Only show traces for failures

[wtait1-ff]

It would be nice if the new conftest test --quiet ... flag courtesy of https://github.com/open-policy-agent/conftest/pull/785 also applied when --trace is given. It's an improvement to find the failed policy evaluations more quickly with --quiet, but having trace output for all evaluations still gives a lot to dig through before fixing the failure.

[boranx]

Isn't this the current behavior already? https://github.com/open-policy-agent/conftest/blob/master/internal/commands/test.go#L139-L143 For instance: the following hides all logs when the result is success

./conftest test -p examples/kubernetes/policy/pass.rego examples/kubernetes/deployment.yaml --quiet --trace

[wtait1-ff]

Ahh, I see that I was misunderstanding --quiet a bit. I thought for all output formats, if there were any failures, only the failures would be shown. But I see for example --output table, that both successes + failures are still shown.

With all the output formats it's still somewhat quick to find which policies failed on which configs. But --trace is different as it seems to override whatever --output was given. And more importantly if you have a lot of policies and/or configs under test (in my case it's both, so quite a multiplication factor), a lot of trace output will be produced.