fix: Kuma import tokens/paused, Docker hardening, migrate-secrets idempotency
1. Kuma import now maps push monitor tokens (generates crypto/rand token) and paused state (Active=false → Paused=true). Previously push monitors imported with empty token sat DOWN forever, and paused Kuma monitors came in unpaused and started alerting. 2. Dockerfile adds HEALTHCHECK against /api/health on port 8080. Container orchestrators can now detect unhealthy instances. 3. migrate-secrets sets the encryptor before loading alerts, so already-encrypted settings are decrypted correctly on second run instead of failing with a JSON unmarshal error. 4. docker-compose.yml adds container hardening: read_only filesystem, cap_drop ALL, no-new-privileges, tmpfs for /tmp.
This commit was merged in pull request #116.
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
package importer
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
@@ -156,10 +158,18 @@ func convertKumaMonitor(m KumaMonitor, alertMap map[int]int) models.SiteConfig {
|
||||
site.DNSResolveType = m.DNSResolveType
|
||||
site.DNSServer = m.DNSResolveServer
|
||||
|
||||
site.Paused = !m.Active
|
||||
|
||||
switch m.Type {
|
||||
case "http":
|
||||
site.URL = m.URL
|
||||
site.CheckSSL = m.ExpiryNotif
|
||||
case "push":
|
||||
site.Type = "push"
|
||||
b := make([]byte, 16)
|
||||
if _, err := rand.Read(b); err == nil {
|
||||
site.Token = hex.EncodeToString(b)
|
||||
}
|
||||
case "ping":
|
||||
if m.Hostname != "" {
|
||||
site.Hostname = m.Hostname
|
||||
|
||||
Reference in New Issue
Block a user