Use non-root user for Dockerfiles of nonrtric products

author ecaiyanlinux <martin.c.yan@est.tech>

Mon, 10 Jan 2022 12:01:55 +0000 (13:01 +0100)

committer ecaiyanlinux <martin.c.yan@est.tech>

Tue, 18 Jan 2022 14:48:26 +0000 (15:48 +0100)
author ecaiyanlinux <martin.c.yan@est.tech>
Mon, 10 Jan 2022 12:01:55 +0000 (13:01 +0100)
committer ecaiyanlinux <martin.c.yan@est.tech>
Tue, 18 Jan 2022 14:48:26 +0000 (15:48 +0100)
diff --git a/dmaap-adaptor-java/Dockerfile b/dmaap-adaptor-java/Dockerfile

index b2c0c30..f565e80 100644 (file)
--- a/dmaap-adaptor-java/Dockerfile
+++ b/dmaap-adaptor-java/Dockerfile
@@ -30,14 +30,22 @@ WORKDIR /opt/app/dmaap-adaptor-service
  RUN mkdir -p /var/log/dmaap-adaptor-service
  RUN mkdir -p /opt/app/dmaap-adaptor-service/etc/cert/
  RUN mkdir -p /var/dmaap-adaptor-service
-RUN chmod -R 777 /var/dmaap-adaptor-service
  
  ADD /config/application.yaml /opt/app/dmaap-adaptor-service/config/application.yaml
  ADD /config/application_configuration.json /opt/app/dmaap-adaptor-service/data/application_configuration.json_example
  ADD /config/keystore.jks /opt/app/dmaap-adaptor-service/etc/cert/keystore.jks
  ADD /config/truststore.jks /opt/app/dmaap-adaptor-service/etc/cert/truststore.jks
  
-RUN chmod -R 777 /opt/app/dmaap-adaptor-service/config/
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/dmaap-adaptor-service
+RUN chown -R $user:$group /var/log/dmaap-adaptor-service
+RUN chown -R $user:$group /var/dmaap-adaptor-service
+
+USER ${user}
  
  ADD target/${JAR} /opt/app/dmaap-adaptor-service/dmaap-adaptor.jar
  CMD ["java", "-jar", "/opt/app/dmaap-adaptor-service/dmaap-adaptor.jar"]
diff --git a/information-coordinator-service/Dockerfile b/information-coordinator-service/Dockerfile

index e9d179d..cc8813e 100644 (file)
--- a/information-coordinator-service/Dockerfile
+++ b/information-coordinator-service/Dockerfile
@@ -25,7 +25,6 @@ WORKDIR /opt/app/information-coordinator-service
  RUN mkdir -p /var/log/information-coordinator-service
  RUN mkdir -p /opt/app/information-coordinator-service/etc/cert/
  RUN mkdir -p /var/information-coordinator-service
-RUN chmod -R 777 /var/information-coordinator-service
  
  EXPOSE 8083 8434
  
@@ -34,8 +33,16 @@ ADD target/${JAR} /opt/app/information-coordinator-service/information-coordinat
  ADD /config/keystore.jks /opt/app/information-coordinator-service/etc/cert/keystore.jks
  ADD /config/truststore.jks /opt/app/information-coordinator-service/etc/cert/truststore.jks
  
+ARG user=nonrtric
+ARG group=nonrtric
  
-RUN chmod -R 777 /opt/app/information-coordinator-service/config/
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/information-coordinator-service
+RUN chown -R $user:$group /var/log/information-coordinator-service
+RUN chown -R $user:$group /var/information-coordinator-service
+
+USER ${user}
  
  CMD ["java", "-jar", "/opt/app/information-coordinator-service/information-coordinator-service.jar"]
  
diff --git a/r-app-catalogue/Dockerfile b/r-app-catalogue/Dockerfile

index cd2efc9..ed4be95 100644 (file)
--- a/r-app-catalogue/Dockerfile
+++ b/r-app-catalogue/Dockerfile
@@ -31,8 +31,15 @@ ADD /config/application.yaml /opt/app/r-app-catalogue/config/application.yaml
  ADD /config/r-app-catalogue-keystore.jks /opt/app/r-app-catalogue/etc/cert/keystore.jks
  ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar
  
+ARG user=nonrtric
+ARG group=nonrtric
  
-RUN chmod -R 777 /opt/app/r-app-catalogue/config/
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /opt/app/r-app-catalogue
+RUN chown -R $user:$group /var/log/r-app-catalogue
+
+USER ${user}
  
  CMD ["java", "-jar", "/opt/app/r-app-catalogue/r-app-catalogue.jar"]
  
diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile

index 4cb03c7..21b24b1 100644 (file)
--- a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
+++ b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
@@ -29,4 +29,13 @@ RUN apt-get install iputils-ping -y
  
  RUN pip install -r requirements.txt
  
+ARG user=nonrtric
+ARG group=nonrtric
+
+RUN groupadd $user && \
+    useradd -r -g $group $user
+RUN chown -R $user:$group /usr/src/app/
+
+USER ${user}
+
  CMD [ "python3", "-u", "main.py" ]
author	ecaiyanlinux <martin.c.yan@est.tech>
	Mon, 10 Jan 2022 12:01:55 +0000 (13:01 +0100)
committer	ecaiyanlinux <martin.c.yan@est.tech>
	Tue, 18 Jan 2022 14:48:26 +0000 (15:48 +0100)
dmaap-adaptor-java/Dockerfile		patch \| blob \| history
information-coordinator-service/Dockerfile		patch \| blob \| history
r-app-catalogue/Dockerfile		patch \| blob \| history
test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile		patch \| blob \| history