Merge "Run as non-root"

[dmaap/buscontroller.git] / dmaap-bc / src / main / resources / Dockerfile

diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile
index 16820e1..d930a6f 100644 (file)
--- a/dmaap-bc/src/main/resources/Dockerfile
+++ b/dmaap-bc/src/main/resources/Dockerfile
@@ -26,10 +26,25 @@ COPY /opt /opt
 
 WORKDIR /opt/app/dmaapbc
 
-RUN mv etc/dbc-api.jks etc/keystore && \
+# Install AAF CA certificate
+RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
+RUN mkdir -p /usr/local/share/ca-certificates && \
+    mv misc/aaf-ca.crt /usr/local/share/ca-certificates/aaf-ca.crt
+RUN update-ca-certificates
+
+# Install curl
+RUN apk add --no-cache curl
+
+# Install bash
+RUN apk update  && apk add bash
+
+#prepare certificate location for cadi
+RUN mkdir -p /opt/app/osaaf && \
+    ln -s /opt/app/dmaapbc/etc /opt/app/osaaf/local
+
+RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \
     chmod 600 etc/keystore && \
     chmod 600 etc/org.onap.dmaap-bc.trust.jks && \
-    chmod +x misc/cert-client-init.sh && \
     chmod +x bin/* && \
     mkdir logs && \
     mkdir www && \
@@ -38,4 +53,10 @@ RUN mv etc/dbc-api.jks etc/keystore && \
 
 VOLUME /opt/app/dmaapbc/log
 
+RUN addgroup -S -g 1001 onap \
+    && adduser -S -u 1000 dbc -G onap \
+    && chown -R dbc:onap /opt/
+
+USER dbc
+
 ENTRYPOINT ["sh", "./bin/dmaapbc", "deploy"]