Run bootstrap container as non-root user

Issue-ID: DCAEGEN2-2072
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I2555fdd6d1606d9f05a8711cf1fdacd43a9a1e35

diff --git a/Dockerfile-template b/Dockerfile-template
index 8c2e084..54609ca 100644 (file)
--- a/Dockerfile-template
+++ b/Dockerfile-template
@@ -61,3 +61,12 @@ COPY blueprints/  /blueprints
 
 # Set up runtime script
 ENTRYPOINT exec "/scripts/bootstrap.sh"
+
+# Set up a non-root user
+RUN mkdir -p /opt/bootstrap \
+  && useradd -d /opt/bootstrap bootstrap \
+  && chown -R bootstrap:bootstrap /opt/bootstrap \
+  && chown -R bootstrap:bootstrap /scripts \
+  && chown -R bootstrap:bootstrap /blueprints \
+  && chown -R bootstrap:bootstrap /opt/consul
+USER bootstrap

diff --git a/pom.xml b/pom.xml
index 3474eb8..8dc0c15 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
   <groupId>org.onap.dcaegen2.deployments</groupId>
   <artifactId>k8s-bootstrap-container</artifactId>
   <name>dcaegen2-deployments-k8s-bootstrap-container</name>
-  <version>1.11.0-SNAPSHOT</version>
+  <version>1.12.0-SNAPSHOT</version>
   <url>http://maven.apache.org</url>
   <packaging>pom</packaging>
 

diff --git a/version.properties b/version.properties
index 4d2c8f5..55e12fc 100644 (file)
--- a/version.properties
+++ b/version.properties
@@ -1,5 +1,5 @@
 major=1\r
-minor=11\r
+minor=12\r
 patch=0\r
 base_version=${major}.${minor}.${patch}\r
 release_version=${base_version}\r