From: ChrisC <christophe.closset@intl.att.com>
Date: Tue, 17 Mar 2020 13:18:38 +0000 (+0100)
Subject: AAF non-root
X-Git-Tag: 4.0.2^0
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aaf%2Fsms.git;a=commitdiff_plain;h=172045b5db0618f288b577a9fdbb8ece3208d687

AAF non-root


update SMS dockerfiles to run as non-root

Issue-ID: AAF-1102
Signed-off-by: ChrisC <christophe.closset@intl.att.com>, JulienBe <jb379x@att.com>
Change-Id: Idd982a17fd81a599acb57a1eba331706bd22529e
---

diff --git a/sms-service/bin/build_sms_image.sh b/sms-service/bin/build_sms_image.sh
index 403c2ac..5dead3f 100755
--- a/sms-service/bin/build_sms_image.sh
+++ b/sms-service/bin/build_sms_image.sh
@@ -13,6 +13,7 @@ IMAGE="sms"
 DOCKER_REPOSITORY="nexus3.onap.org:10003"
 IMAGE_NAME="${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/${IMAGE}"
 TIMESTAMP=$(date +"%Y%m%dT%H%M%S")
+DUSER=aaf
 
 if [ $HTTP_PROXY ]; then
     BUILD_ARGS+=" --build-arg HTTP_PROXY=${HTTP_PROXY}"
diff --git a/sms-service/bin/quorumdockerfile b/sms-service/bin/quorumdockerfile
index 4913fe6..44c9289 100644
--- a/sms-service/bin/quorumdockerfile
+++ b/sms-service/bin/quorumdockerfile
@@ -3,11 +3,12 @@ FROM alpine:3.7
 LABEL name="aaf-sms-quorumclient"
 LABEL version=4.0.0
 LABEL maintainer="Girish Havaldar <hg0071052@techmahindra.com>"
-
-RUN mkdir -p /quorumclient/auth
+RUN addgroup aaf && adduser -H -D -g "" -G aaf aaf && \
+    mkdir -p /quorumclient/auth && \
+    chown -R aaf:aaf /quorumclient
 ADD aaf_root_ca.cer /quorumclient/certs/aaf_root_ca.cer
 ADD quorumclient /quorumclient/bin/quorumclient
 RUN chmod +x /quorumclient/bin/quorumclient
-
+USER aaf
 WORKDIR /quorumclient
 ENTRYPOINT ["/quorumclient/bin/quorumclient"]
diff --git a/sms-service/bin/smsdockerfile b/sms-service/bin/smsdockerfile
index afd952a..829f89b 100644
--- a/sms-service/bin/smsdockerfile
+++ b/sms-service/bin/smsdockerfile
@@ -5,8 +5,9 @@ LABEL version=4.0.0
 LABEL maintainer="vamshi krishna <vn00480215@techmahindra.com>"
 
 EXPOSE 10443
-
-RUN mkdir -p /sms/auth
+RUN addgroup aaf && adduser -H -D -g "" -G aaf aaf && \
+    mkdir -p /sms/auth && \
+    chown -R aaf:aaf /sms
 ADD aaf_root_ca.cer /sms/certs/aaf_root_ca.cer
 ADD aaf-sms.pub /sms/certs/aaf-sms.pub
 ADD aaf-sms.pr /sms/certs/aaf-sms.pr
@@ -14,6 +15,6 @@ ADD sms /sms/bin/sms
 RUN chmod +x /sms/bin/sms
 ADD preload /sms/bin/preload
 RUN chmod +x /sms/bin/preload
-
+USER aaf
 WORKDIR /sms
 ENTRYPOINT ["/sms/bin/sms"]