From: Jack Lucas <jflucas@research.att.com>
Date: Wed, 4 Mar 2020 16:06:57 +0000 (-0500)
Subject: Run bootstrap container as non-root user
X-Git-Tag: 1.12.0^0
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=879dbd69fd7801798d8e2e2662de1758accb9105;p=dcaegen2%2Fplatform%2Fblueprints.git

Run bootstrap container as non-root user

Issue-ID: DCAEGEN2-2072
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I2555fdd6d1606d9f05a8711cf1fdacd43a9a1e35
---

diff --git a/Dockerfile-template b/Dockerfile-template
index 8c2e084..54609ca 100644
--- a/Dockerfile-template
+++ b/Dockerfile-template
@@ -61,3 +61,12 @@ COPY blueprints/  /blueprints
 
 # Set up runtime script
 ENTRYPOINT exec "/scripts/bootstrap.sh"
+
+# Set up a non-root user
+RUN mkdir -p /opt/bootstrap \
+  && useradd -d /opt/bootstrap bootstrap \
+  && chown -R bootstrap:bootstrap /opt/bootstrap \
+  && chown -R bootstrap:bootstrap /scripts \
+  && chown -R bootstrap:bootstrap /blueprints \
+  && chown -R bootstrap:bootstrap /opt/consul
+USER bootstrap
diff --git a/pom.xml b/pom.xml
index 3474eb8..8dc0c15 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
   <groupId>org.onap.dcaegen2.deployments</groupId>
   <artifactId>k8s-bootstrap-container</artifactId>
   <name>dcaegen2-deployments-k8s-bootstrap-container</name>
-  <version>1.11.0-SNAPSHOT</version>
+  <version>1.12.0-SNAPSHOT</version>
   <url>http://maven.apache.org</url>
   <packaging>pom</packaging>
 
diff --git a/version.properties b/version.properties
index 4d2c8f5..55e12fc 100644
--- a/version.properties
+++ b/version.properties
@@ -1,5 +1,5 @@
 major=1
-minor=11
+minor=12
 patch=0
 base_version=${major}.${minor}.${patch}
 release_version=${base_version}