CMP-2365: Fix check for rotating kubelet server certificates

[rhmdnd]

The controller_rotate_kubelet_server_certs rule was only checking that
RotateKubeletServerCertificate was enabled by making sure it's enabled
explicitly. This doesn't work for clusters that are relying on the fact
that RotateKubeletServerCertificate is enabled by default.

This commit updates the check to invert the logic, so we're checking
that it's not explicitly disabled.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

ocp4 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[rhmdnd]

/test

[openshift-ci]

@rhmdnd: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

• /test 4.13-images
• /test 4.14-images
• /test 4.15-images
• /test 4.16-images
• /test e2e-aws-ocp4-cis
• /test e2e-aws-ocp4-cis-node
• /test e2e-aws-ocp4-e8
• /test e2e-aws-ocp4-high
• /test e2e-aws-ocp4-high-node
• /test e2e-aws-ocp4-moderate
• /test e2e-aws-ocp4-moderate-node
• /test e2e-aws-ocp4-pci-dss
• /test e2e-aws-ocp4-pci-dss-node
• /test e2e-aws-ocp4-stig
• /test e2e-aws-ocp4-stig-node
• /test e2e-aws-rhcos4-e8
• /test e2e-aws-rhcos4-high
• /test e2e-aws-rhcos4-moderate
• /test e2e-aws-rhcos4-stig
• /test images

Use /test all to run the following jobs that were automatically triggered:

• pull-ci-ComplianceAsCode-content-master-4.13-images
• pull-ci-ComplianceAsCode-content-master-4.14-images
• pull-ci-ComplianceAsCode-content-master-4.15-images
• pull-ci-ComplianceAsCode-content-master-4.16-images
• pull-ci-ComplianceAsCode-content-master-images

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[rhmdnd]

/test e2e-aws-ocp4-moderate
/test e2e-aws-ocp4-moderate-node

[github-actions]

This datastream diff is auto generated by the check Compare DS/Generate Diff

Click here to see the full diff

New content has different text for rule 'xccdf_org.ssgproject.content_rule_controller_rotate_kubelet_server_certs'.
--- xccdf_org.ssgproject.content_rule_controller_rotate_kubelet_server_certs
+++ xccdf_org.ssgproject.content_rule_controller_rotate_kubelet_server_certs
@@ -15,6 +15,9 @@
     "RotateKubeletServerCertificate=true",
   ...
 ...
+
+
+This feature gate is enabled by default as of Kubernetes 1.12.
 
 [warning]:
 This rule's check operates on the cluster configuration dump.

[codeclimate]

Code Climate has analyzed commit 9a63a69 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 58.3% (0.0% change).

View more on Code Climate.

[Vincent056]

/lgtm