Fix bug 1705 - Adding non-root user to run RO

Change-Id: I3b5ccbd3efe4284996c81ebc65fc4adf53e9914e Signed-off-by: sousaedu <eduardo.sousa@canonical.com> (cherry picked from commit 0047e36f)

Fix bug 1705 - Adding non-root user to run RO
Change-Id: I3b5ccbd3efe4284996c81ebc65fc4adf53e9914e Signed-off-by: sousaedu <eduardo.sousa@canonical.com> (cherry picked from commit 0047e36f)
bcde9e66 · sousaedu · Mark Beierl · 78c1cb4a · bcde9e66 · bcde9e66
Commit bcde9e66 authored 3 years ago by sousaedu Committed by Mark Beierl 3 years ago
--- a/docker/RO/Dockerfile
+++ b/docker/RO/Dockerfile
@@ -98,10 +98,21 @@ COPY --from=INSTALL /usr/local/lib/python3.8/dist-packages  /usr/local/lib/pytho
 COPY --from=INSTALL /usr/bin/genisoimage /usr/bin/genisoimage
 COPY --from=INSTALL /etc/protocols /etc/protocols

-VOLUME /var/log/osm
-
 EXPOSE 9090

+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /app appuser && \
+    mkdir -p /app/osm_ro && \
+    mkdir -p /app/storage/kafka && \
+    mkdir /app/log && \
+    chown -R appuser:appuser /app
+
+WORKDIR /app/osm_ro
+
+# Changing the security context
+USER appuser
+
 # Two mysql databases are needed (DB and DB_OVIM). Can be hosted on same or separated containers
 # These ENV must be provided
 ENV RO_DB_HOST=""
@@ -143,4 +154,3 @@ HEALTHCHECK --start-period=130s --interval=10s --timeout=5s --retries=12 \
  CMD curl --silent --fail http://localhost:9090/ro || exit 1

 CMD ["python3", "-u", "-m", "osm_ng_ro.ro_main"]
-
--- a/installers/docker/osm_pods/ro.yaml
+++ b/installers/docker/osm_pods/ro.yaml
@@ -62,4 +62,3 @@ spec:
        envFrom:
        - secretRef:
           name: ro-secret
-