Value Statement

To show the recorded diff in the console, the diff needs to be stored somewhere. It is proposed to store it in the ConfigurationPolicy status.relatedObjects[*].properties.diff field.

The diff will be stored by default if the object is not one of these kinds:

• Secrets
• Config maps
• Routes
• OAuth access tokens
• OAuth authorize tokens

In addition, any policy that looks up a secret or decrypts a value with templating will have it be disabled. This will require a change in go-template-utils.

The existing `recordDiff` option will default to `InStatus` for this behavior. The user can explicitly set `None`, `Log`, and the new option of `InStatus`.

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the [Customer
  Portal_doc_issue template](
  https://github.com/stolostron/backlog/issues/new?assignees=&labels=squad%3Adoc&template=doc_issue.md&title=),
  and ensure doc acceptance criteria is met. Link the development issue to
  the doc issue.
• [ ] Provide input to the QE team, and ensure QE acceptance criteria
  (established between story owner and QE focal) are met.

Support Readiness

• [ ] The must-gather script has been updated.