diff options
author | dglFromAtt <dgl@research.att.com> | 2019-04-12 18:59:42 +0000 |
---|---|---|
committer | dglFromAtt <dgl@research.att.com> | 2019-04-12 18:59:56 +0000 |
commit | 85e7c7e57c262e38a0b3e0a14e4ebf4b92f00a58 (patch) | |
tree | d70dbb91af617a2ff771c730279078aaefd3cc6f | |
parent | d1eb116b93ba7a6f8dae7e34157a6e155104db9a (diff) |
Run as non-root
Change-Id: I25f5bf778b9878648bd305fa0de965e4e7ec718c
Signed-off-by: dglFromAtt <dgl@research.att.com>
Issue-ID: DMAAP-1164
-rw-r--r-- | dbc-client/misc/dbc-client | 1 | ||||
-rw-r--r-- | dbc-client/pom.xml | 2 | ||||
-rw-r--r-- | dbc-client/src/main/resources/Dockerfile | 6 | ||||
-rw-r--r-- | dbc-client/version.properties | 2 | ||||
-rw-r--r-- | dmaap-bc/misc/dmaapbc | 46 | ||||
-rw-r--r-- | dmaap-bc/pom.xml | 2 | ||||
-rw-r--r-- | dmaap-bc/src/main/resources/Dockerfile | 6 | ||||
-rw-r--r-- | dmaap-bc/version.properties | 2 |
8 files changed, 36 insertions, 31 deletions
diff --git a/dbc-client/misc/dbc-client b/dbc-client/misc/dbc-client index 1e839ec..c29ec86 100644 --- a/dbc-client/misc/dbc-client +++ b/dbc-client/misc/dbc-client @@ -25,7 +25,6 @@ umask 0022 TZ=GMT0 COMPONENT=dbc-client APP_ROOT=${APP_ROOT:-/opt/app/$COMPONENT} -USER=root export TZ PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin export PATH diff --git a/dbc-client/pom.xml b/dbc-client/pom.xml index 83c1d05..384d6a8 100644 --- a/dbc-client/pom.xml +++ b/dbc-client/pom.xml @@ -270,7 +270,7 @@ <jettyVersion>9.4.12.RC2</jettyVersion> <eelf.version>1.0.0</eelf.version> <swagger.version>1.5.19</swagger.version> - <artifact.version>1.0.6</artifact.version> + <artifact.version>1.0.7</artifact.version> <!-- SONAR --> <jacoco.version>0.7.7.201606060606</jacoco.version> <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> diff --git a/dbc-client/src/main/resources/Dockerfile b/dbc-client/src/main/resources/Dockerfile index 9baa481..85f9426 100644 --- a/dbc-client/src/main/resources/Dockerfile +++ b/dbc-client/src/main/resources/Dockerfile @@ -46,4 +46,10 @@ RUN chmod +x /opt/app/dbc-client/bin/* && \ VOLUME /opt/app/dbc-client/log +RUN addgroup -S -g 1001 onap \ + && adduser -S -u 1000 dbc -G onap \ + && chown -R dbc:onap /opt/ + +USER dbc + ENTRYPOINT ["sh", "./bin/dbc-client" ] diff --git a/dbc-client/version.properties b/dbc-client/version.properties index dadd8a9..0607bbf 100644 --- a/dbc-client/version.properties +++ b/dbc-client/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=6 +patch=7 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins diff --git a/dmaap-bc/misc/dmaapbc b/dmaap-bc/misc/dmaapbc index 74e8707..97ad226 100644 --- a/dmaap-bc/misc/dmaapbc +++ b/dmaap-bc/misc/dmaapbc @@ -25,7 +25,8 @@ umask 0022 TZ=GMT0 COMPONENT=dmaapbc APP_ROOT=/opt/app/$COMPONENT -USER=root +USER=dbc +GROUP=onap export TZ PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/opt/java/jdk/jdk180/bin export PATH @@ -36,7 +37,22 @@ CONFIGMAP_PROPS=${CONFIGMAP_PROPS:-$CONFIGMAP_ROOT/conf/dmaapbc.properties} CONTAINER_CONFIG=$CONFIGMAP_ROOT/conf/buscontroller.env MAIN=org.onap.dmaap.dbcapi.server.Main - +authcheck() { + set -x + ID=`id -n -u` + GRP=`id -n -g` + if [ "$ID" != "$USER" ] + then + echo $COMPONENT must be started as user $USER not $ID + exit 1 + fi + if [ "$GRP" != "$GROUP" ] + then + echo $COMPONENT must be started as group $GROUP not $GRP + exit 1 + fi + set +x +} pids() { set -x @@ -92,18 +108,7 @@ config() { start() { echo "ENTER start" set -x - ID=`id -n -u` - GRP=`id -n -g` - if [ "$ID" != "$USER" ] - then - echo $COMPONENT must be started as user $USER not $ID - exit 1 - fi - if [ "$GRP" != "$USER" ] - then - echo $COMPONENT must be started as group $USER not $GRP - exit 1 - fi + authcheck cd $APP_ROOT pwd @@ -134,18 +139,7 @@ start() { stop() { echo "ENTER stop" - ID=`id -n -u` - GRP=`id -n -g` - if [ "$ID" != "$USER" ] - then - echo $COMPONENT must be stopped as user $USER not $ID - exit 1 - fi - if [ "$GRP" != "$USER" ] - then - echo $COMPONENT must be stopped as group $USER not $GRP - exit 1 - fi + authcheck touch $APP_ROOT/etc/SHUTDOWN PIDS=`pids` if [ "$PIDS" != "" ] diff --git a/dmaap-bc/pom.xml b/dmaap-bc/pom.xml index 8252249..cf73b79 100644 --- a/dmaap-bc/pom.xml +++ b/dmaap-bc/pom.xml @@ -469,7 +469,7 @@ <jettyVersion>9.4.12.RC2</jettyVersion> <eelf.version>1.0.0</eelf.version> <swagger.version>1.5.19</swagger.version> - <artifact.version>1.1.3</artifact.version> + <artifact.version>1.1.4</artifact.version> <!-- SONAR --> <jacoco.version>0.7.7.201606060606</jacoco.version> <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version> diff --git a/dmaap-bc/src/main/resources/Dockerfile b/dmaap-bc/src/main/resources/Dockerfile index 014fb5e..d930a6f 100644 --- a/dmaap-bc/src/main/resources/Dockerfile +++ b/dmaap-bc/src/main/resources/Dockerfile @@ -53,4 +53,10 @@ RUN mv etc/org.onap.dmaap-bc.jks etc/keystore && \ VOLUME /opt/app/dmaapbc/log +RUN addgroup -S -g 1001 onap \ + && adduser -S -u 1000 dbc -G onap \ + && chown -R dbc:onap /opt/ + +USER dbc + ENTRYPOINT ["sh", "./bin/dmaapbc", "deploy"] diff --git a/dmaap-bc/version.properties b/dmaap-bc/version.properties index 635e84d..fcbb908 100644 --- a/dmaap-bc/version.properties +++ b/dmaap-bc/version.properties @@ -27,7 +27,7 @@ major=1 minor=1 -patch=3 +patch=4 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins |