Add non-root user to Docker image

Change-Id: Icda4d013f6bd33e7ad1202ac036e599766073acf
Issue-ID: DCAEGEN2-1555
Signed-off-by: Michael Hwang <mhwang@research.att.com>

diff --git a/ChangeLog.md b/ChangeLog.md
index e657225..a30eb8a 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/) 
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## []
+
+* Add non-root user in Docker image so that the inventory service can be run in non-privileged mode for security reasons DCAEGEN2-1555
+
 ## [1.1.3]
 
 * DCAEGEN2-431

diff --git a/pom.xml b/pom.xml
index bc6c00a..ab0a2e3 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -222,6 +222,10 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
                         <imageTag>latest</imageTag>
                     </imageTags>
                     <baseImage>java:8-jre</baseImage>
+                    <user>sch</user>
+                    <runs>
+                        <run>adduser --system --group sch</run>
+                    </runs>
                     <!-- NOTE: Couldn't figure out how to package the jar to be named: ${project.build.finalName}. This might be
                             because of the clojure maven plugin -->
                     <cmd>["java", "-jar", "/opt/servicechange-handler.jar", "prod", "http://consul:8500/v1/kv/service-change-handler?raw=true"]</cmd>