From: romaingimbert <romain.gimbert@orange.com>
Date: Tue, 26 Feb 2019 15:23:30 +0000 (+0100)
Subject: Design container to run as non-root
X-Git-Tag: 4.0.0~33
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=e0e7ba60753556c5a135ebc057ad3780cddacb28;p=externalapi%2Fnbi.git

Design container to run as non-root

-change docker file

Change-Id: I2da9777dbb4b5feb9c5fb26ddb88f8df9a047bb2
Issue-ID: EXTAPI-202
Signed-off-by: romaingimbert <romain.gimbert@orange.com>
---

diff --git a/Dockerfile b/Dockerfile
index 9cc5868..91a6a9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,9 @@ ARG SERVER_PORT
 ARG PKG_FILENAME=nbi-rest-services-3.0.1.jar
 ADD target/$PKG_FILENAME app.jar
 
+RUN addgroup -S appgroup
+RUN adduser -S appuser -G appgroup
+
 COPY src/main/resources/certificate /certs
 ARG CERT_PASS=changeit
 RUN for cert in $(ls -d /certs/*); do \
@@ -32,6 +35,8 @@ RUN for cert in $(ls -d /certs/*); do \
                 --noprompt; \
     done
 
+USER appuser:appgroup
+
 ENV SERVER_PORT=${SERVER_PORT:-8080}
 ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"