migtools
Add warnings for SecurityContextConstraints during export
This PR adds warning messages when SecurityContextConstraints (SCCs) are exported to help users understand the elevated privilege requirements on destination clusters.
Problem
When migrating applications from Kubernetes to OpenShift, users often encounter failures due to SecurityContextConstraints requiring elevated privileges that may not be available on the destination cluster. This is a common issue that catches users off-guard during migration.
Solution
Modified the acceptSecurityContextConstraints function in cmd/export/cluster.go to emit warning messages whenever an SCC is accepted for export. The warning informs users that:
- The exported SCC requires elevated privileges on the destination cluster
- They need to ensure access to appropriate SCCs when applying to the target environment
- This is especially important when migrating to OpenShift
Example Warning Output
INFO[0001] Accepted restricted-scc of kind SecurityContextConstraints (match via user system:serviceaccount:myapp:webapp-sa)
WARN[0001] WARNING: SecurityContextConstraints 'restricted-scc' requires elevated privileges on the destination cluster. Ensure you have access to appropriate SCCs when applying to the target environment, especially when migrating to OpenShift.
Testing
Added comprehensive tests in cmd/export/cluster_test.go to verify:
- Warning messages appear when SCCs are accepted for export
- Warning messages contain proper guidance about elevated privileges and OpenShift migration
- No warnings appear when SCCs are not accepted (preventing noise)
The changes are minimal and surgical - only adding warning log statements without modifying the core SCC acceptance logic.
Fixes #83.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.
