From 7c7dec13279b1f328e0ff9372ad55b9664f02626 Mon Sep 17 00:00:00 2001
From: ecaiyanlinux <martin.c.yan@est.tech>
Date: Mon, 10 Jan 2022 13:01:55 +0100
Subject: [PATCH] Use non-root user for Dockerfiles of nonrtric products

update Dockerfile for:
dmaap-adapter-java
information-coordinator-service
r-app-catalogue
oru script version

Change-Id: I4395b884182a5c958deefb32494bd2695092cf0d
Issue-ID: NONRTRIC-647
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
---
 dmaap-adaptor-java/Dockerfile                                | 12 ++++++++++--
 information-coordinator-service/Dockerfile                   | 11 +++++++++--
 r-app-catalogue/Dockerfile                                   |  9 ++++++++-
 .../oruclosedlooprecovery/scriptversion/app/Dockerfile       |  9 +++++++++
 4 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/dmaap-adaptor-java/Dockerfile b/dmaap-adaptor-java/Dockerfile
index b2c0c30c..f565e801 100644
--- a/dmaap-adaptor-java/Dockerfile
+++ b/dmaap-adaptor-java/Dockerfile
@@ -30,14 +30,22 @@ WORKDIR /opt/app/dmaap-adaptor-service
 RUN mkdir -p /var/log/dmaap-adaptor-service
 RUN mkdir -p /opt/app/dmaap-adaptor-service/etc/cert/
 RUN mkdir -p /var/dmaap-adaptor-service
-RUN chmod -R 777 /var/dmaap-adaptor-service
 
 ADD /config/application.yaml /opt/app/dmaap-adaptor-service/config/application.yaml
 ADD /config/application_configuration.json /opt/app/dmaap-adaptor-service/data/application_configuration.json_example
 ADD /config/keystore.jks /opt/app/dmaap-adaptor-service/etc/cert/keystore.jks
 ADD /config/truststore.jks /opt/app/dmaap-adaptor-service/etc/cert/truststore.jks
 
-RUN chmod -R 777 /opt/app/dmaap-adaptor-service/config/
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/dmaap-adaptor-service
+RUN chown -R $user:$group /var/log/dmaap-adaptor-service
+RUN chown -R $user:$group /var/dmaap-adaptor-service
+
+USER ${user}
 
 ADD target/${JAR} /opt/app/dmaap-adaptor-service/dmaap-adaptor.jar
 CMD ["java", "-jar", "/opt/app/dmaap-adaptor-service/dmaap-adaptor.jar"]
diff --git a/information-coordinator-service/Dockerfile b/information-coordinator-service/Dockerfile
index e9d179df..cc8813e9 100644
--- a/information-coordinator-service/Dockerfile
+++ b/information-coordinator-service/Dockerfile
@@ -25,7 +25,6 @@ WORKDIR /opt/app/information-coordinator-service
 RUN mkdir -p /var/log/information-coordinator-service
 RUN mkdir -p /opt/app/information-coordinator-service/etc/cert/
 RUN mkdir -p /var/information-coordinator-service
-RUN chmod -R 777 /var/information-coordinator-service
 
 EXPOSE 8083 8434
 
@@ -34,8 +33,16 @@ ADD target/${JAR} /opt/app/information-coordinator-service/information-coordinat
 ADD /config/keystore.jks /opt/app/information-coordinator-service/etc/cert/keystore.jks
 ADD /config/truststore.jks /opt/app/information-coordinator-service/etc/cert/truststore.jks
 
+ARG user=nonrtric
+ARG group=nonrtric
 
-RUN chmod -R 777 /opt/app/information-coordinator-service/config/
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/information-coordinator-service
+RUN chown -R $user:$group /var/log/information-coordinator-service
+RUN chown -R $user:$group /var/information-coordinator-service
+
+USER ${user}
 
 CMD ["java", "-jar", "/opt/app/information-coordinator-service/information-coordinator-service.jar"]
 
diff --git a/r-app-catalogue/Dockerfile b/r-app-catalogue/Dockerfile
index cd2efc9b..ed4be958 100644
--- a/r-app-catalogue/Dockerfile
+++ b/r-app-catalogue/Dockerfile
@@ -31,8 +31,15 @@ ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml
 ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks
 ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar
 
+ARG user=nonrtric
+ARG group=nonrtric
 
-RUN chmod -R 777 /opt/app/r-app-catalogue/config/
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/r-app-catalogue
+RUN chown -R $user:$group /var/log/r-app-catalogue
+
+USER ${user}
 
 CMD ["java", "-jar", "/opt/app/r-app-catalogue/r-app-catalogue.jar"]
 
diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
index 4cb03c74..21b24b17 100644
--- a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
+++ b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
@@ -29,4 +29,13 @@ RUN apt-get install iputils-ping -y
 
 RUN pip install -r requirements.txt
 
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /usr/src/app/
+
+USER ${user}
+
 CMD [ "python3", "-u", "main.py" ]
-- 
2.16.6