Add non-root user to Docker image

Change-Id: Ie065edb17b7a8dba7086e12e2a2249cbbfcaf32d
Issue-ID: DCAEGEN2-1554
Signed-off-by: Michael Hwang <mhwang@research.att.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1c27804..52ac665 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 The version in the brackets represents the version of DCAE inventory and not the ONAP DCAE version.
 
+## [Dev]
+
+* Add non-root user in Docker image so that the inventory service can be run in non-privileged mode for security reasons
+
 ## [3.0.1]
 
 * Explicitly use 5.3.6.Final for hibernate-validator and 9.4.6 for jetty-util to address security issues
diff --git a/pom.xml b/pom.xml
index 08bb09f..282659d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -343,6 +343,10 @@ ECOMP is a trademark and service mark of AT&T Intellectual Property.
                 <configuration>
                     <imageName>${onap.nexus.dockerregistry.daily}/onap/${project.groupId}.${project.artifactId}</imageName>
                     <baseImage>openjdk:8-jre</baseImage>
+                    <user>inventory</user>
+                    <runs>
+                        <run>adduser --system --group inventory</run>
+                    </runs>
                     <entryPoint>["java", "-jar", "/opt/${project.build.finalName}.jar", "server"]</entryPoint>
                     <resources>
                         <resource>