From: Bin Yang <bin.yang@windriver.com>
Date: Thu, 21 Feb 2019 03:59:31 +0000 (+0000)
Subject: Run multicloud broker service as non root user
X-Git-Tag: 1.3.0~34
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=multicloud%2Fframework.git;a=commitdiff_plain;h=refs%2Fchanges%2F92%2F78892%2F2

Run multicloud broker service as non root user

Change-Id: Ib9e2d1647a3b18a6916e672bb6017bdd01908749
Issue-ID: MULTICLOUD-495
Signed-off-by: Bin Yang <bin.yang@windriver.com>
---

diff --git a/multivimbroker/docker/Dockerfile b/multivimbroker/docker/Dockerfile
index bc72323..1525e47 100644
--- a/multivimbroker/docker/Dockerfile
+++ b/multivimbroker/docker/Dockerfile
@@ -10,6 +10,8 @@ ENV AAI_PASSWORD "AAI"
 
 EXPOSE 9001
 
+RUN groupadd -r onap && useradd -r -g onap onap
+
 # COPY ./ /opt/multivimbroker/
 RUN apt-get update && \
     apt-get install -y unzip && \
@@ -17,7 +19,10 @@ RUN apt-get update && \
     wget -O multicloud-framework.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.framework.broker&a=multicloud-framework-broker&e=zip&v=1.2.3-SNAPSHOT" && \
     unzip -q -o -B multicloud-framework.zip && \
     rm -f multicloud-framework.zip && \
-    pip install -r /opt/multivimbroker/requirements.txt
+    pip install -r /opt/multivimbroker/requirements.txt && \
+    chown onap:onap /opt/multivimbroker -R
+
+USER onap
 
 WORKDIR /opt/multivimbroker
-CMD /bin/sh -c /opt/multivimbroker/run.sh
\ No newline at end of file
+CMD /bin/sh -c /opt/multivimbroker/run.sh