add ability to dry run a playbook

[YAMLcase]

BUSINESS PROBLEM We are migrating from manual provisioning to a vcert playbook world with thousands of bespokely managed certificates. vcert playbook feature is too quick to enroll a certificate if it finds issues with the underlying cert files (i.e. cannot read, passphrase wrong, missing files, wrong directory, etc). There needs to be a way to have vcert perform a dry run so operators have an opportunity to fix the issues before just enrolling a new certificate.

PROPOSED SOLUTION some ideas come to mind:

1. add a --dry-run option to playbook run. This would perform all the actions up until the enroll process and quit.
2. add a vcert checkcert command to perform an audit to make sure the files are readable, passphrase is correct, etc.
3. support an option in the playbook to run custom checks that must exit 0 before moving on to the request. This would not be unlike the afterInstallAction command, but to be done first.

CURRENT ALTERNATIVES I am not aware of any alternatives. Currently I perform due diligence as best I can and then cross fingers and pray while issuing the command vcert run -f playbook.yml

VENAFI EXPERIENCE about 3 months. vcert playbook feature has a lot of potential, I'm eager for more resilient features.

[sabixx]

It would be great if a dry-run could also return the thumbprint and, in addition, if the certificate is in good health. The ability to check if Vcert will actually do something would help avoid unnecessary authentication requests. Returning the thumbprint would help with certificate-based authentication and would make it easier to test AfterInstallActions that require the thumbprint.