From b147d7129db4f7cae26a31230af184c958b20683 Mon Sep 17 00:00:00 2001
From: "preethika.p" <preethika.p@tataelxsi.co.in>
Date: Tue, 22 Feb 2022 04:10:41 +0000
Subject: [PATCH] Fix bug 1702 Adding non-root user to run NG-UI

Change-Id: I8b67e7fb1b0d008187833cfb8c1752a6254f4ccf
Signed-off-by: preethika.p <preethika.p@tataelxsi.co.in>
---
 docker/NG-UI/Dockerfile               | 8 ++++++++
 installers/docker/osm_pods/ng-ui.yaml | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/docker/NG-UI/Dockerfile b/docker/NG-UI/Dockerfile
index c4d67df9..6e9e79d0 100644
--- a/docker/NG-UI/Dockerfile
+++ b/docker/NG-UI/Dockerfile
@@ -65,6 +65,14 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update && \
 # Removing the Nginx default page.
 RUN rm -rf /usr/share/nginx/html/*
 
+# Creating the user for the app
+RUN groupadd -g 1000 appuser && \
+    useradd -u 1000 -g 1000 -d /usr appuser && \
+    chown -R appuser:appuser /usr /var/lib/nginx /var/log/nginx /etc/nginx /run
+
+# Changing the security context
+USER appuser
+
 # Copying Nginx configuration
 COPY --from=INSTALL /usr/share/osm-ngui/nginx/nginx.conf /etc/nginx/sites-available/default
 
diff --git a/installers/docker/osm_pods/ng-ui.yaml b/installers/docker/osm_pods/ng-ui.yaml
index f5b16582..3ce1e3b0 100644
--- a/installers/docker/osm_pods/ng-ui.yaml
+++ b/installers/docker/osm_pods/ng-ui.yaml
@@ -44,6 +44,10 @@ spec:
       labels:
         app: ng-ui
     spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
       containers:
       - name: ng-ui
         image: opensourcemano/ng-ui:11
-- 
2.25.1