Skip to content

Structured export inventory recording discovered, exported, and skipped resources #299

Description

@stillalearner

Title

feat(audit): structured export inventory recording discovered, exported, and skipped resources

Output: what changes

After this issuecrane export writes an inventory alongside the exported resources:

$ crane export -n my-app -e ./export
... (normal output) ...

$ cat export/.crane-export-inventory.json
{
  "schemaVersion": "v1",
  "namespace": "my-app",
  "timestamp": "2026-04-18T14:32:01Z",
  "apiResourcesDiscovered": 127,
  "apiResourcesAdmitted": 43,
  "apiResourcesSkipped": 84,
  "skippedReasons": {
    "clusterScoped": 62,
    "noObjects": 18,
    "events": 1,
    "unsupportedVerbs": 3
  },
  "resources": [
    {
      "apiVersion": "apps/v1",
      "kind": "Deployment",
      "count": 3,
      "names": ["frontend", "backend", "worker"]
    }
  ],
  "failures": [
    {
      "kind": "ConfigMap",
      "error": "Forbidden: configmaps is forbidden",
      "errorType": "RBAC"
    }
  ],
  "totalExported": 47,
  "totalFailed": 2
}

Description

Context

Today, export records failures in failures/<ns>/ but has no structured record of successes or skipped resources. There is no way to know how many API types were discovered vs. admitted without re-running with --debug.

User outcome

  • Auditors can see exactly what was exported, what was skipped, and why.
  • Support engineers can diagnose "missing resource" reports without cluster access.

Scope

  • Define ExportInventory struct in internal/audit/export_inventory.go.
  • Collect discovery counts during ExportOptions.Run() — admitted, skipped (with reasons), failed.
  • Write .crane-export-inventory.json at end of export.

Acceptance criteria

  • crane export writes export/.crane-export-inventory.json.
  • Inventory includes total discovered, admitted, and skipped API resource types.
  • Skipped reasons are broken down (cluster-scoped, no objects, events, unsupported verbs).
  • Per-type resource list with names and counts.
  • Failures recorded with error message and type.
  • go test ./... passes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions