Run multicloud broker service as non root user
Change-Id: Ib9e2d1647a3b18a6916e672bb6017bdd01908749
Issue-ID: MULTICLOUD-495
Signed-off-by: Bin Yang <bin.yang@windriver.com>
diff --git a/multivimbroker/docker/Dockerfile b/multivimbroker/docker/Dockerfile
index bc72323..1525e47 100644
--- a/multivimbroker/docker/Dockerfile
+++ b/multivimbroker/docker/Dockerfile
@@ -10,6 +10,8 @@
EXPOSE 9001
+RUN groupadd -r onap && useradd -r -g onap onap
+
# COPY ./ /opt/multivimbroker/
RUN apt-get update && \
apt-get install -y unzip && \
@@ -17,7 +19,10 @@
wget -O multicloud-framework.zip "https://nexus.onap.org/service/local/artifact/maven/redirect?r=snapshots&g=org.onap.multicloud.framework.broker&a=multicloud-framework-broker&e=zip&v=1.2.3-SNAPSHOT" && \
unzip -q -o -B multicloud-framework.zip && \
rm -f multicloud-framework.zip && \
- pip install -r /opt/multivimbroker/requirements.txt
+ pip install -r /opt/multivimbroker/requirements.txt && \
+ chown onap:onap /opt/multivimbroker -R
+
+USER onap
WORKDIR /opt/multivimbroker
-CMD /bin/sh -c /opt/multivimbroker/run.sh
\ No newline at end of file
+CMD /bin/sh -c /opt/multivimbroker/run.sh