Use non-root user in Dockerfile
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: NONRTRIC-656
Change-Id: Ib85abd9de806b30b73af34a863b06c7663026c3d
diff --git a/a1-policy-management-service/Dockerfile b/a1-policy-management-service/Dockerfile
index f64eebb..3775b39 100644
--- a/a1-policy-management-service/Dockerfile
+++ b/a1-policy-management-service/Dockerfile
@@ -34,8 +34,11 @@
ADD /config/keystore.jks /opt/app/policy-agent/etc/cert/keystore.jks
ADD /config/truststore.jks /opt/app/policy-agent/etc/cert/truststore.jks
-RUN chmod -R 777 /opt/app/policy-agent/config/
-RUN chmod -R 777 /opt/app/policy-agent/data/
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+RUN chown -R appuser:appuser /opt/app/policy-agent
+RUN chown -R appuser:appuser /var/log/policy-agent
+USER appuser
ADD target/${JAR} /opt/app/policy-agent/policy-agent.jar
CMD ["java", "-jar", "/opt/app/policy-agent/policy-agent.jar"]
diff --git a/dmaap-adaptor-java/Dockerfile b/dmaap-adaptor-java/Dockerfile
index b2c0c30..9843699 100644
--- a/dmaap-adaptor-java/Dockerfile
+++ b/dmaap-adaptor-java/Dockerfile
@@ -30,14 +30,18 @@
RUN mkdir -p /var/log/dmaap-adaptor-service
RUN mkdir -p /opt/app/dmaap-adaptor-service/etc/cert/
RUN mkdir -p /var/dmaap-adaptor-service
-RUN chmod -R 777 /var/dmaap-adaptor-service
ADD /config/application.yaml /opt/app/dmaap-adaptor-service/config/application.yaml
ADD /config/application_configuration.json /opt/app/dmaap-adaptor-service/data/application_configuration.json_example
ADD /config/keystore.jks /opt/app/dmaap-adaptor-service/etc/cert/keystore.jks
ADD /config/truststore.jks /opt/app/dmaap-adaptor-service/etc/cert/truststore.jks
-RUN chmod -R 777 /opt/app/dmaap-adaptor-service/config/
+
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+RUN chown -R appuser:appuser /var/dmaap-adaptor-service/
+RUN chown -R appuser:appuser /opt/app/dmaap-adaptor-service/
+USER appuser
ADD target/${JAR} /opt/app/dmaap-adaptor-service/dmaap-adaptor.jar
CMD ["java", "-jar", "/opt/app/dmaap-adaptor-service/dmaap-adaptor.jar"]
diff --git a/helm-manager/Dockerfile b/helm-manager/Dockerfile
index 90164fd..d15ddc7 100644
--- a/helm-manager/Dockerfile
+++ b/helm-manager/Dockerfile
@@ -49,4 +49,8 @@
WORKDIR /opt/app/helm-manager
COPY target/app.jar app.jar
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+USER appuser
+
CMD [ "java", "-jar", "app.jar" ]
diff --git a/information-coordinator-service/Dockerfile b/information-coordinator-service/Dockerfile
index e9d179d..226d2ec 100644
--- a/information-coordinator-service/Dockerfile
+++ b/information-coordinator-service/Dockerfile
@@ -25,7 +25,6 @@
RUN mkdir -p /var/log/information-coordinator-service
RUN mkdir -p /opt/app/information-coordinator-service/etc/cert/
RUN mkdir -p /var/information-coordinator-service
-RUN chmod -R 777 /var/information-coordinator-service
EXPOSE 8083 8434
@@ -34,8 +33,12 @@
ADD /config/keystore.jks /opt/app/information-coordinator-service/etc/cert/keystore.jks
ADD /config/truststore.jks /opt/app/information-coordinator-service/etc/cert/truststore.jks
-
-RUN chmod -R 777 /opt/app/information-coordinator-service/config/
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+RUN chown -R appuser:appuser /opt/app/information-coordinator-service
+RUN chown -R appuser:appuser /var/information-coordinator-service
+RUN chown -R appuser:appuser /var/log/information-coordinator-service
+USER appuser
CMD ["java", "-jar", "/opt/app/information-coordinator-service/information-coordinator-service.jar"]
diff --git a/r-app-catalogue/Dockerfile b/r-app-catalogue/Dockerfile
index cd2efc9..0f77256 100644
--- a/r-app-catalogue/Dockerfile
+++ b/r-app-catalogue/Dockerfile
@@ -32,7 +32,13 @@
ADD target/${JAR} /opt/app/r-app-catalogue/r-app-catalogue.jar
-RUN chmod -R 777 /opt/app/r-app-catalogue/config/
+RUN chmod -R 644 /opt/app/r-app-catalogue/config/
+
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+RUN chown -R appuser:appuser /opt/app/r-app-catalogue/
+RUN chown -R appuser:appuser /var/log/r-app-catalogue/
+USER appuser
CMD ["java", "-jar", "/opt/app/r-app-catalogue/r-app-catalogue.jar"]
diff --git a/test/cr/Dockerfile b/test/cr/Dockerfile
index e66d30f..ad61ab3 100644
--- a/test/cr/Dockerfile
+++ b/test/cr/Dockerfile
@@ -31,4 +31,8 @@
RUN chmod +x start.sh
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+USER appuser
+
CMD [ "./start.sh" ]
diff --git a/test/http-https-proxy/Dockerfile b/test/http-https-proxy/Dockerfile
index d7a78ad..0d9b977 100644
--- a/test/http-https-proxy/Dockerfile
+++ b/test/http-https-proxy/Dockerfile
@@ -13,4 +13,8 @@
WORKDIR /usr/src/app
COPY http_proxy.js .
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+USER appuser
+
CMD [ "node", "http_proxy.js" ]
\ No newline at end of file
diff --git a/test/mrstub/Dockerfile b/test/mrstub/Dockerfile
index 676c77c..a5f9ea0 100644
--- a/test/mrstub/Dockerfile
+++ b/test/mrstub/Dockerfile
@@ -34,4 +34,8 @@
RUN chmod +x start.sh
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+USER appuser
+
CMD [ "./start.sh" ]
\ No newline at end of file
diff --git a/test/prodstub/Dockerfile b/test/prodstub/Dockerfile
index 4768bf9..0a027e4 100644
--- a/test/prodstub/Dockerfile
+++ b/test/prodstub/Dockerfile
@@ -32,4 +32,8 @@
RUN apt-get update
RUN apt-get install -y nginx=1.14.*
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+USER appuser
+
CMD [ "./start.sh" ]
diff --git a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
index 4cb03c7..3c1a064 100644
--- a/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
+++ b/test/usecases/oruclosedlooprecovery/scriptversion/app/Dockerfile
@@ -29,4 +29,8 @@
RUN pip install -r requirements.txt
+RUN groupadd -g 999 appuser && \
+ useradd -r -u 999 -g appuser appuser
+USER appuser
+
CMD [ "python3", "-u", "main.py" ]