From c73866cf44cad2be9a91ea1e2a3a77fcc29d9c2a Mon Sep 17 00:00:00 2001
From: "Kotagiri, Ramprasad (rp5662)" <rp5662@att.com>
Date: Mon, 3 Feb 2020 13:43:25 -0500
Subject: DCAE dashboard security fixes

Portal SDK ver 2.6.0, non-root user for docker container
Change label on Dashboard Home page, API changes, Container optimization

Change-Id: Ie2c8efd76d34fddc2b182d5ed494761522695914
Issue-ID: DCAEGEN2-1638
Issue-ID: CCSDK-1485
Issue-ID: DCAEGEN2-1921
Issue-ID: DCAEGEN2-1915
Issue-ID: DCAEGEN2-1856
Issue-ID: DCAEGEN2-1556
Issue-ID: DCAEGEN2-1592
Signed-off-by: Kotagiri, Ramprasad (rp5662) <rp5662@att.com>
---
 ccsdk-app-os/Dockerfile | 45 ++++++++++++++++++++-------------------------
 1 file changed, 20 insertions(+), 25 deletions(-)

(limited to 'ccsdk-app-os/Dockerfile')

diff --git a/ccsdk-app-os/Dockerfile b/ccsdk-app-os/Dockerfile
index 81f3cb3..1e66e38 100644
--- a/ccsdk-app-os/Dockerfile
+++ b/ccsdk-app-os/Dockerfile
@@ -1,38 +1,33 @@
-# Use an official Tomcat image
-FROM tomcat:8
+# Use an official Tomcat base image
+FROM tomcat:8.5-alpine
 
 ENV APPDIR /usr/local/tomcat
 
-WORKDIR ${APPDIR}
-
-# Create deployments directory
-RUN mkdir /home/deployments
-
-# update apt-get
-RUN apt-get update
-
-# Install zip
-RUN apt-get -y --allow-unauthenticated install zip
+ENV APPUSER dash
 
-# Install vim
-RUN apt-get -y --allow-unauthenticated install vim
+RUN adduser -u 1000 -D ${APPUSER}
 
-# Install dos2unix
-RUN apt-get install dos2unix -f --allow-unauthenticated
-
-# Install postgresql
-RUN apt-get -y install postgresql --allow-unauthenticated
+WORKDIR ${APPDIR}
 
-# Download required scripts
 COPY docker-dashboard-installation.sh /tmp/docker-dashboard-installation.sh
 COPY create_table.sql /tmp/create_table.sql
+
+RUN mkdir /home/deployments \
+ && chown -R 1000:1000 ${APPDIR} \
+ && chown -R 1000:1000 /home/deployments \
+ && apk update \
+ && apk add zip \
+ && apk add vim \
+ && apk add dos2unix \
+ && apk add postgresql \
+ && dos2unix /tmp/create_table.sql \
+ && dos2unix /tmp/docker-dashboard-installation.sh \
+ && chmod +x /tmp/create_table.sql \
+ && chmod +x /tmp/docker-dashboard-installation.sh
+
 ARG WAR_FILE
 COPY target/${WAR_FILE} /home/deployments/ccsdk-app.war
 
-# Run docker-dashboard-installation.sh
-RUN dos2unix /tmp/create_table.sql
-RUN dos2unix /tmp/docker-dashboard-installation.sh
-RUN chmod +x /tmp/create_table.sql
-RUN chmod +x /tmp/docker-dashboard-installation.sh
+USER ${APPUSER}
 
 CMD ["/tmp/docker-dashboard-installation.sh"]
-- 
cgit 1.2.3-korg