Value Statement

Currently the dryrun CLI returns only an exit code to distignuish when the policy would be compliant, noncompliant, or have an error. Some users will want to assert that a policy will be noncompliant at certain times, or will have specific details in its message/status.

So, in addition to the "cluster state" and policy that the user already must provide to the tool, there should be an optional input of a desired result. When that input is provided, the tool will return a nonzero exit code if, the resulting policy status from the dryrun does not match what is desired.

The user should be able to omit parts of the status from their input that they do not want to have checked: for example, they could just provide a related object, and not care about the compliance message, or vice versa.

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.