Skip sysctl configs when enabled: no

The intended functionality for "enabled: no" on sysctl configurations
was to skip the config entirely and leave the variable unaltered.
However, setting "enabled: no" was causing the configuration to be
removed entirely.

This patch ensures that any sysctl variables with "enabled: no" are
skipped and left unaltered.

Closes-Bug: 1710490
Depends-On: I2607f295a924a2ec51920b5f2b27c34d5222e8ff
Change-Id: If9c8c008538b2ff631a714a8ffe16df9376dedf3
(cherry picked from commit f576f24591)

releasenotes/notes/skip-sysctl-when-disabled-b32eca48df5b1437.yaml

@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    The sysctl configuration task was not skipping configurations where
+    ``enabled`` was set to ``no``. Instead, it was removing configurations
+    when ``enabled: no`` was set.
+
+    There is now a fix in place that ensures any sysctl configuration with
+    ``enabled: no`` will be skipped and the configuration will be left
+    unaltered on the system.

tasks/rhel7stig/kernel.yml

@@ -31,6 +31,8 @@
     value: "{{ item.value }}"
     state: "{{ item.enabled | ternary('present', 'absent') }}"
     reload: yes
+  when:
+    - item.enabled | bool
   with_items: "{{ sysctl_settings_rhel7 }}"
   tags:
     - medium

vars/main.yml

@@ -311,7 +311,9 @@ shadow_utils_rhel7:
 #
 #   name: the sysctl configuration name
 #   value: the value to set for the sysctl configuration
-#   enabled: whether the variable should be set or not
+#   enabled: yes or no
+#     - 'yes' (ensure the variable is set)
+#     - 'no' (the role will not alter the configuration)
 #
 sysctl_settings_rhel7:
   - name: net.ipv4.conf.all.accept_source_route