Run CCSDK dockers as non-root

Update CCSDK docker images to run as non-root user by default Change-Id: Ia07c433a0e6f041d6684f24b765f4c1733b51162 Issue-ID: CCSDK-1099 Signed-off-by: Timoney, Dan (dt5972) <dtimoney@att.com>
author: Timoney, Dan (dt5972) <dtimoney@att.com> 2019-02-21 14:57:34 -0500
committer: Timoney, Dan (dt5972) <dtimoney@att.com> 2019-02-21 14:57:34 -0500
commit: 38e175fa6762c27b85df450002e6458d9b0a41d6 (patch)
tree: ffee3f46477dd521269f9a010d6c59ce71508b97 /ansible-server
parent: a794b4f8e543361e237f70aeae6bca2347f8dfee (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/ansible-server/src/main/Dockerfile b/ansible-server/src/main/Dockerfile
index 4a9c4147..7ad66d30 100644
--- a/ansible-server/src/main/Dockerfile
+++ b/ansible-server/src/main/Dockerfile
@@ -19,12 +19,19 @@ RUN apk add --no-cache curl \
     pip install --no-cache-dir -r ansible-server/requirements.txt &&\
     apk del .build-deps
 
-COPY ansible-server ansible-server
-COPY configuration/ansible.cfg /etc/ansible/ansible.cfg
+RUN addgroup -S ansible && adduser -S ansible -G ansible
+COPY --chown=ansible:ansible ansible-server ansible-server
+COPY --chown=ansible:ansible configuration/ansible.cfg /etc/ansible/ansible.cfg
+
 
 WORKDIR /opt/ansible-server
 
 RUN mkdir /opt/onap ; ln -s /opt/ansible-server /opt/onap/ccsdk
+RUN echo > /var/log/ansible-server.log
+RUN chown ansible:ansible /var/log/ansible-server.log
+
+USER ansible:ansible
+
 
 EXPOSE 8000
author	Timoney, Dan (dt5972) <dtimoney@att.com>	2019-02-21 14:57:34 -0500
committer	Timoney, Dan (dt5972) <dtimoney@att.com>	2019-02-21 14:57:34 -0500
commit	38e175fa6762c27b85df450002e6458d9b0a41d6 (patch)
tree	ffee3f46477dd521269f9a010d6c59ce71508b97 /ansible-server
parent	a794b4f8e543361e237f70aeae6bca2347f8dfee (diff)