Code Review / aaf / sms.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8b9a5a0)
AAF non-root 88/103788/4 4.0.2
authorChrisC <christophe.closset@intl.att.com>
Tue, 17 Mar 2020 13:18:38 +0000 (14:18 +0100)
committerChristophe Closset <christophe.closset@intl.att.com>
Mon, 23 Mar 2020 12:57:08 +0000 (12:57 +0000)
update SMS dockerfiles to run as non-root

Issue-ID: AAF-1102
Signed-off-by: ChrisC <christophe.closset@intl.att.com>, JulienBe <jb379x@att.com>
Change-Id: Idd982a17fd81a599acb57a1eba331706bd22529e

sms-service/bin/build_sms_image.sh patch | blob | history
sms-service/bin/quorumdockerfile patch | blob | history
sms-service/bin/smsdockerfile patch | blob | history

diff --git a/sms-service/bin/build_sms_image.sh b/sms-service/bin/build_sms_image.sh
index 403c2ac..5dead3f 100755 (executable)
--- a/sms-service/bin/build_sms_image.sh
+++ b/sms-service/bin/build_sms_image.sh
@@ -13,6 +13,7 @@ IMAGE="sms"
 DOCKER_REPOSITORY="nexus3.onap.org:10003"
 IMAGE_NAME="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}"
 TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
+DUSER=aaf
 
 if [ $HTTP_PROXY ]; then
     BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
diff --git a/sms-service/bin/quorumdockerfile b/sms-service/bin/quorumdockerfile
index 4913fe6..44c9289 100644 (file)
--- a/sms-service/bin/quorumdockerfile
+++ b/sms-service/bin/quorumdockerfile
@@ -3,11 +3,12 @@ FROM alpine:3.7
 LABEL name="aaf-sms-quorumclient"
 LABEL version=4.0.0
 LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
-
-RUN mkdir -p /quorumclient/auth
+RUN addgroup aaf && adduser -H -D -g "" -G aaf aaf && \
+    mkdir -p /quorumclient/auth && \
+    chown -R aaf:aaf /quorumclient
 ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
 ADD quorumclient /quorumclient/bin/quorumclient
 RUN chmod +x /quorumclient/bin/quorumclient
-
+USER aaf
 WORKDIR /quorumclient
 ENTRYPOINT ["/quorumclient/bin/quorumclient"]
diff --git a/sms-service/bin/smsdockerfile b/sms-service/bin/smsdockerfile
index afd952a..829f89b 100644 (file)
--- a/sms-service/bin/smsdockerfile
+++ b/sms-service/bin/smsdockerfile
@@ -5,8 +5,9 @@ LABEL version=4.0.0
 LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
 
 EXPOSE 10443
-
-RUN mkdir -p /sms/auth
+RUN addgroup aaf && adduser -H -D -g "" -G aaf aaf && \
+    mkdir -p /sms/auth && \
+    chown -R aaf:aaf /sms
 ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
 ADD aaf-sms.pub /sms/certs/aaf-sms.pub
 ADD aaf-sms.pr /sms/certs/aaf-sms.pr
@@ -14,6 +15,6 @@ ADD sms /sms/bin/sms
 RUN chmod +x /sms/bin/sms
 ADD preload /sms/bin/preload
 RUN chmod +x /sms/bin/preload
-
+USER aaf
 WORKDIR /sms
 ENTRYPOINT ["/sms/bin/sms"]
Secret Management Service that will contain the webservice as well as client code for managing and accessing secrets.