Conjur CLI and Rest API --dry-run

[andresguisado]

Conjur CLI and Rest API capability to load policy in a dry way:

conjur policy load --dry-run...

Thinking about developers workflow to apply new conjur policies as follows:

1. Create a new branch from conjur policy repo.
2. Add my new policy in the branch craeted in step 1.
3. Create a PR to merge the branch into master branch
4. Apply my new conjur policy by merging into master.

I consider that developers or their pipeline should have a way(unit test) to run a quickly dry test without actually applying the policy and before merging the new branch into master.

When a PR request is created, this unit test should be triggered and once this test is successfully passed the PR will be ready to be merged.

[izgeri]

Hey @andresguisado - this is a great idea, but unfortunately isn't simple to implement. As I'm sure you're aware, Conjur Enterprise v4 had this capability but the redesign to the v5 API made porting this functionality a challenge.

I'd encourage you to file a formal ER for this change for DAP, and I've also asked anyone who has more info on the exact limitations that make this difficult to add info to this PR, in the interest of helping us potentially make some progress on this at some point soon.