Merge "Making POD run as non-root" into frankfurt

2 files changed, 10 insertions, 0 deletions

diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
index 1035915f1..042041ebb 100755
--- a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
+++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile
@@ -9,9 +9,14 @@ FROM omahoco1/alpine-java-python
 
 # add entrypoint
 COPY startService.sh /startService.sh
+RUN addgroup -S onap && adduser -S onap -G onap
+RUN chown onap:onap /startService.sh
 RUN chmod 777 /startService.sh && dos2unix /startService.sh
 
 # add application
 COPY --from=extractor /opt /opt
+RUN mkdir /opt/app/onap/blueprints
+RUN chown onap:onap /opt -R
+USER onap
 
 ENTRYPOINT [ "/startService.sh" ]
diff --git a/ms/sdclistener/distribution/src/main/docker/Dockerfile b/ms/sdclistener/distribution/src/main/docker/Dockerfile
index 34f6443bf..5168dd9c2 100755
--- a/ms/sdclistener/distribution/src/main/docker/Dockerfile
+++ b/ms/sdclistener/distribution/src/main/docker/Dockerfile
@@ -1,7 +1,9 @@
 FROM openjdk:8-jdk-alpine
 
+RUN addgroup -S onap && adduser -S onap -G onap
 # add entrypoint
 COPY startService.sh /startService.sh
+RUN chown onap:onap /startService.sh
 RUN chmod 751 /startService.sh
 # add application
 COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz
@@ -10,4 +12,7 @@ RUN tar -xzf /source.tar.gz -C /tmp \
  && rm -rf /source.tar.gz \
  && rm -rf /tmp/@project.build.finalName@
 
+RUN mkdir /opt/app/onap/cds-sdc-listener
+RUN chown onap:onap /opt -R
+USER onap
 ENTRYPOINT /startService.sh