From eba3e6a23105581e7a00ea3e99123ab480e38787 Mon Sep 17 00:00:00 2001
From: Alexander Mazuruk <a.mazuruk@samsung.com>
Date: Mon, 12 Apr 2021 18:47:04 +0200
Subject: Change datalake-handler baseOS to integration-

des:
 - less layers
 - user without home, login shell & password
 - general tidy-up
 - add quotes in run.sh for safety

feeder:

 - less layers
 - user without home, login shell & password
 - general tidy-up
 - alpine's find is from busybox and is built without extended regex support.
   grep is used for regex.
 - adjusted regexes to be more precise

Benefits from switching base image over:
* minimal {java11,python} images maintained by integration team
* using currently "blessed by seccom" versions (:latest tag used)
* should limit spread of legal issues across layers
* integration images will be the first to have automated compliance
  documentation
* should limit spread of base layers (contributing to deployment
  footprint - more base layers = more to download, more to store etc...)

Issue-ID: INT-1864
Issue-ID: DCAEGEN2-2420
Signed-off-by: Alexander Mazuruk <a.mazuruk@samsung.com>
Change-Id: I02b2b9567680e8a873d13684fd2341339b4bc337
---
 components/datalake-handler/des/Dockerfile         | 47 +++++++++++-----------
 .../datalake-handler/des/src/assembly/run.sh       |  2 +-
 components/datalake-handler/feeder/Dockerfile      | 44 ++++++++++----------
 .../datalake-handler/feeder/src/assembly/run.sh    |  5 ++-
 4 files changed, 49 insertions(+), 49 deletions(-)

(limited to 'components/datalake-handler')

diff --git a/components/datalake-handler/des/Dockerfile b/components/datalake-handler/des/Dockerfile
index 584ba9d6..46683a1d 100644
--- a/components/datalake-handler/des/Dockerfile
+++ b/components/datalake-handler/des/Dockerfile
@@ -1,6 +1,7 @@
 # ============LICENSE_START===================================================
 #  Copyright (C) 2020 China Mobile.
 #  Copyright (C) 2021 Wipro Limited
+#  Copyright (C) 2021 Samsung Electronics.
 # ============================================================================
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,36 +17,34 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 # ============LICENSE_END=====================================================
-
 FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0
 
-MAINTAINER Kai Lu <lukai@chinamobile.com>
+LABEL maintainer="Kai Lu <lukai@chinamobile.com>"
+
+ARG user=datalake
+ARG group=datalake
 
 EXPOSE 1681
 
 USER root
 
-RUN addgroup datalake && adduser -G datalake -h /home/datalake -D datalake
-RUN mkdir /home/datalake/db_init
-
-WORKDIR /home/datalake
+WORKDIR /datalake
+RUN addgroup $group && adduser --system --shell /bin/false --disabled-password --no-create-home --ingroup $group $user && \
+    mkdir -p /datalake/db_init && \
+    chown -R $user:$group /datalake && \
+    chmod g+s /datalake
 
 #add the fat jar
-COPY target/${JAR_FILE} .
-COPY src/assembly/run.sh .
-COPY src/assembly/init_db/db_scripts/init_db.sql .
-COPY src/assembly/init_db/db_scripts/init_db_data.sql .
-
-WORKDIR /home/datalake/db_init
-ADD src/assembly/init_db/scripts/db_init .
-
-WORKDIR /home/datalake
-
-RUN chmod -R 0755 ./* && \
-    chown -R datalake:datalake /home/datalake 
-
-RUN apk --update add postgresql-client curl
-
-USER datalake
-
-ENTRYPOINT  /home/datalake/run.sh
+COPY --chown=$user:$group target/${JAR_FILE} .
+COPY --chown=$user:$group src/assembly/run.sh .
+COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db.sql .
+COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db_data.sql .
+COPY --chown=$user:$group src/assembly/init_db/scripts/db_init ./db_init/
+
+RUN chmod -R 0755 *.sql && \
+    chmod u+x run.sh && \
+    apk add --no-cache postgresql-client curl
+
+USER $user
+ENTRYPOINT  ["/bin/sh"]
+CMD ["run.sh"]
diff --git a/components/datalake-handler/des/src/assembly/run.sh b/components/datalake-handler/des/src/assembly/run.sh
index e6df159d..c8014d2a 100644
--- a/components/datalake-handler/des/src/assembly/run.sh
+++ b/components/datalake-handler/des/src/assembly/run.sh
@@ -28,7 +28,7 @@ sh db_init/20_db-initdb
 
 echo "finish init db"
 
-cmd=`find . -name des*-execute.jar`
+cmd=`find . -name "des*-execute.jar"`
 if [ -n "$cmd" ]; then
     java -jar "$cmd"
 else
diff --git a/components/datalake-handler/feeder/Dockerfile b/components/datalake-handler/feeder/Dockerfile
index 9d79f7ef..769d21b8 100644
--- a/components/datalake-handler/feeder/Dockerfile
+++ b/components/datalake-handler/feeder/Dockerfile
@@ -1,31 +1,31 @@
 FROM nexus3.onap.org:10001/onap/integration-java11:8.0.0
 
-MAINTAINER Guobiao Mo <guobiaomo@chinamobile.com>
+LABEL maintainer="Guobiao Mo <guobiaomo@chinamobile.com>"
+
+ARG user=datalake
+ARG group=datalake
 
 EXPOSE 1680
 
 USER root
 
-RUN addgroup datalake && adduser -G datalake -h /home/datalake -D datalake
-RUN mkdir /home/datalake/db_init
-
-WORKDIR /home/datalake
+WORKDIR /datalake
+RUN addgroup $group && adduser --system --shell /bin/false --disabled-password --no-create-home --ingroup $group $user && \
+    chown -R $user:$group /datalake && \
+    chmod g+s /datalake && \
+    mkdir -p /datalake/db_init
 
 #add the fat jar
-COPY target/${JAR_FILE} /home/datalake/
-COPY src/assembly/run.sh /home/datalake/
-
-WORKDIR /home/datalake/db_init
-ADD src/assembly/init_db/scripts/db_init .
-WORKDIR /home/datalake
-COPY src/assembly/init_db/db_scripts/init_db.sql .
-COPY src/assembly/init_db/db_scripts/init_db_data.sql .
-
-RUN chmod -R 0755 ./* && \
-    chown -R datalake:datalake /home/datalake
-
-RUN apk --update add postgresql-client curl
-
-USER datalake
-
-ENTRYPOINT  /home/datalake/run.sh
+COPY --chown=$user:$group target/${JAR_FILE} .
+COPY --chown=$user:$group src/assembly/run.sh .
+COPY --chown=$user:$group src/assembly/init_db/scripts/db_init ./db_init/
+COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db.sql .
+COPY --chown=$user:$group src/assembly/init_db/db_scripts/init_db_data.sql .
+
+RUN chmod -R 0755 *.sql && \
+    chmod u+x run.sh && \
+    apk add --no-cache postgresql-client curl
+
+USER $user
+ENTRYPOINT ["/bin/sh"]
+CMD ["run.sh"]
diff --git a/components/datalake-handler/feeder/src/assembly/run.sh b/components/datalake-handler/feeder/src/assembly/run.sh
index 0cef6b48..cb89a1de 100644
--- a/components/datalake-handler/feeder/src/assembly/run.sh
+++ b/components/datalake-handler/feeder/src/assembly/run.sh
@@ -9,8 +9,9 @@ sh db_init/20_db-initdb
 
 echo "finish init db"
 
-cmd=`find . -name feeder*-exec.jar`
-cmd1=`find . -regex '\./feeder-[0-9]+\.[0-9]+\.[0-9]+\-exec.jar'`
+cmd=`find . -name "*.jar" | grep -E '.*(feeder)-([0-9]+\.[0-9]+\.[0-9]+)(-SNAPSHOT)(-exec\.jar)$'`
+cmd1=`find . -name "*.jar" | grep -E '.*(feeder)-([0-9]+\.[0-9]+\.[0-9]+)(-exec.jar)$'`
+
 if [ -n "$cmd" ]; then
     java -jar $cmd
 elif [ -n "$cmd1" ]; then
-- 
cgit 1.2.3-korg