From f6a8a8322d09d5f6012167d298dea6f0471cb82c Mon Sep 17 00:00:00 2001 From: Andrew Gauld Date: Fri, 27 Mar 2020 15:30:36 +0000 Subject: Update images to run as non-root Images updated and the new versions are: adapter.acumos:1.0.2 mod.distributorapi:1.0.1 mod.onboardingapi:2.12.1 mod.designtool-web:1.0.2 mod.genprocessor-job:1.0.1 mod.genprocessor-http:1.0.1 mod.runtime-web:1.0.2 Note: image names all start with "onap/org.onap.dcaegen2.platform." designtool-web was already running as a non-root user. The others have been changed to create user "dcaemod" and run as that user. The listen port numbers on mod.distributorapi, mod.onboardingapi, and mod.genprocessor-http are changed from 80 to 8080. URLs in designtool-web, distributorapi, and genprocessor-job are adjusted to reflect the new port numbers. Change-Id: I510122952666c21cb92f3f64552e99d50af7c355 Issue-ID: DCAEGEN2-2170 Signed-off-by: Andrew Gauld --- mod/onboardingapi/ChangeLog.md | 4 ++++ mod/onboardingapi/Dockerfile | 18 ++++++++++++------ mod/onboardingapi/dcae_cli/_version.py | 2 +- mod/onboardingapi/dcae_cli/http.py | 2 +- mod/onboardingapi/pom.xml | 2 +- mod/onboardingapi/start.sh | 1 + 6 files changed, 20 insertions(+), 9 deletions(-) (limited to 'mod/onboardingapi') diff --git a/mod/onboardingapi/ChangeLog.md b/mod/onboardingapi/ChangeLog.md index 21d0f0c..28578d2 100644 --- a/mod/onboardingapi/ChangeLog.md +++ b/mod/onboardingapi/ChangeLog.md @@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [2.12.1] + +* Run as non-root + ## [2.12.0] * Add HTTP support using Flask/flask-restplus diff --git a/mod/onboardingapi/Dockerfile b/mod/onboardingapi/Dockerfile index 606ca5b..2c3cd0d 100644 --- a/mod/onboardingapi/Dockerfile +++ b/mod/onboardingapi/Dockerfile @@ -1,12 +1,18 @@ FROM python:3.7-alpine -RUN apk update && \ - apk add --virtual build-deps gcc python-dev musl-dev && \ - apk add postgresql-dev bash +ARG UID=1000 +ARG GID=1000 + COPY . /code WORKDIR /code -RUN pip install . \ - && mkdir -p ~/.config/dcae-cli -EXPOSE 80 +RUN apk update && \ + apk add --virtual build-deps gcc python-dev musl-dev && \ + apk add postgresql-dev bash && \ + addgroup -g $GID dcaemod && \ + adduser -s /bin/bash -u $UID -G dcaemod -D dcaemod && \ + pip install . + +EXPOSE 8080 +USER dcaemod CMD /code/start.sh diff --git a/mod/onboardingapi/dcae_cli/_version.py b/mod/onboardingapi/dcae_cli/_version.py index e1ceca3..b61bd9a 100644 --- a/mod/onboardingapi/dcae_cli/_version.py +++ b/mod/onboardingapi/dcae_cli/_version.py @@ -19,4 +19,4 @@ # ECOMP is a trademark and service mark of AT&T Intellectual Property. # -*- coding: utf-8 -*- -__version__ = "2.12.0" +__version__ = "2.12.1" diff --git a/mod/onboardingapi/dcae_cli/http.py b/mod/onboardingapi/dcae_cli/http.py index 792cd7f..4d3ae0c 100644 --- a/mod/onboardingapi/dcae_cli/http.py +++ b/mod/onboardingapi/dcae_cli/http.py @@ -498,4 +498,4 @@ def start_http_server(catalog, debug=True): if debug: _app.run(debug=True) else: - _app.run(host="0.0.0.0", port=80, debug=False) + _app.run(host="0.0.0.0", port=8080, debug=False) diff --git a/mod/onboardingapi/pom.xml b/mod/onboardingapi/pom.xml index 588a9b2..be5e683 100644 --- a/mod/onboardingapi/pom.xml +++ b/mod/onboardingapi/pom.xml @@ -22,7 +22,7 @@ limitations under the License. org.onap.dcaegen2.platform.mod dcaegen2-platform-mod-onboardingapi dcaegen2-platform-mod-onboardingapi - 2.12.0 + 2.12.1-SNAPSHOT http://maven.apache.org UTF-8 diff --git a/mod/onboardingapi/start.sh b/mod/onboardingapi/start.sh index 6d7d9e5..a938c98 100755 --- a/mod/onboardingapi/start.sh +++ b/mod/onboardingapi/start.sh @@ -6,6 +6,7 @@ if [ -z $PG_CONN ]; then exit 1 fi +mkdir -p ~/.config/dcae-cli if [ ! -f ~/.config/dcae-cli/config.json ]; then echo "Creating dcae-cli config" # TODO: Make this into a variable that gets fed in via docker run -- cgit 1.2.3-korg