diff options
author | Dan Timoney <dtimoney@att.com> | 2020-04-08 09:03:01 -0400 |
---|---|---|
committer | Dan Timoney <dtimoney@att.com> | 2020-04-08 10:13:36 -0400 |
commit | 8ec995121b60870819f523c0cd6b42368e3175ee (patch) | |
tree | 374f3759c1d0fa27ae9ec2cbb3c8a553d48d8367 /installation | |
parent | d961253675bf41311e9ac55d0f3a81d12b3d3c82 (diff) |
Start as non-root
Updated dmaap-listener and ueb-listener Dockerfiles to run as non-root
user 'sdnc'.
Change-Id: I2bb0e4d8677c37b6311f70463c18e7d0a7bfdb0d
Issue-ID: SDNC-1145
Signed-off-by: Dan Timoney <dtimoney@att.com>
Former-commit-id: 986379139be8097c1c3ef35f09b606593ccf518c
Diffstat (limited to 'installation')
-rw-r--r-- | installation/dmaap-listener/src/main/docker/Dockerfile | 22 | ||||
-rw-r--r-- | installation/ueb-listener/src/main/docker/Dockerfile | 21 |
2 files changed, 38 insertions, 5 deletions
diff --git a/installation/dmaap-listener/src/main/docker/Dockerfile b/installation/dmaap-listener/src/main/docker/Dockerfile index 71f2eca4..df444e0a 100644 --- a/installation/dmaap-listener/src/main/docker/Dockerfile +++ b/installation/dmaap-listener/src/main/docker/Dockerfile @@ -1,11 +1,22 @@ # Base ubuntu with added packages needed for open ecomp +FROM alpine:3.8 AS stage0 + +ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk +ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties + +# copy deliverables to opt +COPY opt /opt + +# End of stage 0 + FROM alpine:3.8 MAINTAINER SDNC Team (onap-sdnc@lists.onap.org) ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties - + +USER root RUN apk update && apk add \ bash \ git \ @@ -18,7 +29,12 @@ RUN apk update && apk add \ unzip \ rsync -# copy deliverables to opt -COPY opt /opt +# Create sdnc user +RUN addgroup -S sdnc && adduser -S sdnc -G sdnc + + +# Copy /opt and change owner/group to sdnc +COPY --from=stage0 --chown=sdnc:sdnc /opt /opt +USER sdnc
\ No newline at end of file diff --git a/installation/ueb-listener/src/main/docker/Dockerfile b/installation/ueb-listener/src/main/docker/Dockerfile index 8008dfd9..daecd1cc 100644 --- a/installation/ueb-listener/src/main/docker/Dockerfile +++ b/installation/ueb-listener/src/main/docker/Dockerfile @@ -1,6 +1,6 @@ # Base alpine with added packages needed for open ecomp -FROM onap/ccsdk-alpine-image:${ccsdk.docker.version} -MAINTAINER SDNC Team (onap-sdnc@lists.onap.org) +FROM onap/ccsdk-alpine-image:${ccsdk.docker.version} AS stage0 + ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties @@ -8,4 +8,21 @@ ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties # copy deliverables to opt COPY opt /opt +# End of stage0 + +FROM onap/ccsdk-alpine-image:${ccsdk.docker.version} +MAINTAINER SDNC Team (onap-sdnc@lists.onap.org) + +ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk +ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties + +USER root + + +# Create sdnc user +RUN addgroup -S sdnc && adduser -S sdnc -G sdnc + +# Copy /opt and change user/owner to sdnc +COPY --from=stage0 --chown=sdnc:sdnc /opt /opt +USER sdnc
\ No newline at end of file |