Making POD run as non-root

Non-root user addition

Change-Id: I82995b0c0a6eb815e0422c6072c111c889c8c84a
Issue-ID: CCSDK-2149
Signed-off-by: jananib <janani.b@huawei.com>

diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
index 1035915..042041e 100755 (executable)
--- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
+++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
@@ -9,9 +9,14 @@ FROM omahoco1/alpine-java-python
 
 # add entrypoint
 COPY startService.sh /startService.sh
+RUN addgroup -S onap && adduser -S onap -G onap
+RUN chown onap:onap /startService.sh
 RUN chmod 777 /startService.sh && dos2unix /startService.sh
 
 # add application
 COPY --from=extractor /opt /opt
+RUN mkdir /opt/app/onap/blueprints
+RUN chown onap:onap /opt -R
+USER onap
 
 ENTRYPOINT [ "/startService.sh" ]

diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile
index 34f6443..5168dd9 100755 (executable)
--- a/ms/sdclistener/distribution/src/main/docker/Dockerfile
+++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile
@@ -1,7 +1,9 @@
 FROM openjdk:8-jdk-alpine
 
+RUN addgroup -S onap && adduser -S onap -G onap
 # add entrypoint
 COPY startService.sh /startService.sh
+RUN chown onap:onap /startService.sh
 RUN chmod 751 /startService.sh
 # add application
 COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
@@ -10,4 +12,7 @@ RUN tar -xzf /source.tar.gz -C /tmp \
  && rm -rf /source.tar.gz \
  && rm -rf /tmp/@project.build.finalName@
 
+RUN mkdir /opt/app/onap/cds-sdc-listener
+RUN chown onap:onap /opt -R
+USER onap
 ENTRYPOINT /startService.sh