From 49cf6c962e524260c3a11dd0456a6ff1c26721a9 Mon Sep 17 00:00:00 2001
From: yangyan <yangyanyj@chinamobile.com>
Date: Wed, 4 Mar 2020 10:53:49 +0800
Subject: Change wfengigne pod startup to non root

Change-Id: I15295be19b31d5ca8b757d171cc6afc4dca1e72e
Issue-ID: VFC-1637
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
---
 wfenginemgrservice/src/main/docker/Dockerfile | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

(limited to 'wfenginemgrservice/src/main/docker')

diff --git a/wfenginemgrservice/src/main/docker/Dockerfile b/wfenginemgrservice/src/main/docker/Dockerfile
index 5ca819b..7c5e8e9 100644
--- a/wfenginemgrservice/src/main/docker/Dockerfile
+++ b/wfenginemgrservice/src/main/docker/Dockerfile
@@ -5,11 +5,17 @@ WORKDIR /home/onap/workflow/wfenginemgrservice
 EXPOSE 10550
 
 RUN apk add --update curl && \
+    apk --no-cache add sudo && \
+    addgroup -g 1000 -S onap && \
+    adduser cmcc -D -G onap -u 1000 && \
+    chmod u+w /etc/sudoers && \
+    sed -i '/User privilege/a\\cmcc    ALL=(ALL:ALL) NOPASSWD:ALL' /etc/sudoers && \
+    chmod u-x /etc/sudoers && \
     rm -rf /var/cache/apk/*
 
 ADD bin /home/onap/workflow/wfenginemgrservice/
-RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh
-
-ENTRYPOINT ["./entrypoint.sh"]  
+RUN chmod 755 /home/onap/workflow/wfenginemgrservice/*.sh && chown onap:onap -R /home/onap
+USER onap
+WORKDIR /home/onap/workflow/wfenginemgrservice
+ENTRYPOINT ["./entrypoint.sh"]
 CMD ["start"]
-
-- 
cgit 1.2.3-korg