From 673917e3ba016364af77e034ebb579991127a76a Mon Sep 17 00:00:00 2001
From: Bin Yang <bin.yang@windriver.com>
Date: Thu, 21 Feb 2019 03:59:31 +0000
Subject: [PATCH] Run multicloud broker service as non root user

Change-Id: Ib9e2d1647a3b18a6916e672bb6017bdd01908749
Issue-ID: MULTICLOUD-495
Signed-off-by: Bin Yang <bin.yang@windriver.com>
---
 multivimbroker/docker/Dockerfile | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/multivimbroker/docker/Dockerfile b/multivimbroker/docker/Dockerfile
index bc72323..1525e47 100644
--- a/multivimbroker/docker/Dockerfile
+++ b/multivimbroker/docker/Dockerfile
@@ -10,6 +10,8 @@ ENV AAI_PASSWORD "AAI"
 
 EXPOSE 9001
 
+RUN groupadd -r onap && useradd -r -g onap onap
+
 # COPY ./ /opt/multivimbroker/
 RUN apt-get update && \
     apt-get install -y unzip && \
@@ -17,7 +19,10 @@ RUN apt-get update && \
     wget -O multicloud-framework.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.framework.broker&a=multicloud-framework-broker&e=zip&v=1.2.3-SNAPSHOT" && \
     unzip -q -o -B multicloud-framework.zip && \
     rm -f multicloud-framework.zip && \
-    pip install -r /opt/multivimbroker/requirements.txt
+    pip install -r /opt/multivimbroker/requirements.txt && \
+    chown onap:onap /opt/multivimbroker -R
+
+USER onap
 
 WORKDIR /opt/multivimbroker
-CMD /bin/sh -c /opt/multivimbroker/run.sh
\ No newline at end of file
+CMD /bin/sh -c /opt/multivimbroker/run.sh
-- 
2.16.6