From f6a8a8322d09d5f6012167d298dea6f0471cb82c Mon Sep 17 00:00:00 2001
From: Andrew Gauld <agauld@att.com>
Date: Fri, 27 Mar 2020 15:30:36 +0000
Subject: Update images to run as non-root

Images updated and the new versions are:
adapter.acumos:1.0.2
mod.distributorapi:1.0.1
mod.onboardingapi:2.12.1
mod.designtool-web:1.0.2
mod.genprocessor-job:1.0.1
mod.genprocessor-http:1.0.1
mod.runtime-web:1.0.2
Note: image names all start with "onap/org.onap.dcaegen2.platform."

designtool-web was already running as a non-root user.  The others have been
changed to create user "dcaemod" and run as that user.

The listen port numbers on mod.distributorapi, mod.onboardingapi, and
mod.genprocessor-http are changed from 80 to 8080.

URLs in designtool-web, distributorapi, and genprocessor-job are adjusted
to reflect the new port numbers.

Change-Id: I510122952666c21cb92f3f64552e99d50af7c355
Issue-ID: DCAEGEN2-2170
Signed-off-by: Andrew Gauld <agauld@att.com>
---
 adapter/acumos/Changelog.md            | 2 ++
 adapter/acumos/Dockerfile              | 7 ++++++-
 adapter/acumos/README.md               | 2 +-
 adapter/acumos/aoconversion/scanner.py | 4 ++--
 adapter/acumos/pom.xml                 | 2 +-
 adapter/acumos/setup.py                | 2 +-
 6 files changed, 13 insertions(+), 6 deletions(-)

(limited to 'adapter')

diff --git a/adapter/acumos/Changelog.md b/adapter/acumos/Changelog.md
index e900ad7..55bafa8 100644
--- a/adapter/acumos/Changelog.md
+++ b/adapter/acumos/Changelog.md
@@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [1.0.2] - 3/26/2020
+    * Run as non-root
 ## [1.0.1] - 3/20/2020
     * Adjust URL paths for consistency with DCAE GEN design tool
 ## [1.0.0] - 11/13/2019
diff --git a/adapter/acumos/Dockerfile b/adapter/acumos/Dockerfile
index 7ec9656..d1a0984 100644
--- a/adapter/acumos/Dockerfile
+++ b/adapter/acumos/Dockerfile
@@ -17,6 +17,8 @@
 # ============LICENSE_END======================================================
 
 FROM python:3.7
+ARG UID=1000
+ARG GID=1000
 COPY setup.py /tmp/build/
 COPY aoconversion/ /tmp/build/aoconversion/
 RUN apt-get update && \
@@ -26,9 +28,12 @@ RUN apt-get update && \
     cd /tmp/build/ && \
     python setup.py install && \
     cd / && \
-    rm -rf /tmp/*
+    rm -rf /tmp/* && \
+    groupadd -g $GID dcaemod && \
+    useradd -s /bin/bash -u $UID -g $GID -m dcaemod
 
 EXPOSE 9000
 ENV PYTHONUNBUFFERED TRUE
+USER dcaemod
 ENTRYPOINT [ "/usr/local/bin/acumos-adapter" ]
 CMD [ "/run/config/config.yaml" ]
diff --git a/adapter/acumos/README.md b/adapter/acumos/README.md
index 55490ba..2de3845 100644
--- a/adapter/acumos/README.md
+++ b/adapter/acumos/README.md
@@ -56,7 +56,7 @@ This operates in 2 modes:
     Gateway of the ACUMOS instance.
   certfile - The file path for the PEM file containing the private key, etc.
   dockerhost - (optional) The URL for the docker host.  By default,
-    unix:///var/run/docker.sock.
+    tcp://localhost:2375.
   dockerregistry - The host:port for the ONAP docker registry.
   dockeruser - The user ID for uploading images to the docker registry.
   dockerpass - The password for uploading images to the docker registry.
diff --git a/adapter/acumos/aoconversion/scanner.py b/adapter/acumos/aoconversion/scanner.py
index 41f18de..cf3ac79 100644
--- a/adapter/acumos/aoconversion/scanner.py
+++ b/adapter/acumos/aoconversion/scanner.py
@@ -47,7 +47,7 @@ class Config(object):
     Configuration parameters as attributes, make sure the required ones are there,
     populate defaults.
     """
-    def __init__(self, dcaeurl, dcaeuser, onboardingurl, onboardinguser, onboardingpass, certfile, dockerregistry, dockeruser, dockerpass, acumosurl=None, interval=900, dockerhost='unix:///var/run/docker.sock', tmpdir='/var/tmp/aoadapter', certverify=True, catalogs=None, port=None, **extras):
+    def __init__(self, dcaeurl, dcaeuser, onboardingurl, onboardinguser, onboardingpass, certfile, dockerregistry, dockeruser, dockerpass, acumosurl=None, interval=900, dockerhost='tcp://localhost:2375', tmpdir='/var/tmp/aoadapter', certverify=True, catalogs=None, port=None, **extras):
         self.dcaeurl = dcaeurl
         self.dcaeuser = dcaeuser
 
@@ -299,7 +299,7 @@ class Apihandler(BaseHTTPRequestHandler):
             else:
                 solution = aa.jsonget('/solutions/{}', self.qparams['solutionId'])
                 onboard(aa, callback, solution, self.qparams['revisionId'])
-            self.replyraw('OK', 'text/plain')
+            self.replyraw('OK'.encode('utf-8'), 'text/plain')
             return
         self.send_error(400)
 
diff --git a/adapter/acumos/pom.xml b/adapter/acumos/pom.xml
index 7d872ef..1ea941d 100644
--- a/adapter/acumos/pom.xml
+++ b/adapter/acumos/pom.xml
@@ -23,7 +23,7 @@ limitations under the License.
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.onap.dcaegen2.platform.adapter</groupId>
 	<artifactId>dcaegen2-platform-adapter-acumos</artifactId>
-	<version>1.0.1</version>
+	<version>1.0.2-SNAPSHOT</version>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<sonar.sources>.</sonar.sources>
diff --git a/adapter/acumos/setup.py b/adapter/acumos/setup.py
index 9001cd5..e833307 100644
--- a/adapter/acumos/setup.py
+++ b/adapter/acumos/setup.py
@@ -20,7 +20,7 @@ from setuptools import setup, find_packages
 
 setup(
     name="aoconversion",
-    version="1.0.1",
+    version="1.0.2",
     packages=find_packages(exclude=["tests.*", "tests"]),
     author="Tommy Carpenter, Andrew Gauld",
     author_email="tommy@research.att.com, agauld@att.com",
-- 
cgit 1.2.3-korg