Merge "Start as non-root" into frankfurt

Former-commit-id: c36a8f8656257de3d403a3e3cae87fc9a46cfc74
author: Dan Timoney <dtimoney@att.com> 2020-04-08 15:13:02 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2020-04-08 15:13:02 +0000
commit: d25fc6f9a1a0cbff2becaab1dc685c004c389aef (patch)
tree: 6b9f0618317fa327c53968e019ca0b876cf1dec1 /installation
parent: 652b2cbb6aa4c998c7d03fbe7ea2398550debd95 (diff)
parent: 98c4b84089057811fb3f62b67dd1529af9b39024 (diff)
2 files changed, 38 insertions, 5 deletions
diff --git a/installation/dmaap-listener/src/main/docker/Dockerfile b/installation/dmaap-listener/src/main/docker/Dockerfile
index 71f2eca4..df444e0a 100644
--- a/installation/dmaap-listener/src/main/docker/Dockerfile
+++ b/installation/dmaap-listener/src/main/docker/Dockerfile
@@ -1,11 +1,22 @@
 # Base ubuntu with added packages needed for open ecomp
+FROM alpine:3.8 AS stage0
+
+ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
+ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
+
+# copy deliverables to opt
+COPY opt /opt
+
+# End of stage 0
+
 FROM alpine:3.8
 
 MAINTAINER SDNC Team (onap-sdnc@lists.onap.org)
 
 ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
 ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
-    
+
+USER root
 RUN apk update && apk add \
     bash \
     git \
@@ -18,7 +29,12 @@ RUN apk update && apk add \
     unzip \
     rsync
 
-# copy deliverables to opt
-COPY opt /opt
 
+# Create sdnc user
+RUN addgroup -S sdnc && adduser -S sdnc -G sdnc
+
+
+# Copy /opt and change owner/group to sdnc
+COPY --from=stage0 --chown=sdnc:sdnc /opt /opt
 
+USER sdnc
+\ No newline at end of file
diff --git a/installation/ueb-listener/src/main/docker/Dockerfile b/installation/ueb-listener/src/main/docker/Dockerfile
index 8008dfd9..daecd1cc 100644
--- a/installation/ueb-listener/src/main/docker/Dockerfile
+++ b/installation/ueb-listener/src/main/docker/Dockerfile
@@ -1,6 +1,6 @@
 # Base alpine with added packages needed for open ecomp
-FROM onap/ccsdk-alpine-image:${ccsdk.docker.version}
-MAINTAINER SDNC Team (onap-sdnc@lists.onap.org)
+FROM onap/ccsdk-alpine-image:${ccsdk.docker.version} AS stage0
+
 ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
 ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
 
@@ -8,4 +8,21 @@ ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
 # copy deliverables to opt
 COPY opt /opt
 
+# End of stage0
+
+FROM onap/ccsdk-alpine-image:${ccsdk.docker.version}
+MAINTAINER SDNC Team (onap-sdnc@lists.onap.org)
+
+ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
+ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
+
+USER root
+
+
+# Create sdnc user
+RUN addgroup -S sdnc && adduser -S sdnc -G sdnc
+
+# Copy /opt and change user/owner to sdnc
+COPY --from=stage0 --chown=sdnc:sdnc /opt /opt
 
+USER sdnc
+\ No newline at end of file
author	Dan Timoney <dtimoney@att.com>	2020-04-08 15:13:02 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2020-04-08 15:13:02 +0000
commit	d25fc6f9a1a0cbff2becaab1dc685c004c389aef (patch)
tree	6b9f0618317fa327c53968e019ca0b876cf1dec1 /installation
parent	652b2cbb6aa4c998c7d03fbe7ea2398550debd95 (diff)
parent	98c4b84089057811fb3f62b67dd1529af9b39024 (diff)