From 6a98ca347286161884e4ca8f2d98ad81afa16248 Mon Sep 17 00:00:00 2001
From: ecaiyanlinux <martin.c.yan@est.tech>
Date: Mon, 10 Jan 2022 11:11:08 +0100
Subject: [PATCH] Use non-root user in Dockerfile for
 a1-policy-management-service

Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: NONRTRIC-647
Change-Id: I8ffaf78b9bb54975fe88d03faeb6ef196fc68232
---
 a1-policy-management-service/Dockerfile | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/a1-policy-management-service/Dockerfile b/a1-policy-management-service/Dockerfile
index f64eebb6..6f8387eb 100644
--- a/a1-policy-management-service/Dockerfile
+++ b/a1-policy-management-service/Dockerfile
@@ -34,9 +34,15 @@ ADD /config/application_configuration.json /opt/app/policy-agent/data/applicatio
 ADD /config/keystore.jks /opt/app/policy-agent/etc/cert/keystore.jks
 ADD /config/truststore.jks /opt/app/policy-agent/etc/cert/truststore.jks
 
-RUN chmod -R 777 /opt/app/policy-agent/config/
-RUN chmod -R 777 /opt/app/policy-agent/data/
+ARG user=nonrtric
+ARG group=nonrtric
 
-ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
-CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"]
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/policy-agent
+RUN chown -R $user:$group /var/log/policy-agent
+
+USER ${user}
 
+ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
+CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"]
\ No newline at end of file
-- 
2.16.6