From 40ee89ac1d1a8c116d96146a8f6ba862bc81db26 Mon Sep 17 00:00:00 2001
From: Jack Lucas <jflucas@research.att.com>
Date: Tue, 11 Feb 2020 11:50:07 -0500
Subject: Change health check to run as non-root user

Requires change to listening port for health check server
(from 80 to 8080).
Also update nodejs version.

Issue-ID: DCAEGEN2-2071
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I5e85cc2184cfab845a70905edabad4699f0ef411
---
 healthcheck-container/Dockerfile     | 11 +++++++----
 healthcheck-container/healthcheck.js |  4 ++--
 healthcheck-container/pom.xml        |  4 ++--
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/healthcheck-container/Dockerfile b/healthcheck-container/Dockerfile
index ac61e1b..9b884a7 100644
--- a/healthcheck-container/Dockerfile
+++ b/healthcheck-container/Dockerfile
@@ -1,7 +1,7 @@
 # ============LICENSE_START=======================================================
 # org.onap.dcae
 # ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 # ================================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,10 +16,13 @@
 # limitations under the License.
 # ============LICENSE_END=========================================================
 #
-FROM node:10.14.1
-RUN mkdir -p /opt/app
+FROM node:12.15.0
+RUN mkdir -p /opt/app \
+  && useradd -d /opt/app health
 COPY *.js /opt/app/
 COPY package.json /opt/app/
+RUN chown -R health:health /opt/app
 WORKDIR /opt/app
-EXPOSE 80
+USER health
+EXPOSE 8080
 ENTRYPOINT ["/usr/local/bin/node", "healthcheck.js"]
diff --git a/healthcheck-container/healthcheck.js b/healthcheck-container/healthcheck.js
index 1156ff5..4089f0c 100644
--- a/healthcheck-container/healthcheck.js
+++ b/healthcheck-container/healthcheck.js
@@ -1,5 +1,5 @@
 /*
-Copyright(c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+Copyright(c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -91,4 +91,4 @@ const server = http.createServer(function(req, res) {
         res.end(JSON.stringify(ret.body || {}), 'utf8');
     });
 });
-server.listen(80);
+server.listen(8080);
diff --git a/healthcheck-container/pom.xml b/healthcheck-container/pom.xml
index d5f30a1..a90be9f 100644
--- a/healthcheck-container/pom.xml
+++ b/healthcheck-container/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <!--
 ================================================================================
-Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
 ================================================================================
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -27,7 +27,7 @@ limitations under the License.
   <groupId>org.onap.dcaegen2.deployments</groupId>
   <artifactId>healthcheck-container</artifactId>
   <name>dcaegen2-deployments-healthcheck-container</name>
-  <version>1.2.5</version>
+  <version>1.3.0</version>
   <url>http://maven.apache.org</url>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-- 
cgit 1.2.3-korg