}' --type=merge
-
 while true; do
     status=$(oc get openshiftapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.reason}')
 
@@ -20,4 +17,4 @@ while true; do
     fi
 
     sleep 5
-done
+done