Run pods as non-root user Signed-off-by: MichaelMorris <michael.morris@est.tech> Issue-ID: SDC-2798 Change-Id: Ic50b8663f278b97185c471a4113de29b3e53e023

commit: 1b548a33bf279b6d22b7a1a49a672151974706d7 [log] [tgz]
author: MichaelMorris <michael.morris@est.tech> Tue Mar 10 17:02:34 2020 +0000
committer: Michael Morris <michael.morris@est.tech> Sun Mar 15 18:14:43 2020 +0000
tree: e57059614a9112b805a96d53df7ace784d8b3b24
parent: 6dc58fd625279f8ffe1060170418686034db0af4 [diff] [blame]
diff --git a/sdc-workflow-designer-be/docker/Dockerfile b/sdc-workflow-designer-be/docker/Dockerfile
index ea20fa5..91a5e78 100644
--- a/sdc-workflow-designer-be/docker/Dockerfile
+++ b/sdc-workflow-designer-be/docker/Dockerfile

@@ -2,16 +2,21 @@
 
 EXPOSE 8080
 
-USER root
+USER root 
+RUN addgroup -g 1000 sdc && adduser -S -u 1000 -G sdc -s /bin/sh sdc
 
 ARG ARTIFACT
 
-ADD ${ARTIFACT} /app.jar
+ADD --chown=sdc:sdc ${ARTIFACT} /app.jar
 
-COPY org.onap.sdc.p12 /keystore
-COPY org.onap.sdc.trust.jks /truststore
+COPY --chown=sdc:sdc org.onap.sdc.p12 /keystore
+COPY --chown=sdc:sdc org.onap.sdc.trust.jks /truststore
 
-COPY startup.sh .
+COPY --chown=sdc:sdc startup.sh .
 RUN chmod 744 startup.sh
+ 
+RUN mkdir /var/log/ONAP/
+RUN chown sdc:sdc /var/log/ONAP/
 
-ENTRYPOINT [ "./startup.sh" ]
\ No newline at end of file
+USER sdc
+ENTRYPOINT [ "./startup.sh" ]
commit	1b548a33bf279b6d22b7a1a49a672151974706d7	[log] [tgz]
author	MichaelMorris <michael.morris@est.tech>	Tue Mar 10 17:02:34 2020 +0000
committer	Michael Morris <michael.morris@est.tech>	Sun Mar 15 18:14:43 2020 +0000
tree	e57059614a9112b805a96d53df7ace784d8b3b24
parent	6dc58fd625279f8ffe1060170418686034db0af4 [diff] [blame]