Run as aaiadmin instead of root

Issue-ID: AAI-2822
Change-Id: I85fd62b6cdaf40addcad06614e85f1ba856ecd4f
Signed-off-by: Jimmy Forsyth <jf2512@att.com>

1 files changed, 18 insertions, 6 deletions

diff --git a/aai-resources/src/main/docker/Dockerfile b/aai-resources/src/main/docker/Dockerfile
index 1c17a75..be115e7 100644
--- a/aai-resources/src/main/docker/Dockerfile
+++ b/aai-resources/src/main/docker/Dockerfile
@@ -1,19 +1,31 @@
 FROM @aai.docker.namespace@/aai-common-@aai.base.image@:@aai.base.image.version@
 
-RUN  mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-RES
+RUN  mkdir -p /opt/aaihome/aaiadmin /opt/aai/logroot/AAI-RES /opt/bulkprocess_load
+
 
-VOLUME /opt/aai/logroot/AAI-RES
 VOLUME /tmp
 VOLUME /opt/tools
 
 HEALTHCHECK --interval=40s --timeout=10s --retries=3 CMD nc -z -v localhost ${SERVER_PORT:-8447} || exit 1
 
-# Add the proper files into the docker image from your build
-WORKDIR /opt/app/aai-resources
-COPY /maven/aai-resources/ .
+
 
 ENV AAI_BUILD_VERSION @aai.docker.version@
 # Expose the ports for outside linux to use
 # 8447 is the important one to be used
 EXPOSE 8447
-ENTRYPOINT ["/bin/bash", "/opt/app/aai-resources/docker-entrypoint.sh"]
\ No newline at end of file
+
+RUN groupadd aaiadmin -g 1000
+
+RUN adduser -u 1000 -h /opt/aaihome/aaiadmin -S -D -G aaiadmin -s /bin/bash aaiadmin
+
+# Add the proper files into the docker image from your build
+WORKDIR /opt/app/aai-resources
+
+RUN chown -R aaiadmin:aaiadmin /opt/app/aai-resources /etc/profile.d /opt/aai/logroot/AAI-RES /opt/bulkprocess_load
+
+COPY --chown=aaiadmin:aaiadmin /maven/aai-resources/ .
+
+USER aaiadmin
+
+ENTRYPOINT ["/bin/bash", "/opt/app/aai-resources/docker-entrypoint.sh"]