aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordglFromAtt <dgl@research.att.com>2019-04-12 18:59:42 +0000
committerdglFromAtt <dgl@research.att.com>2019-04-12 18:59:56 +0000
commit85e7c7e57c262e38a0b3e0a14e4ebf4b92f00a58 (patch)
treed70dbb91af617a2ff771c730279078aaefd3cc6f
parentd1eb116b93ba7a6f8dae7e34157a6e155104db9a (diff)
Run as non-root
Change-Id: I25f5bf778b9878648bd305fa0de965e4e7ec718c Signed-off-by: dglFromAtt <dgl@research.att.com> Issue-ID: DMAAP-1164
-rw-r--r--dbc-client/misc/dbc-client1
-rw-r--r--dbc-client/pom.xml2
-rw-r--r--dbc-client/src/main/resources/Dockerfile6
-rw-r--r--dbc-client/version.properties2
-rw-r--r--dmaap-bc/misc/dmaapbc46
-rw-r--r--dmaap-bc/pom.xml2
-rw-r--r--dmaap-bc/src/main/resources/Dockerfile6
-rw-r--r--dmaap-bc/version.properties2
8 files changed, 36 insertions, 31 deletions
diff --git a/dbc-client/misc/dbc-client b/dbc-client/misc/dbc-client
index 1e839ec..c29ec86 100644
--- a/dbc-client/misc/dbc-client
+++ b/dbc-client/misc/dbc-client
@@ -25,7 +25,6 @@ umask 0022
TZ=GMT0
COMPONENT=dbc-client
APP_ROOT=${APP_ROOT:-/opt/app/$COMPONENT}
-USER=root
export TZ
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
export PATH
diff --git a/dbc-client/pom.xml b/dbc-client/pom.xml
index 83c1d05..384d6a8 100644
--- a/dbc-client/pom.xml
+++ b/dbc-client/pom.xml
@@ -270,7 +270,7 @@
<jettyVersion>9.4.12.RC2</jettyVersion>
<eelf.version>1.0.0</eelf.version>
<swagger.version>1.5.19</swagger.version>
- <artifact.version>1.0.6</artifact.version>
+ <artifact.version>1.0.7</artifact.version>
<!-- SONAR -->
<jacoco.version>0.7.7.201606060606</jacoco.version>
<sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
diff --git a/dbc-client/src/main/resources/Dockerfile b/dbc-client/src/main/resources/Dockerfile
index 9baa481..85f9426 100644
--- a/dbc-client/src/main/resources/Dockerfile
+++ b/dbc-client/src/main/resources/Dockerfile
@@ -46,4 +46,10 @@ RUN chmod +x /opt/app/dbc-client/bin/* && \
VOLUME /opt/app/dbc-client/log
+RUN addgroup -S -g 1001 onap \
+ && adduser -S -u 1000 dbc -G onap \
+ && chown -R dbc:onap /opt/
+
+USER dbc
+
ENTRYPOINT ["sh", "./bin/dbc-client" ]
diff --git a/dbc-client/version.properties b/dbc-client/version.properties
index dadd8a9..0607bbf 100644
--- a/dbc-client/version.properties
+++ b/dbc-client/version.properties
@@ -27,7 +27,7 @@
major=1
minor=0
-patch=6
+patch=7
base_version=${major}.${minor}.${patch}
# Release must be completed with git revision # in Jenkins
diff --git a/dmaap-bc/misc/dmaapbc b/dmaap-bc/misc/dmaapbc
index 74e8707..97ad226 100644
--- a/dmaap-bc/misc/dmaapbc
+++ b/dmaap-bc/misc/dmaapbc
@@ -25,7 +25,8 @@ umask 0022
TZ=GMT0
COMPONENT=dmaapbc
APP_ROOT=/opt/app/$COMPONENT
-USER=root
+USER=dbc
+GROUP=onap
export TZ
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/java/jdk/jdk180/bin
export PATH
@@ -36,7 +37,22 @@ CONFIGMAP_PROPS=${CONFIGMAP_PROPS:-$CONFIGMAP_ROOT/conf/dmaapbc.properties}
CONTAINER_CONFIG=$CONFIGMAP_ROOT/conf/buscontroller.env
MAIN=org.onap.dmaap.dbcapi.server.Main
-
+authcheck() {
+ set -x
+ ID=`id -n -u`
+ GRP=`id -n -g`
+ if [ "$ID" != "$USER" ]
+ then
+ echo $COMPONENT must be started as user $USER not $ID
+ exit 1
+ fi
+ if [ "$GRP" != "$GROUP" ]
+ then
+ echo $COMPONENT must be started as group $GROUP not $GRP
+ exit 1
+ fi
+ set +x
+}
pids() {
set -x
@@ -92,18 +108,7 @@ config() {
start() {
echo "ENTER start"
set -x
- ID=`id -n -u`
- GRP=`id -n -g`
- if [ "$ID" != "$USER" ]
- then
- echo $COMPONENT must be started as user $USER not $ID
- exit 1
- fi
- if [ "$GRP" != "$USER" ]
- then
- echo $COMPONENT must be started as group $USER not $GRP
- exit 1
- fi
+ authcheck
cd $APP_ROOT
pwd
@@ -134,18 +139,7 @@ start() {
stop() {
echo "ENTER stop"
- ID=`id -n -u`
- GRP=`id -n -g`
- if [ "$ID" != "$USER" ]
- then
- echo $COMPONENT must be stopped as user $USER not $ID
- exit 1
- fi
- if [ "$GRP" != "$USER" ]
- then
- echo $COMPONENT must be stopped as group $USER not $GRP
- exit 1
- fi
+ authcheck
touch $APP_ROOT/etc/SHUTDOWN
PIDS=`pids`
if [ "$PIDS" != "" ]
diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml
index 8252249..cf73b79 100644
--- a/dmaap-bc/pom.xml
+++ b/dmaap-bc/pom.xml
@@ -469,7 +469,7 @@
<jettyVersion>9.4.12.RC2</jettyVersion>
<eelf.version>1.0.0</eelf.version>
<swagger.version>1.5.19</swagger.version>
- <artifact.version>1.1.3</artifact.version>
+ <artifact.version>1.1.4</artifact.version>
<!-- SONAR -->
<jacoco.version>0.7.7.201606060606</jacoco.version>
<sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile
index 014fb5e..d930a6f 100644
--- a/dmaap-bc/src/main/resources/Dockerfile
+++ b/dmaap-bc/src/main/resources/Dockerfile
@@ -53,4 +53,10 @@ RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \
VOLUME /opt/app/dmaapbc/log
+RUN addgroup -S -g 1001 onap \
+ && adduser -S -u 1000 dbc -G onap \
+ && chown -R dbc:onap /opt/
+
+USER dbc
+
ENTRYPOINT ["sh", "./bin/dmaapbc", "deploy"]
diff --git a/dmaap-bc/version.properties b/dmaap-bc/version.properties
index 635e84d..fcbb908 100644
--- a/dmaap-bc/version.properties
+++ b/dmaap-bc/version.properties
@@ -27,7 +27,7 @@
major=1
minor=1
-patch=3
+patch=4
base_version=${major}.${minor}.${patch}
# Release must be completed with git revision # in Jenkins