From e0e7ba60753556c5a135ebc057ad3780cddacb28 Mon Sep 17 00:00:00 2001
From: romaingimbert <romain.gimbert@orange.com>
Date: Tue, 26 Feb 2019 16:23:30 +0100
Subject: [PATCH] Design container to run as non-root

-change docker file

Change-Id: I2da9777dbb4b5feb9c5fb26ddb88f8df9a047bb2
Issue-ID: EXTAPI-202
Signed-off-by: romaingimbert <romain.gimbert@orange.com>
---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 9cc5868..91a6a9d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,9 @@ ARG SERVER_PORT
 ARG PKG_FILENAME=nbi-rest-services-3.0.1.jar
 ADD target/$PKG_FILENAME app.jar
 
+RUN addgroup -S appgroup
+RUN adduser -S appuser -G appgroup
+
 COPY src/main/resources/certificate /certs
 ARG CERT_PASS=changeit
 RUN for cert in $(ls -d /certs/*); do \
@@ -32,6 +35,8 @@ RUN for cert in $(ls -d /certs/*); do \
                 --noprompt; \
     done
 
+USER appuser:appgroup
+
 ENV SERVER_PORT=${SERVER_PORT:-8080}
 ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom"
 
-- 
2.16.6