OCPBUGS-42262: Update command to check the etcd encryption provider being used

[xiaojiey]

Description:

• Description here. Replace this text. Don't use the italics format!

Rationale:

• Rationale here. Replace this text. Don't use the italics format!

• Fixes # Issue number here (e.g. Updating sysctl XCCDF naming #26) or remove this line if no issue exists.

Review Hints:

• Review hints here. Replace this text. Don't use the italics format!

• Use this optional section to give any relevant information which could help the reviewer to more quickly and assertively understand and test the changes.

• Good examples are useful commands, if it is better to review all commits together or in a suggested sequence, any relevant discussion in other PRs or issues, etc.

[codeclimate]

Code Climate has analyzed commit 11e16a0 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 61.9%.

View more on Code Climate.

[xiaojiey]

For a standard ocp, it works:

 % oc get rule upstream-ocp4-api-server-encryption-provider-cipher -o=jsonpath={.instructions}
OpenShift supports encryption of data at rest of etcd datastore, but it is
up to the customer to configure. The asecbc and aesgcm ciphers are
available for use within OpenShift. Keys are stored on the filesystem of
the master and automatically rotated. Run the following command to review
the Encrypted status condition for the OpenShift API server to verify that its
resources were successfully encrypted:

# encrypt the etcd datastore
$ oc get openshiftapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.status}{"\n"}{.reason}{"\n"}{.message}{"\n"}{end}'

The output shows EncryptionCompleted upon successful encryption.
If the output shows EncryptionInProgress this means that encryption is still in
progress. Wait a few minutes and try again.
To display the encryption configured, run the following command:
$ oc get --raw /apis/config.openshift.io/v1/apiservers/cluster | jq '[.spec.encryption.type]'
If the output does not list aescbc or aesgcm, the encryption is not configured correctly.
Is it the case that <tt>aescbc</tt> or <tt>aesgcm</tt> is not configured as the encryption provider?%                                                                                                               

% oc get --raw /apis/config.openshift.io/v1/apiservers/cluster | jq '[.spec.encryption.type]'
[
  "aescbc"
]

[Anna-Koudelkova]

It seems to be working for hypershift cluster as well:

$ oc get rule upstream-ocp4-api-server-encryption-provider-cipher  -o=jsonpath={.instructions}
OpenShift supports encryption of data at rest of etcd datastore, but it is
up to the customer to configure. The asecbc and aesgcm ciphers are
available for use within OpenShift. Keys are stored on the filesystem of
the master and automatically rotated. Run the following command to review
the Encrypted status condition for the OpenShift API server to verify that its
resources were successfully encrypted:

\# encrypt the etcd datastore
$ oc get openshiftapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.status}{"\n"}{.reason}{"\n"}{.message}{"\n"}{end}'

The output shows EncryptionCompleted upon successful encryption.
If the output shows EncryptionInProgress this means that encryption is still in
progress. Wait a few minutes and try again.
To display the encryption configured, run the following command:
$ oc get --raw /apis/config.openshift.io/v1/apiservers/cluster | jq '[.spec.encryption.type]'
If the output does not list aescbc or aesgcm, the encryption is not configured correctly.
Is it the case that <tt>aescbc</tt> or <tt>aesgcm</tt> is not configured as the encryption provider?

$ oc get openshiftapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.status}{"\n"}{.reason}{"\n"}{.message}{"\n"}{end}'
True
EncryptionCompleted
All resources encrypted: routes.route.openshift.io

$ oc get --raw /apis/config.openshift.io/v1/apiservers/cluster | jq '[.spec.encryption.type]'
[
  "aesgcm"
]