Run container commands as non-root

- 1410 uig/gid is arbitrary, note however that any volume mounted into
container should limit permissions to this number
- also reduced firstRequestDelay in configuration provided through
local docker-compose

Change-Id: I77eeebeec5931db5c04f8f6f24d7c6fe7a121015
Issue-ID: DCAEGEN2-1557
Signed-off-by: Filip Krzywka <filip.krzywka@nokia.com>

diff --git a/development/configuration/base.json b/development/configuration/base.json
index 9bf9194..2a806ad 100644 (file)
--- a/development/configuration/base.json
+++ b/development/configuration/base.json
@@ -2,7 +2,7 @@
   "logLevel": "DEBUG",
   "server.listenPort": 6061,
   "server.idleTimeoutSec": 60,
-  "cbs.firstRequestDelaySec": 10,
+  "cbs.firstRequestDelaySec": 5,
   "cbs.requestIntervalSec": 5,
   "security.keys.keyStoreFile": "/etc/ves-hv/ssl/server.p12",
   "security.keys.keyStorePasswordFile": "/etc/ves-hv/ssl/server.pass",

diff --git a/sources/hv-collector-main/Dockerfile b/sources/hv-collector-main/Dockerfile
index cfd4a7b..36ada93 100644 (file)
--- a/sources/hv-collector-main/Dockerfile
+++ b/sources/hv-collector-main/Dockerfile
@@ -5,12 +5,19 @@ LABEL license.name="The Apache Software License, Version 2.0"
 LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0"
 LABEL maintainer="Nokia Wroclaw ONAP Team"
 
+ARG HV_VES_USER=hvves
+ARG HV_VES_USER_ID_NUMBER=1410
+
 RUN apt-get update \
         && apt-get install -y --no-install-recommends curl netcat \
         && apt-get clean
 
 WORKDIR /opt/ves-hv-collector
 
+RUN useradd --user-group --uid ${HV_VES_USER_ID_NUMBER} ${HV_VES_USER}
+
+USER ${HV_VES_USER}
+
 ENTRYPOINT ["./entry.sh"]
 CMD ["--configuration-file /etc/ves-hv/configuration/base.json"]